ansible presentation
TRANSCRIPT
Repetitive Jobs [Problem]Building VM templatesISO install and configurationNetwork setupSet up users/group, security, authentication/authorizationSoftware install and configuration
Building out clustersCloning N number of VMs from X number of templatesHostname/network configurationFirewalling
Software deploymentsTurn off monitoring/alertingPull nodes out of Load Balanced GroupRun DB migrationsDeploy application codeRestart web serverPut nodes back in/turn monitoring back on
Server maintenanceSSH in to every server and restart a serviceWrite complex scripts to log in to every server and update openssl
Cluster sshBash scriptsBuilding templates by handYo dawg, I heard you like snapshots of your snapshots2
Solution for Problem is Configuration ToolsPuppetgreat with Windows (as long as theyre not XP)amazing Enterprise support cryptic DSL (imo)Chefeasy to learn if youre a ruby developer!amazing wealth of cookbooksAlmost too verboseSaltStackAnsible
Why Ansible?Agentless!Uses SSH (with one python requirement)Easy-to-read Syntax as YAML filePush-BasedAnsible Scales DownBuilt-in-ModulesFull power at the CLI (open source!)Even more features available in enterprise (Tower)
How Ansible Works ?
Ansible Structure
Inventory: Example[production:children]webserversdbserversproxies
[webservers]foo.example.com http_port=80bar.example.com http_port=8080
[dbservers]db[01:03].example.com
[dbservers:vars]pgsql_bind_nic=eth1
[proxies]192.168.1.1
$ ansible production a echo hello u joe k$ ansible dbservers a service postgresl restart u joe U root k -K
Modulescan be written in any language as long as they output JSONtake parameters and conditions to define desired statehandles processing of system resources, services, packages, files, etc. in idempotent fashionseek to avoid changes to the system unless a change needs to be madeansible comes preloaded with a plethora of modulestons of community pull requests
PlaybooksMore powerful configuration managementKept in source control, developed, validatedDeclare configurations of more complex mutli-system enviornmentsArrange and run tasks synchronously or asynchronously
Playbooks: Example---- hosts: all remote_user: vagrant sudo: true sudo_user: root vars_files: - roles/vars/webserver.encrypt vars: lifecycle: dev roles: - roles/debian - roles/vmware-tools - roles/local-users - roles/sudoers - roles/iptables - roles/clamav - roles/java-jdk-7 - roles/postgres - roles/apache - roles/tomcat-7 - { role: roles/tc-native, when: native== 'true' } - roles/ansible - roles/git - roles/liquibase - roles/cleanup post_tasks: - name: Reboot the Server command: '/sbin/reboot' - name: Wait for Server to come back wait_for: host='{{inventory_hostname}} port='22 sudo: no delegate_to: localhost - name: Wait for Services to start fully wait_for: port='{{item}}' delay='5' timeout='600' with_items: - '8009' #ajp - '8080' #tomcat - '80' #httpd
Tasks: Example
module parameter iterator variable
- name: Apache Tomcat | Install | Grab latest tomcat tarball get_url: url='{{tomcat.base_url}}{{item.sub_url}}{{item.file}}' dest='/tmp/{{item.file}}' with_items: tomcat.files
- name: Apache Tomcat | Install | Extract archive shell: tar -xvzf /tmp/{{item.file}} -C /usr/local creates=/usr/local/{{item.target}} with_items: tomcat.files
- name: Apache Tomcat | Install | Give ownership of install to tomcat user file: path=/usr/local/{{item.target}} state=directory owner={{tomcat.user.name}} group={{tomcat.user.group}} with_items: tomcat.files
- name: Apache Tomcat | Install | Symlink install directory file: src='/usr/local/{{item.target}}' path='/usr/local/tomcat' state='link' with_items: tomcat.files
- name: Apache Tomcat | Configure | Overlay configuration template: src={{item.file}}' dest='{{item.target}}' owner={{tomcat.user.name}} group={{tomcat.user.group}} with_items: tomcat.config_files
structure11
Variables:Simple YAML formatCan create arrays and hashesCan substitute vars into varsVars can be defined at many levels (default, role ,playbook)Can test conditionals on vars and require themCan be filtered and manipulated with jinja2Can be matched to regex!
TemplatesTemplates are interpreted by jinja2stub out filesfill variables in differently depending on conditionsPowerful conditionalsLoops and iteratorsReplace a file completely every time?Yes. We configure for an end state.
HandlersWritten just like a regular taskOnly run if triggered by the notify directiveIndicates a change in the system stateAny module can be used for the handler action
Handler
- name: Restart Tomcat service: name=tomcat state=restarted
Task
- name: Apache Tomcat | Configure | Overlay configuration template: src={{item.file}}' dest='{{item.target}} with_items: tomcat.config_files notify: Restart Tomcat
RolesBreak up configuration into repeatable chunksReduce, reuse, recycleClean, understandable structureStack on top of each otherAnsible Galaxy
Docker and Ansible
Docker Application Life Cycle with AnsibleWrite Ansible playbooks for creating Docker images.Run the playbooks to create Docker images on your local machine.Push Docker images up from your local machine to the registry.Write Ansible playbooks to pull Docker images down to remote hosts and start up Docker containers.Run Ansible playbooks to start containers.
Ansible Tower
is a user friendly web-based Graphical User Interface (GUI) that lowers the entry barrier of using Ansible.
Ansible Tower useful featuresEasy to use GUI with push button executionCentralized job runs, playbook storage, logs...Schedule jobsUse playbooks from the server or from source controlGraphical real time output and log historyLDAP integrationRole based access controlExtensible with a fully documented REST API
Where do I go from here?Stop doing everything by hand!If you find yourself logging in to more than one VM to do the same task...If you have been meaning to get around to patching or updating a bunch of VMs...If you know all of the prompts of the OS installer by heart...If scp and vi are your favorite tools...If you dread the next release of your applicationIf you wince every time your phone rings
Phillip fry20
Use AnsibleGet more sleepRequire less coffee