Real World Orchestration with Ansible

Slide 1

Slide 1 text

Real World Orchestration with Ansible @erikaheidi / PHP UG Munich 10/2015 Real World Orchestration with Ansible

Slide 2

Slide 2 text

Real World Orchestration with Ansible @erikaheidi / PHP UG Munich 10/2015 whoami

Slide 3

Slide 3 text

Real World Orchestration with Ansible @erikaheidi / PHP UG Munich 10/2015 Table of Contents i. Ansible Overview ii.Hands-on: Ansible + Vagrant iii. Standalone Ansible iv. Going Multistage v. Tips&Tricks

Slide 4

Slide 4 text

Real World Orchestration with Ansible @erikaheidi / PHP UG Munich 10/2015 ANSIBLE OVERVIEW

Slide 5

Slide 5 text

Real World Orchestration with Ansible @erikaheidi / PHP UG Munich 10/2015 Ansible ● Simple and straightforward language (YAML) ● Agentless Architecture ● Huge collection of built-in modules ● Great community, very popular on Github - 13k+ stars and almost 4k forks

Slide 6

Slide 6 text

Real World Orchestration with Ansible @erikaheidi / PHP UG Munich 10/2015 Playbook Example --- - hosts: all sudo: true tasks: - name: Update apt-cache apt: update_cache=yes - name: Install Nginx apt: pkg=nginx state=latest

Slide 7

Slide 7 text

Real World Orchestration with Ansible @erikaheidi / PHP UG Munich 10/2015 Playbook Resources ● Variables ● Loops ● Conditionals ● Templates ● Ansible Vault

Slide 8

Slide 8 text

Real World Orchestration with Ansible @erikaheidi / PHP UG Munich 10/2015 HANDS ON

Slide 9

Slide 9 text

Real World Orchestration with Ansible @erikaheidi / PHP UG Munich 10/2015 Ansible + Vagrant #Vagrantfile Vagrant.configure("2") do |config| config.vm.box = "ubuntu/trusty64" config.vm.network "forwarded_port", guest: 80, host: 8080 config.vm.provision "ansible" do |ansible| ansible.playbook = "demo.yml" end end

Slide 10

Slide 10 text

Real World Orchestration with Ansible @erikaheidi / PHP UG Munich 10/2015 Playbook --- - hosts: all sudo: true vars: packages: ["nginx", "php5-fpm"] tasks: - name: Update apt-cache apt: update_cache=yes - name: Install Packages apt: pkg={{ item }} state=latest with_items: packages - name: Change Nginx Vhost File template: src=default.tpl dest=/etc/nginx/sites- available/default notify: restart nginx handlers: - name: restart nginx service: name=nginx enabled=yes state=restarted

Slide 11

Slide 11 text

Real World Orchestration with Ansible @erikaheidi / PHP UG Munich 10/2015 DEMO TIME!

Slide 12

Slide 12 text

Real World Orchestration with Ansible @erikaheidi / PHP UG Munich 10/2015

Slide 13

Slide 13 text

Real World Orchestration with Ansible @erikaheidi / PHP UG Munich 10/2015 STANDALONE ANSIBLE

Slide 14

Slide 14 text

Real World Orchestration with Ansible @erikaheidi / PHP UG Munich 10/2015 Inventories #/etc/ansible/hosts [production] erikaheidi.com dev-human.com imanee.io [testing] 178.62.192.53 95.85.35.248 178.62.221.111 [webservers:children] production testing

Slide 15

Slide 15 text

Real World Orchestration with Ansible @erikaheidi / PHP UG Munich 10/2015 ad-hoc commands $ ansible [-i inventory] group|host -m module -a “args|command”

Slide 16

Slide 16 text

Real World Orchestration with Ansible @erikaheidi / PHP UG Munich 10/2015 ad-hoc commands $ ansible [-i inventory] group|host -m module -a “args|command”

Slide 17

Slide 17 text

Real World Orchestration with Ansible @erikaheidi / PHP UG Munich 10/2015 ad-hoc commands $ ansible [-i inventory] group|host -m module -a “args|command”

Slide 18

Slide 18 text

Real World Orchestration with Ansible @erikaheidi / PHP UG Munich 10/2015 Running Playbooks ansible-playbook [-i inventory] [-l group|host] playbook.yml

Slide 19

Slide 19 text

Real World Orchestration with Ansible @erikaheidi / PHP UG Munich 10/2015 GOING MULTISTAGE

Slide 20

Slide 20 text

Real World Orchestration with Ansible @erikaheidi / PHP UG Munich 10/2015 Consider this scenario

Slide 21

Slide 21 text

Real World Orchestration with Ansible @erikaheidi / PHP UG Munich 10/2015 Inventory Files #inventories/dev [web-dev] 192.168.33.33 One per environment to avoid mistakes when running the playbook! #inventories/test [web-test] 178.62.192.53 #inventories/prod [web-prod] myhost.io

Slide 22

Slide 22 text

Real World Orchestration with Ansible @erikaheidi / PHP UG Munich 10/2015 Group Vars #group_vars/web-prod.yml project_root: /var/www doc_root: /var/www/web sys_packages: ["vim","fail2ban"] #group_vars/web-dev.yml project_root: /vagrant doc_root: /vagrant/web #group_vars/all.yml sys_packages: ["vim"] php_packages: ["php5-cli","php5-mysql"]

Slide 23

Slide 23 text

Real World Orchestration with Ansible @erikaheidi / PHP UG Munich 10/2015 Multistage with Ansible More info: bit.ly/multistage

Slide 24

Slide 24 text

Real World Orchestration with Ansible @erikaheidi / PHP UG Munich 10/2015 TIPS&TRICKS

Slide 25

Slide 25 text

Real World Orchestration with Ansible @erikaheidi / PHP UG Munich 10/2015 1. Keeping things organized with Roles . ├── playbook.yml └── roles ├── init │ └── tasks │ └── main.yml └── webserver ├── handlers │ └── main.yml ├── tasks │ └── main.yml └── templates └── vhost.tpl #playbook.yml --- - hosts: all sudo: true vars: doc_root: /vagrant/web roles: - init - webserver

Slide 26

Slide 26 text

Real World Orchestration with Ansible @erikaheidi / PHP UG Munich 10/2015 2. Using Phansible as bootstrapper

Slide 27

Slide 27 text

Real World Orchestration with Ansible @erikaheidi / PHP UG Munich 10/2015 2. Using Phansible as bootstrapper . ├── ansible │ ├── files │ │ └── authorized_keys │ ├── inventories │ │ └── dev │ ├── playbook.yml │ ├── roles │ │ ├── app │ │ ├── mysql │ │ ├── nginx │ │ ├── php │ │ ├── server │ │ └── vagrant_local │ ├── vars │ │ └── all.yml │ └── windows.sh └── Vagrantfile

Slide 28

Slide 28 text

Real World Orchestration with Ansible @erikaheidi / PHP UG Munich 10/2015 3. Using Tags - name: Install Nginx apt: pkg=nginx state=latest tags: - nginx - name: Install php-fpm apt: pkg=php5-fpm state=latest tags: - php $ ansible-playbook (…) --tags “nginx,php”

Slide 29

Slide 29 text

Real World Orchestration with Ansible @erikaheidi / PHP UG Munich 10/2015 3. Using Tags --- - hosts: all sudo: true roles: - server - nginx - mysql - php - app --- - hosts: all sudo: true roles: - { role: server, tags: [ 'server' ] } - { role: nginx, tags: [ 'nginx' ] } - { role: mysql, tags: [ 'mysql' ] } - { role: php, tags: [ 'php' ] } - { role: app, tags: [ 'app' ] }

Slide 30

Slide 30 text

Real World Orchestration with Ansible @erikaheidi / PHP UG Munich 10/2015 4. Prompting for Values vars_prompt: - name: deploy_version default: master prompt: "Tag, Branch or Hash to deploy" private: no

Slide 31

Slide 31 text

Real World Orchestration with Ansible @erikaheidi / PHP UG Munich 10/2015 5. Using ansible-vault for sensitive data, like credentials $ ansible-vault encrypt group_vars/web-prod.yml twitter: app_token: MYSUPERTOKEN app_secret: MYSUPERSECRET otherthing: secret_thing: SECRET secret_other: TOPSECRET $ANSIBLE_VAULT;1.1;AES256 39356166303165393330613634373 63661343834313564386262323234 3030633539656138633837 32353631303265623232306338303 26665306531633835630a36306133 3065393835356331343862 32346132653432623766366161333 33466393964396261303637313335 6464636232653532366333 before after

Slide 32

Slide 32 text

Real World Orchestration with Ansible @erikaheidi / PHP UG Munich 10/2015 5. Using ansible-vault for sensitive data, like credentials $ ansible-playbook (…) --ask-vault-pass $ ansible-vault view path/to/varfile.yml $ ansible-vault edit path/to/varfile.yml

Slide 33

Slide 33 text

Real World Orchestration with Ansible @erikaheidi / PHP UG Munich 10/2015 EXTRAS

Slide 34

Slide 34 text

Real World Orchestration with Ansible @erikaheidi / PHP UG Munich 10/2015 bit.ly/vc-ipc15 Vagrant Cookbook

Slide 35

Slide 35 text

Real World Orchestration with Ansible @erikaheidi / PHP UG Munich 10/2015 QUESTIONS?

Slide 36

Slide 36 text

Real World Orchestration with Ansible @erikaheidi / PHP UG Munich 10/2015 THANKS! @erikaheidi erikaheidi.com