Setup an LXC host with Ansible   March 30th, 2016

This is my first go at Ansible. Ansible uses SSH to setup servers with a desired environment. The scripts can be run again and again, and only apply things that have changed since the previous run.

Please also see this good tutorial which helped me with my first steps: https://serversforhackers.com/an-ansible-tutorial

My environment is like this: my workstation is Fedora 23. The host that I want to configure is a CentOS7 server.

On my Fedora 23 workstation:

# Fedora 23 currently installs Ansible 1.9, but that will be soon Ansible 2.0
dnf install ansible
sudo vi /etc/ansible.cfg
  remote_user = root
# 123.123.123.10 is just an example IP address of my CentOS7 server.
sudo vi /etc/ansible/hosts
 [lxc_host_centos7]
 123.123.123.10

I need a private and a public ssh key. The public key has been installed on the target CentOS7 machine, in /root/.ssh/authorized_keys.

Loading the private ssh key on Fedora 23:

ssh-add

As a first test, I run:

ansible all -m ping

Some modules are not part of Ansible 1.9 in Fedora. see also http://docs.ansible.com/ansible/modules_extra.html

git clone https://github.com/ansible/ansible-modules-extras.git
mkdir -p /usr/share/my_modules/
cp ansible-modules-extras/packaging/os/yum_repository.py /usr/share/my_modules/
cp ansible-modules-extras/system/iptables.py /usr/share/my_modules/
sudo vi /etc/ansible.cfg
  library     = /usr/share/my_modules/

By the way, here are the links to the modules that I am using:

Here is my playbook for installing the lxc scripts:

---
- hosts: lxc_host_centos7
  vars:
     containerpwd: secretPWD
  tasks:
   - name: Configure the Epel Repo
     yum: name=epel-release state=installed
   - name: Configure the repo lbs-tpokorra-lbs
     yum_repository: name=lbs-tpokorra-lbs description="lxc scripts" baseurl=https://lbs.solidcharity.com/repos/tpokorra/lbs/centos/7
   - name: Install the public key for the signed lxc-scripts package
     shell: rpm --import "http://keyserver.ubuntu.com/pks/lookup?op=get&fingerprint=on&search=0x4796B710919684AC"
   - name: Install LXC host on CentOS7
     yum: name=lxc-scripts state=installed
   - name: Enable and start libvirtd
     service: name=libvirtd state=started enabled=yes
   - name: Setup symbolic link
     shell: ln -s /usr/share/lxc-scripts scripts creates=/root/scripts
   - name: Create a SSH key pair for the containers
     shell: ssh-keygen -t rsa -C "root@localhost" -f /root/.ssh/id_rsa -N {{ containerpwd }} creates=/root/.ssh/id_rsa
   - name: Create a new, unique Diffie-Hellman group
     shell: mkdir -p /var/lib/certs && openssl dhparam -out /var/lib/certs/dhparams.pem 2048 creates=/var/lib/certs/dhparams.pem
   - name: Init LXC
     shell: ( ./initIPTables.sh && ./initLXC.sh ) > /root/lxc.installed chdir=/root/scripts creates=/root/lxc.installed
   - name: Install nginx
     yum: name=nginx state=installed
   - name: Enable and start nginx
     service: name=nginx state=started enabled=yes
   - name: Configure firewall port 80 for nginx
     iptables: chain=IN_public_allow protocol=tcp match=tcp destination_port=80 ctstate=NEW jump=ACCEPT
   - name: Configure firewall port 443 for nginx
     iptables: chain=IN_public_allow protocol=tcp match=tcp destination_port=443 ctstate=NEW jump=ACCEPT
   - name: store iptables
     shell: iptables-save > /etc/sysconfig/iptables

This is how I run the playbook:

ansible-playbook lxc.yml --extra-vars "containerpwd=topsecret"
Tags: ,
This entry was posted on Wednesday, March 30th, 2016 at 10:17 am and is filed under Hosting, Software Development. You can follow any responses to this entry through the RSS 2.0 feed.Both comments and pings are currently closed.

No Responses