Deploying the Ansible Code

Create a Docker container GitHub action and deploy the Ansible code.

We'll cover the following

Running Ansible within a release pipeline isn’t as easy as running a playbook. The build agents running your code are not configured to run Ansible. You are responsible for building that environment at runtime.

You already have the Ansible environment codified in a Dockerfile. Now the question becomes, "How do you run that container with GitHub actions?"

To accomplish this, you will create a Docker container GitHub action and a workflow that uses that action to deploy Ansible.

Create a Docker container GitHub action

Use the following Dockerfile to create the container that our release pipeline uses:

Multi Cloud Dockerfile
The Dockerfile contains all the tools and packages required to manage both Azure and AWS environments.

Press + to interact
FROM ubuntu:latest
RUN apt-get update && apt-get install -y curl && apt-get install -y wget
RUN apt-get install -y git
RUN apt-get install -y inotify-tools
RUN apt-get install -y nano tree vim jq
RUN apt-get update; \
    apt install -y python3-pip; \
    apt install -y sshpass; \
    apt install -y openssh-client; \
    apt-get install -y ipt-transport-https; \
    wget -q https://packages.microsoft.com/config/ubuntu/18.04/packages-microsoft-prod.deb;\
    dpkg -i packages-microsoft-prod.deb; \
    apt-get update; \
    add-apt-repository universe; \
    apt-get install -y powershell; \
    pwsh -c "Set-PackageSource -Name PSGallery -Trusted"; \
    pwsh -c "Install-Module AZ -Scope AllUsers"; 
RUN curl -sL https://aka.ms/InstallAzureCLIDeb | bash ;
RUN pip3 install --upgrade pip; \
    pip3 install "ansible==2.9.12"; \
    pip3 install boto; \
    pip3 install boto3; \
    pip3 install "pywinrm>=0.3.0"; \
    pip3 install ansible[azure]; \
    pip3 install ansible-lint

We have created the ansible Github action directory using the command below:

Press + to interact
mkdir -p .github/actions/ansible

The above Dockerfile has already been to the .github/actions/ansible directory.

Add an ENTRYPOINT

Currently, your Ansible container runs interactively. You issue commands at the terminal. Github actions don’t allow you to do that. Instead, you must programmatically run the container and add an entrypoint to the Dockerfile.

An entrypoint allows you to configure a container that will run as an executable. It does that by calling a command or script when the container starts. Using a shell script, you will turn your container into an executable that runs the site.yml playbook.

Without the ability to run interactively, you have to automate all the steps of running Ansible.

Use the entrypoint.sh to define all the steps necessary to run the site.yml without manual intervention.

Press + to interact
touch .github/actions/ansible/entrypoint.sh

Each time that you start the Ansible container, you have to install the Galaxy roles. This can easily be accounted for by adding the ansible-galaxy command to the entrypoint.sh script.

Press + to interact
ansible-galaxy install -r roles/requirements.yml

Next is automating the Vault password. Previously, you used --ask-vault-pass with the ansible-playbook command to prompt the Vault password. That won’t work in the pipeline. To fix this issue, you will use a password file instead.

Use the ANSIBLE_VAULT_PASSWORD environment variable to output the Vault password to a file named .vault.

Press + to interact
 echo $ANSIBLE_VAULT_PASSWORD >> .vault

You will need to update the Dockerfile. You can use the COPY command to copy the entrypoint.sh file into the container image.

Press + to interact
COPY ./entrypoint.sh /entrypoint.sh

Add an ENTRYPOINT using bash to execute the entrypoint.sh script in the Dockerfile.

Press + to interact
ENTRYPOINT ["bash","/entrypoint.sh"]

Docker container action

Within the .github/actions/ansible directory, you will create the Github action file. Review the file below:

Press + to interact
name: 'Ansible'
description: 'Runs an Ansible playbook'
inputs:
  inventory:
    description: 'Ansible inventory to use'
    required: true
    default: hosts
runs:
  using: 'docker'
  image: 'Dockerfile'
  args:
    - ${{ inputs.inventory }}

The action.yml file defines the action.

Specifying using: 'docker' defines the action as a Docker action, and configures the image used for the Docker action.

Essentially, it is equivalent to the docker build command. It prepares the image on the hosted build agent, so the workflow can use it to run Ansible playbooks from your repository.

AWS

#!/bin/bash
ansible-galaxy install -r roles/requirements.yml

echo $ANSIBLE_VAULT_PASSWORD >> .vault

ansible-playbook -i hosts_aws_ec2.yml site.yml --vault-password-file .vault

#avoids locally storing on a mounted volume 
rm .vault
Ansible code deployment for AWS

Azure

#!/bin/bash
ansible-galaxy install -r roles/requirements.yml

echo $ANSIBLE_VAULT_PASSWORD >> .vault

ansible-playbook -i hosts_azure_rm.yml site.yml --vault-password-file .vault

#avoids locally storing on a mounted volume 
rm .vault
Ansible code deployment for Azure

Let’s add, commit, and push the changes. Execute the following commands in the widget’s terminal:

Press + to interact
# Configure user.email
# Replace <Your email> with the actual email
git config --global user.email "<YourEmail>"
# Configure user.name
# Replace <Your name> with the actual name
git config --global user.name "<YourName>"
git add .
git commit -m 'added initial actions'
# push the committed changes
git push

Creating a Github Docker action solves installing and configuring Ansible, but passing in environment variables still needs to be accounted for.

In this lesson, you created a docker container GitHub action and pushed the ansible code to your repository.

Get hands-on with 1300+ tech skills courses.