Ansible, Just Use It

Transcript

1. Srdjan Vranac // code4hire.com // @vranac

2. business owner, developer , consultant, mercenary, writing terrible code that

   performs exceptionally, wrangling ele PHP ants and Python s, obsessed with process automation , interested in continuous integration and delivery, clean code, testing, best practices and distributed systems

3. In the Beginning... Developers wrote code System Administrators deployed code

4. ©2012-2013 MokonalovesMochi

5. ...until one day...

6. I'll write code that tells computer how to set itself

   up #!bin/sh sudo apt-get update sudo apt-get -y install build-essential sudo apt-get install apache2 sudo a2enmon rewrite sudo a2enmod vhost_alias sudo tee /etc/apache2/sites-available/mysite <<ENDOFFILE ServerAdmin webmaster@localhost DocumentRoot /var/www Options FollowSymLinks AllowOverride None Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all ENDOFFILE
7. None

8. Soooo.... What is the problem?

9. Idempotence (/ˌaɪdɨmˈpoʊtəns/ eye-dəm-poh-təns) "Idempotence is the property of certain operations

   in mathematics and computer science, that can be applied multiple times without changing the result beyond the initial application."

10. Not "Robust"

11. Everybody is rolling their own

12. Present

13. Automation should not require programming experience It MUST be easy

    We all have other stuff to do, don't we?

14. compréh

15. "I wrote Ansible because none of the existing tools fit

    my brain. I wanted a tool that I could not use for 6 months, come back later, and still remember how it worked." Michael DeHaan Ansible project founder

16. “An ansible is a fictional machine capable of instantaneous or

    superluminal communication”

17. What is it? IT Automation tool Push based (Pull possible)

    Agentless, no agent on the client, uses SSH Scalable No databases or daemons added after install No Root permissions required, sudo is available Supported package managers for RHEL, CentOS, Fedora, Debian or Ubuntu

18. Why use it? Consistent Predictable Repeatable Easy PERIOD

19. Requirements Python 2.7 (Python 2.5 + simplejson possible) Paramiko(ssh), PyYaml,

    Jinja2 SSHD Possible Module Dependencies

20. Installation? pip install ansible DONE

21. controller → remotes controller remote5 ssh remote4 ssh remote3 ssh

    remote2 ssh remote1 ssh

22. Inventory [localhost] 127.0.0.1 [webservers] www.example.com ntp=ntp1.pool.ntp.org web[10-23].example.com vagrant ansible_ssh_host=127.0.0.1 ansible_ssh_port=222

    [dbservers] db.example.com [production:children] webservers dbservers

23. Dynamic Inventory Amazon EC2 Digital Ocean Linode Cobbler Google Compute

    Engine ...

24. Hello, World! $ ansible localhost -m ping localhost | success

    >> { "changed": false, "ping": "pong" }

25. Facts $ ansible localhost -m setup localhost | success >>

    { "ansible_facts": { "ansible_all_ipv4_addresses": [ "33.33.33.100", ], "ansible_architecture": "x86_64", "ansible_default_ipv4": { "address": "192.168.1.194", "gateway": "192.168.1.1", "interface": "eth0", "macaddress": "22:54:00:02:8e:0f", }, "ansible_distribution": "CentOS", "ansible_distribution_version": "6.2", ... } Plus ohai and facter if installed on remote

26. Modules accelerate acl, add_host, airbrake_deployment, alternatives, apache2_module, apt, apt_key, apt_repository,

    apt_rpm, arista_interface, arista_l2interface, arista_lag, arista_vlan, assemble, assert, async_status, at, authorized_key, azure, bigip_facts, bigip_monitor_http, bigip_monitor_tcp, bigip_node, bigip_pool, bigip_pool_member, boundary_meter, bzr, campfire, capabilities, cloudformation, command, composer, copy, cpanm, cron, datadog_event, debconf, debug, digital_ocean, digital_ocean_domain, digital_ocean_sshkey, django_manage, dnsimple, dnsmadeeasy, docker, docker_image, easy_install, ec2, ec2_ami, ec2_ami_search, ec2_asg, ec2_eip, ec2_elb, ec2_elb_lb, ec2_facts, ec2_group, ec2_key, ec2_lc, ec2_metric_alarm, ec2_scaling_policy, ec2_snapshot, ec2_tag, ec2_vol, ec2_vpc, ejabberd_user, elasticache, facter, fail, fetch, file, filesystem, fireball, firewalld, flowdock, gc_storage, gce, gce_lb, gce_net, gce_pd, gem, get_url, git, github_hooks, glance_image, group, group_by, grove, hg, hipchat, homebrew, homebrew_cask, homebrew_tap, hostname, htpasswd, include_vars, ini_file, irc, jabber, jboss, jira, kernel_blacklist, keystone_user, layman, librato_annotation, lineinfile, linode, lldp, locale_gen, logentries, lvg, lvol, macports, mail, modprobe, mongodb_user, monit, mount, mqtt, mysql_db, mysql_replication, mysql_user, mysql_variables, nagios, netscaler, newrelic_deployment, nexmo, nova_compute, nova_keypair, npm, ohai, open_iscsi, openbsd_pkg, openvswitch_bridge, openvswitch_port, opkg, osx_say, ovirt, pacman, pagerduty, pause, ping, pingdom, pip, pkgin, pkgng, pkgutil, portage, portinstall, postgresql_db, postgresql_privs, postgresql_user, quantum_floating_ip, quantum_floating_ip_associate, quantum_network, quantum_router, quantum_router_gateway, quantum_router_interface, quantum_subnet, rabbitmq_parameter, rabbitmq_plugin, rabbitmq_policy, rabbitmq_user, rabbitmq_vhost, raw, rax, rax_cbs, rax_cbs_attachments, rax_clb, rax_clb_nodes, rax_dns, rax_dns_record, rax_facts, rax_files, rax_files_objects, rax_identity, rax_keypair, rax_meta, rax_network, rax_queue, rax_scaling_group, rax_scaling_policy, rds, rds_param_group, rds_subnet_group, redhat_subscription, redis, replace, rhn_channel, rhn_register, riak, rollbar_deployment, route53, rpm_key, s3, script, seboolean, selinux, service, set_fact, setup, shell, slack, slurp, sns, stackdriver, stat, subversion, supervisorctl, svr4pkg, swdepot, synchronize, sysctl, template, twilio, typetalk, ufw, unarchive, uri, urpmi, user, virt, vsphere_guest, wait_for, win_feature, win_get_url, win_group, win_msi, win_ping, win_service, win_stat, win_user, xattr, yum, zfs, zypper, zypper_repository 230+ modules and growing

27. Ad-Hoc commands $ ansible webservers -m copy -a 'src=resolv.conf dest=/etc/resolv.conf'

    www.example.com | success >> { "changed": true, "dest": "/etc/resolv.conf", "group": "adm", "md5sum": "c6fce6e28c46be0512eaf3b7cfdb66d7", "mode": "0644", "owner": "ubuntu", "path": "resolv.conf", "src": "/home/ubuntu/.ansible/tmp/ansible-322091977449/resolv.conf", "state": "file" }

28. Playbooks YAML Files Decleratively define your OS/App configuration Collection of

    tasks using modules Each group of tasks is a play

29. Tasks --- # tasks/foo.yml # This is a task -

    name: Placeholder foo command: /bin/foo # This is another task - name: Placeholder bar command: /bin/bar

30. Tasks --- - name: Install Apache apt: name=apache2 state=present update_cache=yes

    environment: env when: ansible_os_family == "Debian" tags: [packages] - name: enable the rewrite module apache2_module: state=present name=rewrite - name: ensure Apache service is up action: service name=apache2 state=started tags: [apache2] - name: make sure that there is no default website file: path={{ APACHE_SITES_ENABLED_CONFIG_PATH }}/000-default.conf state=ab sent notify: - reload Apache tags: [apache2]

31. Variables From inventory In playbooks From host_vars/ files From group_vars/

    files

32. Variables --- - hosts: localhost vars: - greeting: Hello tasks:

    - command: echo "{{greeting}}, {{inventory_hostname}}"

33. Variables

34. Variables host_vars/default --- PROJECT_ROOT: "/var/www" APACHE_SITES_ENABLED_CONFIG_PATH: "/etc/apache2/sites-enabled" APACHE_SITES_AVAILABLE_CONFIG_PATH: "/etc/apache2/sites-available" IP_ADDRESS:

    "*" PORT: "80" HOST: "something" HOST_ALIAS: "alias"

35. {{ templates }} #{{ ansible_managed }} <VirtualHost {{ IP_ADDRESS }}:{{

    PORT }}> {% if HOST %} ServerName {{ HOST }} {% endif %} {% if HOST_ALIAS %} ServerAlias {{ HOST_ALIAS }} {% endif %} DocumentRoot {{ PROJECT_ROOT }}/web DirectoryIndex index.php # Enabled for Dev environment # LogLevel debug ... </VirtualHost>

36. {{ templates }} #Ansible managed: /Users/vranac/dev/playground-ansible/vagrant-ansible-php/ro les/apache/templates/site.conf.j2 modified on 2014-06-19

    10:38:31 by vranac o n vurunica <VirtualHost *:80> ServerName something ServerAlias alias DocumentRoot /var/www/web DirectoryIndex index.php # Enabled for Dev environment # LogLevel debug ... </VirtualHost>
37. None

38. Roles

39. Roles roles/ nginx/ files/ handlers/main.yml meta/main.yml tasks/main.yml templates/ vars/main.yml

40. Roles --- - hosts: all roles: - nginx - mysql

    - { role: app, dir: '/etc/app', ntp: 'n1.example.org' } - { role: special, when: "ansible_os_family == 'RedHat'" } tasks: ...

41. Roles ... - { role: app, dir: '/etc/app', ntp: 'n1.example.org'

    } - { role: special, when: "ansible_os_family == 'RedHat'" } ...

42. Ansible Galaxy http://galaxy.ansible.com/ ansible-galaxy

43. Asynchronous Actions and Polling --- - hosts: all tasks: -

    name: simulate long running op (15 sec), wait for up to 45 sec, poll ever y 5 sec command: /bin/sleep 15 async: 45 poll: 5

44. Check Mode (“Dry Run”) Running a task in check mode

    --check Showing Differences with --diff

45. Compare to X https://devopsu.com/books/taste-test-grid.html

46. None

47. The End Thank You! Questions?