Ansible, just orchestrate it

Ansible, just orchestrate it

Everyone should be using Vagrant or some similar tool for local developer environment.
Still those containers/VMs need to be configured somehow and on top of that your configuration system should be able to manage your staging and production servers as well, you could be using Puppet, Chef, Salt, shell scripts to achieve this.
Recently a 3rd generation configuration management system has thown its hat into the ring, and that tools name is Ansible.

The talk will show how Ansible approaches configuration management, software deployment, remote execution and other tasks.
We will examine how easy it is to get up and running and manage single or multiple concurrent servers in parallel, what are the differences to Puppet, Chef etc and how to customize Ansible to your needs.

Join us for this talk and you’ll see why this award winning Python project has relevance for your work life through getting your servers under control.

F2d82b268a7cbccc9809c939428df64f?s=128

Vranac Srdjan

July 03, 2014
Tweet

Transcript

  1. just orchestrate it just orchestrate it Srdjan Vranac // code4hire.com

    // @vranac
  2. business owner, developer, consultant, mercenary, writing terrible code that performs

    exceptionally, wrangling elePHPants and Pythons, obsessed with process automation, interested in continuous integration and delivery, clean code, testing, best practices and distributed systems
  3. In the Beginning... In the Beginning... Developers wrote code System

    Administrators deployed code
  4. ©2012-2013 MokonalovesMochi

  5. ...until one day... ...until one day...

  6. I'll write code that tells com‐ I'll write code that

    tells com‐ puter how to set up itself puter how to set up itself #!bin/sh sudo apt-get update sudo apt-get -y install build-essential sudo apt-get install apache2 sudo a2enmon rewrite sudo a2enmod vhost_alias sudo tee /etc/apache2/sites-available/mysite <<ENDOFFILE ServerAdmin webmaster@localhost DocumentRoot /var/www Options FollowSymLinks AllowOverride None Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all ENDOFFILE
  7. None
  8. Soooo.... What is the problem? Soooo.... What is the problem?

  9. Idempotence Idempotence (/ˌaɪdɨmˈpoʊtəns/ eye-dəm-poh-təns) "Idempotence is the property of certain

    operations in mathematics and computer science, that can be applied multiple times without changing the result beyond the initial application."
  10. Not "Robust" Not "Robust"

  11. Everybody is rolling their own Everybody is rolling their own

  12. Present Present

  13. Automation should not require Automation should not require programming experience

    programming experience It It MUST MUST be easy be easy We all have other stuff to do, don't we?
  14. compréh compréhansible ansible

  15. None
  16. "I wrote Ansible because none of the existing tools fit

    my brain. I wanted a tool that I could not use for 6 months, come back later, and still remember how it worked." Michael DeHaan Ansible project founder
  17. What is it? What is it? IT Automation tool Push

    based (Pull possible) Agentless, no agent on the client, uses SSH Scalable No databases or daemons added after install No Root permissions required, sudo is available Supported package managers for RHEL, CentOS, Fedora, Debian or Ubuntu
  18. Why use it? Why use it? Consistent Predictable Repeatable Easy

    PERIOD
  19. None
  20. Requirements Requirements Python 2.7 (Python 2.5 + simplejson possible) Paramiko(ssh),

    PyYaml, Jinja2 SSHD Possible Module Dependencies
  21. Installation? Installation? pip install ansible DONE DONE

  22. controller → remotes controller → remotes

  23. Inventory Inventory [localhost] 127.0.0.1 [webservers] www.example.com ntp=ntp1.pool.ntp.org web[10-23].example.com vagrant ansible_ssh_host=127.0.0.1

    ansible_ssh_port=222 [devservers] a1.ww.mens.de
  24. Dynamic Inventory Dynamic Inventory Amazon EC2 Digital Ocean Linode Cobbler

    Google Compute Engine ...
  25. Hello, World! Hello, World! $ ansible localhost -m ping localhost

    | success >> { "changed": false, "ping": "pong" }
  26. Facts Facts $ ansible localhost -m setup localhost | success

    >> { "ansible_facts": { "ansible_all_ipv4_addresses": [ "33.33.33.100", ], "ansible_architecture": "x86_64", "ansible_default_ipv4": { "address": "192.168.1.194", "gateway": "192.168.1.1", "interface": "eth0", "macaddress": "22:54:00:02:8e:0f", }, "ansible_distribution": "CentOS", "ansible_distribution_version": "6.2", ... } Plus ohai and facter if installed on remote
  27. Modules Modules accelerate acl, add_host, airbrake_deployment, alternatives, apache2_module, apt, apt_key,

    apt_repository, apt_rpm, arista_interface, arista_l2interface, arista_lag, arista_vlan, assemble, assert, async_status, at, authorized_key, azure, bigip_facts, bigip_monitor_http, bigip_monitor_tcp, bigip_node, bigip_pool, bigip_pool_member, boundary_meter, bzr, campfire, capabilities, cloudformation, command, composer, copy, cpanm, cron, datadog_event, debconf, debug, digital_ocean, digital_ocean_domain, digital_ocean_sshkey, django_manage, dnsimple, dnsmadeeasy, docker, docker_image, easy_install, ec2, ec2_ami, ec2_ami_search, ec2_asg, ec2_eip, ec2_elb, ec2_elb_lb, ec2_facts, ec2_group, ec2_key, ec2_lc, ec2_metric_alarm, ec2_scaling_policy, ec2_snapshot, ec2_tag, ec2_vol, ec2_vpc, ejabberd_user, elasticache, facter, fail, fetch, file, filesystem, fireball, firewalld, flowdock, gc_storage, gce, gce_lb, gce_net, gce_pd, gem, get_url, git, github_hooks, glance_image, group, group_by, grove, hg, hipchat, homebrew, homebrew_cask, homebrew_tap, hostname, htpasswd, include_vars, ini_file, irc, jabber, jboss, jira, kernel_blacklist, keystone_user, layman, librato_annotation, lineinfile, linode, lldp, locale_gen, logentries, lvg, lvol, macports, mail, modprobe, mongodb_user, monit, mount, mqtt, mysql_db, mysql_replication, mysql_user, mysql_variables, nagios, netscaler, newrelic_deployment, nexmo, nova_compute, nova_keypair, npm, ohai, open_iscsi, openbsd_pkg, openvswitch_bridge, openvswitch_port, opkg, osx_say, ovirt, pacman, pagerduty, pause, ping, pingdom, pip, pkgin, pkgng, pkgutil, portage, portinstall, postgresql_db, postgresql_privs, postgresql_user, quantum_floating_ip, quantum_floating_ip_associate, quantum_network, quantum_router, quantum_router_gateway, quantum_router_interface, quantum_subnet, rabbitmq_parameter, rabbitmq_plugin, rabbitmq_policy, rabbitmq_user, rabbitmq_vhost, raw, rax, rax_cbs, rax_cbs_attachments, rax_clb, rax_clb_nodes, rax_dns, rax_dns_record, rax_facts, rax_files, rax_files_objects, rax_identity, rax_keypair, rax_meta, rax_network, rax_queue, rax_scaling_group, rax_scaling_policy, rds, rds_param_group, rds_subnet_group, redhat_subscription, redis, replace, rhn_channel, rhn_register, riak, rollbar_deployment, route53, rpm_key, s3, script, seboolean, selinux, service, set_fact, setup, shell, slack, slurp, sns, stackdriver, stat, subversion, supervisorctl, svr4pkg, swdepot, synchronize, sysctl, template, twilio, typetalk, ufw, unarchive, uri, urpmi, user, virt, vsphere_guest, wait_for, win_feature, win_get_url, win_group, win_msi, win_ping, win_service, win_stat, win_user, xattr, yum, zfs, zypper, zypper_repository 230+ modules and growing
  28. Ad-Hoc commands Ad-Hoc commands $ ansible webservers -m copy -a

    'src=resolv.conf dest=/etc /resolv.conf' www.example.com | success >> { "changed": true, "dest": "/etc/resolv.conf", "group": "adm", "md5sum": "c6fce6e28c46be0512eaf3b7cfdb66d7", "mode": "0644", "owner": "ubuntu", "path": "resolv.conf", "src": "/home/ubuntu/.ansible/tmp/ansible-322091977449/resolv.conf", "state": "file" }
  29. Playbooks Playbooks YAML Files Decleratively define your OS/App configuration Collection

    of tasks using modules Each group of tasks is a play
  30. Tasks Tasks --- # tasks/foo.yml # This is a task

    - name: Placeholder foo command: /bin/foo # This is another task - name: Placeholder bar command: /bin/bar
  31. Tasks Tasks --- - name: Installing supervisor task for snapshot

    worker template: src=supervisor.conf.j2 dest={{ SUPERVISOR_CONFIG_DIR }}/{{ item['filename'] }}.conf backup=yes owner=root group=root mode=0644 # located in defaults/main.yml with_items: snapshot_worker_configuration when: snapshot_worker_configuration|lower != 'none' notify: - reload supervisor tags: [supervisor, configuration]
  32. Variables Variables From inventory In playbooks From host_vars/ files From

    group_vars/ files
  33. Variables Variables --- - hosts: localhost vars: - greeting: Hello

    tasks: - command: echo "{{greeting}}, {{inventory_hostname}}"
  34. Variables Variables

  35. Variables Variables host_vars/production --- snapshot_worker_configuration: - filename: snapshot_worker name: process_snapshot_report_worker

    command: "php process_snapshot_report_worker.php" process_name: process_snapshot_report_worker_%(process_num)02d numprocs: 1 directory: "/var/www/scripts/utils/" autostart: true autorestart: true user: ubuntu stdout_logfile: "/var/log/app/utils_process_snapshot_report_worker.log" stdout_logfile_maxbytes: 1MB stderr_logfile: "/var/log/app/supervisor_error_log" stderr_logfile_maxbytes: 1MB
  36. {{ templates }} {{ templates }} ;{{ ansible_managed }} [program:{{

    item.name }}] {% for directive, value in item.iteritems() if directive != "name" and directive != "filen {{ directive }}={{ value }} {% endfor %}
  37. {{ templates }} {{ templates }} ;Ansible managed: /Users/vranac/dev/playground-ansible/vagrant-ansible-php/roles/superviso [program:process_snapshot_report_worker]

    stderr_logfile_maxbytes=1MB autorestart=True stderr_logfile=/var/log/app/supervisor_error_log process_name=process_snapshot_report_worker_%(process_num)02d stdout_logfile_maxbytes=1MB numprocs=1 command=php process_snapshot_report_worker.php user=ubuntu autostart=True directory=/var/www/scripts/utils/ stdout_logfile=/var/log/app/utils_process_snapshot_report_worker.log
  38. None
  39. Roles Roles

  40. Roles Roles roles/ nginx/ files/ handlers/main.yml meta/main.yml tasks/main.yml templates/ vars/main.yml

    --- - hosts: all roles: - nginx - mysql - { role: app, dir: '/etc/app', ntp: 'n1.example.org' } - { role: special, when: "ansible_os_family == 'RedHat'" } tasks: - ...
  41. Ansible Galaxy Ansible Galaxy http://galaxy.ansible.com/ ansible-galaxy

  42. Compare to X Compare to X https://devopsu.com/books/taste-test-grid.html

  43. The End The End Thank You! Thank You! Questions? Questions?