Skip to content

Instantly share code, notes, and snippets.

@Sharkrit

Sharkrit/ansible-rundeck.md

Forked from hvanderlaan/ansible-rundeck.md
Created July 26, 2019 18:55
Show Gist options
  • Save Sharkrit/e2ec0772c47933f52194589f35526693 to your computer and use it in GitHub Desktop.
Save Sharkrit/e2ec0772c47933f52194589f35526693 to your computer and use it in GitHub Desktop.
Download ZIP
ansible - rundeck, the poorman's ansible tower
Raw
ansible-rundeck.md

Poor man's Ansible Tower

After a while of messing around with the free / demo version of Ansible Tower I thought that this could also be done with free tools. With some help from the internet and as an IT consultant I found the way forward.

As we all known Ansible is for free and is a package in the Ubuntu repository. Ansible Tower is a frontend for Ansible that will provide scheduler and a fancy webfrontend.

Rundeck is a job scheduler and runbook administration that is for free and also has a fancy webfrontend.

So for the poor man's solution we are going to use the best of both worlds.

POC

for the proof of concept we need a couple of things:

* ubuntu 16.04.1 LTS server/desktop with lxd and zfs
* ansible container
* rundeck container

ubuntu 16.04.1 LTS host server

This is a relative easy step, clean install on a spare server/vps a new, fresh install of Ubuntu 16.04.1 LTS, after the installation you need to install some extra packages for zfs and lxd.

update and installation of required host components:

sudo apt-get update
sudo apt-get --yes dist-upgrade
sudo apt-get --yes install zfsutils-linux lxd lxd-tools lxd-client

configuration of zfs:

sudo truncate -s 30G /usr/lib/lxd/zfs.img

configuration of lxd:

sudo lxd init --storage-backend zfs --storage-pool lxd --auto

deploy the following lxd-bridge configuration

# WARNING: This file is generated by a debconf template!
# It is recommended to update it by using "dpkg-reconfigure -p medium lxd"

# Whether to setup a new bridge or use an existing one USE_LXD_BRIDGE="true"
# Bridge name
# This is still used even if USE_LXD_BRIDGE is set to false
# set to an empty value to fully disable
LXD_BRIDGE="lxdbr0"

# Update the "default" LXD profile
UPDATE_PROFILE="true"

# Path to an extra dnsmasq configuration file
LXD_CONFILE="/etc/lxc/dnsmasq.conf"

# DNS domain for the bridge
LXD_DOMAIN="lxd"

# IPv4
## IPv4 address (e.g. 10.0.8.1)
LXD_IPV4_ADDR="172.16.0.1"

## IPv4 netmask (e.g. 255.255.255.0)
LXD_IPV4_NETMASK="255.255.0.0"
## IPv4 network (e.g. 10.0.8.0/24)
LXD_IPV4_NETWORK="172.16.0.0/16"

## IPv4 DHCP range (e.g. 10.0.8.2,10.0.8.254)
LXD_IPV4_DHCP_RANGE="172.16.1.1,172.16.255.254"

## IPv4 DHCP number of hosts (e.g. 250)
LXD_IPV4_DHCP_MAX="65354"

## NAT IPv4 traffic
LXD_IPV4_NAT="true"

# IPv6
## IPv6 address (e.g. 2001:470:b368:4242::1)
LXD_IPV6_ADDR="fd00::20"

## IPv6 CIDR mask (e.g. 64)
LXD_IPV6_MASK="64"

## IPv6 network (e.g. 2001:470:b368:4242::/64)
LXD_IPV6_NETWORK="fd00::20/64"

## NAT IPv6 traffic
LXD_IPV6_NAT="true"

# Run a minimal HTTP PROXY server
LXD_IPV6_PROXY="false"

After this configuration is saved in /etc/default/lxd-bridge we can continue

sudo dpkg-reconfigure -f noninteractive -p medium lxd"
sudo systemctl restart lxd-bridge.service

Installing other requirements

sudo apt-get install openssh-server python aptitude curl

after this is done you can restart the host server

ansible container

Now that the host server is finished we can create a lxc container that can be used as the ansible server without the Ansible Tower function.

Creating the ansible container

echo "dhcp-host=ansible,172.16.0.10" >> /etc/lxc/dnsmasq.conf
sudo echo "172.16.0.10		ansible.example.com	ansible" >> /etc/hosts
sudo systemctl restart lxd-bridge.service
lxc image copy images:ubuntu/xenial local: --alias=ubuntu
lxc launch ubuntu ansible
lxc exec ansible -- bash
apt-get update
apt-get --yes dist-upgrade
apt-get install software-properties-common openssh-server
apt-add-repository ppa:ansible/ansible
apt-get update
apt-get --yes install ansible
mkdir /root/.ssh
systemctl enable ssh
systemctl restart ssh
lxc file push ~/.ssh/id_rsa.pub ansible/root/.ssh/authorized_keys --mode=0644
lxc stop ansible
lxc start ansible
ssh -l root ansible.example.com

after this you can download / use ansible playbooks on this server.

Rundeck container

The deployment of the rundeck container could be done by ansible, I've not (yet) written a playbook for it so we are going to do this manual.

Creating the rundeck container

echo "dhcp-host=rundeck,172.16.0.11" >> /etc/lxc/dnsmasq.conf
sudo echo "172.16.0.11		rundeck.example.com	rundeck" >> /etc/hosts
sudo systemctl restart lxd-bridge.service
lxc launch ubuntu rundeck
apt-get update
apt-get --yes dist-upgrade
apt-get install openssh-server wget curl openjdk-8-jdk aptitude python
wget http://dl.bintray.com/rundeck/rundeck-deb/rundeck-2.7.1-1-GA.deb
dpkg -i rundeck-2.7.1-1-GA.deb
systemctl enable rundeckd
cd /etc/rundeck
## change hostname from localhost to rundeck.example.com in
## framework.properties and rundeck-config.properties
    
## add a user to realm.properties
## if you don't want plain text passwords use the folling command
cd /var/lib.rundeck/bootstrap
java -cp jetty-all-9.0.7.v20131107.jar org.eclipse.jetty.util.security.Password <user> <pass>
    
systemctl restart rundeckd

Now you are finished and can see rundeck in it's full glory, open a browser and connect to: http://rundeck.example.com:4440

Side notes

There are somethings that I forgot, because I known that you can figure that out but I will point you in the right direction.

- ssh key's, ssh key's, ssh key's.
- node configration in rundeck, use google for this.
- playbooks and rundeck jobs, please put some effort in it, I could do it.

also if part of the code does not work, please let me know I will change it but in general if there is a typo the solution is also in found in that direction.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment