Getting Started With Ansible

Ansible Logo

Finally this week I got myself in gear and decided it was time to have a play with Ansible. I found an installation guide on the Ansible documentation site and tried to follow it.

Here follows the fun I had; hopefully I can fill in a few gaps for anybody else going down this path.

Ansible Requirements

The installation guide tells me that the control machine simply needs Python 2.6 or above, and that Windows won’t cut it. Sounds almost too easy.

Installation Steps

The installation guide says to do the following steps to install from source (which is what I would like to do):

$ git clone git://github.com/ansible/ansible.git --recursive
$ cd ./ansible
$ source ./hacking/env-setup
$ sudo easy_install pip
$ sudo pip install paramiko PyYAML jinja2 httplib2

Optionally:

$ echo "127.0.0.1" > ~/ansible_hosts
$ export ANSIBLE_HOSTS=~/ansible_hosts

Then test:

$ ansible all -m ping --ask-pass

This sounds incredibly simple, and it is – but there are a whole bunch of implied dependencies that aren’t spelled out. Running through these steps led me to failure after failure which I had to resolve.

Dependencies

I started with a new VM running Ubuntu 14.04 with the OpenSSH and LAMP options chosen at installation time. In order to successfully get Ansible running, I had to install the following additional elements that were not already in the base build:

sudo apt-get install git
sudo apt-get install python-setuptools
sudo apt-get install gcc
sudo apt-get install python-dev
sudo apt-get install build-essential
sudo apt-get install sshpass

With the above installed, I can finally install pip, then add the python modules using pip:

sudo easy_install pip
sudo pip install paramiko PyYAML jinja2 httplib2

Now at last, let’s get to the meat of the exercise per the Ansible instructions:

git clone git://github.com/ansible/ansible.git --recursive
./ansible/hacking/env_setup
echo "127.0.0.1" > ~/ansible_hosts
export ANSIBLE_HOSTS=~/ansible_hosts

Finally, a critical step that was listed in the instructions almost as an afterthought, but was in fact absolutely necessary:

cd ./ansible
sudo make install

Without this, ansible tries to run but generates an error about a module not being available. I’d think this would be more prominent in the instructions as it’s kind of critical.

So, finally. let’s test!

$ ansible all -m ping --ask-pass
/usr/lib/python2.7/dist-packages/pkg_resources.py:1031:
 UserWarning: /home/john/.python-eggs is writable by group/others
 and vulnerable to attack when used with get_resource_filename.
 Consider a more secure location (set with .set_extraction_path
 or the PYTHON_EGG_CACHE environment variable).

This is not Ansible’s fault, but still it needs fixing:

chmod g-wx,o-wx ~/.python-eggs

Hopefully that won’t break anything else, but for now it stops the warning, at least! Let’s try again:

$ ansible all -m ping --ask-pass
127.0.0.1 | FAILED => Using a SSH password instead of a key is
not possible because Host Key checking is enabled and sshpass
does not support this.  Please add this host's fingerprint to
your known_hosts file to manage this host.

Well that’s just about perfect. First of all, I edited the ansible_hosts file to point to another ubuntu server instead of localhost, and I set up the ssh keys so that a password-less login worked. I then retried the command without the “–ask-pass” option:

ansible all -m ping
The authenticity of host '192.168.2.213 (192.168.2.213)' 
can't be established.
ECDSA key fingerprint is 91:61:61:a4:79:fa:cc:8e:65:f5:
73:8a:dd:35:af:30.
Are you sure you want to continue connecting (yes/no)? yes
192.168.2.13 | success >> {
    "changed": false,
    "ping": "pong"
}

At last! It’s funny how 7 lines of installation turns into 14 lines by the time it actually works. Maybe my expectations are wrong; perhaps it should be assumed that you can fix all the dependencies yourself. On the other hand, it’s a little disingenuous to state that just Python is required.

This speaks to a more general problem I’ve found recently, where the Quick Start installation guides for a number of products I’ve looked at really do leave you on your own to figure out the gaps. Either I’m a moron (entirely possible) or we need a little more field testing by people who are genuinely new to a project so that we can see if those instructions really work.

 

30 Blogs in 30 Days

This post is part of my participation in Etherealmind’s 30 Blogs in 30 Days challenge.

9 Comments on Getting Started With Ansible

  1. Installing from source was bound to cause problems as it can’t pull in dependencies plus it’s the dev version.

    If you ever get into Python you’ll know that pip install tends to be a generally fool-proof way to do things.

    • I’m not upset that it didn’t pull in the dependencies for me, but it would nice to have some kind of baseline of what will be required.

      Some things you can reasonably say “Well, it’s a dev machine, you should have that.” Others perhaps could be listed more explicitly? I know that my base build is not a dev build for sure, so things like gcc being missing is arguably my fault, although if Ansible is written in Python, should I automatically expect to need gcc?

      Anyway, I’ve listed the dependencies here as a reference for other similar idiots who can at least know that if they have a base Ubuntu build with OpenSSH and LAMP options chosen, this is what else will be needed. Oh look, I just defined a baseline and stated additional dependencies 🙂

  2. To be fair, had you installed Ansible from packages, you wouldn’t have had to do any of that, because the dependencies would have been identified by your package manager and installed. Resolving dependencies is kind of what a package manager is for. 🙂

    • Oh I know. I’m just being ungrateful and whiny 🙂 *grin* I figured that keeping up with the git repo might be a sound plan rather than waiting on periodic package updates.

  3. Can you elaborate on this step?

    ” I edited the ansible_hosts file to point to another ubuntu server instead of localhost, and I set up the ssh keys so that a password-less login worked.”

    I cannot seem to get the ssh keys set up correctly. Does localhost need to be removed? What was the other host? I’m trying to get this working locally.

    I used steps 1 through 3 here:
    https://help.github.com/articles/generating-ssh-keys/

  4. Thanks for this, I am new to Ansible and only been working in a Linux environment for about a couple of years so I still often find myself in tricky situations. I definitely agree with you that in the Installation section “Running from Source” they should quote the prerequisites as it is the option they advise to use.

    I also have a question regarding the RSA keys. Where do I need to define the identity of the host which I am trying to manipulate? I am using passwords, whilst I am getting my head around Ansible and cannot work out how to do it.

    Thanks
    Arthur

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.