Ansible ͷ Module ͱ Plugin ͬ͘͟Γೖ໳ CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0 1 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0

͸͡Ίʹ 2 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0

͋Μͨɺ୭Ͷʁ • ઒ݪ ༸ฏ • ΞΠϨοτגࣜձࣾ cloudpack ࣄۀ෦ • τΡΠολʔ : @inokappa • ϑΣΠεϒοΫ : inokappa • ޷͖ͳതଟห : Α͔Ζ͏΋Μ Ansible ͸ެࢲڞʹ͋Μ·Γ࢖ͬͯ·ͤ Μ...͍͢·ͤΜ. 3 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0

CIRASU ͬͯͳΜͶʁ ෱ԬͰ Infrastructure as code ΍ Configuration as code ɺSite Reliability Engineering (SRE)ɺDevOps ͳͲΠϯϑϥٕज़ऀΛऔΓר ٕ͘ज़ɾӡ༻ʹ͍ͭͯͷ৘ใΛ ΏΔʙ͘ ڞ༗ɾษڧ͢Δίϛϡχ ςΟͰ͢. 4 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0

ࠓ೔ͷ࿩͠͸ͳΜͶʁ Ansible పఈೖ໳ΛಡΜͰ͍ͯ... • Module ͷཧղ͢Δ͜ͱͰ Ansible ΁ͷཧղ͕ਂ·Γͦ͏... • Plugin ͬͯ Module ͷԿ͕ҧ͏Μʁ ͱ͍͏ࢥ͍͕ϑπϑπͱ༙͍͖ͯͨͷͰɺModule ͱ Plugin ʹ͍ͭ ͯগ͚ͩ͠۷ΓԼ͛ͯΈ·ͨ͠. 5 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0

ͰɺͲΜͳ࿩͠Λͬ͢ͱ΍ʁ • Module ͬͯʁ • Module ͷछྨ / Module ͷ࣮૷ / Module ͷݴޠผ࣮૷ྫ • Plugin ͬͯʁ • For example Ansible Plugin / Plugin ͷ࣮૷ • ·ͱΊ • ͕࣌ؒ͋ͬͨΒ͓·͚ 6 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0

ຊࢿྉͰར༻ͨ͠؀ڥ ຊࢿྉͰར༻ͨ͠ Python ٴͼ Ansible όʔδϣϯ͸ҎԼͷ௨Γ. $ python --version Python 2.7.13 $ ansible --version ansible 2.2.1.0 config file = /path/to/.ansible.cfg configured module search path = Default w/o overrides 7 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0

Module ͬͯʁ 8 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0

Module ͬͯʁ(1) • Ansible పఈೖ໳ͷݴ༿Λഈआ͢Δͱ...Ansible ͔Β࣮ߦ͞ΕΔί ϚϯυͷΑ͏ͳ΋ͷ • 750 छྨͷϞδϡʔϧ͕ଘࡏ͍ͯ͠Δ(2017 ೥ 01 ݄࣌఺) • ansible-doc -l ͰϞδϡʔϧͷҰཡΛ֬ೝ͢Δ͜ͱ͕ग़དྷΔ • ansible-doc ${Ϟδϡʔϧ໊} ͰϞδϡʔϧͷৄࡉΛ֬ೝ͢Δ ͜ͱ͕ग़དྷΔ 9 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0

Module ͬͯʁ(2) - name: Install Nginx yum: # Yum Module name: nginx state: present - name: Start nginx service: # Service Module name: nginx state: started 10 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0

Module ͷछྨ(1) Github ϦϙδτϦͷ lib/ansible/modules/ Ͱ͸ҎԼͷΑ͏ʹΧςΰ ϥΠζ͞Ε͍ͯΔ. • cloud / clustering / commands / crypto / database • files / identity / inventory / messaging / monitoring 11 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0

Module ͷछྨ(2) • network / notification / packaging / remote_management / source_control • storage / system / utilities / web_infrastructure / windows 12 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0

Module ͷ࣮૷ 13 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0

ཁ݅ • ݴޠΛ໰Θͳ͍͕ɺϑΝΠϧ I/O ͱඪ४ग़ྗ΁ͷग़ྗ͕ඞཁ • Python Ͱ࣮૷͢Δ৔߹͸ϔϧύʔΫϥε͕ఏڙ͞Ε͍ͯΔ • Module ͷ࣮ߦ݁Ռ͸ JSON ϑΥʔϚοτͰग़ྗ͢Δඞཁ͕͋Δ 14 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0

Ϟδϡʔϧͷઃஔ • ΧϨϯτσΟϨΫτϦͷ library σΟϨΫτϦ • ؀ڥม਺ ANSIBLE_LIBRARY Ͱࢦఆ͞Εͨύε • ansible.cfg Ͱࢦఆ͞Εͨύε • --module-path Ͱࢦఆ͞Εͨύε 15 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0

ऴྃεςʔλε(1) • ੒ޭ {"changed": true} • มߋແ͠ {"changed": false} • ࣦഊ {"failed" : true} 16 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0

ऴྃεςʔλε(2) 17 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0

Ҿ਺ॲཧ(ansible ίϚϯυ) key=value ϑΥʔϚοτͰϞδϡʔϧʹҾ਺Λ౉͢. ansible -M . localhost -a 'key1=value1 key2=value2' 18 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0

Ҿ਺ॲཧ(Playbook) Playbook Ͱ͸ҎԼͷΑ͏ʹҾ਺Λ౉͢. - my_module: key1: 'value1' key2: 'value2' 19 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0

Ҿ਺ॲཧ(ݴޠຖͷॲཧ) Python Ҏ֎Ͱ࣮૷͢Δ৔߹ɺࣗલͰ args ϑΝΠϧΛಡΈࠐΜͰղ ੳͯ͠εΫϦϓτʹ౉ͯ͋͛͠Δඞཁ͕͋Δ. #!/usr/bin/env bash source $(dirname $0)/args echo "{\"key1\":\"${key1}\",\"key2\":\"${key2}\"}" 20 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0

Ҿ਺ॲཧ(ݴޠຖͷॲཧ) Python Ͱ࣮૷͢Δ৔߹ʹ͸ AnsibleModule ΫϥεΛར༻͢Δ͜ͱ Ͱɺଞͷݴޠͱൺ΂Δͱॲཧָ͕ʹͳΔ. def main(): ... module = AnsibleModule( argument_spec=fields, supports_check_mode=True ) response = { "key1": module.params['key1'], "key2": module.params['key2'] } 21 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0

Module ͷݴޠผ࣮૷ྫ /tmp/ ҎԼʹҾ਺Ͱࢦఆͨ͠ϑΝΠϧ໊ͷϑΝΠϧΛ࡞੒͢Δྫ 22 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0

Bash de ࣮૷ #!/usr/bin/env bash source $(dirname $0)/args if [ ! -f "/tmp/${file_name}" ];then touch /tmp/${file_name} if [ $? == "0" ];then echo '{"changed": true}' else echo '{"failed": true}' fi else echo '{"changed": false}' fi 23 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0

Ruby de ࣮૷ #!/usr/bin/env ruby require 'json' args_values = '' File.readlines(File.dirname(__FILE__) + '/args').each { |line| args_values = line.split(' ') } args_values.each { |value| v = value.split('=') ; ENV[v[0]] = v[1] } if File.exist?('/tmp/' + ENV['file_name']) puts JSON.generate({ "changed" => false }) else File.open('/tmp/' + ENV['file_name'], 'w').close() if File.exist?('/tmp/' + ENV['file_name']) puts JSON.generate({ "changed" => true }) else puts JSON.generate({ "failed" => true }) end end 24 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0

Python de ࣮૷ #!/usr/bin/python import os def main(): fields = { "file_name": { "required": True, "type": "str" } } module = AnsibleModule(argument_spec=fields, supports_check_mode=True) if os.path.exists('/tmp/' + module.params['file_name']): module.exit_json(changed=False) else: open('/tmp/' + module.params['file_name'], 'w').close() if os.path.exists('/tmp/' + module.params['file_name']): module.exit_json(changed=True) else: module.fail_json(msg='Error.') from ansible.module_utils.basic import * if __name__ == '__main__': main() 25 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0

Playbook --- - hosts: localhost tasks: - name: Bash Example bash_module: file_name: bash_file - name: Ruby Example ruby_module: file_name: ruby_file - name: Python Example python_module: file_name: python_file 26 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0

Plugin ͬͯʁ 27 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0

Plugin ͬͯʁ(1) • Ansible ͷڍಈΛαϙʔτ͢Δπʔϧ܈(ͱ͍͏ೝࣝˡྑ͍දݱ͕ ݟ͔ͭΒͳ͔ͬͨ) 28 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0

Plugin ͬͯʁ(2) • ྫ͑͹ɺPlaybook ࣮ߦ࣌ͷҎԼͷΑ͏ͳग़ྗ͸ Callback Plugin ͷ default.py ͕୲͍ͬͯΔ 29 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0

Plugin ͷछྨ(1) Plugin ͸ҎԼͷΑ͏ͳछྨ͕͋Δ. • Action plugins • Cache plugins • Callback plugins • Connection plugins 30 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0

Plugin ͷछྨ(2) • Filters plugins • Lookup plugins • Strategy plugins • Shell plugins • Test plugins • Vars plugins 31 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0

For example Ansible Plugin 32 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0

Connetcion Plugins ֤छΠϯϕϯτϦϗετͱ௨৴Λߦ͏ҝͷϓϥάΠϯ. • SSH • Docker • LXC / LXD • WinRM • etc... 33 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0

Callback Plugins ֤छΠϕϯτΛϑοΫͯ͠ผͷॲཧΛߦΘͤΔϓϥάΠϯ. • Mail • Syslog(syslog_json) • Slack • Hipchat • etc... 34 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0

Plugin ͷ࣮૷ Callback Plugin ͷ৔߹ 35 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0

ཁ݅ • Callback Plugin ʹݶΒͣ Python Ͱ࣮૷͢Δඞཁ͕͋Δ • Callback ΫϥεΛܧঝͯ͠৽͍͠ΫϥεΛ࡞੒͢Δ ... from ansible.plugins.callback import CallbackBase class CallbackModule(CallbackBase): """ ansible CloudWatch Logs callback plugin ansible.cfg: ... 36 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0

Plugin ͷઃஔ(1) • ansible.cfg ಺Ͱࢦఆͨ͠ callback_plugins σΟϨΫτϦʹϓ ϥάΠϯίʔυΛઃஔ͢Δ • Role ಺Ͱݺͼग़͢͜ͱ΋ग़དྷΔ [default] callback_plugins = ~/path/to/plugins callback_whitelist = cloudwatch_logs 37 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0

Plugin ͷઃஔ(2) • callback_whitelist ʹར༻͍ͨ͠ϓϥάΠϯ໊Λࢦఆ͢Δ(σ ϑΥϧτͰ͸ຆͲͷϓϥάΠϯ͸ར༻ग़དྷͳ͍ঢ়ଶʹͳ͍ͬͯ Δ) • Ϟδϡʔϧ໊ͷӳ਺ࣈॱʹಡΈࠐ·ΕΔ 38 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0

ؾʹͳΔ఺ • CALLBACK_VERSION ͱ CALLBACK_NAME ͷఆ͕ٛແ͍ͱ Ansible 2.0 Ҏ্ͩͱਖ਼ৗʹಈ࡞͠ͳ͍ͱυΩϡϝϯτʹॻ͔ΕΕ͍ͯΔ ͕ɺखݩͰࢼͨ͠Βఆ͕ٛແͯ͘΋ಈ͍ͯ͠·ͬͨ...ͳΜͰ΍ Ζ... • ansible.cfg ͷ callback_whitelist ʹར༻͍ͨ͠ϓϥάΠϯ໊ Λఆٛ͢Δඞཁ͕͋Δͱॻ͔Ε͍ͯΔ͕ɺखݩͰࢼͨ͠Βఆٛ ͕ແͯ͘΋ಈ͍ͯ͠·ͬͨ...ͳΜͰ΍Ζ... 39 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0

·ͱΊ 40 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0

Module • ๻Β͸ Playbook Λॻ͘͜ͱͰ Module Λૢ࡞͍ͯͨ͜͠ͱʹͳ Δ • Module ͷڍಈΛཧղ͢Δ͜ͱ͸ Playbook ͷڍಈΛཧղ͢Δۙ ಓʹͳΔ • ࣮૷ʹݴޠ͸໰Θͳ͍͚Ͳ Python ͩͱָʹ࣮૷ग़དྷΔ(ͱࢥ͏) • ႈ౳ੑ͸ Module ͷ੹೚ͱͳΔ 41 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0

Plugin • Ansible ͸ Pluggable ͳ࣮૷ʹͳ͍ͬͯΔΜͩͳ͋ • Plugin Λཧղ͢ΔͱɺAnsible ΛΑΓ࢖͍͜ͳ͢͜ͱ͕ग़དྷΔΑ ͏ʹͳΔͱࢥ͏ • ҙࣝͤͣʹར༻͍ͯ͠Δ৔߹΋͋Δ(Callback Plugin ͷ default.py ͱ͔) • ࣮૷͸ Python ͷΈ 42 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0

͕࣌ؒ͋Ε͹͓·͚ 43 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0

Datadog Tags module Datadog Ͱ؂ࢹ͍ͯ͠Δ Host ʹλάΛ෇༩ͨ͠Γɺ࡟আͨ͠Γ͢ ΔϞδϡʔϧ. • https:/ /github.com/inokappa/ansible-sandbox/blob/master/library/ datadog_tags.py 44 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0

CloudWatch Logs plugin Playbook ͷ࣮ߦ݁ՌΛ CloudWatch Logs ʹૹ৴͢Δ callback plugin. • https:/ /github.com/inokappa/ansible-sandbox/blob/master/ plugins/cloudwatch_logs.py 45 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0

Playbook - hosts: localhost tasks: - name: Test datadog_tags(present) datadog_tags: state: present host: myhost tags: 'aa,bb,cc,dd' api_key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx app_key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx - name: Test datadog_tags(absent) datadog_tags: state: absent host: myhost api_key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx app_key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 46 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0

ࢀߟࢿྉ • Ansible పఈೖ໳ ! • Building A Simple Module ! • Developing Plugins ! • AnsibleͷϞδϡʔϧ։ൃʢجૅฤʣ ! • ॳΊͯͷAnsibleʢ10ষɿΧελϜϞδϡʔϧʣ ! • Datadog API Reference " 47 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0

͓ΘΓ 48 CIRASUʢ͠Β͢ʣAnsible పఈೖ໳ ྠಡձ #0