how ansible makes automation easy
DESCRIPTION
Talk for Gluecon 2014 - DevOps track.TRANSCRIPT
@pas256 @Answers4AWS
How Ansible Makes Automation Easy
Gluecon: May 2014 !!
Peter Sankauskas Founder, Answers for AWS
@pas256 @Answers4AWS
⢠Engineer
⢠Founder of Answers for AWS
⢠Wrote the EC2 inventory plugin for Ansible
⢠Run the Advanced AWS meetup in SF
⢠Won a NetflixOSS Cloud Prize for my Ansible playbooks
About Me
@pas256 @Answers4AWS
!
!
Beautiful, flexible shell scripts
What is Ansible?
@pas256 @Answers4AWS
⢠Installation and configuration of services
⢠Code deployment
⢠Provisioning
⢠Image creation
What can you automate?
@pas256 @Answers4AWS
⢠Easy to read, write and share playbooks
⢠Thousands of modules *
⢠Great documentation
⢠Support
Why is it easy?
* 2015 projection
@pas256 @Answers4AWS
@pas256 @Answers4AWS
!!!- name: Install Apache web server apt: pkg=apache2 state=latest
What does this do?
@pas256 @Answers4AWS
!!!- name: Install Apache web server apt: pkg=apache2 state=latest
What does this do?Documentation
ArgumentsModule
@pas256 @Answers4AWS
- name: Install Apache web server with PHP apt: pkg={{ item }} state=latest with_items: - apache2 - php5 - libapache2-mod-php5 - php-apc
!
@pas256 @Answers4AWS
- name: Install Apache web server with PHP (apt version) apt: pkg={{ item }} state=latest with_items: - apache2 - php5 - libapache2-mod-php5 - php-apc when: ansible_distribution == âUbuntu'"!!- name: Install Apache web server with PHP (yum version) yum: pkg={{ item }} state=latest with_items: - httpd24 - php55 - php55-pecl-apc when: ansible_distribution == 'Amazon'
@pas256 @Answers4AWS
- name: Copy website configuration copy: src=site.conf dest=/etc/apache2/sites-available/site.conf owner=root group=root mode=0755 notify: restart apache tags: config
A little more complex
@pas256 @Answers4AWS
⢠Contains one or more âplaysâ
⢠Written in YAML
⢠Declare configuration
⢠YAML is not code
⢠Executed in the order it is written
⢠No dependency graph
Playbooks
@pas256 @Answers4AWS
⢠apt/yum/pip
⢠Add/Remove packages
⢠command/shell
⢠Execute any shell command (with or without environment)
⢠copy
⢠Copy a file from source to destination on host
⢠file
⢠Create directories, symlinks, change permissions
⢠service
⢠Start/Stop/Enable services
⢠template
⢠Same as copy, but with variable substitutions in file
Modules
@pas256 @Answers4AWS
accelerate
acl
add_host
airbrake_deployment
alternatives
apache2_module
apt
apt_key
apt_repository
apt_rpm
arista_interface
arista_l2interface
arista_lag
arista_vlan
assemble
assert
async_status
async_wrapper
at
authorized_key
bigip_facts
bigip_monitor_http
bigip_monitor_tcp
bigip_node
bigip_pool
bigip_pool_member
boundary_meter
bzr
campfire
capabilities
cloudformation
command
composer
copy
cpanm
cron
datadog_event
debconf
debug
digital_ocean
digital_ocean_domain
digital_ocean_sshkey
django_manage
dnsimple
dnsmadeeasy
docker
docker_image
easy_install
ec2
ec2_ami
ec2_ami_search
ec2_asg
ec2_eip
ec2_elb
ec2_elb_lb
ec2_facts
ec2_group
ec2_key
ec2_lc
ec2_metric_alarm
ec2_scaling_policy
ec2_snapshot
ec2_tag
ec2_vol
ec2_vpc
ejabberd_user
elasticache
facter
fail
fetch
file
filesystem
fireball
firewalld
flowdock
gc_storage
gce
gce_lb
gce_net
gce_pd
gem
get_url
git
github_hooks
glance_image
group
group_by
grove
hg
hipchat
homebrew
homebrew_cask
homebrew_tap
hostname
htpasswd
include_vars
ini_file
irc
jabber
jboss
jira
kernel_blacklist
keystone_user
layman
librato_annotation
lineinfile
linode
lldp
locale_gen
logentries
lvg
lvol
macports
modprobe
mongodb_user
monit
mount
mqtt
mysql_db
@pas256 @Answers4AWS
mysql_replication
mysql_user
mysql_variables
nagios
netscaler
newrelic_deployment
nexmo
nova_compute
nova_keypair
npm
ohai
open_iscsi
openbsd_pkg
openvswitch_bridge
openvswitch_port
opkg
osx_say
ovirt
pacman
pagerduty
pause
ping
pingdom
pip
pkgin
pkgng
pkgutil
portage
portinstall
postgresql_db
postgresql_privs
postgresql_user
quantum_floating_ip
quantum_floating_ip_associate
quantum_network
quantum_router
quantum_router_gateway
quantum_router_interface
quantum_subnet
rabbitmq_parameter
rabbitmq_plugin
rabbitmq_policy
rabbitmq_user
rabbitmq_vhost
raw
rax
rax_cbs
rax_cbs_attachments
rax_clb
rax_clb_nodes
rax_dns
rax_dns_record
rax_facts
rax_files
rax_files_objects
rax_identity
rax_keypair
rax_network
rax_queue
rds
rds_param_group
rds_subnet_group
redhat_subscription
redis
replace
rhn_channel
rhn_register
riak
rollbar_deployment
route53
rpm_key
s3
script
seboolean
selinux
service
set_fact
setup
shell
slack
slurp
sns
stackdriver
stat
subversion
supervisorctl
svr4pkg
swdepot
synchronize
sysctl
template
twilio
typetalk
ufw
unarchive
uri
urpmi
user
virt
vsphere_guest
wait_for
xattr
yum
zfs
zypper
zypper_repository
@pas256 @Answers4AWS
⢠Reuse a set of tasks, files, variables and templates
⢠Ansible Galaxy for being social
⢠Web
⢠Database
⢠System
⢠moreâŚ
Roles
@pas256 @Answers4AWS
Documentation
http://docs.ansible.com/
Slides
http://www.slideshare.net/pas256/code-mash
Video
http://answersforaws.com/episodes/2-ansible-and-aws/
Introduction to Ansible
@pas256 @Answers4AWS
â Installation and configuration of services
⢠Code deployment
⢠Provisioning
⢠Image creation
What can you automate?
@pas256 @Answers4AWS
- name: Get code from GitHub for branch {{ branch }} git: [email protected]:company/website.git dest=/var/www/website version={{ branch }} accept_hostkey=yes" " - name: Copy database.yml from S3 to rails s3: bucket=company-devops object=database.yml dest=/var/www/website/config/database.yml mode=get"! - name: Bundle install shell: chdir=/var/www/website bundle install --without development test"! - name: Precompile assets with rake shell: chdir=/var/www/website RAILS_ENV={{ env }} bundle exec rake assets:precompile
Code deployment
@pas256 @Answers4AWS
⢠Create security group
⢠Launch instance
⢠Create load balancer
⢠Register instance with load balancer
Provisioning
@pas256 @Answers4AWS
Donât do this
@pas256 @Answers4AWS
⢠Use CloudFormation
⢠Dependency management
⢠Delete for free
⢠Ultimate combination
⢠python + boto + troposphere
Donât do this on AWS
@pas256 @Answers4AWS
- local_action: module: gce name: test-instance zone: us-central1-a machine_type: n1-standard-1 image: debian-7
Provisioning on GCE is fine
@pas256 @Answers4AWS
â Installation and configuration of services
â Code deployment
â Provisioning
⢠Image creation
What can you automate?
@pas256 @Answers4AWS
⢠Run in local mode
⢠Do not start services
⢠Use Ansible provisioner for
⢠aminator
⢠packer
⢠Use Bakery4AWS (apply for beta access)
Image creation
@pas256 @Answers4AWS
Flexible playbooks
@pas256 @Answers4AWS
Same playbook can:
⢠Run on a single instance
Flexible playbooks
Ansible Playbook
Laptop
@pas256 @Answers4AWS
Same playbook can:
⢠Run on a single instance
⢠Run on multiple instances
Flexible playbooks
Ansible Playbook
Laptop
@pas256 @Answers4AWS
Same playbook can:
⢠Run on a single instance
⢠Run on multiple instances
⢠Run against multiple OSes
Flexible playbooks
Ansible Playbook
Laptop
@pas256 @Answers4AWS
Same playbook can:
⢠Run on a single instance
⢠Run on multiple instances
⢠Run against multiple OSes
⢠Run in local mode to create image
Flexible playbooks
Ansible Playbook
Laptop
Packer/Aminator
@pas256 @Answers4AWS
Four things to consider to write highly flexible playbooks
⢠Header
⢠Common variables
⢠Services
⢠Handlers
How?
@pas256 @Answers4AWS
--- - name: My Playbook hosts: all sudo: True roles: - role1 - role2 vars_files: - vars/common.yml - vars/{{ ansible_distribution }}.yml
Playbook header
@pas256 @Answers4AWS
--- ami_build: ami is defined and ami not_ami_build: ami is not defined or not ami
Common Variables File
@pas256 @Answers4AWS
- name: Enable Apache HTTP Web Server service service: name=httpd enabled=yes"!- name: Starting Apache HTTP Web Server service service: name=httpd state=started when: not_ami_build"!- name: Stopping Apache HTTP Web Server service service: name=httpd state=stopped when: ami_build
Services
@pas256 @Answers4AWS
--- - name: restart apache service: name=httpd state=restarted when: not_ami_build
Handlers
@pas256 @Answers4AWS
⢠Against Ubuntu web servers
ansible-playbook myplaybook.yml -u ubuntu -l web"
⢠Against Amazon Linux web servers
ansible-playbook myplaybook.yml -u ec2-user -l web"
⢠Build an AMI
ansible-playbook myplaybook.yml -u ubuntu -e âami=Trueâ -c local -i â127.0.0.1,â
Execution
@pas256 @Answers4AWS
!
Questions? Play Stump the Presenter
!
Slides available online:
⢠http://bit.ly/gluecon-ansible
Thank you