Download - How Ansible Makes Automation Easy

@pas256 @Answers4AWS

How Ansible Makes Automation Easy

Gluecon: May 2014 !!

Peter Sankauskas Founder, Answers for AWS


• Engineer

• Founder of Answers for AWS

• Wrote the EC2 inventory plugin for Ansible

• Run the Advanced AWS meetup in SF

• Won a NetflixOSS Cloud Prize for my Ansible playbooks

About Me


!

!

Beautiful, flexible shell scripts

What is Ansible?


• Installation and configuration of services

• Code deployment

• Provisioning

• Image creation

What can you automate?


• Easy to read, write and share playbooks

• Thousands of modules *

• Great documentation

• Support

Why is it easy?

* 2015 projection


!!!- name: Install Apache web server apt: pkg=apache2 state=latest

What does this do?


!!!- name: Install Apache web server apt: pkg=apache2 state=latest

What does this do?Documentation

ArgumentsModule


- name: Install Apache web server with PHP apt: pkg={{ item }} state=latest with_items: - apache2 - php5 - libapache2-mod-php5 - php-apc

!


- name: Install Apache web server with PHP (apt version) apt: pkg={{ item }} state=latest with_items: - apache2 - php5 - libapache2-mod-php5 - php-apc when: ansible_distribution == ‘Ubuntu'"!!- name: Install Apache web server with PHP (yum version) yum: pkg={{ item }} state=latest with_items: - httpd24 - php55 - php55-pecl-apc when: ansible_distribution == 'Amazon'


- name: Copy website configuration copy: src=site.conf dest=/etc/apache2/sites-available/site.conf owner=root group=root mode=0755 notify: restart apache tags: config

A little more complex


• Contains one or more “plays”

• Written in YAML

• Declare configuration

• YAML is not code

• Executed in the order it is written

• No dependency graph

Playbooks


• apt/yum/pip

• Add/Remove packages

• command/shell

• Execute any shell command (with or without environment)

• copy

• Copy a file from source to destination on host

• file

• Create directories, symlinks, change permissions

• service

• Start/Stop/Enable services

• template

• Same as copy, but with variable substitutions in file

Modules


accelerate

acl

add_host

airbrake_deployment

alternatives

apache2_module

apt

apt_key

apt_repository

apt_rpm

arista_interface

arista_l2interface

arista_lag

arista_vlan

assemble

assert

async_status

async_wrapper

at

authorized_key

bigip_facts

bigip_monitor_http

bigip_monitor_tcp

bigip_node

bigip_pool

bigip_pool_member

boundary_meter

bzr

campfire

capabilities

cloudformation

command

composer

copy

cpanm

cron

datadog_event

debconf

debug

digital_ocean

digital_ocean_domain

digital_ocean_sshkey

django_manage

dnsimple

dnsmadeeasy

docker

docker_image

easy_install

ec2

ec2_ami

ec2_ami_search

ec2_asg

ec2_eip

ec2_elb

ec2_elb_lb

ec2_facts

ec2_group

ec2_key

ec2_lc

ec2_metric_alarm

ec2_scaling_policy

ec2_snapshot

ec2_tag

ec2_vol

ec2_vpc

ejabberd_user

elasticache

facter

fail

fetch

file

filesystem

fireball

firewalld

flowdock

gc_storage

gce

gce_lb

gce_net

gce_pd

gem

get_url

git

github_hooks

glance_image

group

group_by

grove

hg

hipchat

homebrew

homebrew_cask

homebrew_tap

hostname

htpasswd

include_vars

ini_file

irc

jabber

jboss

jira

kernel_blacklist

keystone_user

layman

librato_annotation

lineinfile

linode

lldp

locale_gen

logentries

lvg

lvol

macports

mail

modprobe

mongodb_user

monit

mount

mqtt

mysql_db


mysql_replication

mysql_user

mysql_variables

nagios

netscaler

newrelic_deployment

nexmo

nova_compute

nova_keypair

npm

ohai

open_iscsi

openbsd_pkg

openvswitch_bridge

openvswitch_port

opkg

osx_say

ovirt

pacman

pagerduty

pause

ping

pingdom

pip

pkgin

pkgng

pkgutil

portage

portinstall

postgresql_db

postgresql_privs

postgresql_user

quantum_floating_ip

quantum_floating_ip_associate

quantum_network

quantum_router

quantum_router_gateway

quantum_router_interface

quantum_subnet

rabbitmq_parameter

rabbitmq_plugin

rabbitmq_policy

rabbitmq_user

rabbitmq_vhost

raw

rax

rax_cbs

rax_cbs_attachments

rax_clb

rax_clb_nodes

rax_dns

rax_dns_record

rax_facts

rax_files

rax_files_objects

rax_identity

rax_keypair

rax_network

rax_queue

rds

rds_param_group

rds_subnet_group

redhat_subscription

redis

replace

rhn_channel

rhn_register

riak

rollbar_deployment

route53

rpm_key

s3

script

seboolean

selinux

service

set_fact

setup

shell

slack

slurp

sns

stackdriver

stat

subversion

supervisorctl

svr4pkg

swdepot

synchronize

sysctl

template

twilio

typetalk

ufw

unarchive

uri

urpmi

user

virt

vsphere_guest

wait_for

xattr

yum

zfs

zypper

zypper_repository


• Reuse a set of tasks, files, variables and templates

• Ansible Galaxy for being social

• Web

• Database

• System

• more…

Roles


Documentation

http://docs.ansible.com/

Slides

http://www.slideshare.net/pas256/code-mash

Video

http://answersforaws.com/episodes/2-ansible-and-aws/

Introduction to Ansible

http://docs.ansible.com/

http://www.slideshare.net/pas256/code-mash

http://answersforaws.com/episodes/2-ansible-and-aws/


✓ Installation and configuration of services

• Code deployment

• Provisioning

• Image creation



- name: Get code from GitHub for branch {{ branch }} git: [email protected]:company/website.git dest=/var/www/website version={{ branch }} accept_hostkey=yes" " - name: Copy database.yml from S3 to rails s3: bucket=company-devops object=database.yml dest=/var/www/website/config/database.yml mode=get"! - name: Bundle install shell: chdir=/var/www/website bundle install --without development test"! - name: Precompile assets with rake shell: chdir=/var/www/website RAILS_ENV={{ env }} bundle exec rake assets:precompile

Code deployment


• Create security group

• Launch instance

• Create load balancer

• Register instance with load balancer

Provisioning


Don’t do this


• Use CloudFormation

• Dependency management

• Delete for free

• Ultimate combination

• python + boto + troposphere

Don’t do this on AWS


- local_action: module: gce name: test-instance zone: us-central1-a machine_type: n1-standard-1 image: debian-7

Provisioning on GCE is fine


✓ Installation and configuration of services

✓ Code deployment

✓ Provisioning

• Image creation



• Run in local mode

• Do not start services

• Use Ansible provisioner for

• aminator

• packer

• Use Bakery4AWS (apply for beta access)

Image creation


Flexible playbooks


Same playbook can:

• Run on a single instance

Flexible playbooks

Ansible Playbook

Laptop


Same playbook can:


• Run on multiple instances

Flexible playbooks

Ansible Playbook

Laptop


Same playbook can:



• Run against multiple OSes

Flexible playbooks

Ansible Playbook

Laptop


Same playbook can:



• Run against multiple OSes

• Run in local mode to create image

Flexible playbooks

Ansible Playbook

Laptop

Packer/Aminator


Four things to consider to write highly flexible playbooks

• Header

• Common variables

• Services

• Handlers

How?


--- - name: My Playbook hosts: all sudo: True roles: - role1 - role2 vars_files: - vars/common.yml - vars/{{ ansible_distribution }}.yml

Playbook header


--- ami_build: ami is defined and ami not_ami_build: ami is not defined or not ami

Common Variables File


- name: Enable Apache HTTP Web Server service service: name=httpd enabled=yes"!- name: Starting Apache HTTP Web Server service service: name=httpd state=started when: not_ami_build"!- name: Stopping Apache HTTP Web Server service service: name=httpd state=stopped when: ami_build

Services


--- - name: restart apache service: name=httpd state=restarted when: not_ami_build

Handlers


• Against Ubuntu web servers

ansible-playbook myplaybook.yml -u ubuntu -l web"

• Against Amazon Linux web servers

ansible-playbook myplaybook.yml -u ec2-user -l web"

• Build an AMI

ansible-playbook myplaybook.yml -u ubuntu -e “ami=True” -c local -i “127.0.0.1,”

Execution


!

Questions? Play Stump the Presenter

!

Slides available online:

• http://bit.ly/gluecon-ansible

Thank you

http://bit.ly/gluecon-ansible

Download - How Ansible Makes Automation Easy

Top Related