go faster with ansible (aws meetup)
TRANSCRIPT
![Page 2: Go Faster with Ansible (AWS meetup)](https://reader033.vdocuments.mx/reader033/viewer/2022042723/58e65de71a28ab8d758b4d81/html5/thumbnails/2.jpg)
$ whoami• Richard Donkin• DevOps engineer / contractor• Ansible, Packer, Vagrant, Docker,
Linux, AWS, databases, …
• Experience of sys admin, DevOps, backend dev, architecture, startups, …
@rdonkin linkedin.com/in/rdonkin www.tempohq.net
![Page 3: Go Faster with Ansible (AWS meetup)](https://reader033.vdocuments.mx/reader033/viewer/2022042723/58e65de71a28ab8d758b4d81/html5/thumbnails/3.jpg)
Goal: Faster Correct Setup
ServersAppsDevelopers
• Correct configuration• No snowflake servers• Dev, Test, Production
![Page 4: Go Faster with Ansible (AWS meetup)](https://reader033.vdocuments.mx/reader033/viewer/2022042723/58e65de71a28ab8d758b4d81/html5/thumbnails/4.jpg)
InfrastructureAs Code
Software processes and tools for
infrastructure configuration
![Page 5: Go Faster with Ansible (AWS meetup)](https://reader033.vdocuments.mx/reader033/viewer/2022042723/58e65de71a28ab8d758b4d81/html5/thumbnails/5.jpg)
What Ansible DoesConfiguration Management• Code that controls config
App Deployment
Orchestration• Sequence operations on servers,
APIs, etc.
![Page 6: Go Faster with Ansible (AWS meetup)](https://reader033.vdocuments.mx/reader033/viewer/2022042723/58e65de71a28ab8d758b4d81/html5/thumbnails/6.jpg)
Why Ansible?• Agentless & serverless• Simple• Sequential• Declarative tasks• “Ensure nginx installed” • Enables idempotence
• Easy to learn• Scales to complex cloud
orchestration
![Page 7: Go Faster with Ansible (AWS meetup)](https://reader033.vdocuments.mx/reader033/viewer/2022042723/58e65de71a28ab8d758b4d81/html5/thumbnails/7.jpg)
Quick InstallMac: brew install ansible
Debian/Ubuntu:sudo apt-add-repository ppa:ansible/ansiblesudo apt-get install -y ansible
RHEL/CentOS: use EPEL, then: sudo yum –y install ansible
Any Linux (latest Ansible, requires Python):sudo easy_install pipsudo pip install ansible
![Page 8: Go Faster with Ansible (AWS meetup)](https://reader033.vdocuments.mx/reader033/viewer/2022042723/58e65de71a28ab8d758b4d81/html5/thumbnails/8.jpg)
Hello PHPMailerPlaybooks
TasksIdempotence
![Page 9: Go Faster with Ansible (AWS meetup)](https://reader033.vdocuments.mx/reader033/viewer/2022042723/58e65de71a28ab8d758b4d81/html5/thumbnails/9.jpg)
Key ConceptsPlaybook = series of tasks• Targets one server or thousands• Servers defined by Inventory
Task = "ensure X is done" action
Play = set of tasks in playbook
![Page 10: Go Faster with Ansible (AWS meetup)](https://reader033.vdocuments.mx/reader033/viewer/2022042723/58e65de71a28ab8d758b4d81/html5/thumbnails/10.jpg)
Running a Playbook (1)
![Page 11: Go Faster with Ansible (AWS meetup)](https://reader033.vdocuments.mx/reader033/viewer/2022042723/58e65de71a28ab8d758b4d81/html5/thumbnails/11.jpg)
Running a Playbook (2)
Tasks will "skip" if state already OK
(Idempotence)
![Page 12: Go Faster with Ansible (AWS meetup)](https://reader033.vdocuments.mx/reader033/viewer/2022042723/58e65de71a28ab8d758b4d81/html5/thumbnails/12.jpg)
Writing a PlaybookPlay – hosts to process, become == sudoTasks - descriptive name- invoke module (apt) with parameters Play
Task
![Page 13: Go Faster with Ansible (AWS meetup)](https://reader033.vdocuments.mx/reader033/viewer/2022042723/58e65de71a28ab8d758b4d81/html5/thumbnails/13.jpg)
The Secret Life of Tasks
Each task runs SSH commands that • Upload a Module (e.g. apt)• Run module with task's
parameters• Return JSON output
![Page 14: Go Faster with Ansible (AWS meetup)](https://reader033.vdocuments.mx/reader033/viewer/2022042723/58e65de71a28ab8d758b4d81/html5/thumbnails/14.jpg)
Inventory and Variables
Group your servers & assign parameters[web]10.0.1.5110.0.1.52
[db]10.0.1.61
[web:vars]ansible_port=2222
$ ansible-playbook -i prod apache.yml --limit web
Ansible conditions based on groups and vars(Typically) inventory file for dev, test, prod, ...
![Page 15: Go Faster with Ansible (AWS meetup)](https://reader033.vdocuments.mx/reader033/viewer/2022042723/58e65de71a28ab8d758b4d81/html5/thumbnails/15.jpg)
AWS Dynamic Inventory
Generated by ec2.py from AWS API• EC2 instances, Route53, RDS, …• Many params per instance, inc. one
per tag• Groups for regions, AZs, and Tags:
ansible tag_KEY_VALUE -m ping
![Page 16: Go Faster with Ansible (AWS meetup)](https://reader033.vdocuments.mx/reader033/viewer/2022042723/58e65de71a28ab8d758b4d81/html5/thumbnails/16.jpg)
Apache Playbook (1)
Vars = parameters for this playbookCan be in separate include filesOr attach to hosts or host-groups in Inventory - e.g. Listening IP address should be in inventory
![Page 17: Go Faster with Ansible (AWS meetup)](https://reader033.vdocuments.mx/reader033/viewer/2022042723/58e65de71a28ab8d758b4d81/html5/thumbnails/17.jpg)
Apache Playbook (2)
template task runs Jinja2 on local file and copies to servernotify sends event to Handler- Each Handler runs just once, at end of whole
playbook- Restart a service, notify Slack, ...
![Page 18: Go Faster with Ansible (AWS meetup)](https://reader033.vdocuments.mx/reader033/viewer/2022042723/58e65de71a28ab8d758b4d81/html5/thumbnails/18.jpg)
Apache Playbook (3)
service task uses systemctl to enable start on boot- {{ apache_service }} instantiates var with Jinja2Handler restarts apache at end if any task does a notify
![Page 19: Go Faster with Ansible (AWS meetup)](https://reader033.vdocuments.mx/reader033/viewer/2022042723/58e65de71a28ab8d758b4d81/html5/thumbnails/19.jpg)
Apache PlaybookPlaybooksVariablesHandlers
![Page 20: Go Faster with Ansible (AWS meetup)](https://reader033.vdocuments.mx/reader033/viewer/2022042723/58e65de71a28ab8d758b4d81/html5/thumbnails/20.jpg)
Modules Over 840 modules "in the box"- Git, yum, apt, compose, pip, gem, …- Files: copy, template, edit, …- Permissions, ownership, SELinux- MySQL, PostgreSQL, MongoDB, ...
Targets:- Linux, Windows, Mac, Docker, VMs- AWS, Azure, GCP, network devices Anything with an API or CLI
![Page 21: Go Faster with Ansible (AWS meetup)](https://reader033.vdocuments.mx/reader033/viewer/2022042723/58e65de71a28ab8d758b4d81/html5/thumbnails/21.jpg)
AWS Security GroupsDefine security groups as vars in YAML• Format defined by your playbook• Each has list of rules (ingress and
egress)
![Page 22: Go Faster with Ansible (AWS meetup)](https://reader033.vdocuments.mx/reader033/viewer/2022042723/58e65de71a28ab8d758b4d81/html5/thumbnails/22.jpg)
AWS Security GroupsPlaybook applies all groups in a list
![Page 23: Go Faster with Ansible (AWS meetup)](https://reader033.vdocuments.mx/reader033/viewer/2022042723/58e65de71a28ab8d758b4d81/html5/thumbnails/23.jpg)
Roles
"Modularised playbooks"- Split playbook into folder per type of
content- defaults folder for "parameter vars"- vars folder for "role vars" – hard to
override- meta folder for role dependencies
Vars
Tasks
Handlers
Apache + PHPplaybook
Apache role
PHP role
![Page 24: Go Faster with Ansible (AWS meetup)](https://reader033.vdocuments.mx/reader033/viewer/2022042723/58e65de71a28ab8d758b4d81/html5/thumbnails/24.jpg)
RolesUse Roles for everything!Skinny playbooks + modular roles Ideal playbook only calls roles, not tasks
Typical roles:• create-vpc• create-instances• base, apache, php, redis• deploy-app
"Wrapper roles" to invoke third party roles
![Page 25: Go Faster with Ansible (AWS meetup)](https://reader033.vdocuments.mx/reader033/viewer/2022042723/58e65de71a28ab8d758b4d81/html5/thumbnails/25.jpg)
Ansible GalaxyHub for 1000s of roles: galaxy.ansible.com
Discovery: Galaxy, GitHub, blogs, …
Assess quality carefully Install the roles needed by project: ansible-galaxy install –r requirements.yml
Pin the role to a version or Git commit
![Page 26: Go Faster with Ansible (AWS meetup)](https://reader033.vdocuments.mx/reader033/viewer/2022042723/58e65de71a28ab8d758b4d81/html5/thumbnails/26.jpg)
Testing Infra CodeBasic testing:- Separate test playbook using Vagrant VM
- Travis CI popular for open source- Smoke test at end of playbook:
Test frameworks:- Test-Kitchen, ServerSpec, InSpec, testinfra - Run whole series of tests - easier diagnosis
![Page 27: Go Faster with Ansible (AWS meetup)](https://reader033.vdocuments.mx/reader033/viewer/2022042723/58e65de71a28ab8d758b4d81/html5/thumbnails/27.jpg)
Drupal VM
Create a VM with one command: vagrant upAnsible: 37 roles, 630 tasks, 7,200 lines of code
![Page 28: Go Faster with Ansible (AWS meetup)](https://reader033.vdocuments.mx/reader033/viewer/2022042723/58e65de71a28ab8d758b4d81/html5/thumbnails/28.jpg)
ResourcesBook: Ansible for DevOps by Jeff Geerling – regular updates
Help: Stack Overflow, Ansible IRC + email lists
Roles:• Geerlingguy roles – wide range – pragmatic & well
maintained• Ansistrano: Deploying PHP apps demo (atomic model)
Projects:• Drupal-VM – http://drupalvm.com• Trellis - https://roots.io/trellis/ - very complete WordPress
setup• Use example project – requires node, bower & gulp
Best practices: Ansible.com, blogs by Leucos and Nylas
Podcasts: Arrested DevOps – general DevOps and Infra as Code
![Page 29: Go Faster with Ansible (AWS meetup)](https://reader033.vdocuments.mx/reader033/viewer/2022042723/58e65de71a28ab8d758b4d81/html5/thumbnails/29.jpg)
Thank YouRichard Donkin
@rdonkin
linkedin.com/in/rdonkin
www.tempohq.net
![Page 30: Go Faster with Ansible (AWS meetup)](https://reader033.vdocuments.mx/reader033/viewer/2022042723/58e65de71a28ab8d758b4d81/html5/thumbnails/30.jpg)
Infrastructure as Code
Software processes for cloud resources and server configs:• Code review• Version control• Automated tests• Automated push to servers
![Page 31: Go Faster with Ansible (AWS meetup)](https://reader033.vdocuments.mx/reader033/viewer/2022042723/58e65de71a28ab8d758b4d81/html5/thumbnails/31.jpg)
Rapid Growth in Ansible Activity
• Google Trends• 5 years to Jan 2017
![Page 32: Go Faster with Ansible (AWS meetup)](https://reader033.vdocuments.mx/reader033/viewer/2022042723/58e65de71a28ab8d758b4d81/html5/thumbnails/32.jpg)
One LinersAd hoc command on single host, or group from inventory
![Page 33: Go Faster with Ansible (AWS meetup)](https://reader033.vdocuments.mx/reader033/viewer/2022042723/58e65de71a28ab8d758b4d81/html5/thumbnails/33.jpg)
Trellis: Modern WordPress
Near Twelve Factor WordPress• Dev to Prod• PHP 7.1, A+ SSL, HTTP/2, WP-CLI, …• Example: rightsinfo.org
Related roots.io projects: • Bedrock (WP boilerplate)• Sage (starter theme)• Some commercial add-ons
Example project (blog post):• Install node, gulp, bower, Vagrant
plugins• vagrant up• Some fixes required for Ansible 2.2
![Page 34: Go Faster with Ansible (AWS meetup)](https://reader033.vdocuments.mx/reader033/viewer/2022042723/58e65de71a28ab8d758b4d81/html5/thumbnails/34.jpg)
Advanced: Write a Module
Much more common to write a roleRequired for major new features:• New API• New package tool• New container format
Most modules written in PythonAny language is fine: • PHP, C, Go, Perl, PowerShell, ...