Execute Ansible playbooks from github actions

Posted on by faastic

When it comes to managing infrastructure with Ansible, storing your code in a GitHub repository and setting up an automatic trigger for playbook runs can create a super streamlined process. This method harnesses the power of version control and automation, which not only tracks changes but also ensures that your infrastructure is updated as part of a continuous process.

Before diving into the mechanics, let’s talk prerequisites – the essential steps to get you rolling:

  1. Get Your Ansible Server Up and Running: You’ll need an Ansible control node (basically, your command center) already set up and ready to go. This server should have the necessary permissions and network access to communicate with the hosts you plan to manage. Not sure how to do this? Install Ansible on Ubuntu or Debian
  2. Prep Your Managed Servers: Each server that you want Ansible to manage should have an ‘ansible’ user with sudo privileges. Why? Because Ansible will be performing a variety of tasks that often require elevated permissions. And, crucially, this user should be set up to accept SSH connections from the Ansible server via an SSH key – for that smooth, passwordless, and secure connection.
  3. Deploy Key on GitHub: A deploy key is a unique SSH key that grants access to a single repository. By adding the public key from your Ansible server to your GitHub repo as a deploy key, you’re ensuring that your server can grab the latest playbook changes whenever it needs to – no manual intervention required. To use our example github action clone the git repository to your home folder. 
  4. Safeguard Access with a GitHub Secret: Now for the SSH_KEY. This secret is essentially a way to give GitHub Actions the green light to interact with your Ansible server. By storing the SSH public key in your GitHub Secrets, any action that needs to connect to your Ansible server (like kicking off a playbook run) can do so securely.

And here is a .yaml file that can be used as a github action. Adjust the ansiblehostip with the ip of your ansible system. And change /home/ansible/repositoryname to the location of your repository. 

name: Execute Ansible Playbook

on:
  push:
    branches:
      - main  # adjust to your branch name if different

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout repository
      uses: actions/checkout@v2

    - name: Set up SSH connection
      run: |
        # Save SSH key to a file
        echo "${{ secrets.SSH_KEY }}" > private_key.pem
        chmod 600 private_key.pem

        # Add target host to known hosts
        ssh-keyscan ansiblehostip >> ~/.ssh/known_hosts

        # SSH into the host and run git pull & ansible-playbook command
        ssh -i private_key.pem ansible@ansiblehostip "cd /home/ansible/repositoryname; git pull; cd acl && ansible-playbook -i ../hosts users-and-keys.yaml"

      env:
        SSH_PRIVATE_KEY: ${{ secrets.SSH_KEY }}

Once added and if all is set correctly you should see github actions in action: 

Leave a Reply

Your email address will not be published. Required fields are marked *