A tour of Ansible - Speaker Deck

Slide 1

Slide 1 text

Provisioning, Config, Execution, (more) Fun

Slide 2

Slide 2 text

Steve Pereira 18 years in IT Startups and Enterprise Love learning about, teaching and talking about: • DevOps • CI/CD • Automation • Scale WHO AM I?

Slide 3

Slide 3 text

ANSIBLE FEATURES • Automation for local and remote system provisioning • Automation for local and remote applications deployment • No agents to install on remote systems • Using existing SSHd on remote systems and native SSH on host • Parallel by default - scale to 6000 targets with single master • Language that approaches plain english

Slide 4

Slide 4 text

ANSIBLE CONVENTIONS Playbooks - contain required tasks to configure systems and deploy Tasks - individual actions to perform on remote or local machines Roles - modular, single-purpose configurations for systems Inventory - files containing address information of target machines Handlers - actions triggered by tasks Templates - customizable files destined for managed machines

Slide 5

Slide 5 text

MINIMUM VIABLE ANSIBLE $ ansible all -i 'localhost,' -c local -m ping localhost | success >> { "changed": false, "ping": "pong" }

Slide 6

Slide 6 text

WHAT ELSE? • ansible webservers -m setup • ansible lb -m copy -a "src=hosts dest=/tmp/hosts” • ansible webservers -m yum -a "name=curl state=installed” • ansible webservers -m service -a "name=nginx state=restarted” • ansible-doc -l

Slide 7

Slide 7 text

PLAYBOOKS --- - hosts: webservers vars: http_port: 80 max_clients: 200 remote_user: root tasks: - name: ensure apache is at the latest version yum: pkg=httpd state=latest - name: write the apache conﬁg ﬁle template: src=/srv/httpd.j2 dest=/etc/httpd.conf notify: - restart apache - name: ensure apache is running (and enable it at boot) service: name=httpd state=started enabled=yes handlers: - name: restart apache service: name=httpd state=restarted example_playbook.yml

Slide 8

Slide 8 text

Slide 9

Slide 9 text

Slide 10

Slide 10 text

Slide 11

Slide 11 text

Slide 12

Slide 12 text

Slide 13

Slide 13 text

Slide 14

Slide 14 text

ROLES my_role/ README.md (readme) defaults/ (default values) meta/ (role metadata) files/ (binaries) templates/ (file templates) handlers/ (operation handlers) tasks/ (playbook files) vars/ (custom variables) • Easily packaged and shared • Download community roles • Mix and match

Slide 15

Slide 15 text

INVENTORY • Define how ansible will interact with remote hosts • Define logical groups of managed nodes • One file for each environment • Default location : /etc/ansible/hosts • INI format, variable overrides sample_inventory.ini [loadbalancers] 10.20.30.41 10.20.30.42 [webservers] 10.20.30.51 hostname=artemis 10.20.30.52 hostname=apollo

Slide 16

Slide 16 text

TEMPLATES • Use Jinja2 templating and variables to customize • Defaults available when variables not provided (dev default with prod override) etc_logrotate.d.j2 {{ logﬁle }} { rotate {{ 7 | rotate_max }} {{ daily | frequency }} compress missingok notifempty }

Slide 17

Slide 17 text

IT CAN GET FANCY tasks: - name: install packages in a users virtualenv shell: su - c {{ item[0] }} '(. ./bin/activate && pip install {{ item[1] }})' with_nested: - [ 'jim', 'joe', 'jack' ] - [ package1==1.1, package2==1.2, package3==1.3 ] There are several types of loops: Hashes, Fileglobs, Sequence, Subelements, First match, Command results, Random and more but there’s a builtin pip module, anyways.

Slide 18

Slide 18 text

CONDITIONALS tasks: - command: /bin/false register: result ignore_errors: True - command: /bin/something when: result|failed - command: /bin/something_else when: result|success - command: /bin/still/something_else when: result|skipped The result of a play can depend on the value of a variable, fact (something learned about the remote system), or previous task result.

Slide 19

Slide 19 text

MORE CONDITIONALS! tasks: - shell: echo "I've got '{{ foo }}'" when: foo is defined - fail: msg="This play requires 'bar'" when: bar is not defined - command: echo {{ item }} with_items: [ 0, 2, 4, 6, 8, 10 ] when: item > 5 If a required variable has not been set, you can skip or fail using Jinja2’s defined test. For example:

Slide 20

Slide 20 text

SIMPLE, POWERFUL BUILTINS • 261 built-in modules • Many cloud providers, packages and tools are integrated • Easily add your own in any language examples: • ec2 - Create, terminate, start/stop an instance • docker - Manage docker containers • hipchat Send a message to hipchat • s3 - manage objects in S3 • twilio - Sends a text message to a phone • win_service - Manages Windows services • zfs - Manage zfs

Slide 21

Slide 21 text

SMOOTH OPERATION • Get and set variables easily • Simple variable precedence • Ordered, predictable execution • Tagged, resumable execution • ansible doc [foo]

Slide 22

Slide 22 text

SECURITY •Can be centralized and locked down via Ansible Tower •Can be run from a centralized bastion server •Vault encrypts sensitive data •Uses ordinary SSH, paramiko or custom transport plugins •No extra open ports, use your own user account, sudo! •No agents to update or risk vulnerabilities

Slide 23

Slide 23 text

ENTERPRISE GRADE •Tower integration with LDAP and AD for RBAC •Manage any number of servers across many Tower instances •Portal and dashboard views, pushbutton interaction •Job scheduling •Audit trail •High availability

Slide 24

Slide 24 text

ENTERPRISE USE

Slide 25

Slide 25 text

ADVANCED CAPABILITIES •Rolling updates/deployment/orchestration (1, 5, n at a time) •Canary testing (check for page content or response code) •Custom execution paths based on response/error/environment •Variable timeouts and parellelism •Ansible-pull to invert execution - nodes check in to a master

Slide 26

Slide 26 text

MORE INFORMATION https://docs.ansible.com http://www.ansible.com/tower https://docs.ansible.com/playbooks_best_practices.html https://galaxy.ansible.com https://github.com/ansible/ansible-examples