Upload
alexander-schedrov
View
78
Download
2
Embed Size (px)
Citation preview
Ansible is the simplest way to
automate.Alexander Schedrov aka sanchiz
Team Lead, FFW
Symfony Cafe Kyiv, May 2015
Alexander Schedrov aka sanchiz
Team Lead, FFW (ex ProPeople)
I love Open Source
I'm contributor to Open Source
That’s why I’m here
Ukraine, Kyiv
How it was earlier
Developers wrote code
SysAdmins deployed code and configure servers
until one day… DevOps and Ansible
What is Ansible
Ansible is a radically simple IT automation engine.
Ansible• Clear - Ansible uses a simple syntax (YAML).
• Fast - Fast to learn and fast to set up.
• Complete - You have everything you need in one complete package.
• Efficient - No extra software on your servers. Extensible with modules on any programming language.
• Secure - Ansible uses SSH and requires no extra open ports or daemons
Where we use Ansible
1. Configuration management and infrastructure orchestration
Apahce, MySQL, PHP
Dev Test
ProdLocal developer's server
2. Deployments and builds
Our approach• Configuration management as part of project
• Deployments and builds should be automated
• We should test each feature before merging into master
• Everything that may be automated - should be automated
Simple and efficient way
ansible-playbook [filename]
How do we generate builds
• GitHub Pull Requests to inject new features to master branch
• Jenkins triggers ansible script within repo
• Ansible playbook download database from production
• Ansible playbook apply changes to database
3. Provisioner for Vagrant
PUPHPET
One day our Vagrantbox is died
Vagrant + Ansible = ♥
Provisioning. Vagrant.
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| config.vm.box = "ubuntu/trusty64" config.vm.network :private_network, ip: "192.168.60.77" config.vm.network :forwarded_port, host: 4567, guest: 80
config.vm.provision "ansible" do |ansible| ansible.playbook = "playbook.yml" end end
Vagrantfile:
Meet the CIBoxhttps://github.com/propeoplemd/cibox
Kudos to @podarok,@ygerasimov, @m1r1k and other contributors
CIBox uses Ansible for:
• Provisioning in CI server (Jenkins)
• Provisioning in Vagrantbox
• GitHub Pull Request builder
Ansible vs Shell scripts
# Install the PGP key gpg --keyserver keyserver.ubuntu.com --recv-keys 561F9B9CAC40B2F7 gpg --armor --export 561F9B9CAC40B2F7 | apt-key add -
# Install https support for apt apt-get install apt-transport-https -y
# Add the passenger apt repository echo "deb https://oss-binaries.phusionpassenger.com/apt/passenger raring main" > /etc/apt/sources.list.d/passenger.list chown root: /etc/apt/sources.list.d/passenger.list chmod 600 /etc/apt/sources.list.d/passenger.list
# Update the apt cache so we can use the new repo apt-get update
# Install nginx apt-get install nginx-full passenger -y
# Set up passenger in the nginx configuration sed -i "s/# passenger_root/passenger_root/" /etc/nginx/nginx.conf sed -i "s/# passenger_ruby/passenger_ruby/" /etc/nginx/nginx.conf
# Start nginx service nginx restart
Shell script
--- - hosts: all tasks:
- name: Ensure the PGP key is installed apt_key: id=AC40B2F7 state=present url="http://keyserver.ubuntu.com/pks/lookup?op=get&fingerprint=on&search=0x561F9B9CAC40B2F7"
- name: Ensure https support for apt is installed apt: pkg=apt-transport-https state=present
- name: Ensure the passenger apt repository is added apt_repository: state=present repo='deb https://oss-binaries.phusionpassenger.com/apt/passenger raring main'
- name: Ensure nginx is installed apt: pkg=nginx-full state=present
- name: Ensure passenger is installed apt: pkg=passenger state=present update_cache=yes
- name: Ensure the nginx configuration file is set copy: src=/app/config/nginx.conf dest=/etc/nginx/nginx.conf
- name: Ensure nginx is running service: name=nginx state=started
Ansible script
Why do we love Ansible• It perfectly fit into our infrastructure
• It has a lot of modules and roles
• Can easily be executed on multiple servers
• Popular system
• It supports simple templates
Installation
sudo pip install ansible
*nixPackages: python-pip and python-devel
Windows
• Cywgin
• PyYAML
• Jinja2
• …
https://servercheck.in/blog/running-ansible-within-windows
What next?
3 main shell commands
• ansible-doc [options] [module...]
• ansible-playbook playbook.yml [options]
• ansible <host-pattern> <command> [options]
Additional commands
• ansible-galaxy [init|info|install|list|remove] [--help] [options]
• ansible-lint playbook.yml [options]
• ansible-pull [options] [playbook.yml]
• ansible-vault [create|decrypt|edit|encrypt|rekey] [--help] [options] file_name
Run playbook on remote machine
Host Guest
192.168.1.1 192.168.1.2
Playbook on host
192.168.1.2
Run playbook on local machine
Host
192.168.1.1
Playbook on host
192.168.1.1
Structure of the playbook
--- - hosts: all # Get facts about hosts(OS, user and so on)
gather_facts: no remote_user: root vars_prompt: # Variables that need should be entered vars: # List of variables
var_files: # List of files with variables
roles: # List of roles that should be included
pre_tasks: # List of pre-tasks
tasks: # List of main tasks
post_tasks: # List of post-tasks
handlers: # List of handlers
Ansible task
- name: Install libraries apt: pkg={{ item }} state=installed with_items: - git - apache2 - php5 - php5-mysql
Comment/Documentation
Module
Item
Iterate through array
Inventory# Group name [localhost] # Hosts in group 127.0.0.1
# Group name [mysql_group]
# Hosts in group mysqlserver.com 192.168.1.1
# Group vars [mysql_group:vars] ansible_ssh_user=root ansible_ssh_port=2222
/etc/ansible/hosts or ./hosts
Requirements: connection by ssh without password.
“ansible” command. Ad-hoc.
ansible mysql_group -a "free -m"
ansible mysql_group -s -m apt -a "pkg=ntp state=installed"
Command Group name Arguments
ModuleSudo
Move your code to templates
Jinja2.
--- - host: lamp_local vars: vhost_core_path: “/var/www/site.dev" domain: "site" tasks: - name: Add Apache virtualhost for development. template: src: "templates/vhost.dev.conf.j2" dest: "/etc/apache2/sites-available/{{ domain }}.dev.conf" owner: root group: root mode: 0644
vhost.dev.conf.j2<VirtualHost *:80> ServerAdmin webmaster@localhost ServerName {{ domain }}.192.168.60.25.xip.io ServerAlias www.{{ domain }}.192.168.60.25.xip.io DocumentRoot {{ vhost_core_path }} <Directory "{{ vhost_core_path }}"> Options FollowSymLinks Indexes AllowOverride All </Directory> </VirtualHost>
Keeps things organized
Roles
--- - hosts: webservers roles: - jenkins - webservers
roles/jenkins
Use includes--- - hosts: mysql_group sudo: yes
vars_files: - solr_vars.yml
pre_tasks: - include: pre_tasks.yml
tasks: - { include: deploy.yml, user: admin, ssh_keys: [ 'keys/one.txt', 'keys/two.txt' ] }
handlers: - include: handlers/handlers.yml
Migrate to Ansible
Just run shell scripts through Ansible
- name: Deploy system module sudo: yes shell: /usr/bin/deploy -t -v --tags=system
Start from small changes
Let’s contribute to OpenSource
https://galaxy.ansible.com/
# Install role systemwide ansible-galaxy install sanchiz.jenkins
# List all availabel roles systemwide ansible-galaxy list
# Remove role systemwide ansible-galaxy remove sanchiz.jenkins
# Init new ansible role in current dir ansible-galaxy init
Demo
Thank you!
GitHub: https://github.com/Sanchiz Blog: http://sanchiz.net Email: [email protected] Twitter: @alexschedrov Drupal.org: https://www.drupal.org/u/sanchiz