Ansible - Systems management doesn't have to be complicated.

Transcript

1. Ansible Systems management doesn't have to be complicated. Automation that

   even a manager can understand October 2012 Jan-Piet Mens, @jpmens Ansible 1 von 26 30.10.2012 11:02

2. Systems management Shell scripts can hurt Puppet? Chef? CFEngine? Systems

   management MUST [RFC 2119] be EASY We all have other things to do, don't we? Do we want to install sw on nodes to install sw on them? Do we really want an extra host? Do we want moar daemons? Automation should not require programming experience Ansible 2 von 26 30.10.2012 11:02

3. Ansible Created by Michael DeHaan http://ansible.github.com/ Big idea, simple syntax

   No PKI Reuses existing infrastructure No special comms channels SSH for communication (keys, or Kerberos, or (yuck) passwords) Ideal for configuration management and ad-hoc tasks Ansible 3 von 26 30.10.2012 11:02

4. Ansible: Requirements Manager Python 2.6, paramiko, PyYAML, Jinja2 Virtualenv OK

   Run from git checkout (no installation required) Nodes Python 2.6 Python 2.4 needs python-simplejson Ansible 4 von 26 30.10.2012 11:02

5. Ansible: modus operandi Ansible copies its own code to nodes

   and executes it there. Ansible 5 von 26 30.10.2012 11:02

6. Inventory Defaults to /etc/ansible/hosts [local] 127.0.0.1 [webservers] www.example.com ntpserver=ntp1.pool.ntp.org web[10-23].example.com

   [devservers] a1.ww.mens.de Target selection is flexible weberservers all a1.ww.mens.de webservers:!web20.example.com *.mens.de 192.168.6.* Ansible 6 von 26 30.10.2012 11:02

7. Ad-hoc: copy file to all dev boxes 1 $ ansible

   devservers -m copy -a 'src=adm.keytab dest=/tmp/a.tab' 2 a1.ww.mens.de | success >> { 3 "changed": true, 4 "dest": "/tmp/a.tab", 5 "group": "adm", 6 "invocation": { 7 "module_args": "src=adm.keytab dest=/tmp/a.tab", 8 "module_name": "copy" 9 }, 10 "md5sum": "9c8c09f8100ef3cec5672f7eb8cae670", 11 "mode": "0644", 12 "owner": "f2", 13 "path": "/tmp/a.tab", 14 "src": "/home/f2/.ansible/tmp/ansible-1346503531.75-18192958508184/adm.keytab", 15 "state": "file" 16 } Ansible 7 von 26 30.10.2012 11:02

8. Ansible 8 von 26 30.10.2012 11:02

9. Install tmux 1 --- 2 - hosts: devservers 3 user:

   f2 4 sudo: True 5 vars: 6 editmode: vi 7 tasks: 8 - name: Install tmux package 9 action: yum name=tmux state=installed 10 - name: Configure tmux 11 action: template src=tmux.conf.in dest=/etc/tmux.conf /etc/sudoers on nodes f2 ALL=(ALL) NOPASSWD: ALL Ansible 9 von 26 30.10.2012 11:02

10. Variables Inventory variables. Playbook vars. Group vars. Host vars. Register

    vars. Facts. Ansible 10 von 26 30.10.2012 11:02

11. Ansible 11 von 26 30.10.2012 11:02

12. Jinja2 tmux.conf.in 1 set -g prefix C-a 2 set -g

    status-utf8 on 3 setw -g mode-keys {{ editmode }} Generate /etc/hosts from inventory 1 {% for k,v in hostvars.iteritems() -%} 2 {{ v['ansible_eth0']['ipv4']['address']}} {{ k }} {{ v['ansible_hostname'] }} 3 {% endfor %} Result 192.168.1.194 a1.ww.mens.de a1 Ansible 12 von 26 30.10.2012 11:02

13. Run the playbook Ansible 13 von 26 30.10.2012 11:02

14. What did Ansible just do? Made SSH connections to remote

    hosts 1. Copied Python modules and arguments to temporary files 2. Executed the setup module to obtain facts 3. Executed modules on remote machines 4. Returned JSON results from modules ______________________________ < TASK: [Install tmux package] > ------------------------------ \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || 5. Ansible 14 von 26 30.10.2012 11:02

15. Facts ( setup module) 1 { "ansible_facts": { 2 "ansible_all_ipv4_addresses":

    [ "192.168.1.194" ], 3 "ansible_all_ipv6_addresses": [ 4 "xxxx:xxxx:xxxx:xxxx:5054:ff:fe02:8e0f", 5 "fe80::5054:ff:fe02:8e0f" 6 ], 7 "ansible_architecture": "x86_64", 8 "ansible_default_ipv4": { 9 "address": "192.168.1.194", 10 "alias": "eth0", 11 "gateway": "192.168.1.1", 12 }, 13 "ansible_distribution": "CentOS", 14 "ansible_distribution_release": "Final", 15 "ansible_distribution_version": "6.2", 16 ... 17 } } Ansible seamlessly integrates Facter and OHAI and you can easily provide your own facts. Ansible 15 von 26 30.10.2012 11:02

16. Idempotency What?? Can run multiple times safely except the command

    and shell modules Ansible 16 von 26 30.10.2012 11:02

17. Handlers Playbooks have a basic event system: notify actions are

    triggered once, e.g. when the content of a file changes. 1 - name: Create RESOLV.conf 2 action: template src=/etc/ansible/resolv.in dest=/etc/resolv.conf mode=0444 3 notify: 4 - restart Webs 5 handlers: 6 - name: restart Webs 7 action: service name=apache state=restarted Ansible 17 von 26 30.10.2012 11:02

18. Ansible 18 von 26 30.10.2012 11:02

19. Core Ansible modules apt_repository , apt , assemble , authorized_key

    , command , copy , easy_install , facter , fetch , file , get_url , git , group , ini_file , lineinfile , mount , mysql_db , mysql_user , nagios , ohai , ping , pip , postgresql_db , postgresql_user , raw , service , seboolean , selinux , setup , shell , subversion , supervisorctl , template , user , wait_for , virt , yum Contributed modules https://github.com/ansible/ansible-resources (e.g. zypp, iptables , ...) Write your own! Preferably Python for inclusion in core, but basically, anything that runs on node Ansible 19 von 26 30.10.2012 11:02

20. Delegation Ansible interrupts the flow and hops off to another

    node to run a specified task, Ansible 20 von 26 30.10.2012 11:02

21. Pull mode Requires aull Ansible installation (with dependencies) on nodes

    and a repository from which it can obtain playbooks. See my example. Ansible 21 von 26 30.10.2012 11:02

22. Extensible Callbacks (Python) Server-side modules (Python) Inventory sources (any language)

    Ansible 22 von 26 30.10.2012 11:02

23. Fireball Connections are pluggable local paramiko ssh fireball 0mq as

    message bus requires additional modules on nodes Ansible 23 von 26 30.10.2012 11:02

24. API 1 #!/usr/bin/env python 2 3 import ansible.runner 4 import

    sys 5 6 res = ansible.runner.Runner( 7 pattern='a1*', 8 module_name='command', 9 module_args='/usr/bin/uptime' 10 ).run() 11 print res Ansible 24 von 26 30.10.2012 11:02

25. More Time for Stuff That Matters Thank you. Questions? Ansible

    25 von 26 30.10.2012 11:02

26. Further reading Ansible presentation by Michael DeHaan Configuration Management with

    Ansible by @jpmens Ansible 26 von 26 30.10.2012 11:02