Let's automate stuff with Ansible

Db6218c1b56d64e775eb79ea4f2889dd?s=47 Sebastian
November 27, 2015

Let's automate stuff with Ansible

With ansible, orchestrating machines is getting easy. Defining how a host should look like in yaml, you are able to set it up with just one command. While this is certainly useful for production systems, ansible can be used to quickly set up new testing machines, development environments (e.g. inside a virtual machine) or even your localhost.

Within this talk, we'll go into the world of DevOps, seeing what it's like to control many servers without ever manually logging into them. In the beginning the ansible architecture will be explained briefly. We'll look into how a small ansible setup looks like and what can be achieved with ansible. The talk will also provide information on the difference to other configuration management tools like chef and puppet. Best practice examples will conclude the talk.

Db6218c1b56d64e775eb79ea4f2889dd?s=128

Sebastian

November 27, 2015
Tweet

Transcript

  1. Let’s automate stuff with Ansible DrupalCamp Vienna 2015 https://www.dropbox.com/s/wmsqf8xg74bevy6/53H.jpg @Sgoettschkes

  2. It started with bare metal ...

  3. … and then the cloud happened

  4. “99 servers in the cloud, 99 servers Take one down,

    tear it apart, 98 servers in the cloud” Unknown
  5. None
  6. Ansible

  7. Ansible

  8. Ansible

  9. Installation pip, brew, apt or From source (It’s just Python!)

  10. Inventory $ cat hosts [webservers] 127.0.0.101 ansible_ssh_port=2222 127.0.0.102 ansible_ssh_user=admin [dbservers]

    127.0.0.103 ansible_sudo=true
  11. Inventory $ cat hosts [webservers] 127.0.0.101 ansible_ssh_port=2222 127.0.0.102 ansible_ssh_user=admin [dbservers]

    127.0.0.103 ansible_sudo=true
  12. Ad-Hoc commands $ ansible all -m ping 127.0.0.101 | success

    >> { "changed": false, "ping": "pong" } 127.0.0.102 | success >> { "changed": false, "ping": "pong" }
  13. Ad-Hoc commands $ ansible all -m copy -a "src=/etc/hosts dest=/tmp/hosts"

    $ # or $ ansible all -m command -a "echo $TERM"
  14. Tasks

  15. Tasks $ cat tasks.yml --- - name: update apt cache

    apt: update_cache=yes - name: install vim apt: pkg=vim state=latest - name: install composer shell: curl -sS https://getcomposer.org/installer | php chdir=/usr/local/src creates=/usr/local/src/composer.phar
  16. Modules $ cat tasks.yml --- - name: update apt cache

    apt: update_cache=yes - name: install vim apt: pkg=vim state=latest - name: install composer shell: curl -sS https://getcomposer.org/installer | php chdir=/usr/local/src creates=/usr/local/src/composer.phar
  17. Tasks $ cat tasks.yml --- - name: update apt cache

    apt: update_cache=yes - name: install vim apt: pkg=vim state=latest - name: install composer shell: curl -sS https://getcomposer.org/installer | php chdir=/usr/local/src creates=/usr/local/src/composer.phar
  18. Tasks $ cat tasks.yml --- - name: update apt cache

    apt: update_cache=yes - name: install vim apt: pkg=vim state=latest - name: install composer shell: curl -sS https://getcomposer.org/installer | php chdir=/usr/local/src creates=/usr/local/src/composer.phar
  19. Tasks $ cat tasks.yml --- - name: update apt cache

    apt: update_cache=yes - name: install vim apt: pkg=vim state=latest - name: install composer shell: curl -sS https://getcomposer.org/installer | php chdir=/usr/local/src creates=/usr/local/src/composer.phar
  20. Tasks $ cat tasks.yml --- - name: update apt cache

    apt: update_cache=yes - name: install vim apt: pkg=vim state=latest - name: install composer shell: curl -sS https://getcomposer.org/installer | php chdir=/usr/local/src creates=/usr/local/src/composer.phar
  21. Tasks $ cat tasks.yml --- - name: install packages apt:

    pkg={{ item }} state=latest with_items: - emacs - vim
  22. Tasks $ cat tasks.yml --- - name: install packages apt:

    pkg={{ item }} state=latest with_items: - emacs - vim when: ansible_os_family == “Debian”
  23. Modules - apt, homebrew, pacman, … - and pip, gem,

    npm, composer, … - copy, file, template, … - PostgreSQL, MySQL, MongoDB, redis, … - git, hg, bzr, subversion, ... - Monitoring, Network, Cloud, ...
  24. Handlers $ cat handlers.yml - name: reload nginx service: name=nginx

    state=reloaded - name: restart nginx service: name=nginx state=restarted
  25. Handlers $ cat handlers.yml - name: reload nginx service: name=nginx

    state=reloaded - name: restart nginx service: name=nginx state=restarted
  26. Handlers $ cat tasks.yml --- - name: install nginx apt:

    pkg=nginx state=latest notify: restart nginx
  27. Templates $ cat templates/nginx.conf.j2 user {{ nginx_user }}; worker_processes {{

    nginx_worker_processes }}; pid /var/run/nginx.pid;
  28. Variables $ cat templates/nginx.conf.j2 user {{ nginx_user }}; worker_processes {{

    nginx_worker_processes }}; pid /var/run/nginx.pid;
  29. Facts $ cat group_vars/webservers.yml nginx_user: www-data nginx_worker_processes: "{{ ansible_processor_cores *

    ansible_processor_count }}"
  30. Roles • Grouping tasks • Separated • e.g. nginx, python,

    nodejs, mongodb, ...
  31. Putting it all together https://www.dropbox.com/s/en9t0dmeanbi2du/188H.jpg

  32. Folder structure $ ls -a . . .. dbservers.yml environments

    .git .gitignore group_vars host_vars README.md requirements.yml roles site.yml webservers.yml
  33. Inventory files $ ls -a . . .. dbservers.yml environments

    .git .gitignore group_vars host_vars README.md requirements.yml roles site.yml webservers.yml
  34. Inventory files $ cat environments/staging/inventory 127.0.0.101 ansible_ssh_user=deploy ansible_sudo=true [webservers] 127.0.0.101

    [dbservers] 127.0.0.101
  35. Group vars $ cat environments/staging/group_vars/all.yml --- env: staging domain_www: staging.example.com

    domain_static: static.staging.example.com
  36. Group vars $ ls -a . . .. dbservers.yml environments

    .git .gitignore group_vars host_vars README.md requirements.yml roles site.yml webservers.yml
  37. Group vars $ cat group_vars/all.yml --- apt_packages: - acl -

    curl - git - tmux - vim
  38. site.yml $ ls -a . . .. dbservers.yml environments .git

    .gitignore group_vars host_vars README.md requirements.yml roles site.yml webservers.yml
  39. site.yml $ cat site.yml --- - hosts: all roles: -

    apt - iptables - locale - include: webservers.yml - include: dbservers.yml
  40. webservers.yml $ ls -a . . .. dbservers.yml environments .git

    .gitignore group_vars host_vars README.md requirements.yml roles site.yml webservers.yml
  41. webservers.yml $ cat webservers.yml --- - hosts: webservers roles: -

    nginx - php
  42. roles $ ls -a . . .. dbservers.yml environments .git

    .gitignore group_vars host_vars README.md requirements.yml roles site.yml webservers.yml
  43. roles $ ls -a . . .. dbservers.yml environments .git

    .gitignore group_vars host_vars README.md requirements.yml roles site.yml webservers.yml $ ls roles apt iptables locale nginx php
  44. roles . .. dbservers.yml environments .git .gitignore group_vars host_vars README.md

    requirements.yml roles site.yml webservers.yml $ ls roles apt iptables locale nginx php $ ls roles/php/ defaults LICENSE meta README.md tasks templates
  45. Roles $ ls roles apt iptables locale nginx php $

    ls roles/php/ defaults LICENSE meta README.md tasks templates $ ls roles/php/tasks main.yml php.yml
  46. Roles $ cat roles/php/tasks/main.yml --- - include: php.yml tags=php

  47. Roles $ cat roles/php/tasks/php.yml --- - name: install php packages

    apt: default_release={{ php_default_release }} pkg={{ item }} state=latest with_items: - php5-cli - php5-common
  48. Roles - name: configure cli php.ini ini_file: dest=/etc/php5/cli/php.ini option={{ item.key

    }} section={{ item.section }} value={{ item.value }} with_items: php_config_cli
  49. Roles $ cat roles/php/defaults/main.yml --- php_default_release: stable php_config_cli: - {

    section: date, key: date.timezone, value: UTC } - { section: PHP, key: memory_limit, value: “{{ (ansible_memtotal_mb / 100) * 50}}M” }
  50. Let’s go $ ansible-playbook -i environment/staging/inventory site.yml $ ansible-playbook -i

    environment/staging/inventory \ webservers.yml $ ansible-playbook -i environment/staging/inventory \ -t php site.yml
  51. Let’s go TASK: [apt | install nginx] ok: [127.0.0.101] TASK:

    [php | install php packages] changed: [127.0.0.101] => (item=php5-cli,php5-common) TASK: [locale | copy localtime template] skipped: [127.0.0.101]
  52. There is more! http://publicdomainarchive.com/wp-content/uploads/2015/03/public-domain-images-free-stock-photos-autumn.jpg

  53. Ansible 2.0 “Ansible 2 is coming, and it’s going to

    be awesome!” James Cammarata (Director of Ansible Core Engineering)
  54. IT Automation https://www.dropbox.com/s/x8b4iqm82di9abr/186H.jpg

  55. https://www.dropbox.com/s/6z5aiwa8l09g2pa/86H.jpg