Test Ansible on Docker and confirm python is needed
Ansible can be run agentless, but python is required on the target node.
Let’s try it on Docker to see if that is true.
The code can be found in Git.
Configuration
Master node which is installed Ansible run the playbook and send execution order to target machine(container).
Note that ubuntu without python will fail to run.
Since ubuntu uses Apt as its package manager, and Apt is not dependent on python, we can uninstall python.
How to run
1 |
docker-compose up -d |
2.Connect to Ansible container via SSH
1 |
docker exec -it ansible /bin/bash |
3.Confirm SSH connection to targets.
1. Connect to centos, ubuntu
1 2 3 4 5 6 7 8 9 10 11 |
ssh target-centos # type yes to connect exit ssh target-ubuntu # type yes to connect root # Enter root to login python3 -V exit |
2. Connect to ubuntu without python
1 2 3 4 5 6 7 |
ssh target-no-python-ubuntu # yesで接続 root # Enter root to login python3 -V # confirm python is uninstalled exit |
4.
1 2 3 4 5 6 7 |
ansible-playbook -i inventry.ini playbook.yml --ask-vault-pass -e @vaulted_vars.yaml # --ask-vaul-pass option means asking password to decrypt vault file # -e @<filename> option can pass variable file. pass # Vault password: pass |
5.Check log(fail if no python environment)
As shown in the line 9 at the log, Ubuntu without python could not execute playbook.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
root@e03b1b5dae16:/var/data# ansible-playbook -i inventry.ini playbook.yml --ask-vault-pass -e @vaulted_vars.yaml Vault password: PLAY [targets] **************************************************************************************************************************************************** TASK [Gathering Facts] ******************************************************************************************************************************************** fatal: [target-no-python-ubuntu]: FAILED! => {"ansible_facts": {}, "changed": false, "failed_modules": {"setup": {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "failed": true, "module_stderr": "Shared connection to target-no-python-ubuntu closed.\r\n", "module_stdout": "/bin/sh: 1: /usr/bin/python: not found\r\n", "msg": "The module failed to execute correctly, you probably need to set the interpreter.\nSee stdout/stderr for the exact error", "rc": 127, "warnings": ["No python interpreters found for host target-no-python-ubuntu (tried ['/usr/bin/python', 'python3.7', 'python3.6', 'python3.5', 'python2.7', 'python2.6', '/usr/libexec/platform-python', '/usr/bin/python3', 'python'])"]}}, "msg": "The following modules failed to execute: setup\n"} ok: [target-ubuntu] ok: [target-centos] TASK [targets test] *********************************************************************************************************************************************** [WARNING]: Consider using the file module with state=touch rather than running 'touch'. If you need to use command because file is insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of this message. changed: [target-ubuntu] changed: [target-centos] PLAY [centos] ***************************************************************************************************************************************************** TASK [Gathering Facts] ******************************************************************************************************************************************** ok: [target-centos] TASK [centos test] ************************************************************************************************************************************************ changed: [target-centos] PLAY [ubuntu] ***************************************************************************************************************************************************** TASK [Gathering Facts] ******************************************************************************************************************************************** ok: [target-ubuntu] TASK [ubuntu test] ************************************************************************************************************************************************ changed: [target-ubuntu] PLAY RECAP ******************************************************************************************************************************************************** target-centos : ok=4 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 target-no-python-ubuntu : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0 target-ubuntu : ok=4 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 |
6.Connect to target-centos, target-ubuntu again to check wheather targets, centos, ubuntu file is added or not
1 2 3 4 5 6 7 8 9 10 11 12 13 |
ssh target-centos ls # targets, centos was created exit ssh target-ubuntu root # enter password ls # targets, ubuntu was created exit |
Explanation about Ansible
about Inventory file
1 2 3 4 5 6 7 8 9 10 |
[targets:children] centos ubuntu [centos] target-centos [ubuntu] target-ubuntu ansible_ssh_pass='{{ ubuntu_pass }}' target-no-python-ubuntu ansible_ssh_pass='{{ np_ubuntu_pass }}'こ |
The configuration is nested in this way.
About Playbook file
create file on machines(targets, centos and ubuntu)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
- hosts: targets tasks: - name: "targets test" shell: | touch targets - hosts: centos tasks: - name: "centos test" shell: | touch centos - hosts: ubuntu tasks: - name: "ubuntu test" shell: | touch ubuntu |
The reason why execution was failed without python
The master node where Ansible is installed passes the python executable to the control node to be executed at runtime.
So control nodes without python will fail to execute.
Please be careful when using Ansible on network devices where python cannot be installed.
Summary
We have run Ansible using Docker and confirmed that it does not work without python.
Learn more about encryption using Ansible vault.
Translated with www.DeepL.com/Translator (free version)