Hands-on Ansible, using two DigitalOcean Ubuntu droplets
Today I'm wrapping my head around a build tool called Ansible, used for deploying machines in a scriptable, repeatable manner. Follow along as I step through an excellent tutorial from DigitalOcean, applying what I learn to a couple DO Ubuntu VMs... the $5/mo ones - nothing fancy needed!
A few weeks ago, I took my first look at Docker and then followed it up with a slightly more technical look at how layers work. For the uninitiated, Docker allows you to build vm's in a predictable, repeatable manner as a series of layers called images. Automation is where it's at - if you think you'll have to deploy a box several times, your future self will thank you for scripting it out. If you're interested, check out my posts for an okayish intro (I hope to write more).
This week, though, I'm wrapping my head around another tool for building machines called Ansible. Note that Ansible is not an alternative for Docker, but it can actually complement it. I'll post some resources later, but right now I'm just stepping through a tutorial I found on DigitalOcean. But first...
Create two basic Ubuntu VMs
Create a DigitalOcean account and spin up two Ubuntu droplets (the green "create" button in the upper-right). A bottom-tier machine runs $5/mo, so even if you play with these for the rest of the day it'll only run ya 33¢. 🤑
Normally I'd leave "SSH keys" selected for authentication, but for now you can just select "one-time password". You'll get an email for each machine with a temp password, and then you can just open a terminal, type in
ssh firstname.lastname@example.org using whatever IP address you're assigned, and change the password.
Install Ansible on one of them
After you've logged into both machines, follow along with this tutorial. Pick one machine to be the "controller node", where you'll install Ansible. The other machine will be the "host" that the controller node will eventually send commands to. Everything is in the tutorial.
Setup the inventory (hosts file)
Create an SSH key on the controller node
You'll need to create an SSH keypair on the same machine where you installed Ansible (the controller node). Just type
ssh-keygen, accept all the defaults, then use
ssh-copy-id to copy the public key you just created to the other machine (the host). That allows the node controller to communicate with the host.
Here's some output from my node controller, as I was running commands. I color-coded it to make it easier to understand, but basically...
- I tried pinging the host, which failed because SSH wasn't setup yet. (red)
- I created an SSH keypair on the controller node. (green)
- I verified that the keypair was created, and
id_rsa.pubwas present. (purple)
- I copied the public key from the node controller to the host. (orange)
- I ran the first command again, to ping the host. Success! (blue)
Verify that you can run Ansible commands
The authors of the tutorial suggest running the following command from the controller node, just to see that you can run commands against the host(s) you setup - although the
ping command above already did that.
ansible all -a "df -h" -u root
Okay, that wasn't nearly as bad as I thought it'd be! If you were doing this in a production environment, you'd want to do way more - creating a non-root sudo user and configuring UFW to allow only the ports you need (like 22) come to mind.
Now that I've got the servers setup and communicating, I plan on going through the rest of Erika's guides. I'll save these for another day though.
I said I'd post other resources, and I don't want to break such an important promise. So.. here's the official ansible docs. I find most of the posts on DO to be of high quality, but I'm not sure anyone's written guides for other flavors of Unix. If you're not using Ubuntu, the docs have steps for quite a few other systems, so check them out.
If you have access to a Percipio account, I found the courses created by Joseph Khoury last year to be pretty easy to understand. I have access to it through my workplace, but I don't know if you can access it as an individual like Pluralsight et al.
And of course there's YouTube, a popular video streaming site that you may not have heard of, if you were frozen 15 years ago and just thawed out today.
Comments / Reactions