ansible: orchestrate your infrastructure
DESCRIPTION
The associated video is available: https://vimeo.com/107895274 Software configuration management tools are gaining ground everywhere. We've all probably at least heard of puppet, chef or salt by now, however there's a new rising star: Ansible. In this talk we'll learn about the way ansible approaches configuration management, software deployment, remote execution and other general IT tasks. We'll examine how to get up and running in a moment and how easy it is to manage multiple concurrent servers in parallel without needing additional daemons or bootstrapping! The talk will cover differences to puppet, chef etc and examine how to customise and extend Ansible with our favourite language. Join us for this talk and you'll see why this award winning Python project has relevance for PHP and your work life through getting your servers under control. This is a new talk about a relatively new configuration management system that is less complex to work with than puppet, chef, salt etc. but requires nothing extra on the machines being managed.TRANSCRIPT
@magma_digital
Orchestrate your Infrastructure
Magma Digital Ltd
Jeremy Coates
@magma_digital
Who am I?๏ Jeremy Coates, MD at Magma Digital Ltd
๏ Founder of PHPNW
๏ Manchester Digital Association Council Member
๏ @phpcodemonkey
๏ linkedin.com/in/jeremycoates
@magma_digital
What isAnsible?
SALT CHEFPUPPET Ansible
@magma_digital
Whyuse it? Predictable
Consistent
Repeatable
Known state
Easy
@magma_digital
Install:Controller๏ Only install on controller machine
๏ Requires: Python 2.6+, Paramiko (ssh), PyYAML, Jinja2
๏ RedHat: yum install ansible
๏ Debian: apt-get install ansible
๏ OS X: brew install ansible
๏ All: pip install ansible or from source
@magma_digital
Install:Remotes๏ Nothing much!
๏ SSH server
๏ Python 2.4+ and simplejson module
๏ Or just Python 2.6+
๏ Essentially any *nix distro in last decade
@magma_digital
First 10 minutes๏ Command line usage:
• ansible -i hosts -m ping all
• ansible webserver -m setup
• ansible -i /path/to/hosts -m <module> [options e.g -vvvv] <host pattern>
• Default checks /etc/ansible/hosts
• -- check && -- diff
@magma_digital
Inventory: Hosts[webservers]web ansible_ssh_host=127.0.0.1 ansible_ssh_port=2222 ansible_ssh_user=vagrant ansible_ssh_private_key_file=~/.vagrant.d/insecure_private_key
web2 ansible_ssh_host=127.0.0.1 ansible_ssh_port=2201 ansible_ssh_user=vagrant ansible_ssh_private_key_file=~/.vagrant.d/insecure_private_key
[dbservers]db ansible_ssh_host=127.0.0.1 ansible_ssh_port=2202 ansible_ssh_user=vagrant ansible_ssh_private_key_file=~/.vagrant.d/insecure_private_key
@magma_digital
Inventory:Dynamic hosts๏ Plugin scripts for:
• Amazon EC2
• Digital Ocean
• Linode
• Vagrant
• + others
๏ Or create your own CMDB (Configuration Management DB)
@magma_digital
Playbooks๏ Commandline doesn’t scale: Playbooks do
๏ Playbooks are YAML
๏ ansible-playbook -i hosts playbook.yml
@magma_digital
Sample Playbook
--- - hosts: localhost user: root vars: motd_warning: 'WARNING: Use by ACME Employees ONLY' tasks: - name: setup a MOTD copy: dest=/etc/motd content={{ motd_warning }}
@magma_digital
Playbooks๏ Language of playbooks relatively familiar to devs
๏ Targets - groups of tasks / vars etc.
๏ Vars - nice and obvious!
๏ Tasks - actions using modules / vars
๏ Includes - re-usable components
@magma_digital
Playbooks Speed๏ Playbooks default to 5 forks
• -- forks <N> to vary this
๏ async: <seconds> for long running processes
๏ poll: <seconds> check the progress
๏ Tags: target sections of play books
๏ Roles: convention to enable reuse of playbooks
@magma_digital
Playbooks…๏ Looping: with_items:, with_fileglob:
๏ Conditional processing: when: ansible_os_family == ‘RedHat’
๏ Task Delegation: delegate_to: <host> or local_action: shorthand
๏ Vars: hostvars, groups, inventory*, environment
@magma_digital
Playbook Templates
๏ Jinja2 template engine. Has access to any ansible facts (vars)
๏ Comments: {# a comment #}
๏ If/else: {% if 'authorativenames' in group_names %} {% else %} {% endif %}
๏ Loops: {% for ip in ansible_all_ipv4_addresses %} {% end for %}
@magma_digital
Modules๏ Over 100 modules already exist
• Swiss army knife of machine management: ansible-doc
๏ Write own modules in any language, including PHP (json_encode)
๏ Module output key=value or JSON
@magma_digital
Ansible-pull๏ Runs on the machine to be configured
๏ Larger deployments (auto-scaling server farms etc.)
๏ Auto-update when repo changes
๏ Requires cron
@magma_digital
SHARE REUSEENHANCE
@magma_digital
Related?๏ ansible-vault - encryption for sensitive yaml files
๏ Ansible Guru - support subscription ($99/month)
๏ Ansible Tower (AWX) - commercial version
• Web console, REST API
• 50 machines from $2500/year (depending on support level needed)
๏ Vagrant - Ansible provisioner module
@magma_digital
ResourcesWebsite: ansible.com Documentation: docs.ansible.comTwitter: @ansibleIRC: #ansible (freenode)
Google Group: ansible-project Reddit: reddit.com/r/ansibleAnsible Weekly Newsletter: devopsu.comAnsible Configuration Management: (Daniel Hall: Packt Publishing Nov ’13 ISBN 978-1-78328-081-0)
@magma_digital
๏ Jeremy Coates, MD at Magma Digital Ltd
๏ Founder of PHPNW
๏ Manchester Digital Association Council Member
๏ @phpcodemonkey
๏ linkedin.com/in/jeremycoates
http://bit.ly/orchestrate_infrastructure
Simply Orchestrate https://joind.in/11296