Ansible introduction - XX Betabeers Galicia

Introduction
CC https://www.flickr.com/photos/din_bcn/2551132104/
@orestesCA Galicia - December 2015

Orestes
Carracedo
Indenpendent Consultant
Full-Stack Developer
Est. 2005
Ansible Barcelona
Betabeers Barcelona
GDG Vigo
@OrestesCA
whoami

Introduction to Ansible

What is Ansible
SCM automation tool
agent-less
simple + powerful

What is Ansible
Versioned Environment Configuration
• Ensures consistency between environments
• Allows easily reproducible conditions
• Quicker disaster recovery

Basics
Managed Node #1
Managed Node #2
Control Machine
Inventory
ssh

$ vagrant init https://github.com/
holms/vagrant-jessie-box/releases/
download/Jessie-v0.1/Debian-jessie-
amd64-netboot.box
…
$ vagrant up
…
$ vagrant ssh-config
HostName 127.0.0.1
User vagrant
Port 2222
…
Managed Node setup
http://vagrantup.com
http://vagrantbox.es

Managed Node security credentials
$ vagrant ssh --command "echo `cat ~/.ssh/id_rsa.pub` >> ~/.ssh/
authorized_keys”
$ ssh vagrant@localhost -p 2222
…
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[localhost]:2222' (RSA) to the list
of known hosts.
…
Last login: Sun Jun 7 01:21:33 2015 from 10.0.2.2
vagrant@Debian-jessie-amd64-netboot:~$ exit

Control Machine setup
http://docs.ansible.com
$ sudo pip install paramiko PyYAML Jinja2 httplib2
$ git clone git://github.com/ansible/ansible.git --recursive
$ cd ./ansible
$ source hacking/env-setup
…
$ ansible
ansible ansible-doc ansible-galaxy ansible-
playbook ansible-pull ansible-vault
$ pip install ansible #*nix
$ brew install ansible #OS X

Inventory setup
$ export ANSIBLE_INVENTORY=~/ansible_hosts
[vagrant]
127.0.0.1:2222 foo=bar
[vagrant:vars]
ansible_ssh_user=vagrant
env=local
http://docs.ansible.com/intro_inventory.html
https://docs.ansible.com/playbooks_variables.html
Precedence: -i file
or $ANSIBLE_INVENTORY
or /etc/ansible/hosts

Ping a.k.a. Hello world
$ ansible vagrant -m ping -vvvv
<127.0.0.1> ESTABLISH CONNECTION FOR USER: vagrant on PORT
2222 TO 127.0.0.1
<127.0.0.1> REMOTE_MODULE ping
…
127.0.0.1 | success >> {
"changed": false,
"ping": "pong"
}
$ ansible all -m ping —vvvv
…

Random
_________________
< GATHERING FACTS >
-----------------
^__^
(oo)_______
(__) )/
||----w |
|| ||
http://docs.ansible.com/faq.html#how-do-i-disable-cowsay
export ANSIBLE_NOCOWS=1

Playbooks
- hosts: vagrant
sudo: True
tasks:
- name: Install ntp
apt: pkg=ntp state=installed
$ ansible-playbook test_playbook.yml
…
GATHERING FACTS
ok: [127.0.0.1]
TASK: [Install ntp]  
changed: [127.0.0.1]
PLAY RECAP
127.0.0.1: ok=2 changed=1 unreachable=0 failed=0
test_playbook.yml

Idempotence
- hosts: vagrant
sudo: True
tasks:
- name: Install ntp
apt: pkg=ntp state=installed
…
GATHERING FACTS
ok: [127.0.0.1]
TASK: [Install ntp] 
ok: [127.0.0.1]
PLAY RECAP
test_playbook.yml

Facts
$ ansible vagrant -m setup
127.0.0.1 | success >> {
"ansible_facts": {
"ansible_all_ipv4_addresses": [
"10.0.2.15"
],
"ansible_all_ipv6_addresses": [
"fe80::a00:27ff:fe6b:d3e"
],
"ansible_architecture": "x86_64",
"ansible_bios_date": "12/01/2006",
"ansible_bios_version": "VirtualBox",
…

Templates, facts and variables
- hosts: vagrant 
sudo: True
tasks:
- name: Write MOTD
template: src=templates/motd dest=/etc/motd
You’re now in the {{ env | upper }} environment at
{{ ansible_hostname }}
{{ ansible_distribution }} {{ansible_distribution_release }}
{{ ansible_distribution_version }}
{{ ansible_system }} {{ ansible_kernel }} {{ ansible_architecture }}
test_playbook.yml
templates/motd
You’re now in the LOCAL environment at Debian-jessie-amd64-
netboot Debian jessie 8.0 Linux 3.16.0-4-amd64 x86_64

Conditionals
- name: Enable LOCAL env prompt indicator
template: src=templates/env/local/.bash_profile
dest=~/.bash_profile
when: env == "local"
test_playbook.yml
export PS1="[$(tput setaf 2)][u@h W]$ [$(tput setaf
7)][$(tput sgr0)]"
templates/.bash_profile
[vagrant@Debian-jessie-amd64-netboot ~]$
https://docs.ansible.com/playbooks_conditionals.html

Notifications and handlers
- hosts: webservers
vars:
http_port: 80
max_clients: 200
remote_user: root
tasks:
- name: ensure apache is at the latest version
yum: pkg=httpd state=latest
- name: write the apache config file
template: src=/srv/httpd.j2 dest=/etc/httpd.conf
notify:
- restart apache
- name: ensure apache is running (and enable it at boot)
service: name=httpd state=started enabled=yes
handlers:
- name: restart apache
service: name=httpd state=restarted

Roles
site.yml
roles/
common/
files/
templates/
tasks/
handlers/
vars/
defaults/
meta/
webserver/
…
files
https://docs.ansible.com/playbooks_roles.html
https://github.com/ansible/ansible-examples
- hosts: webservers
roles:
- common
- webserver
site.yml

First steps in practice
Dependencies
Credentials
Deployment

Install dependencies
…
/bin/sh: 1: /usr/bin/python: not found
…
Missing Python
gather_facts: False
tasks:
- name: Install Python
raw: apt-get install python -y
- name: Gather facts after python install
setup:
- name: Write MOTD
…
test_playbook.yml

Install dependencies
$ ansible-playbook test_playbook.yml --sudo
PLAY [vagrant] 
TASK: [Install Python] 
ok: [127.0.0.1]
TASK: [Gather facts]
ok: [127.0.0.1]
TASK: [Write MOTD] 
changed: [127.0.0.1]
PLAY RECAP
test_playbook.yml

Setup remote access
- name: Setup access
authorized_key: user="{{ ansible_ssh_user }}" key="{{ item }}"
with_file:
- ~/.ssh/id_rsa.pub
- /some/secure/dir/keys/admin.pub
test_playbook.yml
http://docs.ansible.com/authorized_key_module.html
$ ansible-playbook test_playbook.yml --ask-pass
SSH password:
TASK: [Setup access]  
ok: [127.0.0.1] => (item=ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQD… orestes@mjolnir.local)
…

Simple deployment
- name: Clone git repository
git: >
dest=/var/www/awesome-app
repo=https://github.com/initech/awesome-app
update=no
sudo: yes
sudo_user: www-data
register: cloned
- name: Clear cache
…
when: cloned|changed
test_playbook.yml
https://github.com/ansistrano 
http://www.future500.nl/articles/2014/07/thoughts-on-deploying-with-ansible/

Quickstart
lineinﬁle (RegExp)
# Ensure "fav=lemonade is in section "[drinks]" in specified file
- ini_file: dest=/etc/conf section=drinks option=fav
value=lemonade mode=0600 backup=yes
- ini_file: dest=/etc/anotherconf
section=drinks
option=temperature
value=cold
backup=yes
ini_ﬁle (.ini)

Advanced deployment
http://www.ansible.com/application-deployment
http://docs.ansible.com/playbooks_delegation.html
- hosts: webservers
serial: 10

Learning from the community
https://galaxy.ansible.com

Visual inventory management
Push-button deployments
Team workflow
Role-based security
Demo
https://youtu.be/wEB7C3OAnYo
Going enterprise

EOF
___________________
< THAT’S ALL FOLKS! >
-------------------
^__^
(oo)_______
(__) )/
||----w |
|| ||

Feedback welcome
orestes.ca@gmail.com
Thanks!
Galicia

Ansible introduction - XX Betabeers Galicia

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Semelhante a Ansible introduction - XX Betabeers Galicia

Semelhante a Ansible introduction - XX Betabeers Galicia (20)

Último

Último (20)

Ansible introduction - XX Betabeers Galicia