Overview

Skill Level: Beginner

Installation and use of Ansible on IBM Cloud IaaS to deploy an Apache webserver. It is intended as a starting point for using Ansible with IBM Cloud IaaS to configure and deploy open source applications.

Ingredients

IBM Cloud IaaS, Python 3.5, Ansible 2.6, Apache, Centos 7

 

Requirements to get started with Ansible on IBM Cloud IaaS:

1.     IBM Cloud account:  https://console.bluemix.net/ with IaaS permissions

2.     IBM Cloud IaaS VPN Access enabled and configured for SSL access.

3.     SSL VPN Client on local workstation. See the IBM Cloud instructions for Linux, macOS or Windows. 

For the VPN client use the FQDN of a single data center VPN access point from the VPN web access page, of the form vpn.xxxnn.softlayer.com as the Gateway address.

4.     Public SSH key uploaded by the IaaS portal that will be used by Ansible to configure VSIs.  See Getting started with SSH keys.

Step-by-step

  1. Ansible for IBM Cloud IaaS

    Ansible is a configuration management and provisioning tool, similar to Chef and Puppet, and is designed for multi-tier application deployment. Compared to some of the other configuration tools it is simple to use, is quick to learn and can be literally used straight after installation. 

    In my experience its ease of use with IBM Cloud is down to the fact that it is completely agentless and connects to devices (servers) using SSH. As no agent is installed on the target system, it works out of the box with the default IBM Cloud OS images, avoiding the need to create custom images with embedded agents, or to maintain a separate repository of boot time provisioning scripts. If an SSH key is specified when a VSI is ordered, you are ready to go. 

    For an introduction to Ansible and installation see:

    https://serversforhackers.com/c/an-ansible2-tutorial

    https://www.tutorialspoint.com/ansible/ansible_introduction.htm

     

  2. Install Ansible

    Tasks can be run off of any machine Ansible is installed on as long as there is connectivity to the target servers. I use the MotionPro Plus VPN client on my MacBook to VPN into the IBM Cloud data center hosting the virtual servers I’m working with.¬†

    I installed Ansible on my MacBook, first installing Python 3.5 with Homebrew. In a production environment Ansible would more typically be installed on a server hosted in IBM Cloud. This ensure the whole ops team has access to the same Ansible playbooks. Follow the Ansible install instructions for your choice of control machine. 

    https://docs.ansible.com/ansible/latest/installation_guide/

    For the test of these instructions I will assume that OSX is used as the control workstation, though the instructions are the same for Linux and only slightly different for Windows. Once installed executing ansible tasks is the same on any workstation, OSX, Linux or Windows. 

    See the following instructions for installing Python 3:

    https://docs.python-guide.org/starting/install3/osx/

     

    On a Mac install Ansible as below:

    sudo pip install ansible

     

     

  3. Order VSI on private network

    To demonstrate how simple Ansible is to use in action, we will order a VSI and run some actions against it.  

     

    As securing public network access to the VSI to prevent unwanted attacks is not considered in this recipe, the VSI will be  provisioned with a private network interface only. All Ansible operations will be performed over the private network interface.

     

    • The location will be the same as defined by your choice of VPN login data center¬†
    • Select *CentOS* and¬† ¬†*7.x Minimal (64bit)- HVM* as the image.¬†
    • Under the network interface section, select Private Network Uplink

    VSI_private_interface

    • Click Provision.¬†

     

    When the VSI has been deployed record its <Private IP address> 

     

     

  4. Configure Ansible

    The first step is to create an Ansible configuration file in your user directory for execution parameters specific to the tasks we are running. In this case we need to set the flag to disable SSH host_key_checking, as VSIs created by IBM Cloud reuse the same IP addresses if a VSI is deleted and then recreated. This avoids the known host error on SSH login. 

     

    Create ansible user directory

    cd ~/
    mkdir ansible-play
    cd ansible-play

     

    Create ansible.cfg file in directory

    nano ansible.cfg

     

    And copy in the following content

    [defaults]
    host_key_checking = False

     

    Create the Ansible inventory file:

    nano hosts

     

    Copy in the following contents, replacing the <VSI private IP address> with the IP address of the VSI created in the previous step. ansible_user is set as root otherwise ansible would log into the VSI using your login ID from your control workstation. 

    [webserver]
    ws01 ansible_host=<VSI private IP address> ansible_user=root ansible_become=yes

     

    We are now ready to run the first Ansible command to list the inventory of devices as understood by Ansible. The -i ./hosts  parameter is used to tell Ansible which inventory file to use. 

    ansible-inventory -i ./hosts --list

     

    The output should look like the following, with the host parameters we specified under the *hostvars* tag. 

     

    ansible_inventory 

     

    We are now ready to un our first commands on the VSI. 

  5. Ansible commands

    The simplest Ansible operation against a target device is to run a command. In this case the Ansible ping command. 

    ansible -i ./hosts all -m ping

     

    If you receive the following message, either you need to start your VPN to IBM Cloud, or the VSI has been provisioned on a network you cannot access from your workstation. 

    ansible_ping_fail

     

    Successful execution of the Ansible ping command will result in the following:

    ansible_ping

     

    That completes this step and we have executed our first command against a server on IBM Cloud.

  6. Installing application code

    Create the Ansible playbook file apache.yml using nano. 

    nano apache.yml

     

    Copy in the following content and save.

    ---
    - hosts: all
      tasks:
        - name: ensure nginx is at the latest version
          apt: name=nginx state=latest
        - name: start nginx
          service:
              name: nginx
              state: started

     

    Run the playbook on the target VSI by running the ansible-playbook command specifying the inventory file to use and the playbook apache.yml. 

    ansible-playbook -i ./hosts apache.yml

     

    The output should look like the folliowing. 

     

    apache_yml_out

     

    The tasks show a status of *changed* as the state on the target machine has changed. 

     

    To prove that Apache is now installed on the Centos VSI and running, run curl against the VSI.

    curl <VSI private IP address>

     

    The first few lines of the output should look like the following, demonstrating that Apache is now installed and running. 

    apache_curl

     

    Congratulations you have now installed Ansible and successfully installed application code on a VSI without needing to login. 

  7. Delete the VSI

    From the IBM Cloud IaaS portal cancel the VSI to avoid incuring additional charges.

    https://control.bluemix.net/devices

    Select Action and Cancel Device 

     

    That completes this receipe. Other receipes in this series will look at more complex Ansible playbooks and roles to deploy full multi-tier applications on the IBM Cloud IaaS platform. Also how to use Ansible with Terraform to automate the creation of infrastructure as well as application deployment. 

Join The Discussion