YAML Dictionary

key: value


Property1: Value1

YAML Dictionary in Dictionary

property1: value1
property2: value2
property3: value3


name: kostas
gender: male
age: 39

YAML List example

Ansible can execute commands in Linux hosts using ssh, powershell in Windows hosts and just plain bash commands when interacting with the localhost and don't want to use a remote protocol.

We can define what protocol to use along some other options specific to the hosts in the inventory file, lets see an example

nginx1 ansible_host=nginx1.example.com ansible_connection=ssh
db1 ansible_host=db1.example.com ansible_connection=winrm
ansible_master ansible_host=localhost ansible_connection=local

ansible_host must point to the real hostname or ip address of the host, also hosts can have an alias in order to avoid long or complicated hostnames, nginx1 is the alias for nginx1.example.com


Ansible is not usefull only to run large complicated playbooks, its also usefull when you want to run simple commands on group of servers.

In this scenario we have a group of two servers named web1 and web2, and they are grouped into the [webservers] section of our inventory.


The goal is to create on each server a user named webops, create a directory that will hold the ssh key for this user and finally copy the key to web1 and web2, Finnaly we will verify that nginx is set to start on boot.

Create users


In this article i will show you how to install and configure ansible and how to run a basic playbook.

We have two computers, the control computer and the target computer. The control computer will be used to install ansible and run all ansible commands from there.

The target computer will be used as a remote computer that we want to execute commands through ansible.

I assume that both computers run Centos 7.

Install Ansible on control computer

Type the following on control computer, those commands will install the epel repository and ansible its self.

$ su - root #…

In some environments you might not be able to install telnet or nc to verify if a port is open, but still using standard linux commands you can check if…

To encrypt application data, add --opt encrypted when creating the overlay network. This enables IPSEC encryption at the level of the vxlan. This encryption imposes a non-negligible performance penalty, so you should test this option before using it in production.

When you enable overlay encryption, Docker creates IPSEC tunnels between all the nodes where tasks are scheduled for services attached to the overlay network. These tunnels use the AES algorithm and manager nodes automatically rotate the keys every 12 hours.

Example creating an encrypted overlay network

$ docker network create --opt encrypted --driver overlay enc-network

MTLS: Mutual TLS

The nodes…

Docket content trust is a security mechanism that allows only images with a specific sign to run to our docker environment. This ensures that we run secure images.

How to setup Docker content trust

We need first to login to our docker repository using the docker login command

$ docker login

After a successful login we need to generate the certificate for our docker repository user, which in my case is ‘kpat’. Creating the certificate requires to generate a passphrase as well, don’t forget the passphrase, write it dwn.

$ docker trust key generate kpat Generating key for kpat... Enter passphrase for new kpat key with…

Docker utilizes n architecture called Container Network Model (CNM) to manage container networking.

CNM is based on the following concepts

Network sandbox

Its all the network resources that the container will use, its an isolated environment by other containers and from the host


An Endpoint consists of two network interfaces, the one interface is connected to the Network sandbox of the container and the other one to a designated network. A network sandbox might have many Endpoints.


A network is a group of endpoints that allow containers to communicate each other.

An important think to know is that…

How to copy a file/directory from a host to another who can communicate only by a 3rd host (Jump Host)

Using — append and — partial allows us to resume rsync in case that the rsync is interrupted

rsync — bwlimit=20000 — progress — append — partial -vz -e ‘ssh -J <USER>@<JUMP_HOST> -p 22’ <USER>@<SOURCE_HOST>:/SOURCE/PATH /LOCAL/PATH

Parameters explaination

  • bwlimit: if omitted uses all bandwidth else limit I/O bandwidth; KBytes per second
  • progress: show progress during transfer
  • append: append data onto shorter files
  • partial: keep partially transferred files
  • vz: verbose output and zip file data during the transfer
  • -e ‘ssh -J…

Scenario: we have a swarm of 3 servers and a 4th server which will be our storage, a directory on this host that will be mounted over ssh


Install the following plugin on all servers of the swarm

$ docker plugin install --grant-all-permissions vieux/sshfs
latest: Pulling from vieux/sshfs
52d435ada6a4: Download complete
Digest: sha256:1d3c3e42c12138da5ef7873b97f7f32cf99fb6edde75fa4f0bcf9ed277855811
Status: Downloaded newer image for vieux/sshfs:latest
Installed plugin vieux/sshfs

On the storage server create the following directory and file

Note: kpatronas is my home directory, adjust this to your environment

$ mkdir /home/kpatronas/data
$ echo Hello world! > /home/kpatronas/data/message.txt

Now on the swarm manager lets create…

Konstantinos Patronas

DevOps engineer, loves Linux, Python, cats and Amiga computers

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store