just orchestrate it just orchestrate it Srdjan Vranac // code4hire.com // @vranac 

business owner, developer, consultant, mercenary, writing terrible code that performs exceptionally, wrangling elePHPants and Pythons, obsessed with process automation, interested in continuous integration and delivery, clean code, testing, best practices and distributed systems 

In the Beginning... In the Beginning... Developers wrote code System Administrators deployed code 

©2012-2013 MokonalovesMochi 

...until one day... ...until one day... 

I'll write code that tells com‐ I'll write code that tells com‐ puter how to set up itself puter how to set up itself #!bin/sh sudo apt-get update sudo apt-get -y install build-essential sudo apt-get install apache2 sudo a2enmon rewrite sudo a2enmod vhost_alias sudo tee /etc/apache2/sites-available/mysite <

No content

Soooo.... What is the problem? Soooo.... What is the problem? 

Idempotence Idempotence (/ˌaɪdɨmˈpoʊtəns/ eye-dəm-poh-təns) "Idempotence is the property of certain operations in mathematics and computer science, that can be applied multiple times without changing the result beyond the initial application." 

Not "Robust" Not "Robust" 

Everybody is rolling their own Everybody is rolling their own 

Present Present 

Automation should not require Automation should not require programming experience programming experience It It MUST MUST be easy be easy We all have other stuff to do, don't we? 

compréh compréhansible ansible 

No content

"I wrote Ansible because none of the existing tools fit my brain. I wanted a tool that I could not use for 6 months, come back later, and still remember how it worked." Michael DeHaan Ansible project founder 

What is it? What is it? IT Automation tool Push based (Pull possible) Agentless, no agent on the client, uses SSH Scalable No databases or daemons added after install No Root permissions required, sudo is available Supported package managers for RHEL, CentOS, Fedora, Debian or Ubuntu 

Why use it? Why use it? Consistent Predictable Repeatable Easy PERIOD 

No content

Requirements Requirements Python 2.7 (Python 2.5 + simplejson possible) Paramiko(ssh), PyYaml, Jinja2 SSHD Possible Module Dependencies 

Installation? Installation? pip install ansible DONE DONE 

controller → remotes controller → remotes 

Inventory Inventory [localhost] 127.0.0.1 [webservers] www.example.com ntp=ntp1.pool.ntp.org web[10-23].example.com vagrant ansible_ssh_host=127.0.0.1 ansible_ssh_port=222 [devservers] a1.ww.mens.de 

Dynamic Inventory Dynamic Inventory Amazon EC2 Digital Ocean Linode Cobbler Google Compute Engine ... 

Hello, World! Hello, World! $ ansible localhost -m ping localhost | success >> { "changed": false, "ping": "pong" } 

Facts Facts $ ansible localhost -m setup localhost | success >> { "ansible_facts": { "ansible_all_ipv4_addresses": [ "33.33.33.100", ], "ansible_architecture": "x86_64", "ansible_default_ipv4": { "address": "192.168.1.194", "gateway": "192.168.1.1", "interface": "eth0", "macaddress": "22:54:00:02:8e:0f", }, "ansible_distribution": "CentOS", "ansible_distribution_version": "6.2", ... } Plus ohai and facter if installed on remote 

Modules Modules accelerate acl, add_host, airbrake_deployment, alternatives, apache2_module, apt, apt_key, apt_repository, apt_rpm, arista_interface, arista_l2interface, arista_lag, arista_vlan, assemble, assert, async_status, at, authorized_key, azure, bigip_facts, bigip_monitor_http, bigip_monitor_tcp, bigip_node, bigip_pool, bigip_pool_member, boundary_meter, bzr, campfire, capabilities, cloudformation, command, composer, copy, cpanm, cron, datadog_event, debconf, debug, digital_ocean, digital_ocean_domain, digital_ocean_sshkey, django_manage, dnsimple, dnsmadeeasy, docker, docker_image, easy_install, ec2, ec2_ami, ec2_ami_search, ec2_asg, ec2_eip, ec2_elb, ec2_elb_lb, ec2_facts, ec2_group, ec2_key, ec2_lc, ec2_metric_alarm, ec2_scaling_policy, ec2_snapshot, ec2_tag, ec2_vol, ec2_vpc, ejabberd_user, elasticache, facter, fail, fetch, file, filesystem, fireball, firewalld, flowdock, gc_storage, gce, gce_lb, gce_net, gce_pd, gem, get_url, git, github_hooks, glance_image, group, group_by, grove, hg, hipchat, homebrew, homebrew_cask, homebrew_tap, hostname, htpasswd, include_vars, ini_file, irc, jabber, jboss, jira, kernel_blacklist, keystone_user, layman, librato_annotation, lineinfile, linode, lldp, locale_gen, logentries, lvg, lvol, macports, mail, modprobe, mongodb_user, monit, mount, mqtt, mysql_db, mysql_replication, mysql_user, mysql_variables, nagios, netscaler, newrelic_deployment, nexmo, nova_compute, nova_keypair, npm, ohai, open_iscsi, openbsd_pkg, openvswitch_bridge, openvswitch_port, opkg, osx_say, ovirt, pacman, pagerduty, pause, ping, pingdom, pip, pkgin, pkgng, pkgutil, portage, portinstall, postgresql_db, postgresql_privs, postgresql_user, quantum_floating_ip, quantum_floating_ip_associate, quantum_network, quantum_router, quantum_router_gateway, quantum_router_interface, quantum_subnet, rabbitmq_parameter, rabbitmq_plugin, rabbitmq_policy, rabbitmq_user, rabbitmq_vhost, raw, rax, rax_cbs, rax_cbs_attachments, rax_clb, rax_clb_nodes, rax_dns, rax_dns_record, rax_facts, rax_files, rax_files_objects, rax_identity, rax_keypair, rax_meta, rax_network, rax_queue, rax_scaling_group, rax_scaling_policy, rds, rds_param_group, rds_subnet_group, redhat_subscription, redis, replace, rhn_channel, rhn_register, riak, rollbar_deployment, route53, rpm_key, s3, script, seboolean, selinux, service, set_fact, setup, shell, slack, slurp, sns, stackdriver, stat, subversion, supervisorctl, svr4pkg, swdepot, synchronize, sysctl, template, twilio, typetalk, ufw, unarchive, uri, urpmi, user, virt, vsphere_guest, wait_for, win_feature, win_get_url, win_group, win_msi, win_ping, win_service, win_stat, win_user, xattr, yum, zfs, zypper, zypper_repository 230+ modules and growing 

Ad-Hoc commands Ad-Hoc commands $ ansible webservers -m copy -a 'src=resolv.conf dest=/etc /resolv.conf' www.example.com | success >> { "changed": true, "dest": "/etc/resolv.conf", "group": "adm", "md5sum": "c6fce6e28c46be0512eaf3b7cfdb66d7", "mode": "0644", "owner": "ubuntu", "path": "resolv.conf", "src": "/home/ubuntu/.ansible/tmp/ansible-322091977449/resolv.conf", "state": "file" } 

Playbooks Playbooks YAML Files Decleratively define your OS/App configuration Collection of tasks using modules Each group of tasks is a play 

Tasks Tasks --- # tasks/foo.yml # This is a task - name: Placeholder foo command: /bin/foo # This is another task - name: Placeholder bar command: /bin/bar 

Tasks Tasks --- - name: Installing supervisor task for snapshot worker template: src=supervisor.conf.j2 dest={{ SUPERVISOR_CONFIG_DIR }}/{{ item['filename'] }}.conf backup=yes owner=root group=root mode=0644 # located in defaults/main.yml with_items: snapshot_worker_configuration when: snapshot_worker_configuration|lower != 'none' notify: - reload supervisor tags: [supervisor, configuration] 

Variables Variables From inventory In playbooks From host_vars/ files From group_vars/ files 

Variables Variables --- - hosts: localhost vars: - greeting: Hello tasks: - command: echo "{{greeting}}, {{inventory_hostname}}" 

Variables Variables 

Variables Variables host_vars/production --- snapshot_worker_configuration: - filename: snapshot_worker name: process_snapshot_report_worker command: "php process_snapshot_report_worker.php" process_name: process_snapshot_report_worker_%(process_num)02d numprocs: 1 directory: "/var/www/scripts/utils/" autostart: true autorestart: true user: ubuntu stdout_logfile: "/var/log/app/utils_process_snapshot_report_worker.log" stdout_logfile_maxbytes: 1MB stderr_logfile: "/var/log/app/supervisor_error_log" stderr_logfile_maxbytes: 1MB 

{{ templates }} {{ templates }} ;{{ ansible_managed }} [program:{{ item.name }}] {% for directive, value in item.iteritems() if directive != "name" and directive != "filen {{ directive }}={{ value }} {% endfor %} 

{{ templates }} {{ templates }} ;Ansible managed: /Users/vranac/dev/playground-ansible/vagrant-ansible-php/roles/superviso [program:process_snapshot_report_worker] stderr_logfile_maxbytes=1MB autorestart=True stderr_logfile=/var/log/app/supervisor_error_log process_name=process_snapshot_report_worker_%(process_num)02d stdout_logfile_maxbytes=1MB numprocs=1 command=php process_snapshot_report_worker.php user=ubuntu autostart=True directory=/var/www/scripts/utils/ stdout_logfile=/var/log/app/utils_process_snapshot_report_worker.log 

No content

Roles Roles 

Roles Roles roles/ nginx/ files/ handlers/main.yml meta/main.yml tasks/main.yml templates/ vars/main.yml --- - hosts: all roles: - nginx - mysql - { role: app, dir: '/etc/app', ntp: 'n1.example.org' } - { role: special, when: "ansible_os_family == 'RedHat'" } tasks: - ... 

Ansible Galaxy Ansible Galaxy http://galaxy.ansible.com/ ansible-galaxy 

Compare to X Compare to X https://devopsu.com/books/taste-test-grid.html 

The End The End Thank You! Thank You! Questions? Questions?