Open in app

Sign in

Write

Sign in

Reference

Ansible in a virtual environment

Tanul
5 min readMar 1, 2021

--

Setup ansible within python virtual environment

There are lots of CI/CD tools available in the market but it is mandatory to follow precautions while installing them. Many a times, we prefer to install multiple tools or switch from one to another however, it becomes easier if installation remains in a separate space rather than distributed all over the machine.

In this article I’m going to share a method to setup ansible within a virtual storage space for its better management.

Pre-requisites

  1. Red hat machine with python installed
  2. Upgraded version of pip is installed or upgrade within virtual environment using this command
pip install — upgrade pip
Reference

Python virtual environment

Before starting, we have to understand an important term here i.e. virtual environment. Virtual environment creates an isolated structure of lightweight directories separated from system directories.
For eg, one application needs some modules of python with version 1.0 and another application is depending on version 2.0 then we can create 2 virtual environments for both of them for separate layering architecture. In normal terms, managing python packages via selected directories rather than installing in system directories and spreading all around the machines.
For more details regarding venv refer these links A. B.

Install Ansible

  1. To create virtual environment run this command
python -m venv ansible-2.9.1

It is suggested to add version number for better understanding

2. Now activate the environment for using it

source ansible-2.9.1/bin/activate

3. Once virtual environment is activated its time to install ansible

pip install ansible #This will install the latest version
pip install ansible==2.9.1 # This will be for specific version

4. To validate if ansible is referring to the correct interpreter of python, run this command

head -n 1 $(which ansible)Output-->
#!/home/userid/devops/ansible-2.9/bin/pythonOR#!/usr/bin/python3

If output is not referring to correct interpreter then refer this link to change it manually.

5. To come out of virtual environment run,

deactivate

And here your ansible is installed within the virtual environment.

Setup Ansible for windows deployment

Now, for further learning kindly go through the following samples to confirm connectivity of ansible installed in red hat machine with a remote windows machine:

Ansible connects to remote windows machines via windows remote management for which we need to install a dependency:

pip install pywinrm

To manage connectivity with the hosts we need a host file. Generally, ansible read default host from this file in /etc/ansible/host but with virtual environments I suggest to manage this inventory via config file

  1. Create an ansible.cfg file like this
[defaults]
inventory = configuration/hosts

In this order, Ansible searches for config file:

  • ANSIBLE_CONFIG (an environment variable)
  • Current directory
  • Home directory
  • /etc/ansible/ansible.cfg

2. Create an inventory file, naming hosts, consisting of all the host details and its variables. Place it in the directory path specified in the config file.

#name of the file is hosts
#Keep this file in /etc/ansible directory for transferring to data to windows via NTLM

[winhost]
# specify ip address of the machines per line

[winhost:vars]
ansible_user='<userid>@<complete LDAP domain eg. xyz.com>'
#ansible_password=''. Either pass pasword here or use -k option through cli
ansible_connection=winrm
ansible_port=5985
ansible_winrm_transport=ntlm # We can use kerberos also
#ansible_winrm_server_cert_validation=ignore

Here 2 major points need attention:

  1. User id must have admin rights on the remote windows machine
  2. Port number used here i.e. 5985 is insecure working over HTTP listener. Generally within intranet, every organization will use some store managers to remotely install software into the machines. They will also use the same HTTP listener over 5985 port.
    If HTTPS is needed then its port is 5986. The caveat behind using HTTPS is that it addons a responsibility of managing a certificate in the remote machine which expires every year. This adds an overhead of replacing them every year.

To check the enabled listeners we can run this command

winrm enumerate winrm/config/listener

If you’re lucky then output will be like this providing both the listeners

Reference

Otherwise you will get only HTTP listener available. If HTTPS is needed then create a certificate and save it on remote machine where deployment is required. Make sure that CA is saved in the machine where ansible commands will run otherwise HTTPS will fail(or uncomment the certificate ignore check line written in the inventory file). For more details follow these links1, link2 to enable HTTPS.

Another point to remember here, if deployment is on public cloud and needs involvement of internet, then HTTPS listener is mandatory.

Ansible Connectivity with the host machine

After placing the files in appropriate directories, let’s start few validation steps

  1. Run this command to validate inventory and config file synchronization:
(ansible 3.0)userid@localhost: ansible-inventory --listOutput-->{
    "_meta": {
        "hostvars": {
            "IP address": {
                "ansible_connection": "winrm",
                "ansible_port": 5985,
                "ansible_user": "user id",
                "ansible_winrm_transport": "ntlm"
            }
        }
    },
    "all": {
        "children": [
            "ungrouped",
            "win"
        ]
    },
    "win": {
        "hosts": [
            "IP address"
        ]
    }
}

This shows that inventory file is readable and in correct format

2. If don’t want to use config file then pass the inventory file with -i option and run all ansible commands like this

ansible-inventory -i /path/to/inventoryfile --list

3. Run this to validate the connectivity with your hosts

ansible all -m win_ping -k  #-k option to ask password at the prompt

The SUCCESS output will confirm the connectivity with the windows host.

You can also refer sample this ansible playbook to install msi in the windows machines. Check read me for the commands to run the playbook

Summary

Ansible is an IT automation tool used to provision clouds, software, configurable deployments etc. The best part of using Ansible is its simplicity towards management, as it uses no agent and provide us an in-depth understanding of infrastructural areas.

Installing Ansible or any other application is easier but it is necessary to follow a managed process so that in future we can control them perfectly. This consequently makes our deployment process smooth and streamlined

Please support with claps, if you liked the article

Ansible
Cicd Tools
DevOps
Infrastructure As Code
Ansible Playbook

--

--

Tanul

Written by Tanul

31 Followers

Enthusiast Cloud Engineer

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams