View
404
Download
0
Category
Preview:
Citation preview
SOFTWARE CRAFTSMANSHIP TOLEDO
A “crowd” introduction
SOFTWARE CRAFTSMANSHIP TOLEDO
Software Craftsmanship Toledo• Pasión por la ingeniería software y el desarrollo de
software en la comunidad de Castilla-La Mancha. • Clara vocación por aprender, fomentar y compartir las
metodologías ágiles en la región.• Grupo totalmente abierto: http://www.meetup.com/es/
Software-Craftsmanship-Toledo-ES• Miembros profesionales y/o apasionados del desarrollo
software.• Tenemos un canal de Slack… Apúntante!
SOFTWARE CRAFTSMANSHIP TOLEDO
Meet me• Manuel de la Peña
• @mdelapenya
• Support > Engineering > Testing > IT … at Liferay, Inc.
• DEVOPS?
Meet the team
Meet our server room
OK, THIS server room
SOFTWARE CRAFTSMANSHIP TOLEDO
This was my first day at work…
moss@itcrowd1:~$ ssh root@server1password:root@server1:~$ apt-get updateroot@server1:~$ apt-get install apache2root@server1:~$ apt-get install htoproot@server1:~$ vi /etc/fstabroot@server1:~$ mount /mnt/devopsroot@server1:~$ exitmoss@itcrowd1:~$
server2, server3, server4, server5 … server30buzz, scar, ariel, mickey, mulan … goofieares, odin, hera, atenea, loki … melkart
logan, natasha, clark, peter, bruceW … bruceB
And all these following servers too:
WTF
Every task,every day.
SOFTWARE CRAFTSMANSHIP TOLEDO
Why don’t you automate THIS?
Why don’t you automate THIS?
Automateserver
management???
SOFTWARE CRAFTSMANSHIP TOLEDO
AUTOMATION FOR EVERYONEDeploy apps. Manage systems. Crush complexity.
Ansible helps you build a strong foundation for DevOps.
SOFTWARE CRAFTSMANSHIP TOLEDO
How it works• It uses a very simple language (YAML, in the form
of Ansible Playbooks)
• Plain English!
• By default manages machines over the SSH protocol.
• It uses no agents and no additional custom security infrastructure.
SOFTWARE CRAFTSMANSHIP TOLEDO
SSH Keys
• SSH keys with ssh-agent are recommended.
• Root logins are not required, you can login as any user, and then su or sudo to any user.
SOFTWARE CRAFTSMANSHIP TOLEDO
Installation
• No database, and no running daemons!
• Install it on only one machine (a laptop?) as central point.
• It does not leave software installed or running on remote machines —> upgrades super easy :D
SOFTWARE CRAFTSMANSHIP TOLEDO
Control Machine
• “Any” machine with Python 2.6 or 2.7 installed.
• This includes Red Hat, Debian, CentOS, OS X, any of the BSDs, and so on.
• Windows isn’t supported for the control machine.
SOFTWARE CRAFTSMANSHIP TOLEDO
Managed Nodes
• You need a way to communicate, normally ssh.
• SSH uses sftp. If not available, switch to scp.
• Python 2.4 or later. (If Python < 2.5 also need python-simplejson)
SOFTWARE CRAFTSMANSHIP TOLEDO
Remote connection• Native OpenSSH for remote communication when
possible.
• If OpenSSH is too old in control machine (Enterprise Linux 6 OS)—> Fallback to Paramiko: a Python implementation.
• SSH keys are encouraged but password authentication can also be used (--ask-pass).
SOFTWARE CRAFTSMANSHIP TOLEDO
sudo
Ansible Inventory
SOFTWARE CRAFTSMANSHIP TOLEDO
Inventory
• What machines/hosts you are managing using a very simple INI file.
• Managed machines/hosts in groups of your own choosing.
• Define variables by scope.
Groups
SOFTWARE CRAFTSMANSHIP TOLEDO
Inventory variables
• Host variables
• Group variables
• Advanced variables
SOFTWARE CRAFTSMANSHIP TOLEDO
Inventory: Host vars
SOFTWARE CRAFTSMANSHIP TOLEDO
Inventory: Group vars
SOFTWARE CRAFTSMANSHIP TOLEDO
Inventory: Advanced vars
Affects to groups
Specific group of servers
Arbitrary criterium
SOFTWARE CRAFTSMANSHIP TOLEDO
Host matching: Patterns
• all
• *
• 192.168.1.*, *.example.com
• OR —> webservers:dbservers
• AND —> webservers:&staging
SOFTWARE CRAFTSMANSHIP TOLEDO
Host matching: Patterns
• Exclusions —> webservers:!phoenix
• Combinations —> webservers:dbservers:&staging:!phoenix
• Host selection —> webservers[0], webservers[0:1], webservers[1:]
• Regexp —> ~(web|db).*\example\.com
SOFTWARE CRAFTSMANSHIP TOLEDO
Host matching: Limit
SOFTWARE CRAFTSMANSHIP TOLEDO
Ansible Modules
SOFTWARE CRAFTSMANSHIP TOLEDO
Ansible modules
• copy
• file
• yum
• user
• service
• git
• apache
• apt
• azure
• bower
• cron
• mysql_db
• npm
• puppet
• django
• ec2And many more!
SOFTWARE CRAFTSMANSHIP TOLEDO
Modules
SOFTWARE CRAFTSMANSHIP TOLEDO
git module
SOFTWARE CRAFTSMANSHIP TOLEDO
Ad-hoc commands
Fork 10 parallel threads
SOFTWARE CRAFTSMANSHIP TOLEDO
Ansible Variables
SOFTWARE CRAFTSMANSHIP TOLEDO
Variables• Should be letters, numbers, and
underscores.
• Variables should always start with a letter.
• YAML also supports dictionaries which map keys to values.
• There are reserved Python-related keywords.
SOFTWARE CRAFTSMANSHIP TOLEDO
Variables
• Defined in Inventory.
• Defined in Playbooks.
• Defined in includes.
• Defined in Roles.
SOFTWARE CRAFTSMANSHIP TOLEDO
Variables: Jinja2
• Jinja2 —> Template system
• How to use a variable? —> {{ variable_name }}
• Safer —> “{{ variable_name }}”
SOFTWARE CRAFTSMANSHIP TOLEDO
Variables: register• Run a command and save its result into a
variable.
SOFTWARE CRAFTSMANSHIP TOLEDO
Variables: external
• Private information?? Hide them in variables!
• In a task list —>
vars_files: /opt/private/my_vars.yml
SOFTWARE CRAFTSMANSHIP TOLEDO
Variables: command• Directly pass variables to command line:
• --extra-vars “version=1.3 my_var=foo”
• --extra-vars ‘{"pacman":"mrs","ghosts":["inky","pinky","clyde","sue"]}'
• --extra-vars "@some_file.json"
SOFTWARE CRAFTSMANSHIP TOLEDO
Variables: precedence• role defaults < inventory vars < inventory
group_vars < inventory host_vars < playbook group_vars < playbook host_vars < host facts < registered vars < set_facts < play vars < play vars_prompt < play vars_files < role and include vars < block vars (only for tasks in block) < task vars (only for the task) < extra vars
SOFTWARE CRAFTSMANSHIP TOLEDO
Ansible Playbooks
SOFTWARE CRAFTSMANSHIP TOLEDO
Playbooks• Orchestrate steps/tasks of any
manual ordered process.
• Executed a/synchronously.
• YAML format.
• Minimum syntax —> not a language but a model.
SOFTWARE CRAFTSMANSHIP TOLEDO
Playbooks: Tasks
• Should have a name: included in output and readable by humans.
• Accept variables:
template: src=somefile.j2 dest=/etc/httpd/conf.d/{{ vhost }}
SOFTWARE CRAFTSMANSHIP TOLEDO
Playbooks: Tasks lists• Each play contains a list of tasks.
• Tasks are executed in order, one at a time, against all machines matched by the host pattern.
• Important! Same task directives to all hosts.
• Tasks goal? execute a module, with arguments.
• Modules are idempotent.
SOFTWARE CRAFTSMANSHIP TOLEDO
Playbooks:Hosts&Users• For each play, choose machines to
target and remote user to complete the steps/tasks as.
• Define remote users per task.
• Use sudo on a particular task instead of the whole play.
SOFTWARE CRAFTSMANSHIP TOLEDO
Playbooks: Handlers• Playbooks respond to change.
• Can notify at the end of each block of tasks.
• Triggered only once, even if notified by multiple tasks.
• Best used to restart services and trigger reboots.
SOFTWARE CRAFTSMANSHIP TOLEDO
ansible-playbook playbook.yml
SOFTWARE CRAFTSMANSHIP TOLEDO
Ansible Roles
SOFTWARE CRAFTSMANSHIP TOLEDO
Roles• Reuse playbooks.
• Combine files to form clean, reusable abstractions.
• Grouping allows easy sharing of roles with other users.
• include directive —> Include files.
SOFTWARE CRAFTSMANSHIP TOLEDO
Roles: structure
• Automatically loads certain vars_files, tasks, and handlers based on a known file structure.
• Where is the magic? Improvements to search paths for referenced files.
SOFTWARE CRAFTSMANSHIP TOLEDO
‘common’ role structure
‘webservers’ role structure
SOFTWARE CRAFTSMANSHIP TOLEDO
Roles: main.yml• roles/x/tasks/main.yml —> Add tasks to the
play.
• roles/x/handlers/main.yml —> Add handlers to the play.
• roles/x/vars/main.yml —> Add variables to the play.
• roles/x/meta/main.yml —>, Add roles as dependency (1.3 and later).
SOFTWARE CRAFTSMANSHIP TOLEDO
Roles: paths
• Any copy, script, template or include tasks (in the role) can reference files in roles/x/{files,templates,tasks}/ without having to path them relatively or absolutely
SOFTWARE CRAFTSMANSHIP TOLEDO
Roles:parameters
SOFTWARE CRAFTSMANSHIP TOLEDO
Roles:defaults• Add a defaults/main.yml file in your role
directory.
• Set default variables for included or dependent roles.
• Lowest priority of any variables available, so they are easily overridden, including inventory variables!
SOFTWARE CRAFTSMANSHIP TOLEDO
Roles:dependencies• A list of roles and parameters to
insert and execute before the specified role.
• Automatically pull in other roles.
• meta/main.yml within the role.
• Executed recursively.
SOFTWARE CRAFTSMANSHIP TOLEDO
Roles:dependencies
SOFTWARE CRAFTSMANSHIP TOLEDO
https://galaxy.ansible.com
Where can I findready to use Roles?
Ansible Galaxy
SOFTWARE CRAFTSMANSHIP TOLEDO
https://github.com/ansible/ansible-examples/tree/master/lamp_haproxy
Ansible Real Example (1)
SOFTWARE CRAFTSMANSHIP TOLEDO
Ansible Real Example (2):LELK
SOFTWARE CRAFTSMANSHIP TOLEDO
LELK
• Liferay Portal
• Elasticsearch
• Logstash
• Kibana
• generate
• index
• process
• display
SOFTWARE CRAFTSMANSHIP TOLEDO
Liferay + Tomcat Liferay + Tomcat
Liferay + Tomcat Liferay + Tomcat
LELK
SOFTWARE CRAFTSMANSHIP TOLEDO
SOFTWARE CRAFTSMANSHIP TOLEDO
LELK: Roles
• Server —> ElasticSearch + Logstash + Kibana
• Clients -> Liferay Deployment
SOFTWARE CRAFTSMANSHIP TOLEDO
Role: liferay-deployment• Ansible Role: liferay-users (add liferay
user with UID=1000)
• Ansible Role: liferay-os-tools (vim, htop, curl, rsync, tree, zip)
• Ansible Role: liferay-dev-tools (java)
• Ansible Role: liferay-logstash-forwarder
SOFTWARE CRAFTSMANSHIP TOLEDO
Role: logstash-forwarder
• Copy SSL certificate
• Copy init.d startup
• Copy logstash-forwarder configuration
logstash-forwarder.conf.j2
SOFTWARE CRAFTSMANSHIP TOLEDO
Role: logstash-forwarder
SOFTWARE CRAFTSMANSHIP TOLEDO
Role: elastic-search-server
• Install Logstash
• Install ElasticSearch
• Install Kibana
• Install Nginx
SOFTWARE CRAFTSMANSHIP TOLEDO
Role: elastic-search-serverlogstash-input.conf.j2
logstash-output.conf.j2
SOFTWARE CRAFTSMANSHIP TOLEDO
LELK Next??
• Applied logstash-forwarder role to more machines, setting log_paths and tags variable to the desired file.
• Add more client types —> Apache Server, Firewall
SOFTWARE CRAFTSMANSHIP TOLEDO
With tests!!!
SOFTWARE CRAFTSMANSHIP TOLEDO
SOFTWARE CRAFTSMANSHIP TOLEDO
Recap• Server are hard to maintain up-to-date
• Automation over infrastructure
• Infrastructure as code
• Ansible Inventory & Modules
• Variables & template system
• Playbooks & Roles & Galaxy
SOFTWARE CRAFTSMANSHIP TOLEDO
What about using GITto version
Inventory and Roles??
Meet OUR server room
Thanks!
Recommended