In this post, you will learn how to set up a basic Ansible Inventory. Besides that, you will learn how to encrypt sensitive information by means of Ansible Vault. Enjoy! 1. Introduction In a previous post, you learned how to set up an Ansible test environment. In this post, you will start using the test environment. Just as a reminder, the environment consists of one Controller and two Target machines. The Controller and Target machines run in a VirtualBox VM. Development of the Ansible scripts is done with IntelliJ on the host machine. The files are synchronized from the host machine to the Controller by means of a script. In this blog, you will create an inventory file. The inventory file contains information about the Target machines in order for the Controller to locate and access the machines for executing tasks. The inventory file will also contain sensitive information such as the password being used for accessing the Target machines. In a second part of this blog you will solve this security problem by means of Ansible Vault. The files being used in this blog are available in the corresponding git repository at GitHub. 2. Prerequisites The following prerequisites apply to this blog: You need an Ansible test environment, see a previous blog how to set up a test environment; If you use your own environment, you should know that Ubuntu 22.04 LTS is used for the Controller and Target machines and Ansible version 2.13.3; Basic Linux knowledge. 3. Create an Inventory File The Ansible Controller will need to know some information about the Targets in order to be able to execute tasks. This information can be easily provided by means of an inventory file. Within an inventory, you will specify the name of the Target, its IP address, how to connect to the Target, etc. Take a look at the Ansible documentation for all the details. In this section, you will experiment with some of the inventory features. By default, Ansible will search for the inventory in /etc/ansible/hosts but you can also provide a custom location for the inventory when executing Ansible. That is what you will do in this section. Create in the root of the repository a directory inventory and create an inventory.ini file. Add the following content to the file: Plain Text target1 target2 [targets] target1 target2 [target1_group] target1 [target2_group] target2 [target_groups:children] target1_group target2_group The first two lines contain the names for the Target machines. You can give this any name you would like, but in this case, you just call them target1 and target2. When you want to address several machines at once, you can create groups. A group is defined between square brackets followed by the list of machines belonging to this group. In the inventory above, you can recognize group targets which contains target1 and target2. This group is not really necessary, because by default a group all exists which is equal to the group targets in this case. The groups target1_group and target2_group are for illustrative purposes and do not make much sense because they contain only one machine. However, in real life, you can imagine to have groups for application machines, database machines, etc. or you might want to group machines by region for example. You can also define a group of groups like target_groups. You need to add :children to the definition and then you can combine several groups into a new group. The group target_groups consists of the group target1_group and target2_group. This actually means that group target_groups consists of machines target1 and target2. 4. Define Variables The inventory file you created just contains names of machines and groups. But this information is not enough for Ansible to be able to locate and connect to the machines. One approach is to add variables in the inventory file containing this information. A better approach is to define a directory host_vars containing subdirectories for each machine containing the variables. Ansible will scan these directories in order to find the variables for each machine. You can also define variables for the groups. In this case, you create a directory group_vars. Create in directory inventory a directory host_vars containing the directories target1 and target2. The directory tree of directory inventory looks as follows: Plain Text ├── host_vars │ ├── target1 │ └── target2 └── inventory.ini Create in directory target1 a file vars with the following contents: YAML ansible_host: 192.168.2.12 ansible_connection: ssh ansible_user: osboxes ansible_ssh_pass: osboxes.org The variables defined here are some special variables for Ansible to be able to locate and connect to the machine: ansible_host: the IP address of the target1 machine; ansible_connection: the way you want to connect to target1; ansible_user: the system user Ansible can use to execute tasks onto the machine; ansible_ssh_pass: the password of the ansible_user. Do not store passwords in plain text in real life! This is only done for testing purposes and a proper solution is provided later on this post. Note that you can also define these variables in the inventory file on the same line as where you define the name of the machine. In this case, the variables need to be defined as key=value (with an equal sign and not with a colon). Add a vars file to directory target2 with similar contents but with the connection values for target2. 5. Test Inventory Settings Now it is time to do some testing in order to verify whether it works. Start the Controller and the two Target machines. Synchronize the files you created to the Controller machine and navigate in a terminal window to the MyAnsiblePlanet directory. Connect once manually to both Target machines so that the SSH fingerprint is available onto the Controller machine, otherwise you will get an error message when Ansible tries to connect to the Target machines. Shell $ ssh osboxes@192.168.2.12 $ ssh osboxes@192.168.2.13 With the following command, you will ping the target1 machine. The command consists of the following items: ansible: The Ansible executable; target1: The name of the machine where you want to execute the task. This corresponds to the name in the inventory; -m ping: Execute the ping command; -i inventory/inventory.ini: The path of the inventory file. The command to execute: Shell $ ansible target1 -m ping -i inventory/inventory.ini target1 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python3" }, "changed": false, "ping": "pong" } The response indicates a success. Execute the same command but for the target2 machine. The result should also be a success response. Just like you can execute a task on a single machine, you can also execute a task on a group. Execute the command for the targets group: Shell $ ansible targets -m ping -i inventory/inventory.ini target2 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python3" }, "changed": false, "ping": "pong" } target1 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python3" }, "changed": false, "ping": "pong" } As you can see, the command is executed on both Target machines, as expected. Execute the command for the other groups as well. 6. Encrypt Password Now that you know that the inventory configuration is working as expected, it is time to get back to the password in plain text problem. This can be solved by using Ansible Vault. Ansible Vault probably deserves its own blog, but in this section you just going to apply one way of encrypting sensitive information. The encryption will be done for the target1 machine. Create in directory inventory/target1 a file vault and copy the ansible_ssh_pass variable to this vault file. Change the variable name from ansible_ssh_pass into vault_ansible_ssh_pass. YAML vault_ansible_ssh_pass: osboxes.org In the vars file, you replace the plain text password with a reference to this new vault_ansible_ssh_pass variable using Jinja2 syntax. Note that it is also required to add double quotes around the reference. YAML ansible_host: 192.168.2.12 ansible_connection: ssh ansible_user: osboxes ansible_ssh_pass: "{{ vault_ansible_ssh_pass }" Encrypt the vault file with password itisniceweather (or whatever password you would like). Shell $ ansible-vault encrypt inventory/host_vars/target1/vault New Vault password: Confirm New Vault password: Encryption successful The vault file contents is now encrypted. Plain Text $ANSIBLE_VAULT;1.1;AES256 34353662643861663663363161366239343633636561663564653030663134623266323363353433 6233383939396335343639623165306330393031383836320a616430336132643638333862363965 36303837313239386566633332326165663336363464623437383638333936613038663366343833 3737316665323230620a343163356138656535363837646566643962393366353266613462616437 32346531613637396666623864333330643261366139306162373038633636633934326165616438 6565363034333137623539643539666234386339393965663362 The password you have used for encrypting the file should be saved in a password manager. Ansible will need it to decrypt the password. Try to execute the ping command for target1 like you did before. Shell $ ansible target1 -m ping -i inventory/inventory.ini ERROR! Attempting to decrypt but no vault secrets found This fails because Ansible cannot decrypt the password field. Add the parameter --ask-vault-pass to the command in order that Ansible asks you for the vault password. Shell $ ansible target1 -m ping -i inventory/inventory.ini --ask-vault-pass Vault password: target1 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python3" }, "changed": false, "ping": "pong" } And now it works again! This is a better way for handling sensitive information in your Ansible files. There are several more ways of handling sensitive information. As said before, Ansible Vault deserves its own blog. In the meanwhile, more information can be found in the Ansible documentation. 7. Conclusion In this post, you learned the basics of an Ansible Inventory file and you learned how to encrypt sensitive information in the inventory file. You have gained the basic skills to start setting up an inventory file yourself for your environment.

This article documents a simple yet very useful way of bypassing some of the configured HandlerInterceptors depending on the request's mapping.

Mutation testing and property-based testing are two relatively niche technologies in the Java tester's toolkit. Read more in this article.

The Jakarta EE Ambassadors are thrilled to see Jakarta EE 10 being released! This is a milestone release that bears great significance to the Java ecosystem.

This article shows how to use Cucumber, Selenium, and Kotlin in your CI/CD process in four easy steps.

Explore fundamentals of Elasticsearch, a full-text search engine and analysis tool developed using Java programming language on Apache Lucene infrastructure.

A simple Spring Boot application with Data JPA (Hibernate) using embedded Hazelcast for the second-level cache with the support of the Kubernetes cluster.

You need to consider multiple factors when choosing frameworks for mobile app development, from the number of built-in features to user interface complexity.

Testing asynchronous code is never easy. Still, simplicity and maintainability is possible with the right set of tools.

In this article, learn more about what the Elasticsearch TLS structure is used to ensure, and also how to activate the x-pack-security module.

Are you in a dilemma about which frontend framework to choose for your web development project? Here are top frontend frameworks, and decide what best suits you.

Develop a simple app in minutes with a React frontend that makes GraphQL calls against a Spring Boot Data JPA service backed by Oracle database and accessed via UCP.

Here’s how powerful Spring Boot, Spring IO, Spring Data, and several Netflix OSS projects can be when used together to build microservices.

With the release of TensorFlow 2.0 and Keras library integration as the high-level API, it is easy to build and train deep learning architectures.

Java-Server-Faces is a web technology that is underestimated by many people. Why is that? And are you actually crazy if you still use JSF?

In this article, see how to easily test Stored Procedures by adding unit tests using tsqlt framework.

Are you thinking about adapting a microservices architecture? Here are three steps to prepare your code base.

Get the answers to what is BLoC pattern in Flutter app development, what are the benefits, how to implement it, and how to use it in real-world projects.

React vs Angular seems like a long debate, but both are more prominent and emerging quicker than the rest of the competition. How?

When you want to experiment with Ansible, you will need to setup a test environment. In this blog, you will create a test environment containing one controller and two target machines. This will give you a good setup for experimenting with Ansible without breaking a real machine. 1. Introduction With Ansible, you can automate repetitive IT tasks and because it is automated, it will also prevent you from making mistakes. Especially when you have to configure several similar environments. The other main advantage is that the configuration is maintained in files and therefore extremely suitable for adding the configuration to version control (e.g. Git). However, in every learning path you need to be able to experiment in order to make mistakes and to learn. In this blog, you will setup an Ansible controller machine and two target machines running in VirtualBox. The Ansible Controller will be the machine where to run the Ansible playbooks from and the target machines will be where tasks can be executed. The test setup looks as follows. The sources for this post are available at GitHub. 2. Setup Ansible Controller The machines will be created as Virtual Machines (VMs) and as virtualization platform you will use VirtualBox. Install VirtualBox on your host machine when it is not yet installed. You can create a machine from scratch and install an operating system (OS) yourself, but for testing purposes, it is easier to retrieve an already installed image from osboxes.org. Navigate to VM IMAGES – VirtualBox Images and choose for Ubuntu, the OS you will use for setting up the environment. Download the Ubuntu 20.04.4 Focal Fossa version. After downloading the file, unzip it. Create in VirtualBox a new machine via Machine – New… Fill in the following and click the Next button: Name: Controller Type: Linux Version: Ubuntu (64-bit) Set the memory size to 4 GB and click the Next button. Choose for Use an existing virtual hard disk file and select the .vdi file you downloaded and unzipped. Click the Create button. Select the VM in VirtualBox and click the Settings button. Navigate to Network in the left menu and change in the Adapter_1 tab Attached to into Bridged Adapter. Click the OK button. Start the VM and login with username osboxes and password osboxes.org. After successful login, verify whether you have internet connection (just try to search something in the browser in the VM). Run the software updates in Ubuntu and also update libraries in a terminal window. Shell $ sudo apt-get upgrade Retrieve the IP address of the VM. You can do so by hovering over the network icon at the right bottom of the VM or by executing the following command in a terminal window. Shell $ ip a Install openssh-server in order to be able to connect via SSH from your host to the VM. Shell $ sudo apt install openssh-server As a last step, try to connect from your host to the VM via a terminal window, and replace the IP address with the IP address of your Controller VM. Shell $ ssh osboxes@192.168.2.2 Shutdown the VM. 3. Create Target Machines In this section the two target machines will be created. In VirtualBox, right-click the Ansible Controller and choose Clone… Fill in the following and click the Next button: Name: Target1 MAC Address Policy: Generate new MAC addresses for all network adapters Choose for Linked clone (you can also choose for a full clone, but when it is only for testing purposes, there is no harm for chosing a linked clone). Click the Clone button. Again, log in to the VM, retrieve the IP address and try to SSH to the VM from your host. Lastly, create in a similar way a Target2 machine. 4. Install Ansible The controller needs an Ansible installation in order to be able to run playbooks from the Ansible controller. Several options are available for installing Ansible, these can be found in the documentation. The steps below were successfully executed inside the controller VM. The third command did not really execute successfully or it took too long. Nevertheless, the installation seems to be successful. Shell $ sudo apt update $ sudo apt install software-properties-common $ sudo add-apt-repository --yes --update ppa:ansible/ansible $ sudo apt install ansible Verify whether the Ansible installation was successful. Shell $ ansible --version ansible [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/home/osboxes/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /home/osboxes/.local/lib/python3.8/site-packages/ansible ansible collection location = /home/osboxes/.ansible/collections:/usr/share/ansible/collections executable location = /usr/bin/ansible python version = 3.8.10 (default, Mar 15 2022, 12:22:08) [GCC 9.4.0] jinja version = 3.1.1 libyaml = True 5. IDE Configuration Although it is perfectly possible to create Ansible files with a text editor, it is easier and better to use an IDE for this. When you are developing with Java, you probably already have IntelliJ installed onto your host machine and with the help of some plugins, creating Ansible scripts will make your life a lot easier. Install via File – Settings… – Plugins the Ansible plugin (for autocompletion during development of Ansible scripts) and the yamllint plugin (for verifying your yaml syntax). In order to be able to use the yamllint plugin, you also need to install yamllint itself. See the yamllint documentation how to do this. You also need to enable yamllint in IntelliJ. Navigate to File – Settings… and search for yamllint. Enable yamllint and click the OK button. Create a new empty project MyAnsiblePlanet via File – New – Project… and click the Finish button. The project files are located on your host machine, you now have to find a way to sync them to the controller. This can be done with the help of the rsync command. In the project directory a file transferdata.sh is available with the rsync command to copy the project files to the controller. Do not forget to change the IP address of the controller when it is different than the one in the script. Shell rsync -avz . osboxes@192.168.2.2:MyAnsiblePlanet Execute the script (do not forget to start the controller). Login via SSH to the controller and verify whether the files are correctly synced. 6. Conclusion In this post, you created an Ansible controller VM and two target VMs. You also setup your IDE and you have a way to sync your local project files to the Ansible controller machine. You are now all setup for experimenting with Ansible.