Ansible Control Node
A Virtual-BOX VM running on a Windows PC is used as Ansible Control Node, pimaster
for automating the provisioning of the Raspberry PIs cluster.
As OS for pimaster
a Ubuntu 20.04 LTS server will be used.
Important:
This server, pimaster
, can be automatically provisioned as a Virtual Box VM in a Windows Laptop using a ubuntu cloud image using the procedure described other of my GitHub repositories, ubuntu-clod-vbox
Using that provisioning script a cloud-init user-data booting file can be created to automate the installation tasks of all component needed (Docker, Vagrant, KVM, Ansible, etc.). Check this template as an example.
Installing Docker
Docker is used by Molecule, Ansible’s testing tool, for building the testing environment, so it is needed to have a Docker installation on the Control Node for developing and testing the Ansible Playbooks/Roles.
Follow official installation guide.
-
Step 1. Uninstall old versions of docker
sudo apt-get remove docker docker-engine docker.io containerd runc
-
Step 2. Install packages to allow apt to use a repository over HTTPS
sudo apt-get update sudo apt-get install \ apt-transport-https \ ca-certificates \ curl \ gnupg \ lsb-release
-
Step 3. Add docker´s official GPG key
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
-
Step 4: Add x86_64 repository
echo \ "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \ $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
-
Step 5: Install Docker Engine
sudo apt-get install docker-ce docker-ce-cli containerd.io
-
Step 6: Enable docker management with non-priviledge user
-
Create docker group
sudo groupadd docker
-
Add user to docker group
sudo usermod -aG docker $USER
-
-
Step 7: Configure Docker to start on boot
sudo systemctl enable docker.service sudo systemctl enable containerd.service
-
Step 8: Configure docker daemon.
-
Edit file
/etc/docker/daemon.json
Set storage driver to overlay2 and to use systemd for the management of the container’s cgroups. Optionally default directory for storing images/containers can be changed to a different disk partition (example /data). Documentation about the possible options can be found here
{ "exec-opts": ["native.cgroupdriver=systemd"], "log-driver": "json-file", "log-opts": { "max-size": "100m" }, "storage-driver": "overlay2", "data-root": "/data/docker" }
-
Restart docker
sudo systemctl restart docker
-
Installing KVM and Vagrant
In order to automate the testing of some of the roles that requires a VM and not a docker image (example: Storage roles), KVM and Vagrant will be installed
Enable nested virtualization within the VM
Need to be changed with the command line. Not supported in GUI
vboxmanage modifyvm <pimaster-VM> --nested-hw-virt on
KVM installation in Ubuntu 20.04
-
Step 1. Install KVM packages and its dependencies
sudo apt install qemu qemu-kvm libvirt-clients libvirt-daemon-system virtinst bridge-utils
-
Step 2. Enable on boot and start libvirtd service (If it is not enabled already):
sudo systemctl enable libvirtd sudo systemctl start libvirtd
-
Step 3. Add the user to libvirt group
sudo usermod -a -G libvirtd $USER
Vagrant installation in Ubuntu 20.04
-
Step 1. Add hashicorp apt repository
curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add - sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main" sudo apt-get update
-
Step 2. Install vagrant
sudo apt install vagrant
Install vagrant-libvirt plugin in Linux
In order to run Vagrant virtual machines on KVM, you need to install the vagrant-libvirt plugin. This plugin adds the Libvirt provider to Vagrant and allows Vagrant to control and provision machines via Libvirt
-
Step 1. Install dependencies
sudo apt install build-essential qemu libvirt-daemon-system libvirt-clients libxslt-dev libxml2-dev libvirt-dev zlib1g-dev ruby-dev ruby-libvirt ebtables dnsmasq-base libguestfs-tools
-
Step 2. Install vagrant-libvirt plugin:
vagrant plugin install vagrant-libvirt
-
Step 3. Install mutate plugin which converts vagrant boxes to work with different providers.
vagrant plugin install vagrant-mutate
Installing Ansible and Molecule testing environment
Ansible can be installed in Ubuntu 20.04 using official package from the ansible repository ‘sudo apt install ansible’ will install an old ansible verion.
Ansible Molecule is not available as official package, so pip is the only alternative Instead, install latest version for python3 with python package manager pip.
Python Ansible and Molecule packages and its dependencies installed using Pip might conflict with python3 packages included in the Ubuntu official release, so packages installation should be done using non-root user (local user packages installation) or within a python virtual environment.
Installation of the whole Ansible environment can be done using a python virtual environment.
-
Step 1. Install python Virtual Env and Pip3 package
sudo apt-get install python3-venv python3-pip
-
Step 2. Create Virtual Env for Ansible
python3 -m venv ansible
-
Step 3. Activate Virtual Environment
source ansible/bin/activate
Note: For deactivating the Virtual environment execute command
deactivate
-
Step 4. Upgrade setuptools and pip packages
pip3 install --upgrade pip setuptools
-
Step 5. Install ansible
pip3 install ansible
-
Step 6. Install yamllint, ansible-lint and jmespath (required by ansible json filters)
pip3 install yamllint ansible-lint jmespath
-
Step 7. Install Docker python driver and molecule packages:
pip3 install molecule[docker]
-
Step 8. Install molecule vagrant driver
pip3 install molecule-vagrant python-vagrant
Create public/private SSH key for remote connection users
ansible
unix user will be created in all servers with root privileges (sudo permissions) so Ansible can automate the configuration process (use as ansible_remote_user
when connecting).
For connecting to the servers from my Windows laptop using SSH client (Putty), oss
, UNIX user (with sudo privileges) will be used. In order to improve security, default ubuntu
UNIX user created by cloud images will be disabled.
ssh private/public keys for both users need to be generated once, and public ssh key can be copied automatically on all servers of the cluster to enable passwordless SSH connection.
Those users and its public keys will be added to cloud-init configuration (user-data
), when installing Ubuntu OS.
Create SSH keys
Authentication using SSH keys will be the only mechanism available to login to the server. We will create SSH keys for two different users:
-
oss
user, used to connect from my home laptopFor generating SSH private/public key in Windows, Putty Key Generator can be used:
Public-key string will be used as ssh_authorized_keys of the default user (ubuntu) in cloud-init
user-data
-
ansible
user, used to automate configuration activities with AnsibleFor generating ansible SSH keys in Ubuntu server execute command:
ssh-keygen
In directory
$HOME/.ssh/
public and private key files can be found for the userid_rsa
contains the private key andid_rsa.pub
contains the public key.Content of the id_rsa.pub file has to be used as ssh_authorized_keys of the ansible user in cloud-init
user-data
cat id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDsVSvxBitgaOiqeX4foCfhIe4yZj+OOaWP+wFuoUOBCZMWQ3cW188nSyXhXKfwYK50oo44O6UVEb2GZiU9bLOoy1fjfiGMOnmp3AUVG+e6Vh5aXOeLCEKKxV3I8LjMXr4ack6vtOqOVFBGFSN0ThaRTZwKpoxQ+pEzh+Q4cMJTXBHXYH0eP7WEuQlPIM/hmhGa4kIw/A92Rm0ZlF2H6L2QzxdLV/2LmnLAkt9C+6tH62hepcMCIQFPvHVUqj93hpmNm9MQI4hM7uK5qyH8wGi3nmPuX311km3hkd5O6XT5KNZq9Nk1HTC2GHqYzwha/cAka5pRUfZmWkJrEuV3sNAl ansible@pimaster
Install aditional packages
The following packages are also needed:
-
Install Gnu GPG packet. Ansible files encryption
sudo apt install gnupg
-
Install pwgen to generate random passwords
sudo apt install pwgen
Comments:
- Previous
- Next