ANSIBLEINTRODUCTION TO ANSIBLE

Mattias Gees / @MattiasGees

WHAT IS ANSIBLE?Started in February 2012By Michael DeHaanMore than 600 ContributorsOrchestration Engine

Configuration ManagementApplication DeploymentContinuous Delivery

ONLINE RESOURCES

WEBSITE

DOCUMENTATION

MAILING LISTSansible-announceansible-projectansible-devel

IRC#ANSIBLE

GITHUBHTTPS://GITHUB.COM/ANSIBLE/ANSIBLE

BENEFITS

NO AGENT REQUIREDSSH

EASY TO INSTALL# EPEL repoyum install ansible

# Available through a PPAapt-get install ansible

pip install ansible

REQUIREMENTSControl machine: Python 2.6Managed node: Python 2.4python-simplejsonlibselinux-python

YAML SYNTAX---- yum: name= state=installed with_items: - app_server - acme_software

- service: name=app_server state=running enabled=yes

- template: src=/opt/code/templates/foo.j2 dest=/etc/foo.conf notify: - restart app server

SCALABLE

CUSTOMIZABLE

COMMANDSansibleansible-playbookansible-pullansible-docansible-galaxy

MODULESRun on remote hostControl system resources, executing system commandsNotificationEasy to write new modules

MODULESCloudCommandsDatabaseFilesInternalInventoryMessagingMonitoringNet InfrastructureNetworkNotificationPackagingSource ControlSystemUtilitiesWeb Infrastructure

INVENTORYContains all the managed hostsCan contain variablesFlat file(s) or script (dynamic inventory)Can interact with your own CMDBMultiple inventory sources

INVENTORYmail.example.com

[webservers]foo.example.combar.example.com

[dbservers]one.example.comtwo.example.comthree.example.com

[servers:children]webserversdbservers

INVENTORYjumper ansible_ssh_port=5555 ansible_ssh_host=192.168.1.

[webservers]www[01:50].example.com

[webserver:vars]port=80

ANSIBLEBasic tasksInformation from system(s)Execute one module

Usage: ansible host-pattern [options]

ANSIBLEansible all -m ping -oansible demo -m setupansible foo.example.com -a “/usr/sbin/reboot”

ansible demo -m file -a "dest=/srv/foo/a.txt mode=600" -oansible demo-one -m yum -a "name=httpd state=installed"ansible demo-one -m service -a "name=httpd state=started"

PLAYBOOKSExecution of tasksOne task is one moduleVariablesHandlersIdempotent

ANSIBLE---- hosts: http remote_user: user sudo: yes vars: in_ports: - 80 tasks: - name: install httpd action: yum name=httpd state=latest

- name: copy httpd.conf action: template src=httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf owner=root group=root mode=0644 seuser="system_u" setype="httpd_config_t" backup=yes notify: - restart httpd

ROLESReusable list of tasksHas one goal (eg deploy apache)Reusable

---- hosts: demo gather_facts: False connection: local serial: 1 vars: in_ports: - 80 roles: - httpd - mysql - iptables

TEMPLATESJinja2 templating engineUse of variables in filesLoops, Conditionals, Filters, ...

< Proxy balancer://{{ balancer_name }}>{% for host in groups['demo-web'] %} BalancerMember http://{{ hostvars[host].ansible_eth1.ipv4.address }}{% endfor %} Order allow,deny Allow from all< /Proxy>

ANSIBLE-PLAYBOOKExecute a playbookSet-up a whole environment / host(s)

Usage: ansible-playbook playbook.yml -i inventory -l limit to host / group

EXTRA FEATURES

ACCELERATED MODE---- hosts: all accelerate: true # default port is 5099 accelerate_port: 10000

ASYNCHRONOUS ACTIONS AND POLLING---- hosts: all remote_user: root tasks: - name: simulate long running op (15 sec), wait for up to 45, poll every 5 command: /bin/sleep 15 async: 45 poll: 5

CHECK MODEUsage: ansible-playbook foo.yml --check

---tasks:

- name: this task is run even in check mode command: /something/to/run --even-in-check-mode always_run: yes

Usage: ansible-playbook foo.yml --check --diff --limit foo.example.com

ROLLING UPDATES---- name: test play hosts: webservers serial: 3

MAX FAILURE PERCENTAGE---- hosts: webservers max_fail_percentage: 30 serial: 10

DELEGATION---- hosts: webservers serial: 5

tasks: - name: take out of load balancer pool command: /usr/bin/take_out_of_pool {{ inventory_hostname }} delegate_to: loadbalancer.example.com

- name: actual steps would go here yum: name=acme-web-stack state=latest

- name: add back to load balancer pool command: /usr/bin/add_back_to_pool {{ inventory_hostname }} delegate_to: loadbalancer.example.com

LOCAL ACTIONS/PLAYBOOKS---# ... tasks: - name: recursively copy files from management server to target local_action: command rsync -a /path/to/files {{ inventory_hostname }}:/path/to/target/

Usage: ansible-playbook playbook.yml --connection=local

---- hosts: demo connection: local

ERROR HANDLING / OVERRIDING OUTPUT---- name: this will not be counted as a failure command: /bin/false ignore_errors: yes

- name: this command prints FAILED when it fails command: /usr/bin/example-command -x -y -z register: command_result failed_when: "'FAILED' in command_result.stderr"

- shell: /usr/bin/billybass --mode="take me to the river" register: bass_result changed_when: "bass_result.rc != 2"

LOOKUPS---- hosts: all

tasks:

- debug: msg="{{ lookup('env','HOME') }} is an environment variable"

- debug: msg="{{ item }} is a line from the result of this command" with_lines: - cat /etc/motd

- debug: msg="{{ lookup('pipe','date') }} is the raw result of running this command"

- debug: msg="{{ lookup('redis_kv', 'redis://localhost:6379,somekey') }} is value in Redis for somekey"

- debug: msg="{{ lookup('dnstxt', 'example.com') }} is a DNS TXT record for example.com"

- debug: msg="{{ lookup('template', './some_template.j2') }} is a value from evaluation of this template"

PROMPTS---- hosts: all remote_user: root vars: from: "camelot" vars_prompt: name: "what is your name?" quest: "what is your quest?"

vars_prompt: - name: "release_version" prompt: "Product release version" default: "1.0"

TAGS---tasks:

- yum: name={{ item }} state=installed with_items: - httpd - memcached tags: - packages

- template: src=templates/src.j2 dest=/etc/foo.conf tags: - configuration

Usage: ansible-playbook example.yml --tags "configuration,packages"

---roles: - { role: webserver, port: 5000, tags: [ 'web', 'foo' ] }

---- include: foo.yml tags=web,foo

BEST PRACTICESproduction # inventory file for production serversstage # inventory file for stage environment

group_vars/ group1 # here we assign variables to particular groups group2 # ""host_vars/ hostname1 # if systems need specific variables, put them here hostname2 # ""

site.yml # master playbookwebservers.yml # playbook for webserver tierdbservers.yml # playbook for dbserver tier

roles/ common/ # this hierarchy represents a "role" tasks/ # main.yml # <-- tasks file can include smaller files if warranted handlers/ # main.yml # <-- handlers file templates/ # <-- files for use with the template resource ntp.conf.j2 # <------- templates end in .j2 files/ # bar.txt # <-- files for use with the copy resource foo.sh # <-- script files for use with the script resource vars/ # main.yml # <-- variables associated with this role

ANSIBLE-PULLHost gets Ansible configuration

GitSVNNFS...

Runs the playbook on itselfNo central machine neededEnforcing of configuration

Usage: ansible-pull [options] playbook.yml

ANSIBLE-DOCView documentation of modules

Usage: ansible-doc yum -M module_path

ANSIBLE-GALAXYDownload roleshttp://galaxy.ansible.com

Usage: ansible-galaxy install bennojoy.nginx

THANK YOUMATTIAS GEES

/ @MattiasGees mattias.gees@btr-services.be