Ansible 202 - Sysarmy Meetup

Transcript

1. Ansible 202 (because i hate odd numbers)

2. $whoami • DevOps Engineer @ Jampp • Whisky enthusiast •

   Amateur golfer @sebamontini

3. $whoami • DevOps Engineer @ Jampp • Whisky enthusiast •

   Amateur golfer @sebamontini

4. What is Ansible? Ansible is a very simple (yet powerful)

   automation engine. • Simple: Ansible uses a clear (readable) YAML sintax. • Fast: easy to learn, easy to setup. • Efficient: No agent on you servers. • Secure: No open ports on your firewalls (SSH). @sebamontini

5. Glosary Inventory: Lists of Hosts, Variables and Groups. Modules: The

   units of work that Ansible ships out to remote hosts. Facts: Things that are discovered about remote nodes. Playbooks: List of plays (mapping of hosts and tasks). Tasks: set of actions (module+args) to be executed. @sebamontini

6. Playbooks @sebamontini

7. Playbooks @sebamontini

8. Tags @sebamontini --- tasks: - yum: name={{ item }} state=installed

   with_items: - httpd - memcached tags: - packages - template: src=templates/src.j2 dest=/etc/foo.conf tags: - config - deploy $ansible-playbook myapp.yml --tags config,deploy

9. Tags @sebamontini --- tasks: - yum: name={{ item }} state=installed

   with_items: - httpd - memcached tags: - packages - template: src=templates/src.j2 dest=/etc/foo.conf tags: - config - deploy $ansible-playbook myapp.yml --tags config,deploy

10. Roles @sebamontini roles/ myRole/ # this hierarchy represents a "role"

    tasks/ # install.yml configs.yml code.yml main.yml # <-- tasks file can include smaller files if warranted handlers/ # main.yml # <-- handlers file templates/ # <-- files for use with the template resource ntp.conf.j2 # <------- templates end in .j2 vars/ # main.yml # <-- variables associated with this role defaults/ # main.yml # <-- default lower priority variables for this role meta/ # main.yml # <-- role dependencies

11. Ansible Galaxy @sebamontini $ansible-galaxy install -r requirements.yml --- - src:

    torian.python name: python path: roles-galaxy/ version: 1.0.0 - src: bennojoy.memcached name: memcached path: roles-galaxy - src: https://github.com/torian/ansible-role-phantomjs name: phantomjs path: roles-galaxy/

12. ansible.cfg [defaults] inventory = inventory/ec2.py roles_path = roles:roles-galaxy retry_files_enabled =

    True retry_files_save_path = .ansible-retry $ansible-playbook <playbook.yml> -l @<playbook>.retry @sebamontini

13. Shell vs Command • With the Command module the command

    will be executed without being proceeded through a shell. As a consequence some variables like $HOME are not available. And also stream operations like <, >, | and & will not work. • The Shell module runs a command through a shell, by default /bin/sh. This can be changed with the option executable. Piping and redirection are here therefor available. • The command module is more secure, because it will not be affected by the user’s environment. @sebamontini

14. Variables’ precedence • role/defaults.yml • variables defined in inventory (eg:

    tag group_vars) • facts • Plays vars • role vars • included vars • task vars (only for the task) • extra vars (-e in the command line) always win @sebamontini

15. ansible-vault Vault is a feature of ansible that allows keeping

    sensitive data such as passwords or keys in encrypted files. roles/aliens ├── tasks │ └── main.yml └── vars └── spoilers.yml $ ansible-playbook playbooks/movies.yml --vault-password-file ~/.vault_pass.txt @sebamontini --- - include_vars: spoilers.yml - name: Put the spoiler in the tmp directory. copy: content="{{spoiler_text}}" dest=/tmp/spoiler_text.txt $ ansible-vault encrypt roles/aliens/vars/spoilers.yml --vault-password-file ~/.vault_pass.txt $cat playbooks/movies.yml --- - hosts: all roles: - { role: aliens }

16. We’re hiring ! http://jampp.com/jobs.php @sebamontini

17. Thanks [email protected] @sebamontini github.com/sebamontini