Introduction to Ansible (cfgmgmtcamp 2018)

Transcript

1. Ansible introduction in 30 minutes @dagwieers

2. Introduction to Ansible Cfgmgmtcamp Ghent 2018 2 30 minutes... •

   Who are you ? • What is Ansible ? • Ansible terminology • How does it work ? • Where do I go for help ? • How to join the community ? • Questions

3. Introduction to Ansible Cfgmgmtcamp Ghent 2018 3 Dag Wieërs •

   Freelance Linux and Open Source consultant – Usually as System Engineer/Architect – Past 6 years mostly Ansible-related assignments • Working for various companies (IT, Finance, Telco, Gov) – IBM, HP, Euroclear, Punch, EMC, AXA, ING – Ansible: BNP, Proximus, KBC, Telenet, FedPol, Cisco • Started developing on Ansible from early 2012 • Involved in: Core, Unix, VMware, Networking, Windows • Various modules: debug, fail, set_fact mail, unarchive, xml, ...

4. Introduction to Ansible Cfgmgmtcamp Ghent 2018 4 Workflow automation tool

   • Start automating in minutes… by doing it • You are in control – The “what, when and where” • One ring to rule them all – Ad-hoc execution/reporting √ – Bare-metal / VM provisioning √ – Configuration management √ – Standard operational procedures √ • Security patch management, web deployments, ... • GUI: Ansible Tower or AWX

5. Introduction to Ansible Cfgmgmtcamp Ghent 2018 5 Ansible: cleverly versatile

   • Agentless, easy to set up and control • Using native technologies/existing standards – well-known, proven and secure • Well-defined interfaces, easy to extend – inventories, modules, plug-ins, connections • Thousands of existing modules and roles • Rich integration with hundreds of: – systems, VMs, containers, devices, appliances, applications

6. Introduction to Ansible Cfgmgmtcamp Ghent 2018 6 Concepts: Inventory and

   sources • Inventory – Groups • Group variables – Hosts • Host variables • Inventories can be: – INI, YAML, JSON – Dynamic inventories – Integrated with many sources Example INI inventory [firewalls] fw01 ansible_user=admin [webservers] web01 http_port=80 web02 http_port=8080 [databases] db01 db_type=postgresql

7. Introduction to Ansible Cfgmgmtcamp Ghent 2018 7 Concepts: Playbooks and

   tasks • Playbook – Play • Role • Task (Module) • Facts gathering • Notification handlers • Roles + Galaxy • Plugins Example YAML playbook - hosts: webservers tasks: - name: Ensure Apache is up-to-date yum: name: httpd state: latest - name: Manage Apache configuration template: src: httpd.j2 dest: /etc/httpd.conf validate: apachectl -t -f %s notify: - reload-apache - name: Ensure Apache is running service: name: httpd state: started enabled: yes

8. Introduction to Ansible Cfgmgmtcamp Ghent 2018 8 Concepts: Task execution

   model • Master sends instructions to individual target nodes • Target nodes execute instructions • Target nodes report back using JSON • Ansible reports status back to user

9. Introduction to Ansible Cfgmgmtcamp Ghent 2018 9 More than 1600

   modules... • Platform – Linux, macOS, Unix, Windows – System, Config, Packaging • Networking aci, aireos, asa, avi, bigswitch, citrix, dellos, f5, ios, iosxr, junos, lenovo, netconf, nso, nuage, nxos, sros, vyos • Monitoring bigpanda, grafana, icinga2, monit, nagios, newrelic, pagerduty, sensu, zabbix • Web infra apache2, django, jboss, jenkins, jira, letsencrypt, nginx, rundeck • Clustering consul, kubernetes, openshift, pacemaker • Cloud amazon, atomic, azure, cloudstack, docker, google, linode, lxc, lxd, openstack, ovirt, rackspace, softlayer, univention, vmware • Database elasticsearch, influxdb, kibana, mongodb, mssql, mysql, postresql, proxysql, redis, riak • Remote management foreman, hpilo, imc, ipmi, manageiq, oneview, stacki, ucs, wakeonlan • Source control bzr, git, github, gitlab, hg, subversion • Network tools cloudflare, dnsimple, dnsmadeasy, haproxy, ldap, lldp, nsupdate, omapi, snmp • Identity cyberark, ipa, keycloak • Crypto

10. Introduction to Ansible Cfgmgmtcamp Ghent 2018 10 “ ” Who

    knows what this means ? f(f(x)) = f(x)

11. Introduction to Ansible Cfgmgmtcamp Ghent 2018 11 Terminology • Idempotency:

    f(f(x)) = f(x) – Imperative versus Declarative – Various techniques to achieve idempotency • YAML + JSON – Describes datastructures – Domain-specific language • Jinja2 templating – Used for templating configuration files – Or manipulating data inline

12. Introduction to Ansible Cfgmgmtcamp Ghent 2018 12 Important bits •

    Keep playbooks readable – No programming constructs in playbooks – A well-designed inventory is key ! – Complex orchestration → Roles – Complex with locality → Modules – Data manipulation → Jinja2 filters – Differentiate using templates • Testing and reporting – Check-mode -C, --check – Diff output -D, --diff

13. Introduction to Ansible Cfgmgmtcamp Ghent 2018 13 Where go for

    help ? • Documentation – Latest stable: http://docs.ansible.com/ansible/latest/ – Devel branch: http://docs.ansible.com/ansible/devel/ • Mailinglist – https://groups.google.com/forum/#!forum/ansible-project • IRC – #ansible on Freenode • Meetups (more than 200 worldwide) – http://ansible.meetup.com/

14. Introduction to Ansible Cfgmgmtcamp Ghent 2018 14 How to contribute

    ? • Join us on Wednesday for a developer meeting • Reporting issues – https://github.com/ansible/ansible/issues • Discussing ideas – Mailinglist: https://groups.google.com/forum/#!forum/ansible-devel – IRC: #ansible-devel on Freenode • Proposals – https://github.com/ansible/proposals/issues • Join a Working group – https://github.com/ansible/community

15. Introduction to Ansible Cfgmgmtcamp Ghent 2018 15 Staying involved... •

    Regular meetings – Twice a week core meetings and weekly Working Group meetings – Subscribe to meeting agenda: https://github.com/ansible/community/issues?q=is:open+label:meeting_agenda • Roadmap and Changelog – http://docs.ansible.com/ansible/devel/roadmap/ROADMAP_2_5.html – https://github.com/ansible/ansible/blob/devel/CHANGELOG.md • AnsibleFest – Twice a year, in London and San Francisco – Ansible contributor meetings • Ansible Automates • Cfgmgmtcamp

16. Introduction to Ansible Cfgmgmtcamp Ghent 2018 16 “ ” Feedback

    appreciated Don’t hesitate, I’ll be at Cfgmgmtcamp until Wednesday... Questions ? Remarks ?