Ansible - Reusable configuration and deployment

Transcript

1. Ansible Reusable configuration and deployment Automation Night - TechBar DevMarche

2. Riccardo Franconi software engineer @ ideato @ricfrank Automation Night -

   TechBar DevMarche

3. Ansible IT Configuration management Application deployment

4. Ansible Agent-less architecture SSH on remote server Configuration as data

   (YAML), not ad code

5. Why ? • cross functional team • reusable (complex) configuration

   • manual routines are error prone • iterative and incremental development (fast feedback and rapid changing)

6. Architecture

7. Example --- - name: devmarche demo hosts: webserver # hosts

   pattern|group|ip user: root tasks: - name: update apt action: command /usr/bin/apt-get -y update - name: install apache apt: name=apache2 state=present - name: start Apache and ensure that the service should start on boot service: name=apache2 state=started enabled=yes

8. Ansible installation • PIP (Python package manager) • GIT •

   OS package (recommended) • Windows isn’t supported for the control machine http://docs.ansible.com/intro_installation.html

9. Host Inventory [web1] webserver-1.example.com webserver-2.example.com [db] dbserver-1.example.com [demo] 162.219.7.56 #range

   [web2] webserver-[1:25].example.com webserver-[a:f].example.com #non-standard ssh port [web3] webserver1.example.com:2222 webserver-[a:f].example.com #ssh tunnel [web4] myhost ansible_ssh_port=5555 ansible_ssh_host=192.168.0.1

10. Host Inventory #child group [east] webserver-1.example.com webserver-2.example.com [west] webserver-3.example.com webserver-4.example.com

    [us:children] east west … Or put your hosts on global invetory /etc/ansible/hosts

11. Concepts • Playbooks • Tasks and handlers • Madules •

    Variables • Roles • Facts

12. Playbooks • Playbooks contains Plays • Plays contains Tasks •

    Tasks contains Modules Every tasks is sequentially ordered-strict. Handlers can be triggered by tasks, and will run at the end, once.

13. Playbooks --- - name: install git apt: name=git state=present -

    name: install php curl module apt: name=curl state=present - - - - name: install git and curl hosts: webserver gather_facts: yes user: root tasks: playbook play tasks

14. Tasks tasks: - name: install apache apt: name=apache2 state=present -

    name: start Apache service: name=apache2 state=started enabled=yes Task can call a module and may have a parameters. There are a lot of modules and you can write your own.

15. Handlers tasks: - name: enable virtual host shell: a2ensite dev.sf2-vagrant.lo.conf

    notify: restart apache handlers: - name: restart apache service: name=apache2 state=restarted

16. Modules • Package management: apt, yum • Remote execution: command,

    shell • Service management: service • File handling: copy, template, file • Source control management (SCM): git, subversion http://docs.ansible.com/list_of_all_modules.html

17. command and shell #Run script only when /path/to/database doesn't exist

    - name: create db command: /usr/bin/create_database.sh arg1 arg2 creates=/path/to/database The command will be executed on all selected nodes. It will not processed through the shell, so environment variables and operator like "<", ">", "|", and “&" will not work. It’s more securely and predictably. Best practice suggest command. - shell: somescript.sh > somelog.txt args: chdir: somedir/ #cd into this directory before running the command creates: somelog.txt Runs the command through a shell (/bin/sh) on the remote node

18. copy and template - name: copy: src=/mine/site.it.conf dest=/etc/apache2/sites-available/site.it.conf owner=root group=root

    mode=644 backup=yes Copy “site.it.conf” file in selected nodes, backing up the original if it differs from the copied version - name: Copy my.cnf global MySQL configuration. template: > src=my.cnf.j2 dest=/etc/my.cnf owner=root group=root mode=644 notify: restart mysql Template are processed by Jinja2 and copied on dest source. Note that “src” can be relative or absolute path (if you use roles is the template folder path).

19. jinja2 Python template language port = {{ mysql_port }} socket

    = {{ mysql_socket }}

20. apt and yum Package management: - name: install server packages

    apt: name={{ item }} state=present with_items: - git - nodejs - npm - curl - libapache2-mod-php5 - acl - name: install server packages yum: name=git state=present

21. Variables You can get/put variables in several places: • Playbooks

    • Command line • Inventory (/etc/ansible/host_var, /etc/ ansible/group_var) • Roles • Discovered variables (“ansible -m setup hostname”) • Templates

22. Variables --- - hosts: '{{ hosts }}' user: '{{ user

    }}' tasks: - ... From command line: > ansible-playbook release.yml --extra-vars "hosts=devmarche user=ric” --- - hosts: webservers vars: app_logs_file: /var/logs/apps.log tasks: - name: remove application logs file {{app_logs_file}} file: path={{app_logs_file}} state=absent

23. Facts Discovered remote system variables gather_facts: yes ansible -m setup

    -i hosts.ini demo … "ansible_nodename": "aigor", "ansible_os_family": "Debian", "ansible_pkg_mgr": "apt", "ansible_processor": [ "Intel(R)Xeon(R)[email protected]", "Intel(R)Xeon(R)[email protected]" ], "ansible_processor_cores": 2, …

24. Roles Roles are the right way to organize project. With

    Roles you can: • reuse components • define a filesystem project structure • choose which components run

25. Roles http://docs.ansible.com/playbooks_roles.html#roles

26. Ansible galaxy Ansible community Roles repository Get Symfony 2 deploy

    application role ansible-galaxy install servergrove.symfony2 Create local role stub ansible-galaxy init rolename

27. Conditionals tasks: - name: "shutdown Debian systems" command: /sbin/shutdown -t

    now when: ansible_os_family == “Debian” #use Jinja2 expressions tasks: - command: /bin/false register: result ignore_errors: True - command: /bin/something when: result|failed #use Jinja2 filter - command: /bin/something_else when: result|success - command: /bin/still/something_else when: result|skipped tasks: - command: echo {{ item }} with_items: [ 0, 2, 4, 6, 8, 10 ] when: item > 5 Condition in Roles: this works by applying the conditional to every task in the role. Roles that not match condition are skipped. - hosts: webservers roles: - { role: some_role, when: ansible_os_family == 'Debian' }

28. Register variables Stores the result of a given command in

    a variable to access it later. tasks: - command: /bin/false register: result - command: /bin/something when: result|failed … The resulting variables can be used in templates, action tasks, or when statements.

29. Debug This module prints statements during execution and can be

    useful for debugging variables or expressions without necessarily halting the playbook. - debug: msg="System {{ inventory_hostname }} has uuid {{ ansible_product_uuid }}” - shell: /usr/bin/uptime register: result - debug: var=result

30. Demo time https://github.com/ricfrank/ansible-devmarche

31. Thanks!