ansible101

今日から始める Ansible

~ Ansible 101 ~

Hideki SaitoSoftware Maintenance Engineer/Red Hat K.K.

INSERT DESIGNATOR, IF NEEDED2

Who am I• さいとうひでき <@saito_hideki>

• レッドハット株式会社• ソフトウェアメンテナンスエンジニア• Ansible Tower サポートチーム• Ansible ユーザグループ管理人


Agenda• IT Automation• Ansible Core introduction• DEMO'S

• Let's play with Ansible• Getting Started• Ad-Hoc command• Playbook


Motivation and PropositionAutomate routine work to operate IT system.

• Let's start with where we can automate easily.• Let's start automation using script language that

anyone can easily understand.

● Education and training for programming take a lot of time.● The IT system includes various kinds of hardware / software.


AUTOMATION FOR EVERYONE• Ansible is an IT automation tool• Goals are simplicity and ease-of-use• Managing target via SSH transportation• Management steps is written by YAML• New release is provided approximately

every 2 months (Current 2.3.2)• https://github.com/ansible/ansible


Introduce following components of Ansible Core:

Ansible CoreAnsible Core is command-line IT automation Tool and libraries

1. Command Line Tools

2. Playbooks

3. Inventory

4. Modules

5. Plugins


COMMAND LINE TOOLSAnsible Core contains some command line tools. Following 2 commands are able to control your target hosts.

[Usage] ansible %Target% -i %Inventory% -m %Module%$ ansible www -i inventory -m ping

[Usage] ansible %Target% -i %Inventory% -a %Ad-Hoc Command%$ ansible www -i inventory -a “/sbin/reboot”

[Usage] ansible %Target% -i %Inventory% -m %Module%$ ansible www -i inventory -m ping

[Usage] ansible %Target% -i %Inventory% -a %Ad-Hoc Command%$ ansible www -i inventory -a “/sbin/reboot”

[Usage] ansible-playbook -i %Inventory% %Playbook%$ ansible-playbook -i inventory playbook.yml[Usage] ansible-playbook -i %Inventory% %Playbook%$ ansible-playbook -i inventory playbook.yml

1. ansible command

2. ansible-playbook command


COMMAND MECHANISM

Target Hostmodule

Inventory

ExecutablePython Code

ExecutablePython CodeExecutable

Python Code

ansible

(1)

(2)

(3)

(4)

(5)

(1) Lookup Target Host(2) Read Module(3) Generate executable code from Module(4) Copy Executable python code to via SCP(5) Execute python code on Target Host


PLAYBOOKSPlaybooks are Ansible’s configuration, deployment, and orchestration language. You can write Playbooks easily by YAML.

01: ---02: - hosts: www03: vars:04: new_name: ansible-host105: tasks:06: - name: get hostname07: shell: hostname08: register: result09: - name: set hostname10: hostname:11: name: "{{ new_name }}"12: notify: show hostname13: handlers:14: - name: show hostname15: debug:16: msg: "before={{ result.stdout }} after={{ new_name }}"


INVENTORY (STATIC)Ansible is able to working against multiple system at the same time.

You can select portions of systems listed in the inventory at running time.

01: [localhost]02: 127.0.0.103:04: [staging]05: 192.168.0.106: 192.168.0.207:08: [production]09: www1.example.com10: www2.example.com11:12: [vars:local]13: ansible_connection=local

01: [localhost]02: 127.0.0.103:04: [staging]05: 192.168.0.106: 192.168.0.207:08: [production]09: www1.example.com10: www2.example.com11:12: [vars:local]13: ansible_connection=local


INVENTORY (DYNAMIC)Ansible easily supports all of these options via an external inventory system.

For example: OpenStack, AWS, GCE or something like that.

You can look these dynamic inventories at https://goo.gl/knXn3c

ansible

ExecutableInventory Code

JSON formattedInventory Infovia STDOUT

IaaS

(1)(2)

(3)

(4)

(1) Execute Dynamic Inventory(2) Collect Target information(3) Output Inventory to STDOUT(4) Read Inventory Information

https://goo.gl/knXn3c


MODULES (1)Ansible has a lot of modules that can be executed directly on remote hosts or through Playbooks. You can see module index at https://goo.gl/yCGC4U

Group Target

Cloud AWS, GCE, Azure, OpenStack etc...

Clustering

Commands

Crypto

Database

Group Target

CloudAWS, GCE, Azure, OpenStack etc...

Clustering K8S, Pacemaker etc...

Commands command, shell, expect etc...

Crypto openssl

Database MySQL, PostgreSQL, MSSQL etc ...

Group Target

Cloud AWS, GCE, Azure, OpenStack etc...

Clustering

Commands

Crypto

Database

Group Target

Filefile, template, stat,

unarchive etc...

Identity FreeIPA, OpenDJ

Inventory Add group and host to inventory

Messaging RabbitMQ

Monitoring datadog, logstash, nagios etc...

https://goo.gl/yCGC4U


MODULES (2)Group Target

Net Tools haproxy, nmcli, ldap, get_url etc...

Network Bigswitch, Cumulus, Eos, IOS. Junos etc ...

Notification hipcat, irc, slack etc...

Packaging rpm, yum, npm, apt etc...

Remote management HP iLO, IPMI etc...

Source control git, github, gitlab, hg, subversion etc ...

Group Target

Storage NetApp, zfs etc...

Systemuser, group, service,

puppet :) etc...

Utilities Helper, Logic

Web infrastructure apache, nginx, tower etc...

Windows IIS, acl, package etc...


PLUGINSPlugins are pieces of code that augment Ansible’s core functionality.

You can easily write your own. Please see: https://goo.gl/ZQ9hvb

For example: connection plugin~ https://goo.gl/rLha4L ~

https://goo.gl/ZQ9hvb

https://goo.gl/rLha4L


DEMO’S

• Let’s play with Ansible Core• Getting Started• Ad-Hoc command• Playbook


Getting started (1)You can install Ansible Core easily.

$ sudo yum install epel-release$ git clone https://github.com/ansible/ansible.git$ cd ansible$ git checkout -b v2.3.1.0-1 v2.3.1.0-1$ make rpm$ sudo yum install rpm-build/ansible-2.3.1.0-100.XXX.el7.centos.noarch.rpm$ ansible --versionansible 2.3.1.0

$ sudo yum install epel-release$ git clone https://github.com/ansible/ansible.git$ cd ansible$ git checkout -b v2.3.1.0-1 v2.3.1.0-1$ make rpm$ sudo yum install rpm-build/ansible-2.3.1.0-100.XXX.el7.centos.noarch.rpm$ ansible --versionansible 2.3.1.0

Checkout source code from github and make RPM!:

https://github.com/ansible/ansible.git

https://github.com/ansible/ansible.git


Getting started (2)Writing inventory file.

01: [linux]02: 192.168.100.100 ansible_user=ec2-user03: 192.168.100.101 ansible_user=ec2-user04: 192.168.100.102 ansible_user=ec2-user05: 06: [win]07: WIN-PC1.example.com08: WIN-PC2.example.com09: WIN-PC3.example.com10: 11: [win:vars]12: ansible_port=598613: ansible_connection=winrm14: ansible_winrm_server_cert_validation=ignore15: ansible_winrm_transport=kerberos16: ansible_winrm_kerberos_delegation=true

01: [linux]02: 192.168.100.100 ansible_user=ec2-user03: 192.168.100.101 ansible_user=ec2-user04: 192.168.100.102 ansible_user=ec2-user05: 06: [win]07: WIN-PC1.example.com08: WIN-PC2.example.com09: WIN-PC3.example.com10: 11: [win:vars]12: ansible_port=598613: ansible_connection=winrm14: ansible_winrm_server_cert_validation=ignore15: ansible_winrm_transport=kerberos16: ansible_winrm_kerberos_delegation=true


Getting started (3)Using dynamic inventory program.

$ ./ec2.py –-list$ ./ec2.py --host 192.168.100.100$ ansible <target> -i ec2.py -m ping

$ ./ec2.py –-list$ ./ec2.py --host 192.168.100.100$ ansible <target> -i ec2.py -m ping


Testing connectivity by AnsibleAnsible manages Linux/Unix machines using SSH by default.

For the Windows, “winrm” Python module to talk to remote hosts.

# Check host list$ ansible linux -i hosts –list-hosts$ ansible win -i hosts –list-hosts

# Check connectivity$ ansible linux -i hosts -m ping$ ansible win -i hosts -m win_ping

# Check host list$ ansible linux -i hosts –list-hosts$ ansible win -i hosts –list-hosts

# Check connectivity$ ansible linux -i hosts -m ping$ ansible win -i hosts -m win_ping

You can use ping and win_ping module for testing connectiviry.


Ad-Hoc commandAnsible Core supports execute command like parallel ssh.

$ ansible linux -i hosts -a "uname -a"SSH password: 10.0.0.14 | SUCCESS | rc=0 >>Linux target00 3.10.0-123.el7.x86_64 #1 SMP Mon Jun 30 12:09:22 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

10.0.0.15 | SUCCESS | rc=0 >>Linux target01 3.10.0-123.el7.x86_64 #1 SMP Mon Jun 30 12:09:22 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

$ ansible linux -i hosts -a "uname -a"SSH password: 10.0.0.14 | SUCCESS | rc=0 >>Linux target00 3.10.0-123.el7.x86_64 #1 SMP Mon Jun 30 12:09:22 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

10.0.0.15 | SUCCESS | rc=0 >>Linux target01 3.10.0-123.el7.x86_64 #1 SMP Mon Jun 30 12:09:22 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

Execute command on target nodes via ssh:


Playbook (1)Describe workflow in YAML format

$ ansible-playbook -i hosts playbook.yml

$ ansible-playbook -i hosts -u <USER> -k -K playbook.yml

$ ansible-playbook -i hosts playbook.yml

$ ansible-playbook -i hosts -u <USER> -k -K playbook.yml

Playbook can execute by ansible-playbook command:


Playbook (2)For example: Install packages by playbook

01: ---02: - hosts: linux03:04: vars:05: packages:06: - net-tools07: - mlocate08: - wget09: 10: tasks:11: - name: install packages12: yum:13: name: "{{ item }}"14: state: present15: update_cache: yes16: with_items: "{{ packages }}"17: become: true

01: ---02: - hosts: linux03:04: vars:05: packages:06: - net-tools07: - mlocate08: - wget09: 10: tasks:11: - name: install packages12: yum:13: name: "{{ item }}"14: state: present15: update_cache: yes16: with_items: "{{ packages }}"17: become: true


Playbook (3)An operation is idempotent if the result of performing it once is exactly the same as the result of performing it repeatedly without any intervening actions.

# Try to launch playbook - 1st time (state: changed)$ ansible-playbook -i hosts install_packages.yml…TASK [install packages] **********************************************************************changed: [172.31.3.136] => (item=[u'net-tools', u'mlocate', u'wget'])...

# Try to launch playbook - 2nd time (state: ok)$ ansible-playbook -i hosts install_packages.yml…TASK [install packages] **********************************************************************ok: [172.31.5.233] => (item=[u'net-tools', u'mlocate', u'wget'])

# Try to launch playbook - 1st time (state: changed)$ ansible-playbook -i hosts install_packages.yml…TASK [install packages] **********************************************************************changed: [172.31.3.136] => (item=[u'net-tools', u'mlocate', u'wget'])...

# Try to launch playbook - 2nd time (state: ok)$ ansible-playbook -i hosts install_packages.yml…TASK [install packages] **********************************************************************ok: [172.31.5.233] => (item=[u'net-tools', u'mlocate', u'wget'])


Playbook (4)Copy file to target host using by template module

01: ---02: - hosts: linux03: 04: vars:05: target: /tmp/hello.txt06: who: Hideki07: 08: tasks:09: - name: remote "{{ target }}"10: file: path="{{ target }}" state=absent11: - name: copy file using by template12: template: src=hello.txt.j2 dest="{{ target }}"13: - name: cat "{{ target }}"14: shell: cat "{{ target }}"15: register: result16: - debug: var=result verbosity=1

01: ---02: - hosts: linux03: 04: vars:05: target: /tmp/hello.txt06: who: Hideki07: 08: tasks:09: - name: remote "{{ target }}"10: file: path="{{ target }}" state=absent11: - name: copy file using by template12: template: src=hello.txt.j2 dest="{{ target }}"13: - name: cat "{{ target }}"14: shell: cat "{{ target }}"15: register: result16: - debug: var=result verbosity=1


Playbook (5)Copy file to target host using by template module.

You can replace keywords in the file by jinja2 format values.

01: # Test for template module02: 03: Hello, {{ who }}04: 05: # EOF

01: # Test for template module02: 03: Hello, {{ who }}04: 05: # EOF


Playbook (6)Windows Support

1. Install krb packages and related python modules

2. Configure /etc/krb5.conf

3. kinit user@DOMAIN

- http://docs.ansible.com/ansible/latest/intro_windows.html

$ yum -y install python-devel krb5-devel krb5-libs krb5-workstation$ pip install ntlm-auth==1.0.2$ pip install pywinrm[kerberos]$ pip install requests-kerberos$ pip install pykerberos$ sudo vi /etc/krb5.conf$ kinit [email protected]

$ yum -y install python-devel krb5-devel krb5-libs krb5-workstation$ pip install ntlm-auth==1.0.2$ pip install pywinrm[kerberos]$ pip install requests-kerberos$ pip install pykerberos$ sudo vi /etc/krb5.conf$ kinit [email protected]

http://docs.ansible.com/ansible/latest/intro_windows.html



01: ---02: - hosts: win03: 04: tasks:05: - name: ipconfig /all06: win_command: ipconfig /all07: register: result08: 09: - debug:10: var: result11: verbosity: 1

01: ---02: - hosts: win03: 04: tasks:05: - name: ipconfig /all06: win_command: ipconfig /all07: register: result08: 09: - debug:10: var: result11: verbosity: 1



01: ---02: - hosts: win201203: 04: vars:05: updates:06: - CriticalUpdates07: - SecurityUpdates08: 09: tasks:10: - name: check windows update11: win_updates:12: category_names: "{{ item }}"13: state: searched14: register: result15: with_items: "{{ updates }}"16: 17: - debug:18: var: result19: verbosity: 1

01: ---02: - hosts: win201203: 04: vars:05: updates:06: - CriticalUpdates07: - SecurityUpdates08: 09: tasks:10: - name: check windows update11: win_updates:12: category_names: "{{ item }}"13: state: searched14: register: result15: with_items: "{{ updates }}"16: 17: - debug:18: var: result19: verbosity: 1


Modules documentYou will see the documentation for modules by ansible-doc command

$ ansible-doc --helpUsage: ansible-doc [options] [module...]

Options: -a, --all Show documentation for all modules -h, --help show this help message and exit -l, --list List available modules -M MODULE_PATH, --module-path=MODULE_PATH specify path(s) to module library (default=None) -s, --snippet Show playbook snippet for specified module(s) -v, --verbose verbose mode (-vvv for more, -vvvv to enable connection debugging) --version show program's version number and exit

$ ansible-doc --helpUsage: ansible-doc [options] [module...]

Options: -a, --all Show documentation for all modules -h, --help show this help message and exit -l, --list List available modules -M MODULE_PATH, --module-path=MODULE_PATH specify path(s) to module library (default=None) -s, --snippet Show playbook snippet for specified module(s) -v, --verbose verbose mode (-vvv for more, -vvvv to enable connection debugging) --version show program's version number and exit


If you want to proceed to the next step,

I believe Ansible Core and Tower will help you.

THANK YOU

plus.google.com/+RedHat

linkedin.com/company/red-hat

youtube.com/user/RedHatVideos

facebook.com/redhatinc

twitter.com/RedHatNews

ansible101

Technology