- Prerequisites
- Install Ansible
- Add Ansible Server user
- Sudo Access to ansible user
- Install Docker in ansible server
- Add a new user in Docker Group
- Setting up Password Authentication
- Create SSH Keygen
- Add ansible user at the target server
- Copy Key for Target System
- Test Connectivity by PING TEST
- Integrate Ansible with Jenkins
- Basic Jenkins Job for Ansible
- After adding Docker file and yml file, run ansible-playbook in Ansible server
- Run ansible-playbook in Jenkins
- Poll SCM for automation for GitHub
- DockerHub integration with Ansible
- Using Ansible, push Docker image to Docker Hub.
- Using Jenkins Job, Docker Deploy using Docker Hub
- Manual
- Automation with Jenkins
Prerequisites
- EC2 Instance
- With Internet Access
- Security Group with Port 8080 open for internet
2. Jenkins Server & Target Server.
Install Ansible
$ sudo su -
$ yum install python
$ yum install python-pip
$ pip install ansible
$ ansible --version- You need python to install Ansible.
Directory is needed for recent version of ansible.
$ mkdir /etc/ansibleAdd Ansible Server user
$ sudo su -
$ useradd ansadmin
$ passwd ansadmin
Changing password for user ansadmin
New password:
Retype new password:
passwd: all authentication tokens updated successfully.- Remember the password
Grant sudo Access to ansible user
$ visudo
## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
#includedir /etc/sudoers.d
ansadmin ALL=(ALL) NOPASSWD: ALL- ansadmin ALL=(ALL) NOPASSWD: ALL 추가
Install Docker in ansible server
$ yum install docker
$ service docker status
$ service docker start- Install and Execute Docker
Add a new user in Docker Group
$ usermod -aG docker ansadmin
$ sudo service docker restartSetting up Password Authentication
EC2(Amazon Linux Server), default password authentication setting is no
$ vi /etc/ssh/sshd_config
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
#PermitEmptyPasswords no
#PasswordAuthentication noPasswordAuthentication yes
Service reload
$ service sshd reloadCreate SSH Keygen
$ su - ansadmin$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ansadmin/.ssh/id_rsa):
Created directory '/home/ansadmin/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/ansadmin/.ssh/id_rsa.
Your public key has been saved in /home/ansadmin/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:JVLpKGadkV21y062amUhv0WQG5KoQZVPlWmqPrAJG6E ansadmin@ip-172-31-42-234.ap-northeast-2.compute.internal
The key's randomart image is:
+---[RSA 2048]----+
| ..+o=.+o+ |
| +.= + B. |
| ..B.o.+.+ |
| = =..o+.o.. |
| + o S. o=o |
| E o . . ++.. |
| + = ooo |
| . o o ... |
| o. |
+----[SHA256]-----+$ pwd
/home/ansadmin/.ssh- Enter file in which to save the key (/home/ansadmin/.ssh/id_rsa):
home/ansadmin/.ssh폴더에 id_rsa 키젠 생성
Add ansible user at the target server
In Target Server
$ sudo su -
$ useradd ansadmin
$ passwd ansadmin
Changing password for user ansadmin
New password:
Retype new password:
passwd: all authentication tokens updated successfully.$ vi /etc/ssh/sshd_config# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
#PermitEmptyPasswords no
#PasswordAuthentication noCopy Key for Target System
In Ansible Server
$ su - ansadmin
$ ssh-copy-id ansadmin@{target server private-ip}$ ssh-copy-id ansadmin@{target server private-ip}
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/ansadmin/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
ansadmin@172.31.13.186's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'ansadmin@172.31.13.186'"
and check to make sure that only the key(s) you wanted were added.$ ssh ansadmin@{target server private-ip}- Now, you can access from Ansible server to Target server.
Test Connectivity by PING TEST
In Ansible Server
Create hosts file in /etc/ansible
$ sudo vi hoststarget server private-ip
localhostBefore the test localhost Keygen id copy
$ ssh-copy-id localhostPING TEST
$ ansible all -m ping{target server private-ip} | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
localhost | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}Integrate Ansible with Jenkins
Manage Jenkins→ Configure System
Publish over SSH → Jenkins can access to ansible server by SSH.
- SSH server Name: ansible-server
- Hostname:
ansible-host-IP(private) - Username: ansadmin
- Advance check Use password authentication, or use a different key
- password: ansadmin-password
- Test Configuration
- Apply & Save
Basic Jenkins Job for Ansible
In Ansible Server
$ cd /opt
$ sudo mkdir docker
$ sudo chown -R ansadmin:ansadmin /opt/docker- Create folder for managing docker image
New Item → Enter an item name (Maven Project) → Edit Description
Enter an item name: deploy_container_using_ansible
Edit Description: deploy_container_using_ansible
Source Code Management: git
- Repository URL: https://github.com/jayjodev/hello-world
- Hello World Sample (need fork)
Build
- Goals and options: clean install package
Post-build Actions
- Send build artifacts over SSH example) Name: ansible-server Transfers Transfer Set
- Source files: webapp/target/*.war
- Remove prefix: webapp/target/
- Remote directory : //opt//docker
Apply & Save
Build Now
SSH: Connecting from host [ip-172-31-46-226.ap-northeast-2.compute.internal]
SSH: Connecting with configuration [ansible] ...
SSH: Disconnecting configuration [ansible] ...
SSH: Transferred 1 file(s)
Finished: SUCCESSCheck War file is saved in ansible server.
In Ansible Server
$ pwd
/opt/docker
$ ls
webapp.warAfter adding Docker file and yml file, run ansible-playbook in Ansible server
Adding Dockerfile & docker-image.yml in /opt/docker
$ sudo vi DockerfileFROM tomcat:latest
MAINTAINER AR Shankar
COPY ./webapp.war /usr/local/tomcat/webapps$ sudo vi devops-image.yml---
- hosts: all
become: true
tasks:
- name: stop if we have old docker container
command: docker stop devops-container
ignore_errors: yes
- name: remove stopped docker container
command: docker rm devops-container
ignore_errors: yes
- name: remove current docker image
command: docker rmi devops-image
ignore_errors: yes
# register: result
# failed_when:
# - result.rc == 0
# - '"docker" not in result.stdout'
- name: building docker image
command: docker build -t devops-image .
args:
chdir: /opt/docker
- name: creating docker image
command: docker run -d --name devops-container -p 8080:8080 devops-image- ignore_errors: Setting up as yes for the case Docker image or container is not existed.
- Create image and Container
Add hosts file in /opt/docker
$ sudo vi hostslocalhostcheck & run ansible playbook
$ ansible-playbook -i hosts devops-image.yml --check$ ansible-playbook -i hosts devops-image.yml$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a5245d24f49a devops-image "catalina.sh run" 16 seconds ago Up 15 seconds 0.0.0.0:8080->8080/tcp devops-containercheck web app is running at http://ansible-server-ip:8080/webapp/
Run ansible-playbook in Jenkins
In Jenkins, before execute ansible playbook, delete docker image and container
- devops-image.yml
Edit Jenkins fob for Ansible with ansible command
Send build artifacts over SSH
deploy_container_using_ansible → configuration
SSH Publishers
- Add Transfers Exec command
ansible-playbook -i /opt/docker/hosts /opt/docker/devops-image.yml;
Apply & Save
After Build, you can see that docker image and container are created.
$ docker ps
36fb15f04958 devops-image "catalina.sh run" 19 seconds ago Up 18 seconds 0.0.0.0:8080->8080/tcp devops-containercheck: http://ansible-server-ip:8080/webapp/
Poll SCM for automation for GitHub
deploy_container_using_ansible → configuration.
Build Triggers – Poll SCM – Schedule
* * * * *Every 1 minute, Check GitHub’s repository Update.
DockerHub integration with Ansible
- Push to Public repository
In Ansible Server
Manually image is pushed to DockerHub
$ docker tag devops-image jayjodev/devops-image
$ docker login- Enroll DockerHub.
- Docker login as a root user
$ docker push jayjodev/devops-image- Check your image is in DockerHub.
Using Ansible, push Docker image to Docker Hub
In Ansible Server
Create dockerhub-devops-image.yml in /opt/docker
---
- hosts: all
become: true
tasks:
- name: create docker image using war file
command: docker build -t devops-image:latest .
args:
chdir: /opt/docker
- name: create tag to image
command: docker tag devops-image jayjodev/devops-image
- name: push image on to dockerhub
command: docker push jayjodev/devops-image
- name: remove docker images from ansible server
command: docker rmi devops-image:latest jayjodev/devops-image
ignore_errors: yes$ ansible-playbook -i hosts dockerhub-devops-image.ymlFrom Docker hub bring image. devops-image.yml in /opt/docker
---
- hosts: all
become: true
tasks:
- name: stop if we have old docker container
command: docker stop devops-container
ignore_errors: yes
- name: remove stopped docker container
command: docker rm devops-container
ignore_errors: yes
- name: remove current docker image
command: docker rmi jayjodev/devops-image
ignore_errors: yes
# register: result
# failed_when:
# - result.rc == 0
# - '"docker" not in result.stdout'
# - name: building docker image
# command: docker build -t devops-image .
# args:
# chdir: /opt/docker
- name: pull docker image from dockerhub
command: docker pull jayjodev/devops-image:latest
- name: creating docker image
command: docker run -d --name devops-container -p 8080:8080 jayjodev/devops-imageTest
$ ansible-playbook -i hosts devops-image.ymlFor Jenkins Job, Add target system ip in hosts in /opt/docker
$ sudo vi hoststarget-server-ip(private)
localhostUsing Jenkins Job, Docker Deploy using Docker Hub
Manually
In Ansible Server
- limit to specific system Test in /opt/docker
$ ansible-playbook -i hosts dockerhub-devops-image.yml --limit localhost- TASK [create docker image using war file]
- TASK [create tag to image]
- TASK [push image on to dockerhub]
- TASK [remove docker images from ansible server]
From Docker hub, pull docker image to target System and execute.
$ ansible-playbook -i hosts devops-image.yml --limit {target-server-ip(private)}- TASK [stop if we have old docker container] changed: [target server]
- TASK [remove stopped docker container] changed: [target server]
- TASK [remove current docker image] changed: [target server]
- TASK [pull docker image from dockerhub] changed: [target server]
- TASK [creating docker image]
In Target Server
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1c088b934aac jayjodev/devops-image "catalina.sh run" 3 minutes ago Up 3 minutes 0.0.0.0:8080->8080/tcp devops-containercheck web app is running at http://target-server-ip:8080/webapp/
Automation with Jenkins
New Item → Enter an item name (Maven Project) → Edit Description
Enter an item name: automation_ansible
Edit Description: automation_ansible
Source Code Management: git
- Repository URL: https://github.com/jayjodev/hello-world
- Hello World Sample (need fork)
Build Triggers
Poll SCM / Schedule
* * * * *Every 1 minute, Check GitHub’s repository Update
Build
- Goals and options: clean install package
Post-build Actions
- Send build artifacts over SSH example) Name: ansible-server Transfers Transfer Set
- Source files: webapp/target/*.war
- Remove prefix: webapp/target/
- Remote directory : //opt//docker
- Exec command:
ansible-playbook -i /opt/docker/hosts /opt/docker/dockerhub-devops-image.yml --limit localhost;
ansible-playbook -i /opt/docker/hosts /opt/docker/devops-image.yml --limit {target-server-ip(private)};Apply & Save
Build Now
log exampe)
TASK [create docker image using war file] **************************************
changed: [localhost]
TASK [create tag to image] *****************************************************
changed: [localhost]
TASK [push image on to dockerhub] **********************************************
changed: [localhost]
TASK [remove docker images from ansible server] ********************************
changed: [localhost]
PLAY RECAP *********************************************************************
localhost : ok=5 changed=4 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
PLAY [all] *********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [target server]
TASK [stop if we have old docker container] ************************************
changed: [target server]
TASK [remove stopped docker container] *****************************************
changed: [target server]
TASK [remove current docker image] *********************************************
changed: [target server]
TASK [pull docker image from dockerhub] ****************************************
changed: [target server]
TASK [creating docker image] ***************************************************
changed: [target server]
PLAY RECAP *********************************************************************
target server : ok=6 changed=5 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
SSH: EXEC: completed after 27,225 ms
SSH: Disconnecting configuration [ansible] ...
SSH: Transferred 1 file(s)
Finished: SUCCESS- After Build, check Docker Hub. Also, check the Container in the target server.
Source: https://www.udemy.com/course/valaxy-devops/