Skip to content

Latest commit

 

History

History
122 lines (49 loc) · 2.68 KB

README.md

File metadata and controls

122 lines (49 loc) · 2.68 KB
Raw

Ansible-exercise

How the vagrant process work:

When ansible is defined as the provisioner in the Vagrantfile it use the mentioned playbook to config the guest machine.

So it's vagrant (not ansible) that execute that playbook on guest machines.

When hit vagrant up it creates an inventory for ansible:

➜ Ansible-exercise git:(master) ✗ cat .vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory

# Generated by Vagrant

node1 ansible_host=127.0.0.1 ansible_port=2222 ansible_user='vagrant' ansible_ssh_private_key_file='/home/giogio/Documents/Ansible-exercise/.vagrant/machines/node1/virtualbox/private_key'
node2 ansible_host=127.0.0.1 ansible_port=2200 ansible_user='vagrant' ansible_ssh_private_key_file='/home/giogio/Documents/Ansible-exercise/.vagrant/machines/node2/virtualbox/private_key'

Expose docker api:

  1. Create daemon.json file in /etc/docker:

{"hosts": ["tcp://0.0.0.0:2375", "unix:///var/run/docker.sock"]}

  1. Add /etc/systemd/system/docker.service.d/override.conf
[Service]

ExecStart=

ExecStart=/usr/bin/dockerd
  1. Reload the systemd daemon:

systemctl daemon-reload

  1. Restart docker:

systemctl restart docker.service

Expose docker api safely

The role tls_api rapresent all the command explained here:

https://docs.docker.com/engine/security/https/

Here another useful resources: https://gist.github.com/kekru/4e6d49b4290a4eebc7b597c07eaf61f2

After the VMs provisioning we will have certs inside a a folder on our machine with the same name as the vm hostname (node1/ and node2/)

With

docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem \

-H=node1:2376 version

we can use the api from host.

(It works, but expose the same port as the guest, not the one specified in the Vagrantfile.)

Docker swarm

ansible-playbook -i inventory.ini playbook-swarm.yml

It's better to specify the ssh private key by command line. By default vagrant put that file in .vagrant/machines/node1/virtualbox/private_key in the same folder of the Vagrantfile.

Alternatively, in the inventory.ini like this: ansible_ssh_private_key_file='.vagrant/machines/node1/virtualbox/private_key'

The role docker_swarm_init just init a swarm with docker_swarm module.

The docker_swarm_worker needs from the master: - the join-token worker - the ip address of the master We obtain them thank to delegate_to and run_once options.

#TODO new branch, pull request:

  • tlsverify client
  • no password in vars
  • inventory key from command line - X

1557e0bd35f95c99adcc7ed42cae65f83f9524f3