It’s simple enough for everyone in IT yet very powerful to automate even the most complex deployment. It makes your application and systems easier to deploy. It supports configuration management with examples as below: Configuration management Security Performance Application Deployment Provisioning servers Continuous delivery
open source application ➢ Agent-less – No need for agent installation and management ➢ Python/yaml based ➢ Highly flexible and configuration management of systems. ➢ Large number of ready to use modules for system management ➢ Custom modules can be added if needed ➢ Configuration roll-back in case of error ➢ Simple and human readable ➢ Self documenting
in your infrastructure at the same time. ➢ In order to do this, ansible need to establish connectivity to those servers. ➢ This is done using SSH for Linux and PowerShell Remoting for windows. ➢ This is what makes ansible agentless. ➢ Information about these target machines is stored in an inventory file. ➢ If you don't create an inventory file, Ansible uses an inventory file located at etc/ansible/hosts. ➢ The inventory file is an INI-like format. ➢ It’s simply a number of servers listed one after the other. mail.example.com [webservers] foo.example.com bar.example.com [dbservers] one.example.com two.example.com three.example.com
that we define what we want ansible to do. ➢ It is a set of instructions you provide ansible to work its magic. ➢ It can be a as simple as running a series of commands on different servers in as sequence and restarting those servers in particular order or it could be as complex as deploying 100s of VMs in a public or private cloud infrastructure, provision storage to VMs, setting up their network, cluster configuration, configuring applications on them such as web servers or DbB servers etc. ➢ Playbooks are written in YAML file. It is a single YAML file containing set of plays. ➢ Plays - Define a set of activities (tasks) tun be run on hosts ➢ Task - An action to be performed on the host- ❖ Execute a command ❖ Run a script ❖ Install a package ❖ Shutdown/Restart a server
command We use ansible command to perform one-off tasks such as test connectivity between ansible controller and target machines or to run a command like to shutdown set of servers. ➢ ansible all -m ping ➢ ansible all -a “/bin/echo hello”
Script ◦ Yum ◦ service ➢ There are 100s of the modules available out of the box. Information about these modules are available in the Ansible Documentation website or you can simply run ansible-doc -L System - Are actions to be performed on the system level such as modifying users and groups on the system, modifying iptables, firewall configuration etc. Commands - Are used to execute commands or a script on a host Files - Help work with files. For example, use the ACL module to set and retrieve ACL information on files. Database - Use to work with databases like MongoDb, MySQL, PostgresQL to add or remove databases or modify database configurations. Cloud - A vast collection of modules for various cloud providers like Amazon, Azure, Docker, Google. Windows - Help use ansible in a Window environment. Some of these are win_copy to copy files, win_command to execute a command in Windows machine.
hosts: localhost tasks: - name: Start the database service service: name=postgresql state=started - name: Start the httpd service service: name=httpd state=started - name: Start the nginx service service: name: nginx state: started playbook.yml - name: Start Services in order hosts: localhost tasks: - name: Start the database service service: name: postgresql state: started
host. ◦ ansible_host ◦ ansible_connection ◦ ansible_ssh_pass ➢ Are examples of variables ➢ We can also define variables in playbooks ➢ We can also have variables defined in a separate ➢ File dedicated for variable. Playbook.yml - name: Add DNS server to resolv.conf hosts: localhost tasks: - lineinfile: path: /etc/resolv.conf line: 'nameserver 10.1.250.10' Playbook.yml - name: Add DNS server to resolv.conf hosts: localhost vars: dns_server: 10.1.250.10 tasks: - lineinfile: path: /etc/resolv.conf line: 'nameserver {{ dns_server }}'
primary purpose of roles is make your work reusable. Be it for other tasks or other projects within your organisation. ➢ Organize - Roles also help in organizing your code within ansible Vars mysql_packages: - mysql - mysql-server db_config: db_name: db1 Defaults mysql_user_name: root mysql_user_password: root handlers templates
also help in sharing your code with others in the Ansible Community - Ansible Galaxy is one such community where you can find thousands of roles for almost any task you can think of. How to get started with Roles ➢ Create the directory structure required for a role using Ansible Galaxy Tool. Use the to ansible-galaxy init command to create a skeleton for you. ➢ This command will initialize and create a directory structure.
are different ways to do that. ➢ Create a directory within called roles within your playbooks folder and move the roles you created under it. When the playbook runs, Ansible looks for a role named, for example, mysql under the roles directory. ➢ You can move the role to a common directory designated for roles on your system at /etc/ansible/roles location. It’s the default location where ansible searches for roles if it can't be found in your playbook directory. This is defined in the ansible configuration file as roles path. /etc/ansible/ansible.cfg roles_path = /etc/ansible/roles
your playbook ➢ You can search from Ansible Galaxy UI ➢ From command line interface using the ansible-galaxy search command ansible-galaxy search mysql ➢ To use a role, run the ansible-galaxy install command with the name of the role. ansible-galaxy install <role_name> ➢ To view the list of roles currently installed run the ansible-galaxy list command ansible-galaxy list ➢ To view the location where roles would be installed run the ansible-config dump | grep ROLE. ansible-config dump | grep ROLE ➢ While installing the roles you may use the “-p” option to install it in the current location under roles. ansible-galaxy install <role_name> –p ./roles
easy way to create and manage a collection of AWS resources. ➢ Allows orderly and predictable provisioning and updating of resources. ➢ Allows you to version control your AWS infrastructure. ➢ Deploy and update stacks using console, command line or API. ➢ You only pay for resources you create. CloudFormation is a declarative way of outlining your AWS Infrastructure, for any resources (most of them are supported)
S3 and then referenced in CloudFormation ➢ To update a template, we can’t edit previous ones. We have to re-upload a new version of the template to AWS ➢ Stacks are identified by a name ➢ Deleting a stack deletes every single artifact that was created by CloudFormation.
CloudFormation Designer ➢ Using the console to input parameters, etc Automated way: ➢ Editing templates in a YAML/JSON file ➢ Using the AWS CLI (Command Line Interface) to deploy the templates ➢ Recommended way when you fully want to automate your flow
declared in the template (MANDATORY) ➢ Parameters: The dynamic inputs for your template ➢ Mappings: The static variables for your template ➢ Outputs: References to what has been created ➢ Conditionals: List of conditions to perform resource creation ➢ Metadata Templates helpers: ➢ References ➢ Functions
the template usage", "Parameters": { // A set of inputs used to customize the template per deployment }, "Resources": { // A set of AWS resources and relationships between them }, "Outputs": { // A set of values to be made visible to the stack creator }, "AWSTemplateFormatVersion": "2010- ‐09- ‐09" }
the template usage", "Parameters": { // A set of inputs used to customize the template per deployment }, "Resources": { // A set of AWS resources and relationships between them }, "Outputs": { // A set of values to be made visible to the stack creator }, "AWSTemplateFormatVersion": "2010- ‐09- ‐09" }
template. ➢ Parameters enable you to input custom values to your template. This can be done each time you create or update a stack. Concept: Pseudo Parameters. Predefined by AWS CloudFormation
include in the stack. These can be: ◦ Amazon Elastic Compute Cloud(EC2) instance ◦ Amazon Simple Storage Service (S3) bucket etc ➢ All the resources can be found here AWS Resources
template. ➢ Parameters enable you to input custom values to your template. This can be done each time you create or update a stack. Concept: Pseudo Parameters. Predefined by AWS CloudFormation
All the values are hardcoded within AWS CloudFormation template. The following example shows a Mappings section with a map RegionMap, which contains five keys that map to name-value pairs containing single string values. The keys are region names. Each name-value pair is the AMI ID for the AMI in the region represented by the key
into other stacks that is if you export them first. ➢ You can also view the outputs in the AWS Console or in using the AWS CLI. ➢ It's the best way to perform collaboration across stack. NOTE: You can't delete a CloudFormation Stack if its outputs are being referenced by another CloudFormation stack
or configured. ➢ Conditions can be whatever you want them to be, but common ones are: ◦ Environment (dev / test / prod) ◦ AWS Region ◦ Any parameter value Attaching a security group to an EC2 instance only in our production environment. This takes only one parameter for the environment name and a condition to test whether it is production
back (gets deleted). We can look at the log ◦ Option to disable rollback and troubleshoot what happened ➢ Stack Update Fails: ◦ The stack automatically rolls back to the previous known working state ◦ Ability to see in the log what happened and error messages
➢ They allow you to isolate repeated patterns / common components in separate stacks and call them from other stacks Example: ◦ Load Balancer configuration that is reused ◦ Security Group that is reused ➢ Nested stacks are considered best practice ➢ To update a nested stack, always update the parent (root stack)
stacks in AWS accounts across regions by using a single AWS CloudFormation template. ➢ Administrator account to create StackSets ➢ Trusted accounts to create, update, delete stack instances from StackSets ➢ When you update a stack set, all associated stack instances are updated throughout all accounts and regions
fsubal
quramy
akki_megane
marcy731
ruzia
riofujimon
free_world21
ryunakayama
utgwkk
badmintoncryer
h455h1
kj455
davidbonilla
matthewcrist
cherdarchuk
keithpitt
bkeepers
lauravandoore
samanthasiow
revolveconf
chriscoyier
addyosmani
mojombo
malarkey
