Ansible is the simplest way to

automate.Alexander Schedrov aka sanchiz

Team Lead, FFW

Symfony Cafe Kyiv, May 2015

Alexander Schedrov aka sanchiz

Team Lead, FFW (ex ProPeople)

I love Open Source

I'm contributor to Open Source

That’s why I’m here

Ukraine, Kyiv

How it was earlier

Developers wrote code

SysAdmins deployed code and configure servers

until one day… DevOps and Ansible

What is Ansible

Ansible is a radically simple IT automation engine.

Ansible• Clear - Ansible uses a simple syntax (YAML).

• Fast - Fast to learn and fast to set up.

• Complete - You have everything you need in one complete package.

• Efficient - No extra software on your servers. Extensible with modules on any programming language.

• Secure - Ansible uses SSH and requires no extra open ports or daemons

Where we use Ansible

1. Configuration management and infrastructure orchestration

Apahce, MySQL, PHP

Dev Test

ProdLocal developer's server

2. Deployments and builds

Our approach• Configuration management as part of project

• Deployments and builds should be automated

• We should test each feature before merging into master

• Everything that may be automated - should be automated

Simple and efficient way

ansible-playbook [filename]

How do we generate builds

• GitHub Pull Requests to inject new features to master branch

• Jenkins triggers ansible script within repo

• Ansible playbook download database from production

• Ansible playbook apply changes to database

3. Provisioner for Vagrant

PUPHPET

One day our Vagrantbox is died

Vagrant + Ansible = ♥

Provisioning. Vagrant.

Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| config.vm.box = "ubuntu/trusty64" config.vm.network :private_network, ip: "192.168.60.77" config.vm.network :forwarded_port, host: 4567, guest: 80

config.vm.provision "ansible" do |ansible| ansible.playbook = "playbook.yml" end end

Vagrantfile:

Meet the CIBoxhttps://github.com/propeoplemd/cibox

Kudos to @podarok,@ygerasimov, @m1r1k and other contributors

CIBox uses Ansible for:

• Provisioning in CI server (Jenkins)

• Provisioning in Vagrantbox

• GitHub Pull Request builder

Ansible vs Shell scripts

# Install the PGP key gpg --keyserver keyserver.ubuntu.com --recv-keys 561F9B9CAC40B2F7 gpg --armor --export 561F9B9CAC40B2F7 | apt-key add -

# Install https support for apt apt-get install apt-transport-https -y

# Add the passenger apt repository echo "deb https://oss-binaries.phusionpassenger.com/apt/passenger raring main" > /etc/apt/sources.list.d/passenger.list chown root: /etc/apt/sources.list.d/passenger.list chmod 600 /etc/apt/sources.list.d/passenger.list

# Update the apt cache so we can use the new repo apt-get update

# Install nginx apt-get install nginx-full passenger -y

# Set up passenger in the nginx configuration sed -i "s/# passenger_root/passenger_root/" /etc/nginx/nginx.conf sed -i "s/# passenger_ruby/passenger_ruby/" /etc/nginx/nginx.conf

# Start nginx service nginx restart

Shell script

--- - hosts: all tasks:

- name: Ensure the PGP key is installed apt_key: id=AC40B2F7 state=present url="http://keyserver.ubuntu.com/pks/lookup?op=get&fingerprint=on&search=0x561F9B9CAC40B2F7"

- name: Ensure https support for apt is installed apt: pkg=apt-transport-https state=present

- name: Ensure the passenger apt repository is added apt_repository: state=present repo='deb https://oss-binaries.phusionpassenger.com/apt/passenger raring main'

- name: Ensure nginx is installed apt: pkg=nginx-full state=present

- name: Ensure passenger is installed apt: pkg=passenger state=present update_cache=yes

- name: Ensure the nginx configuration file is set copy: src=/app/config/nginx.conf dest=/etc/nginx/nginx.conf

- name: Ensure nginx is running service: name=nginx state=started

Ansible script

Why do we love Ansible• It perfectly fit into our infrastructure

• It has a lot of modules and roles

• Can easily be executed on multiple servers

• Popular system

• It supports simple templates

Installation

sudo pip install ansible

*nixPackages: python-pip and python-devel

Windows

• Cywgin

• PyYAML

• Jinja2

• …

https://servercheck.in/blog/running-ansible-within-windows

What next?

3 main shell commands

• ansible-doc [options] [module...]

• ansible-playbook playbook.yml [options]

• ansible <host-pattern> <command> [options]

Additional commands

• ansible-galaxy [init|info|install|list|remove] [--help] [options]

• ansible-lint playbook.yml [options]

• ansible-pull [options] [playbook.yml]

• ansible-vault [create|decrypt|edit|encrypt|rekey] [--help] [options] file_name

Run playbook on remote machine

Host Guest

192.168.1.1 192.168.1.2

Playbook on host

192.168.1.2

Run playbook on local machine

Host

192.168.1.1

Playbook on host

192.168.1.1

Structure of the playbook

--- - hosts: all # Get facts about hosts(OS, user and so on)

gather_facts: no remote_user: root vars_prompt: # Variables that need should be entered vars: # List of variables

var_files: # List of files with variables

roles: # List of roles that should be included

pre_tasks: # List of pre-tasks

tasks: # List of main tasks

post_tasks: # List of post-tasks

handlers: # List of handlers

Ansible task

- name: Install libraries apt: pkg={{ item }} state=installed with_items: - git - apache2 - php5 - php5-mysql

Comment/Documentation

Module

Item

Iterate through array

Inventory# Group name [localhost] # Hosts in group 127.0.0.1

# Group name [mysql_group]

# Hosts in group mysqlserver.com 192.168.1.1

# Group vars [mysql_group:vars] ansible_ssh_user=root ansible_ssh_port=2222

/etc/ansible/hosts or ./hosts

Requirements: connection by ssh without password.

“ansible” command. Ad-hoc.

ansible mysql_group -a "free -m"

ansible mysql_group -s -m apt -a "pkg=ntp state=installed"

Command Group name Arguments

ModuleSudo

Move your code to templates

Jinja2.

--- - host: lamp_local vars: vhost_core_path: “/var/www/site.dev" domain: "site" tasks: - name: Add Apache virtualhost for development. template: src: "templates/vhost.dev.conf.j2" dest: "/etc/apache2/sites-available/{{ domain }}.dev.conf" owner: root group: root mode: 0644

vhost.dev.conf.j2<VirtualHost *:80> ServerAdmin webmaster@localhost ServerName {{ domain }}.192.168.60.25.xip.io ServerAlias www.{{ domain }}.192.168.60.25.xip.io DocumentRoot {{ vhost_core_path }} <Directory "{{ vhost_core_path }}"> Options FollowSymLinks Indexes AllowOverride All </Directory> </VirtualHost>

Keeps things organized

Roles

--- - hosts: webservers roles: - jenkins - webservers

roles/jenkins

Use includes--- - hosts: mysql_group sudo: yes

vars_files: - solr_vars.yml

pre_tasks: - include: pre_tasks.yml

tasks: - { include: deploy.yml, user: admin, ssh_keys: [ 'keys/one.txt', 'keys/two.txt' ] }

handlers: - include: handlers/handlers.yml

Migrate to Ansible

Just run shell scripts through Ansible

- name: Deploy system module sudo: yes shell: /usr/bin/deploy -t -v --tags=system

Start from small changes

Let’s contribute to OpenSource

https://galaxy.ansible.com/

# Install role systemwide ansible-galaxy install sanchiz.jenkins

# List all availabel roles systemwide ansible-galaxy list

# Remove role systemwide ansible-galaxy remove sanchiz.jenkins

# Init new ansible role in current dir ansible-galaxy init

Demo

Thank you!

GitHub: https://github.com/Sanchiz Blog: http://sanchiz.net Email: alexander.schedrov@gmail.com Twitter: @alexschedrov Drupal.org: https://www.drupal.org/u/sanchiz