Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Real World Orchestration with Ansible

Real World Orchestration with Ansible

Presented at the PHP user group Munich, October meetup

Erika Heidi

October 28, 2015
Tweet

More Decks by Erika Heidi

Other Decks in Programming

Transcript

  1. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 Real World Orchestration with Ansible
  2. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 Table of Contents i. Ansible Overview ii.Hands-on: Ansible + Vagrant iii. Standalone Ansible iv. Going Multistage v. Tips&Tricks
  3. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 Ansible • Simple and straightforward language (YAML) • Agentless Architecture • Huge collection of built-in modules • Great community, very popular on Github - 13k+ stars and almost 4k forks
  4. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 Playbook Example --- - hosts: all sudo: true tasks: - name: Update apt-cache apt: update_cache=yes - name: Install Nginx apt: pkg=nginx state=latest
  5. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 Playbook Resources • Variables • Loops • Conditionals • Templates • Ansible Vault
  6. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 Ansible + Vagrant #Vagrantfile Vagrant.configure("2") do |config| config.vm.box = "ubuntu/trusty64" config.vm.network "forwarded_port", guest: 80, host: 8080 config.vm.provision "ansible" do |ansible| ansible.playbook = "demo.yml" end end
  7. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 Playbook --- - hosts: all sudo: true vars: packages: ["nginx", "php5-fpm"] tasks: - name: Update apt-cache apt: update_cache=yes - name: Install Packages apt: pkg={{ item }} state=latest with_items: packages - name: Change Nginx Vhost File template: src=default.tpl dest=/etc/nginx/sites- available/default notify: restart nginx handlers: - name: restart nginx service: name=nginx enabled=yes state=restarted
  8. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 Inventories #/etc/ansible/hosts [production] erikaheidi.com dev-human.com imanee.io [testing] 178.62.192.53 95.85.35.248 178.62.221.111 [webservers:children] production testing
  9. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 ad-hoc commands $ ansible [-i inventory] group|host -m module -a “args|command”
  10. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 ad-hoc commands $ ansible [-i inventory] group|host -m module -a “args|command”
  11. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 ad-hoc commands $ ansible [-i inventory] group|host -m module -a “args|command”
  12. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 Running Playbooks ansible-playbook [-i inventory] [-l group|host] playbook.yml
  13. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 Inventory Files #inventories/dev [web-dev] 192.168.33.33 One per environment to avoid mistakes when running the playbook! #inventories/test [web-test] 178.62.192.53 #inventories/prod [web-prod] myhost.io
  14. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 Group Vars #group_vars/web-prod.yml project_root: /var/www doc_root: /var/www/web sys_packages: ["vim","fail2ban"] #group_vars/web-dev.yml project_root: /vagrant doc_root: /vagrant/web #group_vars/all.yml sys_packages: ["vim"] php_packages: ["php5-cli","php5-mysql"]
  15. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 Multistage with Ansible More info: bit.ly/multistage
  16. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 1. Keeping things organized with Roles . ├── playbook.yml └── roles ├── init │ └── tasks │ └── main.yml └── webserver ├── handlers │ └── main.yml ├── tasks │ └── main.yml └── templates └── vhost.tpl #playbook.yml --- - hosts: all sudo: true vars: doc_root: /vagrant/web roles: - init - webserver
  17. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 2. Using Phansible as bootstrapper
  18. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 2. Using Phansible as bootstrapper . ├── ansible │ ├── files │ │ └── authorized_keys │ ├── inventories │ │ └── dev │ ├── playbook.yml │ ├── roles │ │ ├── app │ │ ├── mysql │ │ ├── nginx │ │ ├── php │ │ ├── server │ │ └── vagrant_local │ ├── vars │ │ └── all.yml │ └── windows.sh └── Vagrantfile
  19. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 3. Using Tags - name: Install Nginx apt: pkg=nginx state=latest tags: - nginx - name: Install php-fpm apt: pkg=php5-fpm state=latest tags: - php $ ansible-playbook (…) --tags “nginx,php”
  20. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 3. Using Tags --- - hosts: all sudo: true roles: - server - nginx - mysql - php - app --- - hosts: all sudo: true roles: - { role: server, tags: [ 'server' ] } - { role: nginx, tags: [ 'nginx' ] } - { role: mysql, tags: [ 'mysql' ] } - { role: php, tags: [ 'php' ] } - { role: app, tags: [ 'app' ] }
  21. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 4. Prompting for Values vars_prompt: - name: deploy_version default: master prompt: "Tag, Branch or Hash to deploy" private: no
  22. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 5. Using ansible-vault for sensitive data, like credentials $ ansible-vault encrypt group_vars/web-prod.yml twitter: app_token: MYSUPERTOKEN app_secret: MYSUPERSECRET otherthing: secret_thing: SECRET secret_other: TOPSECRET $ANSIBLE_VAULT;1.1;AES256 39356166303165393330613634373 63661343834313564386262323234 3030633539656138633837 32353631303265623232306338303 26665306531633835630a36306133 3065393835356331343862 32346132653432623766366161333 33466393964396261303637313335 6464636232653532366333 before after
  23. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 5. Using ansible-vault for sensitive data, like credentials $ ansible-playbook (…) --ask-vault-pass $ ansible-vault view path/to/varfile.yml $ ansible-vault edit path/to/varfile.yml
  24. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 THANKS! @erikaheidi erikaheidi.com