Ansible + Amazon AWS

Amazon AWS

Started as flexible virtual machine provider with pay per hour billing.

Evolved to provide PaaS for all usual work loads.

Performance/price ratio bigger, than for dedicated servers, but great flexibility and you can save your time (Time is money, friend!).

Immutable architecture ready!

Q: Pouvte nkdo AWS?Q: Pouvte ho jinak, ne platformu pro sputn virtul/S3 loit

AWS architecture

RegionsOn several places thru world

Availability zonesRegion has several availability zones, isolated from each other

NATInternal IP`s only

1:1 nat if public IP enabled

Security first

IAM2FA

Ec2 roles

Individual user for ansibleOnly the permissions that are needed (you do not want to be bitcoin miner)

Cost alert

AWS architecture (networking)

Virtual private cloud (VPC)Isolated internal network inside AWS

You can define own VPC for mysql instances, for app server instances,

Can be connected thru VPN to your company internal network (paid service).

Security groupsFirewall, by default nothing in, all out.

One server instance can have more atached security groups

AWS (LB, server instances)

Elastic Load Balancer (ELB)Scalable load balancer, capable of http, https (HTTP/2 not yet available :()

CNAME only, do not use IP address

EC2 (Server instances)Work with cattles, not pets

Predefined images (AMIs) can be easily created by ansible

AWS RDS

Database as a server

Supports MySQL, MSSQL, Postgres,

Can create HA instance of database thru 2 availability zones in one region with automatic failover.

Snapshots, auto upgrades (maintenance time schedulable).

Autoscaling group + Cloudformation

Autoscaling ensures that you have servers running. If some instance stop working, it is automagically trashed and new one is spawned

CloudformationInfrastructure as a code tool

You can describe your platform and magic will happen

Ansible

Easy to start

Agentless

Secure

Data driven

Idempotent

Q: Do you use ansible? How?

Key concepts

InventoryList of managed computers, can be grouped.

Default in /etc/ansible/hosts.

May be dynamically generated.

ModuleBasic work units.

Plenty of them (hundreds) available.

Template, copy, user, ...

http://docs.ansible.com/ansible/list_of_all_modules.html

Key concepts (2)

VariablesDefined on multiple levels (host, group, inventory).

Used for conditionals and in templates.

FactsSpecial variables taken from server (hostname, date and time, networking setup, ).

ansible -m setup localhost

Key concepts (3)

TaskOne task do one thing (usually it is module invocation).

PlaySet of tasks that run on group of computers.

PlaybookBunch of plays in one file.

Role Encapsulate set of tasks, variables, templates, files together.

Gluing it together

Ansible has plenty of AWS moduleshttp://docs.ansible.com/ansible/list_of_cloud_modules.html

Internally it is using python boto library, can do anything, boto can.

Dynamic inventory.

Tags, tags everywhere!

Thanks!

David Karbandavid@karban.euwww.karban.euhttps://twitter.com/davidkarbanhttps://github.com/davidkarban/

Advertisement: We are training ansible: www.ansible.cz