Ansible, Just Use It

Transcript

1. Srdjan Vranac // code4hire.com // @vranac
   

   View Slide

2. business owner,
   developer
   , consultant, mercenary, writing
   terrible code that performs exceptionally, wrangling ele
   PHP
   ants
   and
   Python
   s, obsessed with
   process automation
   , interested in
   continuous integration and delivery, clean code, testing, best
   practices and distributed systems
   

   View Slide

3. In the Beginning...
   Developers wrote code
   System Administrators deployed code
   

   View Slide

4. ©2012-2013 MokonalovesMochi
   

   View Slide

5. ...until one day...
   

   View Slide

6. I'll write code that tells computer how to
   set itself up
   #!bin/sh
   sudo apt-get update
   sudo apt-get -y install build-essential
   sudo apt-get install apache2
   sudo a2enmon rewrite
   sudo a2enmod vhost_alias
   sudo tee /etc/apache2/sites-available/mysite <ServerAdmin webmaster@localhost
   DocumentRoot /var/www
   Options FollowSymLinks
   AllowOverride None
   Options Indexes FollowSymLinks MultiViews
   AllowOverride None
   Order allow,deny
   allow from all
   ENDOFFILE
   

   View Slide

7. View Slide

8. Soooo.... What is the problem?
   

   View Slide

9. Idempotence
   (/ˌaɪdɨmˈpoʊtəns/ eye-dəm-poh-təns)
   "Idempotence is the property of certain
   operations in mathematics and computer
   science, that can be applied multiple times
   without changing the result beyond the initial
   application."
   

   View Slide

10. Not "Robust"
    

    View Slide

11. Everybody is rolling their own
    

    View Slide

12. Present
    

    View Slide

13. Automation should not require
    programming experience
    It MUST be easy
    We all have other stuff to do, don't we?
    

    View Slide

14. compréh
    

    View Slide

15. "I wrote Ansible because none of the existing
    tools fit my brain. I wanted a tool that I could not
    use for 6 months, come back later, and still
    remember how it worked."
    Michael DeHaan
    Ansible
    project founder
    

    View Slide

16. “An ansible is a fictional machine capable of instantaneous or
    superluminal communication”
    

    View Slide

17. What is it?
    IT Automation tool
    Push based (Pull possible)
    Agentless, no agent on the client, uses SSH
    Scalable
    No databases or daemons added after install
    No Root permissions required, sudo is available
    Supported package managers for RHEL, CentOS, Fedora,
    Debian or Ubuntu
    

    View Slide

18. Why use it?
    Consistent
    Predictable
    Repeatable
    Easy PERIOD
    

    View Slide

19. Requirements
    Python 2.7
    (Python 2.5 + simplejson possible)
    Paramiko(ssh), PyYaml, Jinja2
    SSHD
    Possible Module Dependencies
    

    View Slide

20. Installation?
    pip install ansible
    DONE
    

    View Slide

21. controller → remotes
    controller
    remote5
    ssh
    remote4
    ssh
    remote3
    ssh
    remote2
    ssh
    remote1
    ssh
    

    View Slide

22. Inventory
    [localhost]
    127.0.0.1
    [webservers]
    www.example.com ntp=ntp1.pool.ntp.org
    web[10-23].example.com
    vagrant ansible_ssh_host=127.0.0.1 ansible_ssh_port=222
    [dbservers]
    db.example.com
    [production:children]
    webservers
    dbservers
    

    View Slide

23. Dynamic Inventory
    Amazon EC2
    Digital Ocean
    Linode
    Cobbler
    Google Compute Engine
    ...
    

    View Slide

24. Hello, World!
    $ ansible localhost -m ping
    localhost | success >>
    {
    "changed": false,
    "ping": "pong"
    }
    

    View Slide

25. Facts
    $ ansible localhost -m setup
    localhost | success >>
    {
    "ansible_facts": {
    "ansible_all_ipv4_addresses": [
    "33.33.33.100",
    ],
    "ansible_architecture": "x86_64",
    "ansible_default_ipv4": {
    "address": "192.168.1.194",
    "gateway": "192.168.1.1",
    "interface": "eth0",
    "macaddress": "22:54:00:02:8e:0f",
    },
    "ansible_distribution": "CentOS",
    "ansible_distribution_version": "6.2",
    ...
    }
    Plus ohai and facter if installed on remote
    

    View Slide

26. Modules
    accelerate acl, add_host, airbrake_deployment, alternatives, apache2_module, apt, apt_key, apt_repository, apt_rpm, arista_interface,
    arista_l2interface, arista_lag, arista_vlan, assemble, assert, async_status, at, authorized_key, azure, bigip_facts, bigip_monitor_http,
    bigip_monitor_tcp, bigip_node, bigip_pool, bigip_pool_member, boundary_meter, bzr, campfire, capabilities, cloudformation, command,
    composer, copy, cpanm, cron, datadog_event, debconf, debug, digital_ocean, digital_ocean_domain, digital_ocean_sshkey,
    django_manage, dnsimple, dnsmadeeasy, docker, docker_image, easy_install, ec2, ec2_ami, ec2_ami_search, ec2_asg, ec2_eip, ec2_elb,
    ec2_elb_lb, ec2_facts, ec2_group, ec2_key, ec2_lc, ec2_metric_alarm, ec2_scaling_policy, ec2_snapshot, ec2_tag, ec2_vol, ec2_vpc,
    ejabberd_user, elasticache, facter, fail, fetch, file, filesystem, fireball, firewalld, flowdock, gc_storage, gce, gce_lb, gce_net, gce_pd, gem,
    get_url, git, github_hooks, glance_image, group, group_by, grove, hg, hipchat, homebrew, homebrew_cask, homebrew_tap, hostname,
    htpasswd, include_vars, ini_file, irc, jabber, jboss, jira, kernel_blacklist, keystone_user, layman, librato_annotation, lineinfile, linode, lldp,
    locale_gen, logentries, lvg, lvol, macports, mail, modprobe, mongodb_user, monit, mount, mqtt, mysql_db, mysql_replication, mysql_user,
    mysql_variables, nagios, netscaler, newrelic_deployment, nexmo, nova_compute, nova_keypair, npm, ohai, open_iscsi, openbsd_pkg,
    openvswitch_bridge, openvswitch_port, opkg, osx_say, ovirt, pacman, pagerduty, pause, ping, pingdom, pip, pkgin, pkgng, pkgutil, portage,
    portinstall, postgresql_db, postgresql_privs, postgresql_user, quantum_floating_ip, quantum_floating_ip_associate, quantum_network,
    quantum_router, quantum_router_gateway, quantum_router_interface, quantum_subnet, rabbitmq_parameter, rabbitmq_plugin,
    rabbitmq_policy, rabbitmq_user, rabbitmq_vhost, raw, rax, rax_cbs, rax_cbs_attachments, rax_clb, rax_clb_nodes, rax_dns, rax_dns_record,
    rax_facts, rax_files, rax_files_objects, rax_identity, rax_keypair, rax_meta, rax_network, rax_queue, rax_scaling_group, rax_scaling_policy,
    rds, rds_param_group, rds_subnet_group, redhat_subscription, redis, replace, rhn_channel, rhn_register, riak, rollbar_deployment,
    route53, rpm_key, s3, script, seboolean, selinux, service, set_fact, setup, shell, slack, slurp, sns, stackdriver, stat, subversion, supervisorctl,
    svr4pkg, swdepot, synchronize, sysctl, template, twilio, typetalk, ufw, unarchive, uri, urpmi, user, virt, vsphere_guest, wait_for, win_feature,
    win_get_url, win_group, win_msi, win_ping, win_service, win_stat, win_user, xattr, yum, zfs, zypper, zypper_repository
    230+ modules and growing
    

    View Slide

27. Ad-Hoc commands
    $ ansible webservers -m copy -a 'src=resolv.conf
    dest=/etc/resolv.conf'
    www.example.com | success >> {
    "changed": true,
    "dest": "/etc/resolv.conf",
    "group": "adm",
    "md5sum": "c6fce6e28c46be0512eaf3b7cfdb66d7",
    "mode": "0644",
    "owner": "ubuntu",
    "path": "resolv.conf",
    "src": "/home/ubuntu/.ansible/tmp/ansible-322091977449/resolv.conf",
    "state": "file"
    }
    

    View Slide

28. Playbooks
    YAML Files
    Decleratively define your OS/App configuration
    Collection of tasks using modules
    Each group of tasks is a play
    

    View Slide

29. Tasks
    ---
    # tasks/foo.yml
    # This is a task
    - name: Placeholder foo
    command: /bin/foo
    # This is another task
    - name: Placeholder bar
    command: /bin/bar
    

    View Slide

30. Tasks
    ---
    - name: Install Apache
    apt: name=apache2 state=present update_cache=yes
    environment: env
    when: ansible_os_family == "Debian"
    tags: [packages]
    - name: enable the rewrite module
    apache2_module: state=present name=rewrite
    - name: ensure Apache service is up
    action: service name=apache2 state=started
    tags: [apache2]
    - name: make sure that there is no default website
    file: path={{ APACHE_SITES_ENABLED_CONFIG_PATH }}/000-default.conf state=ab
    sent
    notify:
    - reload Apache
    tags: [apache2]
    

    View Slide

31. Variables
    From inventory
    In playbooks
    From host_vars/ files
    From group_vars/ files
    

    View Slide

32. Variables
    ---
    - hosts: localhost
    vars:
    - greeting: Hello
    tasks:
    - command: echo "{{greeting}}, {{inventory_hostname}}"
    

    View Slide

33. Variables
    

    View Slide

34. Variables
    host_vars/default
    ---
    PROJECT_ROOT: "/var/www"
    APACHE_SITES_ENABLED_CONFIG_PATH: "/etc/apache2/sites-enabled"
    APACHE_SITES_AVAILABLE_CONFIG_PATH: "/etc/apache2/sites-available"
    IP_ADDRESS: "*"
    PORT: "80"
    HOST: "something"
    HOST_ALIAS: "alias"
    

    View Slide

35. {{ templates }}
    #{{ ansible_managed }}
    
    {% if HOST %}
    ServerName {{ HOST }}
    {% endif %}
    {% if HOST_ALIAS %}
    ServerAlias {{ HOST_ALIAS }}
    {% endif %}
    DocumentRoot {{ PROJECT_ROOT }}/web
    DirectoryIndex index.php
    # Enabled for Dev environment
    # LogLevel debug
    ...
    
    

    View Slide

36. {{ templates }}
    #Ansible managed: /Users/vranac/dev/playground-ansible/vagrant-ansible-php/ro
    les/apache/templates/site.conf.j2 modified on 2014-06-19 10:38:31 by vranac o
    n vurunica
    
    ServerName something
    ServerAlias alias
    DocumentRoot /var/www/web
    DirectoryIndex index.php
    # Enabled for Dev environment
    # LogLevel debug
    ...
    
    

    View Slide

37. View Slide

38. Roles
    

    View Slide

39. Roles
    roles/
    nginx/
    files/
    handlers/main.yml
    meta/main.yml
    tasks/main.yml
    templates/
    vars/main.yml
    

    View Slide

40. Roles
    ---
    - hosts: all
    roles:
    - nginx
    - mysql
    - { role: app, dir: '/etc/app', ntp: 'n1.example.org' }
    - { role: special, when: "ansible_os_family == 'RedHat'" }
    tasks:
    ...
    

    View Slide

41. Roles
    ...
    - { role: app, dir: '/etc/app', ntp: 'n1.example.org' }
    - { role: special, when: "ansible_os_family == 'RedHat'" }
    ...
    

    View Slide

42. Ansible Galaxy
    http://galaxy.ansible.com/
    ansible-galaxy
    

    View Slide

43. Asynchronous Actions and Polling
    ---
    - hosts: all
    tasks:
    - name: simulate long running op (15 sec), wait for up to 45 sec, poll ever
    y 5 sec
    command: /bin/sleep 15
    async: 45
    poll: 5
    

    View Slide

44. Check Mode (“Dry Run”)
    Running a task in check mode --check
    Showing Differences with --diff
    

    View Slide

45. Compare to X
    https://devopsu.com/books/taste-test-grid.html
    

    View Slide

46. View Slide

47. The End
    Thank You!
    Questions?
    

    View Slide