Real World Orchestration with Ansible

Transcript

1. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

   10/2015 Real World Orchestration with Ansible

2. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

   10/2015 whoami

3. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

   10/2015 Table of Contents i. Ansible Overview ii.Hands-on: Ansible + Vagrant iii. Standalone Ansible iv. Going Multistage v. Tips&Tricks

4. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

   10/2015 ANSIBLE OVERVIEW

5. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

   10/2015 Ansible • Simple and straightforward language (YAML) • Agentless Architecture • Huge collection of built-in modules • Great community, very popular on Github - 13k+ stars and almost 4k forks

6. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

   10/2015 Playbook Example --- - hosts: all sudo: true tasks: - name: Update apt-cache apt: update_cache=yes - name: Install Nginx apt: pkg=nginx state=latest

7. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

   10/2015 Playbook Resources • Variables • Loops • Conditionals • Templates • Ansible Vault

8. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

   10/2015 HANDS ON

9. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

   10/2015 Ansible + Vagrant #Vagrantfile Vagrant.configure("2") do |config| config.vm.box = "ubuntu/trusty64" config.vm.network "forwarded_port", guest: 80, host: 8080 config.vm.provision "ansible" do |ansible| ansible.playbook = "demo.yml" end end

10. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 Playbook --- - hosts: all sudo: true vars: packages: ["nginx", "php5-fpm"] tasks: - name: Update apt-cache apt: update_cache=yes - name: Install Packages apt: pkg={{ item }} state=latest with_items: packages - name: Change Nginx Vhost File template: src=default.tpl dest=/etc/nginx/sites- available/default notify: restart nginx handlers: - name: restart nginx service: name=nginx enabled=yes state=restarted

11. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 DEMO TIME!

12. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015

13. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 STANDALONE ANSIBLE

14. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 Inventories #/etc/ansible/hosts [production] erikaheidi.com dev-human.com imanee.io [testing] 178.62.192.53 95.85.35.248 178.62.221.111 [webservers:children] production testing

15. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 ad-hoc commands $ ansible [-i inventory] group|host -m module -a “args|command”

16. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 ad-hoc commands $ ansible [-i inventory] group|host -m module -a “args|command”

17. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 ad-hoc commands $ ansible [-i inventory] group|host -m module -a “args|command”

18. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 Running Playbooks ansible-playbook [-i inventory] [-l group|host] playbook.yml

19. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 GOING MULTISTAGE

20. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 Consider this scenario

21. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 Inventory Files #inventories/dev [web-dev] 192.168.33.33 One per environment to avoid mistakes when running the playbook! #inventories/test [web-test] 178.62.192.53 #inventories/prod [web-prod] myhost.io

22. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 Group Vars #group_vars/web-prod.yml project_root: /var/www doc_root: /var/www/web sys_packages: ["vim","fail2ban"] #group_vars/web-dev.yml project_root: /vagrant doc_root: /vagrant/web #group_vars/all.yml sys_packages: ["vim"] php_packages: ["php5-cli","php5-mysql"]

23. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 Multistage with Ansible More info: bit.ly/multistage

24. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 TIPS&TRICKS

25. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 1. Keeping things organized with Roles . ├── playbook.yml └── roles ├── init │ └── tasks │ └── main.yml └── webserver ├── handlers │ └── main.yml ├── tasks │ └── main.yml └── templates └── vhost.tpl #playbook.yml --- - hosts: all sudo: true vars: doc_root: /vagrant/web roles: - init - webserver

26. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 2. Using Phansible as bootstrapper

27. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 2. Using Phansible as bootstrapper . ├── ansible │ ├── files │ │ └── authorized_keys │ ├── inventories │ │ └── dev │ ├── playbook.yml │ ├── roles │ │ ├── app │ │ ├── mysql │ │ ├── nginx │ │ ├── php │ │ ├── server │ │ └── vagrant_local │ ├── vars │ │ └── all.yml │ └── windows.sh └── Vagrantfile

28. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 3. Using Tags - name: Install Nginx apt: pkg=nginx state=latest tags: - nginx - name: Install php-fpm apt: pkg=php5-fpm state=latest tags: - php $ ansible-playbook (…) --tags “nginx,php”

29. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 3. Using Tags --- - hosts: all sudo: true roles: - server - nginx - mysql - php - app --- - hosts: all sudo: true roles: - { role: server, tags: [ 'server' ] } - { role: nginx, tags: [ 'nginx' ] } - { role: mysql, tags: [ 'mysql' ] } - { role: php, tags: [ 'php' ] } - { role: app, tags: [ 'app' ] }

30. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 4. Prompting for Values vars_prompt: - name: deploy_version default: master prompt: "Tag, Branch or Hash to deploy" private: no

31. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 5. Using ansible-vault for sensitive data, like credentials $ ansible-vault encrypt group_vars/web-prod.yml twitter: app_token: MYSUPERTOKEN app_secret: MYSUPERSECRET otherthing: secret_thing: SECRET secret_other: TOPSECRET $ANSIBLE_VAULT;1.1;AES256 39356166303165393330613634373 63661343834313564386262323234 3030633539656138633837 32353631303265623232306338303 26665306531633835630a36306133 3065393835356331343862 32346132653432623766366161333 33466393964396261303637313335 6464636232653532366333 before after

32. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 5. Using ansible-vault for sensitive data, like credentials $ ansible-playbook (…) --ask-vault-pass $ ansible-vault view path/to/varfile.yml $ ansible-vault edit path/to/varfile.yml

33. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 EXTRAS

34. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 bit.ly/vc-ipc15 Vagrant Cookbook

35. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 QUESTIONS?

36. Real World Orchestration with Ansible @erikaheidi / PHP UG Munich

    10/2015 THANKS! @erikaheidi erikaheidi.com