Skip to content

fgionghi/Ansible-exercise

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

44 Commits
roles
roles
 
 
.travis.yml
.travis.yml
 
 
README.md
README.md
 
 
Vagrantfile
Vagrantfile
 
 
inventory.ini
inventory.ini
 
 
playbook-swarm.yml
playbook-swarm.yml
 
 
playbook.yml
playbook.yml
 
 

Repository files navigation

Ansible-exercise

How the vagrant process work:

When ansible is defined as the provisioner in the Vagrantfile it use the mentioned playbook to config the guest machine.

So it's vagrant (not ansible) that execute that playbook on guest machines.

When hit vagrant up it creates an inventory for ansible:

➜ Ansible-exercise git:(master) ✗ cat .vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory

# Generated by Vagrant

node1 ansible_host=127.0.0.1 ansible_port=2222 ansible_user='vagrant' ansible_ssh_private_key_file='/home/giogio/Documents/Ansible-exercise/.vagrant/machines/node1/virtualbox/private_key'
node2 ansible_host=127.0.0.1 ansible_port=2200 ansible_user='vagrant' ansible_ssh_private_key_file='/home/giogio/Documents/Ansible-exercise/.vagrant/machines/node2/virtualbox/private_key'

Expose docker api:

  1. Create daemon.json file in /etc/docker:

{"hosts": ["tcp://0.0.0.0:2375", "unix:///var/run/docker.sock"]}

  1. Add /etc/systemd/system/docker.service.d/override.conf
[Service]

ExecStart=

ExecStart=/usr/bin/dockerd
  1. Reload the systemd daemon:

systemctl daemon-reload

  1. Restart docker:

systemctl restart docker.service

Expose docker api safely

The role tls_api rapresent all the command explained here:

https://docs.docker.com/engine/security/https/

Here another useful resources: https://gist.github.com/kekru/4e6d49b4290a4eebc7b597c07eaf61f2

After the VMs provisioning we will have certs inside a a folder on our machine with the same name as the vm hostname (node1/ and node2/)

With

docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem \

-H=node1:2376 version

we can use the api from host.

(It works, but expose the same port as the guest, not the one specified in the Vagrantfile.)

Docker swarm

ansible-playbook -i inventory.ini playbook-swarm.yml

It's better to specify the ssh private key by command line. By default vagrant put that file in .vagrant/machines/node1/virtualbox/private_key in the same folder of the Vagrantfile.

Alternatively, in the inventory.ini like this: ansible_ssh_private_key_file='.vagrant/machines/node1/virtualbox/private_key'

The role docker_swarm_init just init a swarm with docker_swarm module.

The docker_swarm_worker needs from the master: - the join-token worker - the ip address of the master We obtain them thank to delegate_to and run_once options.

#TODO new branch, pull request:

  • tlsverify client
  • no password in vars
  • inventory key from command line - X

1557e0bd35f95c99adcc7ed42cae65f83f9524f3

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages