When a Microsoft Engineer Meets Open Source: Deploying VS Code on Rocky Linux with Ansible.

Ah, the irony. Here I am, a proud Microsoft engineer, wielding Ansible—a shining beacon of open-source automation—to deploy Microsoft's beloved Visual Studio Code on Rocky Linux. As a Microsoft engineer, one might assume my life revolves around the infinite loop of Windows, Azure, and—let’s be honest—occasionally cursing at Intune while sipping lukewarm coffee.

Despite a lifetime using Microsoft’s polished GUIs and enterprise-grade everything, sometimes it’s just fun to roll up our sleeves and embrace the gritty beauty of YAML. It’s an engineer’s rite of passage to wrestle with variables, play whack-a-mole with failed dependencies, and eventually bask in the glory of “PLAY RECAP: SUCCESS.”

So why Rocky Linux? Why Ansible? Because, in the spirit of open source, we go where the community goes. And because, as much as I love PowerShell, sometimes you just want to let Linux do its thing. Let’s dive in and show the world that even a Microsoft engineer can deploy Microsoft software with an open-source tool on a Linux distro. Spoiler alert: It’s actually kind of awesome.

Pre-Requisites Steps

Before diving into Ansible, we have set up three Rocky Linux virtual machines, each configured with 2 CPUs and 4GB of RAM.

Rocky Linux Nodes

rocky01 = 192.168.0.28 - Ansible Controller

rocky02 = 192.168.0.38 - Dev Node 01

rocky03 = 192.168.0.39 - Dev Node 02

Create an Admin User

During the setup, each node was configured with a user account named 'user' that has administrator privileges. If root was used instead, create an account with the following configuration:

sudo root
sudo adduser user
sudo passwd user
sudo usermod -aG wheel user

Install SSH on Dev Nodes (02-03)

SSH to each of the Dev nodes

ssh user@192.168.0.38
ssh user@192.168.0.39

Install openssh-server

sudo dnf install openssh-server 

Create a Public\Private Key on the Ansible Controller

Generate an SSH key using the user account.

ssh-keygen -t ed25519 -C "ansible controller"

Either provide a file name or use the default option. If you choose to specify a file name, ensure you include the full path.

For best practice, enter a password. However, pressing Enter without typing anything will leave the password blank.

• ssh-keygen: This is the command used to generate, manage, and convert SSH keys.

  
  

• -t ed25519: Specifies the type of key to create. ed25519 is an elliptic-curve signature algorithm that provides high security with relatively short keys. It is preferred for its performance and security over older algorithms like rsa or dsa.

  
  

• -C "ansible controller": Adds a comment to the key. This comment helps identify the key later, especially when managing multiple keys. In this case, the comment is "ansible controller", which likely indicates that the key will be used for an Ansible control node.

List the contents of the .ssh directory. The .pub file contains the public key, which is to be shared with other nodes.

ls -la .ssh

Copy the Public Key to the Dev Nodes

Use the ssh-copy-id command to copy the public SSH key to the Dev nodes, enabling passwordless authentication.

This command appends the public key to the ~/.ssh/authorized_keys file on the target node, ensuring secure access. For example:

This process requires the target node's password for the first connection. Afterward, the SSH key allows secure, passwordless logins.

ssh-copy-id -i ~/.ssh/id_ed25519.pub user@192.168.0.38
ssh-copy-id -i ~/.ssh/id_ed25519.pub user@192.168.0.39

Test the connection to each Dev node.

ssh -i ~/.ssh/id_ed25519 user@192.168.0.38
ssh -i ~/.ssh/id_ed25519 user@192.168.0.39

Install Ansible on the Controller Node

Set up Ansible on the Ansible Controller node by executing the following commands;

sudo dnf updates
sudo dnf install epel-release
sudo dnf install ansible

Copy Playbook from Github

Clone the GitHub repository and move it to /home/user/ansible-vsc.

git clone https://github.com/Tenaka/ansible_linux_vcs.git
mkdir ansible-vcs
mv ansible_linux_vcs/* ~/ansible-vcs
cd ansible-vsc

Keep in mind that ~ refers to the home directory in Linux.

tree

A Quick Review of the Playbook

Some amendments to the inventory.txt file is probably needed, so I'm using nano as the text editor and steering clear of vi—there's only so much this MS Engineer is willing to embrace.

Ansible.cfg defines the settings for this ansible playbook:

• inventory = Specifies the inventory file (inventory.txt) that contains the list of hosts Ansible will manage.

  
  

• private_key_file = ~Indicates the path to the private SSH key (~/.ssh/ided25519) used for authenticating to remote hosts.

~/ansible-vsc/ansible.cfg

[defaults]
inventory = inventory.txt
private_key_file = ~/.ssh/ided25519

~/ansible-vsc/inventory.txt

[all]
192.168.0.28
192.168.0.38
192.168.0.39

[visualstudio]
192.168.0.38
192.168.0.39

~/ansible-vsc/visualcode.yml

---
- hosts: all
  become: true
  roles:
    - baseline

- hosts: visualstudio
  become: true
  roles:
    - visualstudio

~/ansible-vsc/roles/visualstudio/tasks/main.yml

- name: Add Microsoft GPG key
rpm_key:
    state: present
    key: https://packages.microsoft.com/keys/microsoft.asc

- name: Add Visual Studio Code repository
  yum_repository:
    name: vscode
    description: "Visual Studio Code"
    baseurl: https://packages.microsoft.com/yumrepos/vscode
    enabled: yes
    gpgcheck: yes
    gpgkey: https://packages.microsoft.com/keys/microsoft.asc

- name: Install Visual Studio Code
  yum:
    name: code
    state: latest

#Dont run as root and install extensions
- name: Install desired VS Code extensions
  become: false
  shell: "code --install-extension {{ item }} --force"
  loop:
    - redhat.ansible
    - redhat.vscode-yaml
  register: vscode_extensions
  changed_when: "'already installed' not in vscode_extensions.stdout"

- name: Display installed extensions
  debug:
    msg: "Installed extensions: {{ vscode_extensions.results | map(attribute='item') | list }}"

While VSC is installed using sudo, installing extensions with elevated privileges does cause issues. Therefore, become is set to false.

Deployment of Visual Studio Code

Make sure to run the playbook from the ~/ansible-vsc directory.

The command ansible-playbook --ask-become-pass visualcode.yml runs the Ansible playbook visualcode.yml with the following options:

• --ask-become-pass: Prompts you to enter a password for elevated (sudo) privileges on the target hosts.

  
  

• visualcode.yml: Specifies the playbook file to be executed.

  
  

ansible-playbook --ask-become-pass visualcode.yml 

Enter the password at the prompt and sit back whilst ansible does all the work.

In Ansible playbook output, 192.168.0.38 had previously been successful in deploying VSC during testing:

• changed: Indicates that a task made modifications to the target system.

  
  

• ok: This means that the task has successfully completed without making any changes. This often happens when the system is already in the desired state, such as when a package is already installed or a configuration file is already correct.

Of course, these Linux boxes have a GUI installed—I'm an MS Engineer, and it's required for VSC. So login to each of the Dev nodes and launch VSC.

After rolling up my sleeves and diving headfirst into the untamed wilderness of Linux, this Microsoft engineer emerged with calloused hands, and a newfound love for ansible. Sure, there were battles with YAML, was that 3 or 4 spaces, but every “PLAY RECAP: SUCCESS" felt like a badge of honor. And while I still instinctively reach for the Reboot button at every minor annoyance, I now pause a second or two to consider if the reboot is the correct course of action. Of course it is, it's the only action that works.