Mastodon

Mitogen and Teleport Ansible

Mitogen and Teleport Ansible
https://www.earth.com/news/project-aims-to-limit-pathogen-spread-from-pet-amphibians/

If you've read my post covering the marriage between Teleport and Ansible, It's only natural that you think, how do we make it fast, more capable, moar better? Mitogen is the answer; we use Mitogen to make our deployments sing.

TL;DR

  • Run Mitogen. It works. You're welcome.
  • Keep reading if you would like to know more.

I'm writing this follow-up post because I've been asked a few times if there were issues with Ansible, Mitogen, and Teleport. So far, no there are no issues. Mitogen works flawlessly and the performance improvements Mitogen provides remain intact.

Star here if you're just ramping up on integrating Teleport and Ansible
Teleport Driven Ansible Dynamic Inventory
While there are a million ways to build Ansible inventory, what if we could build inventory using open-source access systems and not have to main multiple sources of truth?
Thoughts since writing the original post
I had some feelings on potential performance bottlenecks with Teleport managing large scale Ansible driven infrastructure; however, with the efficiencies gained through Mitogen I think I have less feelings.

Why Mitogen

To quote the opening paragraph from the Mitogen documentation

Mitogen for Ansible is a completely redesigned UNIX connection layer and module runtime for Ansible... it updates Ansible’s slow and wasteful shell-centric implementation with pure-Python equivalents, invoked via highly efficient remote procedure calls to persistent interpreters tunnelled over SSH.

Without getting into the underlying details, Mitogen makes Ansible more efficient and thus faster. The inclusion of Teleport is simply to facilitate authentication and transport.

The Setup

For Mitogen to work with Ansible, you need to have Ansible Installed.

Install Ansible
💡
Before integrating Mitogen into your Ansible toolchain, ensure you're running a compatible version of Ansible. At the time of this writing, Mitogen 0.3.3 supports Ansible 2.12.x.

To install a Mitogen-supported version of Ansible, I execute the following command.

pip install 'ansible-core<2.13' --upgrade --force
Ansible installation

If your Ansible installation was performed through the operating system's package manager, you might need to do some extra work to install a compatible Ansible release.

💡
Using a virtual environment or pyenv, might be a good way to isolate your Ansible tooling from the rest of your operating system.
Configure Ansible

As the Teleport Ansible post covers, we must set some basic Ansible configuration options to work with Teleport. I use environment variables, but feel free to set your configuration options as you desire.

# Set the needed environment variables for teleport-ansible
export ANSIBLE_SCP_IF_SSH=False
export ANSIBLE_SSH_ARGS="-F ${HOME}/.ssh/teleport.cfg"
export ANSIBLE_INVENTORY_ENABLED=script
export ANSIBLE_HOST_KEY_CHECKING=False
export ANSIBLE_INVENTORY="$(command -v teleport-ansible)"
Ansible configuration
Install Mitogen

Mitogen can be downloaded directly or installed. I like to install things.

pip install mitogen
Mitogen installation
Configure Mitogen for Ansible

We need to set a couple additional Ansible configuration options to work with Mitogen. I assume Mitogen has been installed in my example, so I'm dynamically sourcing the library path using a one-liner.

# Configure mitogen
export ANSIBLE_STRATEGY_PLUGINS=$(python3 -c 'import ansible_mitogen, os; print(os.path.join(os.path.dirname(ansible_mitogen.__file__), "plugins", "strategy"))')
export ANSIBLE_STRATEGY="mitogen_linear"
Mitogen configuration
💡
If you've downloaded Mitogen directly, you'll need to set ANSIBLE_STRATEGY_PLUGINS to the path where you saved it.

Thus endeth the trick

Run Ansible Normally

Once everything is installed and configured, we simply run Ansible normally. From the debug output, we can see Mitogen working its magic.

Teleport Ansible with Mitogen Playbook Execution 
Teleport Ansible with Mitogen Debug
Recap
  • Teleport takes care of the transport and provides an authentication layer.
  • The Ansible configuration points SSH at Teleport.
  • The Ansible strategy options leverage Mitogen.
  • Mitogen improves Ansible efficiency.
  • DevOps rejoice.

Wrap-up

In this setup, we have Teleport providing access to the environment, Ansible taking care of complex workflows, and Mitogen making Ansible more efficient.

The unholy Trinity of automation is now complete.

If you're running Teleport Ansible and using Mitogen, let me know. I'd love to hear from you and learn more about your setup. While I've beaten up my environment with these tools, I'm sure there are edge cases I've not experienced in my home lab, and I'd love to know more about what is happening in the wild.

If you do have thoughts on making teleport-ansible better, let's collaborate. Everything is open source; everything is public.

The repository for teleport-ansible can be seen here https://github.com/cloudnull/teleport-ansible

Find me on Twitter or Discord.