Ansible: What Is It and What Is It Good For?

Transcript

1. Taking a Moment 1 CC BY-NC 4.0 Justin Yost

2. Ansible: What Is It and What Is It Good For?

   Justin Yost Lead Software Engineer Wirecutter 2 CC BY-NC 4.0 Justin Yost

3. What is Ansible? • Provision • Configuration • Deployment 3

   CC BY-NC 4.0 Justin Yost

4. Provision • Setup your server software with a particular set

   of tools for a particular environment 4 CC BY-NC 4.0 Justin Yost

5. Configuration • Store and manage secrets and mundane values across

   various environments 5 CC BY-NC 4.0 Justin Yost

6. Deployment • Deploy the software, with the matching configuration into

   an environment 6 CC BY-NC 4.0 Justin Yost

7. What makes Ansible different? • No agents (Python and SSH

   are the only requirements on managed nodes) • No custom software code (just YAML English language scripts) • Models the whole IT infrastructure • Idempotent, running it multiple times produces the same infrastructure 7 CC BY-NC 4.0 Justin Yost

8. Ansible - Basic Setup • Playbooks - describe automation tasks

   (literally SSH commands to be run) • Inventory - not a database, but Ansible's knowledge of the hosts to run commands on • Module - a standalone set of automation tasks • Management Node - the node that runs the Ansible software and runs the playbooks against the inventory, deploying the modules to each corresponding remote host 8 CC BY-NC 4.0 Justin Yost

9. Ansible 9 CC BY-NC 4.0 Justin Yost

10. Ansible - What can it do? • Provision - create

    a new from scratch or not server to do whatever. • Configuration - add code, add secrets, add environment values, for said servers. • Deployment - deploy those from scratch servers to multiple cloud or self-hosting providers (AWS, Azure, GCP, OpenStack, VMWare, etc) 10 CC BY-NC 4.0 Justin Yost

11. Ansible - What can't it do? ! 11 CC BY-NC

    4.0 Justin Yost

12. What does Ansible look like? • YAML Files • Build

    an Inventory File (hosts being managed) • Write Playbooks against the hosts • Playbooks execute tasks • Tasks are typically executed via a called module to execute against a collection of hosts • Tasks can use some Ansible wrapping logic around ssh commands • Tasks can also just run generic ssh commands • Handlers execute at the end of a set of tasks 12 CC BY-NC 4.0 Justin Yost

13. Inventory File hosts.yml --- all: local: 192.0.2.50 web: aserver.example.org bserver.example.org

    dns: dns[01:50].example.org: 13 CC BY-NC 4.0 Justin Yost

14. Playbook File verify-user.yml --- - hosts: all remote_user: root tasks:

    - name: test connection ping: remote_user: yourname 14 CC BY-NC 4.0 Justin Yost

15. Playbook load-apache.yml --- - hosts: webservers vars: http_port: 80 max_clients:

    200 remote_user: root tasks: - name: ensure apache is at the latest version yum: name: httpd state: latest - name: ensure apache is running service: name: httpd state: started handlers: - name: restart apache service: name: httpd state: restarted 15 CC BY-NC 4.0 Justin Yost

16. Ansible Has • Variables • Loops • Truth Evaluation •

    Whens • Blocks and Block Level Errors 16 CC BY-NC 4.0 Justin Yost

17. Ansible Vault • Locally Encrypted/Decreypted Secrets Manager • Store secrets

    and load into Ansible at run time 17 CC BY-NC 4.0 Justin Yost

18. Ansible Ad Hoc Commands • Execute ad-hoc commands against the

    inventory (ie restart/ shutdown/update a one-off service/server/server-cluster) 18 CC BY-NC 4.0 Justin Yost

19. Ansible Dynamic Inventory • Supports multiple cloud providers Dynamic Scaling

    systems • Supports LDAP, Cobbler, other cloud based inventory management systems 19 CC BY-NC 4.0 Justin Yost

20. Ansible • All in one tool to create servers and

    any underlying service on said servers • Configure said servers and services • Deploy said servers into various environments 20 CC BY-NC 4.0 Justin Yost

21. Thanks Questions? • twitter.com/justinyost • github.com/justinyost • justinyost.com • linkedin.com/learning/instructors/justin-yost

    21 CC BY-NC 4.0 Justin Yost