Automatisieren mit Ansible

Transcript

1. Automatisieren mit Ansible Simon Olofsson • Content Management AG @solofs

   • [email protected]
2. None

3. Inventory Control Machine Ad-Hoc Commands A SSH B C D

   A B C D Webserver Datenbankserver

4. % cat /etc/ansible/hosts [web] a.web.service b.web.service c.web.service d.web.service [db] [a:d].db.service

5. % ansible web -m ping % ansible a.db.service -m ping

6. % ansible db -a “shutdown -h now” -f 2

7. apt - Manages apt-packages assemble - Assembles a configuration file

   from fragments azure - create or terminate a virtual machine in azure bigip_pool_member (E) - Manages F5 BIG-IP LTM pool members command - Executes a command on a remote node copy - Copies files to remote locations. docker - manage docker containers ec2 - create, terminate, start or stop an instance in ec2, return instanceid fetch - Fetches a file from remote nodes gce - create or terminate GCE instances git - Deploy software (or files) from git checkouts github_hooks (E) - Manages github service hooks. irc (E) - Send a message to an IRC channel jira (E) - create and modify issues in a JIRA instance mysql_db - Add or remove MySQL databases from a remote host. nagios (E) - Perform common tasks in Nagios related to downtime and notifications. postgresql_db - Add or remove PostgreSQL databases from a remote host. win_msi - Installs and uninstalls Windows MSI files

8. Inventory Control Machine A SSH B C D Webserver A

   B C D Datenbankserver Webserver Playbook Datenbankserver Playbook

9. # web.yml --- - hosts: web tasks: - name: Install

   nginx apt: name=nginx state=latest - name: Ensure nginx is started service: name=nginx state=started

10. # db.yml --- - hosts: db tasks: - name: Install

    PostgreSQL apt: name=postgresql state=latest - name: Ensure PostgreSQL is started service: name=postgresql state=started

11. % ansible-playbook web.yml % ansible-playbook db.yml

12. !"" web.yml !"" db.yml !"" site.yml #"" roles #"" service_provider

    #"" tasks #"" main.yml

13. # web.yml --- - hosts: web roles: - { role:

    service_provider, service: 'nginx' }

14. # db.yml --- - hosts: db roles: - { role:

    service_provider, service: 'postgresql' }

15. # site.yml - include: web.yml - include: db.yml

16. # roles/service_provider/tasks/main.yml - name: Install {{ service }} apt: name={{

    service }} state=latest - name: Ensure {{ service }} is started service: name={{ service }} state=started

17. % ansible-playbook web.yml % ansible-playbook db.yml % ansible-playbook site.yml

18. None

19. Installation Konfiguration Benutzung Löschung

20. erzeugt richtet ein beschreibt Vagrantfile Provisioner Provider Virtuelle Maschine

21. Vagrant.configure("2") do |config| config.vm.box = "larryli/utopic64" config.vm.define "web" do |web|

    web.vm.network "forwarded_port", guest: 80, host: 8080 web.vm.provision "ansible" do |ansible| ansible.playbook = "../roles/web.yml" ansible.sudo = true end end

22. config.vm.define "db" do |db| db.vm.network "forwarded_port", guest: 5432, host: 5432

    db.vm.provision "ansible" do |ansible| ansible.playbook = "../roles/db.yml" ansible.sudo = true end end end

23. % vagrant up Bringing machine 'web' up with ‘virtualbox' provider...

    Bringing machine 'db' up with ‘virtualbox' provider… ==> web: Running provisioner: ansible… web: ok=3 changed=1 ==> db: Running provisioner: ansible… db: ok=3 changed=1

24. % vagrant provision ==> web: Running provisioner: ansible… web: ok=3

    changed=0 ==> db: Running provisioner: ansible… db: ok=3 changed=0

25. <!DOCTYPE html> <html> <head> <title>Welcome to nginx!</title> % curl localhost:8080

    | head -n4

26. http://commons.wikimedia.org/wiki/File:Runkelstein_Castle_11.jpg

27. % ansible-vault create secret.yml Vault password: Confirm Vault password:

28. % cat secret.yml $ANSIBLE_VAULT;1.1;AES256 65646639303532333334643932343161396535643636 336361313237613831626530313966363463 35643739323730646136653164323062623836653131 34300a323664363935383939636237373163 62383736623964363132663734643666663239636130 393438343238343466313231373462623366

    6466336266333338390a666333376632326431663961 363461316538616266646365373736363337 31356166393262656436303166643062303137393733 373137626338616463613532

29. % ansible-playbook secret.yml —ask-vault-pass Vault password:

30. Inventory Control Machine Rolling Update A SSH B C D

    A B C D …

31. https://github.com/ansible/ansible-examples --- - hosts: webservers serial: 1 max_fail_percentage: 10

32. https://github.com/ansible/ansible-examples pre_tasks: - name: disable nagios alerts for this host

    nagios: action=disable_alerts host={{ inventory_hostname }} services=webserver delegate_to: "{{ item }}" with_items: groups.monitoring - name: disable the server in haproxy shell: echo "disable server myapplb/ {{ inventory_hostname }}" | socat stdio /var/lib/haproxy/stats delegate_to: "{{ item }}" with_items: groups.lbservers

33. https://github.com/ansible/ansible-examples roles: - common - base-apache - web

34. https://github.com/ansible/ansible-examples post_tasks: - name: Wait for webserver to come up

    wait_for: host={{ inventory_hostname }} port=80 state=started timeout=80

35. https://github.com/ansible/ansible-examples - name: Enable the server in haproxy shell: echo

    "enable server myapplb/ {{ inventory_hostname }}" | socat stdio /var/lib/haproxy/stats delegate_to: "{{ item }}" with_items: groups.lbservers - name: re-enable nagios alerts nagios: action=enable_alerts host={{ inventory_hostname }} services=webserver delegate_to: "{{ item }}" with_items: groups.monitoring

36. http://www.ansible.com/aws

37. None

38. Vielen Dank! Simon Olofsson • Content Management AG @solofs •

    [email protected] Die Logos wurden den Webseiten der jeweiligen Projekte entnommen.