Ansible Reusable configuration and deployment Automation Night - TechBar DevMarche 

Riccardo Franconi software engineer @ ideato @ricfrank Automation Night - TechBar DevMarche 

Ansible IT Configuration management Application deployment 

Ansible Agent-less architecture SSH on remote server Configuration as data (YAML), not ad code 

Why ? • cross functional team • reusable (complex) configuration • manual routines are error prone • iterative and incremental development (fast feedback and rapid changing) 

Architecture 

Example --- - name: devmarche demo hosts: webserver # hosts pattern|group|ip user: root tasks: - name: update apt action: command /usr/bin/apt-get -y update - name: install apache apt: name=apache2 state=present - name: start Apache and ensure that the service should start on boot service: name=apache2 state=started enabled=yes 

Ansible installation • PIP (Python package manager) • GIT • OS package (recommended) • Windows isn’t supported for the control machine http://docs.ansible.com/intro_installation.html 

Host Inventory [web1] webserver-1.example.com webserver-2.example.com [db] dbserver-1.example.com [demo] 162.219.7.56 #range [web2] webserver-[1:25].example.com webserver-[a:f].example.com #non-standard ssh port [web3] webserver1.example.com:2222 webserver-[a:f].example.com #ssh tunnel [web4] myhost ansible_ssh_port=5555 ansible_ssh_host=192.168.0.1 

Host Inventory #child group [east] webserver-1.example.com webserver-2.example.com [west] webserver-3.example.com webserver-4.example.com [us:children] east west … Or put your hosts on global invetory /etc/ansible/hosts 

Concepts • Playbooks • Tasks and handlers • Madules • Variables • Roles • Facts 

Playbooks • Playbooks contains Plays • Plays contains Tasks • Tasks contains Modules Every tasks is sequentially ordered-strict. Handlers can be triggered by tasks, and will run at the end, once. 

Playbooks --- - name: install git apt: name=git state=present - name: install php curl module apt: name=curl state=present - - - - name: install git and curl hosts: webserver gather_facts: yes user: root tasks: playbook play tasks 

Tasks tasks: - name: install apache apt: name=apache2 state=present - name: start Apache service: name=apache2 state=started enabled=yes Task can call a module and may have a parameters. There are a lot of modules and you can write your own. 

Handlers tasks: - name: enable virtual host shell: a2ensite dev.sf2-vagrant.lo.conf notify: restart apache handlers: - name: restart apache service: name=apache2 state=restarted 

Modules • Package management: apt, yum • Remote execution: command, shell • Service management: service • File handling: copy, template, file • Source control management (SCM): git, subversion http://docs.ansible.com/list_of_all_modules.html 

command and shell #Run script only when /path/to/database doesn't exist - name: create db command: /usr/bin/create_database.sh arg1 arg2 creates=/path/to/database The command will be executed on all selected nodes. It will not processed through the shell, so environment variables and operator like "<", ">", "|", and “&" will not work. It’s more securely and predictably. Best practice suggest command. - shell: somescript.sh > somelog.txt args: chdir: somedir/ #cd into this directory before running the command creates: somelog.txt Runs the command through a shell (/bin/sh) on the remote node 

copy and template - name: copy: src=/mine/site.it.conf dest=/etc/apache2/sites-available/site.it.conf owner=root group=root mode=644 backup=yes Copy “site.it.conf” file in selected nodes, backing up the original if it differs from the copied version - name: Copy my.cnf global MySQL configuration. template: > src=my.cnf.j2 dest=/etc/my.cnf owner=root group=root mode=644 notify: restart mysql Template are processed by Jinja2 and copied on dest source. Note that “src” can be relative or absolute path (if you use roles is the template folder path). 

jinja2 Python template language port = {{ mysql_port }} socket = {{ mysql_socket }} 

apt and yum Package management: - name: install server packages apt: name={{ item }} state=present with_items: - git - nodejs - npm - curl - libapache2-mod-php5 - acl - name: install server packages yum: name=git state=present 

Variables You can get/put variables in several places: • Playbooks • Command line • Inventory (/etc/ansible/host_var, /etc/ ansible/group_var) • Roles • Discovered variables (“ansible -m setup hostname”) • Templates 

Variables --- - hosts: '{{ hosts }}' user: '{{ user }}' tasks: - ... From command line: > ansible-playbook release.yml --extra-vars "hosts=devmarche user=ric” --- - hosts: webservers vars: app_logs_file: /var/logs/apps.log tasks: - name: remove application logs file {{app_logs_file}} file: path={{app_logs_file}} state=absent 

Facts Discovered remote system variables gather_facts: yes ansible -m setup -i hosts.ini demo … "ansible_nodename": "aigor", "ansible_os_family": "Debian", "ansible_pkg_mgr": "apt", "ansible_processor": [ "Intel(R)Xeon(R)[email protected]", "Intel(R)Xeon(R)[email protected]" ], "ansible_processor_cores": 2, … 

Roles Roles are the right way to organize project. With Roles you can: • reuse components • define a filesystem project structure • choose which components run 

Roles http://docs.ansible.com/playbooks_roles.html#roles 

Ansible galaxy Ansible community Roles repository Get Symfony 2 deploy application role ansible-galaxy install servergrove.symfony2 Create local role stub ansible-galaxy init rolename 

Conditionals tasks: - name: "shutdown Debian systems" command: /sbin/shutdown -t now when: ansible_os_family == “Debian” #use Jinja2 expressions tasks: - command: /bin/false register: result ignore_errors: True - command: /bin/something when: result|failed #use Jinja2 filter - command: /bin/something_else when: result|success - command: /bin/still/something_else when: result|skipped tasks: - command: echo {{ item }} with_items: [ 0, 2, 4, 6, 8, 10 ] when: item > 5 Condition in Roles: this works by applying the conditional to every task in the role. Roles that not match condition are skipped. - hosts: webservers roles: - { role: some_role, when: ansible_os_family == 'Debian' } 

Register variables Stores the result of a given command in a variable to access it later. tasks: - command: /bin/false register: result - command: /bin/something when: result|failed … The resulting variables can be used in templates, action tasks, or when statements. 

Debug This module prints statements during execution and can be useful for debugging variables or expressions without necessarily halting the playbook. - debug: msg="System {{ inventory_hostname }} has uuid {{ ansible_product_uuid }}” - shell: /usr/bin/uptime register: result - debug: var=result 

Demo time https://github.com/ricfrank/ansible-devmarche 

Thanks!