Ansible provisioners

LarryBetson · June 21, 2019, 12:11pm

Hello. I have a quick question, new to how Packer works, read the documentation but it did not really help me with this. I am trying to better understand how I can tie in Ansible as part of a provisioning step in building images.

If I want to run an Ansible playbook as a “provisioner” and I can’t reach an Ansible controller, is it possible to run the Ansible playbooks locally on my workstation?

What is the best approach to doing that? Do I need to point it to a controller? Do I have to install Ansible on the target machine first and push the playbook files somehow to the target I am building?

I want to try and “bake-in” as much as I can to the image before rolling it out. I know I can run some CI-CD tools after, again trying to get as much pre-configured as possible.

Any advice would be greatly appreciated. Thank you.

LarryBetson · June 25, 2019, 2:06pm

Anyone have some tips or advice on this? Thank you very much.

kikitux · June 25, 2019, 5:00pm

Hello Larry!

If you are familiar with Ansible, perhaps the best will be start using ansible-local provisioner.

In this way you can have:

packer building an image, say ubuntu
packer running a provisioner shell, you install ansible
packer running a provisioner ansible-local, and this will run on the VM.

A simple example is here:

Let me know how this goes.

Thanks
Alvaro

bbaassssiiee · July 11, 2019, 9:43pm

You can look at this example that I made to demo hardening Centos6 to DISA-STIG standards https://github.com/bbaassssiiee/vagransible This runs Packer locally on a Mac.

A more complex example ishttps://github.com/bbaassssiiee/redesign

castironclay · November 9, 2019, 1:15pm

Example file below that I use regularly to keep an updated Ubuntu AMI on AWS. Hope this helps. Playbook file location is in relation to the packer.json file. This is run locally from my Macbook with Ansible installed locally as well. Nothing is required on the distant end machine besides python.

{
  "variables": {
    "AWS_ACCESS_KEY_ID": "",
    "AWS_SECRET_ACCESS_KEY": ""
  },
  "provisioners": [
    {
      "type": "ansible",
      "playbook_file": "../ansible/baseline.yml"
    }
  ],
  "builders": [{
    "type": "amazon-ebs",
    "access_key": "",
    "secret_key": "",
    "region": "us-east-1",
    "source_ami": "ami-07d0cf3af28718ef8",
    "instance_type": "t2.micro",
    "ssh_username": "ubuntu",
    "force_deregister": "true",
    "force_delete_snapshot": "true",
    "ami_name": "FullMesh-Template-{{timestamp}}"
  }]
}

castironclay · November 9, 2019, 1:24pm

Same thing but for Digital Ocean

{
  "variables": {
    "DIGITALOCEAN_API_TOKEN": "{{env `DIGITALOCEAN_API_TOKEN`}}"
  },
   "provisioners": [
    {
      "type": "ansible",
      "playbook_file": "../ansible/baseline.yml"
    }
  ],
  "builders": [
    {
      "type": "digitalocean",
      "api_token": "",
      "image": "ubuntu-18-04-x64",
      "region": "nyc1",
      "size": "s-1vcpu-1gb",
      "ssh_username": "root",
      "droplet_name": "FullMesh-Template-Builder",
      "snapshot_name": "FullMesh-Template"
    }]
}