Ansible Role: ansible-bootstrap

To use Ansible effectively, the target machine needs a Python interpreter. Machines running CoreOS and Flatcar Linux are very basic and do not come with any version of Python. Also, when using jumpboxes managed by others, you might have limited access for installing software and can only install in a specific directory.

To solve this, we install a portable version of pypy, which is a lightweight Python interpreter. The ansible-bootstrap role installs pypy (including pip) in the user's home directory, creates easy-access shortcuts for the new Python setup, and updates paths. You can then update your inventory file to use the installed Python interpreter on your Container Linux nodes with Ansible.

Additionally, this setup is useful for creating a contained Ansible controller structure. Features are included for bootstrapping pypy for Ansible control and for Ansible as a controller with SSH bastion host proxying enabled.

Role Variables:

Enable PIP

This variable controls whether to install PIP and necessary tools in the user's home directory. The default value is 'True'.

enable_pip: True

Enable Ansible

This variable determines if Ansible will be installed using the new pypy environment. Shortcuts are also created in ~/bin for easy access. The default value is 'False'.

enable_ansible: True

Enable Ansible Folders

This variable creates the necessary folders and configuration files for an Ansible controller in the user's home directory. The default value is 'False'.

enable_ansible_folders: True

Enable Ansible Common Role Folders

This variable sets up folders for a common role in ~/ansible/roles/common using ansible-galaxy. The default value is 'False'.

enable_ansible_common_role: True

Enable Bastion (for Ansible SSH Proxying)

This variable configures Ansible to use SSH proxying through a bastion host. The default value is 'False'.

enable_bastion: True
bastion_hostname: bastion.contoso.ltd  # Bastion Host FQDN
bastion_user: bwayne  # Bastion Host User
bastion_ip: 172.168.1.10  # Bastion Host IP address
bastion_ansible_host: 192.168.1.*  # Hosts on the other side of the Bastion

Installation

Install the latest module using ansible-galaxy.

ansible-galaxy install ppouliot.ansible-bootstrap

Configure Your Project

You need to configure Ansible to use a different Python interpreter for Container Linux hosts. Add a container-linux group to your inventory file and set its variables to use the new Python interpreter. This allows you to manage both CoreOS and non-CoreOS hosts. Simply add all CoreOS hosts to the container-linux inventory group, and they will automatically use the specified Python interpreter.

[container-linux]
host-01
host-02

[container-linux:vars]
enable_pip=True
ansible_ssh_user=core
ansible_python_interpreter=/home/core/bin/python
ansible_connection=ssh
ansible_ssh_private_key_file=/etc/ansible/keys/id_rsa

enable_ansible=True
enable_ansible_folders=True
enable_bastion=True

bastion_hostname=bastion.contoso.ltd
bastion_user=bwayne
bastion_ip=172.168.1.10
bastion_ansible_host=192.168.1.*

This setup will configure Ansible to use the Python interpreter located at /home/core/bin/python, which the ansible-bootstrap role will create.

Bootstrap Playbook

Add the following to your playbook file and include it in your site.yml to run on all hosts in the container-linux group.

- hosts: container-linux
  gather_facts: False
  remote_user: core
  roles:
    - ppouliot.ansible-bootstrap

Make sure gather_facts is set to false; otherwise, Ansible will try to collect system facts using Python, which is not installed yet!

Contributors

• Peter Pouliot peter@pouliot.net

Copyright and License

Copyright (C) 2018 Peter J. Pouliot

You can contact Peter Pouliot at: peter@pouliot.net

Licensed under the Apache License, Version 2.0 (the "License"); you cannot use this file except in compliance with the License. You can view the License at

http://www.apache.org/licenses/LICENSE-2.0

Software distributed under this License is done so "AS IS", without warranties or conditions of any kind. Refer to the License for specific permissions and limitations.