Ansible Presentation @ iSense

Ansible
Why and how I use it!
Ton Kersten
Nijmegen / The Netherlands / 2016

View Slide

Agenda
1 Introduction
2 Why
3 How
4 Recap
5 Resources
6 Question Time!
ans-v1.9-2

View Slide

$ who am i
UNIX/Linux consultant and Trainer @ AT Computing
UNIX Nerd (started in 1986 with SunOS 3)
Linux Geek (started in 1992 with 0.96α)
Scripting Nerd
Configuration Management addict
Free and Open Source Software enthusiast
HAM Operator (pa1ton)
Programming
Plain text aficionado
Big fan of things that just work
Ansible user and contributor since 2012
· · ·
ans-v1.9-3

View Slide

Long ago
Shell scripts
SSH loops
Parallel SSH
Cluster SSH
Screen synchronized windows
tmux synchronized panes
· · ·
Things got out of control
ans-v1.9-4

View Slide

Next
CF Engine 1993
⇒ The first Config Management tool
Puppet 2005
⇒ Widely used, master / slave
Chef 2009
⇒ Puppet lookalike, configured with Ruby
Salt Stack 2011
⇒ master / slave
Ansible 2012
⇒ Easy to use, configured through yaml
Propellor 2014
⇒ master / slave, configured with Haskell
Capistrano 2006
⇒ Scripting in Ruby
Paver 2007
⇒ Fabric alternative for Python 3
Fabric 2008
⇒ Python Library for CM (Only Python 2)
Invoke 2012
⇒ Python 3 successor of Fabric
Juju 2011
⇒ Ubuntu, designed for the cloud
· · ·
Invoke seems to be the successor of Fabric, but is still in beta.
They do have the same author
ans-v1.9-5

View Slide

What I want
Simple command
root@master1 # some-kind-of-simple-command install_database
PLAY [dbservers] ****************************************
TASK: [install package dbase] ***************************
TASK: [deploy dbase config] *****************************
TASK: [ensure dbased is running] ************************
NOTIFIED: [restart dbased] ******************************
PLAY RECAP **********************************************
db1 : ok=1 changed=4 unreachable=0 failed=0
ans-v1.9-6

View Slide

Why Ansible
No master server
No more daemons on the master
No more agents on the nodes
No databases
No separate PKI
Uses standard SSH functionality
Very, very powerful
Configuration, deployment, ad-hoc, continuous delivery
Simple configuration files (yaml)
Idempotent ⇒ f(x) = f(f(x))
No convergence
ans-v1.9-7

View Slide

Easy
From nothing to production in a jiffy
Python 2.6 + Paramiko, PyYAML, Jinja2 on master
Python 2.4 + simplejson on nodes
Can run in Python virtualenv
Can run from git checkout
Uses SSH for transport and login
No root needed, can use sudo, pbrun, pfexec, etc.
ans-v1.9-8

View Slide

Simple components (Commands)
Ansible commands
ansible ⇒ The main Ansible command
ansible-playbook ⇒ Command to run playbooks
ansible-pull ⇒ The main Ansible pull command
ansible-doc ⇒ Ansible documentation program
ansible-galaxy ⇒ Command to interact with Galaxy
ansible-vault ⇒ The Ansible password vault
ansible-console ⇒ The Ansible interactive console
ans-v1.9-9

View Slide

Simple components (Modules)
A lot of modules
Ansible version 1 ⇒ 250+
Ansible version 2 ⇒ 600+
Commands
Files / templating
Users
Packages (yum, apt, zypper, …)
Services
Version control
Databases
· · · (See: ansible-doc)
Or, write your own
ans-v1.9-10

View Slide

Easy install
On all operating systems
Create a Python virtualenv
# pip install ansible
On CentOS / RHEL / Scientific Linux
Enable the EPEL repository
# yum install ansible
On Debian / Ubuntu
Available in standard repository
# apt-get install ansible
From github (Bleeding edge)
Install and configure git
$ git clone http://github.com/ansible/ansible.git
$ cd ansible
$ sudo make install
ans-v1.9-11

View Slide

How it works
Module(s)
Management
node
Node
Node
Node
Playbooks
or
roles
Hosts
no agents
communication
over SSH or
WinRM
ans-v1.9-12

View Slide

My example network
Management
node
Windows
server
DB server
Web server
master1.example.net
192.168.56.101/24
web1.example.net
192.168.56.102/24
db1.example.net
192.168.56.103/24
win1.example.net
192.168.56.110/24
DNS server
dns1.example.net
192.168.56.105/24
Web server web2.example.net
192.168.56.104/24
ans-v1.9-13

View Slide

Inventory file
# cat /etc/ansible/hosts
localhost ansible_connection=local
[dnsservers]
dns1 ansible_port=5504 ansible_user=ford
dns2 ansible_port=5505 ansible_user=arthur
[webservers]
web[1:9] ansible_port=7856 ansible_user=zaphod
[dbservers]
db1 db_port=3501 default_db=vogon_poetry
[windows]
win1 ansible_host=192.168.100.110
ansible_connection, ansible_user, ansible_host and ansible_port are
predefined variables used as connection parameters which override the defaults
as specified in ansible.cfg.
ans-v1.9-14

View Slide

Windows settings
# cat /etc/group_vars/windows
ansible_user: [email protected]
ansible_password: MySecretPassword
ansible_become: False
ansible_port: 5986
ansible_module_lang: cp1252
ansible_connection: winrm
ansible_winrm_server_cert_validation: ignore
As you can imagine, these settings should be placed in the Ansible Vault.
# klist -l
Principal name Cache name
-------------- ----------
[email protected] KEYRING:persistent:0:0
ans-v1.9-15

View Slide

Running Ansible
General ansible command form:
ansible -m -a
# ansible linux -m ping -o
db1 | success >> {"changed": false, "ping": "pong"}
web1 | success >> {"changed": false, "ping": "pong"}
dns1 | success >> {"changed": false, "ping": "pong"}
# ansible windows -m win_ping -o
win1 | SUCCESS => {"changed": false, "ping": "pong"}
ans-v1.9-16

View Slide

Running a single command
The command module is default
# ansible webservers -a 'ls -l /etc/passwd'
web1 | success | rc=0 >>
-rw-r--r-- 1 root root 1906 Oct 26 19:31 /etc/passwd
web2 | success | rc=0 >>
-rw-r--r-- 1 root root 1810 Sep 11 8:46 /etc/passwd
ans-v1.9-17

View Slide

Running a single command on Windows
# ansible windows -m raw -a 'CMD /C "dir /X C:\ "'
win1 | SUCCESS | rc=0 >>
Volume in drive C has no label.
Volume Serial Number is E4E8-A132
Directory of C:\
20-07-2016 10:54 DFSRoots
22-08-2013 18:07 inetpub
22-08-2013 17:52 PerfLogs
08-08-2016 13:26 PROGRA~1 Program Files
15-09-2016 11:47 PROGRA~2 Program Files (x86)
20-07-2016 10:54 SERVER~1 ServerFolders
20-07-2016 14:18 Tools
25-07-2016 09:36 Users
15-09-2016 12:00 Windows
0 File(s) 0 bytes
9 Dir(s) 19.953.180.672 bytes free
ans-v1.9-18

View Slide

Installing a package
# ansible dbservers -m yum -a name=dbase
db1 | success >> {
"changed": false,
"msg": "",
"rc": 0,
"results": [
"dbase-3.0.2-1.el6.rf.x86_64 providing
dbase is already installed"
]
}
ans-v1.9-19

View Slide

Gathering Facts
# ansible web1 -m setup
web1 | success >> {
"ansible_facts": {
"ansible_all_ipv4_addresses": [
"192.168.56.102",
"10.10.30.1"
],
"ansible_all_ipv6_addresses": [
"2001:123:1f19:480:20c:45ff:fe61:ac8d",
"fe80::20c:45ff:fe61:ab8d"
],
"ansible_architecture": "x86_64",
"ansible_bios_date": "04/14/2014",
"ansible_bios_version": "6.00",
.
.
.
},
"changed": false
}
ans-v1.9-20

View Slide

Playbooks
Written in YAML
Recipes of desired state, for which hosts
Can use variables
Can contain handlers
When a state changes, take configured action
Can be re-used
ans-v1.9-21

View Slide

Simple playbook
# cat /etc/ansible/playbooks/dbase/main.yml
- hosts: dbservers
tasks:
- name: install package dbase
yum: pkg=dbase state=present
tags:
- package
- name: deploy dbase config
template: src=dbased.conf.j2
dest=/etc/dbased.conf
owner=root group=root mode=0400
notify:
- restart dbased
- name: ensure dbased is running
service: name=dbased state=started enabled=yes
handlers:
- name: restart dbased
service: name=dbased state=restarted
ans-v1.9-22

View Slide

Playbook run
# ansible-playbook playbooks/dbase/main.yml
PLAY [dbservers] ****************************************
TASK: [install package dbase] ***************************
ok: [db1]
TASK: [deploy dbase config] *****************************
ok: [db1]
TASK: [ensure dbased is running] ************************
ok: [db1]
NOTIFIED: [restart dbased] ******************************
changed: [db1]
PLAY RECAP **********************************************
db1 : ok=1 changed=4 unreachable=0 failed=0
ans-v1.9-23

View Slide

Site playbook
# cat /etc/ansible/site.yml
- hosts: linux
user: ansible
become: true
become_user: root
roles:
- common
- sudo
- include: playbooks/dbase/main.yml
# For the Windows hosts
- include: playbooks/nsclient/main.yml
ans-v1.9-24

View Slide

Templates
Ansible uses the Jinja2 templating engine
Variable substitution
Loops
Comments
Conditionals
Filters
Ansible facts are available
Puppet Facter facts are available (if installed)
Chefs Ohai facts are available (if installed)
ans-v1.9-25

View Slide

Template deployment
# cat playbooks/dbase/main.yml
---
- name: deploy dbase config
template:
src: dbase.conf.j2
dest: /etc/dbase/dbase.conf
owner: root
group: root
mode: 0400
Convention: Use the “.j2” extension to identify templates
ans-v1.9-26

View Slide

Templates
# cat playbooks/dbase/dbase.conf.j2
# Ansible information:
# Filename : {{ template_path | replace("/etc/ansible", "...") }}
# Filedate : {{ template_mtime | regex_replace("\..*$", "") }}
# Hostname : {{ template_host }}
#
dbase {
passwd {{ secretpassword }};
{% if ansible_os_family == "RedHat" -%}
port 9910; # Database port
{% else -%}
port 29910; # Database port
{% endif -%}
host localhost; # Database host
}
# (c) 2012-{{ ansible_date_time.year }} by {{ name }}
ans-v1.9-27

View Slide

Roles
Playbooks grow large and become unreadable
A standard way of organizing things
Can easily be shared with others (Through Galaxy)
Ansible role directory structuur
thisrole.............................................................Top of the role
files..................................................................Role files
handlers..........................................................Role handlers
main.yml.............................................Role handlers start
tasks..................................................................Role tasks
main.yml.............................................Role starting point
templates........................................................Role templates
vars..............................................................Role variables
main.yml............................................Role variables start
ans-v1.9-28

View Slide

Roles in playbooks
Using roles in playbooks
- hosts: all
roles:
- common
- users
- sudo
- hosts: webservers
roles:
- python-django
- { role: nginx, when: ansible_os_family == 'RedHat' }
- hosts: dbservers
roles:
- dbase
ans-v1.9-29

View Slide

Recap
Entire Ansible configuration is in a git repo
Use become for root commands
Configure authorized_keys for connections
Run ansible script every hour
Log playbook runs to /var/log/ansible.log
Use Ansible callbacks to give feedback
Use roles as much as possible
Make roles generic
Define variables for site configuration
ans-v1.9-30

View Slide

Resources
Website: http://www.ansible.com
Documentation: http://docs.ansible.com
IRC on Freenode: #ansible and #ansibleu
Meetups: http://meetup.com/Ansible-Benelux
Twitter:  @ansible and @AnsibleBenelux
Reddit: http://www.reddit.com/r/ansible
Google Group:  https://groups.google.com
Twice a month DevOps newsletter: https://valdhaus.co
Checkout and study the source from Github
ans-v1.9-31

View Slide

Please!!!!
Contribute to Ansible code
Contribute to Ansible documentation
Use roles from Galaxy
Share roles on Galaxy
Visit Ansible Meetups
Spread the Ansible word. . .
ans-v1.9-32

View Slide

Question Time!
Questions??
Contact me
[email protected]
http://www.atcomputing.nl
https://github.com/tonk
https://speakerdeck.com/tonk
@TonKersten on Twitter
TKersten on IRC
Created with
L
A
TEX Beamer
Vim
Poppler Tools
LibreOffice
ImageMagick
Evince
ans-v1.9-33

View Slide

Ansible Presentation @ iSense

Ansible Presentation @ iSense

Ton Kersten

More Decks by Ton Kersten

Other Decks in Technology

Featured

Transcript