Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Ansible talk at Loadays 2014
Search
Ton Kersten
April 05, 2014
Technology
0
350
Ansible talk at Loadays 2014
Ansible, why and how I use it.
Ton Kersten
April 05, 2014
Tweet
Share
More Decks by Ton Kersten
See All by Ton Kersten
Building an Ansible AAP cluster - Design and implementation
tonk
0
160
ARA on RHEL7 - Welcome to Hell
tonk
0
660
Ansible in a dev, tst, acc and prod enviroment
tonk
0
670
Testing Ansible Roles with Molecule
tonk
2
710
Ansible Presentation @ iSense
tonk
1
230
Puppet Introduction @ iSense
tonk
0
150
Ansible at AT TechTrack
tonk
0
180
Ansible. Why and how I use it
tonk
3
1.4k
Puppet deployment, an introduction
tonk
2
450
Other Decks in Technology
See All in Technology
長期間TiDBを使ってきた話 @ 私たちはなぜNewSQLを使うのかTiDB選定5社が語る選定理由と活用LT / Experiences with TiDB Over Time
chibiegg
2
110
強みを伸ばすキャリアデザイン
yug1224
0
200
ユーザーストーリーのレビューを自動化したみたの
bun913
1
250
2024/4/26 コンピュータ歴史博物館解説告知
toshi_atsumi
0
180
巨大なテーブルのテーブル定義を無停止で安全に誰でも変更できるようにする / Table-definitions-for-huge-tables-can-be-modified-by-anyone-safely-and-non-disruptively
freee
1
710
エンタープライズ環境下での Active Directory の運用 TIPS
tamaiyutaro
1
1.3k
Let's get started with Ruby && Rails Tips
sinsoku
0
190
Algyan イベント振り返り
linyixian
0
170
Autonomous Database Cloud 技術詳細 / adb-s_technical_detail_jp
oracle4engineer
PRO
13
35k
NLP2024 参加報告LT ~RAGの生成評価と懇親戦略~ / nlp2024_attendee_presentation_LT_masuda
taro_masuda
1
190
The AI Revolution Will Not Be Monopolized: How open-source beats economies of scale, even for LLMs
inesmontani
PRO
1
630
The AI Revolution Will Not Be Monopolized: How open-source beats economies of scale, even for LLMs (QCon London)
inesmontani
PRO
0
140
Featured
See All Featured
YesSQL, Process and Tooling at Scale
rocio
161
13k
Happy Clients
brianwarren
91
6.4k
jQuery: Nuts, Bolts and Bling
dougneiner
58
7.1k
Building Better People: How to give real-time feedback that sticks.
wjessup
353
18k
Making Projects Easy
brettharned
106
5.5k
Done Done
chrislema
178
15k
Unsuck your backbone
ammeep
662
57k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
240
1.2M
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
319
20k
Designing on Purpose - Digital PM Summit 2013
jponch
110
6.4k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
6
990
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
5
1.5k
Transcript
Ansible Why and how I use it! Ton Kersten AT
Computing Antwerp, Belgium
Introduction Why How Recap Resources Questions? Agenda 1 Introduction 2
Why 3 How 4 Recap 5 Resources 6 Questions? tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 2 / 29
Introduction Why How Recap Resources Questions? $ who am i
UNIX/Linux consultant and Trainer @ AT Computing UNIX Nerd (started in 1986 with SunOS 3) Linux Geek (started in 1992 with 0.96α) Scripting nerd Free and Open Source Software enthusiast Programming Plain text aficionado Big fan of things that just work · · · tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 3 / 29
Introduction Why How Recap Resources Questions? Long ago Shell scripts
SSH loops Parallel SSH Cluster SSH Screen synchronized windows tmux synchronized panes · · · Things got out of control tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 4 / 29
Introduction Why How Recap Resources Questions? Next CF Engine Puppet
Chef Salt Stack Juju Capistrano Fabric · · · tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 5 / 29
Introduction Why How Recap Resources Questions? What I want Simple
command root@dns1 # ansible-playbook playbooks/vtun/main.yml PLAY [tunservers] *************************************** TASK: [install package vtun] **************************** TASK: [deploy vtun config] ****************************** TASK: [ensure vtund is running] ************************* NOTIFIED: [restart vtund] ******************************* PLAY RECAP ********************************************** tun1 : ok=1 changed=4 unreachable=0 failed=0 tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 6 / 29
Introduction Why How Recap Resources Questions? Why Ansible No master
server No more daemons No more agents No databases No separate PKI Uses standard SSH functionality Very, very powerful Configuration, deployment, ad-hoc, continuous delivery Simple configuration files Idempotent tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 7 / 29
Introduction Why How Recap Resources Questions? Easy From nothing to
production in a jiffy Python 2.6 + Paramiko, PyYAML, Jinja2 on master Python 2.4 + simplejson on nodes Can run in Python virtualenv Can run from git checkout Uses SSH for transport and login No root needed, can use sudo tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 8 / 29
Introduction Why How Recap Resources Questions? Simple components (Commands) Commands
ansible ⇒ The main Ansible command ansible-playbook ⇒ Command to run playbooks ansible-pull ⇒ The main Ansible pull command ansible-doc ⇒ Ansible documentation program ansible-galaxy ⇒ Command to interact with Galaxy ansible-vault ⇒ The Ansible password vault tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 9 / 29
Introduction Why How Recap Resources Questions? Simple components (Modules) A
lot of modules (220+ at this moment) Commands Files / templating Users Packages (yum, apt, zypper, …) Services Databases · · · (See: ansible-doc) Or, write your own tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 10 / 29
Introduction Why How Recap Resources Questions? Easy install On all
operating systems Create a Python virtualenv # pip install ansible On CentOS / RHEL / Scientific Linux Enable the EPEL repository # yum install ansible On Debian / Ubuntu Available in standard repository # apt-get install ansible From github (Bleeding edge) Install and configure git $ git clone http://github.com/ansible/ansible.git $ cd ansible $ sudo make install tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 11 / 29
Introduction Why How Recap Resources Questions? How it works Module(s)
Management node Node Node Node Playbooks or roles Hosts no daemons communication over SSH tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 12 / 29
Introduction Why How Recap Resources Questions? My example network Management
node and DNS Tunnel server Web server Web server dns1.example.net 192.168.56.11/24 web1.example.net 192.168.56.12/24 web2.example.net 192.168.56.13/24 tun1.example.net 192.168.56.14/24 tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 13 / 29
Introduction Why How Recap Resources Questions? Inventory file # cat
/etc/ansible/hosts dns1 web1 web2 tun1 [dnsservers] dns1 [webservers] web1 web2 [tunservers] tun1 tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 14 / 29
Introduction Why How Recap Resources Questions? Site playbook # cat
/etc/ansible/site.yml - hosts: all user: ansible sudo: true sudo_user: root roles: - common - sudo - include: playbooks/vtun/main.yml tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 15 / 29
Introduction Why How Recap Resources Questions? Running Ansible General ansible
command form: ansible <hosts> -m <module> -a <params> <options> # ansible all -m ping -o web2 | success >> {"changed": false, "ping": "pong"} tun1 | success >> {"changed": false, "ping": "pong"} web1 | success >> {"changed": false, "ping": "pong"} dns1 | success >> {"changed": false, "ping": "pong"} tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 16 / 29
Introduction Why How Recap Resources Questions? Running a single command
The command module is default # ansible webservers -a 'ls -l /etc/passwd' web2 | success | rc=0 >> -rw-r--r-- 1 root root 2302 Nov 25 13:20 /etc/passwd web1 | success | rc=0 >> -rw-r--r-- 1 root root 1906 Oct 26 19:31 /etc/passwd tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 17 / 29
Introduction Why How Recap Resources Questions? Installing a package #
ansible tunservers -m yum -a name=vtun tun1 | success >> { "changed": false, "msg": "", "rc": 0, "results": [ "vtun-3.0.2-1.el6.rf.x86_64 providing vtun is already installed" ] } tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 18 / 29
Introduction Why How Recap Resources Questions? Playbooks Written in YAML
Recipes of desired state, for which hosts Can use variables Can contain handlers When a state changes, take configured action Can be re-used tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 19 / 29
Introduction Why How Recap Resources Questions? Simple playbook # cat
/etc/ansible/playbooks/vtun/main.yml - hosts: tunservers tasks: - name: install package vtun yum: pkg=vtun state=present - name: deploy vtun config template: src=vtund.conf.j2 dest=/etc/vtund.conf owner=root group=root mode=0400 notify: - restart vtund - name: ensure vtund is running service: name=vtund state=started enabled=yes handlers: - name: restart vtund service: name=vtund state=restarted tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 20 / 29
Introduction Why How Recap Resources Questions? Playbook run # ansible-playbook
playbooks/vtun/main.yml PLAY [tunservers] *************************************** TASK: [install package vtun] **************************** ok: [tun1] TASK: [deploy vtun config] ****************************** ok: [tun1] TASK: [ensure vtund is running] ************************* ok: [tun1] NOTIFIED: [restart vtund] ******************************* changed: [tun1] PLAY RECAP ********************************************** tun1 : ok=1 changed=4 unreachable=0 failed=0 tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 21 / 29
Introduction Why How Recap Resources Questions? Templates Ansible uses the
Jinja2 templating engine Variable substitution Loops Comments Conditionals Filters Ansible facts are available Puppet Facter facts are available (if installed) Chefs Ohai facts are available (if installed) tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 22 / 29
Introduction Why How Recap Resources Questions? Templates # cat playbooks/vtun/vtund.conf.j2
# Ansible information: # Filedate : {{ ansible_managed }} # Hostname : {{ ansible_hostname }} tunnel { passwd {{ secretpassword }}; type tun; # IP tunnel proto tcp; # UDP protocol device tun1; # Use this device up { # Connection is Up ifconfig "%% {{ srvaddr }} pointopoint {{ clntaddr }}"; }; } # (c) 2012-{{ ansible_date_time.year }} by {{ name }} tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 23 / 29
Introduction Why How Recap Resources Questions? Roles Playbooks grow large
and unreadable Standard way of writing things Can easily be shared with others (Through Galaxy) Ansible role directory structuur thisrole.............................................................Top of the role files..................................................................Role files handlers.........................................................Role handlers main.yml............................................Role handlers start tasks..................................................................Role tasks main.yml............................................Role starting point templates.......................................................Role templates vars..............................................................Role variables main.yml...........................................Role variables start tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 24 / 29
Introduction Why How Recap Resources Questions? Roles in playbooks Using
roles in playbooks - hosts: all roles: - common - users - sudo - hosts: webservers roles: - nginx - hosts: tunservers roles: - vtun tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 25 / 29
Introduction Why How Recap Resources Questions? Recap Entire Ansible configuration
is in a git repo Use sudo for root commands Configure authorized_keys for connections Run ansible script every hour Log playbook runs to /var/log/ansible.log Use Ansible callbacks to give feedback Use roles as much as possible Make roles generic Define variables for site configuration tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 26 / 29
Introduction Why How Recap Resources Questions? Resources Website: http://www.ansible.com Documentation:
http://docs.ansible.com IRC on Freenode: #ansible Twitter: ansible Reddit: http://www.reddit.com/r/ansible Google Group: https://groups.google.com Weekly newsletter: http://devopsu.com Checkout and study the source from github · · · tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 27 / 29
Introduction Why How Recap Resources Questions? Please!!!! Contribute to Ansible
code Contribute to Ansible documentation Use roles from Galaxy Share roles on Galaxy Spread the Ansible word. . . tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 28 / 29
Introduction Why How Recap Resources Questions? Questions? Questions?? Contact me
[email protected]
http://www.atcomputing.nl https://github.com/tonk https://speakerdeck.com/tonk @TonKersten on Twitter TKersten on IRC Created with L A TEX Beamer Vim Vim Snippets The Gimp Evince tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 29 / 29