Upload
alexander-schedrov
View
189
Download
1
Embed Size (px)
Citation preview
Ansible is the simplest way to
automate.Alexander Schedrov aka sanchiz
Team Lead, DevOps Engineer, FFW
MoldCamp 2015
Alexander Schedrov aka sanchiz
Team Lead, DevOps Engineer, FFW (ex ProPeople)
I love Open Source
I'm contributor to Open Source
That’s why I’m here
Ukraine, Kyiv
Ansible• Clear - Ansible uses a simple syntax (YAML).
• Fast - Fast to learn and fast to set up.
• Complete - You have everything you need in one complete package.
• Efficient - No extra software on your servers. Extensible with modules on any programming language.
• Secure - Ansible uses SSH and requires no extra open ports or daemons
# Install the PGP key gpg --keyserver keyserver.ubuntu.com --recv-keys 561F9B9CAC40B2F7 gpg --armor --export 561F9B9CAC40B2F7 | apt-key add -
# Install https support for apt apt-get install apt-transport-https -y
# Add the passenger apt repository echo "deb https://oss-binaries.phusionpassenger.com/apt/passenger raring main" > /etc/apt/sources.list.d/passenger.list chown root: /etc/apt/sources.list.d/passenger.list chmod 600 /etc/apt/sources.list.d/passenger.list
# Update the apt cache so we can use the new repo apt-get update
# Install nginx apt-get install nginx-full passenger -y
# Set up passenger in the nginx configuration sed -i "s/# passenger_root/passenger_root/" /etc/nginx/nginx.conf sed -i "s/# passenger_ruby/passenger_ruby/" /etc/nginx/nginx.conf
# Start nginx service nginx restart
Shell script
--- - hosts: all tasks:
- name: Ensure the PGP key is installed apt_key: id=AC40B2F7 state=present url="http://keyserver.ubuntu.com/pks/lookup?op=get&fingerprint=on&search=0x561F9B9CAC40B2F7"
- name: Ensure https support for apt is installed apt: pkg=apt-transport-https state=present
- name: Ensure the passenger apt repository is added apt_repository: state=present repo='deb https://oss-binaries.phusionpassenger.com/apt/passenger raring main'
- name: Ensure nginx is installed apt: pkg=nginx-full state=present
- name: Ensure passenger is installed apt: pkg=passenger state=present update_cache=yes
- name: Ensure the nginx configuration file is set copy: src=/app/config/nginx.conf dest=/etc/nginx/nginx.conf
- name: Ensure nginx is running service: name=nginx state=started
Ansible script
Why do we love Ansible
• It perfectly fit into our infrastructure
• It has a lot of modules and roles
• Can easily be executed on multiple servers
• Popular system
Installation
sudo pip install ansible
*nixPackages: python-pip and python-devel
Windows
• Cywgin
• PyYAML
• Jinja2
• …
https://servercheck.in/blog/running-ansible-within-windows
3 main shell commands
• ansible-doc [options] [module...]
• ansible-playbook playbook.yml [options]
• ansible <host-pattern> <command> [options]
Additional commands
• ansible-galaxy [init|info|install|list|remove] [--help] [options]
• ansible-lint playbook.yml [options]
• ansible-pull [options] [playbook.yml]
• ansible-vault [create|decrypt|edit|encrypt|rekey] [--help] [options] file_name
What is playbook
Ansible playbook it’s a list of commands or roles that will be executed on remote or local
machine.
What is Ansible role
Ansible role is clean, reusable abstraction that provides certain functionality.
--- - hosts: all # Get facts about hosts(OS, user and so on)
gather_facts: no remote_user: root vars_prompt: # Variables that need should be entered vars: # List of variables
var_files: # List of files with variables
roles: # List of roles that should be included
pre_tasks: # List of pre-tasks
tasks: # List of main tasks
post_tasks: # List of post-tasks
handlers: # List of handlers
Ansible task
- name: Install libraries apt: pkg={{ item }} state=installed with_items: - git - apache2 - php5 - php5-mysql
Comment/Documentation
Module
Item
Iterate through array
Inventory# Group name [localhost] # Hosts in group 127.0.0.1
# Group name [mysql_group]
# Hosts in group mysqlserver.com 192.168.1.1
# Group vars [mysql_group:vars] ansible_ssh_user=root ansible_ssh_port=2222
/etc/ansible/hosts or ./hosts
Requirements: connection by ssh without password.
--- - host: lamp_local vars: vhost_core_path: “/var/www/site.dev" domain: "site" tasks: - name: Add Apache virtualhost for development. template: src: "templates/vhost.dev.conf.j2" dest: "/etc/apache2/sites-available/{{ domain }}.dev.conf" owner: root group: root mode: 0644
vhost.dev.conf.j2<VirtualHost *:80> ServerAdmin webmaster@localhost ServerName {{ domain }}.192.168.60.25.xip.io ServerAlias www.{{ domain }}.192.168.60.25.xip.io DocumentRoot {{ vhost_core_path }} <Directory "{{ vhost_core_path }}"> Options FollowSymLinks Indexes AllowOverride All </Directory> </VirtualHost>
Use includes--- - hosts: mysql_group sudo: yes
vars_files: - solr_vars.yml
pre_tasks: - include: pre_tasks.yml
tasks: - { include: deploy.yml, user: admin, ssh_keys: [ 'keys/one.txt', 'keys/two.txt' ] }
handlers: - include: handlers/handlers.yml
Just run shell scripts through Ansible
- name: Deploy system module sudo: yes shell: /usr/bin/deploy -t -v --tags=system
Start from small changes
Our approach• Code Driven Development
• Deployments and builds should be automated
• We should test each feature before merging into master
• Everything that may be automated - should be automated
How do we generate builds
• GitHub Pull Requests to inject new features to master branch
• Jenkins triggers ansible script within repo
• Ansible playbook download database from production
• Ansible playbook apply changes to database
Provisioning. Vagrant.
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| config.vm.box = "ubuntu/trusty64" config.vm.network :private_network, ip: "192.168.60.77" config.vm.network :forwarded_port, host: 4567, guest: 80
config.vm.provision "ansible" do |ansible| ansible.playbook = "playbook.yml" end end
Vagrantfile:
Meet the CIBoxhttps://github.com/propeoplemd/cibox
Kudos to @podarok,@ygerasimov, @m1r1k and other contributors
CIBox uses Ansible for:
• Provisioning in CI server (Jenkins)
• Provisioning in Vagrantbox
• GitHub Pull Request builder
Conclusion
• Ansible is a promising technology
• Easy to start
• It solves 95% of our DevOps problems
• Ansible is awesome and we love it
Thank you!
GitHub: https://github.com/Sanchiz Blog: http://sanchiz.net Email: [email protected] Twitter: @alexschedrov Drupal.org: https://www.drupal.org/u/sanchiz