Ansible, just orchestrate it

just orchestrate it
just orchestrate it
Srdjan Vranac // code4hire.com // @vranac

View Slide

business owner, developer, consultant, mercenary, writing
terrible code that performs exceptionally, wrangling elePHPants
and Pythons, obsessed with process automation, interested in
continuous integration and delivery, clean code, testing, best
practices and distributed systems

View Slide

In the Beginning...
In the Beginning...
Developers wrote code
System Administrators deployed code

View Slide

©2012-2013 MokonalovesMochi

View Slide

...until one day...
...until one day...

View Slide

I'll write code that tells com‐
I'll write code that tells com‐
puter how to set up itself
puter how to set up itself
#!bin/sh
sudo apt-get update
sudo apt-get -y install build-essential
sudo apt-get install apache2
sudo a2enmon rewrite
sudo a2enmod vhost_alias
sudo tee /etc/apache2/sites-available/mysite <ServerAdmin webmaster@localhost
DocumentRoot /var/www
Options FollowSymLinks
AllowOverride None
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
ENDOFFILE

View Slide

View Slide

Soooo.... What is the problem?
Soooo.... What is the problem?

View Slide

Idempotence
Idempotence
(/ˌaɪdɨmˈpoʊtəns/ eye-dəm-poh-təns)
"Idempotence is the property of certain
operations in mathematics and computer
science, that can be applied multiple times
without changing the result beyond the initial
application."

View Slide

Not "Robust"
Not "Robust"

View Slide

Everybody is rolling their own
Everybody is rolling their own

View Slide

Present
Present

View Slide

Automation should not require
Automation should not require
programming experience
programming experience
It
It MUST
MUST be easy
be easy
We all have other stuff to do, don't we?

View Slide

compréh
compréhansible
ansible

View Slide

View Slide

"I wrote Ansible because none of the existing
tools fit my brain. I wanted a tool that I could not
use for 6 months, come back later, and still
remember how it worked."
Michael DeHaan
Ansible project founder

View Slide

What is it?
What is it?
IT Automation tool
Push based (Pull possible)
Agentless, no agent on the client, uses SSH
Scalable
No databases or daemons added after install
No Root permissions required, sudo is available
Supported package managers for RHEL, CentOS, Fedora,
Debian or Ubuntu

View Slide

Why use it?
Why use it?
Consistent
Predictable
Repeatable
Easy PERIOD

View Slide

View Slide

Requirements
Requirements
Python 2.7
(Python 2.5 + simplejson possible)
Paramiko(ssh), PyYaml, Jinja2
SSHD
Possible Module Dependencies

View Slide

Installation?
Installation?
pip install ansible
DONE
DONE

View Slide

controller
→
remotes
controller
→
remotes

View Slide

Inventory
Inventory
[localhost]
127.0.0.1
[webservers]
www.example.com ntp=ntp1.pool.ntp.org
web[10-23].example.com
vagrant ansible_ssh_host=127.0.0.1 ansible_ssh_port=222
[devservers]
a1.ww.mens.de

View Slide

Dynamic Inventory
Dynamic Inventory
Amazon EC2
Digital Ocean
Linode
Cobbler
Google Compute Engine
...

View Slide

Hello, World!
Hello, World!
$ ansible localhost -m ping
localhost | success >>
{
"changed": false,
"ping": "pong"
}

View Slide

Facts
Facts
$ ansible localhost -m setup
localhost | success >>
{
"ansible_facts": {
"ansible_all_ipv4_addresses": [
"33.33.33.100",
],
"ansible_architecture": "x86_64",
"ansible_default_ipv4": {
"address": "192.168.1.194",
"gateway": "192.168.1.1",
"interface": "eth0",
"macaddress": "22:54:00:02:8e:0f",
},
"ansible_distribution": "CentOS",
"ansible_distribution_version": "6.2",
...
}
Plus ohai and facter if installed on remote

View Slide

Modules
Modules
accelerate acl, add_host, airbrake_deployment, alternatives, apache2_module, apt, apt_key, apt_repository, apt_rpm, arista_interface,
arista_l2interface, arista_lag, arista_vlan, assemble, assert, async_status, at, authorized_key, azure, bigip_facts, bigip_monitor_http,
bigip_monitor_tcp, bigip_node, bigip_pool, bigip_pool_member, boundary_meter, bzr, campfire, capabilities, cloudformation, command,
composer, copy, cpanm, cron, datadog_event, debconf, debug, digital_ocean, digital_ocean_domain, digital_ocean_sshkey, django_manage,
dnsimple, dnsmadeeasy, docker, docker_image, easy_install, ec2, ec2_ami, ec2_ami_search, ec2_asg, ec2_eip, ec2_elb, ec2_elb_lb,
ec2_facts, ec2_group, ec2_key, ec2_lc, ec2_metric_alarm, ec2_scaling_policy, ec2_snapshot, ec2_tag, ec2_vol, ec2_vpc, ejabberd_user,
elasticache, facter, fail, fetch, file, filesystem, fireball, firewalld, flowdock, gc_storage, gce, gce_lb, gce_net, gce_pd, gem, get_url, git,
github_hooks, glance_image, group, group_by, grove, hg, hipchat, homebrew, homebrew_cask, homebrew_tap, hostname, htpasswd,
include_vars, ini_file, irc, jabber, jboss, jira, kernel_blacklist, keystone_user, layman, librato_annotation, lineinfile, linode, lldp, locale_gen,
logentries, lvg, lvol, macports, mail, modprobe, mongodb_user, monit, mount, mqtt, mysql_db, mysql_replication, mysql_user,
mysql_variables, nagios, netscaler, newrelic_deployment, nexmo, nova_compute, nova_keypair, npm, ohai, open_iscsi, openbsd_pkg,
openvswitch_bridge, openvswitch_port, opkg, osx_say, ovirt, pacman, pagerduty, pause, ping, pingdom, pip, pkgin, pkgng, pkgutil, portage,
portinstall, postgresql_db, postgresql_privs, postgresql_user, quantum_floating_ip, quantum_floating_ip_associate, quantum_network,
quantum_router, quantum_router_gateway, quantum_router_interface, quantum_subnet, rabbitmq_parameter, rabbitmq_plugin,
rabbitmq_policy, rabbitmq_user, rabbitmq_vhost, raw, rax, rax_cbs, rax_cbs_attachments, rax_clb, rax_clb_nodes, rax_dns, rax_dns_record,
rax_facts, rax_files, rax_files_objects, rax_identity, rax_keypair, rax_meta, rax_network, rax_queue, rax_scaling_group, rax_scaling_policy,
rds, rds_param_group, rds_subnet_group, redhat_subscription, redis, replace, rhn_channel, rhn_register, riak, rollbar_deployment,
route53, rpm_key, s3, script, seboolean, selinux, service, set_fact, setup, shell, slack, slurp, sns, stackdriver, stat, subversion, supervisorctl,
svr4pkg, swdepot, synchronize, sysctl, template, twilio, typetalk, ufw, unarchive, uri, urpmi, user, virt, vsphere_guest, wait_for, win_feature,
win_get_url, win_group, win_msi, win_ping, win_service, win_stat, win_user, xattr, yum, zfs, zypper, zypper_repository
230+ modules and growing

View Slide

Ad-Hoc commands
Ad-Hoc commands
$ ansible webservers -m copy -a 'src=resolv.conf dest=/etc
/resolv.conf'
www.example.com | success >> {
"changed": true,
"dest": "/etc/resolv.conf",
"group": "adm",
"md5sum": "c6fce6e28c46be0512eaf3b7cfdb66d7",
"mode": "0644",
"owner": "ubuntu",
"path": "resolv.conf",
"src": "/home/ubuntu/.ansible/tmp/ansible-322091977449/resolv.conf",
"state": "file"
}

View Slide

Playbooks
Playbooks
YAML Files
Decleratively define your OS/App configuration
Collection of tasks using modules
Each group of tasks is a play

View Slide

Tasks
Tasks
---
# tasks/foo.yml
# This is a task
- name: Placeholder foo
command: /bin/foo
# This is another task
- name: Placeholder bar
command: /bin/bar

View Slide

Tasks
Tasks
---
- name: Installing supervisor task for snapshot worker
template: src=supervisor.conf.j2
dest={{ SUPERVISOR_CONFIG_DIR }}/{{ item['filename'] }}.conf
backup=yes
owner=root
group=root
mode=0644
# located in defaults/main.yml
with_items: snapshot_worker_configuration
when: snapshot_worker_configuration|lower != 'none'
notify:
- reload supervisor
tags: [supervisor, configuration]

View Slide

Variables
Variables
From inventory
In playbooks
From host_vars/ files
From group_vars/ files

View Slide

Variables
Variables
---
- hosts: localhost
vars:
- greeting: Hello
tasks:
- command: echo "{{greeting}}, {{inventory_hostname}}"

View Slide

Variables
Variables

View Slide

Variables
Variables
host_vars/production
---
snapshot_worker_configuration:
- filename: snapshot_worker
name: process_snapshot_report_worker
command: "php process_snapshot_report_worker.php"
process_name: process_snapshot_report_worker_%(process_num)02d
numprocs: 1
directory: "/var/www/scripts/utils/"
autostart: true
autorestart: true
user: ubuntu
stdout_logfile: "/var/log/app/utils_process_snapshot_report_worker.log"
stdout_logfile_maxbytes: 1MB
stderr_logfile: "/var/log/app/supervisor_error_log"
stderr_logfile_maxbytes: 1MB

View Slide

{{ templates }}
{{ templates }}
;{{ ansible_managed }}
[program:{{ item.name }}]
{% for directive, value in item.iteritems() if directive != "name" and directive != "filen
{{ directive }}={{ value }}
{% endfor %}

View Slide

{{ templates }}
{{ templates }}
;Ansible managed: /Users/vranac/dev/playground-ansible/vagrant-ansible-php/roles/superviso
[program:process_snapshot_report_worker]
stderr_logfile_maxbytes=1MB
autorestart=True
stderr_logfile=/var/log/app/supervisor_error_log
process_name=process_snapshot_report_worker_%(process_num)02d
stdout_logfile_maxbytes=1MB
numprocs=1
command=php process_snapshot_report_worker.php
user=ubuntu
autostart=True
directory=/var/www/scripts/utils/
stdout_logfile=/var/log/app/utils_process_snapshot_report_worker.log

View Slide

View Slide

Roles
Roles

View Slide

Roles
Roles
roles/
nginx/
files/
handlers/main.yml
meta/main.yml
tasks/main.yml
templates/
vars/main.yml
---
- hosts: all
roles:
- nginx
- mysql
- { role: app, dir: '/etc/app', ntp: 'n1.example.org' }
- { role: special, when: "ansible_os_family == 'RedHat'" }
tasks:
- ...

View Slide

Ansible Galaxy
Ansible Galaxy
http://galaxy.ansible.com/
ansible-galaxy

View Slide

Compare to X
Compare to X
https://devopsu.com/books/taste-test-grid.html

View Slide

The End
The End
Thank You!
Thank You!
Questions?
Questions?

View Slide

Ansible, just orchestrate it

Ansible, just orchestrate it

Vranac Srdjan

More Decks by Vranac Srdjan

Other Decks in Technology

Featured

Transcript