ANSIBLE FEATURES • Automation for local and remote system provisioning • Automation for local and remote applications deployment • No agents to install on remote systems • Using existing SSHd on remote systems and native SSH on host • Parallel by default - scale to 6000 targets with single master • Language that approaches plain english
ANSIBLE CONVENTIONS Playbooks - contain required tasks to configure systems and deploy Tasks - individual actions to perform on remote or local machines Roles - modular, single-purpose configurations for systems Inventory - files containing address information of target machines Handlers - actions triggered by tasks Templates - customizable files destined for managed machines
INVENTORY • Define how ansible will interact with remote hosts • Define logical groups of managed nodes • One file for each environment • Default location : /etc/ansible/hosts • INI format, variable overrides sample_inventory.ini [loadbalancers] 10.20.30.41 10.20.30.42 [webservers] 10.20.30.51 hostname=artemis 10.20.30.52 hostname=apollo
IT CAN GET FANCY tasks: - name: install packages in a users virtualenv shell: su - c {{ item[0] }} '(. ./bin/activate && pip install {{ item[1] }})' with_nested: - [ 'jim', 'joe', 'jack' ] - [ package1==1.1, package2==1.2, package3==1.3 ] There are several types of loops: Hashes, Fileglobs, Sequence, Subelements, First match, Command results, Random and more but there’s a builtin pip module, anyways.
CONDITIONALS tasks: - command: /bin/false register: result ignore_errors: True - command: /bin/something when: result|failed - command: /bin/something_else when: result|success - command: /bin/still/something_else when: result|skipped The result of a play can depend on the value of a variable, fact (something learned about the remote system), or previous task result.
MORE CONDITIONALS! tasks: - shell: echo "I've got '{{ foo }}'" when: foo is defined - fail: msg="This play requires 'bar'" when: bar is not defined - command: echo {{ item }} with_items: [ 0, 2, 4, 6, 8, 10 ] when: item > 5 If a required variable has not been set, you can skip or fail using Jinja2’s defined test. For example:
SIMPLE, POWERFUL BUILTINS • 261 built-in modules • Many cloud providers, packages and tools are integrated • Easily add your own in any language examples: • ec2 - Create, terminate, start/stop an instance • docker - Manage docker containers • hipchat Send a message to hipchat • s3 - manage objects in S3 • twilio - Sends a text message to a phone • win_service - Manages Windows services • zfs - Manage zfs
SECURITY •Can be centralized and locked down via Ansible Tower •Can be run from a centralized bastion server •Vault encrypts sensitive data •Uses ordinary SSH, paramiko or custom transport plugins •No extra open ports, use your own user account, sudo! •No agents to update or risk vulnerabilities
ENTERPRISE GRADE •Tower integration with LDAP and AD for RBAC •Manage any number of servers across many Tower instances •Portal and dashboard views, pushbutton interaction •Job scheduling •Audit trail •High availability
ADVANCED CAPABILITIES •Rolling updates/deployment/orchestration (1, 5, n at a time) •Canary testing (check for page content or response code) •Custom execution paths based on response/error/environment •Variable timeouts and parellelism •Ansible-pull to invert execution - nodes check in to a master
MORE INFORMATION https://docs.ansible.com http://www.ansible.com/tower https://docs.ansible.com/playbooks_best_practices.html https://galaxy.ansible.com https://github.com/ansible/ansible-examples
stevepereira
trrrrrys
trycycle
marikashiotsuki
okazuki
line_developers
red_frasco
yusuke0519
shohata
mot_techtalk
takemikami
microcms
scarletplover
keathley
maggiecrowley
lynnandtonic
hannesfritz
tmm1
carmenintech
shpigford
sonatard
lauravandoore
chrisshort
deanohume
thoeni