ansible talk

7/23/2019 Ansible Talk

1/36

Ansible

Go directly to project site


2/36

What is it and whyshould I be using it?


3/36

What

is

it?

Ansible is a radically simple IT automation platform thatmakes your applications and systems easier to deploy.

Avoid writing scripts or custom code to deploy and

update your applications

Automate in a language that approaches plain English,using SSH

No agents to install on remote systems


4/36

What

is

it?

Why

use

it?

Ansible as a project dislikes complexity

Simplicity is relevant to all sizes of environments andusers of all types

It's not meant to be a tool you should have to obsessover, and it believes "perfect is the enemy of good" inmany cases. Therefore the learning curve is reallyfast.

No coding, instructions are plain YAML

Ansible is appropriate for managing small setups aswell as enterprise environments with manythousands.


5/36

Setup the control machine


6/36

Setup

the

controlmachine

Ansible uses python2.7 and SSH to communicate withyour remote systems

Have python2.7 installed

Use SSH keys for your authentication:

ssh-agent bashssk-keygenssh-add ~/.ssh/id_rsassh-copy-id -i /root/.ssh/id_rsa root@localhost

Install required packages

apt-get install python-pipapt-get install python-dev

Work in a virtualenv

pip install virtualenvvirtualenv myprojectcd myproject. bin/activatepip install ansible


7/36

Your first commands


8/36

Your

first

command

Ansible requires an inventory file

echo"localhost"> ansible_hosts

Ping all hosts in your inventory file

ansible all -m ping -i ansible_hosts

Congratulations. Youve just contacted your nodes withAnsible:

localhost | success >> { "changed": false,

"ping": "pong"}


9/36

Your

first

commands

Examine

the

commandline

ansible all -m ping -i ansible_hosts

all

Ansible works against multiple systems in yourinfrastructure at the same time. It does this byselecting portions of systems listed in Ansiblesinventory file. "all" is a special word to work with allthe hosts at the same time.

-m

will accept a correct module name (e.g., "ping").Ansible ships with a module library but you can writeyour own module too. Modules are idempotent,meaning they will seek to avoid changes to the systemunless a change needs to be made. The (long) list ofmodules can be found here.

-i

The name of the inventory file.
http://docs.ansible.com/modules_by_category.html


10/36

The inventory file


11/36

The

inventory

file

The format for ansible_hosts is an INI-like format andlooks like this:

[webservers]

localhost

[dbservers]one.example.comtwo.example.comthree.example.com

The things in brackets are group names, which are used inclassifying systems and deciding what systems you arecontrolling at what times and for what purpose.

It is ok to put systems in more than one group, forinstance a server could be both a webserver and adbserver.


12/36

Modules


13/36

Modules Ansible ships with a number of modules.Users can also write their own modules.

Each module supports taking arguments. Nearly allmodules take key=value arguments, space delimited.Some modules take no arguments, and thecommand/shell modules simply take the string of thecommand you want to run.

Most used modules

apt -- Add/Remove packages filecommand -- Execute any shell commandservice -- Start/Stop/Enable servicescopy -- Copy a file from source to destination on hostfile -- Create directories, symlinks, change permissionstemplate -- Copy, but with variable substitution in file

Example:

ansible all -m apt -i ansible_hosts -a "name=apache2 state=present"ansible all -m service -i ansible_hosts -a "name=apache2 state=started"


14/36

Playbooks


15/36

Playbooks Playbooks are Ansibles configuration, deployment,and orchestration language. They can describe a set ofconnected actions in a general IT process.

If Ansible modules are the tools in your workshop,playbooks are your design plans.

Playbooks are expressed in YAML format (see YAMLSyntax) and have a minimum of syntax, whichintentionally tries to not be a programming languageor script, but rather a model of a configuration or a

process.

Each playbook is composed of one or more plays in alist.

While it is possible to write a playbook in one verylarge file, eventually youll want to reuse files andstart to organize things.


16/36

Playbook

Example

Write an inventory file

echolocalhost > ansible_hosts

Open a file named playbook.yml

---- hosts: all vars: http_port: 80 remote_user: root

tasks: - name: ensure apache2 is installed apt: name=apache2 state=present

Run your playbook:

ansible-playbook -i ansible_hosts playbook.yml


17/36

Test passed:

PLAY [test]************************************************************

TASK: [ensure apache2 is installed]******************************************ok: [localhost] => {"changed": false}PLAY RECAP************************************************************localhost : ok=2 changed=0 unreachable=0 failed=0


18/36

Playbook Roles and Include Actions


19/36

Playbook

Roles

andInclude

Actions

A playbook that includes a role:

- hosts: webservers vars:

http_port: 80remote_user: root roles:

- webservers

Roles are ways of automatically loading certain variables,tasks, templates, handlers based on a known file structure.

Grouping content by roles also allows easy sharing of roleswith other users. Example role structure:

ansible_hostswebservers.ymlroles/ webservers/

files/ templates/ tasks/ handlers/ vars/ defaults/ meta/


20/36

Playbook

Roles

andInclude

Actions

Role hierarchy:

If roles/x/tasks/main.yml exists, tasks listed thereinwill be added to the play

If roles/x/handlers/main.yml exists, handlers listedtherein will be added to the playIf roles/x/vars/main.yml exists, variables listed thereinwill be added to the playIf roles/x/meta/main.yml exists, any roledependencies listed therein will be added to the list ofroles (1.3 and later)

Any copy tasks can reference files in roles/x/files/without having to path them relatively or absolutelyAny script tasks can reference scripts in roles/x /files/without having to path them relatively or absolutelyAny template tasks can reference files inroles/x/templates/ without having to path themrelatively or absolutelyAny include tasks can reference files in roles/x/tasks/without having to path them relatively or absolutely


21/36

Variables Variables should always start with a letter.foo_port is a great variable. foo5 is fine too.foo-port, foo port, foo.port and 12 are not validvariable names.

Variables can be defined in many places (pros & cons..)

in inventoryin a playbookincluded files

There are "facts", a type of variable that are discovered,not set by the user. Facts are returned by the module"setup", for example: The hostname as the system reportsit is: {{ ansible_hostname }}

registered variables (a task output)command line (--extra-vars)


22/36

Variables

hierarchy

extra vars (-e in the command line) always winthen comes connection variables defined in inventory(ansible_ssh_user, etc)then comes "most everything else" (command line

switches, vars in play, included vars, role vars, etc)then comes the rest of the variables defined ininventorythen comes facts discovered about a systemthen "role defaults", which are the most "defaulty" andlose in priority to everything.


23/36

Ansible and AWS


24/36

Ansible

and

AWS

Ansible contains a number of modules for controllingAmazon Web Services (AWS). All of the modules requireand are tested against recent versions of boto. Youll needthis Python module installed on your control machine.

pip install boto

Static inventory or dynamic Inventory?If you use AmazonWeb Services EC2, maintaining an inventory file might notbe the best approach, because hosts may come and goover time, be managed by external applications, or youmight even be using AWS autoscaling.


25/36

Ansible

and

AWS

AWS services ships with a set of credentials:

ssh keyacces_id

secret_key

Add the ssh key

ssh-add keyname

and set its name in aws-related playbooks (ansible will

look for your ssh-key in the standard path ~/.ssh/). Setyour access_id and secret_key in a "vars" file, then sourceit:

exportBOTO_CONFIG=/path/boto.confexportEC2_INI_PATH=/path/ec2.ini

exportAWS_ACCESS_KEY_ID=EXAMPLEKEYexport AWS_SECRET_ACCESS_KEY=ThisIsAnExampleexportAWS_DEFAULT_REGION=region

. aws-vars


26/36

Ansible

and

AWS

Some simple checks:

./plugins/inventory/ec2.py --list

{ "_meta": { "hostvars": { ... "ec2_architecture": "x86_64", ... }}

"ec2": [ ... "ec2-name.region.compute.amazonaws.com" ... ]}

ansible all -i ./plugins/inventory/ec2.py -m ping --user=admin

ec2-name.region.compute.amazonaws.com | success >> { "changed": false,

"ping": "pong"}


27/36

Manage your AWSnodes with ansible


28/36

Create

and

starta

node

demo-create.yml

- name: Creates aws-nodes hosts: all

connection: local remote_user: root vars: image_id: image-id

instance: instance-typekey_name: ssh-key

region: region-name

tasks: - name: Create and launch instance ec2: key_name: "{{ ssh-key }}"

instance_type: "{{ instance }}"image: "{{ image_id }}"region: "{{ region }}"

state: present

count: 1 wait: yes

ansible-playbook -i aws.ini demo-create.yml


29/36

Stop

a

node

demo-stop.yml

- name: Stop aws servers connection: local

remote_user: root vars:- region: region_name

tasks: - name: Stop instances ec2: region: "{{ region }}" state: stopped

instance_ids: "{{ec2_id}}"

ansible-playbook -i plugins/inventory/ec2.py demo-stop.yml

To see your instances being stopped.


30/36

Provision

nodes

Provision your nodesInstall apache on remote AWS hosts

./bin/ansible all -m apt -i plugins/inventory/ec2.py -a

"name=apache2 state=present"--user=admin -become=sudo

"changed": true,"stderr": "","stdout": "Reading package lists...

Building dependency tree... Reading state information... ...

Setting up apache2"


31/36

Delete

nodes

demo-terminate.yml

- name: Delete aws servers remote_user: root

vars:- region: region_name tasks: - name: Delete hosts ec2: instance_ids: "{{ ec2_id }}" region: "{{ region }}" state: absent

wait: yes

ansible-playbook -i plugins/inventory/ec2.py demo-terminate.yml


32/36

Some tools


34/36

Some

tools

debops

Your Debian-based data center in a box. It is a framework.It can be installed through ansible-galaxy. It is a collectionof Ansible playbooks, scalable from one container to anentire data center.

ansible-galaxy install debops.aptansible all -s -m apt -a 'update_cache=yes upgrade=yes'


35/36

Some

tools

epdb

epdb or pdb? The reason to use epdb over pdb is epdbcontains a remote debugging feature that can sometimesbe useful for debugging processes where you dont haveconsole access.

In python module write:

importepdbepdb.serve()

Command line to execute module:

ansible --forks 1 -i ansible_hosts --module-pathpath-m module_name -a ''

Command line to see breakpoint:

python -c "import epdb; epdb.connect()"


36/36

"All parts should go together without forcing. You must

remember that the parts you are reassembling were

disassembled by you. Therefore, if you can't get themtogether again, there must be a reason. By all means, do not

use a hammer."

-- IBM maintenance manual, 1925

Slideshow created using remark.
http://github.com/gnab/remark

ansible talk

Documents