• Automation for local and remote applications deployment • No agents to install on remote systems • Using existing SSHd on remote systems and native SSH on host • Parallel by default - scale to 6000 targets with single master • Language that approaches plain english
and deploy Tasks - individual actions to perform on remote or local machines Roles - modular, single-purpose configurations for systems Inventory - files containing address information of target machines Handlers - actions triggered by tasks Templates - customizable files destined for managed machines
• Define logical groups of managed nodes • One file for each environment • Default location : /etc/ansible/hosts • INI format, variable overrides sample_inventory.ini [loadbalancers] 10.20.30.41 10.20.30.42 [webservers] 10.20.30.51 hostname=artemis 10.20.30.52 hostname=apollo
a users virtualenv shell: su - c {{ item[0] }} '(. ./bin/activate && pip install {{ item[1] }})' with_nested: - [ 'jim', 'joe', 'jack' ] - [ package1==1.1, package2==1.2, package3==1.3 ] There are several types of loops: Hashes, Fileglobs, Sequence, Subelements, First match, Command results, Random and more but there’s a builtin pip module, anyways.
command: /bin/something when: result|failed - command: /bin/something_else when: result|success - command: /bin/still/something_else when: result|skipped The result of a play can depend on the value of a variable, fact (something learned about the remote system), or previous task result.
}}'" when: foo is defined - fail: msg="This play requires 'bar'" when: bar is not defined - command: echo {{ item }} with_items: [ 0, 2, 4, 6, 8, 10 ] when: item > 5 If a required variable has not been set, you can skip or fail using Jinja2’s defined test. For example:
providers, packages and tools are integrated • Easily add your own in any language examples: • ec2 - Create, terminate, start/stop an instance • docker - Manage docker containers • hipchat Send a message to hipchat • s3 - manage objects in S3 • twilio - Sends a text message to a phone • win_service - Manages Windows services • zfs - Manage zfs
•Can be run from a centralized bastion server •Vault encrypts sensitive data •Uses ordinary SSH, paramiko or custom transport plugins •No extra open ports, use your own user account, sudo! •No agents to update or risk vulnerabilities
•Manage any number of servers across many Tower instances •Portal and dashboard views, pushbutton interaction •Job scheduling •Audit trail •High availability
•Canary testing (check for page content or response code) •Custom execution paths based on response/error/environment •Variable timeouts and parellelism •Ansible-pull to invert execution - nodes check in to a master