Ansible. Why and how I use it

Transcript

1. . . . . . . . Ansible Why and

   how I use it! Ton Kersten AT Computing Gent, Belgium . .. .

2. . . Introduction . . . . . . Why

   . . . . . . . . . . . . . . . How . Recap . . Resources . Questions? Agenda . . . 1 Introduction . . . 2 Why . . . 3 How . . . 4 Recap . . . 5 Resources . . . 6 Questions? tk-atc-ans-v1.1 Ton Kersten © 2014 – AT Computing 2 / 28

3. . . Introduction . . . . . . Why

   . . . . . . . . . . . . . . . How . Recap . . Resources . Questions? $ who am i UNIX/Linux consultant and Trainer @ ATComputing UNIX Nerd (started in 1986 with SunOS 3) Linux Geek (started in 1992 with 0.96α) Scripting nerd Free and Open Source Software enthusiast Programming Plain text aficionado Big fan of things that just work · · · tk-atc-ans-v1.1 Ton Kersten © 2014 – AT Computing 3 / 28

4. . . Introduction . . . . . . Why

   . . . . . . . . . . . . . . . How . Recap . . Resources . Questions? Long ago Shell scripts SSH loops Parallel SSH Cluster SSH Screen synchronized windows tmux synchronized panes · · · Things got out of control tk-atc-ans-v1.1 Ton Kersten © 2014 – AT Computing 4 / 28

5. . . Introduction . . . . . . Why

   . . . . . . . . . . . . . . . How . Recap . . Resources . Questions? Next CF Engine Puppet Chef Salt Stack Juju Capistrano Fabric · · · tk-atc-ans-v1.1 Ton Kersten © 2014 – AT Computing 5 / 28

6. . . Introduction . . . . . . Why

   . . . . . . . . . . . . . . . How . Recap . . Resources . Questions? What I want . Simple command . . . . . . . . root@dns1 # ansible -playbook playbooks/vtun/main.yml PLAY [tunservers] *************************************** TASK: [install package vtun] **************************** TASK: [deploy vtun config] ****************************** TASK: [ensure vtund is running] ************************* NOTIFIED: [restart vtund] ******************************* PLAY RECAP ********************************************** tun1 : ok=1 changed =4 unreachable =0 failed =0 tk-atc-ans-v1.1 Ton Kersten © 2014 – AT Computing 6 / 28

7. . . Introduction . . . . . . Why

   . . . . . . . . . . . . . . . How . Recap . . Resources . Questions? Why Ansible No master server No more daemons No more agents No databases No separate PKI Uses standard SSH functionality Very, very powerful Configuration, deployment, ad-hoc, continuous delivery Simple configuration files Idempotent tk-atc-ans-v1.1 Ton Kersten © 2014 – AT Computing 7 / 28

8. . . Introduction . . . . . . Why

   . . . . . . . . . . . . . . . How . Recap . . Resources . Questions? Easy From nothing to production in a jiffy Python 2.6 + Paramiko, PyYAML, Jinja2 on master Python 2.4 + simplejson on nodes Can run in Python virtualenv Can run from git checkout Uses SSH for transport and login No root needed, can use sudo tk-atc-ans-v1.1 Ton Kersten © 2014 – AT Computing 8 / 28

9. . . Introduction . . . . . . Why

   . . . . . . . . . . . . . . . How . Recap . . Resources . Questions? Simple components Commands ansible ansible-playbook ansible-pull ansible-doc ansible-galaxy Modules (172 at this moment) Files / templating Users Packages (yum, apt, zypper, . . . ) Services · · · (See: ansible-doc) Or, write your own tk-atc-ans-v1.1 Ton Kersten © 2014 – AT Computing 9 / 28

10. . . Introduction . . . . . . Why

    . . . . . . . . . . . . . . . How . Recap . . Resources . Questions? Easy install On all operating systems Create a Python virtualenv # pip install ansible On CentOS / RHEL / Scientific Linux Enable the EPEL repository # yum install ansible From github (Bleeding edge) Install and configure git $ git clone http :// github.com/ansible/ansible.git $ cd ansible $ sudo make install tk-atc-ans-v1.1 Ton Kersten © 2014 – AT Computing 10 / 28

11. . . Introduction . . . . . . Why

    . . . . . . . . . . . . . . . How . Recap . . Resources . Questions? How it works Module(s) Management node Node Node Node Playbooks or roles Hosts no daemons communication over SSH tk-atc-ans-v1.1 Ton Kersten © 2014 – AT Computing 11 / 28

12. . . Introduction . . . . . . Why

    . . . . . . . . . . . . . . . How . Recap . . Resources . Questions? My example network Management node and DNS Tunnel server Web server Web server dns1.example.net 172.16.12.1/24 web1.example.net 172.16.12.2/24 web2.example.net 172.16.12.3/24 tun1.example.net 172.16.12.4/24 tk-atc-ans-v1.1 Ton Kersten © 2014 – AT Computing 12 / 28

13. . . Introduction . . . . . . Why

    . . . . . . . . . . . . . . . How . Recap . . Resources . Questions? Inventory file . # cat /etc/ansible/hosts . . . . . . . . dns1 web1 web2 tun1 [dnsservers] dns1 [webservers] web1 web2 [tunservers] tun1 tk-atc-ans-v1.1 Ton Kersten © 2014 – AT Computing 13 / 28

14. . . Introduction . . . . . . Why

    . . . . . . . . . . . . . . . How . Recap . . Resources . Questions? Site playbook . # cat /etc/ansible/site.yml . . . . . . . . - hosts: all user: ansible sudo: true sudo_user: root roles: - common - sudo - include: playbooks/vtun/main.yml tk-atc-ans-v1.1 Ton Kersten © 2014 – AT Computing 14 / 28

15. . . Introduction . . . . . . Why

    . . . . . . . . . . . . . . . How . Recap . . Resources . Questions? Running Ansible General ansible command form: ansible <hosts > -m <module > -a <params > <options > . # ansible all -m ping -o . . . . . . . . web2 | success >> {"changed": false , "ping": "pong"} tun1 | success >> {"changed": false , "ping": "pong"} web1 | success >> {"changed": false , "ping": "pong"} dns1 | success >> {"changed": false , "ping": "pong"} tk-atc-ans-v1.1 Ton Kersten © 2014 – AT Computing 15 / 28

16. . . Introduction . . . . . . Why

    . . . . . . . . . . . . . . . How . Recap . . Resources . Questions? Running a single command The command module is default . # ansible webservers -a ’ls -l /etc/passwd’ . . . . . . . . web2 | success | rc=0 >> -rw -r--r-- 1 root root 2302 Nov 25 13:20 /etc/passwd web1 | success | rc=0 >> -rw -r--r-- 1 root root 1906 Oct 26 19:31 /etc/passwd tk-atc-ans-v1.1 Ton Kersten © 2014 – AT Computing 16 / 28

17. . . Introduction . . . . . . Why

    . . . . . . . . . . . . . . . How . Recap . . Resources . Questions? Installing a package . # ansible tunservers -m yum -a name=vtun . . . . . . . . tun1 | success >> { "changed": false , "msg": "", "rc": 0, "results": [ "vtun -3.0.2 -1. el6.rf.x86_64 providing vtun is already installed" ] } tk-atc-ans-v1.1 Ton Kersten © 2014 – AT Computing 17 / 28

18. . . Introduction . . . . . . Why

    . . . . . . . . . . . . . . . How . Recap . . Resources . Questions? Playbooks Written in YAML Recipes of desired state, for which hosts Can use variables Can contain handlers When a state changes, take configured action Can be re-used tk-atc-ans-v1.1 Ton Kersten © 2014 – AT Computing 18 / 28

19. . . Introduction . . . . . . Why

    . . . . . . . . . . . . . . . How . Recap . . Resources . Questions? Simple playbook . # cat /etc/ansible/playbooks/vtun/main.yml . . . . . . . . - hosts: tunservers tasks: - name: install package vtun yum: pkg=vtun state=present - name: deploy vtun config template: src=vtund.conf.j2 dest =/ etc/vtund.conf owner=root group=root mode =0400 notify: - restart vtund - name: ensure vtund is running service: name=vtund state=started enabled=yes handlers: - name: restart vtund service: name=vtund state=restarted tk-atc-ans-v1.1 Ton Kersten © 2014 – AT Computing 19 / 28

20. . . Introduction . . . . . . Why

    . . . . . . . . . . . . . . . How . Recap . . Resources . Questions? Playbook run . # ansible-playbook playbooks/vtun/main.yml . . . . . . . . PLAY [tunservers] *************************************** TASK: [install package vtun] **************************** ok: [tun1] TASK: [deploy vtun config] ****************************** ok: [tun1] TASK: [ensure vtund is running] ************************* ok: [tun1] NOTIFIED: [restart vtund] ******************************* changed: [tun1] PLAY RECAP ********************************************** tun1 : ok=1 changed =4 unreachable =0 failed =0 tk-atc-ans-v1.1 Ton Kersten © 2014 – AT Computing 20 / 28

21. . . Introduction . . . . . . Why

    . . . . . . . . . . . . . . . How . Recap . . Resources . Questions? Templates Ansible uses the Jinja2 templating engine Variable substitution Loops Comments Conditionals Filters Ansible facts are available Puppet Facter facts are available (if installed) Chefs Ohai facts are available (if installed) tk-atc-ans-v1.1 Ton Kersten © 2014 – AT Computing 21 / 28

22. . . Introduction . . . . . . Why

    . . . . . . . . . . . . . . . How . Recap . . Resources . Questions? Templates . # ansible-playbook playbooks/vtun/main.yml . . . . . . . . # Ansible information : # Filedate : {{ ansible_managed }} # Hostname : {{ ansible_hostname }} tunnel { passwd {{ secretpassword }}; type tun; # IP tunnel proto tcp; # UDP protocol device tun1; # Use this device up { # Connection is Up ifconfig "%% {{ srvaddr }} pointopoint {{ clntaddr }}"; }; } # (c) 2011 -{{ ansible_date_time.year }} by {{ name }} tk-atc-ans-v1.1 Ton Kersten © 2014 – AT Computing 22 / 28

23. . . Introduction . . . . . . Why

    . . . . . . . . . . . . . . . How . Recap . . Resources . Questions? Roles Playbooks grow large and unreadable Standard way of writing things Can easily be shared with others (Through Galaxy) . Ansible role directory structuur . . . . . . . . thisrole....................................................Top of the role files........................................................Role files handlers.................................................Role handlers main.yml......................................Role handlers start tasks........................................................Role tasks main.yml......................................Role starting point templates...............................................Role templates vars .................................................... Role variables main.yml.....................................Role variables start tk-atc-ans-v1.1 Ton Kersten © 2014 – AT Computing 23 / 28

24. . . Introduction . . . . . . Why

    . . . . . . . . . . . . . . . How . Recap . . Resources . Questions? Roles in playbooks . Using roles in playbooks . . . . . . . . - hosts: all roles: - common - users - sudo - hosts: webservers roles: - nginx - hosts: tunservers roles: - vtun tk-atc-ans-v1.1 Ton Kersten © 2014 – AT Computing 24 / 28

25. . . Introduction . . . . . . Why

    . . . . . . . . . . . . . . . How . Recap . . Resources . Questions? Recap Entire Ansible setup is in a git repo Cron runs my ansible_run script every hour Configure authorized_keys to allow management hosts to connect Logs playbook runs to /var/log/ansible.log Configure logrotate for /var/log/ansible.log Use Ansible callbacks to give feedback Use sudo for root commands Use roles as much as possible Make roles generic Define variables for site configuration tk-atc-ans-v1.1 Ton Kersten © 2014 – AT Computing 25 / 28

26. . . Introduction . . . . . . Why

    . . . . . . . . . . . . . . . How . Recap . . Resources . Questions? Resources Website: http://www.ansible.com Documentation: http://docs.ansible.com IRC on Freenode: #ansible Twitter: ansible Reddit: http://www.reddit.com/r/ansible Google Group: https://groups.google.com Weekly newsletter: http://devopsu.com Checkout and study the source from github · · · tk-atc-ans-v1.1 Ton Kersten © 2014 – AT Computing 26 / 28

27. . . Introduction . . . . . . Why

    . . . . . . . . . . . . . . . How . Recap . . Resources . Questions? Please!!!! Contribute to Ansible code Contribute to Ansible documentation Use roles from Galaxy Share roles on Galaxy Spread the Ansible word. . . tk-atc-ans-v1.1 Ton Kersten © 2014 – AT Computing 27 / 28

28. . . Introduction . . . . . . Why

    . . . . . . . . . . . . . . . How . Recap . . Resources . Questions? Questions? Questions?? . Contact Ton Kersten: . . . . . . . . [email protected] http://www.atcomputing.nl https://github.com/tonk https://speakerdeck.com/tonk @TonKersten on Twitter TKersten on IRC . Created with: . . . . . . . . L A TEX Beamer Vim Vim Snippets Evince . .. . tk-atc-ans-v1.1 Ton Kersten © 2014 – AT Computing 28 / 28