Upgrade to Pro — share decks privately, control downloads, hide ads and more …

A tour of Ansible

A tour of Ansible

A guided tour of Ansible's awesome features and capabilities. Learn how a complex tool can simply automate your infrastructure.

Steve Pereira

March 20, 2015
Tweet

More Decks by Steve Pereira

Other Decks in Technology

Transcript

  1. Steve Pereira 18 years in IT Startups and Enterprise Love

    learning about, teaching and talking about: • DevOps • CI/CD • Automation • Scale WHO AM I?
  2. ANSIBLE FEATURES • Automation for local and remote system provisioning

    • Automation for local and remote applications deployment • No agents to install on remote systems • Using existing SSHd on remote systems and native SSH on host • Parallel by default - scale to 6000 targets with single master • Language that approaches plain english
  3. ANSIBLE CONVENTIONS Playbooks - contain required tasks to configure systems

    and deploy Tasks - individual actions to perform on remote or local machines Roles - modular, single-purpose configurations for systems Inventory - files containing address information of target machines Handlers - actions triggered by tasks Templates - customizable files destined for managed machines
  4. MINIMUM VIABLE ANSIBLE $ ansible all -i 'localhost,' -c local

    -m ping localhost | success >> { "changed": false, "ping": "pong" }
  5. WHAT ELSE? • ansible webservers -m setup • ansible lb

    -m copy -a "src=hosts dest=/tmp/hosts” • ansible webservers -m yum -a "name=curl state=installed” • ansible webservers -m service -a "name=nginx state=restarted” • ansible-doc -l
  6. PLAYBOOKS --- - hosts: webservers vars: http_port: 80 max_clients: 200

    remote_user: root tasks: - name: ensure apache is at the latest version yum: pkg=httpd state=latest - name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf notify: - restart apache - name: ensure apache is running (and enable it at boot) service: name=httpd state=started enabled=yes handlers: - name: restart apache service: name=httpd state=restarted example_playbook.yml
  7. PLAYBOOKS --- - hosts: webservers vars: http_port: 80 max_clients: 200

    remote_user: root tasks: - name: ensure apache is at the latest version yum: pkg=httpd state=latest - name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf notify: - restart apache - name: ensure apache is running (and enable it at boot) service: name=httpd state=started enabled=yes handlers: - name: restart apache service: name=httpd state=restarted example_playbook.yml
  8. PLAYBOOKS --- - hosts: webservers vars: http_port: 80 max_clients: 200

    remote_user: root tasks: - name: ensure apache is at the latest version yum: pkg=httpd state=latest - name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf notify: - restart apache - name: ensure apache is running (and enable it at boot) service: name=httpd state=started enabled=yes handlers: - name: restart apache service: name=httpd state=restarted example_playbook.yml
  9. PLAYBOOKS --- - hosts: webservers vars: http_port: 80 max_clients: 200

    remote_user: root tasks: - name: ensure apache is at the latest version yum: pkg=httpd state=latest - name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf notify: - restart apache - name: ensure apache is running (and enable it at boot) service: name=httpd state=started enabled=yes handlers: - name: restart apache service: name=httpd state=restarted example_playbook.yml
  10. PLAYBOOKS --- - hosts: webservers vars: http_port: 80 max_clients: 200

    remote_user: root tasks: - name: ensure apache is at the latest version yum: pkg=httpd state=latest - name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf notify: - restart apache - name: ensure apache is running (and enable it at boot) service: name=httpd state=started enabled=yes handlers: - name: restart apache service: name=httpd state=restarted example_playbook.yml
  11. PLAYBOOKS --- - hosts: webservers vars: http_port: 80 max_clients: 200

    remote_user: root tasks: - name: ensure apache is at the latest version yum: pkg=httpd state=latest - name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf notify: - restart apache - name: ensure apache is running (and enable it at boot) service: name=httpd state=started enabled=yes handlers: - name: restart apache service: name=httpd state=restarted example_playbook.yml
  12. PLAYBOOKS --- - hosts: webservers vars: http_port: 80 max_clients: 200

    remote_user: root tasks: - name: ensure apache is at the latest version yum: pkg=httpd state=latest - name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf notify: - restart apache - name: ensure apache is running (and enable it at boot) service: name=httpd state=started enabled=yes handlers: - name: restart apache service: name=httpd state=restarted example_playbook.yml
  13. ROLES my_role/ README.md (readme) defaults/ (default values) meta/ (role metadata)

    files/ (binaries) templates/ (file templates) handlers/ (operation handlers) tasks/ (playbook files) vars/ (custom variables) • Easily packaged and shared • Download community roles • Mix and match
  14. INVENTORY • Define how ansible will interact with remote hosts

    • Define logical groups of managed nodes • One file for each environment • Default location : /etc/ansible/hosts • INI format, variable overrides sample_inventory.ini [loadbalancers] 10.20.30.41 10.20.30.42 [webservers] 10.20.30.51 hostname=artemis 10.20.30.52 hostname=apollo
  15. TEMPLATES • Use Jinja2 templating and variables to customize •

    Defaults available when variables not provided (dev default with prod override) etc_logrotate.d.j2 {{ logfile }} { rotate {{ 7 | rotate_max }} {{ daily | frequency }} compress missingok notifempty }
  16. IT CAN GET FANCY tasks: - name: install packages in

    a users virtualenv shell: su - c {{ item[0] }} '(. ./bin/activate && pip install {{ item[1] }})' with_nested: - [ 'jim', 'joe', 'jack' ] - [ package1==1.1, package2==1.2, package3==1.3 ] There are several types of loops: Hashes, Fileglobs, Sequence, Subelements, First match, Command results, Random and more but there’s a builtin pip module, anyways.
  17. CONDITIONALS tasks: - command: /bin/false register: result ignore_errors: True -

    command: /bin/something when: result|failed - command: /bin/something_else when: result|success - command: /bin/still/something_else when: result|skipped The result of a play can depend on the value of a variable, fact (something learned about the remote system), or previous task result.
  18. MORE CONDITIONALS! tasks: - shell: echo "I've got '{{ foo

    }}'" when: foo is defined - fail: msg="This play requires 'bar'" when: bar is not defined - command: echo {{ item }} with_items: [ 0, 2, 4, 6, 8, 10 ] when: item > 5 If a required variable has not been set, you can skip or fail using Jinja2’s defined test. For example:
  19. SIMPLE, POWERFUL BUILTINS • 261 built-in modules • Many cloud

    providers, packages and tools are integrated • Easily add your own in any language examples: • ec2 - Create, terminate, start/stop an instance • docker - Manage docker containers • hipchat Send a message to hipchat • s3 - manage objects in S3 • twilio - Sends a text message to a phone • win_service - Manages Windows services • zfs - Manage zfs
  20. SMOOTH OPERATION • Get and set variables easily • Simple

    variable precedence • Ordered, predictable execution • Tagged, resumable execution • ansible doc [foo]
  21. SECURITY •Can be centralized and locked down via Ansible Tower

    •Can be run from a centralized bastion server •Vault encrypts sensitive data •Uses ordinary SSH, paramiko or custom transport plugins •No extra open ports, use your own user account, sudo! •No agents to update or risk vulnerabilities
  22. ENTERPRISE GRADE •Tower integration with LDAP and AD for RBAC

    •Manage any number of servers across many Tower instances •Portal and dashboard views, pushbutton interaction •Job scheduling •Audit trail •High availability
  23. ADVANCED CAPABILITIES •Rolling updates/deployment/orchestration (1, 5, n at a time)

    •Canary testing (check for page content or response code) •Custom execution paths based on response/error/environment •Variable timeouts and parellelism •Ansible-pull to invert execution - nodes check in to a master