the infrastructure automation, cloud automation, compliance andsecurity management. The dificult task of prospecting one of these tools keeps Syadmin from evolving technically and proposing improvements in the managed environment. They work the old- fashionedway and are conservative and averse to change, where “don’t move on a winningteam”. What is the best tool for who with zero maturity in automation? The quick answer to thatquestion: Ansible. - Noagent - Push-based - Very simpleto learn - Powerful opensource community. - Easy to read syntax as YAML file - Currently more than750 modules - Use SSH protocolto connect tohosts - Documentation is simple and withmany examples But… WhyAnsible?
can configure systems, deploy software and orchestrate more advanced tasks, suchas: Cloud provisioning Configuration management Ad-hoc task-execution Application deployment Many other ITneeds
the core principles that shape Red Hat’s management, both at the product level and at the portfolio level”. -Ansible is a very popular open source project. “Ansible is and incredibly popular open source and the community members contribute to both the core technology and the modules that come with the core. We believe that supporting and nurturing great open source communities is the only way to guarantee a continuous stream of innovation” Byredhat.com. 4 Ansible and RedHat
– Define how Ansible will interact with remote hosts – A hostname/IP can be a member of multiple groups – Default location:/etc/ansible/hosts – Groups of hosts are delimited by[] [local] 127.0.0.1 [webservers] 192.168.1.100 192.168.1.110 [dbservers] 192.168.100.1 192.168.100.2 192.168.100.3 - Inventory file in YAML format 8
options]" - Ensure a service is started on all webservers: $ ansible webservers -m service -a "name=httpd state=started" - Toensure a specific version of a package is installed: $ ansible webservers -m yum-a "name=acme-1.5 state=present" - Toensure a package is at the latest version: $ ansible webservers -m yum-a "name=acme state=latest" - Ensure a service is stopped: $ ansible webservers -m service -a "name=httpd state=stopped" 9
-a "[module options]" - Ensure the connectivity with the local host: $ ansible local -m ping - Install “net-tools” package in the system: $ ansible local -m apt -a “name=net-toolsstate=present” - Create directory foo in /tmp: $ ansible local -m shell -a “mkdir /tmp/foo” - Running acommand: $ ansible local -m command -a “uptime”
httpd, in all cases service: name: httpd state: restarted -name: Enable service httpd, and not touch the state service: name: httpd enabled: yes -name: Restart network service for interface eth0 service: name: network state: restarted args: eth0
are expressed in “YAML” format; More powerful configurationmanagement; Arrange and run tasks synchronously or asynchronously; Composed of one or more “plays” in a list; You can check syntax of the playbooks files with the option“--syntax-check”; You can see hosts would br affected bya playbook with the option “--list-hosts”; You can run playbook without apply configurations, with the option “--check” 15
$ ansible-playbook playbook.yml - Check the syntax of a playbook: $ ansible-playbook playbook.yml--syntax-check - Using the check option to run a playbook without apply changes in remote hosts: $ ansible-playbook playbook.yml--check - Verify what hosts would be affected by a playbook before run it: $ ansible-playbook playbook.yml--list-hosts - Using help option to verify informations about the command: $ ansible-playbook--help
is easier for humans to read and write than other common data formats like XML or JSON. Further , there are libraries available in most programming languages for working withYAML”. - You can use key:value to write roles, tasks and playbooks in Ansible. - All members of a list are lines beginning at the same indentation level starting with a "- " (adash and a space): --- #A list of tasty fruits - Apple - Orange - Strawberry - Mango - ... # An employeerecord martin: name: Martin D'vloper job:Developer skill: Elite
loading certain vars_files, tasks, and handlers based on a known file structure. Roles: - tasks (list of tasks to be executed by a role) -handlers (may be used by this role or even anywhere outside thisrole) - files (contains files which can be deployed via this role) -templates (contains templates which can be deployed via thisrole) - vars (variables for therole) - defaults (default variables for the role) - meta (defines some meta data for this role) site.yml webservers.yml fooservers.yml roles/ common/ tasks/ handlers/ files/ templates/ vars/ defaults/ meta/ webservers/ tasks/ defaults/ meta/ Role DirectoryStructure
• Using the ansible-galaxy command line tool that comes bundled with Ansible, you can create a role with the init command $ ansible-galaxy init automation_project - Role automation_projectwas created successfully • Displaying rolestructure: $ treeautomation_project/ automation_project/ |--README.md |--defaults | `-- main.yml |--files |--handlers | `-- main.yml |--meta | `-- main.yml |--tasks | `-- main.yml |--templates |--tests | |--inventory | `-- test.yml `-- vars `-- main.yml 21