ANSIBLE AUTOMATION BEST PRACTICES FROM STARTUPS TO ENTERPRISES

AN INTRO TO THE SWISS ARMY KNIFE OF DEVOPS, CAPABLE OF HANDLING MANY POWERFUL AUTOMATION TASKS.

Keith Resar@KeithResar

@KeithResar

Keith Resar: BioWear many hats

Keith.Resar@RedHat.com

CoderOpen Source Contributor and Advocate

Infrastructure Architect

@KeithResar

WHAT IS ANSIBLE

It’s a simple automation language that can perfectly describe an IT application infrastructure in Ansible Playbooks.

It’s an automation engine that runs Ansible Playbooks.

Ansible Tower is an enterprise framework for controlling, securing and managing your Ansible automation with a UI and restful API.

SIMPLE POWERFUL

AGENTLESS

Human readable automationNo special coding skills neededTasks executed in orderGet productive quickly

App deploymentConfiguration managementWorkflow orchestrationOrchestrate the app lifecycle

Agentless architectureUses OpenSSH & WinRMNo agents to exploit or updateMore efficient & more secure

@KeithResar

HOW ANSIBLE WORKS

ANSIBLE’S AUTOMATION ENGINE

ANSIBLE PLAYBOOK

PUBLIC / PRIVATECLOUD

CMDB

USERS

INVENTORY HOSTS

NETWORKING

PLUGINS

API

MODULES

HOW ANSIBLE WORKS

ANSIBLE PLAYBOOK

PLAYBOOKS ARE WRITTEN IN YAMLTasks are executed sequentially Invokes Ansible modules

HOW ANSIBLE WORKS

MODULES

MODULES ARE “TOOLS IN THE TOOLKIT”Python, Powershell, or any languageExtend Ansible simplicity to entire stack

HOW ANSIBLE WORKS

INVENTORY

[web]webserver1.example.comwebserver2.example.com

[db]dbserver1.example.com

HOW ANSIBLE WORKS

CMDB

CLOUD:OpenStack, VMware, EC2, Rackspace, GCE,Azure, Spacewalk, Hanlon, CobblerCUSTOM CMDB

PLAYBOOK EXAMPLE---- name: install and start apache hosts: all vars: http_port: 80 max_clients: 200 remote_user: root

tasks: - name: install httpd yum: pkg=httpd state=latest - name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf - name: start httpd service: name=httpd state=running

PLAYBOOK EXAMPLE---- name: install and start apache hosts: all vars: http_port: 80 max_clients: 200 remote_user: root

tasks: - name: install httpd yum: pkg=httpd state=latest - name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf - name: start httpd service: name=httpd state=running

PLAYBOOK EXAMPLE---- name: install and start apache hosts: all vars: http_port: 80 max_clients: 200 remote_user: root

tasks: - name: install httpd yum: pkg=httpd state=latest - name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf - name: start httpd service: name=httpd state=running

PLAYBOOK EXAMPLE---- name: install and start apache hosts: all vars: http_port: 80 max_clients: 200 remote_user: root

tasks: - name: install httpd yum: pkg=httpd state=latest - name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf - name: start httpd service: name=httpd state=running

PLAYBOOK EXAMPLE---- name: install and start apache hosts: all vars: http_port: 80 max_clients: 200 remote_user: root

tasks: - name: install httpd yum: pkg=httpd state=latest - name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf - name: start httpd service: name=httpd state=running

PLAYBOOK EXAMPLE---- name: install and start apache hosts: all vars: http_port: 80 max_clients: 200 remote_user: root

tasks: - name: install httpd yum: pkg=httpd state=latest - name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf - name: start httpd service: name=httpd state=running

● 22,000+ stars & 7,100+ forks on GitHub● 2600+ GitHub Contributors● Over 1000 modules shipped with Ansible● New contributors added every day● 1400+ users on IRC channel● Top 10 open source projects in 2014 ● World-wide meetups taking monthly● Ansible Galaxy: over 7,000 Roles● 250,000+ downloads a month● AnsibleFests in NYC, SF, London

COMMUNITY

MODULES

> ansible -m setup

> ansible -m ping

> ansible -m command -a ‘rm -rf /var/tmp/session’

> ansible -m copy -a ‘src=foo dest=/foo/bar’

AD-HOC COMMANDS

● Static inventory○ Ini-style syntax

● Dynamic inventory○ Real-time pull of all assets from selected source

ASSET INVENTORY

LOOKING AT THAT HELLO WORLD PLAYBOOK

MODULARITY USING ROLES

While it is possible to write a playbook in one very large file (and you might start out learning playbooks this way), eventually you’ll want to reuse files and start to organize things.

At a basic level, including task files allows you to break up bits of configuration policy into smaller files. Task includes pull in tasks from other files. Since handlers are tasks too, you can also include handler files from the ‘handler’ section.

Roles in Ansible build on the idea of include files and combine them to form clean, reusable abstractions – they allow you to focus more on the big picture and only dive down into the details when needed.

CROSS PLATFORM – Linux, Windows, UNIXAgentless support for all major OS variants, physical, virtual, cloud and network

HUMAN READABLE – YAMLPerfectly describe and document every aspect of your application environment

PERFECT DESCRIPTION OF APPLICATIONEvery change can be made by playbooks, ensuring everyone is on the same page

VERSION CONTROLLEDPlaybooks are plain-text. Treat them like code in your existing version control.

DYNAMIC INVENTORIESCapture all the servers 100% of the time, regardless of infrastructure, location, etc.

ORCHESTRATION THAT PLAYS WELL WITH OTHERSHomogenize existing environments by leveraging current toolsets

THE ANSIBLE WAY

RESOURCES

Getting Started with Ansiblehttps://www.ansible.com/get-started

Ansible Essentials: Technical Overview https://redhat.com/.../do007-ansible-essentials

Ansible Minneapolis Meetuphttps://www.meetup.com/Ansible-Minneapolis/

@KeithResar

@KeithResar

THANKS!