Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥

ansible is nani

ansible is nani

勉強会やってよ~つって
急遽やったやつ、もうちょっとだけupdateする

元gist
https://gist.github.com/kakerukaeru/e6347a3418e9022e6513

kakerukaeru

June 24, 2015
Tweet

More Decks by kakerukaeru

Other Decks in Technology

Transcript

  1. agenda 4 how to learn ansible 4 what is ansible

    4 let's use ansible command 4 let's create simple playbook 4 advanced for playbook 4 let's create large playbook 4 oreore best practice
  2. what is ansible 4 IT automation tool 4 made python

    4 latest version 1.9.1 4 sequential execution 4 parallel processing
  3. Features 4 module → task 4 task → Playbooks.yml 4

    Inventory / hosts 4 roles / component 4 handler 4 Jinja2 /template
  4. how to write Inventory The format for Inventory file is

    an INI-like format and looks like this: kakeru@PC-kakeru:$ cat ansible/inventory/vagrant/kakeru_vagrant.yml [test] kakeru_vagrant1 kakeru_vagrant2 kakeru_vagrant3 ex) kakeru_vagrant[1:3] [stg:children] test
  5. example module how to use Usage: ansible <host-pattern> [options] -m

    MODULE_NAME, --module-name=MODULE_NAME module name to execute (default=command) 4 ping module kakeru@PC-kakeru:$ ansible test -i ansible/inventory/vagrant/kakeru_vagrant.yml -m ping -f 2 kakeru_vagrant1 | success >> { "changed": false, "ping": "pong" } kakeru_vagrant2 | success >> { "changed": false, "ping": "pong" }
  6. example module 4 bash module kakeru@PC-kakeru:$ ansible test -i ansible/inventory/vagrant/kakeru_vagrant1.yml

    -a "uptime" kakeru_vagrant1 | success | rc=0 >> 14:55:46 up 51 min, 1 user, load average: 0.00, 0.01, 0.02 4 apt module kakeru@PC-kakeru:$ ansible test -i ansible/inventory/vagrant/kakeru_vagrant1.yml -m apt -s -a name=varnish kakeru_vagrant1 | success >> { "changed": true, "stderr": "", "stdout": "Reading package lists...\nBuilding dependency tree...\n hogehoge" }
  7. write simple playbook Playbooks are expressed in YAML format and

    looks like this: kakeru@PC-kakeru:$ cat ansible/vagrant.yml # vi: set ft=yaml : - hosts: test user: vagrant sudo: yes tasks: - name: set kernel parameter action: > template src=roles/common/templates/etc/sysctl.conf.j2 dest=/etc/sysctl.conf owner=root group=root mode=0644 notify: - sysctl_p handlers: - name: sysctl_p command: /sbin/sysctl -q -e -p vars: net_ipv4_ip_forward : 0 net_ipv4_conf_default_rp_filter : 1 net_ipv4_conf_default_accept_source_route : 0 kernel_sysrq : 1 kernel_core_uses_pid : 1 net_ipv4_tcp_syncookies : 1 net_bridge_bridge_nf_call_ip6tables : 0
  8. prepare the template template are expressed in Jinja2 format kakeru@PC-kakeru:$

    cat ansible/roles/common/templates/etc/sysctl.conf.j2 # Kernel sysctl configuration file for Red Hat Linux # # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and # sysctl.conf(5) for more details. # Controls IP packet forwarding net.ipv4.ip_forward = {{ net_ipv4_ip_forward }} # Controls source route verification net.ipv4.conf.default.rp_filter = {{net_ipv4_conf_default_rp_filter}} # Do not accept source routing net.ipv4.conf.default.accept_source_route = {{ net_ipv4_conf_default_accept_source_route }} # Controls the System Request debugging functionality of the kernel kernel.sysrq = {{ kernel_sysrq }} # Controls whether core dumps will append the PID to the core filename. # Useful for debugging multi-threaded applications. kernel.core_uses_pid = {{ kernel_core_uses_pid }} # Controls the use of TCP syncookies net.ipv4.tcp_syncookies = {{ net_ipv4_tcp_syncookies }} # Disable netfilter on bridges. net.bridge.bridge-nf-call-ip6tables = {{ net_bridge_bridge_nf_call_ip6tables }}
  9. To start up ansible-playbook kakeru@PC-kakeru:$ ansible-playbook -i ansible/inventory/vagrant/kakeru_vagrant1.yml ansible/vagrant.yml PLAY

    [test] ******************************************************************* GATHERING FACTS *************************************************************** ok: [kakeru_vagrant1] TASK: [set kernel parameter] ************************************************** ok: [kakeru_vagrant1] PLAY RECAP ******************************************************************** kakeru_vagrant1 : ok=2 changed=0 unreachable=0 failed=0 So Simple :)
  10. --with_items - name: add script for lb_check6 action: > template

    src=usr/local/sbin/{{ item }}.j2 dest=/usr/local/sbin/{{ item }} owner=root group=root mode=0755 with_items: - lb_check6.sh - lb_check6_var
  11. --with_items 2 tasks: - name: install base_packages apt: name={{ item

    }} state=present with_items: - "{{ base.packages }}" vars: base: packages: - figlet - telnet - jq - wget - heirloom-mailx - zsh - screen - nmap - netcat-openbsd - tmux - lsof ...
  12. --register & --ignore_errors & --when - name: check jq's src

    action: > command [ -e /usr/local/src/jq_1.4-1~bpo70+1_amd64.deb ] register: result ignore_errors: True - name: downloadi&install jq action: > get_url url="http://ftp.jp.debian.org/debian/pool/main/j/jq/jq_1.4-1~bpo70+1_amd64.deb" dest=/usr/local/src mode=0644 notify: - install_jq when: result|failed
  13. --register & --when 2 - template: > src=etc/apt/sources.list dest=/etc/apt/sources.list owner=root

    group=root mode=0644 register: apt_sources_list - apt: update_cache=yes when: apt_sources_list|changed - apt: update_cache=yes cache_valid_time=3600 when: apt_sources_list|skipped
  14. other option 4 pleybook option 4 --connection=local 4 --until 4

    --vars_prompt 4 command option 4 --check 4 --diff
  15. --roles Example project structure: site.yml webservers.yml fooservers.yml roles/ common/ files/

    templates/ tasks/ main.yml nginx.yml handlers/ vars/ defaults/ meta/ webservers/ files/ templates/
  16. oreore best practice 4 define enviroment variables 4 create group_vars

    4 set xxx:children to inventory 4 must use role & set playbook to inventory 4 role → playbook 4 playbook + env → inventory
  17. view sample tree ├── group_vars │ ├── dev.yml │ ├──

    prd.yml │ ├── stg.yml │ ├── test.yml │ └── vagrant.yml ├── inventory │ ├── cassandra │ ├── elasticsearch │ ├── logger │ ├── sensu │ ├── uchiwa │ ├── vagrant │ └── web ├── web.yml ├── logger.yml ├── README.md ├── roles │ ├── cassandra │ ├── common │ ├── elasticsearch
  18. Select the host and then execute. $ cat inventory/vagrant/kakeru_vagrant.yml [test]

    kakeru_vagrant[1:3] $ ansible-playbook vagrant.yml -i inventory/vagrant/kakeru_vagrant.yml -l kakeru_vagrant1 PLAY [test] ******************************************************************* . GATHERING FACTS *************************************************************** ok: [kakeru_vagrant1] . TASK: [set kernel parameter] ************************************************** ok: [kakeru_vagrant1] . PLAY RECAP ******************************************************************** kakeru_vagrant1 : ok=2 changed=0 unreachable=0 failed=0
  19. Check the target host. $ ansible-playbook vagrant.yml -i inventory/vagrant/kakeru_vagrant.yml -l

    kakeru_vagrant1 --list-host playbook: vagrant.yml play #1 (test): host count=1 kakeru_vagrant1 : ok=2 changed=0 unreachable=0 failed=0