Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Ansible: Provisioning From the Outside In

Bobby Calderwood
March 25, 2015
Programming
0
150

Ansible: Provisioning From the Outside In

Talk presented at the March 2015 Ansible DC Meetup (http://www.meetup.com/Ansible-DC/events/220867440/).

Bobby Calderwood

March 25, 2015
Tweet

More Decks by Bobby Calderwood

See All by Bobby Calderwood
Decoupled, Immutable REST APIs with Kafka Streams
bobbycalderwood
0
310
Make for Microservices
bobbycalderwood
0
240
Commander: Better Distributed Applications through CQRS, Event Sourcing, and Immutable Logs
bobbycalderwood
17
8.4k
Commander: Decoupled, Immutable REST APIs with Kafka Streams
bobbycalderwood
18
13k
Clojure/conj 2015: From REST To CQRS With Clojure, Kafka, & Datomic
bobbycalderwood
9
2.1k

Other Decks in Programming

See All in Programming
一緒にスクラム開発___GPT-4と人間が共創するプロダクトの進化.pdf
itohiro73
5
4.5k
DevRel/Japan 2023 - 1つの事業部だけで行う DevRel とは
hcrane
0
290
鹿児島からRubyではじめるスタートアップ
yoshikouki
0
710
#phperkaigi 名著「パーフェクトPHP」のPart3に出てきたフレームワークを令和5年に書き直したらどんな感じですかね?
o0h
PRO
1
400
PHPUnit 10 概論 / Introduction of PHPUnit 10
cocoeyes02
0
140
KMMのCI/CD
kubode
3
280
What Ever Happened to Baby Rails App?
eatplaynap
1
550
Lightweight Architectures With Angular's Latest Innovations
manfredsteyer
PRO
0
160
ChatGPTによるデータ変換がもたらすインパクト
masahiro_nishimi
3
2.9k
LayerXにおける機械学習を活用した請求書OCR機能に関する取り組み / deim2023-layerx-ai-ocr
yuya4
7
1.3k
CSC308 Lecture 23
javiergs
PRO
0
170
Cloudflare 概論 Cloudflare Meetup Kick Off! #CloudflareUG
maroon1st
0
430

Featured

See All Featured
Stop Working from a Prison Cell
hatefulcrawdad
264
18k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
349
27k
Teambox: Starting and Learning
jrom
124
7.9k
Why You Should Never Use an ORM
jnunemaker
PRO
49
8k
KATA
mclloyd
12
10k
Designing on Purpose - Digital PM Summit 2013
jponch
108
5.9k
Debugging Ruby Performance
tmm1
67
11k
Building an army of robots
kneath
300
41k
Building Better People: How to give real-time feedback that sticks.
wjessup
346
17k
No one is an island. Learnings from fostering a developers community.
thoeni
12
1.6k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
22
1.7k
Put a Button on it: Removing Barriers to Going Fast.
kastner
56
2.6k

Transcript

  1. Hello, we’re B23
    • B23 (www.b23.io)
    • Lane Forsythe ([email protected])
    • Bobby Calderwood ([email protected])

    View Slide

  2. Ansible
    Provisioning from the Outside In

    View Slide

  3. Outside In?
    • Ansible’s default inventory management assumes
    that you have a set of hosts configured in inventory
    (static or dynamic) prior to running plays
    • However, for an interesting set of cases, you’ll be
    bootstrapping the inventory prior to running any
    plays on the instances themselves
    • For this set of cases, we think about the system
    from the outside inward, using phrases we coined

    View Slide

  4. Steps for Bootstrapping
    • Outside
    • Elsewhere
    • Inside

    View Slide

  5. digital_ocean.yml
    ---
    - name: Outside (droplets)
    hosts: local
    connection: local
    roles:
    - digital_ocean_topology
    - name: Open sesame
    hosts: digital_ocean
    gather_facts: no
    tasks:
    - include: roles/common/tasks/knock.yml
    - name: Inside (bootstrap)
    hosts: digital_ocean
    gather_facts: no
    remote_user: root
    sudo: yes
    roles:
    - ubuntu_bootstrap
    - name: Inside (knockd)
    hosts: digital_ocean
    remote_user: ansible
    sudo: yes
    roles:
    - knockd
    - name: Close sesame
    hosts: digital_ocean
    gather_facts: no
    tasks:
    - include: roles/common/tasks/unknock.yml

    View Slide

  6. google_compute.yml
    ---
    - name: Outside (network and instances)
    hosts: local
    connection: local
    roles:
    - google_compute_network
    - google_compute_instances
    - name: Open sesame
    hosts: local
    connection: local
    tasks:
    - include: roles/google_compute_network/tasks/ssh_firewall.yml
    vars:
    state: active
    - name: Inside (bootstrap)
    hosts: google_compute
    gather_facts: no
    remote_user: root
    sudo: yes
    roles:
    - ubuntu_bootstrap
    - name: Inside (mesos masters)
    hosts: mesos_masters
    remote_user: ansible
    sudo: yes
    roles:
    - mesos-master
    - name: Inside (mesos slaves)
    hosts: mesos_slaves
    remote_user: ansible
    sudo: yes
    roles:
    - mesos-slave
    - name: Close sesame
    hosts: local
    connection: local
    tasks:
    - include: roles/google_compute_network/tasks/ssh_firewall.yml
    vars:
    state: deleted

    View Slide

  7. Outside
    • Happens locally (host=localhost connection=local)
    • Build network topology
    • Provision hosts
    • Build/configure platform (e.g. Mesos)
    • Provision containers (if configuring via Ansible)

    View Slide

  8. hosts
    [local]
    localhost ansible_connection=local
    [digital_ocean]
    [google_compute]
    [mesos_masters]
    [mesos_slaves]

    View Slide

  9. group_vars/local.yml
    ---
    knock_sequence: [1983, 1986, 2008, 2015]
    digital_ocean_region_id: 8
    digital_ocean_size_id: 63
    digital_ocean_ssh_key_id: 691840
    gce_network_cidr: 10.240.16.0/24
    google_project_id: stackspace-testing
    google_project_email: 753742230792-
    [email protected]
    google_project_pem: google.pem

    View Slide

  10. Elsewhere
    • Also happens locally (mostly)
    • Add new hosts to in-memory inventory
    • Add new hosts to groups (new or pre-existing)
    • Transfer variables!!!
    • Configure bastion host and SSH connection rules
    (happens remotely on bastion host)
    • Wait for hosts

    View Slide

  11. main.yml
    ---
    - name: provision droplets
    register: droplets
    digital_ocean:
    state: present
    name: ansible-meetup-{{item}}
    unique_name: true
    region_id: '{{ digital_ocean_region_id }}'
    size_id: '{{ digital_ocean_size_id }}'
    image_id: 9801950 # Ubuntu
    ssh_key_ids: '{{ digital_ocean_ssh_key_id }}'
    wait_timeout: 600
    with_items:
    - 1
    - name: wait for droplet SSH
    wait_for: host={{item.droplet.ip_address}} port=22 delay=2 timeout=320 state=started
    with_items: droplets.results
    when: item.changed
    - add_host:
    name: '{{item.droplet.ip_address}}'
    groups: digital_ocean
    needs_bootstrap: '{{ item.changed }}'
    knock_sequence: '{{ knock_sequence }}'
    with_items: droplets.results

    View Slide

  12. Inside
    • “Normal” Ansible stuff here, running on remote
    hosts
    • Install software
    • Configure software
    • Start services

    View Slide

  13. Demo
    Digital Ocean Development Host

    View Slide

  14. A Wrinkle
    • But what about…umm…auto scaling?
    • “Outside” provisions auto scaling groups (e.g.
    AWS)

    View Slide

  15. Auto Scaling
    • “Inside” happens in a separate playbook run, asynchronously
    • Async lifecycle and config options:
    • Ansible Tower (http://www.ansible.com/tower)
    • ansible-pull
    • Manual notification
    • HTTP postback
    • AWS Lifecycle Hooks

    View Slide

  16. Auto Scaling
    • “Elsewhere” actions mostly not necessary
    • Variables must be transferred via some other
    mechanism
    • Environment variables in user data
    • Tower handles this internally
    • POST body

    View Slide

  17. Questions?

    View Slide

  18. Code:
    https://github.com/B23admin/ansible-dc-meetup-2015-03-25
    Slides:
    https://speakerdeck.com/bobbycalderwood/ansible-provisioning-from-the-outside-in

    View Slide