Ansible

7 minute readExtensibilityDeveloper productivity

Ansible is a radically simple IT automation engine that automates cloud provisioning, configuration management, application deployment, intra-service orchestration, and many other IT needs.

The CloudBees CD/RO EC-Ansible plugin allows users to run playbooks and ad-hoc commands on Ansible. It can be configured to run on a variety of CloudBees CD/RO server/agent topologies, CloudBees CD/RO runtime contexts and Ansible target hosts.

Features

  • Flexible Configuration: the plugin can be configured to any OS type and supports different user access and playbooks encryption. For more info go to Plugin Configuration.

  • Flexible Environments: plugin procedures can be running on different architecture types:

    • On the CloudBees CD/RO server

    • On an agent

    • On a CloudBees CD/RO cluster and multiple agents

  • Ad-Hoc commands support: designed to run any kind of ad-hoc commands using any command module that is supported from Ansible. For example, ping, win_ping, file, shell, win_shell, win_file, and so on.

  • Ansible playbook support: using run Ansible playbook procedure you can run any kind of playbooks, roles, using additional parameters and variables.

  • Automated pipeline steps support: EC-Ansible plugin procedures can be used in pipeline stages, to be a part of release, to be run as parallel stages, or as parameterized pipeline stages.

  • Automated application stages support: Ansible procedures can run as a part of application stages.

Plugin Version 1.4.3.2020092501 Revised on May 15, 2020

Supported ansible versions

The following versions of Ansible have been tested with this plugin:

1.9, 2.0 - 2.9

The plugin has been tested with Ansible Targets running on both Linux (Ubuntu, Debian) as well as Windows (10 Pro) hosts.

Plugin configurations

Create/edit configuration

Plugin configurations are sets of parameters that apply across some or all of the plugin’s procedures. They are intended to reduce repetition of common values, create predefined sets of parameters for end users, and to securely store credentials where needed. Each configuration is given a unique name that is entered in designated parameters on procedures that use them.

Plugin configurations are created by going to the CloudBees CD "Administration" tab, then to the "Plugins" sub-tab. On the right side of the line for the specific plugin, there is a "Configure" link which will open the Configuration page.

Variables Precedence in Ansible

Ansible has a complicated variables precedence: if multiple variables with the same name are defined in multiple places, ansible will use them in a certain order.

This means that if the machine running ansible-playbook has already pre-configured inventories the behavior of this particular procedure is not defined because already defined variables in the local inventories may be involved.

ParameterDescription

Configuration Name

Provide a unique name for the configuration, keeping in mind that you may need to create additional configurations over time.

Description

Provide some description for configuration.

ansible-playbook path

Provide path to the ansible-playbook executable. E.g. /usr/bin/ansible-playbook.

ansible path

An absolute or relative path to ansible executable.

Disable host key check?

If checked, remote host key check will be disabled (ansible won’t ask you to accept fingerprint).

Vault credentials

Credentials for vault.

Remote Connection Type

Select the type of authentication to use for remote connection. Select "Skip explicit auth" if you don’t require any explicit auth, e.g., for local connections or when authentication is configured already on control machine.

Remote connection credentials

Provide credentials, username and private key or password, for remote connection.

Become credentials

Credentials to "become".

Check Connection?

If checked, the configuration will be saved only if the test request with given credentials succeeds.

Check Connection Resource

A resource which is used for the checking connection.

Debug Level

Debug level, higher debug level - more debug messages.

Enter this parameters in the configuration panel:

Configuring for Windows hosts

Install WinRM on the windows host before configuration using official guide.

Note: Windows configuration do not support Become credentials

Sample Windows configuration:

Plugin procedures

In the CloudBees CD UI, from the Home page, open the Main Menu, and click Admin > Plugins to open the Plugin Manager.
For all parameter descriptions below, required parameters are shown in bold italics.

Run Playbook

Runs an ansible playbook.

Note: This plugin invokes Ansible which uses ssh to connect to remote machines. As the plugin does not handle interactive prompts when executing commands, it is an implicit assumption that ssh is configured in such a way that as long as the credentials in configuration are correct, there are no further interactive checks (for example fingerprint check etc.,) thrown as part of the ssh login.

ParameterDescription

Configuration

Previously defined Ansible configuration.

Ansible playbook path

Absolute path to Ansible playbook for example /home/ansible/playbook.yml

Inventory

Specify inventory host path (default=/etc/ansible/hosts), or enter the the content of an inventory file such as the following:

[remote]
my_server.com

Tags

Run plays and tasks tagged with these values.

Multiple Tags can be defined either one per line or comma-separated.

Skip tags

Skip (i.e., do not run) plays and tasks whose tags match these values.

Multiple Tags can be defined either one per line or comma-separated.

Variables

Define variables to pass to ansible playbook.

These will be passed as --extra-vars.

Pass these as JSON or key=value pairs.

Verbose?

If checked, the output from ansible-playbook will be more verbose.

Additional parameters

Additional parameters to pass to ansible-playbook executable.

Each parameter should start on a new line.

Result Property Sheet

Property Sheet name to save results into. The saved results are:

  • stdout - raw STDOUT from ansible-playbook command

  • recap - this property sheet will contain parsed RECAP part from the ansible-playbook output in the form like this:

Host Name/
    changed: number
    failed: number
    ok: number
    unreachable: number
    passed: true|false

"passed" field will be true if there are no failed and unreachable tasks. * recapJSON - the same recap as above but in the form of JSON * verbose - this property sheet will contain information about executed tasks. It will look like the following:

Task Name/
    Host Name/
      state: ok|failed|ignoring...
      raw: raw json output if there is some
      verbose: parsed output if there is some
  • verboseJSON - will contain the same data as above but in JSON form.

Choosing the plugin procedure in the picker:

Filling the form:

Running the procedure:

The log after run:

The output properties:

Run ad-hoc command

Runs the provided command.

Note: This plugin invokes Ansible which uses ssh to connect to remote machines. As the plugin does not handle interactive prompts when executing commands, it is an implicit assumption that ssh is configured in such a way that as long as the credentials in configuration are correct, there are no further interactive checks (for example fingerprint check etc.,) thrown as part of the ssh login.

Please refer to Introduction To Ad-Hoc Commands for more ad-hoc commands.

ParameterDescription

Configuration

Previously defined Ansible configuration.

Server group

Specify a server group to run a command.

Command/Module args

Specify a command to run, e.g. touch /tmp/myFile, or module arguments. The value of this field is passed as the argument "--args".

Module

Module name to execute, e.g. "command", "shell", "ping". Default is "command".

Inventory

Specify inventory host path (default=/etc/ansible/hosts), or enter the the content of an inventory file such as the following:

[remote]
my_server.com

Verbose?

If checked, the output from ansible command will be more verbose.

Additional parameters

Additional parameters to pass to ansible command executable. Each parameter should start on a new line.

Choosing the plugin procedure in the picker:

Filling the form:

Running the procedure:

The log after run:

Examples

Run Ansible command on Windows hosts

  1. Create Plugin configuration (see Configuring for Windows section)

  2. Create Run Ad-Hoc Command procedure:

  1. Run the procedure. Expected outcome should be:

  1. Or use sample windows playbook to Run Playbook procedure on Windows hosts:

---
- name: WindowsVm
  hosts: windows-vm1
  connection: winrm
  vars:
    user: build
  tasks:
  - name: Create test folders on windows vm.
    win_file:
      path: C:\Users\build\test1
      state: directory

  - name: Show test folders on vm home dirrectory.
    win_shell: ls C:\Users\{{ user }}\
    register: show_tables
  - debug: msg="{{ show_tables.stdout_lines }}"

Run Ansible from pipelines

  1. Create Pipeline

  2. Add Pipeline Stage choosing Ansible plugin

  1. Choose Run Playbook procedure

  2. Press Define button and then edit Procedure Input Parameters

  1. Define Procedure parameters:

  1. Press OK and Save the procedure.

Run Ansible from applications

  1. Create Application

  2. Create Application Component using EC-Artifact or EC-Artifactory to retrieve tomcat-application *.war artifact

  1. Create Application Process

  1. Create Step Process using EC-Ansible Run Playbook procedure

  1. Choose / Plugins / Resource Management / Ansible / Run Playbook procedure

  2. Add Procedure Parameters, path to Ansible inventory with hosts and path to the sample deploy-playbook.yml:

  1. Sample deploy-playbook.yml

---
- name: Deploy Application
 hosts: linux-vm1
 connection: ssh
 become: true
 become_user: root
 become_method: sudo
 vars:
   user: build
 tasks:
 - name: Delete application if exist
   file:
     state: absent
     path: /var/lib/tomcat7/webapps/hello-world.war
 - name: Copy Artifact to remote Tomcat Server
   copy:
     src: /home/ecloud/ansible/application/hello-world.war
     dest: /var/lib/tomcat7/webapps/
     owner: root
     group: root
     mode: 0644
 - name: Show application is copied
   shell: "ls -l /var/lib/tomcat7/webapps"
   register: out
 - debug: msg="{{ out.stdout_lines }}"
 - name: Restart Tomcat server
   shell: service tomcat7 restart
   register: restart
 - debug: msg="{{ restart.stdout_lines }}"
  1. Map the application to an existing ansible resource (local or remote) and Run The Application.

Running playbooks with Ansible vault

  1. Create sample playbook and encrypt the playbook value using command and type the vault password:

    $ ansible-vault encrypt /path/to/playbook.yml --ask-vault-pass.

Create Plugin Configuration using vault password:

  1. Run Playbook procedure with parameters:

Expected output:

Release notes

EC-Ansible 1.4.3

  • Documentation has been migrated to the documentation site.

EC-Ansible 1.4.2

  • Renaming to "CloudBees CD"

EC-Ansible 1.4.1

Fixed Binary Dependencies procedure to work with Gateways.

EC-Ansible 1.4.0

Provisioning of Binary Dependencies (for example Grape jars) in the agent resource, required by this plugin, is now delivered through a newly introduced mechanism called Plugin Dependency Management. Binary dependencies will now be seamlessly delivered to the agent resource from the Flow Server, any time a new version of a plugin is invoked the first time. Flow Repository set up is no longer required for this plugin.

EC-Ansible 1.3.1

Added Setup procedure to handle binary dependencies.

EC-Ansible 1.3.0

Add checking connection while creating/editing a configuration

EC-Ansible 1.2.1

Renaming to "CloudBees"

EC-Ansible 1.2.0

  • Improved plugin promotion time.

  • Added support for credentials stored in Vault, support for Become (Privilege Escalation).

  • Certified to work on Windows Hosts as Ansible Targets.

  • Improved support for large CLI command output.

EC-Ansible 1.1.2

  • Configurations can be created by users with "@" sign in a name.

EC-Ansible 1.1.1

  • Fix for getting actual parameters from different contexts.

EC-Ansible 1.1.0

  • Output processing has been added.

EC-Ansible 1.0.9

  • Fix for the intrinsic property names (i.e. "tags" parameter was not processed correctly in a context of a pipeline).

EC-Ansible 1.0.8

  • Labels for username and private key were added to the configuration.

EC-Ansible 1.0.7

  • Logo icon has been added.

EC-Ansible 1.0.6

  • Configured the plugin to allow the ElectricFlow UI to create configs inline of procedure form.

EC-Ansible 1.0.5

  • Configured the plugin to allow the ElectricFlow UI to render the plugin procedure parameters entirely using the configured form XMLs.

  • Enabled the plugin for managing the plugin configurations in-line when defining an application process step or a pipeline stage task.

EC-Ansible 1.0.4

  • Added logic for arguments escaping.

EC-Ansible 1.0.3

  • Added Run Ad-Hoc Command procedure.

EC-Ansible 1.0.2

  • Added an option to the config to skip host key check.

EC-Ansible 1.0.1

  • The documentation has been improved.

EC-Ansible 1.0.0

  • First release.