Hello, in this post, I want to show one of the ways we can use to run Ansible playbooks in the Jenkins pipeline.
The method I chose was the simplest, an image created with Ansible already installed (Base image for Ansible) and the playbooks in GitLab, checking out the necessary sources (Jenkins – Sparse Checkout).
I did several tests using the Ansible plugin for Jenkins, but honestly, I didn’t see any advantage in using it. In any case, we would have to create an image with Ansible installed, so we can use K8s as an agent. Then, using Vault files doesn’t seem compatible with the way we use them.
Therefore, I decided not to complicate things by adding more components and use an sh call to ansible playbook.
An important point is the secrets file, created in post Ansible – Secrets in Ansible Vault, in this example I am doing a sparse checkout (Stage: secret) of the file that is in our gitlab. This is by no means a good practice. Later on, I will obtain this value from the Vault, which we will install in the future. You can, for example, use Jenkins’ File Secret for this.
As a playbook, I created one based on what is shown in the Ansible – Dynamic inventory with Python. example, with Python, Secret/Vault, etc.
The sources can be seen on our project GitHub:
Ansible: https://github.com/faustobranco/devops-db/tree/master/infrastructure/ansible/tests
Pipeline: https://github.com/faustobranco/devops-db/tree/master/infrastructure/pipelines/tests/ansible
So, in short, pipeline will create a POD/Container (Jenkins – Dynamic Pod Template) with the image ubuntu_ansible:2.16.8, do the Sparse Checkout in Gitlab of the Ansible and Secret project and then run the Playbook.
@Library('devopsdb-global-lib') _
import devopsdb.utilities.Utilities
def obj_Utilities = new Utilities(this)
pipeline {
agent {
kubernetes {
yaml GeneratePodTemplate('ansible_tests', 'registry.devops-db.internal:5000/ubuntu_ansible:2.16.8')
retries 2
}
}
options { timestamps ()
skipDefaultCheckout(true)
}
environment {
ANSIBLE_HOST_KEY_CHECKING = 'false'
host_group = 'infrastructure'
host_tech = 'devops'
host_service = 'cicd'
}
stages {
stage('Script') {
steps {
container('container-1') {
script {
def str_folder = "${env.WORKSPACE}/ansibles"
def str_folderCheckout = "/Inventory"
obj_Utilities.CreateFolders(str_folder)
obj_Utilities.SparseCheckout('git@gitlab.devops-db.internal:infrastructure/ansible/tests.git',
'master',
str_folderCheckout,
'usr-service-jenkins',
str_folder)
}
}
}
}
stage('Secrets') {
steps {
container('container-1') {
script {
def str_folder = "${env.WORKSPACE}/resources"
def str_folderCheckout = "/secrets"
obj_Utilities.CreateFolders(str_folder)
obj_Utilities.SparseCheckout('git@gitlab.devops-db.internal:infrastructure/ansible/tests.git',
'master',
str_folderCheckout,
'usr-service-jenkins',
str_folder)
}
}
}
}
stage('Ansible') {
steps {
container('container-1') {
script {
sh """ ansible-playbook ${env.WORKSPACE}/ansibles/Inventory/playbooks/dynamic_inventory.yaml\
-i ${env.WORKSPACE}/ansibles/Inventory/global_hosts/inventory_json.py\
--vault-id prod@${env.WORKSPACE}/resources/secrets/.vault_password.sec """
}
}
}
}
stage('Cleanup') {
steps {
cleanWs deleteDirs: true, disableDeferredWipeout: true
}
}
}
}
And the result of the pipeline:
This site uses Akismet to reduce spam. Learn how your comment data is processed.
Leave a Reply