Ansible introduction - XX Betabeers Galicia

Introduction

CC https://www.flickr.com/photos/din_bcn/2551132104/

@orestesCA Galicia - December 2015

https://www.flickr.com/photos/din_bcn/2551132104/

Orestes Carracedo

Indenpendent Consultant

Full-Stack Developer Est. 2005

Ansible Barcelona Betabeers Barcelona

GDG Vigo

@OrestesCA

whoami


Introduction to Ansible


What is Ansible

SCM automation tool agent-less

simple + powerful


What is Ansible

Versioned Environment Configuration • Ensures consistency between environments • Allows easily reproducible conditions • Quicker disaster recovery


Basics

Managed Node #1 Managed Node #2Control Machine

Inventory

ssh


$ vagrant init https://github.com/holms/vagrant-jessie-box/releases/download/Jessie-v0.1/Debian-jessie-amd64-netboot.box … $ vagrant up … $ vagrant ssh-config HostName 127.0.0.1 User vagrant Port 2222 …

Managed Node setup

http://vagrantup.com http://vagrantbox.es


http://vagrantup.com

http://vagrantbox.es

Managed Node security credentials

$ vagrant ssh --command "echo `cat ~/.ssh/id_rsa.pub` >> ~/.ssh/authorized_keys” $ ssh vagrant@localhost -p 2222 … Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[localhost]:2222' (RSA) to the list of known hosts. … Last login: Sun Jun 7 01:21:33 2015 from 10.0.2.2 vagrant@Debian-jessie-amd64-netboot:~$ exit


Control Machine setup

http://docs.ansible.com

$ sudo pip install paramiko PyYAML Jinja2 httplib2 $ git clone git://github.com/ansible/ansible.git --recursive $ cd ./ansible $ source hacking/env-setup … $ ansible ansible ansible-doc ansible-galaxy ansible-playbook ansible-pull ansible-vault


$ pip install ansible #*nix $ brew install ansible #OS X

http://docs.ansible.com

Inventory setup

$ export ANSIBLE_INVENTORY=~/ansible_hosts

[vagrant] 127.0.0.1:2222 foo=bar

[vagrant:vars] ansible_ssh_user=vagrant env=local

http://docs.ansible.com/intro_inventory.html https://docs.ansible.com/playbooks_variables.html

Precedence: -i file or $ANSIBLE_INVENTORY or /etc/ansible/hosts


http://docs.ansible.com/intro_inventory.html

https://docs.ansible.com/playbooks_variables.html

Ping a.k.a. Hello world

$ ansible vagrant -m ping -vvvv <127.0.0.1> ESTABLISH CONNECTION FOR USER: vagrant on PORT 2222 TO 127.0.0.1 <127.0.0.1> REMOTE_MODULE ping … 127.0.0.1 | success >> { "changed": false, "ping": "pong" } $ ansible all -m ping —vvvv …


Random

_________________ < GATHERING FACTS > ----------------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || ||

http://docs.ansible.com/faq.html#how-do-i-disable-cowsay

export ANSIBLE_NOCOWS=1


http://docs.ansible.com/faq.html#how-do-i-disable-cowsay

Playbooks

- hosts: vagrant sudo: True tasks: - name: Install ntp apt: pkg=ntp state=installed

$ ansible-playbook test_playbook.yml … GATHERING FACTS ok: [127.0.0.1] TASK: [Install ntp] changed: [127.0.0.1] PLAY RECAP 127.0.0.1: ok=2 changed=1 unreachable=0 failed=0

test_playbook.yml


Idempotence

- hosts: vagrant sudo: True tasks: - name: Install ntp apt: pkg=ntp state=installed

$ ansible-playbook test_playbook.yml … GATHERING FACTS ok: [127.0.0.1] TASK: [Install ntp] ok: [127.0.0.1] PLAY RECAP 127.0.0.1: ok=2 changed=0 unreachable=0 failed=0

test_playbook.yml


Facts

$ ansible vagrant -m setup 127.0.0.1 | success >> { "ansible_facts": { "ansible_all_ipv4_addresses": [ "10.0.2.15" ], "ansible_all_ipv6_addresses": [ "fe80::a00:27ff:fe6b:d3e" ], "ansible_architecture": "x86_64", "ansible_bios_date": "12/01/2006", "ansible_bios_version": "VirtualBox", …


Templates, facts and variables

- hosts: vagrant sudo: True

tasks: - name: Write MOTD template: src=templates/motd dest=/etc/motd

You’re now in the {{ env | upper }} environment at {{ ansible_hostname }} {{ ansible_distribution }} {{ansible_distribution_release }} {{ ansible_distribution_version }} {{ ansible_system }} {{ ansible_kernel }} {{ ansible_architecture }}

test_playbook.yml

templates/motd

You’re now in the LOCAL environment at Debian-jessie-amd64-netboot Debian jessie 8.0 Linux 3.16.0-4-amd64 x86_64


Conditionals

- name: Enable LOCAL env prompt indicator template: src=templates/env/local/.bash_profile dest=~/.bash_profile when: env == "local"

test_playbook.yml

export PS1="\[$(tput setaf 2)\][\u@\h \W]\\$ \[$(tput setaf 7)\]\[$(tput sgr0)\]"

templates/.bash_profile

[vagrant@Debian-jessie-amd64-netboot ~]$

https://docs.ansible.com/playbooks_conditionals.html


https://docs.ansible.com/playbooks_conditionals.html

Notifications and handlers

- hosts: webservers vars: http_port: 80 max_clients: 200 remote_user: root tasks: - name: ensure apache is at the latest version yum: pkg=httpd state=latest - name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf notify: - restart apache - name: ensure apache is running (and enable it at boot) service: name=httpd state=started enabled=yes handlers: - name: restart apache service: name=httpd state=restarted


Roles

site.yml roles/ common/ files/ templates/ tasks/ handlers/ vars/ defaults/ meta/ webserver/ …

files

https://docs.ansible.com/playbooks_roles.html https://github.com/ansible/ansible-examples

- hosts: webservers roles: - common - webserver

site.yml


https://docs.ansible.com/playbooks_roles.html

https://github.com/ansible/ansible-examples

First steps in practice

Dependencies Credentials Deployment


Install dependencies

$ ansible-playbook test_playbook.yml … /bin/sh: 1: /usr/bin/python: not found …

Missing Python

gather_facts: False tasks: - name: Install Python raw: apt-get install python -y - name: Gather facts after python install setup: - name: Write MOTD …

test_playbook.yml


Install dependencies

$ ansible-playbook test_playbook.yml --sudo PLAY [vagrant] TASK: [Install Python] ok: [127.0.0.1] TASK: [Gather facts] ok: [127.0.0.1] TASK: [Write MOTD] changed: [127.0.0.1] PLAY RECAP 127.0.0.1: ok=3 changed=1 unreachable=0 failed=0

test_playbook.yml


Setup remote access

- name: Setup access authorized_key: user="{{ ansible_ssh_user }}" key="{{ item }}" with_file: - ~/.ssh/id_rsa.pub - /some/secure/dir/keys/admin.pub

test_playbook.yml

http://docs.ansible.com/authorized_key_module.html

$ ansible-playbook test_playbook.yml --ask-pass SSH password: TASK: [Setup access] ok: [127.0.0.1] => (item=ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD… [email protected]) …


http://docs.ansible.com/authorized_key_module.html

mailto:[email protected]

Simple deployment

- name: Clone git repository git: > dest=/var/www/awesome-app repo=https://github.com/initech/awesome-app update=no sudo: yes sudo_user: www-data register: cloned

- name: Clear cache … when: cloned|changed

test_playbook.yml

https://github.com/ansistranohttp://www.future500.nl/articles/2014/07/thoughts-on-deploying-with-ansible/


https://github.com/ansistrano

http://www.future500.nl/articles/2014/07/thoughts-on-deploying-with-ansible/

Quickstart


lineinfile (RegExp)

# Ensure "fav=lemonade is in section "[drinks]" in specified file - ini_file: dest=/etc/conf section=drinks option=fav value=lemonade mode=0600 backup=yes

- ini_file: dest=/etc/anotherconf section=drinks option=temperature value=cold backup=yes

ini_file (.ini)

Advanced deployment

http://www.ansible.com/application-deployment http://docs.ansible.com/playbooks_delegation.html

- hosts: webservers serial: 10


http://www.ansible.com/application-deployment

http://docs.ansible.com/playbooks_delegation.html

Learning from the community

https://galaxy.ansible.com


https://galaxy.ansible.com

Visual inventory management Push-button deployments

Team workflow Role-based security

Demo https://youtu.be/wEB7C3OAnYo

Going enterprise


https://youtu.be/wEB7C3OAnYo

EOF

___________________ < THAT’S ALL FOLKS! > ------------------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || ||


Feedback welcome [email protected]

Thanks!

Galicia


mailto:[email protected]

Ansible introduction - XX Betabeers Galicia

Technology

Transcript of Ansible introduction - XX Betabeers Galicia