[feat] Ansible

[OneCricketeer]

Ansible roles are (probably) more flexible/portable than Powershell

[davidov541]

Makes sense. I have never used Ansible, but it is worth considering. Not much Powershell is currently used here, but we can transfer that to Ansible. Feel free to make a PR if you have bandwidth, otherwise I'll add this to my bench work.

[OneCricketeer]

I've already had good success with this

https://github.com/hortonworks/ansible-hortonworks

I'm sure FreeIPA has some repo out there as well

[davidov541]

So those Ansible playbooks actually run code on the nodes. In this repo, the vagrant files contain the bash scripts to set up the nodes, so we don't really need to move to Ansible there (unless you have an improvement we'd see doing that). The powershell scripts mainly run vagrant up and then do a few processes after everything is up such as setting up passwordless SSH between all of the nodes.

[OneCricketeer]

those Ansible playbooks actually run code on the nodes

Ansible SSH'es to the machines. https://www.vagrantup.com/docs/provisioning/ansible.html

---

I saw a few ps1 scripts, wasn't sure what they were doing 😄
I see now the shell provisioner is used.

[davidov541]

Ah yeah, I knew that they had an Ansible provisioner. I'm open to using it if we have a good reason for it.

And understood. We should get rid of the PS1 scripts, they just will be easier to get rid of than you thought.

[OneCricketeer]

if we have a good reason for it.

Personally, I think carrying around some separated YAML files which are executable from one command against a swath of machines is much easier to reason about than

00_runthis.sh
01_runthat.sh
...

[davidov541]

So as part of trying to get FreeIPA installing consistently (#9), I found a blog post that discussed using Ansible to set up a FreeIPA server in Vagrant. I tried it out, and found out that there is no free version of Ansible for Windows. You can pay RedHat to give you one, or you can use the WSL, but there isn't a native version for Windows.

I think that'll complicate this work. I haven't tried installing Ansible through WSL and seeing if it'll work. That seems like the best candidate for looking for a way forward here. I'd rather not have a separate version of the files that work on Windows vs. everything else.

[OneCricketeer]

It's not a binary, it's a Python package...

pip install ansible?

[OneCricketeer]

Also, Ansible could be configured to run inside the Vagrant box

[davidov541]

Hmm, good point. Let me try that, @cricket007. I'm a bit skeptical given I didn't even have python installed on my machine, yet vagrant was running just fine and it didn't complain about not having python. That said, creating a branch to test it out with the FreeIPA Ansible box I found, and we'll see if it works.

Having it run inside the vagrant box would work for sure, but at that point is it worth it? The nice thing about using the Ansible provisioner is not having to set up Ansible and no free-form scripting is necessary.

[OneCricketeer]

not having to set up Ansible

It's required on some host. If not the Vagrant host, then you could spin up a short lived "provisioner" VM (1 cpu, < 512mb) that starts after all other VMs, health checks them, then provisions

In any case, I see it mentioned on Ansible website that there's no Windows installable. I'm not too sure where the dependencies lie for it not to work.

Vagrant is ran with its own Ruby, by the way

but at that point, is it worth it

Sure? Ansible-pull is a valid deployment pattern

https://docs.ansible.com/ansible/latest/cli/ansible-pull.html

[davidov541]

Right. I just think its easier to say "install it once if you haven't already" than to say "let's create a vagrant box that installs ansible correctly, and then maintain it when that process occasionally fails for weird reasons (like what we are seeing with FreeIPA currently). That's why I'm pursuing if I can get Ansible installed on Windows first since that seems like the best alternative.

I'm wondering if Vagrant uses its own Python as well. Since it worked without having a Python installed, I'm not sure if installing Ansible to the Python on my system will make sure its picked up by Vagrant. We'll see.

Yeah, I've heard of it before. I'm not questioning whether Ansible is a valid option ever, I'm more asking is it worth it to convert everything over to Ansible given the possible restriction of needing to have a separate Vagrant box to provision everything and/or having to script and maintain a shell script to install and use Ansible? I'm hoping it doesn't come to that question, but that's a tough decision to me, as someone who has not used Ansible in a meaningful way.

[davidov541]

OK, was able to install Ansible on Windows using the following pretty simple pattern: https://stackoverflow.com/a/54217850/852521. Now to create a branch and see if Vagrant will use that Ansible correctly...

[OneCricketeer]

if Vagrant uses its own Python as well

Vagrant doesn't depend on Python 😐

[davidov541]

Then how does the Ansible provisioner work? If Ansible is a python library, and Vagrant has built-in support for Ansible, seems like it would have to use Python somehow. I did the test, and installing Ansible to my installed Python version didn't work. I suspect I have to install it somewhere specific, but not sure where that is. Real work just popped up so I won't be able to look at this for a few hours, but something is fishy here.

[OneCricketeer]

https://www.vagrantup.com/docs/provisioning/ansible.html

Setup Requirements

Install Ansible on your Vagrant host.

Your Vagrant host should ideally provide a recent version of OpenSSH that supports ControlPersist.

If installing Ansible directly on the Vagrant host is not an option in your development environment, you might be looking for the Ansible Local provisioner alternative

---

---

Then how does the Ansible provisioner work?

Ruby Shell Executor

https://github.com/hashicorp/vagrant/blob/master/plugins/provisioners/ansible/provisioner/host.rb#L97-L108

[davidov541]

Huh. Well I'm going to give up getting this working on Windows. Working on your recommended approach above, installing ansible in the target vagrant box and using the FreeIPA Ansible playbook. Will see if that works.

[davidov541]

It works but didn't fix the intermittent issue we are seeing with FreeIPA, so I'll shelve that for now. At least we know how we would move to Ansible if we wanted to.