Run Ansible Playbooks with Github Action
It is common for a senior DBA to set up CI/CD pipeline to deploy some software, or add some changes in the existing configuration. For this goal, I use Ansible/PowerShell DSC.
Some of the pre-requisites are the following –
- Basic knowledge of Linux & shell scripting
- Working knowledge of git
- Level2 knowledge of Ansible to build your playbook
- One or more git runners configured.
Following is the sample code of the Github Action workflow I use to run Ansible roles/playbook in my personal lab environment.
https://github.com/imajaydwivedi/Ansible-Learning/blob/dev/.github/workflows/ansible-role-runner.yml
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 |
name: Ansible Role Runner on: workflow_dispatch: inputs: role_folder: description: 'Role folder to run' required: true # default: '<role_folder>' default: 'github-action-poc-project' clean: description: 'Cleanup temp files generated for playbook at end? (y/n)' required: true default: 'n' jobs: run-ansible-role: runs-on: ubuntu env: ROLE_FOLDER: ${{ github.event.inputs.role_folder }} PG_SUPERUSER_PWD: ${{ secrets.PG_SUPERUSER_PWD }} PG_APPUSER: ${{ secrets.PG_APPUSER }} PG_APPUSER_PWD: ${{ secrets.PG_APPUSER_PWD }} CLEANUP: ${{ github.event.inputs.clean }} steps: - name: Checkout the repository uses: actions/checkout@v4 - name: Create defaults/creds.yml file run: | ROLE_FOLDER="${{ env.ROLE_FOLDER }}" rm -f $ROLE_FOLDER/defaults/creds.yml touch $ROLE_FOLDER/defaults/creds.yml echo creds: >> $ROLE_FOLDER/defaults/creds.yml echo \ \ PG_SUPERUSER_PWD: $PG_SUPERUSER_PWD >> $ROLE_FOLDER/defaults/creds.yml echo \ \ PG_APPUSER: $PG_APPUSER >> $ROLE_FOLDER/defaults/creds.yml echo \ \ PG_APPUSER_PWD: $PG_APPUSER_PWD >> $ROLE_FOLDER/defaults/creds.yml cat $ROLE_FOLDER/defaults/creds.yml - name: Run playbook run: | ROLE_FOLDER="${{ env.ROLE_FOLDER }}" echo "Running playbook site.yml with inventory hosts.yml" # Run the playbook ansible-playbook -i $ROLE_FOLDER/hosts.yml $ROLE_FOLDER/site.yml --extra-vars "role_name=${ROLE_FOLDER}" - name: Conditional Cleanup if: ${{ env.CLEANUP == 'y' }} run: | echo "Cleaning up runtime files..." rm -f ${{ env.ROLE_FOLDER }}/defaults/creds.yml echo "Cleanup complete!" # - name: Clean up SSH key # if: always() # ensures it runs even if previous steps fail # run: | # shred -u ~/.ssh/id_rsa # rm -rf ~/.ssh/config - name: Status of action action run: echo "${{ steps.custom.outputs.ansible-status }}" |
The workflow accepts 2 input parameters-
- Role folder to run
- This folder is a folder directly inside the GitHub Repo. This folder is an Ansible Role.
- To simplify management, I have kept the inventory file
hosts.ymland the main playbook file site.yml that is needed to run the ansible role inside the role directory itself.
- Whether to cleanup the files after workflow completes.
- While building my ansible playbook CI/CD pipeline, I avoid cleanup to debug code on the git runner machine.
Within the workflow yml file <Repo>/.github/workflows/ansible-role-runner.yml, I have the following logic –
- Using my desktop machine which is configured to be git runner named ‘ubuntu‘.
- Use GitHub secrets, and build another var file defaults/creds.yml that is called in role main task file tasks/main.yml
- Run the ansible playbook site.yml with role_name passed as environment variable.
- Finally, clean up creds.yml or any other sensitive information from the git runner machine.
I hope this will help anyone trying to figure out how to build CI/CD pipeline using GitHub Actions and Ansible for various tasks like Linux configuration, postgres installation and configuration, etc.
About The Author
Ajay Dwivedi
I am Microsoft Certified Professional having 10+ years of experience in SQL Server Querying, Database Design, and Administration. I am fond of Query Tuning and like to automate things using TSQL & PowerShell. I also have experience of implementing end-to-end Data Warehouse solution, and Data Migration using ETL tools SQL Server Integration Services (SSIS), Pentaho Business Analytics, and have designed Database Inventory through PowerShell, Python, and Django etc.