A journey with Ansible & AWSSteven Ringo

CochlearSharing of patient-related data

among clinics and servicecentres.

Challenges

Regulatory & Compliance

Security

Sovereignty

Privacy

Geographic

Cultural

Organisational

Legal

Manage

Scale

Secure

Maintain

Infrastructure as codeSource control

Audit trail

Self documenting

Shared knowledge base

Desired resultsAgility

Convenience

Automation

Sandboxes, throwaway & testenvironments

bash

Let's create anew user

StackOverflow to the rescue!

sudo useradd myusersudo useradd -m myusersudo passwd myusersudo usermod -s /bin/bash myuser

Oh f*#&. User exists!

How to change home folder?

sudo?

useradd or adduser?

Ubuntu vs RedHat.

# Add the user 'borat' with a bash shell, # appending the group 'admins'# and 'developers' to the user's groups

- user: name: borat shell: /bin/bash groups: kazakhs append: yes

Idempotence

The ability to run an operationthat produces the same resultregardless of how many times

it is run.

SSH

No agents

Open source

Reads like prose

Declarative

YAML

Instant start.

Install locally and go!Small learning curve to get started

RHEL, CentOS, Fedora

Debian, Ubuntu

OS X

Windows*

“I wrote Ansible because noneof the existing tools fit mybrain. I wanted a tool that Icould not use for 6 months,come back later, and still

remember how it worked”— Michael De Haan. Ansible project founder

Cloud - Commands - Database - Files - Inventory

Messaging - Monitoring - Network - Notification

Packaging - Source - Control - System - Utilities

Web Infrastructure - Windows

AWS Modulesec2 Create, terminate, start or stop an instance in ec2ec2_ami Create or destroy an image in ec2ec2_ami_search Retrieve AWS AMI information for a given operating system.ec2_asg Create or delete AWS Autoscaling Groupsec2_eip Associate an EC2 elastic IP with an instance.ec2_elb Deregisters or registers instances from EC2 ELBsec2_elb_lb Creates or destroys Amazon ELB.ec2_facts Gathers facts about remote hosts within ec2 (aws)ec2_group Maintain an ec2 VPC security group.ec2_key Maintain an ec2 key pair.ec2_lc Create or delete AWS Autoscaling Launch Configurationsec2_metric_alarm Create/update or delete AWS Cloudwatch ‘metric alarms’ec2_scaling_policy Create or delete AWS scaling policies for Autoscaling groupsec2_snapshot Creates a snapshot from an existing volumeec2_tag Create and remove tag(s) to ec2 resources.ec2_vol Create and attach a volume, return volume id and device mapec2_vpc Configure AWS virtual private clouds

AWS Modulescloudformation Create a AWS CloudFormation stackelasticache Manage cache clusters in Amazon Elasticache.rds Create, delete, or modify an Amazon rds instancerds_param_group Manage RDS parameter groupsrds_subnet_group Manage RDS database subnet groupsroute53 Add or delete entries in Amazons Route53 DNS services3 S3 module putting a file into S3.

AnsibleConcepts

ModuleAbstraction of a thing that does stuff

TaskUse a module with desired parameters

# Remove the user 'johnd'- user: name=johnd state=absent remove=yes

PlayA list of tasks

for a list of hosts

---

- name: install The Thing™

hosts: webserver

remote_user: deploy

sudo: yes

tasks:

- name: create log file in /var/log

file: path="/var/log/csds" state=directory owner={{ deploy_user }} group={{ deploy_user }} mode=0755

- name: write nginx config file

template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf mode=0755

notify: restart nginx

- name: check if database exists using result of create database task

postgresql_db: name={{ postgresql_db }} encoding='UTF-8'

register: create_database_result

- name: create postgresql user

postgresql_user: name={{ postgresql_user }} db={{ postgresql_db }} role_attr_flags=CREATEDB,NOSUPERUSER

PlaybookCollections of plays

PlaybookDeploy a Rails app

With Postgres

From the demo/demo GitHub repo

To an AWS instance in Sydney

On Ubuntu 14.04

As the Deploy user

TemplatesFiles copied to hosts

Written in Jinja

Similar to erb, handlebars etc.

Templatevariable substitution from calling playbookconditionals and loopstext transform filters

InventoryList of managed hosts and metadata for

where you want to deploy.

Static list

Dynamically generated list (e.g. EC2)

mail.example.com

[webservers]foo.example.com http_port=8080 data_dir=/var/www/data/foobar.example.com

[dbservers]one.example.comtwo.example.comthree.example.com

HandlersTake an action upon a change of state

e.g. restart a service

PluginsCallback, action and other hooks

“Chatops”Send a Slack message

at playbook start or end

FactsData gathered

from target hostsIP addressHardwareOperating SystemEnvironment variables, etc.

RolesPlays as reusable 'components'

RolesBased on convention based on filename and directory structureGrouping of related tasks, files, handlers etcrole_name/tasks/main.ymlhandlers/main.ymlvars/main.ymlfiles/{file1.conf,file2.txt}templates/{file3.conf.j2,otherfile.j2}

Installhttp://docs.ansible.com/intro_installation.html

Documentationhttp://docs.ansible.com/