Ansible hors des sentiers battus

#DevoxxFR #ansibleRocks 1 Aurélien Maury Ansible hors des sentiers battus

#DevoxxFR #ansibleRocks whoami 2

#DevoxxFR #ansibleRocks uname 3 @YesWeScale

#DevoxxFR #ansibleRocks Agenda 4

#DevoxxFR #ansibleRocks Elevator pitch 5

#DevoxxFR #ansibleRocks Python 6

#DevoxxFR #ansibleRocks Orchestration 7

#DevoxxFR #ansibleRocks Conﬁguration 8

#DevoxxFR #ansibleRocks Idempotence 9

#DevoxxFR #ansibleRocks Sans agent 10

#DevoxxFR #ansibleRocks SSH 11

#DevoxxFR #ansibleRocks « Getting started » 12

#DevoxxFR #ansibleRocks « Getting started » 12 ansible-playbook

#DevoxxFR #ansibleRocks OK ! 13

#DevoxxFR #ansibleRocks SSH-fu 14

#DevoxxFR #ansibleRocks SSH-fu 15 # $HOME/.ssh/config Host bastion Hostname 84.39.41.33
User admin IdentityFile ~/.ssh/bastion_key Host 192.168.47.* ProxyCommand ssh -W %h:%p bastion User admin IdentityFile ~/.ssh/zone_key Host * ControlMaster auto ControlPath ~/.ssh/mux-%r@%h:%p ControlPersist 15m

#DevoxxFR #ansibleRocks SSH-fu 18 # $WORKSPACE/ssh.cfg Host bastion Hostname 84.39.41.33
User admin IdentityFile ~/.ssh/bastion_key Host 192.168.47.* ProxyCommand ssh -W %h:%p -F ssh.cfg bastion User admin IdentityFile ~/.ssh/zone_key Host * ControlMaster auto ControlPath ~/.ssh/mux-%r@%h:%p ControlPersist 15m

#DevoxxFR #ansibleRocks Hosts 19

#DevoxxFR #ansibleRocks Host Inventory 20 [web_servers] 192.168.47.11 192.168.47.12 192.168.47.13 [db_servers]
192.168.47.10 [production:children] web_servers db_servers [production:vars] ansible_ssh_user=admin ansible_ssh_private_key_file=/home/ops/.ssh/id_rsa.prod

#DevoxxFR #ansibleRocks Dynamic Inventory 21

#DevoxxFR #ansibleRocks Dynamic Inventory 21 ansible --inventory-file=./static_inventory

#DevoxxFR #ansibleRocks Dynamic Inventory 21 ansible --inventory-file=./static_inventory ansible --inventory-file=./executable_returning_json

#DevoxxFR #ansibleRocks Dynamic Inventory 22 --list { "databases" : {
"hosts" : [ "host1.example.com", "host2.example.com" ], "vars" : { "a" : true } }, "webservers" : [ "host2.example.com", "host3.example.com" ], "atlanta" : { "hosts" : [ "host1.example.com", "host4.example.com"], "vars" : { "b" : false }, "children": [ "marietta", "5points" ] }, "marietta" : [ "host6.example.com" ] }

#DevoxxFR #ansibleRocks Dynamic Inventory 23 --host $HOST { "favcolor" :
"red", "ntpserver" : "wolf.example.com", "monitoring" : "pack.example.com" }

#DevoxxFR #ansibleRocks Dynamic Inventory 24

#DevoxxFR #ansibleRocks One more thing 25 La conﬁance n’exclut pas
le contrôle.

#DevoxxFR #ansibleRocks Modules 26

#DevoxxFR #ansibleRocks Il y a sûrement un module pour ça
27

27 Cloud - Amazon, Cloudstack, Openstack, VMWare, DO

27 Cloud - Amazon, Cloudstack, Openstack, VMWare, DO Clustering - consul, zookeeper

27 Cloud - Amazon, Cloudstack, Openstack, VMWare, DO Clustering - consul, zookeeper Commands - shell, script, expect

27 Cloud - Amazon, Cloudstack, Openstack, VMWare, DO Clustering - consul, zookeeper Commands - shell, script, expect Database - mysql, postgresql, redis, riak

27 Cloud - Amazon, Cloudstack, Openstack, VMWare, DO Clustering - consul, zookeeper Commands - shell, script, expect Database - mysql, postgresql, redis, riak Files - copy, fetch, lineinfile, template, unarchive

27 Cloud - Amazon, Cloudstack, Openstack, VMWare, DO Clustering - consul, zookeeper Commands - shell, script, expect Database - mysql, postgresql, redis, riak Files - copy, fetch, lineinfile, template, unarchive Messaging - rabbitmq_[binding, exchange, queue, ...]

27 Cloud - Amazon, Cloudstack, Openstack, VMWare, DO Clustering - consul, zookeeper Commands - shell, script, expect Database - mysql, postgresql, redis, riak Files - copy, fetch, lineinfile, template, unarchive Messaging - rabbitmq_[binding, exchange, queue, ...] Monitoring - zabbix, nagios, sensu, monit, datadog

27 Cloud - Amazon, Cloudstack, Openstack, VMWare, DO Clustering - consul, zookeeper Commands - shell, script, expect Database - mysql, postgresql, redis, riak Files - copy, fetch, lineinfile, template, unarchive Messaging - rabbitmq_[binding, exchange, queue, ...] Monitoring - zabbix, nagios, sensu, monit, datadog Network - A10, F5, Openswitch, cumulus, get_url

27 Cloud - Amazon, Cloudstack, Openstack, VMWare, DO Clustering - consul, zookeeper Commands - shell, script, expect Database - mysql, postgresql, redis, riak Files - copy, fetch, lineinfile, template, unarchive Messaging - rabbitmq_[binding, exchange, queue, ...] Monitoring - zabbix, nagios, sensu, monit, datadog Network - A10, F5, Openswitch, cumulus, get_url Notification - jabber, slack, mail, irc, hipchat

27 Cloud - Amazon, Cloudstack, Openstack, VMWare, DO Clustering - consul, zookeeper Commands - shell, script, expect Database - mysql, postgresql, redis, riak Files - copy, fetch, lineinfile, template, unarchive Messaging - rabbitmq_[binding, exchange, queue, ...] Monitoring - zabbix, nagios, sensu, monit, datadog Network - A10, F5, Openswitch, cumulus, get_url Notification - jabber, slack, mail, irc, hipchat Packaging - apt, yum, pip, bower, npm, homebrew

27 Cloud - Amazon, Cloudstack, Openstack, VMWare, DO Clustering - consul, zookeeper Commands - shell, script, expect Database - mysql, postgresql, redis, riak Files - copy, fetch, lineinfile, template, unarchive Messaging - rabbitmq_[binding, exchange, queue, ...] Monitoring - zabbix, nagios, sensu, monit, datadog Network - A10, F5, Openswitch, cumulus, get_url Notification - jabber, slack, mail, irc, hipchat Packaging - apt, yum, pip, bower, npm, homebrew Source control - git, gitlab, hg, subversion

27 Cloud - Amazon, Cloudstack, Openstack, VMWare, DO Clustering - consul, zookeeper Commands - shell, script, expect Database - mysql, postgresql, redis, riak Files - copy, fetch, lineinfile, template, unarchive Messaging - rabbitmq_[binding, exchange, queue, ...] Monitoring - zabbix, nagios, sensu, monit, datadog Network - A10, F5, Openswitch, cumulus, get_url Notification - jabber, slack, mail, irc, hipchat Packaging - apt, yum, pip, bower, npm, homebrew Source control - git, gitlab, hg, subversion System - known_host, authorized_key, user, group

27 Cloud - Amazon, Cloudstack, Openstack, VMWare, DO Clustering - consul, zookeeper Commands - shell, script, expect Database - mysql, postgresql, redis, riak Files - copy, fetch, lineinfile, template, unarchive Messaging - rabbitmq_[binding, exchange, queue, ...] Monitoring - zabbix, nagios, sensu, monit, datadog Network - A10, F5, Openswitch, cumulus, get_url Notification - jabber, slack, mail, irc, hipchat Packaging - apt, yum, pip, bower, npm, homebrew Source control - git, gitlab, hg, subversion System - known_host, authorized_key, user, group Windows - trucs windows inconnus de moi

#DevoxxFR #ansibleRocks Appel à un module 28 - name: un
joli titre c’est mieux apt: pkg="tmux" state=present update_cache=yes - name: un joli titre c’est mieux apt: pkg="screen" state=present

#DevoxxFR #ansibleRocks with_items 29 - name: un joli titre c’est
mieux apt: pkg="{{ item }}" state=present update_cache=yes with_items: - tmux - screen

#DevoxxFR #ansibleRocks with_items 30 - name: add several users user:
name={{ item.name }} state=present groups={{ item.groups }} with_items: - { name: 'testuser1', groups: 'wheel' } - { name: 'testuser2', groups: 'root' }

#DevoxxFR #ansibleRocks with_* 31 with_file: - file_1 - file_2 with_fileglob:
- files/*.yml with_together: - ['a','b'] - [1,2] with_subelements, with_sequence, with_random_choice, with_indexed_items, with_dict

#DevoxxFR #ansibleRocks Donnez vie à vos snippets 32

#DevoxxFR #ansibleRocks Donnez vie à vos snippets 32 Faire un
module Ansible ?

#DevoxxFR #ansibleRocks Donnez vie à vos snippets 32 15 lignes
de Python Faire un module Ansible ?

de Python Faire un module Ansible ? Installer un module Ansible ?

de Python Faire un module Ansible ? posez le dans ./library Installer un module Ansible ?

#DevoxxFR #ansibleRocks Roles 33

#DevoxxFR #ansibleRocks Structure 34 . ├── README.md ├── defaults │
└── main.yml --> variables par défaut ├── files --> fichiers statiques ├── handlers │ └── main.yml --> handlers ├── meta │ └── main.yml --> fiche d'info et dépendances ├── tasks │ └── main.yml --> tâches (appels de modules) ├── templates --> templates Jinja2 ├── tests │ ├── inventory │ └── test.yml └── vars └── main.yml --> variables fortes

#DevoxxFR #ansibleRocks Structure 34 . ├── README.md ├── defaults │
└── main.yml --> variables par défaut ├── files --> fichiers statiques ├── handlers │ └── main.yml --> handlers ├── meta │ └── main.yml --> fiche d'info et dépendances ├── tasks │ └── main.yml --> tâches (appels de modules) ├── templates --> templates Jinja2 ├── tests │ ├── inventory │ └── test.yml └── vars └── main.yml --> variables fortes ansible-galaxy init mon_role_amoi

#DevoxxFR #ansibleRocks ansible-galaxy 35

#DevoxxFR #ansibleRocks ansible-galaxy 35 https://galaxy.ansible.com

#DevoxxFR #ansibleRocks ansible-galaxy 35 https://galaxy.ansible.com ansible-galaxy install yatesr.timezone

#DevoxxFR #ansibleRocks ansible-galaxy 36 # requirements.yml - src: yatesr.timezone -
src: https://github.com/bennojoy/nginx - src: https://github.com/bennojoy/nginx version: master name: nginx_role - src: https://some.webserver.example.com/files/master.tar.gz name: http-role

#DevoxxFR #ansibleRocks ansible-galaxy 36 # requirements.yml - src: yatesr.timezone -
src: https://github.com/bennojoy/nginx - src: https://github.com/bennojoy/nginx version: master name: nginx_role - src: https://some.webserver.example.com/files/master.tar.gz name: http-role ansible-galaxy install -r requirements.yml

#DevoxxFR #ansibleRocks Variables 37

#DevoxxFR #ansibleRocks YAML 38 —-- simplest_num: 42 simplest_str: "Terry Pratchett"
# Qui lit les commentaires de toutes façons ? some_list: - "DON'T THINK OF IT AS DYING" - "JUST THINK OF IT AS" - "LEAVING EARLY TO AVOID THE RUSH" some_dict: key: "value" other_key: 10 list_of_dict: - { indentation: "is", the_key: "si si" }

# Qui lit les commentaires de toutes façons ? some_list: - "DON'T THINK OF IT AS DYING" - "JUST THINK OF IT AS" - "LEAVING EARLY TO AVOID THE RUSH" some_dict: key: "value" other_key: 10 list_of_dict: - { indentation: "is", the_key: "si si" }

# Qui lit les commentaires de toutes façons ? some_list: - "DON'T THINK OF IT AS DYING" - "JUST THINK OF IT AS" - "LEAVING EARLY TO AVOID THE RUSH" some_dict: key: "value" other_key: 10 list_of_dict: - indentation: "is" the_key: "si si"

#DevoxxFR #ansibleRocks YAML 41 {{ playbook_dir }} {{ inventory_dir }}

#DevoxxFR #ansibleRocks Facts 42 ansible -m setup localhost localhost |
SUCCESS => { "ansible_facts": { "ansible_all_ipv4_addresses": [ "192.168.42.2", "192.168.99.1" ], "ansible_all_ipv6_addresses": [ "fe80::4e8d:79ff:fee8:54fe%en1", "fe80::f0ad:11ff:fee9:fcc8%awdl0" ], "ansible_architecture": "x86_64", "ansible_awdl0": { "device": "awdl0", "flags": [ "UP", "BROADCAST", "RUNNING", "PROMISC", "SIMPLEX", "MULTICAST"

#DevoxxFR #ansibleRocks Facts 43 ansible_distribution ansible_distribution_major_version ansible_default_ipv4.address ansible_eth0.ipv4.address ansible_processor_cores ansible_hostname
ansible_mounts ansible_interfaces [...]

#DevoxxFR #ansibleRocks Fact caching 44 # ansible.cfg [defaults] gathering =
smart fact_caching = redis fact_caching_timeout = 7200

#DevoxxFR #ansibleRocks Fact caching 45 # ansible.cfg [defaults] gathering =
smart fact_caching = jsonfile fact_caching_connection = /tmp/facts_cache fact_caching_timeout = 7200

#DevoxxFR #ansibleRocks Set_fact 46 —-- - hosts: target_group become: yes
pre_tasks: - shell: > {{ playbook_dir }}/scripts/xml2yaml.py xml/* register: yaml_out

pre_tasks: - shell: > {{ playbook_dir }}/scripts/xml2yaml.py xml/* register: yaml_out "--- styles: - grindcore - disco - punk"

pre_tasks: - shell: > {{ playbook_dir }}/scripts/xml2yaml.py xml/* register: yaml_out "--- styles: - grindcore - disco - punk" - set_fact: table_oauth: "{{ yaml_out.stdout | from_yaml }}"

pre_tasks: - include: custom_facts.yml

#DevoxxFR #ansibleRocks Précédence 48 role defaults inventory vars inventory group_vars
inventory host_vars playbook group_vars playbook host_vars host facts registered vars set_facts play vars play vars_prompt play vars_files role and include vars block vars (seulement pour les tâches du bloc) task vars (seulement pour la tâche) extra vars (ultime)

#DevoxxFR #ansibleRocks Précédence 49 role defaults inventory vars inventory group_vars
inventory host_vars playbook group_vars playbook host_vars host facts registered vars set_facts play vars play vars_prompt play vars_files role and include vars block vars (seulement pour les tâches du bloc) task vars (seulement pour la tâche) extra vars (ultime)

#DevoxxFR #ansibleRocks Rebonjour M. Anderson 50

#DevoxxFR #ansibleRocks Agent-like 51

#DevoxxFR #ansibleRocks Agent-like 51 ansible-playbook

#DevoxxFR #ansibleRocks 52 Agent-like

#DevoxxFR #ansibleRocks 52 git push Agent-like

#DevoxxFR #ansibleRocks 53 Agent-like

#DevoxxFR #ansibleRocks 53 cron + ansible-pull Agent-like

#DevoxxFR #ansibleRocks Vagrant 54

#DevoxxFR #ansibleRocks Vagrant provisioner remote 55 config.vm.provision "ansible" do |ansible|
ansible.groups = { "web_servers" => ["vm_one", "vm_two"], "db_servers" => ["vm_three"], "production:children" => [ "web_servers", "db_servers" ], "all_groups:children" => ["production"] } ansible.playbook = "upgrade_stack.yml" end

#DevoxxFR #ansibleRocks 56 config.vm.provision "ansible" do |ansible| ansible.groups = {
"web_servers" => ["vm_one", "vm_two"], "db_servers" => ["vm_three"], "production:children" => [ "web_servers", "db_servers" ], "all_groups:children" => ["production"] } ansible.playbook = "upgrade_stack.yml" end Vagrant provisioner remote

#DevoxxFR #ansibleRocks 57 config.vm.provision "ansible" do |ansible| ansible.groups = {
"web_servers" => ["vm_one", "vm_two"], "db_servers" => ["vm_three"], "production:children" => [ "web_servers", "db_servers" ], "all_groups:children" => ["production"] } ansible.playbook = "upgrade_stack.yml" end Vagrant provisioner remote

#DevoxxFR #ansibleRocks 58 config.vm.provision "ansible_local" do |ansible| ansible.playbook = "upgrade_stack.yml"
end Vagrant provisioner local

#DevoxxFR #ansibleRocks Packer 59

#DevoxxFR #ansibleRocks Packer : Elevator pitch 60

#DevoxxFR #ansibleRocks Packer : Elevator pitch 60 Boot VM •
OpenStack • AWS • Docker • Qemu • GCE • …

#DevoxxFR #ansibleRocks Packer : Elevator pitch 60 Boot VM Provision
• OpenStack • AWS • Docker • Qemu • GCE • … • Puppet • Saltstack • Chef • Ansible • Shell • …

#DevoxxFR #ansibleRocks Packer : Elevator pitch 60 Boot VM Provision
Snapshot • OpenStack • AWS • Docker • Qemu • GCE • … • Puppet • Saltstack • Chef • Ansible • Shell • …

#DevoxxFR #ansibleRocks build-me.json 61 "provisioners": [  {  "type": "file",  "source":
"ansible/requirements.yml",  "destination": "/tmp/requirements.yml"  },  {  "type": "shell",  "scripts": [  "scripts/ansible-seed.sh"  ]  },  {  "type": "ansible-local",  "playbook_dir": "ansible",  "playbook_file": "ansible/bootstrap.yml"  } }

#DevoxxFR #ansibleRocks Interactions 65

#DevoxxFR #ansibleRocks Le maître mot 66

#DevoxxFR #ansibleRocks Logique 67

#DevoxxFR #ansibleRocks Logique 67 SSH => Ansible

#DevoxxFR #ansibleRocks Logique 67 SSH => Ansible (ou Salt-SSH)

#DevoxxFR #ansibleRocks Terraform 68

#DevoxxFR #ansibleRocks Points de greffe 69 # playbook.yml - shell:
cat terraform.tfstate register: raw_tfstate - set_facts: tfstate: "{{ raw_tfstate.stdout | from_json }}"

cat terraform.tfstate register: raw_tfstate - set_facts: tfstate: "{{ raw_tfstate.stdout | from_json }}" tfstate.modules[1].resources['aws_route53_record.elb_cgate'].primary.attributes.zone_id

#DevoxxFR #ansibleRocks Points de greffe 70

#DevoxxFR #ansibleRocks Points de greffe 70 # main.tf resource "aws_route53_record"
"monitor" { zone_id = "${var.network.route53_zone_id}" name = "monitor" type = "A" ttl = "300" records = ["${aws_instance.server.private_ip}"] }

"monitor" { zone_id = "${var.network.route53_zone_id}" name = "monitor" type = "A" ttl = "300" records = ["${aws_instance.server.private_ip}"] } output "monitor_zone_id" { value = "${aws_route53_record.monitor.zone_id}" }

"monitor" { zone_id = "${var.network.route53_zone_id}" name = "monitor" type = "A" ttl = "300" records = ["${aws_instance.server.private_ip}"] } output "monitor_zone_id" { value = "${aws_route53_record.monitor.zone_id}" } terraform output monitor_zone_id ZSQ642E3K7JC5

cat terraform.tfstate register: raw_tfstate - set_facts: tfstate: "{{ raw_tfstate.stdout | from_json }}" tfstate.modules[1].resources['aws_route53_record.elb_cgate'].primary.attributes.zone_id

#DevoxxFR #ansibleRocks Points de greffe 72

terraform output monitor_zone_id register: sh_monitor_zid - set_facts: monitor_zid: "{{ sh_monitor_zid.stdout }}"

#DevoxxFR #ansibleRocks Pensées 73

#DevoxxFR #ansibleRocks Métaphore 74

#DevoxxFR #ansibleRocks Métaphore 74 +

#DevoxxFR #ansibleRocks Métaphore 74 + +

#DevoxxFR #ansibleRocks 75 SYSADMINS because even developers need heroes

#DevoxxFR #ansibleRocks 76

#DevoxxFR #ansibleRocks 76 KEEP CALM AND HACK YOUR WAY

#DevoxxFR #ansibleRocks 77 Des questions ?

#DevoxxFR #ansibleRocks Merci @YesWeScale @aurelienmaury 78

Ansible hors des sentiers battus

Ansible hors des sentiers battus

More Decks by Aurélien Maury

Other Decks in Technology

Featured

Transcript