Ansible talk at Loadays 2014

Transcript

1. Ansible Why and how I use it! Ton Kersten AT

   Computing Antwerp, Belgium

2. Introduction Why How Recap Resources Questions? Agenda 1 Introduction 2

   Why 3 How 4 Recap 5 Resources 6 Questions? tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 2 / 29

3. Introduction Why How Recap Resources Questions? $ who am i

   UNIX/Linux consultant and Trainer @ AT Computing UNIX Nerd (started in 1986 with SunOS 3) Linux Geek (started in 1992 with 0.96α) Scripting nerd Free and Open Source Software enthusiast Programming Plain text aficionado Big fan of things that just work · · · tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 3 / 29

4. Introduction Why How Recap Resources Questions? Long ago Shell scripts

   SSH loops Parallel SSH Cluster SSH Screen synchronized windows tmux synchronized panes · · · Things got out of control tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 4 / 29

5. Introduction Why How Recap Resources Questions? Next CF Engine Puppet

   Chef Salt Stack Juju Capistrano Fabric · · · tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 5 / 29

6. Introduction Why How Recap Resources Questions? What I want Simple

   command root@dns1 # ansible-playbook playbooks/vtun/main.yml PLAY [tunservers] *************************************** TASK: [install package vtun] **************************** TASK: [deploy vtun config] ****************************** TASK: [ensure vtund is running] ************************* NOTIFIED: [restart vtund] ******************************* PLAY RECAP ********************************************** tun1 : ok=1 changed=4 unreachable=0 failed=0 tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 6 / 29

7. Introduction Why How Recap Resources Questions? Why Ansible No master

   server No more daemons No more agents No databases No separate PKI Uses standard SSH functionality Very, very powerful Configuration, deployment, ad-hoc, continuous delivery Simple configuration files Idempotent tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 7 / 29

8. Introduction Why How Recap Resources Questions? Easy From nothing to

   production in a jiffy Python 2.6 + Paramiko, PyYAML, Jinja2 on master Python 2.4 + simplejson on nodes Can run in Python virtualenv Can run from git checkout Uses SSH for transport and login No root needed, can use sudo tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 8 / 29

9. Introduction Why How Recap Resources Questions? Simple components (Commands) Commands

   ansible ⇒ The main Ansible command ansible-playbook ⇒ Command to run playbooks ansible-pull ⇒ The main Ansible pull command ansible-doc ⇒ Ansible documentation program ansible-galaxy ⇒ Command to interact with Galaxy ansible-vault ⇒ The Ansible password vault tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 9 / 29

10. Introduction Why How Recap Resources Questions? Simple components (Modules) A

    lot of modules (220+ at this moment) Commands Files / templating Users Packages (yum, apt, zypper, …) Services Databases · · · (See: ansible-doc) Or, write your own tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 10 / 29

11. Introduction Why How Recap Resources Questions? Easy install On all

    operating systems Create a Python virtualenv # pip install ansible On CentOS / RHEL / Scientific Linux Enable the EPEL repository # yum install ansible On Debian / Ubuntu Available in standard repository # apt-get install ansible From github (Bleeding edge) Install and configure git $ git clone http://github.com/ansible/ansible.git $ cd ansible $ sudo make install tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 11 / 29

12. Introduction Why How Recap Resources Questions? How it works Module(s)

    Management node Node Node Node Playbooks or roles Hosts no daemons communication over SSH tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 12 / 29

13. Introduction Why How Recap Resources Questions? My example network Management

    node and DNS Tunnel server Web server Web server dns1.example.net 192.168.56.11/24 web1.example.net 192.168.56.12/24 web2.example.net 192.168.56.13/24 tun1.example.net 192.168.56.14/24 tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 13 / 29

14. Introduction Why How Recap Resources Questions? Inventory file # cat

    /etc/ansible/hosts dns1 web1 web2 tun1 [dnsservers] dns1 [webservers] web1 web2 [tunservers] tun1 tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 14 / 29

15. Introduction Why How Recap Resources Questions? Site playbook # cat

    /etc/ansible/site.yml - hosts: all user: ansible sudo: true sudo_user: root roles: - common - sudo - include: playbooks/vtun/main.yml tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 15 / 29

16. Introduction Why How Recap Resources Questions? Running Ansible General ansible

    command form: ansible <hosts> -m <module> -a <params> <options> # ansible all -m ping -o web2 | success >> {"changed": false, "ping": "pong"} tun1 | success >> {"changed": false, "ping": "pong"} web1 | success >> {"changed": false, "ping": "pong"} dns1 | success >> {"changed": false, "ping": "pong"} tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 16 / 29

17. Introduction Why How Recap Resources Questions? Running a single command

    The command module is default # ansible webservers -a 'ls -l /etc/passwd' web2 | success | rc=0 >> -rw-r--r-- 1 root root 2302 Nov 25 13:20 /etc/passwd web1 | success | rc=0 >> -rw-r--r-- 1 root root 1906 Oct 26 19:31 /etc/passwd tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 17 / 29

18. Introduction Why How Recap Resources Questions? Installing a package #

    ansible tunservers -m yum -a name=vtun tun1 | success >> { "changed": false, "msg": "", "rc": 0, "results": [ "vtun-3.0.2-1.el6.rf.x86_64 providing vtun is already installed" ] } tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 18 / 29

19. Introduction Why How Recap Resources Questions? Playbooks Written in YAML

    Recipes of desired state, for which hosts Can use variables Can contain handlers When a state changes, take configured action Can be re-used tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 19 / 29

20. Introduction Why How Recap Resources Questions? Simple playbook # cat

    /etc/ansible/playbooks/vtun/main.yml - hosts: tunservers tasks: - name: install package vtun yum: pkg=vtun state=present - name: deploy vtun config template: src=vtund.conf.j2 dest=/etc/vtund.conf owner=root group=root mode=0400 notify: - restart vtund - name: ensure vtund is running service: name=vtund state=started enabled=yes handlers: - name: restart vtund service: name=vtund state=restarted tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 20 / 29

21. Introduction Why How Recap Resources Questions? Playbook run # ansible-playbook

    playbooks/vtun/main.yml PLAY [tunservers] *************************************** TASK: [install package vtun] **************************** ok: [tun1] TASK: [deploy vtun config] ****************************** ok: [tun1] TASK: [ensure vtund is running] ************************* ok: [tun1] NOTIFIED: [restart vtund] ******************************* changed: [tun1] PLAY RECAP ********************************************** tun1 : ok=1 changed=4 unreachable=0 failed=0 tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 21 / 29

22. Introduction Why How Recap Resources Questions? Templates Ansible uses the

    Jinja2 templating engine Variable substitution Loops Comments Conditionals Filters Ansible facts are available Puppet Facter facts are available (if installed) Chefs Ohai facts are available (if installed) tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 22 / 29

23. Introduction Why How Recap Resources Questions? Templates # cat playbooks/vtun/vtund.conf.j2

    # Ansible information: # Filedate : {{ ansible_managed }} # Hostname : {{ ansible_hostname }} tunnel { passwd {{ secretpassword }}; type tun; # IP tunnel proto tcp; # UDP protocol device tun1; # Use this device up { # Connection is Up ifconfig "%% {{ srvaddr }} pointopoint {{ clntaddr }}"; }; } # (c) 2012-{{ ansible_date_time.year }} by {{ name }} tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 23 / 29

24. Introduction Why How Recap Resources Questions? Roles Playbooks grow large

    and unreadable Standard way of writing things Can easily be shared with others (Through Galaxy) Ansible role directory structuur thisrole.............................................................Top of the role files..................................................................Role files handlers.........................................................Role handlers main.yml............................................Role handlers start tasks..................................................................Role tasks main.yml............................................Role starting point templates.......................................................Role templates vars..............................................................Role variables main.yml...........................................Role variables start tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 24 / 29

25. Introduction Why How Recap Resources Questions? Roles in playbooks Using

    roles in playbooks - hosts: all roles: - common - users - sudo - hosts: webservers roles: - nginx - hosts: tunservers roles: - vtun tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 25 / 29

26. Introduction Why How Recap Resources Questions? Recap Entire Ansible configuration

    is in a git repo Use sudo for root commands Configure authorized_keys for connections Run ansible script every hour Log playbook runs to /var/log/ansible.log Use Ansible callbacks to give feedback Use roles as much as possible Make roles generic Define variables for site configuration tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 26 / 29

27. Introduction Why How Recap Resources Questions? Resources Website: http://www.ansible.com Documentation:

    http://docs.ansible.com IRC on Freenode: #ansible Twitter: ansible Reddit: http://www.reddit.com/r/ansible Google Group: https://groups.google.com Weekly newsletter: http://devopsu.com Checkout and study the source from github · · · tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 27 / 29

28. Introduction Why How Recap Resources Questions? Please!!!! Contribute to Ansible

    code Contribute to Ansible documentation Use roles from Galaxy Share roles on Galaxy Spread the Ansible word. . . tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 28 / 29

29. Introduction Why How Recap Resources Questions? Questions? Questions?? Contact me

    Ton.Kersten@ATComputing.nl http://www.atcomputing.nl https://github.com/tonk https://speakerdeck.com/tonk @TonKersten on Twitter TKersten on IRC Created with L A TEX Beamer Vim Vim Snippets The Gimp Evince tk-atc-ans-v1.3 Ton Kersten © 2014 - AT Computing 29 / 29