In complex IT infrastructure, there are many repetitive tasks. Running those tasks successfully is not easy. Human error always presents a chance of failure. With the help of Ansible, you can perform all of the tasks through a remote host executed with playbooks, and those playbooks can be reused as many times as you need. In this article you will learn how to install and configure Ansible on Fedora Linux, and how to use it to manage and configure Podman containers.
Ansible
Ansible is an open source infrastructure automation tool sponsored by Red Hat. It can deal with all the problems that come with large infrastructure, like installing & updating packages, taking backups, ensuring specific services are always running, and much more. You do this with a playbook which is written in YAML. Ansible playbooks can be used again and again, making the system administrator’s job less complex. Playbooks also eliminate repetitive tasks and can be easily modified. But we have many automation tools like Ansible, why use it? Unlike some other configuration management tools, Ansible is agentless: you don’t have to install anything on managed nodes. For more information about Ansible, see the Ansible tag in Fedora Magazine.
Podman
Podman is an open source container engine which is used for developing, managing and running container images. But what is a container? Every time you create any new application and deploy it either on physical servers, cloud servers or virtual machines, the most common problems which you face are portability and compatibility. This is where containers come into the picture. Containers virtualize at the OS level so they only contain required libraries and app services. The benefits of containers include:
- portabilty
- isolation
- scaling
- light weight
- fast boot up
- smaller disk and memory requirements
In a nutshell: when you build a container image for any application, all of the required dependencies are packed into the container. You can now run that container on any host OS without any portability and compatibility issues.
The key highlight of Podman is that it is daemon-less, and so does not require root privileges to run containers. You can build the container images with the help of a Dockerfile or pull images from Docker Hub, fedoraproject.org or Quay. For more information about Podman, see the Podman tag in Fedora Magazine.
Why configure Podman with Ansible?
Ansible provides a way to easily run repetitive tasks many times. It also has tons of modules for cloud providers like AWS, GCP, and Azure, for container management tools like Docker and Podman, and also for database management. Ansible also has a community (Ansible Galaxy) where you can find tons of Ansible roles created by contributors from all over the world. All of this makes Ansible a great tool for DevOps engineers and system administrators.
With DevOps, the development of applications is fast-paced. Developing applications which can run on any operating system is essential. This is where Podman comes into picture.
Installing ansible
First, install Ansible:
$ sudo dnf install ansible -y
Configuring ansible
Ansible needs ssh to work on managed nodes, so first generate a key pair.
$ ssh-keygen
Once the key is generated, copy the key to the managed node.
Editors note: From the Ansible documentation found at https://docs.ansible.com/ansible/latest/user_guide/connection_details.html#connections the following can be done to use Ansibles ssh-agent for setting up ssh keys. $ ssh-agent bash $ ssh-add ~/.ssh/id_rsa
Enter yes and enter the password of the managed node. Now your managed host can be accessed remotely.
For ansible to access managed nodes, you need to store all hostnames or IP addresses in an inventory file. By default, this is in ~/etc/ansible/hosts.
This is what the inventory file looks like. Here square brackets are used to assign groups to some specific nodes.
[group1]
green.example.com
blue.example.com
[group2]
192.168.100.11
192.168.100.10
Check that all managed nodes can be reached.
$ ansible all -m ping
You should see output like this:
[mahesh@fedora new] $ ansible all -m ping
fedora.example.com I SUCCESS {
"ansibe_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
[mahesh@fedora new] $
Now create your first playbook which will install Podman on managed nodes. First create a file with any name with .yml extension.
$ vim name_of_playbook.yml
The playbook should look something like below. The first field is name for the playbook. The hosts field is used to mention hostname or group name mentioned in inventory. become: yes indicates escalating privileges and tasks contain all the tasks that are going to execute, here name specifies task name, yum is module to install packages, below that specify name of package in name field and state is for installing or removing the package.
| — – name: First playbook hosts: fedora.example.com become: yes tasks: – name: Installing podman. yum: name: podman state: present |
Check for any syntax errors in the file.
$ ansible-playbook filename --syntax-check
Now run the playbook.
$ ansible-playbook filename
You should get output like this:
[mahesh@fedora new] $ ansible-playbook podman_installation.yml
PLAY [First playbook] *************************************************************************************************
TASK [Gathering Facts] *************************************************************************************************
0k: [fedora.example.com]
TASK [Installing podman] ************************************************************************************************
changed: [fedora.example.com]
PLAY RECAP *************************************************************************************************
fedora.example.com : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[mahesh@fedora new] $
Now create a new playbook which pulls an image from Docker Hub. You’ll use the podman_image module to pull the httpd image of version 2-alpine from Docker Hub.
---
- name: Playbook for podman.
hosts: fedora.example.com
tasks:
- name: Pull httpd:2-alpine image from dockerhub.
podman_image:
name: docker.io/httpd
tag: 2-alpine
Now check the pulled image.
[mahesh@fedora new] $ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/httpd 2-alpine fa848876521a 11 days ago 57 MB
[mahesh@fedora new] $
Create a new playbook to run the httpd image. See the podman_container module documentation for more information.
---
- name: Playbook for podman.
hosts: fedora.example.com
tasks:
- name: Running httpd image.
containers.podman.podman_container:
name: my-first-container
image: docker.io/httpd:2-alpine
state: started
Check that the container is running.
[mahesh@fedora new] $ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
45d966eOe207 docker.io/library/httpd:2-alpine httpd-foreground 13 seconds ago Up 13 seconds ago my-first-container
[mahesh@fedora new] $
Now to stop the running container, change the state value from started to absent.
- name: Stopping httpd container.
containers.podman.podman_container:
name: my-first-container
image: docker.io/httpd:2-alpine
state: absent
When you run the podman ps command, you won’t see any containers running.
[mahesh@fedora new] $ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[mahesh@fedora new] $
There are so many things that are possible with podman_container like recreating containers, restarting containers, checking whether container is running or not and many more. See the documentation for information on performing these actions.
Bruno
Nice topics, there is a typo in “become: yes indicates and ….” I guess should be “become: yes indicates running as root and …”
Also there is a “package” module that is more generic than “yum” a big part of Ansible is to be distribution agnostic.
Stephen Snow
Hello Bruno, thanks for the typo catch. ‘become:yes’ actually escalates privileges as now noted in the article. To become root, you use ‘become_user(root):’
Andrii
looks like guys from podman don’t very care about that they have unstable and buggy release candidate in fedora stable repository
t0xic0der
Hi @Andrii, this was promptly detected and a rollback was made soon after. You can find more about this here https://twitter.com/fatherlinux/status/1392535997473243137 and here https://lists.podman.io/archives/list/podman@lists.podman.io/thread/WYNTH224D5MVBC2RFOG6RPIC52JZFKAB/.
Andrii
Hi @t0xic0der, but still we have rc1 in the stable repo (5 days), the rollback not take effect.
laolux
Yeah, I just got hit by that, too.
does NOT solve the problem. How to downgrade to the last stable version?
wants to downgrade all the way to 3.1.0, so that’s obviously not the solution.
Niko
will be nice to explain how to create a new podman container with ansible.
I mean provision a new podman container in plain ansible.
Simon
You lost an ssh-copy-id command maybe?
Peter Oliver
I think that should be:
Abby
Hi,
I configured myself as follows :
name: Podman Deploy
hosts: hosts1
become: yes
tasks:
name: Podman container state
containers.podman.podman_container_info:
name:
register: result
name: Stop a container osm-backend
containers.podman.podman_container:
name:
state: stopped
when: result.stderr == “Error*”
name: Remove container osm-backend
containers.podman.podman_container:
name:
state: absent
when: result.stderr == “Error*”
name: osm-backend image remove
containers.podman.podman_image:
name: my-registry/
state: absent
name: Deploy osm-backend container
containers.podman.podman_container:
name: osm-backend
image: my-registry/
ports:
“4000:4000”
network:
bridge0
ip:
restart_policy: always