Upgrade to Pro — share decks privately, control downloads, hide ads and more …

AnsibleWorkshopMay2019.pdf

99f481c5ef312c5f3d299b5957a22a07?s=47 Andreas Mosti
May 14, 2019
Programming
0
210

 AnsibleWorkshopMay2019.pdf

https://dipsas.github.io/AnsibleCourse/

99f481c5ef312c5f3d299b5957a22a07?s=128

Andreas Mosti

May 14, 2019
Tweet

More Decks by Andreas Mosti

See All by Andreas Mosti
99f481c5ef312c5f3d299b5957a22a07?s=48 andmos
0
3
99f481c5ef312c5f3d299b5957a22a07?s=48 andmos
0
15
99f481c5ef312c5f3d299b5957a22a07?s=48 andmos
0
10
99f481c5ef312c5f3d299b5957a22a07?s=48 andmos
0
98
99f481c5ef312c5f3d299b5957a22a07?s=48 andmos
1
80
99f481c5ef312c5f3d299b5957a22a07?s=48 andmos
0
25
99f481c5ef312c5f3d299b5957a22a07?s=48 andmos
0
20
99f481c5ef312c5f3d299b5957a22a07?s=48 andmos
0
330
99f481c5ef312c5f3d299b5957a22a07?s=48 andmos
0
40

Other Decks in Programming

See All in Programming
Bfc42a2fb137897db919bac632c83085?s=48 teruhisafukumoto
1
340
3d795f3e14655c5791b0ab84a40b7b35?s=48 yusukekonnorakus
0
260
15934fa2aa7b2ce21f091e9b7cffa856?s=48 manfredsteyer
PRO
0
250
06b10e0c3e87349fa6cc74a63493eb9c?s=48 okmttdhr
2
220
07fe43bbec550b3230b3a7f9a81de7cc?s=48 nishigori
2
1.5k
A45681c58220b58ca83a926b1be52e65?s=48 moriatsushi
1
440
45477cf77ae1a156e65fbc860078bf59?s=48 xu3u4
0
330
6dd0483f1353a4a359e92633cfd65c64?s=48 wasabeef
1
460
218473ff7abad0fcd72865da2b23bb5b?s=48 memory1994
6
730
F5c2731f9a4dbfb4af319295a1f0cd28?s=48 dmitrytsepelev
0
230
102398563fd1bf878b35dc2d5ee67cbe?s=48 kamilahsantos
1
110
E66449b8260b07a1cf51c5ab5eaa8180?s=48 dunglas
1
4k

Featured

See All Featured
56c4053438af8e8b90d6f53cbb7573be?s=48 jakevdp
776
200k
5f83ef806155b403c3393160ce51f955?s=48 jlugia
217
16k
A16eb159db895e3b01d3dc95767ad595?s=48 jonyablonski
30
1.5k
D67fff74178013024d833b3eec6cf27f?s=48 lynnandtonic
274
17k
761be20b5ebd271008bcee1244fc5b52?s=48 matthewcrist
73
7.6k
1177e050db6bafe62885362edf6e3537?s=48 lauravandoore
12
1.9k
1f74b13f1e5c6c69cb5d7fbaabb1e2cb?s=48 sferik
612
55k
0bce06bd06ee7a2c4f5500f25dcf7f18?s=48 paulrobertlloyd
71
3.7k
9cde37f47e4a800ea081ea42de8d749a?s=48 dougneiner
120
8.1k
Fde6c3a50ca518a909ef35c22c0ee0e4?s=48 destraynor
146
19k
1519587b1a0febb658c36c94f6272b0d?s=48 roundedbygravity
84
8k
A9179349dd2bdc67f377719f56d85656?s=48 garrettdimon
289
110k

Transcript

  1. and infrastructure as code workshop Andreas Mosti

  2. Key takeaways • Infrastructure as Code • Configuration Management •

    What can Ansible solve? • What can it not solve? • Enough knowledge to understand the key principles

  3. Dev/Build Runtime

  4. Dev/Build Runtime

  5. Dev/Build Runtime

  6. Dev/Build Runtime

  7. None

  8. The complexity moves

  9. None
  10. None

  11. Site A Site A Replica Site B Replica Site B

  12. • Application platforms / runtimes • Permissions • Users •

    Firewall rules • Config Files • Updates • Running Services • Upgrades

  13. • Application platforms / runtimes • Permissions • Users •

    Firewall rules • Config Files • Updates • Running Services • Upgrades 20
  14. None

  15. Inconsistent server farms

  16. Platform requirements, «What are we releasing on?»

  17. «We need new environments quickly, in a reproducible fashion»

  18. Automate the infrastructure

  19. Snowflake vs. Phoenix Servers

  20. Infrastructure as code:

  21. Reproducible Environments

  22. Servers in version control

  23. Configuration management

  24. Explicit process

  25. Safety!

  26. Code Review

  27. Baked vs. Fried servers

  28. The usual suspects

  29. None
  30. None

  31. Why Ansible?

  32. None
  33. None

  34. Open Source

  35. SSH WinRM

  36. Most important:

  37. The correct abstraction (for us)

  38. None

  39. Playbooks push Database Appserver Load Balancer

  40. None

  41. Remember: Ansible keeps state

  42. The benefits of Infrastructure as Code: 1) Automation 2) Version

    control 3) Code Review 4) Testing 5) Documentation 6) Reuse

  43. The holy grale: Imutable infrastructure

  44. Warning 1:

  45. None
  46. None
  47. None
  48. None

  49. The files don’t represent reality!

  50. None

  51. Warning 2:

  52. If not run often, the system might regress

  53. Part 1: Inventory and connection

  54. SSH WinRM

  55. WinRM Port 5986 Local / AD admin user w. remoting

    Powershell 3.0 ConfigureRemotingForAnsible.ps1

  56. SSH Port 22 root / dedicated user(s)

  57. None
  58. None

  59. The Inventory

  60. inventory/Example.inventory

  61. inventory/Testlab18.inventory

  62. Exercise 1: Inventory and server connection

  63. Part 2: Playbooks and tasks

  64. Playbooks push Database Appserver Loadbalancer

  65. LoadBalancer.yaml Zookeeper.yaml Solr.yaml Database.yaml ArenaAppServer.yaml

  66. WebServer.yaml

  67. WebServer.yaml

  68. WebServer.yaml

  69. WebServer.yaml

  70. roles/DotNet461/tasks/main.yaml

  71. None
  72. None

  73. Exercise 2: Playbook and simple tasks

  74. Part 3: Roles and variables

  75. WebServer.yaml

  76. To reuse tasks or implement components, we make roles

  77. Example roles: • IIS • DotnetFramework45 • Oracle12C • TeamcityAgent

    • Java • GoogleChrome • SplunkForwarder
  78. None

  79. Buildserver.yaml

  80. roles/Oracle12Driver/tasks/main.yaml

  81. roles/Oracle12Driver/tasks/main.yaml

  82. roles/Oracle12Driver/defaults/main.yaml

  83. Lists and iterators

  84. roles/Zookeeper/tasks/main.yaml roles/Zookeeper/defaults/main.yaml

  85. A word on variable precendence

  86. From least to most important: • role defaults • group_vars/

    • host_vars/ • host facts • play vars • include_vars • set_facts • extra vars

  87. A word on state and idempotency

  88. Always pick modules over shell commands (if possible)

  89. roles/MKDocs/tasks/main.yaml

  90. roles/MKDocs/tasks/main.yaml

  91. Exercise 3: Roles, variables and iterators

  92. Part 4: Handlers, templates, files

  93. None

  94. Files vs Templates

  95. roles/TeamCityAgent/tasks/main.yaml

  96. True configuration management with templating and JINJA2

  97. roles/TeamCityAgent/templates/buildAgent.properties

  98. roles/SplunkForwarder/templates/input.conf.j2

  99. roles/HAProxy/templates/haproxy.conf.j2

  100. roles/Prometheus/templates/alertmanager.yml.j2

  101. roles/Prometheus/defaults/main.yml

  102. roles/TeamCityAgent/tasks/main.yaml

  103. roles/TeamCityAgent/handlers/main.yaml

  104. Exercise 4: Templates, handlers and files

  105. Part 5: Ansible Vault

  106. When working with secrets roles/TeamCityAgent/tasks/main.yaml

  107. roles/TeamCityAgent/defaults/main.yaml

  108. None

  109. roles/TeamCityAgent/defaults/main.yaml

  110. None

  111. roles/TeamCityAgent/defaults/main.yaml

  112. Exercise 5: Vault and encryptet secrets