現代 IT 人一定要知道的 Ansible 自動化組態技巧 Ⅱ - Roles & Windows

[ [email protected] ~ ] $ cat .proﬁle
# Author: 㲺Ռᗼ / chusiang.lai (at) gmail.com
# Blog: http://note.drx.tw
# Modiﬁed: 2016-07-16 01:23
Ⅱ

View Slide

౯ฎ抑牫
• 㲺Ռᗼ (@chusiang_lai)牐
• 4 ଙ犥Ӥ IT 妿涢牐
• Ansible 䋿䜗拻璤 4e. 䋊㹓牐
• ෝ Galaxy 獤Ձጱ Roles物
• php7 (php-fpm)
• vim-and-vi-mode
• win_vim
• zabbix-agent
2

View Slide

ࣖ绐㾏
ᥝ樄তԧ牦
3

View Slide

Outline
I. Roles ฎՋ讕牫
4

View Slide

Outline
II. ெ讕ֵአ Roles牫
5

View Slide

Outline
III. Windows Support ฎՋ讕牫
6

View Slide

Outline
IV. ெ讕蟂ᗟ Ansible ᓕ Windows 絑ह牫
7

View Slide

Outline
V. ெ讕አ Ansible ᓕ Windows牫
8

View Slide

Outline
V. ெ讕አ Ansible ᓕ Windows牫
VI. Q & A
9

View Slide

Ⅰ. Roles ฎՋ讕牫
10

View Slide

Scaling Up
Your Playbooks
-̽Ansible: Up and Running̾
Safari Books Online - https://goo.gl/dxoGSb

View Slide

– chusiang
̿ Roles ݢ犥褔犵 Playbooks ጱ蕦褾௔
牧ๅݢ犥ीے Playbooks ጱݢአ௔牐̀

View Slide

Roles ฎՋ讕牫
• ਁᶎӤጱ఺௏ฎ薫ᜋ牧ٌ獊ݷ
傶 Playbook Roles牐
• 疥 Playbook 獤獹౮ग़㮆෈կ
ጱ (ು虡玕) ੗蕕戔懯牐
• অ穉 Python ጱ Packages牐ֵ
አ Roles ౯㮉ݢ፜݄᯿蝨斪ৼ
ጱ碻樌牧簁盅൉෱ӥ紑牦
Ansible Docs - http://goo.gl/mV6ToX
13

View Slide

Playbooks ฎՋ讕牫
• Ӟ棎蟂ᗟጱ䔶य़ྎ瑊牧穉 Shell
Script ๅٍ奾䯤玕ጱ脻๜承
᥺牐
• ֵአ YAML ໒ୗ牧䌃 code 疰
ইݶ䌃෈կ牧墋㻌ฃ捝牐
• ݢֵአ Jinja2 (template 羬翄)
蔭螈ୗ牧㪔ඪൔ虋碍牏ڣ䥁ୗ 
牏蝅瑹 ... 缛承ဩ牐
Baby Playbook Onesie - http://goo.gl/GKJvXn
14

View Slide

15
Playbook Roles Playbooks
v.s.
[ [email protected] ~/playbook-role ]$ tree -L 3
.
!"" LICENSE
!"" README.md
!"" ......
!"" ansible.cfg
!"" group_vars
# %"" windows.yml
!"" requirements.yml
!"" roles
# %"" chusiang.win_vim
# !"" LICENSE
# !"" README.md
# !"" ......
# !"" tasks
# %"" templates
!"" setup.yml
!"" staging
%"" templates
%"" check_vim_version.bat.j2
[ [email protected] ~/playbook ]$ tree -L 3
.
!"" LICENSE
!"" README.md
!"" ......
!"" ansible.cfg
!"" defaults
# %"" main.yml
!"" group_vars
# %"" windows.yml
!"" setup.yml
!"" staging
!"" tasks
# !"" main.yml
# %"" use-msi.yml
%"" templates
%"" check_vim_version.bat.j2

View Slide

Ⅱ. ெ讕ֵአ Roles牫
矾疨牏ਞ蕕牏ڡত玕
16

View Slide

Terminal
and
17
Galaxy

View Slide

Galaxy
18

View Slide

https://galaxy.ansible.com

View Slide

View Slide

23
$ ansible-galaxy ̍

View Slide

ெ讕矾疨 Roles牫
24
# ansible-galaxy [delete|import|info|init|install|list|login|remove|search|setup]
[--help] [options] ...
$ ansible-galaxy search win_vim
Found 11 roles matching your search:
Name Description
---- -----------
chusiang.win_vim Install Vim and on Windows.
mingraham.win_import_pfx_cert Imports pfx certs to windows machine with pr
alban.andrieu.windows A role for installing windows
ypid.wine Setup and manage Wine for running MS Windows
trondhindenes.win_reboot A role to manage reboots on Windows nodes. T
kafecho.windows-couchdb Ansible role to deploy Apache CouchDB 1.6.1
cchurch.win-ec2 Create and destroy Windows instances on EC2.
shrikeh.pagerduty-maintenance-windows Ansible role to create PagerDuty scheduled m
peterszatmary.xfce Installs the XFCE window manager and lightdm
JamesSmaldon.xfce Installs the XFCE window manager and lightdm
deekayen.tls Host more secure communications for services
(END)

View Slide

ெ讕ਞ蕕 Roles牫
25
$ ansible-galaxy install chusiang.win_vim
- downloading role 'win_vim', owned by chusiang
- downloading role from https://github.com/chusiang/win_vim.ansible.role/
archive/1.0.5.tar.gz
- extracting chusiang.win_vim to /usr/local/etc/ansible/roles/chusiang.win_vim
- chusiang.win_vim was installed successfully
$ ansible-galaxy install -f -p roles chusiang.win_vim
- downloading role 'win_vim', owned by chusiang
- downloading role from https://github.com/chusiang/win_vim.ansible.role/
archive/1.0.5.tar.gz
- extracting chusiang.win_vim to roles/chusiang.win_vim
- chusiang.win_vim was installed successfully
ெ讕螲ਞ蕕 Roles 螲ᛔ懪 Roles ֖ᗝ牫

View Slide

ெ讕ڡত玕 Roles牫
26
$ ansible-galaxy init new_role
- new_role was created successfully
$ tree new_role/
new_role/
!"" README.md
!"" defaults
# %"" main.yml
!"" files
!"" handlers
# %"" main.yml
!"" meta
# %"" main.yml
!"" tasks
# %"" main.yml
!"" templates
!"" tests
# !"" inventory
# %"" test.yml
%"" vars
%"" main.yml
https://galaxy.ansible.com/intro

View Slide

Ⅲ. Windows Support ฎՋ讕牫
27

View Slide

Ansible Docs - http://goo.gl/jm8lpl
28
ࣁਥො෈կӾ牧
磪㮆ᒍ℄䌕槹ࣁ藯 ...

View Slide

29
ࣁਥො෈կӾ牧
磪㮆ᒍ℄䌕槹ࣁ藯 ...
ெ讕አ Ansible ᓕ Windows牦

View Slide

Ansible ℂ 1.7 樄তඪൔ
Windows Managed node牐
30

View Slide

Ansible 2.0 䌘 Windows
Managed node ጱඪൔଶ
य़ଏ൉܋牐
jhawkesworth - http://goo.gl/5C4mrc
31

View Slide

Ansible ெ讕ᓕ Windows牫
蝚螂 inventory ਧ嬝 Managed node牧㪔萞ኧ WinRM (౲ SSH) 膏 PowerShell 蝱ᤈ传蝢牐
32

View Slide

Ansible ெ讕ᓕ Unix-like牫
蝚螂 inventory ਧ嬝 Managed node牧㪔萞ኧ SSH 膏 Python 蝱ᤈ传蝢牐
33

View Slide

Unix-like node
SSH
Python
Windows node
WinRM, SSH
PowerShell

View Slide

Ⅳ. ெ讕蟂ᗟ Ansible ᓕ Windows 絑ह牫
ਞ蕕牏戔ਧ

View Slide

ெ讕蟂ᗟ Control Machine牫
• ਞ蕕 ansible ޾ pywinrm牐
39
# Reference: 
#  
# http://docs.ansible.com/ansible/intro_windows.html#installing-on-the-
control-machine 
 
# Debian & Ubuntu (propose).
$ sudo apt-get install ansible
# Mac OS X (propose).
$ sudo brew install ansible
# Python.
$ sudo pip install ansible
# pywinrm (need).
$ sudo pip install "pywinrm>=0.1.1"

View Slide

ெ讕蟂ᗟ Managed node牫
珸አ WinRM ๐率牏ਞ蕕 PowerShell 3.0+牏橕樂 UAC

View Slide

1. 獮ஃ Windows Support ෈կ殷ᶎ牐

View Slide

2. 讨䢗 Windows System Prep 蝫奾牐

View Slide

3. 讨䢗 this PowerShell script 蝫奾牐

View Slide

4. 讨䢗 Raw 蝫奾牐

View Slide

5. ݚਂ ConﬁgureRemotingForAnsible.ps1 ౮碝䲆牐

View Slide

6. ֵአᓕቘᘏ稗褖樄珸 PowerShell牐

View Slide

7. ֵአᓕቘᘏ稗褖䁆ᤈ ConﬁgureRemotingForAnsible.ps1牐
R

View Slide

8. 舙 Script 磪 UAC 稗褖㺔氂牧藶ض薹森 (Unblock) ٚ䁆ᤈ牐

View Slide

9. 舙翕᪠磪㺔氂牧藶硬አᐺՈ翕᪠ (Private network)牐

View Slide

$ winrm quickconfig -q
$ winrm set winrm/config/winrs @{MaxMemoryPerShellMB="512"}
$ winrm set winrm/config @{MaxTimeoutms="1800000"}
$ winrm set winrm/config/service @{AllowUnencrypted="true"}
$ winrm set winrm/config/service/auth @{Basic="true"}
$ sc config WinRM start= auto
10. 螭磪㺔氂牫藶አᓕቘᘏ稗褖樄珸޸ڜ൉纈ਁز牧㪔䁆ᤈ犥Ӥ 6 ᤈ牐
C:\ ̍

View Slide


View Slide

Windows 8, 10牏Server 2012 ૪獉ୌ PowerShell 3.0+牐

View Slide

Windows 7牏Server 2008 R2 襑ಋ㵕ਞ蕕 PowerShell 3.0牐

View Slide


View Slide

(螡殻) 舙๚؊አ UAC牧ݢ胼䨝蝨౮蟂犩 tasks ᤩӾ䥁牐

View Slide

ெ讕戔ਧ Ansible牫
• 萞ኧ ansible.cfg 㬵戔ਧ inventory (host ﬁle) 䲆礯᪠䕩牏
Managed node (ᤩ矒ᒒ) ֵአᘏݷ圸牏SSH ᰂ槄 … 缛牐
56
$ vim ansible.cfg
[defaults]
# 瞲ਧ inventory 䲆礯᪠䕩牐
hostfile = staging
# 螐ᒒֵአᘏݷ圸
remote_user = vagrant
# host_key_checking: 犋扇㺔ے獈 ssh ᰂ槄
#host_key_checking = False

View Slide

inventory ฎՋ讕牫
• Ԇᥝአ㬵ਧ嬝 Managed node (ᤩ矒ᒒ) Ԇ秚֖࣎膏ᗭ奲牧
犖ݢአ㬵戔ਧ WinRM 蝫娄虻懱牐
57
$ vim staging
# ansible_host: 螐ᒒԆ秚֖࣎牐
# ansible_port: 螐ᒒओݗ (Port)牐
# ansible_user: 螐ᒒֵአᘏݷ圸牐
# ansible_pass: 螐ᒒੂ嘨 (ୌ捍硬አᐺ槄)牐
[local]
win10.local ansible_host=127.0.0.1 ansible_user=IEUser
ansible_password=Passw0rd! ansible_port=55986

View Slide

inventory ฎՋ讕牫
• ࣁ矒ᓕ Windows Managed node 獮牧౯㮉螭襑戔ਧ蝡犚
inventory 虋碍牐
58
$ vim group_vars/windows.yml
---
# windows support
#################
ansible_connection: winrm
ansible_port: 5986
# The following is necessary for Python 2.7.9+ when using \
# default WinRM self-signed certificates:
ansible_winrm_server_cert_validation: ignore

View Slide

Ⅴ. ெ讕አ Ansible ᓕ Windows牫
Ad-Hoc command, Playbooks x Roles

View Slide

Ad-Hoc command
60
Playbooks x Roles

View Slide

ெ讕አ Ad-Hoc command ᓕ Windows牫
• -m 盅ጱݱ殻㷢碍藶㷢ᘍਥො෈կ ҆ Windows Modules 
牧ඪൔ Windows ጱ Module य़ग़傶 win 樄毣牐
61
# ansible -m -a -a
$ ansible all -m win_ping
win10.local | SUCCESS => {
"changed": false,
"ping": "pong"
}
$ ansible all -m raw -a "echo Hello World"
win10.local | SUCCESS | rc=0 >>
Hello World

View Slide

ெ讕አ Playbooks ޾ Roles ᓕ Windows牫
62
$ vim setup.yml
---
- hosts: all
roles:
- chusiang.win_vim
tasks:
- name: copy check vim version file
win_template:
src: 'templates/check_vim_version.bat.j2'
dest: '{{ tmp_path }}\check_vim_version.bat'
when: ansible_os_family == "Windows"
- name: check vim version
raw: '{{ tmp_path }}\check_vim_version.bat'
register: vim_version
- name: print vim version
debug:
msg: "{{ vim_version }}"

View Slide

63
$ vim setup.yml
---
- hosts: all
roles:
- chusiang.win_vim
tasks:
win_template:
debug:
Play

View Slide

64
$ vim setup.yml
---
- hosts: all
roles:
- chusiang.win_vim
tasks:
win_template:
debug:
role1: chusiang.win_vim
task1: copy script
to remote.
task2: run script.
task3: print stdout.

View Slide

65
$ vim setup.yml
---
- hosts: all
roles:
- chusiang.win_vim
tasks:
win_template:
debug:
Module

View Slide

66
$ ansible-playbook setup.yml
PLAY [all] *********************************************************************
TASK [setup] *******************************************************************
ok: [win10.local]
TASK [chusiang.win_vim : Create temp directory] ********************************
ok: [win10.local]
TASK [chusiang.win_vim : delegate to 'msi' system for installation] ************
included: /Users/jonny/vcs/9.demo/studyarea1607-ansible-demo/roles/
chusiang.win_vim/tasks/use-msi.yml for win10.local
TASK [chusiang.win_vim : get vim.msi on windows] *******************************
changed: [win10.local]
TASK [chusiang.win_vim : install vim with msi] *********************************

View Slide

67
TASK [copy check vim version file] *********************************************
TASK [check vim version] *******************************************************
ok: [win10.local]
TASK [print vim version] *******************************************************
ok: [win10.local] => {
"msg": {
"changed": false,
"rc": 0,
"stderr": "",
"stdout": "\r\nC:\\Users\\IEUser>\"C:\\Program Files (x86)\\vim\\vim74\
\vim.exe\" --version \r\nVIM - Vi IMproved 7.4 (2013 Aug 1
......
]
}
}
PLAY RECAP *********************************************************************
win10.local : ok=8 changed=3 unreachable=0 failed=0

View Slide

68
TASK [copy check vim version file] *********************************************
TASK [check vim version] *******************************************************
ok: [win10.local]
TASK [print vim version] *******************************************************
ok: [win10.local] => {
"msg": {
"changed": false,
"rc": 0,
"stderr": "",
"stdout": "\r\nC:\\Users\\IEUser>\"C:\\Program Files (x86)\\vim\\vim74\
\vim.exe\" --version \r\nVIM - Vi IMproved 7.4 (2013 Aug 1
......
]
}
}
PLAY RECAP *********************************************************************
win10.local : ok=8 changed=3 unreachable=0 failed=0
者奾

View Slide

箛 ێ 疻纈
Live Demo
69

View Slide

https://youtu.be/wZLT1B_uh9Q

View Slide

https://github.com/chusiang/studyarea1607-ansible-demo

View Slide

ெ讕螨樄 Windows Playbooks ᪠䕩瑿襊牫
1. ֵአ key:value 䌃ဩ䨝穉 key=value ੝᪴讨襊牧盅ᘏ犋碻䨝蝽
ک᪠䕩 (PATH) 篷ဩ蜣蘷㺔氂牐
2. 螨عࣁྯᤈጱ奾ੲֵአ \牐
3. 舙蝽ک \ ݢֵአ \\ 㬵磦դ牧ࢩ傶 Windows ܻض疰䨝蝡䰬薹ຉ
᪠䕩牐
4. 粬ྛᒧ蒈薹ຉ磪藮牫藶ض䌃অ瞙稞䲆牧㯽䲆盅 (win_copy,
win_template) ٚ䁆ᤈ (raw)牐ֺ物`C:\Program Files (x86)`牐
5. ࣁ Playbooks 愊牧/ 狶傶᪠䕩ጱ獤ᵍᒧ蒈ฎ磪硳ጱ牐

View Slide

73
ଉአጱ Windows Module 磪ߺ犚牫

View Slide

1. raw: Executes a low-down and dirty SSH command.
2. win_copy: Copies files to remote locations on windows
hosts.
3. win_file: Creates, touches or removes files or directories.
4. win_get_url: Fetches a file from a given URL.
5. win_lineinfile: Ensure a particular line is in a file, or
replace an existing line using a back-referenced regular
expression.

View Slide

6. win_msi: Installs and uninstalls Windows MSI files.
7. win_ping: A windows version of the classic ping
module.
8. win_reboot: Reboot a windows machine.
9. win_stat: returns information about a Windows file.
10.win_template: Templates a file out to a remote server.

View Slide

Q & A
瑥纔ೌ಑訤觬
76

View Slide

㷢ᘍ෈糽
A. ̽Ansible: Up and Running̾- https://www.ansible.com/ansible-book
B. Windows Support | Ansible Docs - http://docs.ansible.com/ansible/intro_windows.html
C. Ansible 2.0 and Windows | AnsibleFest London 2016 - https://goo.gl/OmScaQ
D. Ansible 䋿䜗拻璤 - http://get.soft-arch.net/ansible/
E. 亮藳 Ansible by sakana / Max - https://goo.gl/gR0dox
F. 匍դ IT ՈӞਧᥝᎣ螇ጱ Ansible ᛔ㵕玕奲眲ದૣ | 㲺Ռጱ執懿 - http://goo.gl/JXqlez
G. 樄তአ Ansible ᓕቘ Windows | @metavige - https://goo.gl/F79v1N
H. Create A Vagrant Windows Base Box | Smalltown Tech Blog - https://goo.gl/rcy3tT
I. Issues · ansible/ansible | GitHub - https://github.com/ansible/ansible/issues
77
Free

View Slide

瑽粙㬵რ
a. Blasts Off Space Rocket From Cosmodrom In The Clouds, Polygonal Stock
Illustration | dreamstime - http://goo.gl/6FAuiQ
b. 㾴疑瑿ቘ褾扮 - http://www.ngtaiwan.com
c. Avatar, business, company, group, manager, people, users icon | Icon search engine 
- https://goo.gl/Hm6ScX
d. A Galaxy Just Appeared Out of Nowhere - http://goo.gl/ND2Jwb
e. PowerShell Gallery | azure-sdk - https://goo.gl/bES4Ba
f. Brown Book Icon - someBooks Icons - SoftIcons.com - http://goo.gl/IDb4jp
g. Deployment of Symfony2 applications with Ansible - ServerGroveServerGrove 
- http://blog.servergrove.com/2014/04/01/deployment-symfony2-applications-ansible/
78

View Slide

ૡ珶๐率
79

View Slide

80
.tw

View Slide

http://mopcon.org

View Slide

https://gitter.im/DevOpsTW/
https://devopstaiwan.slack.com/
DevOps Taiwan
https://www.facebook.com/groups/DevOpsTaiwan/

View Slide

現代 IT 人一定要知道的 Ansible 自動化組態技巧 Ⅱ - Roles & Windows

現代 IT 人一定要知道的 Ansible 自動化組態技巧 Ⅱ - Roles & Windows

Chu-Siang Lai

More Decks by Chu-Siang Lai

Other Decks in Technology

Featured

Transcript