Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Continuous Delivery Workshop with Ansible x GitLab CI (5th)

Chu-Siang Lai
January 12, 2018

Continuous Delivery Workshop with Ansible x GitLab CI (5th)

# DevOps 人一定要知道的持續交付技巧 - Ansible & GitLab CI 實戰演練 (5th)

Ansible 是個與 Puppet, Salt, Chef 並列其四的 Infrastructure as Code 組態設定工具,其簡單易用的特性讓人愛不釋手;GitLab 是業界常見的 Git 私有版本控制服務,搭配其 GitLab CI 更能建立屬於自己的發佈流程。

本次凍仁將藉由工作坊的形式,讓 Agile Tour Taichung 2017 的敏捷鬥士們,在實戰過程中,體驗持續交付和自動化的世界!

* 活動網址: https://www.accupass.com/event/1711280738178163006690
* Wiki: https://gitlab.com/chusiang/continuous-delivery-workshop/wikis/home

#Ansible #GitLab #DevOps #Workshop

Chu-Siang Lai

January 12, 2018
Tweet

More Decks by Chu-Siang Lai

Other Decks in Technology

Transcript

  1. _____________________________
    / DevOps ⼈人⼀一定要 \
    \ 知道的持續交付技巧 /
    -----------------------------
    \
    \ ^__^
    \ (oo)\_______
    (__)\ )\/\
    ||----w |
    || ||
    [ chusiang@AgileTourTaichung ~ ]
    $ cat .profile
    # Author: 凍仁翔 / [email protected]
    # Blog: http://note.drx.tw
    # Modified: 2018-01-13 14:00
    5th

    View full-size slide

  2. 09:20 – 10:10 50 ⼈人跑 Scrum by 王泰瑞
    10:10 – 11:00 有效⾯面對技術債 by 陳⼩小風
    11:25 – 12:40 World Cafe
    14:00 – 17:00
    DevOps ⼈人
    ⼀一定要知道的
    持續交付技巧
    by 凍仁翔
    ⽤用⼾戶故事
    入⾨門⼯工作坊
    by David Ko
    ⽤用桌遊開發
    UX ⼒力力⼯工作坊
    by Nor Chen
    2
    Agile Tour Taichung 2017 2018

    View full-size slide

  3. 4
    關於我
    • 凍仁翔 (@chusiang_lai)。
    • 「凍仁的筆記」部落落客。
    • DevOps Taiwan 志⼯工。
    • 6 年年 IT 維運經驗。

    View full-size slide

  4. Today we use 119
    Docker containers
    in DigitalOcean.

    View full-size slide

  5. Ready?
    要開始了了!
    6

    View full-size slide

  6. 7
    Ready?
    要開始了了!
    3

    View full-size slide

  7. 8
    Ready?
    要開始了了!
    2

    View full-size slide

  8. 9
    Ready?
    要開始了了!
    1

    View full-size slide

  9. 10
    Outline
    1. DevOps ⼈人是什什麼?
    2. 持續交付是什什麼?

    View full-size slide

  10. 11
    Outline
    1. DevOps ⼈人是什什麼?
    2. 持續交付是什什麼?
    3. GitLab 是什什麼?
    4. 怎麼操作 GitLab CI?
    5. 怎麼⽤用 Ansible 和 GitLab CI 進⾏行行持續交付?

    View full-size slide

  11. 12
    Outline
    6. Ansible 是什什麼?
    7. 怎麼部署 Ansible 環境?
    8. 怎麼操作 Ansible?

    View full-size slide

  12. 13
    Outline
    6. Ansible 是什什麼?
    7. 怎麼部署 Ansible 環境?
    8. 怎麼操作 Ansible?
    9. Q & A

    View full-size slide

  13. 14
    Ⅰ. DevOps ⼈人是什什麼?

    View full-size slide

  14. 15
    Infra
    Dev Ops
    ITSM
    DevOps
    狹義的 DevOps 是什什麼?
    ※ 本圖取⾃自許峰於 DevOpsDays Taipei 2017 分享的 DevOps in a value stream - https://youtu.be/qWbcujKw57c?t=9m39s

    View full-size slide

  15. Agile
    Agile 是什什麼?
    16
    Infra
    Dev Ops
    ITSM
    DevOps
    Invest
    Req
    ※ 本圖取⾃自許峰於 DevOpsDays Taipei 2017 分享的 DevOps in a value stream - https://youtu.be/qWbcujKw57c?t=9m39s

    View full-size slide

  16. 廣義的 DevOps 是什什麼?
    17
    Infra
    Dev Ops
    ITSM
    Agile
    Req
    Invest
    Use
    Value
    DevOps
    ※ 本圖取⾃自許峰於 DevOpsDays Taipei 2017 分享的 DevOps in a value stream - https://youtu.be/qWbcujKw57c?t=9m39s

    View full-size slide

  17. 廣義的 DevOps 是什什麼?
    18
    Infra
    Dev Ops
    ITSM
    Agile
    Req
    Invest
    Use
    Value
    DevOps
    ※ 本圖取⾃自許峰於 DevOpsDays Taipei 2017 分享的 DevOps in a value stream - https://youtu.be/qWbcujKw57c?t=9m39s
    DevOps

    View full-size slide

  18. 19
    等 Ops?
    有事 On-call 沒事下班
    Coding
    Dev ⼈人是什什麼?

    View full-size slide

  19. 20
    耗時
    有事救火 沒事 On-call
    敲指令 裝機器
    改什什麼 常忘記
    Ops ⼈人是什什麼?

    View full-size slide

  20. 21
    不⽤用 20 分
    有事 On-call
    Coding
    管機器
    沒事讓 code
    "⾃自⼰己" 管機器
    DevOps ⼈人是什什麼?

    View full-size slide

  21. 22
    Git, GitLab
    GitLab CI
    Ansible
    Docker
    今天⽤用哪些 Tools?

    View full-size slide

  22. 23
    LGPL
    MIT
    GPL
    Apache
    今天⽤用哪些 License?

    View full-size slide

  23. 24
    Ansible
    Chef, Puppet, Slat
    Docker
    AWS, Vagrant
    OpenStack
    GitLab CI,
    Jenkins CI,
    Drone CI
    Git, GitLab
    GitHub
    可以⽤用什什麼 Tools 替代?

    View full-size slide

  24. 《Continuous Delivery》- https://goo.gl/r9vXFg
    持續的、不間斷的、不鬆懈的。
    投遞、傳送、交付、交貨。
    25
    Ⅱ. 持續交付是什什麼?

    View full-size slide

  25. 26
    《Continuous Delivery 中⽂文版》- https://goo.gl/SK745B
    利利⽤用⾃自動化的
    建置、測試與部署
    ,完美創造出可信賴
    的軟體發佈
    - Jez Humble & David Farley

    View full-size slide

  26. 27
    建置
    測試
    發佈
    部署
    ⾃自動化

    View full-size slide

  27. 28
    建置
    測試
    發佈
    部署
    ⾃自動化

    View full-size slide

  28. 29
    建置
    測試
    發佈
    部署
    ⾃自動化

    View full-size slide

  29. 30
    建置
    測試
    發佈
    部署
    ⾃自動化

    View full-size slide

  30. 31
    建置
    測試
    發佈
    部署
    ⾃自動化

    View full-size slide

  31. 32
    建置
    測試
    發佈
    部署
    ⾃自動化

    View full-size slide

  32. Continuous Delivery
    Continuous Deployment
    auto auto manual
    Build Deploy Test Release
    auto auto auto
    Build Deploy Test Release
    33
    持續交付和持續部署有什什麼不同

    View full-size slide

  33. Continuous Delivery
    Continuous Deployment
    auto auto manual
    Build Deploy Test Release
    auto auto auto
    Build Deploy Test Release
    34
    持續交付和持續部署有什什麼不同

    View full-size slide

  34. 導入持續交付的好處是什什麼?
    35

    View full-size slide

  35. 36
    推上 Git server?
    組態設定對了了?
    單元測試過了了?
    Pipeline 過了了?
    真 實 案 例例
    Code 還在本機? R&D:我程式寫完了了!
    我:(哪裡寫完了了?!)

    View full-size slide

  36. 37
    交付 < 5 min
    commit
    即交付
    ⼈人為失誤 ↓
    即早發現
    即早治療
    After

    View full-size slide

  37. R&D:我程式寫完了了! 我:等 CD 過了了再說。
    Code 還在本機?
    推上 Git server?
    組態設定對了了?
    單元測試過了了?
    Pipeline 過了了?
    真 實 案 例例

    View full-size slide

  38. 39
    Amazon - https://goo.gl/visckK
    三步⼯工作法
    Flow、Feedback、Culture。
    《The Phoenix Project》

    View full-size slide

  39. 四種⼯工作類型
    40
    提前預演變更更⼯工作,避免
    每次變更更都成為例例外⼯工作!
    《The Phoenix Project》
    天瓏網路路書店 - https://goo.gl/bRUHq6

    View full-size slide

  40. 41
    Ⅲ. GitLab 是什什麼?

    View full-size slide

  41. 42
    現代化開發平台
    Git Repository、Docker Registry、Issue tracking、Code Review、CI/CD Pipeline
    多個願望⼀一次滿⾜足。

    View full-size slide

  42. https://www.ansible.com/blog/red-hat-ansible-automation-engine-vs-tower
    43
    Ansible × Tower

    View full-size slide

  43. https://www.ansible.com/blog/red-hat-ansible-automation-engine-vs-tower
    GITLAB
    44
    改⽤用 Ansible × GitLab 進⾏行行協作
    CONTROL KNOWLEDGE

    View full-size slide

  44. https://www.ansible.com/blog/red-hat-ansible-automation-engine-vs-tower
    GITLAB
    45
    改⽤用 Ansible × GitLab 進⾏行行協作
    CONTROL KNOWLEDGE
    GitLab CI, Pipeline

    View full-size slide

  45. https://www.ansible.com/blog/red-hat-ansible-automation-engine-vs-tower
    GITLAB
    46
    改⽤用 Ansible × GitLab 進⾏行行協作
    CONTROL KNOWLEDGE
    GitLab
    Web, Issue, Wiki

    View full-size slide

  46. 47
    Pipeline 是什什麼?
    管道 (線)?⽣生產線?傻傻分不清楚?!

    View full-size slide

  47. 48
    《Continuous Delivery》- https://goo.gl/r9vXFg
    書中的 Pipeline 是什什麼?
    Ch 5. 部署流⽔水線解析
    Ch 6. 建置與部署的腳本化
    Ch 7. 提交階段
    Ch 8. ⾃自動化驗測試
    Ch 9. 非功能性需求測試
    Ch 10. 應⽤用程式的部署與發佈

    View full-size slide

  48. 原始
    程式碼
    應⽤用程式
    設置
    提交階段
    編譯
    單元測試
    程式碼分析
    組裝 binaries
    驗收階段
    設置環境
    部署 binaries
    冒煙測試
    驗收測試
    UAT 階段
    設置環境
    部署 binaries
    冒煙測試
    探索性測試
    ⽣生產⼒力力測試階段
    設置環境
    部署 binaries
    冒煙測試
    執⾏行行⽣生產⼒力力測試
    ⽣生產環境
    設置環境
    部署 binaries
    冒煙測試
    版本控制
    ⾃自動發佈
    ⾃自動發佈
    ⼀一鍵發佈
    ⼀一鍵發佈
    Binary 儲存庫
    binaries
    metadata
    程式碼 應⽤用程式設置
    binaries metadata binaries
    binaries
    metadata metadata
    Adapted from “Continuous Delivery” © Dave Farley and Jez Humble 2010
    Translated by Chu-Siang Lai 2017

    View full-size slide

  49. 原始
    程式碼
    應⽤用程式
    設置
    提交階段
    編譯
    單元測試
    程式碼分析
    組裝 binaries
    驗收階段
    設置環境
    部署 binaries
    冒煙測試
    驗收測試
    UAT 階段
    設置環境
    部署 binaries
    冒煙測試
    探索性測試
    ⽣生產⼒力力測試階段
    設置環境
    部署 binaries
    冒煙測試
    執⾏行行⽣生產⼒力力測試
    ⽣生產環境
    設置環境
    部署 binaries
    冒煙測試
    版本控制
    ⾃自動發佈
    ⾃自動發佈
    ⼀一鍵發佈
    ⼀一鍵發佈
    Binary 儲存庫
    binaries
    metadata
    程式碼 應⽤用程式設置
    binaries metadata binaries
    binaries
    metadata metadata
    Adapted from “Continuous Delivery” © Dave Farley and Jez Humble 2010
    Translated by Chu-Siang Lai 2017

    View full-size slide

  50. 原始
    程式碼
    應⽤用程式
    設置
    提交階段
    編譯
    單元測試
    程式碼分析
    組裝 binaries
    驗收階段
    設置環境
    部署 binaries
    冒煙測試
    驗收測試
    UAT 階段
    設置環境
    部署 binaries
    冒煙測試
    探索性測試
    ⽣生產⼒力力測試階段
    設置環境
    部署 binaries
    冒煙測試
    執⾏行行⽣生產⼒力力測試
    ⽣生產環境
    設置環境
    部署 binaries
    冒煙測試
    版本控制
    ⾃自動發佈
    ⾃自動發佈
    ⼀一鍵發佈
    ⼀一鍵發佈
    Binary 儲存庫
    binaries
    metadata
    程式碼 應⽤用程式設置
    binaries metadata binaries
    binaries
    metadata metadata
    Adapted from “Continuous Delivery” © Dave Farley and Jez Humble 2010
    Translated by Chu-Siang Lai 2017
    Build Test
    Deploy Release
    Deploy

    View full-size slide

  51. –王⼤大明
    「在此輸入名⾔言語錄。」
    52
    – Chu-Siang Lai
    「Pipeline 好比⽣生產線,導入⾃自動化後
    ,⾃自然顯現的軟體發佈流程。」

    View full-size slide

  52. 53
    GitLab Pipelines ⼜又是什什麼?
    可視化的軟體發佈⽣生產線。

    View full-size slide

  53. 54
    Ⅳ. 怎麼操作 GitLab CI?
    在專案底下建立 .gitlab-ci.yml,並推送程式碼⾄至 GitLab。

    View full-size slide

  54. 55
    $ vim .gitlab-ci.yml
    1 stages:
    2 - build
    3
    4 build_binary:
    5 image: ubuntu:16.04
    6 stage: build
    7 script:
    8 - chmod 755 penguin-htdocs/DEBIAN
    9 - dpkg -b penguin-htdocs
    10 tags:
    11 - docker
    怎麼寫 .gitlab-ci.yml?
    • YAML 語法。
    • 此例例⼤大致可分為 stage × 1 和 job × 1。











    View full-size slide

  55. 56
    $ vim .gitlab-ci.yml
    1 stages:
    2 - build
    3
    4 build_binary:
    5 image: ubuntu:16.04
    6 stage: build
    7 script:
    8 - chmod 755 penguin-htdocs/DEBIAN
    9 - dpkg -b penguin-htdocs
    10 tags:
    11 - docker
    Stage
    怎麼寫 .gitlab-ci.yml?
    • YAML 語法。
    • 此例例⼤大致可分為 stage × 1 和 job × 1。











    View full-size slide

  56. 57
    $ vim .gitlab-ci.yml
    1 stages:
    2 - build
    3
    4 build_binary:
    5 image: ubuntu:16.04
    6 stage: build
    7 script:
    8 - chmod 755 penguin-htdocs/DEBIAN
    9 - dpkg -b penguin-htdocs
    10 tags:
    11 - docker
    Job
    怎麼寫 .gitlab-ci.yml?
    • YAML 語法。
    • 此例例⼤大致可分為 stage × 1 和 job × 1。











    View full-size slide

  57. 58
    怎麼觸發 GitLab CI?
    $ git push --> GitLab

    View full-size slide

  58. All Pipelines
    59

    View full-size slide

  59. Pipelines #13803169
    60

    View full-size slide

  60. Job #39892610

    View full-size slide

  61. 62
    Ⅴ. 怎麼⽤用 Ansible 和 GitLab CI
    進⾏行行持續交付?

    View full-size slide

  62. 63
    Ansible
    GitLab CI
    Docker

    View full-size slide

  63. 64
    LAB1
    GitLab CI
    使⽤用 Control Machine (Alpine 3.6) + Managed node × 2 (Ubuntu 16.04) 進⾏行行實作。
    透過 GitLab CI 和 Ansible 操控 Managed node

    View full-size slide

  64. 65
    使⽤用者故事
    ⾝身為開發團隊的⼀一員,我想要每次提交
    時,都會依照不同的分⽀支,⾃自動部署到
    不同的環境,並進⾏行行些簡易易的測試,

    因為我們不想程式寫到⼀一半,還要

    下⼀一堆指令,操作⼀一堆機器。

    View full-size slide

  65. 66
    Git server GitLab
    CI server Build Deploy Test
    Engineer
    Develop

    View full-size slide

  66. 67
    Customer
    Git server GitLab
    CI server Build Deploy Test Release
    Engineer
    Master

    View full-size slide

  67. https://hub.docker.com/r/chusiang/ansible/
    0
    68

    View full-size slide

  68. http://s.drx.tw/cd.lab
    1
    69

    View full-size slide

  69. Build stage
    2
    Test
    Deploy Release
    Build

    View full-size slide

  70. Deploy, Test,
    Release stages
    3
    Deploy
    Build Test Release
    71

    View full-size slide

  71. 72
    Customer
    Git server GitLab
    CI server Build Deploy Test Release
    Engineer
    Coding & Git Commit

    View full-size slide

  72. 73
    Customer
    Git server GitLab
    CI server Build Deploy Test Release
    Engineer
    Git Push
    Coding & Git Commit

    View full-size slide

  73. 74
    Customer
    Git server GitLab
    CI server Build Deploy Test Release
    Engineer
    .gitlab-ci.yml

    View full-size slide

  74. $ vim .gitlab-ci.yml
    1 stages:
    2 - build
    3 - deploy
    4 - test
    5 - release
    6
    7 build_binary:
    8 image: ubuntu:16.04
    9 stage: build
    10 script:
    11 # For fix bad permissions of control directory on GitLab CI.
    12 - chmod 755 penguin-htdocs/DEBIAN
    13
    14 # build deb.
    15 - dpkg -b penguin-htdocs
    16 artifacts:
    17 expire_in: 1 week
    18 paths:
    19 - penguin-htdocs.deb
    20 tags:
    21 - docker
    22
    4
    Test
    Deploy Release
    Build
    75

    View full-size slide

  75. 22
    23 deploy_to_dev:
    24 image: chusiang/ansible:alpine-3.6
    25 stage: deploy
    26 script:
    27 - ls
    28 - cd ansible-playbooks/
    29 - echo "${VAULT_KEY}" > secret.txt
    30 - ansible-playbook deploy.yml
    31 - rm -f secret.txt
    32 only:
    33 - master@chusiang/continuous-delivery-workshop
    34 - develop@chusiang/continuous-delivery-workshop
    35 - tags@chusiang/continuous-delivery-workshop
    36 tags:
    37 - docker
    38
    5
    Test
    Deploy Release
    Build
    76

    View full-size slide

  76. 38
    39 test_dev:
    40 image: chusiang/ansible:alpine-3.6
    41 stage: test
    42 script:
    43 - cd ansible-playbooks/
    44 - echo "${VAULT_KEY}" > secret.txt
    45 - ansible-playbook test.yml
    46 - rm -f secret.txt
    47 only:
    48 - master@chusiang/continuous-delivery-workshop
    49 - develop@chusiang/continuous-delivery-workshop
    50 - tags@chusiang/continuous-delivery-workshop
    51 tags:
    52 - docker
    53
    6
    Test
    Deploy Release
    Build
    77

    View full-size slide

  77. 53
    54 release_to_prd:
    55 image: chusiang/ansible:alpine-3.6
    56 stage: release
    57 script:
    58 - cd ansible-playbooks/
    59 - echo "${VAULT_KEY}" > secret.txt
    60 - ansible-playbook -i production deploy.yml
    61 - rm -f secret.txt
    62 only:
    63 - master@chusiang/continuous-delivery-workshop
    64 - tags@chusiang/continuous-delivery-workshop
    65 tags:
    66 - docker
    67 7
    Test
    Deploy Release
    Build
    78

    View full-size slide

  78. 79
    Customer
    Git server GitLab
    CI server Build Deploy Test Release
    Engineer
    .gitlab-ci.yml

    View full-size slide

  79. 80
    Customer
    Git server GitLab
    CI server Build Deploy Test Release
    Engineer
    Package deb file

    View full-size slide

  80. 81
    Customer
    Git server GitLab
    CI server Build Deploy Test Release
    Engineer
    Play deploy.yml

    View full-size slide

  81. 82
    Customer
    Git server GitLab
    CI server Build Deploy Test Release
    Engineer
    Play test.yml

    View full-size slide

  82. 83
    Customer
    Git server GitLab
    CI server Build Deploy Test Release
    Engineer
    Play deploy.yml

    View full-size slide

  83. 84
    Customer
    Git server GitLab
    CI server Build Deploy Test Release
    Engineer
    Feedback

    View full-size slide

  84. 85
    Customer
    Git server GitLab
    CI server Build Deploy Test Release
    Engineer

    View full-size slide

  85. 86
    LAB1
    ① 登入 https://gitlab.com、取得 GitLab 專屬密碼,並 Fork

    http://s.drx.tw/cd.lab。

    ② 取得專案。

    $ git clone [email protected]:/continuous-
    delivery-workshop.git

    ③ 修改 penguin-htdocs/var/www/html/index.html,

    並提交到⾃自⼰己的 repo。

    ④ 發送 MR ⾄至 chusiang/continuous-delivery-workshop。

    ⑤ 觀察 GitLab Pipeline、http://stg.cdws.drx.tw:10080 和

    http://cdws.drx.tw 的變化。

    View full-size slide

  86. 讓 Pipelines ⾶飛⼀一下 ...
    8
    87

    View full-size slide

  87. 88
    Ⅵ. Ansible 是什什麼?

    View full-size slide

  88. 89
    電影海海報 - https://goo.gl/4xftZT
    Ansible 取名⾃自知名⼩小說

    《安德的遊戲》,是
    虛構的超光速宇宙即時通。
    有了了它,我們就可以像安德
    指揮官般操控海海量量伺服器。

    View full-size slide

  89. 90
    iThome - http://goo.gl/yJbWtz
    Ansible ⾃自 2013 年年創立,
    於 2015 年年被 Red Hat 併購。

    View full-size slide

  90. 91
    在 GitHub 上擁有 27,687 顆星星、3,291 位協作者。

    View full-size slide

  91. 92
    Linuxpilot - https://goo.gl/mSxR4E
    Ansible Tower
    更更獲選 Linuxpilot 2017
    Linux & OSS 最佳解決⽅方案

    ,擁有最佳系統⾃自動化管理理
    ⽅方案之名。

    View full-size slide

  92. https://www.ansible.com/blog/red-hat-ansible-automation-engine-vs-tower
    93
    Ansible 和 Tower 有什什麼不同?

    View full-size slide

  93. 94
    1. 與 Puppet、SaltStack、Chef 並列列其四。
    2. Python like 的組態設定⼯工具 (Infrastructure as Code)。
    3. 不需 Agent,有 Python 和 SSH 就可以打天下!
    4. 容易易上⼿手。
    5. 社群強⼤大,有商業公司⽀支援。
    我⼼心中的 Ansible 是什什麼?

    View full-size slide

  94. 95
    Python
    Ansible
    SaltStack
    Ruby
    Chef
    Puppet
    vs

    View full-size slide

  95. 96
    真實案例例
    每週節省 26 hr 的⼯工時。
    (6 x 3) x 2 - (5 x 1) x 2 = 26 hr

    View full-size slide

  96. 97
    0
    350
    700
    1,050
    1,400
    Week Month Year
    104 hr
    26 hr
    1,352 hr
    減少例例⾏行行性⼯工作⼈人⼒力力成本

    View full-size slide

  97. 98
    0
    125,000
    250,000
    375,000
    500,000
    Week Month Year
    $35,360
    $8,840
    $459,680
    節省企業開⽀支

    View full-size slide

  98. 99
    有這類困擾?
    歡迎上 DevOps Taiwan

    找新⼯工作。(誤)
    https://github.com/DevOpsTW/jobs/

    View full-size slide

  99. 100
    Ⅶ. 怎麼配置 Ansible?
    觀念念、安裝、設定

    View full-size slide

  100. 101
    LAB2
    Jupyer
    使⽤用 Control Machine + Managed node × 2 (Ubuntu 16.04 × 3) 環境進⾏行行練習。
    透過 Ansible 和 Jupyter 操控 Managed node

    View full-size slide

  101. 102
    Ansible 是怎麼運作的?
    透過 inventory 定義 Managed node,藉由 SSH 與 Python 進⾏行行溝通。

    View full-size slide

  102. 103
    $ sudo apt install ansible # Debian, Ubuntu.
    $ sudo yum install ansible # RHEL, CentOS.
    $ sudo pip install ansible # Python (pip).
    $ brew install ansible # macOS (homebrew).
    怎麼安裝 Ansible?
    • 只需在 Control Machine (主控端) 安裝 Ansible;
    Managed node 則需 Python 2.5+ 和 SSH。

    View full-size slide

  103. 104
    請於 Jupyter 設置 Ansible 操作環境
    請修改 ansible.cfg 和 inventory 檔案。

    View full-size slide

  104. 105
    $ vim ansible.cfg
    1 [defaults]
    2 inventory = inventory # 指定 inventory 路路徑。
    3
    4 remote_user = docker # 遠端登入的使⽤用者名稱。
    5
    6 #private_key_file = ~/.ssh/id_rsa
    7
    8 host_key_checking = False # 不檢查 ssh ⾦金金鑰。
    怎麼設定 Ansible?
    • 藉由 ansible.cfg 來來設定 inventory (hostsfile) 檔案路路徑、
    Managed node (被控端) 使⽤用者名稱、SSH ⾦金金鑰 … 等。

    View full-size slide

  105. 106
    $ vim inventory
    1 # 此 LAB 為在同⼀一 Host 跑多個 ssh Containers。
    2
    3 [staging]
    4 stg.cdws.drx.tw ansible_ssh_host=cdws.drx.tw
    ansible_ssh_port=10022
    5
    6 [production]
    7 cdws.drx.tw ansible_ssh_host=cdws.drx.tw
    ansible_ssh_port=20022
    inventory 是什什麼?
    • 定義 Managed node (被控端) 位址與群組的主機清冊,

    通常會⽤用來來設定 ssh 或 winrm 的連線資訊。

    View full-size slide

  106. 107
    Ⅷ. 怎麼操作 Ansible?
    Ad-Hoc command, Playbook* (Module)

    View full-size slide

  107. 108
    Ad-Hoc
    commands
    簡短指令

    View full-size slide

  108. 109
    $ ping localhost
    PING localhost (127.0.0.1): 56 data bytes
    64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.037 ms
    --- localhost ping statistics ---
    1 packets transmitted, 1 packets received, 0.0% packet
    loss
    round-trip min/avg/max/stddev = 0.037/0.037/0.037/0.000 ms
    $ echo Hello World
    Hello World
    ⼀一般的 command line 是什什麼?
    • 這裡的 command line 為 Linux Shell 底下的指令操作,
    以下為 ping 和 echo 的操作的結果。

    View full-size slide

  109. ansible [-m module_name] [-a args] [options]
    • host-pattern: all, server1, server1:server2, server_group.
    110
    $ ansible all -m ping
    localhost | SUCCESS => {
    "changed": false,
    "ping": "pong"
    }
    $ ansible all -m command -a "echo Hello World"
    localhost | SUCCESS | rc=0 >>
    Hello World
    # 各個 Module 的詳細說明請參參考官⽅方 All Modules ⽂文件。
    怎麼⽤用 Ad-Hoc commands?

    View full-size slide

  110. 111
    Play

    Ad-hoc commands

    View full-size slide

  111. 112
    Playbooks
    劇本

    View full-size slide

  112. 113
    Baby Playbook Onesie - http://goo.gl/GKJvXn
    Playbooks 是什什麼?
    • 比 Shell Script 更更結構
    化的腳本語⾔言,是⼀一鍵
    部署的好物。
    • 使⽤用 YAML 格式,簡單
    易易讀。

    View full-size slide

  113. 114
    Baby Playbook Onesie - http://goo.gl/GKJvXn
    Playbooks 是什什麼?
    • 通常會有 Play, Task,
    Module 和 handler 等。
    • 整合 Jinja2 的 template
    系統,可使⽤用變數、判
    斷式、迴圈等表達式。

    View full-size slide

  114. 115
    $ vim example.yml
    1 ---
    2 - name: a sample playbook
    3 hosts: all
    4 tasks:
    5 - name: Hello World
    6 command: echo "Hello World"
    7 - name: Install Vim
    8 become: true
    9 apt:
    10 name: vim
    Playbooks 是什什麼?
    • ⼀一份 Playbook 可以有多個 Play、多個 Task 和多個 Module。
    • 此例例⽤用到了了 Play × 1、Task × 2 和 Module × 2 (command, apt)。













    View full-size slide

  115. 116
    $ ansible-playbook example2.yml
    PLAY [a sample playbook.] *******************************************
    TASK [setup]*********************************************************
    ok: [stg.cdws.drx.tw]
    TASK [Hello World] **************************************************
    changed: [stg.cdws.drx.tw]
    TASK [Install Vim] **************************************************
    changed: [stg.cdws.drx.tw] => (item=[u'vim'])
    PLAY RECAP **********************************************************
    stg.cdws.drx.tw : ok=1 changed=2 unreachable=0 failed=0
    • 執⾏行行 playbook。
    Playbooks 是什什麼?

    View full-size slide

  116. 117
    $ ansible-playbook example2.yml
    PLAY [a sample playbook.] *******************************************
    TASK [setup]*********************************************************
    ok: [stg.cdws.drx.tw]
    TASK [Hello World] **************************************************
    changed: [stg.cdws.drx.tw]
    TASK [Install Vim] **************************************************
    changed: [stg.cdws.drx.tw] => (item=[u'vim'])
    PLAY RECAP **********************************************************
    stg.cdws.drx.tw : ok=1 changed=2 unreachable=0 failed=0
    TASK [setup]:被執⾏行行的 managed node 有哪些
    PLAY RECAP:總結 (ok / changed / failed )
    Playbooks 是什什麼?
    • 執⾏行行 playbook。

    View full-size slide

  117. 118
    $ vim example.yml
    1 ---
    2 - name: a sample playbook
    3 hosts: all
    4 tasks:
    5 - name: Hello World
    6 command: echo "Hello World"
    7 - name: Install Vim
    8 become: true
    9 apt:
    10 name: vim
    Play
    • 透過動作 (Play) 對特定 Managed node 進⾏行行操控,通常包含 Task 和 Module。
    • 此例例⽤用到了了 Play × 1、Task × 2 和 Module × 2 (command, apt)。













    Plays 是什什麼?

    View full-size slide

  118. 119
    $ vim example.yml
    1 ---
    2 - name: a sample playbook
    3 hosts: all
    4 tasks:
    5 - name: Hello World
    6 command: echo "Hello World"
    7 - name: Install Vim
    8 become: true
    9 apt:
    10 name: vim
    Task 1
    Task 2
    • 藉由各種不同的模組 (Module)、迴圈和判斷式等組合來來完成各種任務 (Task)。
    • 此例例⽤用到了了 Play × 1、Task × 2 和 Module × 2 (command, apt)。













    Tasks 是什什麼?

    View full-size slide

  119. 120
    $ vim example.yml
    1 ---
    2 - name: a sample playbook
    3 hosts: all
    4 tasks:
    5 - name: Hello World
    6 command: echo "Hello World"
    7 - name: Install Vim
    8 become: true
    9 apt:
    10 name: vim
    Module
    • 最⼩小的操作⽅方法 (Method),好比 Python 的內建函式。
    • 此例例⽤用到了了 Play × 1、Task × 2 和 Module × 2 (command, apt)。













    Modules 是什什麼?

    View full-size slide

  120. 121
    http://s.drx.tw/auto-with-ansible-12

    View full-size slide

  121. 122
    # 更更新套件索引 (快取),等同於 apt-get update 指令。
    - name: Update repositories cache
    become: true
    apt:
    update_cache: yes
    # 安裝 vim 套件。
    - name: Install the package "vim"
    become: true
    apt:
    name: vim
    state: present
    apt
    • 適⽤用於 Debian、Ubuntu 的 apt 套件模組 (Packaging Modules)。
    • 類似的 Linux 指令有 apt、apt-get、aptitude 和 dpkg。












    View full-size slide

  122. 123
    # Before 2.3, option 'dest', 'destfile' or 'name' was used instead of ‘path'.
    # 關閉 SELinux。
    - name: disable selinux
    lineinfile:
    path: /etc/selinux/config
    regexp: '^SELINUX='
    line: 'SELINUX=enforcing'
    # 移除 docker 使⽤用者的 sudo 權限。
    - name: remove sudo permission of docker
    lineinfile:
    path: /etc/sudoers
    state: absent
    regexp: '^docker'
    lineinfile
    • ⽤用正規表⽰示式對檔案進⾏行行插入或取代⽂文字的檔案模組 (Files Modules)。
    • 其類似的 Linux 指令為 sed。












    View full-size slide

  123. 124
    # 藉由 ls 和 wc 檢查檔案數量量。
    - name: check files number
    shell: ls /home/docker/ | wc -l
    # 列列出所有的 Python ⾏行行程。
    - name: show all python process
    shell: ps aux | grep python
    # 執⾏行行 shell script,並把結果導向 /tmp/result.log。
    - name: execute run.sh
    shell: ./run.sh > /tmp/result.log
    shell
    • 在遠端⽤用 /bin/sh 執⾏行行 shell 指令的指令模組 (Commands Modules),⽀支援變數
    (variables)、<、> 、|、; 和 & 等運算。












    View full-size slide

  124. 125
    Play Playbooks

    View full-size slide

  125. LAB1 Playbooks
    126

    View full-size slide

  126. 127
    Setup = Provision + Deploy
    Provision
    Deploy
    Setup = +

    View full-size slide

  127. $ vim setup.yml
    1 ---
    2 # Provision
    3 - name: import provision playbook
    4 import_playbook: provision.yml
    5
    6 # Deployment
    7 - name: import deployment playbook
    8 import_playbook: deploy.yml
    Setup
    Deploy
    Setup
    > Setup : Deploy = 100% : 20%
    > Provision : Deploy = 80% : 20%
    128

    View full-size slide

  128. $ vim provision.yml
    1 ---
    2 - name: ==> Setup ...
    3 hosts: all
    4 become: true
    5 tasks:
    6 # like 'apt update'.
    7 - name: update apt repo cache
    8 apt:
    9 update_cache: yes
    10
    11 # like 'apt install nginx'.
    12 - name: install nginx with apt
    13 apt:
    14 name: nginx
    15 state: present
    16
    17 # like 'service nginx start'.
    18 - name: start nginx
    19 service:
    20 name: nginx
    21 state: started
    Provision

    View full-size slide

  129. 130
    $ vim deploy.yml
    1 ---
    2 - name: ==> Deploying ...
    3 hosts: all
    4 become: true
    5 tasks:
    6 # like 'apt remove penguin-htdocs'.
    7 - name: uninstall penguin-htdocs
    8 apt:
    9 name: penguin-htdocs
    10 state: absent
    11
    12 # like 'apt-get install nginx'.
    13 - name: copy penguin-htdocs package to managed node
    14 copy:
    15 src: ../penguin-htdocs.deb
    16 dest: /tmp/
    17
    18 # like 'apt install /tmp/penguin-htdocs.deb'.
    19 - name: install penguin-htdocs
    20 apt:
    21 deb: /tmp/penguin-htdocs.deb
    Deploy

    View full-size slide

  130. 131
    $ vim push_ssh_pub_key.yml
    1 ---
    2 - name: ==> push the ssh public key ...
    3 hosts: all
    4 become: true
    5 vars:
    6 username: docker
    7 tasks:
    8 - name: create ssh key directory
    9 file:
    10 path: '/home/{{ username }}/.ssh/‘
    11 state: directory
    12 owner: '{{ username }}'
    13 group: '{{ username }}'
    14 mode: 0700
    15
    16 - name: set authorized key took from file
    17 authorized_key:
    18 user: '{{ username }}’
    19 state: present
    20 key: "{{ lookup('file', 'files/id_rsa.pub') }}"
    Push SSH
    Key

    View full-size slide

  131. 132
    More Playbooks ..
    • Ansible Role: Install Vim and use vi-mode in everyway 

    - https://github.com/chusiang/vim-and-vi-mode.ansible.role
    • Ansible Role: PHP 7 (php-fpm) for Nginx on Ubuntu and
    CentOS

    - https://github.com/chusiang/php7.ansible.role
    • Ansible Galaxy

    - https://galaxy.ansible.com/
    • Code samples from 《Ansible: Up and Running》

    - https://github.com/ansiblebook/ansiblebook

    View full-size slide

  132. 133
    今天玩到了了什什麼?

    View full-size slide

  133. 134
    LAB1
    GitLab CI
    使⽤用 Control Machine (Alpine 3.6) + Managed node × 2 (Ubuntu 16.04) 進⾏行行實作。
    透過 GitLab CI 和 Ansible 操控 Managed node

    View full-size slide

  134. LAB1 x AWS - https:/
    /youtu.be/QHim_JxB4ZY
    135

    View full-size slide

  135. 136
    LAB2
    Jupyer
    使⽤用 Control Machine + Managed node × 2 (Ubuntu 16.04 × 3) 環境進⾏行行練習。
    透過 Ansible 和 Jupyter 操控 Managed node

    View full-size slide

  136. $ docker pull \

    chusiang/ansible-jupyter:ubuntu-16.04

    View full-size slide

  137. 138
    LAB2
    ① 建立 Control Machine。

    $ docker run -Pd chusiang/ansible-jupyter:ubuntu-16.04

    ② 建立 Managed node × 2。

    $ docker run -Pd \

    chusiang/ansible-managed-node:ubuntu-16.04

    $ docker run -Pd \

    chusiang/ansible-managed-node:ubuntu-16.04

    ③ 查看 Managed node 的 ssh port。

    $ docker ps

    CONTAINER ID IMAGE ...... STATUS PORTS NAMES

    View full-size slide

  138. 139
    LAB2
    ④ 編輯 inventory。

    ⑤ 玩⼆二下 Ad-hoc commands。

    ⑥ 玩⼀一下 Playbooks。

    View full-size slide

  139. 140
    Ansible on Jupyter

    View full-size slide

  140. 持續交付是⼀一段⼈人類與企業的進化史
    141
    Unit Test Integration Test Delivery Deployment
    Build
    Syntax Check
    Unit Test Delivery Deployment
    Build
    Syntax Check
    Unit Test
    Delivery Deployment
    Build
    Syntax Check
    Delivery Deployment
    Build
    Syntax Check
    Build
    Syntax Check
    Build

    View full-size slide

  141. 142
    今天提的 DevOps 是什什麼?

    View full-size slide

  142. 143
    ※ 此圖出⾃自 Chen Cheng-Wei 的 Effective DevOps 簡報 (https://www.slideshare.net/warfan/effective-devops-78979993)。

    View full-size slide

  143. 144
    • DevOps ⼈人⼀一定要知道的持續交付技巧 - Ansible & GitLab CI 實戰演練 (3rd) - https://goo.gl/6o96kf
    • Continuous Delivery Workshop Lab - http://s.drx.tw/cd.lab
    • 提到 DevOps 到底在談些什什麼玩意兒? by Chen Cheng-Wei - https://goo.gl/7YTeKD
    • Continuous Delivery - 敏捷開發的最後⼀一哩路路 by Miles - https://goo.gl/UhpAfG
    • Always Agile Consulting · Introducing Continuous Delivery - https://goo.gl/2Nhtcr
    • Ansible Documentation - http://docs.ansible.com/ansible/intro_installation.html
    • 《Ansible: Up and Running》- https://www.ansible.com/ansible-book
    • 現代 IT ⼈人⼀一定要知道的 Ansible ⾃自動化組態技巧 / 3e - https://goo.gl/vHyVDt
    • 現代 IT ⼈人⼀一定要知道的 Ansible ⾃自動化組態技巧系列列⽂文章 - https://goo.gl/EOjs4I
    參參考⽂文獻

    View full-size slide

  144. 145
    圖片來來源
    • 《Continuous Delivery》 | Amazon.com - https://www.amazon.com/dp/0321601912
    • 《Continuous Delivery 中⽂文版》 | 天瓏網路路書店 - https://goo.gl/SK745B
    • DevOps Services & Continuous Delivery - https://goo.gl/jswxch
    • 《The Phoenix Project》 | Amazon.com - https://goo.gl/visckK
    • Resenha: Harry Potter e a Pedra Filosofal, de J.K. Rowling | Acrobata das Letras

    - https://goo.gl/R34tSA
    • Brown Book Icon | SoftIcons.com - https://goo.gl/U9U2am
    • 5 CI/CD Strategies for Faster Software Deployments and Better Automation | snap

    - https://goo.gl/UZPf5e

    View full-size slide

  145. 146
    嚴禁拍打餵食
    Q & A

    View full-size slide

  146. https://fb.me/groups/agile.kaohsiung/
    https://fb.me/AgileTourHsinchu/
    https://fb.me/groups/AgileNeihu/
    147
    https:/
    /fb.me/AgileCommunity.tw
    https://fb.me/AgileTourTaichung/

    View full-size slide

  147. DevOps Taiwan
    148
    https://t.me/devopstw
    https://fb.me/groups/DevOpsTaiwan/
    https://devopstw.club/

    View full-size slide

  148. Ansible Taiwan
    149
    https://t.me/ansible_tw
    https://github.com/ansible-tw
    http://ansible.tw

    View full-size slide

  149. 150
    http://萍⽔水相逢.tw

    View full-size slide

  150. _____________________________
    /          \
    \           /
    -----------------------------
    \
    \ ^__^
    \ (oo)\_______
    (__)\ )\/\
    ||----w |
    || ||
    [ chusiang@AgileTourTaichung ~ ]
    $ cat .profile
    # Author: 凍仁翔 / [email protected]
    # Blog: http://note.drx.tw
    # Modified: 2018-01-13 14:00
    END

    View full-size slide

  151. 152
    ansible-console
    REPL console for
    executing Ansible tasks

    View full-size slide

  152. ansible-console [] [options]
    • host-pattern: all, server1, server1:server2, server_group.
    153
    $ ansible --become
    Vault password:
    Welcome to the ansible console.
    Type help or ? to list commands.
    jonny@all (1)[f:5]# ping
    ubuntu1604 | SUCCESS => {
    "changed": false,
    "ping": "pong"
    }
    jonny@all (1)[f:5]#
    怎麼⽤用 ansible-console?

    View full-size slide