ansible automation best practices from startups to enterprises - minnebar 12
TRANSCRIPT
ANSIBLE AUTOMATION BEST PRACTICES FROM STARTUPS TO ENTERPRISES
AN INTRO TO THE SWISS ARMY KNIFE OF DEVOPS, CAPABLE OF HANDLING MANY POWERFUL AUTOMATION TASKS.
Keith Resar@KeithResar
@KeithResar
Keith Resar: BioWear many hats
CoderOpen Source Contributor and Advocate
Infrastructure Architect
@KeithResar
WHAT IS ANSIBLE
It’s a simple automation language that can perfectly describe an IT application infrastructure in Ansible Playbooks.
It’s an automation engine that runs Ansible Playbooks.
Ansible Tower is an enterprise framework for controlling, securing and managing your Ansible automation with a UI and restful API.
SIMPLE POWERFUL
AGENTLESS
Human readable automationNo special coding skills neededTasks executed in orderGet productive quickly
App deploymentConfiguration managementWorkflow orchestrationOrchestrate the app lifecycle
Agentless architectureUses OpenSSH & WinRMNo agents to exploit or updateMore efficient & more secure
@KeithResar
HOW ANSIBLE WORKS
ANSIBLE’S AUTOMATION ENGINE
ANSIBLE PLAYBOOK
PUBLIC / PRIVATECLOUD
CMDB
USERS
INVENTORY HOSTS
NETWORKING
PLUGINS
API
MODULES
HOW ANSIBLE WORKS
ANSIBLE PLAYBOOK
PLAYBOOKS ARE WRITTEN IN YAMLTasks are executed sequentially Invokes Ansible modules
HOW ANSIBLE WORKS
MODULES
MODULES ARE “TOOLS IN THE TOOLKIT”Python, Powershell, or any languageExtend Ansible simplicity to entire stack
HOW ANSIBLE WORKS
INVENTORY
[web]webserver1.example.comwebserver2.example.com
[db]dbserver1.example.com
HOW ANSIBLE WORKS
CMDB
CLOUD:OpenStack, VMware, EC2, Rackspace, GCE,Azure, Spacewalk, Hanlon, CobblerCUSTOM CMDB
PLAYBOOK EXAMPLE---- name: install and start apache hosts: all vars: http_port: 80 max_clients: 200 remote_user: root
tasks: - name: install httpd yum: pkg=httpd state=latest - name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf - name: start httpd service: name=httpd state=running
PLAYBOOK EXAMPLE---- name: install and start apache hosts: all vars: http_port: 80 max_clients: 200 remote_user: root
tasks: - name: install httpd yum: pkg=httpd state=latest - name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf - name: start httpd service: name=httpd state=running
PLAYBOOK EXAMPLE---- name: install and start apache hosts: all vars: http_port: 80 max_clients: 200 remote_user: root
tasks: - name: install httpd yum: pkg=httpd state=latest - name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf - name: start httpd service: name=httpd state=running
PLAYBOOK EXAMPLE---- name: install and start apache hosts: all vars: http_port: 80 max_clients: 200 remote_user: root
tasks: - name: install httpd yum: pkg=httpd state=latest - name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf - name: start httpd service: name=httpd state=running
PLAYBOOK EXAMPLE---- name: install and start apache hosts: all vars: http_port: 80 max_clients: 200 remote_user: root
tasks: - name: install httpd yum: pkg=httpd state=latest - name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf - name: start httpd service: name=httpd state=running
PLAYBOOK EXAMPLE---- name: install and start apache hosts: all vars: http_port: 80 max_clients: 200 remote_user: root
tasks: - name: install httpd yum: pkg=httpd state=latest - name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf - name: start httpd service: name=httpd state=running
● 22,000+ stars & 7,100+ forks on GitHub● 2600+ GitHub Contributors● Over 1000 modules shipped with Ansible● New contributors added every day● 1400+ users on IRC channel● Top 10 open source projects in 2014 ● World-wide meetups taking monthly● Ansible Galaxy: over 7,000 Roles● 250,000+ downloads a month● AnsibleFests in NYC, SF, London
COMMUNITY
MODULES
> ansible -m setup
> ansible -m ping
> ansible -m command -a ‘rm -rf /var/tmp/session’
> ansible -m copy -a ‘src=foo dest=/foo/bar’
AD-HOC COMMANDS
● Static inventory○ Ini-style syntax
● Dynamic inventory○ Real-time pull of all assets from selected source
ASSET INVENTORY
LOOKING AT THAT HELLO WORLD PLAYBOOK
MODULARITY USING ROLES
While it is possible to write a playbook in one very large file (and you might start out learning playbooks this way), eventually you’ll want to reuse files and start to organize things.
At a basic level, including task files allows you to break up bits of configuration policy into smaller files. Task includes pull in tasks from other files. Since handlers are tasks too, you can also include handler files from the ‘handler’ section.
Roles in Ansible build on the idea of include files and combine them to form clean, reusable abstractions – they allow you to focus more on the big picture and only dive down into the details when needed.
CROSS PLATFORM – Linux, Windows, UNIXAgentless support for all major OS variants, physical, virtual, cloud and network
HUMAN READABLE – YAMLPerfectly describe and document every aspect of your application environment
PERFECT DESCRIPTION OF APPLICATIONEvery change can be made by playbooks, ensuring everyone is on the same page
VERSION CONTROLLEDPlaybooks are plain-text. Treat them like code in your existing version control.
DYNAMIC INVENTORIESCapture all the servers 100% of the time, regardless of infrastructure, location, etc.
ORCHESTRATION THAT PLAYS WELL WITH OTHERSHomogenize existing environments by leveraging current toolsets
THE ANSIBLE WAY
RESOURCES
Getting Started with Ansiblehttps://www.ansible.com/get-started
Ansible Essentials: Technical Overview https://redhat.com/.../do007-ansible-essentials
Ansible Minneapolis Meetuphttps://www.meetup.com/Ansible-Minneapolis/
@KeithResar
@KeithResar
THANKS!