A tour of Ansible

1. Provisioning, Config, Execution, (more) Fun

2. Steve Pereira 18 years in IT Startups and Enterprise Love learning about, teaching and talking about: • DevOps • CI/CD • Automation • Scale WHO AM I?

3. ANSIBLE FEATURES • Automation for local and remote system provisioning • Automation for local and remote applications deployment • No agents to install on remote systems • Using existing SSHd on remote systems and native SSH on host • Parallel by default - scale to 6000 targets with single master • Language that approaches plain english

4. ANSIBLE CONVENTIONS Playbooks - contain required tasks to configure systems and deploy Tasks - individual actions to perform on remote or local machines Roles - modular, single-purpose configurations for systems Inventory - files containing address information of target machines Handlers - actions triggered by tasks Templates - customizable files destined for managed machines

5. MINIMUM VIABLE ANSIBLE $ ansible all -i 'localhost,' -c local -m ping localhost | success >> { "changed": false, "ping": "pong" }

6. WHAT ELSE? • ansible webservers -m setup • ansible lb -m copy -a "src=hosts dest=/tmp/hosts” • ansible webservers -m yum -a "name=curl state=installed” • ansible webservers -m service -a "name=nginx state=restarted” • ansible-doc -l

7. PLAYBOOKS--- - hosts: webservers vars: http_port: 80 max_clients: 200 remote_user: root tasks: - name: ensure apache is at the latest version yum: pkg=httpd state=latest - name: write the apache conﬁg ﬁle template: src=/https/www.slideshare.net/srv/httpd.j2 dest=/etc/httpd.conf notify: - restart apache - name: ensure apache is running (and enable it at boot) service: name=httpd state=started enabled=yes handlers: - name: restart apache service: name=httpd state=restarted example_playbook.yml

14. ROLES my_role/ README.md (readme) defaults/ (default values) meta/ (role metadata) files/ (binaries) templates/ (file templates) handlers/ (operation handlers) tasks/ (playbook files) vars/ (custom variables) • Easily packaged and shared • Download community roles • Mix and match

15. INVENTORY • Define how ansible will interact with remote hosts • Define logical groups of managed nodes • One file for each environment • Default location : /etc/ansible/hosts • INI format, variable overrides sample_inventory.ini [loadbalancers] 10.20.30.41 10.20.30.42 [webservers] 10.20.30.51 hostname=artemis 10.20.30.52 hostname=apollo

16. TEMPLATES • Use Jinja2 templating and variables to customize • Defaults available when variables not provided (dev default with prod override) etc_logrotate.d.j2 {{ logﬁle }} { rotate {{ 7 | rotate_max }} {{ daily | frequency }} compress missingok notifempty }

17. IT CAN GET FANCY tasks: - name: install packages in a users virtualenv shell: su - c {{ item[0] }} '(. ./bin/activate && pip install {{ item[1] }})' with_nested: - [ 'jim', 'joe', 'jack' ] - [ package1==1.1, package2==1.2, package3==1.3 ] There are several types of loops: Hashes, Fileglobs, Sequence, Subelements, First match, Command results, Random and more but there’s a builtin pip module, anyways.

18. CONDITIONALS tasks: - command: /bin/false register: result ignore_errors:True - command: /bin/something when: result|failed - command: /bin/something_else when: result|success - command: /bin/still/something_else when: result|skipped The result of a play can depend on the value of a variable, fact (something learned about the remote system), or previous task result.

19. MORE CONDITIONALS! tasks: - shell: echo "I've got '{{ foo }}'" when: foo is defined - fail: msg="This play requires 'bar'" when: bar is not defined - command: echo {{ item }} with_items: [ 0, 2, 4, 6, 8, 10 ] when: item > 5 If a required variable has not been set, you can skip or fail using Jinja2’s defined test. For example:

20. SIMPLE, POWERFUL BUILTINS • 261 built-in modules • Many cloud providers, packages and tools are integrated • Easily add your own in any language examples: • ec2 - Create, terminate, start/stop an instance • docker - Manage docker containers • hipchat Send a message to hipchat • s3 - manage objects in S3 • twilio - Sends a text message to a phone • win_service - Manages Windows services • zfs - Manage zfs

21. SMOOTH OPERATION •Get and set variables easily •Simple variable precedence •Ordered, predictable execution •Tagged, resumable execution •ansible doc [foo]

22. SECURITY • Can be centralized and locked down via Ansible Tower • Can be run from a centralized bastion server • Vault encrypts sensitive data • Uses ordinary SSH, paramiko or custom transport plugins • No extra open ports, use your own user account, sudo! • No agents to update or risk vulnerabilities

23. ADVANCED CAPABILITIES • Rolling updates/deployment/orchestration (1, 5, n at a time) • Canary testing (check for page content or response code) • Variable timeouts and parellelism • Ansible-pull to invert execution - nodes check in to a master

24. MORE INFORMATION https://docs.ansible.com https://docs.ansible.com/playbooks_best_practices.html https://galaxy.ansible.com https://github.com/ansible/ansible-examples

25. QUESTIONS? @steveElsewhere http://linkedin.com/in/devopsto

26. THANK YOU! http://devopsdays.org/events/2015-toronto (shameless plug)

A tour of Ansible

More Related Content

What's hot (20)

Similar to A tour of Ansible (20)

Recently uploaded (20)

A tour of Ansible