Continuous Delivery Workshop with Ansible x GitLab CI (5th)

Slide 1

Slide 1 text

_____________________________ / DevOps ⼈人⼀一定要 \ \ 知道的持續交付技巧 / ----------------------------- \ \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || [ chusiang@AgileTourTaichung ~ ] $ cat .proﬁle # Author: 凍仁翔 / [email protected] # Blog: http://note.drx.tw # Modiﬁed: 2018-01-13 14:00 5th

Slide 2

Slide 2 text

09:20 – 10:10 50 ⼈人跑 Scrum by 王泰瑞 10:10 – 11:00 有效⾯面對技術債 by 陳⼩小風 11:25 – 12:40 World Cafe 14:00 – 17:00 DevOps ⼈人⼀一定要知道的持續交付技巧 by 凍仁翔⽤用⼾戶故事入⾨門⼯工作坊 by David Ko ⽤用桌遊開發 UX ⼒力力⼯工作坊 by Nor Chen 2 Agile Tour Taichung 2017 2018

Slide 3

Slide 3 text

Slide 4

Slide 4 text

4 關於我 • 凍仁翔 (@chusiang_lai)。 • 「凍仁的筆記」部落落客。 • DevOps Taiwan 志⼯工。 • 6 年年 IT 維運經驗。

Slide 5

Slide 5 text

Today we use 119 Docker containers in DigitalOcean.

Slide 6

Slide 6 text

Ready? 要開始了了！ 6

Slide 7

Slide 7 text

7 Ready? 要開始了了！ 3

Slide 8

Slide 8 text

8 Ready? 要開始了了！ 2

Slide 9

Slide 9 text

9 Ready? 要開始了了！ 1

Slide 10

Slide 10 text

10 Outline 1. DevOps ⼈人是什什麼？ 2. 持續交付是什什麼？

Slide 11

Slide 11 text

11 Outline 1. DevOps ⼈人是什什麼？ 2. 持續交付是什什麼？ 3. GitLab 是什什麼？ 4. 怎麼操作 GitLab CI？ 5. 怎麼⽤用 Ansible 和 GitLab CI 進⾏行行持續交付？

Slide 12

Slide 12 text

12 Outline 6. Ansible 是什什麼？ 7. 怎麼部署 Ansible 環境？ 8. 怎麼操作 Ansible？

Slide 13

Slide 13 text

13 Outline 6. Ansible 是什什麼？ 7. 怎麼部署 Ansible 環境？ 8. 怎麼操作 Ansible？ 9. Q & A

Slide 14

Slide 14 text

14 Ⅰ. DevOps ⼈人是什什麼？

Slide 15

Slide 15 text

15 Infra Dev Ops ITSM DevOps 狹義的 DevOps 是什什麼？ ※ 本圖取⾃自許峰於 DevOpsDays Taipei 2017 分享的 DevOps in a value stream - https://youtu.be/qWbcujKw57c?t=9m39s

Slide 16

Slide 16 text

Agile Agile 是什什麼？ 16 Infra Dev Ops ITSM DevOps Invest Req ※ 本圖取⾃自許峰於 DevOpsDays Taipei 2017 分享的 DevOps in a value stream - https://youtu.be/qWbcujKw57c?t=9m39s

Slide 17

Slide 17 text

廣義的 DevOps 是什什麼？ 17 Infra Dev Ops ITSM Agile Req Invest Use Value DevOps ※ 本圖取⾃自許峰於 DevOpsDays Taipei 2017 分享的 DevOps in a value stream - https://youtu.be/qWbcujKw57c?t=9m39s

Slide 18

Slide 18 text

廣義的 DevOps 是什什麼？ 18 Infra Dev Ops ITSM Agile Req Invest Use Value DevOps ※ 本圖取⾃自許峰於 DevOpsDays Taipei 2017 分享的 DevOps in a value stream - https://youtu.be/qWbcujKw57c?t=9m39s DevOps

Slide 19

Slide 19 text

19 等 Ops？有事 On-call 沒事下班 Coding Dev ⼈人是什什麼？

Slide 20

Slide 20 text

20 耗時有事救火沒事 On-call 敲指令裝機器改什什麼常忘記 Ops ⼈人是什什麼？

Slide 21

Slide 21 text

21 不⽤用 20 分有事 On-call Coding 管機器沒事讓 code "⾃自⼰己" 管機器 DevOps ⼈人是什什麼？

Slide 22

Slide 22 text

22 Git, GitLab GitLab CI Ansible Docker 今天⽤用哪些 Tools？

Slide 23

Slide 23 text

23 LGPL MIT GPL Apache 今天⽤用哪些 License？

Slide 24

Slide 24 text

24 Ansible Chef, Puppet, Slat Docker AWS, Vagrant OpenStack GitLab CI, Jenkins CI, Drone CI Git, GitLab GitHub 可以⽤用什什麼 Tools 替代？

Slide 25

Slide 25 text

《Continuous Delivery》- https://goo.gl/r9vXFg 持續的、不間斷的、不鬆懈的。投遞、傳送、交付、交貨。 25 Ⅱ. 持續交付是什什麼？

Slide 26

Slide 26 text

26 《Continuous Delivery 中⽂文版》- https://goo.gl/SK745B 利利⽤用⾃自動化的建置、測試與部署，完美創造出可信賴的軟體發佈 - Jez Humble & David Farley

Slide 27

Slide 27 text

27 建置測試發佈部署⾃自動化

Slide 28

Slide 28 text

28 建置測試發佈部署⾃自動化

Slide 29

Slide 29 text

29 建置測試發佈部署⾃自動化

Slide 30

Slide 30 text

30 建置測試發佈部署⾃自動化

Slide 31

Slide 31 text

31 建置測試發佈部署⾃自動化

Slide 32

Slide 32 text

32 建置測試發佈部署⾃自動化

Slide 33

Slide 33 text

Continuous Delivery Continuous Deployment auto auto manual Build Deploy Test Release auto auto auto Build Deploy Test Release 33 持續交付和持續部署有什什麼不同？

Slide 34

Slide 34 text

Continuous Delivery Continuous Deployment auto auto manual Build Deploy Test Release auto auto auto Build Deploy Test Release 34 持續交付和持續部署有什什麼不同？

Slide 35

Slide 35 text

導入持續交付的好處是什什麼？ 35

Slide 36

Slide 36 text

36 推上 Git server？組態設定對了了？單元測試過了了？ Pipeline 過了了？真實案例例 Code 還在本機？ R&D：我程式寫完了了！我：(哪裡寫完了了？！)

Slide 37

Slide 37 text

37 交付 < 5 min commit 即交付⼈人為失誤 ↓ 即早發現即早治療 After

Slide 38

Slide 38 text

R&D：我程式寫完了了！我：等 CD 過了了再說。 Code 還在本機？推上 Git server？組態設定對了了？單元測試過了了？ Pipeline 過了了？真實案例例

Slide 39

Slide 39 text

39 Amazon - https://goo.gl/visckK 三步⼯工作法 Flow、Feedback、Culture。《The Phoenix Project》

Slide 40

Slide 40 text

四種⼯工作類型 40 提前預演變更更⼯工作，避免每次變更更都成為例例外⼯工作！《The Phoenix Project》天瓏網路路書店 - https://goo.gl/bRUHq6

Slide 41

Slide 41 text

41 Ⅲ. GitLab 是什什麼？

Slide 42

Slide 42 text

42 現代化開發平台 Git Repository、Docker Registry、Issue tracking、Code Review、CI/CD Pipeline 多個願望⼀一次滿⾜足。

Slide 43

Slide 43 text

https://www.ansible.com/blog/red-hat-ansible-automation-engine-vs-tower 43 Ansible × Tower

Slide 44

Slide 44 text

https://www.ansible.com/blog/red-hat-ansible-automation-engine-vs-tower GITLAB 44 改⽤用 Ansible × GitLab 進⾏行行協作 CONTROL KNOWLEDGE

Slide 45

Slide 45 text

https://www.ansible.com/blog/red-hat-ansible-automation-engine-vs-tower GITLAB 45 改⽤用 Ansible × GitLab 進⾏行行協作 CONTROL KNOWLEDGE GitLab CI, Pipeline

Slide 46

Slide 46 text

https://www.ansible.com/blog/red-hat-ansible-automation-engine-vs-tower GITLAB 46 改⽤用 Ansible × GitLab 進⾏行行協作 CONTROL KNOWLEDGE GitLab Web, Issue, Wiki

Slide 47

Slide 47 text

47 Pipeline 是什什麼？管道 (線)？⽣生產線？傻傻分不清楚？！

Slide 48

Slide 48 text

48 《Continuous Delivery》- https://goo.gl/r9vXFg 書中的 Pipeline 是什什麼？ Ch 5. 部署流⽔水線解析 Ch 6. 建置與部署的腳本化 Ch 7. 提交階段 Ch 8. ⾃自動化驗測試 Ch 9. 非功能性需求測試 Ch 10. 應⽤用程式的部署與發佈

Slide 49

Slide 49 text

原始程式碼應⽤用程式設置提交階段編譯單元測試程式碼分析組裝 binaries 驗收階段設置環境部署 binaries 冒煙測試驗收測試 UAT 階段設置環境部署 binaries 冒煙測試探索性測試⽣生產⼒力力測試階段設置環境部署 binaries 冒煙測試執⾏行行⽣生產⼒力力測試⽣生產環境設置環境部署 binaries 冒煙測試版本控制⾃自動發佈⾃自動發佈⼀一鍵發佈⼀一鍵發佈 Binary 儲存庫 binaries metadata 程式碼應⽤用程式設置 binaries metadata binaries binaries metadata metadata Adapted from “Continuous Delivery” © Dave Farley and Jez Humble 2010 Translated by Chu-Siang Lai 2017

Slide 50

Slide 50 text

Slide 51

Slide 51 text

Slide 52

Slide 52 text

–王⼤大明「在此輸入名⾔言語錄。」 52 – Chu-Siang Lai 「Pipeline 好比⽣生產線，導入⾃自動化後，⾃自然顯現的軟體發佈流程。」

Slide 53

Slide 53 text

53 GitLab Pipelines ⼜又是什什麼？可視化的軟體發佈⽣生產線。

Slide 54

Slide 54 text

54 Ⅳ. 怎麼操作 GitLab CI？在專案底下建立 .gitlab-ci.yml，並推送程式碼⾄至 GitLab。

Slide 55

Slide 55 text

55 $ vim .gitlab-ci.yml 1 stages: 2 - build 3 4 build_binary: 5 image: ubuntu:16.04 6 stage: build 7 script: 8 - chmod 755 penguin-htdocs/DEBIAN 9 - dpkg -b penguin-htdocs 10 tags: 11 - docker 怎麼寫 .gitlab-ci.yml？ • YAML 語法。 • 此例例⼤大致可分為 stage × 1 和 job × 1。                     

Slide 56

Slide 56 text

56 $ vim .gitlab-ci.yml 1 stages: 2 - build 3 4 build_binary: 5 image: ubuntu:16.04 6 stage: build 7 script: 8 - chmod 755 penguin-htdocs/DEBIAN 9 - dpkg -b penguin-htdocs 10 tags: 11 - docker Stage 怎麼寫 .gitlab-ci.yml？ • YAML 語法。 • 此例例⼤大致可分為 stage × 1 和 job × 1。                     

Slide 57

Slide 57 text

57 $ vim .gitlab-ci.yml 1 stages: 2 - build 3 4 build_binary: 5 image: ubuntu:16.04 6 stage: build 7 script: 8 - chmod 755 penguin-htdocs/DEBIAN 9 - dpkg -b penguin-htdocs 10 tags: 11 - docker Job 怎麼寫 .gitlab-ci.yml？ • YAML 語法。 • 此例例⼤大致可分為 stage × 1 和 job × 1。                     

Slide 58

Slide 58 text

58 怎麼觸發 GitLab CI？ $ git push --> GitLab

Slide 59

Slide 59 text

All Pipelines 59

Slide 60

Slide 60 text

Pipelines #13803169 60

Slide 61

Slide 61 text

Job #39892610

Slide 62

Slide 62 text

62 Ⅴ. 怎麼⽤用 Ansible 和 GitLab CI 進⾏行行持續交付？

Slide 63

Slide 63 text

63 Ansible GitLab CI Docker

Slide 64

Slide 64 text

64 LAB1 GitLab CI 使⽤用 Control Machine (Alpine 3.6) + Managed node × 2 (Ubuntu 16.04) 進⾏行行實作。透過 GitLab CI 和 Ansible 操控 Managed node

Slide 65

Slide 65 text

65 使⽤用者故事⾝身為開發團隊的⼀一員，我想要每次提交時，都會依照不同的分⽀支，⾃自動部署到不同的環境，並進⾏行行些簡易易的測試，  因為我們不想程式寫到⼀一半，還要  下⼀一堆指令，操作⼀一堆機器。

Slide 66

Slide 66 text

66 Git server GitLab CI server Build Deploy Test Engineer Develop

Slide 67

Slide 67 text

67 Customer Git server GitLab CI server Build Deploy Test Release Engineer Master

Slide 68

Slide 68 text

https://hub.docker.com/r/chusiang/ansible/ 0 68

Slide 69

Slide 69 text

http://s.drx.tw/cd.lab 1 69

Slide 70

Slide 70 text

Build stage 2 Test Deploy Release Build

Slide 71

Slide 71 text

Deploy, Test, Release stages 3 Deploy Build Test Release 71

Slide 72

Slide 72 text

72 Customer Git server GitLab CI server Build Deploy Test Release Engineer Coding & Git Commit

Slide 73

Slide 73 text

73 Customer Git server GitLab CI server Build Deploy Test Release Engineer Git Push Coding & Git Commit

Slide 74

Slide 74 text

74 Customer Git server GitLab CI server Build Deploy Test Release Engineer .gitlab-ci.yml

Slide 75

Slide 75 text

$ vim .gitlab-ci.yml 1 stages: 2 - build 3 - deploy 4 - test 5 - release 6 7 build_binary: 8 image: ubuntu:16.04 9 stage: build 10 script: 11 # For fix bad permissions of control directory on GitLab CI. 12 - chmod 755 penguin-htdocs/DEBIAN 13 14 # build deb. 15 - dpkg -b penguin-htdocs 16 artifacts: 17 expire_in: 1 week 18 paths: 19 - penguin-htdocs.deb 20 tags: 21 - docker 22 4 Test Deploy Release Build 75

Slide 76

Slide 76 text

22 23 deploy_to_dev: 24 image: chusiang/ansible:alpine-3.6 25 stage: deploy 26 script: 27 - ls 28 - cd ansible-playbooks/ 29 - echo "${VAULT_KEY}" > secret.txt 30 - ansible-playbook deploy.yml 31 - rm -f secret.txt 32 only: 33 - master@chusiang/continuous-delivery-workshop 34 - develop@chusiang/continuous-delivery-workshop 35 - tags@chusiang/continuous-delivery-workshop 36 tags: 37 - docker 38 5 Test Deploy Release Build 76

Slide 77

Slide 77 text

38 39 test_dev: 40 image: chusiang/ansible:alpine-3.6 41 stage: test 42 script: 43 - cd ansible-playbooks/ 44 - echo "${VAULT_KEY}" > secret.txt 45 - ansible-playbook test.yml 46 - rm -f secret.txt 47 only: 48 - master@chusiang/continuous-delivery-workshop 49 - develop@chusiang/continuous-delivery-workshop 50 - tags@chusiang/continuous-delivery-workshop 51 tags: 52 - docker 53 6 Test Deploy Release Build 77

Slide 78

Slide 78 text

53 54 release_to_prd: 55 image: chusiang/ansible:alpine-3.6 56 stage: release 57 script: 58 - cd ansible-playbooks/ 59 - echo "${VAULT_KEY}" > secret.txt 60 - ansible-playbook -i production deploy.yml 61 - rm -f secret.txt 62 only: 63 - master@chusiang/continuous-delivery-workshop 64 - tags@chusiang/continuous-delivery-workshop 65 tags: 66 - docker 67 7 Test Deploy Release Build 78

Slide 79

Slide 79 text

79 Customer Git server GitLab CI server Build Deploy Test Release Engineer .gitlab-ci.yml

Slide 80

Slide 80 text

80 Customer Git server GitLab CI server Build Deploy Test Release Engineer Package deb ﬁle

Slide 81

Slide 81 text

81 Customer Git server GitLab CI server Build Deploy Test Release Engineer Play deploy.yml

Slide 82

Slide 82 text

82 Customer Git server GitLab CI server Build Deploy Test Release Engineer Play test.yml

Slide 83

Slide 83 text

83 Customer Git server GitLab CI server Build Deploy Test Release Engineer Play deploy.yml

Slide 84

Slide 84 text

84 Customer Git server GitLab CI server Build Deploy Test Release Engineer Feedback

Slide 85

Slide 85 text

85 Customer Git server GitLab CI server Build Deploy Test Release Engineer

Slide 86

Slide 86 text

86 LAB1 ① 登入 https://gitlab.com、取得 GitLab 專屬密碼，並 Fork  http://s.drx.tw/cd.lab。 ② 取得專案。  $ git clone [email protected]:/continuous- delivery-workshop.git ③ 修改 penguin-htdocs/var/www/html/index.html，  並提交到⾃自⼰己的 repo。 ④ 發送 MR ⾄至 chusiang/continuous-delivery-workshop。 ⑤ 觀察 GitLab Pipeline、http://stg.cdws.drx.tw:10080 和  http://cdws.drx.tw 的變化。

Slide 87

Slide 87 text

讓 Pipelines ⾶飛⼀一下 ... 8 87

Slide 88

Slide 88 text

88 Ⅵ. Ansible 是什什麼？

Slide 89

Slide 89 text

89 電影海海報 - https://goo.gl/4xftZT Ansible 取名⾃自知名⼩小說  《安德的遊戲》，是虛構的超光速宇宙即時通。有了了它，我們就可以像安德指揮官般操控海海量量伺服器。

Slide 90

Slide 90 text

90 iThome - http://goo.gl/yJbWtz Ansible ⾃自 2013 年年創立，於 2015 年年被 Red Hat 併購。

Slide 91

Slide 91 text

91 在 GitHub 上擁有 27,687 顆星星、3,291 位協作者。

Slide 92

Slide 92 text

92 Linuxpilot - https://goo.gl/mSxR4E Ansible Tower 更更獲選 Linuxpilot 2017 Linux & OSS 最佳解決⽅方案  ，擁有最佳系統⾃自動化管理理⽅方案之名。

Slide 93

Slide 93 text

https://www.ansible.com/blog/red-hat-ansible-automation-engine-vs-tower 93 Ansible 和 Tower 有什什麼不同？

Slide 94

Slide 94 text

94 1. 與 Puppet、SaltStack、Chef 並列列其四。 2. Python like 的組態設定⼯工具 (Infrastructure as Code)。 3. 不需 Agent，有 Python 和 SSH 就可以打天下！ 4. 容易易上⼿手。 5. 社群強⼤大，有商業公司⽀支援。我⼼心中的 Ansible 是什什麼？

Slide 95

Slide 95 text

95 Python Ansible SaltStack Ruby Chef Puppet vs

Slide 96

Slide 96 text

96 真實案例例每週節省 26 hr 的⼯工時。 (6 x 3) x 2 - (5 x 1) x 2 = 26 hr

Slide 97

Slide 97 text

97 0 350 700 1,050 1,400 Week Month Year 104 hr 26 hr 1,352 hr 減少例例⾏行行性⼯工作⼈人⼒力力成本

Slide 98

Slide 98 text

98 0 125,000 250,000 375,000 500,000 Week Month Year $35,360 $8,840 $459,680 節省企業開⽀支

Slide 99

Slide 99 text

99 有這類困擾？歡迎上 DevOps Taiwan  找新⼯工作。(誤) https://github.com/DevOpsTW/jobs/

Slide 100

Slide 100 text

100 Ⅶ. 怎麼配置 Ansible？觀念念、安裝、設定

Slide 101

Slide 101 text

101 LAB2 Jupyer 使⽤用 Control Machine + Managed node × 2 (Ubuntu 16.04 × 3) 環境進⾏行行練習。透過 Ansible 和 Jupyter 操控 Managed node

Slide 102

Slide 102 text

102 Ansible 是怎麼運作的？透過 inventory 定義 Managed node，藉由 SSH 與 Python 進⾏行行溝通。

Slide 103

Slide 103 text

103 $ sudo apt install ansible # Debian, Ubuntu. $ sudo yum install ansible # RHEL, CentOS. $ sudo pip install ansible # Python (pip). $ brew install ansible # macOS (homebrew). 怎麼安裝 Ansible？ • 只需在 Control Machine (主控端) 安裝 Ansible； Managed node 則需 Python 2.5+ 和 SSH。

Slide 104

Slide 104 text

104 請於 Jupyter 設置 Ansible 操作環境請修改 ansible.cfg 和 inventory 檔案。

Slide 105

Slide 105 text

105 $ vim ansible.cfg 1 [defaults] 2 inventory = inventory # 指定 inventory 路路徑。 3 4 remote_user = docker # 遠端登入的使⽤用者名稱。 5 6 #private_key_file = ~/.ssh/id_rsa 7 8 host_key_checking = False # 不檢查 ssh ⾦金金鑰。怎麼設定 Ansible？ • 藉由 ansible.cfg 來來設定 inventory (hostsﬁle) 檔案路路徑、 Managed node (被控端) 使⽤用者名稱、SSH ⾦金金鑰 … 等。

Slide 106

Slide 106 text

106 $ vim inventory 1 # 此 LAB 為在同⼀一 Host 跑多個 ssh Containers。 2 3 [staging] 4 stg.cdws.drx.tw ansible_ssh_host=cdws.drx.tw ansible_ssh_port=10022 5 6 [production] 7 cdws.drx.tw ansible_ssh_host=cdws.drx.tw ansible_ssh_port=20022 inventory 是什什麼？ • 定義 Managed node (被控端) 位址與群組的主機清冊，  通常會⽤用來來設定 ssh 或 winrm 的連線資訊。

Slide 107

Slide 107 text

107 Ⅷ. 怎麼操作 Ansible？ Ad-Hoc command, Playbook* (Module)

Slide 108

Slide 108 text

108 Ad-Hoc commands 簡短指令

Slide 109

Slide 109 text

109 $ ping localhost PING localhost (127.0.0.1): 56 data bytes 64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.037 ms --- localhost ping statistics --- 1 packets transmitted, 1 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 0.037/0.037/0.037/0.000 ms $ echo Hello World Hello World ⼀一般的 command line 是什什麼？ • 這裡的 command line 為 Linux Shell 底下的指令操作，以下為 ping 和 echo 的操作的結果。

Slide 110

Slide 110 text

ansible [-m module_name] [-a args] [options] • host-pattern: all, server1, server1:server2, server_group. 110 $ ansible all -m ping localhost | SUCCESS => { "changed": false, "ping": "pong" } $ ansible all -m command -a "echo Hello World" localhost | SUCCESS | rc=0 >> Hello World # 各個 Module 的詳細說明請參參考官⽅方 All Modules ⽂文件。怎麼⽤用 Ad-Hoc commands？

Slide 111

Slide 111 text

111 Play  Ad-hoc commands

Slide 112

Slide 112 text

112 Playbooks 劇本

Slide 113

Slide 113 text

113 Baby Playbook Onesie - http://goo.gl/GKJvXn Playbooks 是什什麼？ • 比 Shell Script 更更結構化的腳本語⾔言，是⼀一鍵部署的好物。 • 使⽤用 YAML 格式，簡單易易讀。

Slide 114

Slide 114 text

114 Baby Playbook Onesie - http://goo.gl/GKJvXn Playbooks 是什什麼？ • 通常會有 Play, Task, Module 和 handler 等。 • 整合 Jinja2 的 template 系統，可使⽤用變數、判斷式、迴圈等表達式。

Slide 115

Slide 115 text

115 $ vim example.yml 1 --- 2 - name: a sample playbook 3 hosts: all 4 tasks: 5 - name: Hello World 6 command: echo "Hello World" 7 - name: Install Vim 8 become: true 9 apt: 10 name: vim Playbooks 是什什麼？ • ⼀一份 Playbook 可以有多個 Play、多個 Task 和多個 Module。 • 此例例⽤用到了了 Play × 1、Task × 2 和 Module × 2 (command, apt)。                         

Slide 116

Slide 116 text

116 $ ansible-playbook example2.yml PLAY [a sample playbook.] ******************************************* TASK [setup]********************************************************* ok: [stg.cdws.drx.tw] TASK [Hello World] ************************************************** changed: [stg.cdws.drx.tw] TASK [Install Vim] ************************************************** changed: [stg.cdws.drx.tw] => (item=[u'vim']) PLAY RECAP ********************************************************** stg.cdws.drx.tw : ok=1 changed=2 unreachable=0 failed=0 • 執⾏行行 playbook。 Playbooks 是什什麼？

Slide 117

Slide 117 text

117 $ ansible-playbook example2.yml PLAY [a sample playbook.] ******************************************* TASK [setup]********************************************************* ok: [stg.cdws.drx.tw] TASK [Hello World] ************************************************** changed: [stg.cdws.drx.tw] TASK [Install Vim] ************************************************** changed: [stg.cdws.drx.tw] => (item=[u'vim']) PLAY RECAP ********************************************************** stg.cdws.drx.tw : ok=1 changed=2 unreachable=0 failed=0 TASK [setup]：被執⾏行行的 managed node 有哪些 PLAY RECAP：總結 (ok / changed / failed ) Playbooks 是什什麼？ • 執⾏行行 playbook。

Slide 118

Slide 118 text

118 $ vim example.yml 1 --- 2 - name: a sample playbook 3 hosts: all 4 tasks: 5 - name: Hello World 6 command: echo "Hello World" 7 - name: Install Vim 8 become: true 9 apt: 10 name: vim Play • 透過動作 (Play) 對特定 Managed node 進⾏行行操控，通常包含 Task 和 Module。 • 此例例⽤用到了了 Play × 1、Task × 2 和 Module × 2 (command, apt)。                          Plays 是什什麼？

Slide 119

Slide 119 text

119 $ vim example.yml 1 --- 2 - name: a sample playbook 3 hosts: all 4 tasks: 5 - name: Hello World 6 command: echo "Hello World" 7 - name: Install Vim 8 become: true 9 apt: 10 name: vim Task 1 Task 2 • 藉由各種不同的模組 (Module)、迴圈和判斷式等組合來來完成各種任務 (Task)。 • 此例例⽤用到了了 Play × 1、Task × 2 和 Module × 2 (command, apt)。                          Tasks 是什什麼？

Slide 120

Slide 120 text

120 $ vim example.yml 1 --- 2 - name: a sample playbook 3 hosts: all 4 tasks: 5 - name: Hello World 6 command: echo "Hello World" 7 - name: Install Vim 8 become: true 9 apt: 10 name: vim Module • 最⼩小的操作⽅方法 (Method)，好比 Python 的內建函式。 • 此例例⽤用到了了 Play × 1、Task × 2 和 Module × 2 (command, apt)。                          Modules 是什什麼？

Slide 121

Slide 121 text

121 http://s.drx.tw/auto-with-ansible-12

Slide 122

Slide 122 text

122 # 更更新套件索引 (快取)，等同於 apt-get update 指令。 - name: Update repositories cache become: true apt: update_cache: yes # 安裝 vim 套件。 - name: Install the package "vim" become: true apt: name: vim state: present apt • 適⽤用於 Debian、Ubuntu 的 apt 套件模組 (Packaging Modules)。 • 類似的 Linux 指令有 apt、apt-get、aptitude 和 dpkg。                       

Slide 123

Slide 123 text

123 # Before 2.3, option 'dest', 'destfile' or 'name' was used instead of ‘path'. # 關閉 SELinux。 - name: disable selinux lineinfile: path: /etc/selinux/config regexp: '^SELINUX=' line: 'SELINUX=enforcing' # 移除 docker 使⽤用者的 sudo 權限。 - name: remove sudo permission of docker lineinfile: path: /etc/sudoers state: absent regexp: '^docker' lineinﬁle • ⽤用正規表⽰示式對檔案進⾏行行插入或取代⽂文字的檔案模組 (Files Modules)。 • 其類似的 Linux 指令為 sed。                       

Slide 124

Slide 124 text

124 # 藉由 ls 和 wc 檢查檔案數量量。 - name: check files number shell: ls /home/docker/ | wc -l # 列列出所有的 Python ⾏行行程。 - name: show all python process shell: ps aux | grep python # 執⾏行行 shell script，並把結果導向 /tmp/result.log。 - name: execute run.sh shell: ./run.sh > /tmp/result.log shell • 在遠端⽤用 /bin/sh 執⾏行行 shell 指令的指令模組 (Commands Modules)，⽀支援變數 (variables)、<、> 、|、; 和 & 等運算。                       

Slide 125

Slide 125 text

125 Play Playbooks

Slide 126

Slide 126 text

LAB1 Playbooks 126

Slide 127

Slide 127 text

127 Setup = Provision + Deploy Provision Deploy Setup = +

Slide 128

Slide 128 text

$ vim setup.yml 1 --- 2 # Provision 3 - name: import provision playbook 4 import_playbook: provision.yml 5 6 # Deployment 7 - name: import deployment playbook 8 import_playbook: deploy.yml Setup Deploy Setup > Setup : Deploy = 100% : 20% > Provision : Deploy = 80% : 20% 128

Slide 129

Slide 129 text

$ vim provision.yml 1 --- 2 - name: ==> Setup ... 3 hosts: all 4 become: true 5 tasks: 6 # like 'apt update'. 7 - name: update apt repo cache 8 apt: 9 update_cache: yes 10 11 # like 'apt install nginx'. 12 - name: install nginx with apt 13 apt: 14 name: nginx 15 state: present 16 17 # like 'service nginx start'. 18 - name: start nginx 19 service: 20 name: nginx 21 state: started Provision

Slide 130

Slide 130 text

130 $ vim deploy.yml 1 --- 2 - name: ==> Deploying ... 3 hosts: all 4 become: true 5 tasks: 6 # like 'apt remove penguin-htdocs'. 7 - name: uninstall penguin-htdocs 8 apt: 9 name: penguin-htdocs 10 state: absent 11 12 # like 'apt-get install nginx'. 13 - name: copy penguin-htdocs package to managed node 14 copy: 15 src: ../penguin-htdocs.deb 16 dest: /tmp/ 17 18 # like 'apt install /tmp/penguin-htdocs.deb'. 19 - name: install penguin-htdocs 20 apt: 21 deb: /tmp/penguin-htdocs.deb Deploy

Slide 131

Slide 131 text

131 $ vim push_ssh_pub_key.yml 1 --- 2 - name: ==> push the ssh public key ... 3 hosts: all 4 become: true 5 vars: 6 username: docker 7 tasks: 8 - name: create ssh key directory 9 file: 10 path: '/home/{{ username }}/.ssh/‘ 11 state: directory 12 owner: '{{ username }}' 13 group: '{{ username }}' 14 mode: 0700 15 16 - name: set authorized key took from file 17 authorized_key: 18 user: '{{ username }}’ 19 state: present 20 key: "{{ lookup('file', 'files/id_rsa.pub') }}" Push SSH Key

Slide 132

Slide 132 text

132 More Playbooks .. • Ansible Role: Install Vim and use vi-mode in everyway   - https://github.com/chusiang/vim-and-vi-mode.ansible.role • Ansible Role: PHP 7 (php-fpm) for Nginx on Ubuntu and CentOS  - https://github.com/chusiang/php7.ansible.role • Ansible Galaxy  - https://galaxy.ansible.com/ • Code samples from 《Ansible: Up and Running》  - https://github.com/ansiblebook/ansiblebook

Slide 133

Slide 133 text

133 今天玩到了了什什麼？

Slide 134

Slide 134 text

134 LAB1 GitLab CI 使⽤用 Control Machine (Alpine 3.6) + Managed node × 2 (Ubuntu 16.04) 進⾏行行實作。透過 GitLab CI 和 Ansible 操控 Managed node

Slide 135

Slide 135 text

LAB1 x AWS - https:/ /youtu.be/QHim_JxB4ZY 135

Slide 136

Slide 136 text

136 LAB2 Jupyer 使⽤用 Control Machine + Managed node × 2 (Ubuntu 16.04 × 3) 環境進⾏行行練習。透過 Ansible 和 Jupyter 操控 Managed node

Slide 137

Slide 137 text

$ docker pull \  chusiang/ansible-jupyter:ubuntu-16.04

Slide 138

Slide 138 text

138 LAB2 ① 建立 Control Machine。  $ docker run -Pd chusiang/ansible-jupyter:ubuntu-16.04 ② 建立 Managed node × 2。  $ docker run -Pd \  chusiang/ansible-managed-node:ubuntu-16.04  $ docker run -Pd \  chusiang/ansible-managed-node:ubuntu-16.04 ③ 查看 Managed node 的 ssh port。  $ docker ps  CONTAINER ID IMAGE ...... STATUS PORTS NAMES

Slide 139

Slide 139 text

139 LAB2 ④ 編輯 inventory。 ⑤ 玩⼆二下 Ad-hoc commands。 ⑥ 玩⼀一下 Playbooks。

Slide 140

Slide 140 text

140 Ansible on Jupyter

Slide 141

Slide 141 text

持續交付是⼀一段⼈人類與企業的進化史 141 Unit Test Integration Test Delivery Deployment Build Syntax Check Unit Test Delivery Deployment Build Syntax Check Unit Test Delivery Deployment Build Syntax Check Delivery Deployment Build Syntax Check Build Syntax Check Build

Slide 142

Slide 142 text

142 今天提的 DevOps 是什什麼？

Slide 143

Slide 143 text

143 ※ 此圖出⾃自 Chen Cheng-Wei 的 Effective DevOps 簡報 (https://www.slideshare.net/warfan/effective-devops-78979993)。

Slide 144

Slide 144 text

144 • DevOps ⼈人⼀一定要知道的持續交付技巧 - Ansible & GitLab CI 實戰演練 (3rd) - https://goo.gl/6o96kf • Continuous Delivery Workshop Lab - http://s.drx.tw/cd.lab • 提到 DevOps 到底在談些什什麼玩意兒？ by Chen Cheng-Wei - https://goo.gl/7YTeKD • Continuous Delivery - 敏捷開發的最後⼀一哩路路 by Miles - https://goo.gl/UhpAfG • Always Agile Consulting · Introducing Continuous Delivery - https://goo.gl/2Nhtcr • Ansible Documentation - http://docs.ansible.com/ansible/intro_installation.html • 《Ansible: Up and Running》- https://www.ansible.com/ansible-book • 現代 IT ⼈人⼀一定要知道的 Ansible ⾃自動化組態技巧 / 3e - https://goo.gl/vHyVDt • 現代 IT ⼈人⼀一定要知道的 Ansible ⾃自動化組態技巧系列列⽂文章 - https://goo.gl/EOjs4I 參參考⽂文獻

Slide 145

Slide 145 text

145 圖片來來源 • 《Continuous Delivery》 | Amazon.com - https://www.amazon.com/dp/0321601912 • 《Continuous Delivery 中⽂文版》 | 天瓏網路路書店 - https://goo.gl/SK745B • DevOps Services & Continuous Delivery - https://goo.gl/jswxch • 《The Phoenix Project》 | Amazon.com - https://goo.gl/visckK • Resenha: Harry Potter e a Pedra Filosofal, de J.K. Rowling | Acrobata das Letras  - https://goo.gl/R34tSA • Brown Book Icon | SoftIcons.com - https://goo.gl/U9U2am • 5 CI/CD Strategies for Faster Software Deployments and Better Automation | snap  - https://goo.gl/UZPf5e

Slide 146

Slide 146 text

146 嚴禁拍打餵食 Q & A

Slide 147

Slide 147 text

https://fb.me/groups/agile.kaohsiung/ https://fb.me/AgileTourHsinchu/ https://fb.me/groups/AgileNeihu/ 147 https:/ /fb.me/AgileCommunity.tw https://fb.me/AgileTourTaichung/

Slide 148

Slide 148 text

DevOps Taiwan 148 https://t.me/devopstw https://fb.me/groups/DevOpsTaiwan/ https://devopstw.club/

Slide 149

Slide 149 text

Ansible Taiwan 149 https://t.me/ansible_tw https://github.com/ansible-tw http://ansible.tw

Slide 150

Slide 150 text

150 http://萍⽔水相逢.tw

Slide 151

Slide 151 text

_____________________________ / 　　　　　　　　 \ \ 　　　　　　　　　 / ----------------------------- \ \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || [ chusiang@AgileTourTaichung ~ ] $ cat .proﬁle # Author: 凍仁翔 / [email protected] # Blog: http://note.drx.tw # Modiﬁed: 2018-01-13 14:00 END

Slide 152

Slide 152 text

152 ansible-console REPL console for executing Ansible tasks

Slide 153

Slide 153 text

ansible-console [] [options] • host-pattern: all, server1, server1:server2, server_group. 153 $ ansible --become Vault password: Welcome to the ansible console. Type help or ? to list commands. jonny@all (1)[f:5]# ping ubuntu1604 | SUCCESS => { "changed": false, "ping": "pong" } jonny@all (1)[f:5]# 怎麼⽤用 ansible-console？