Ansible. Why and how I use it

.
.
.
.
.
.
.
Ansible
Why and how I use it!
Ton Kersten
AT Computing
Gent, Belgium
.
..
.

View Slide

. .
Introduction
. . . . . .
Why
. . . . . . . . . . . . . . .
How
.
Recap
. .
Resources
.
Questions?
Agenda
.
.
.
1 Introduction
.
.
.
2 Why
.
.
.
3 How
.
.
.
4 Recap
.
.
.
5 Resources
.
.
.
6 Questions?
tk-atc-ans-v1.1
Ton Kersten © 2014 – AT Computing 2 / 28

View Slide

. .
Introduction
. . . . . .
Why
. . . . . . . . . . . . . . .
How
.
Recap
. .
Resources
.
Questions?
$ who am i
UNIX/Linux consultant and Trainer @ ATComputing
UNIX Nerd (started in 1986 with SunOS 3)
Linux Geek (started in 1992 with 0.96α)
Scripting nerd
Free and Open Source Software enthusiast
Programming
Plain text aﬁcionado
Big fan of things that just work
· · ·
tk-atc-ans-v1.1

View Slide

. .
Introduction
. . . . . .
Why
. . . . . . . . . . . . . . .
How
.
Recap
. .
Resources
.
Questions?
Long ago
Shell scripts
SSH loops
Parallel SSH
Cluster SSH
Screen synchronized windows
tmux synchronized panes
· · ·
Things got out of control
tk-atc-ans-v1.1

View Slide

. .
Introduction
. . . . . .
Why
. . . . . . . . . . . . . . .
How
.
Recap
. .
Resources
.
Questions?
Next
CF Engine
Puppet
Chef
Salt Stack
Juju
Capistrano
Fabric
· · ·
tk-atc-ans-v1.1

View Slide

. .
Introduction
. . . . . .
Why
. . . . . . . . . . . . . . .
How
.
Recap
. .
Resources
.
Questions?
What I want
.
Simple command
.
.
.
.
.
.
.
.
root@dns1 # ansible -playbook playbooks/vtun/main.yml
PLAY [tunservers] ***************************************
TASK: [install package vtun] ****************************
TASK: [deploy vtun config] ******************************
TASK: [ensure vtund is running] *************************
NOTIFIED: [restart vtund] *******************************
PLAY RECAP **********************************************
tun1 : ok=1 changed =4 unreachable =0 failed =0
tk-atc-ans-v1.1

View Slide

. .
Introduction
. . . . . .
Why
. . . . . . . . . . . . . . .
How
.
Recap
. .
Resources
.
Questions?
Why Ansible
No master server
No more daemons
No more agents
No databases
No separate PKI
Uses standard SSH functionality
Very, very powerful
Configuration, deployment, ad-hoc, continuous delivery
Simple configuration files
Idempotent
tk-atc-ans-v1.1

View Slide

. .
Introduction
. . . . . .
Why
. . . . . . . . . . . . . . .
How
.
Recap
. .
Resources
.
Questions?
Easy
From nothing to production in a jiﬀy
Python 2.6 + Paramiko, PyYAML, Jinja2 on master
Python 2.4 + simplejson on nodes
Can run in Python virtualenv
Can run from git checkout
Uses SSH for transport and login
No root needed, can use sudo
tk-atc-ans-v1.1

View Slide

. .
Introduction
. . . . . .
Why
. . . . . . . . . . . . . . .
How
.
Recap
. .
Resources
.
Questions?
Simple components
Commands
ansible
ansible-playbook
ansible-pull
ansible-doc
ansible-galaxy
Modules (172 at this moment)
Files / templating
Users
Packages (yum, apt, zypper, . . . )
Services
· · · (See: ansible-doc)
Or, write your own
tk-atc-ans-v1.1

View Slide

. .
Introduction
. . . . . .
Why
. . . . . . . . . . . . . . .
How
.
Recap
. .
Resources
.
Questions?
Easy install
On all operating systems
Create a Python virtualenv
# pip install ansible
On CentOS / RHEL / Scientiﬁc Linux
Enable the EPEL repository
# yum install ansible
From github (Bleeding edge)
Install and conﬁgure git
$ git clone http :// github.com/ansible/ansible.git
$ cd ansible
$ sudo make install
tk-atc-ans-v1.1

View Slide

. .
Introduction
. . . . . .
Why
. . . . . . . . . . . . . . .
How
.
Recap
. .
Resources
.
Questions?
How it works
Module(s)
Management
node
Node
Node
Node
Playbooks
or
roles
Hosts
no daemons
communication
over SSH
tk-atc-ans-v1.1

View Slide

. .
Introduction
. . . . . .
Why
. . . . . . . . . . . . . . .
How
.
Recap
. .
Resources
.
Questions?
My example network
Management
node
and DNS
Tunnel server
Web server
Web server
dns1.example.net
172.16.12.1/24
web1.example.net
172.16.12.2/24
web2.example.net
172.16.12.3/24
tun1.example.net
172.16.12.4/24
tk-atc-ans-v1.1

View Slide

. .
Introduction
. . . . . .
Why
. . . . . . . . . . . . . . .
How
.
Recap
. .
Resources
.
Questions?
Inventory ﬁle
.
# cat /etc/ansible/hosts
.
.
.
.
.
.
.
.
dns1
web1
web2
tun1
[dnsservers]
dns1
[webservers]
web1
web2
[tunservers]
tun1
tk-atc-ans-v1.1

View Slide

. .
Introduction
. . . . . .
Why
. . . . . . . . . . . . . . .
How
.
Recap
. .
Resources
.
Questions?
Site playbook
.
# cat /etc/ansible/site.yml
.
.
.
.
.
.
.
.
- hosts: all
user: ansible
sudo: true
sudo_user: root
roles:
- common
- sudo
- include: playbooks/vtun/main.yml
tk-atc-ans-v1.1

View Slide

. .
Introduction
. . . . . .
Why
. . . . . . . . . . . . . . .
How
.
Recap
. .
Resources
.
Questions?
Running Ansible
General ansible command form:
ansible -m -a
.
# ansible all -m ping -o
.
.
.
.
.
.
.
.
web2 | success >> {"changed": false , "ping": "pong"}
tun1 | success >> {"changed": false , "ping": "pong"}
web1 | success >> {"changed": false , "ping": "pong"}
dns1 | success >> {"changed": false , "ping": "pong"}
tk-atc-ans-v1.1

View Slide

. .
Introduction
. . . . . .
Why
. . . . . . . . . . . . . . .
How
.
Recap
. .
Resources
.
Questions?
Running a single command
The command module is default
.
# ansible webservers -a ’ls -l /etc/passwd’
.
.
.
.
.
.
.
.
web2 | success | rc=0 >>
-rw -r--r-- 1 root root 2302 Nov 25 13:20 /etc/passwd
web1 | success | rc=0 >>
-rw -r--r-- 1 root root 1906 Oct 26 19:31 /etc/passwd
tk-atc-ans-v1.1

View Slide

. .
Introduction
. . . . . .
Why
. . . . . . . . . . . . . . .
How
.
Recap
. .
Resources
.
Questions?
Installing a package
.
# ansible tunservers -m yum -a name=vtun
.
.
.
.
.
.
.
.
tun1 | success >> {
"changed": false ,
"msg": "",
"rc": 0,
"results": [
"vtun -3.0.2 -1. el6.rf.x86_64 providing
vtun is already installed"
]
}
tk-atc-ans-v1.1

View Slide

. .
Introduction
. . . . . .
Why
. . . . . . . . . . . . . . .
How
.
Recap
. .
Resources
.
Questions?
Playbooks
Written in YAML
Recipes of desired state, for which hosts
Can use variables
Can contain handlers
When a state changes, take conﬁgured action
Can be re-used
tk-atc-ans-v1.1

View Slide

. .
Introduction
. . . . . .
Why
. . . . . . . . . . . . . . .
How
.
Recap
. .
Resources
.
Questions?
Simple playbook
.
# cat /etc/ansible/playbooks/vtun/main.yml
.
.
.
.
.
.
.
.
- hosts: tunservers
tasks:
- name: install package vtun
yum: pkg=vtun state=present
- name: deploy vtun config
template: src=vtund.conf.j2
dest =/ etc/vtund.conf
owner=root group=root mode =0400
notify:
- restart vtund
- name: ensure vtund is running
service: name=vtund state=started enabled=yes
handlers:
- name: restart vtund
service: name=vtund state=restarted
tk-atc-ans-v1.1

View Slide

. .
Introduction
. . . . . .
Why
. . . . . . . . . . . . . . .
How
.
Recap
. .
Resources
.
Questions?
Playbook run
.
# ansible-playbook playbooks/vtun/main.yml
.
.
.
.
.
.
.
.
PLAY [tunservers] ***************************************
TASK: [install package vtun] ****************************
ok: [tun1]
TASK: [deploy vtun config] ******************************
ok: [tun1]
TASK: [ensure vtund is running] *************************
ok: [tun1]
NOTIFIED: [restart vtund] *******************************
changed: [tun1]
PLAY RECAP **********************************************
tun1 : ok=1 changed =4 unreachable =0 failed =0
tk-atc-ans-v1.1

View Slide

. .
Introduction
. . . . . .
Why
. . . . . . . . . . . . . . .
How
.
Recap
. .
Resources
.
Questions?
Templates
Ansible uses the Jinja2 templating engine
Variable substitution
Loops
Comments
Conditionals
Filters
Ansible facts are available
Puppet Facter facts are available (if installed)
Chefs Ohai facts are available (if installed)
tk-atc-ans-v1.1

View Slide

. .
Introduction
. . . . . .
Why
. . . . . . . . . . . . . . .
How
.
Recap
. .
Resources
.
Questions?
Templates
.
# ansible-playbook playbooks/vtun/main.yml
.
.
.
.
.
.
.
.
# Ansible information :
# Filedate : {{ ansible_managed }}
# Hostname : {{ ansible_hostname }}
tunnel {
passwd {{ secretpassword }};
type tun; # IP tunnel
proto tcp; # UDP protocol
device tun1; # Use this device
up {
# Connection is Up
ifconfig "%% {{ srvaddr }} pointopoint {{ clntaddr }}";
};
}
# (c) 2011 -{{ ansible_date_time.year }} by {{ name }}
tk-atc-ans-v1.1

View Slide

. .
Introduction
. . . . . .
Why
. . . . . . . . . . . . . . .
How
.
Recap
. .
Resources
.
Questions?
Roles
Playbooks grow large and unreadable
Standard way of writing things
Can easily be shared with others (Through Galaxy)
.
Ansible role directory structuur
.
.
.
.
.
.
.
.
thisrole....................................................Top of the role
files........................................................Role files
handlers.................................................Role handlers
main.yml......................................Role handlers start
tasks........................................................Role tasks
main.yml......................................Role starting point
templates...............................................Role templates
vars .................................................... Role variables
main.yml.....................................Role variables start
tk-atc-ans-v1.1

View Slide

. .
Introduction
. . . . . .
Why
. . . . . . . . . . . . . . .
How
.
Recap
. .
Resources
.
Questions?
Roles in playbooks
.
Using roles in playbooks
.
.
.
.
.
.
.
.
- hosts: all
roles:
- common
- users
- sudo
- hosts: webservers
roles:
- nginx
- hosts: tunservers
roles:
- vtun
tk-atc-ans-v1.1

View Slide

. .
Introduction
. . . . . .
Why
. . . . . . . . . . . . . . .
How
.
Recap
. .
Resources
.
Questions?
Recap
Entire Ansible setup is in a git repo
Cron runs my ansible_run script every hour
Configure authorized_keys to allow management hosts
to connect
Logs playbook runs to /var/log/ansible.log
Configure logrotate for /var/log/ansible.log
Use Ansible callbacks to give feedback
Use sudo for root commands
Use roles as much as possible
Make roles generic
Define variables for site configuration
tk-atc-ans-v1.1

View Slide

. .
Introduction
. . . . . .
Why
. . . . . . . . . . . . . . .
How
.
Recap
. .
Resources
.
Questions?
Resources
Website: http://www.ansible.com
Documentation: http://docs.ansible.com
IRC on Freenode: #ansible
Twitter: ansible
Reddit: http://www.reddit.com/r/ansible
Google Group: https://groups.google.com
Weekly newsletter: http://devopsu.com
Checkout and study the source from github
· · ·
tk-atc-ans-v1.1

View Slide

. .
Introduction
. . . . . .
Why
. . . . . . . . . . . . . . .
How
.
Recap
. .
Resources
.
Questions?
Please!!!!
Contribute to Ansible code
Contribute to Ansible documentation
Use roles from Galaxy
Share roles on Galaxy
Spread the Ansible word. . .
tk-atc-ans-v1.1

View Slide

. .
Introduction
. . . . . .
Why
. . . . . . . . . . . . . . .
How
.
Recap
. .
Resources
.
Questions?
Questions?
Questions??
.
Contact Ton Kersten:
.
.
.
.
.
.
.
.
[email protected]
http://www.atcomputing.nl
https://github.com/tonk
https://speakerdeck.com/tonk
@TonKersten on Twitter
TKersten on IRC
.
Created with:
.
.
.
.
.
.
.
.
L
A
TEX Beamer
Vim
Vim Snippets
Evince
.
..
.
tk-atc-ans-v1.1

View Slide

Ansible. Why and how I use it

Ansible. Why and how I use it

Ton Kersten

More Decks by Ton Kersten

Other Decks in Technology

Featured

Transcript