Ansible

8 minute readExtensibilityDeveloper productivity

Ansible is a radically simple IT automation engine that automates cloud provisioning, configuration management, application deployment, intra-service orchestration, and many other IT needs.

The CloudBees CD/RO EC-Ansible plugin allows users to run playbooks and ad hoc commands on Ansible. It can be configured to run on a variety of CloudBees CD/RO server/agent topologies, CloudBees CD/RO runtime contexts, and Ansible target hosts.

Features

  • Flexible Configuration: the plugin can be configured to any OS type and supports different user access and playbooks encryption. For more info go to Plugin Configuration.

  • Flexible Environments: plugin procedures can be running on different architecture types:

    • On the CloudBees CD/RO server

    • On an agent

    • On a CloudBees CD/RO cluster and multiple agents

  • Ad-Hoc commands support: Designed to run any kind of ad-hoc commands using any command module that is supported from Ansible. For example, ping, win_ping, file, shell, win_shell, and win_file.

  • Ansible playbook support: Using the run Ansible playbook procedure, you can run any playbooks and roles with additional parameters and variables.

  • Automated pipeline steps support: You can use EC-Ansible plugin procedures in pipeline stages, to be a part of release, to be run as parallel stages, or as parameterized pipeline stages.

  • Automated application stages support: Ansible procedures can run as a part of application stages.

Plugin Version 1.4.3.2020092501 Revised on May 15, 2020

Supported versions

The following versions of Ansible have been tested with this plugin:

  • Ansible 1.9

  • Ansible 2.0 - 2.9

The plugin has been tested with Ansible targets running on Linux Ubuntu, Linux Debian, and Windows 10 Professional hosts.

Plugin configurations

Creating and editing configurations

Plugin configurations are sets of parameters that apply across some or all of the plugin’s procedures. Configurations reduce repetition of common values, create predefined sets of parameters for end users, and securely store credentials. Each configuration is given a unique name that is entered in designated parameters on procedures that use them.

You can create plugin configurations from the CloudBees CD/RO Administration tab by selecting the Plugins sub-tab. To open the Configuration page, use the Configure link to the right of the line for the specific plugin.

Variables Precedence in Ansible

Ansible has a complicated precedence for variables. If you define multiple variables with the same name in multiple places, Ansible uses them in a certain order. For more information, refer to variables precedence.

If the machine running ansible-playbook has pre-configured inventories, the behavior of the procedure is not defined. Pre-defined variables in the local inventories may be involved.

ParameterDescription

Configuration Name

Provide a unique name for the configuration, keeping in mind that you may need to create additional configurations over time.

Description

Provide a configuration description.

ansible-playbook path

Provide the path to the ansible-playbook executable. For example: /usr/bin/ansible-playbook.

ansible path

An absolute or relative path to the ansible executable.

Disable host key check?

If selected, the remote host key check is disabled and Ansible does not ask you to accept a fingerprint.

Vault credentials

Credentials for vault.

Remote Connection Type

Select the type of authentication to use for remote connections. Select Skip explicit auth if you do not require explicit authentication, for example, if you use a local connection or when authentication is already configured on the control machine.

Remote connection credentials

Provide credentials (username and private key or password) for the remote connection.

Become credentials

Set credentials to use become. For more information, refer to using become.

Check Connection?

If checked, the configuration will be saved only if the test request with given credentials succeeds.

Check Connection Resource

Set the resource to use for checking the connection.

Debug Level

Set the debug level. Setting a higher debug level produces more debug messages.

Enter the following parameters in the configuration panel:

Sample configuration parameters 1
Figure 1. Sample configuration parameters 1
Sample configuration parameters 2
Figure 2. Sample configuration parameters 2
Sample configuration parameters 3
Figure 3. Sample configuration parameters 3

Configuring Windows hosts

Install WinRM on the windows host before configuration. For more information, refer to the installation guide.

Windows configurations do not support Become credentials.
Sample Windows configuration
Figure 4. Sample Windows configuration

Plugin procedures

In the CloudBees CD/RO UI, open the main menu, and select Admin Plugins to open the Plugin Manager.
For all parameter descriptions below, required parameters are shown in bold italics.

Run Playbook

Runs an Ansible playbook.

This plugin invokes Ansible, which uses SSH to connect to remote machines. The plugin does not handle interactive prompts when executing commands. SSH is configured in such a way that as long as the credentials in the configuration are correct, there are no further interactive checks included during login.
ParameterDescription

Configuration

Previously-defined Ansible configuration.

Ansible playbook path

Absolute path to the Ansible playbook, for example: /home/ansible/playbook.yml.

Inventory

Specify the inventory host path (the default is /etc/ansible/hosts), or enter the content of an inventory file such as the following:

[remote]
my_server.com

Tags

Run plays and tasks tagged with these values.

You can define multiple tags one per line or comma-separated.

Skip tags

Skip (do not run) plays and tasks whose tags match these values.

You can define multiple tags by adding one per line or as a comma-separated list.

Variables

Define variables to pass to the Ansible playbook.

These will be passed as --extra-vars.

Pass these as JSON or key=value pairs.

Verbose?

If selected, the output from ansible-playbook provides additional details.

Additional parameters

Additional parameters to pass to the ansible-playbook executable.

Start each parameter on a new line.

Result Property Sheet

Property Sheet name to save results into. The saved results are:

  • stdout - Raw STDOUT from the ansible-playbook command.

  • recap - This property sheet contains the parsed RECAP part from the ansible-playbook output in the following form:

    Host Name/
        changed: number
        failed: number
        ok: number
        unreachable: number
        passed: true|false
  • The passed field is true if there are no failed and unreachable tasks.

  • recapJSON - The same recap as above in JSON form.

  • verbose - This property sheet contains information about executed tasks. It looks like the following:

    Task Name/
        Host Name/
          state: ok|failed|ignoring...
          raw: raw json output if there is some
          verbose: parsed output if there is some
  • verboseJSON - Contains the same data as above in JSON form.

Choosing the plugin procedure
Figure 5. Choosing the plugin procedure in the picker
Filling the form
Figure 6. Filling the form
Running the procedure
Figure 7. Running the procedure
The log after a run
Figure 8. Log after run
Example output properties
Figure 9. Output properties

Running the ad hoc command

Running the ad hoc command runs the provided command.

This plugin invokes Ansible, which uses SSH to connect to remote machines. As the plugin does not handle interactive prompts when executing commands, it is an implicit assumption that SSH is configured in such a way that as long as the credentials in configuration are correct, there are no further interactive checks (for example, fingerprint check) thrown as part of the SSH login.

Refer to Introduction to ad hoc commands for additional ad hoc commands.

ParameterDescription

Configuration

Previously-defined Ansible configuration.

Server group

Specify a server group to run a command.

Command/Module args

Specify a command to run, for example touch /tmp/myFile, or module arguments. The value of this field is passed as the argument "--args".

Module

Module name to execute, e.g. "command", "shell", "ping". Default is "command".

Inventory

Specify an inventory host path (the default is /etc/ansible/hosts), or enter the content of an inventory file such as the following:

[remote]
my_server.com

Verbose?

If selected, the output from the Ansible command provides additional details.

Additional parameters

Additional parameters to pass to the Ansible command executable. Each parameter should start on a new line.

Selecting the plugin procedure
Figure 10. Selecting the plugin procedure
Filling the form
Figure 11. Filling the form
Running the procedure
Figure 12. Running the procedure
The log after a run
Figure 13. Log after run

Examples

Running the Ansible command on Windows hosts

  1. Create the plugin configuration. For more information, refer to Configuring Windows hosts.

  2. Create the run ad hoc command procedure:

    Running the ad hoc command procedure
    Figure 14. Run the ad hoc command procedure
  3. Run the procedure. Refer to the screen below for a sample successful run.

    Sample successful run
    Figure 15. Sample successful run
  4. On Windows hosts, you can use the sample Windows playbook to run the playbook procedure:

    ---
    - name: WindowsVm
      hosts: windows-vm1
      connection: winrm
      vars:
        user: build
      tasks:
      - name: Create test folders on windows vm.
        win_file:
          path: C:\Users\build\test1
          state: directory
    
      - name: Show test folders on vm home directory.
        win_shell: ls C:\Users\{{ user }}\
        register: show_tables
      - debug: msg="{{ show_tables.stdout_lines }}"

Running Ansible from pipelines

  1. Create the pipeline and add a new task.

  2. Select Run Ansible Playbook, and then select the EC-Ansible plugin.

    Running Ansible from pipelines
    Figure 16. Running Ansible from pipelines
  3. Select Define, and then edit the input parameters.

    Define the input parameters
    Figure 17. Define the input parameters
  4. Define the procedure parameters:

    Define the procedure parameters
    Figure 18. Define the procedure parameters
  5. Select OK and save the procedure.

Running Ansible from applications

  1. Create a new application.

  2. Create an application component using EC-Artifact or EC-Artifactory.

  3. Enter the Artifact path to the tomcat-application *.war file, and then select OK.

    Create an application component
    Figure 19. Create an application component
  4. Select Application Processes.

  5. Create the application process.

    Create the application process
    Figure 20. Create the application process
  6. Create a process step using the EC-Ansible Run Playbook procedure.

  7. Select Plugins Resource ManagementAnsibleRun Playbook procedure.

  8. Enter a Configuration name.

  9. Enter the Ansible playbook path to deploy-playbook.yml.

  10. Enter the path to your hosts file in the Inventory field.

    Demo parametersrole="screenshot"
    Figure 21. Demo parameters
  11. Select OK.

    Below is a sample of the deploy-playbook.yml:

    ---
    - name: Deploy Application
     hosts: linux-vm1
     connection: ssh
     become: true
     become_user: root
     become_method: sudo
     vars:
       user: build
     tasks:
     - name: Delete application if exist
       file:
         state: absent
         path: /var/lib/tomcat7/webapps/hello-world.war
     - name: Copy Artifact to remote Tomcat Server
       copy:
         src: /home/ecloud/ansible/application/hello-world.war
         dest: /var/lib/tomcat7/webapps/
         owner: root
         group: root
         mode: 0644
     - name: Show application is copied
       shell: "ls -l /var/lib/tomcat7/webapps"
       register: out
     - debug: msg="{{ out.stdout_lines }}"
     - name: Restart Tomcat server
       shell: service tomcat7 restart
       register: restart
     - debug: msg="{{ restart.stdout_lines }}"
  12. Map the application to an existing local or remote Ansible resource and run the application.

Running playbooks with the Ansible vault

  1. Create a sample playbook.

  2. Encrypt the playbook value using the following command and type the vault password:

    $ ansible-vault encrypt /path/to/playbook.yml --ask-vault-pass.
  3. Create a plugin configuration using the vault password:

    Creating a plugin configuration using a vault password
    Figure 22. Creating a plugin configuration using a vault password
  4. Run the Playbook procedure with parameters:

    Running the Playbook procedure with parameters
    Figure 23. Running the Playbook procedure with parameters

    Here is an example of the expected output:

    Sample expected output
    Figure 24. Sample expected output

Release notes

EC-Ansible 1.4.3

  • Documentation has been migrated to the documentation site.

EC-Ansible 1.4.2

  • Renaming to "CloudBees CD"

EC-Ansible 1.4.1

Fixed Binary Dependencies procedure to work with Gateways.

EC-Ansible 1.4.0

Provisioning of Binary Dependencies (for example Grape jars) in the agent resource, required by this plugin, is now delivered through a newly introduced mechanism called Plugin Dependency Management. Binary dependencies will now be seamlessly delivered to the agent resource from the Flow Server, any time a new version of a plugin is invoked the first time. Flow Repository set up is no longer required for this plugin.

EC-Ansible 1.3.1

Added Setup procedure to handle binary dependencies.

EC-Ansible 1.3.0

Add checking connection while creating/editing a configuration

EC-Ansible 1.2.1

Renaming to "CloudBees"

EC-Ansible 1.2.0

  • Improved plugin promotion time.

  • Added support for credentials stored in Vault, support for Become (Privilege Escalation).

  • Certified to work on Windows Hosts as Ansible Targets.

  • Improved support for large CLI command output.

EC-Ansible 1.1.2

  • Configurations can be created by users with "@" sign in a name.

EC-Ansible 1.1.1

  • Fix for getting actual parameters from different contexts.

EC-Ansible 1.1.0

  • Output processing has been added.

EC-Ansible 1.0.9

  • Fix for the intrinsic property names (i.e. "tags" parameter was not processed correctly in a context of a pipeline).

EC-Ansible 1.0.8

  • Labels for username and private key were added to the configuration.

EC-Ansible 1.0.7

  • Logo icon has been added.

EC-Ansible 1.0.6

  • Configured the plugin to allow the ElectricFlow UI to create configs inline of procedure form.

EC-Ansible 1.0.5

  • Configured the plugin to allow the ElectricFlow UI to render the plugin procedure parameters entirely using the configured form XMLs.

  • Enabled the plugin for managing the plugin configurations in-line when defining an application process step or a pipeline stage task.

EC-Ansible 1.0.4

  • Added logic for arguments escaping.

EC-Ansible 1.0.3

  • Added the Run Ad Hoc Command procedure.

EC-Ansible 1.0.2

  • Added an option to the config to skip host key check.

EC-Ansible 1.0.1

  • The documentation has been improved.

EC-Ansible 1.0.0

  • First release.