Upload
devops-ltd
View
94
Download
2
Embed Size (px)
Citation preview
Steve Pereira
18 years in IT Startups and Enterprise
Love learning about, teaching and talking about:
• DevOps • CI/CD • Automation • Scale
WHO AM I?
ANSIBLE FEATURES• Automation for local and remote system provisioning
• Automation for local and remote applications deployment
• No agents to install on remote systems• Using existing SSHd on remote systems and native SSH on host• Parallel by default - scale to 6000 targets with single master • Language that approaches plain english
ANSIBLE CONVENTIONSPlaybooks - contain required tasks to configure systems and deploy
Tasks - individual actions to perform on remote or local machines
Roles - modular, single-purpose configurations for systems
Inventory - files containing address information of target machines
Handlers - actions triggered by tasks
Templates - customizable files destined for managed machines
MINIMUM VIABLE ANSIBLE$ ansible all -i 'localhost,' -c local -m ping
localhost | success >> { "changed": false, "ping": "pong" }
WHAT ELSE?• ansible webservers -m setup
• ansible lb -m copy -a "src=hosts dest=/tmp/hosts”
• ansible webservers -m yum -a "name=curl state=installed”
• ansible webservers -m service -a "name=nginx state=restarted”
• ansible-doc -l
PLAYBOOKS---- hosts: webservers vars: http_port: 80 max_clients: 200 remote_user: root tasks: - name: ensure apache is at the latest version yum: pkg=httpd state=latest - name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf notify: - restart apache - name: ensure apache is running (and enable it at boot) service: name=httpd state=started enabled=yes handlers: - name: restart apache service: name=httpd state=restarted
example_playbook.yml
PLAYBOOKS---- hosts: webservers vars: http_port: 80 max_clients: 200 remote_user: root tasks: - name: ensure apache is at the latest version yum: pkg=httpd state=latest - name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf notify: - restart apache - name: ensure apache is running (and enable it at boot) service: name=httpd state=started enabled=yes handlers: - name: restart apache service: name=httpd state=restarted
example_playbook.yml
PLAYBOOKS---- hosts: webservers vars: http_port: 80 max_clients: 200 remote_user: root tasks: - name: ensure apache is at the latest version yum: pkg=httpd state=latest - name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf notify: - restart apache - name: ensure apache is running (and enable it at boot) service: name=httpd state=started enabled=yes handlers: - name: restart apache service: name=httpd state=restarted
example_playbook.yml
PLAYBOOKS---- hosts: webservers vars: http_port: 80 max_clients: 200 remote_user: root tasks: - name: ensure apache is at the latest version yum: pkg=httpd state=latest - name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf notify: - restart apache - name: ensure apache is running (and enable it at boot) service: name=httpd state=started enabled=yes handlers: - name: restart apache service: name=httpd state=restarted
example_playbook.yml
PLAYBOOKS---- hosts: webservers vars: http_port: 80 max_clients: 200 remote_user: root tasks: - name: ensure apache is at the latest version yum: pkg=httpd state=latest - name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf notify: - restart apache - name: ensure apache is running (and enable it at boot) service: name=httpd state=started enabled=yes handlers: - name: restart apache service: name=httpd state=restarted
example_playbook.yml
PLAYBOOKS---- hosts: webservers vars: http_port: 80 max_clients: 200 remote_user: root tasks: - name: ensure apache is at the latest version yum: pkg=httpd state=latest - name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf notify: - restart apache - name: ensure apache is running (and enable it at boot) service: name=httpd state=started enabled=yes handlers: - name: restart apache service: name=httpd state=restarted
example_playbook.yml
PLAYBOOKS---- hosts: webservers vars: http_port: 80 max_clients: 200 remote_user: root tasks: - name: ensure apache is at the latest version yum: pkg=httpd state=latest - name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf notify: - restart apache - name: ensure apache is running (and enable it at boot) service: name=httpd state=started enabled=yes handlers: - name: restart apache service: name=httpd state=restarted
example_playbook.yml
ROLESmy_role/README.md (readme)defaults/ (default values)meta/ (role metadata)files/ (binaries)templates/ (file templates)handlers/ (operation handlers)tasks/ (playbook files)vars/ (custom variables)
• Easily packaged and shared
• Download community roles
• Mix and match
INVENTORY• Define how ansible will interact with remote hosts• Define logical groups of managed nodes• One file for each environment• Default location : /etc/ansible/hosts• INI format, variable overrides
sample_inventory.ini [loadbalancers]10.20.30.4110.20.30.42
[webservers]10.20.30.51 hostname=artemis10.20.30.52 hostname=apollo
TEMPLATES• Use Jinja2 templating and variables to customize• Defaults available when variables not provided (dev default with prod override)
etc_logrotate.d.j2 {{ logfile }} { rotate {{ 7 | rotate_max }} {{ daily | frequency }} compress missingok notifempty}
IT CAN GET FANCYtasks:- name: install packages in a users virtualenv shell: su - c {{ item[0] }} '(. ./bin/activate && pip install {{ item[1] }})' with_nested: - [ 'jim', 'joe', 'jack' ] - [ package1==1.1, package2==1.2, package3==1.3 ]
There are several types of loops: Hashes, Fileglobs, Sequence, Subelements, First match, Command results, Random and more
but there’s a builtin pip module, anyways.
CONDITIONALStasks: - command: /bin/false register: result ignore_errors: True - command: /bin/something when: result|failed - command: /bin/something_else when: result|success - command: /bin/still/something_else when: result|skipped
The result of a play can depend on the value of a variable, fact (something learned about the remote system), or previous task result.
MORE CONDITIONALS!tasks: - shell: echo "I've got '{{ foo }}'" when: foo is defined
- fail: msg="This play requires 'bar'" when: bar is not defined
- command: echo {{ item }} with_items: [ 0, 2, 4, 6, 8, 10 ] when: item > 5
If a required variable has not been set, you can skip or fail using Jinja2’s defined test. For example:
SIMPLE, POWERFUL BUILTINS• 261 built-in modules• Many cloud providers, packages and tools are integrated• Easily add your own in any language
examples: • ec2 - Create, terminate, start/stop an instance • docker - Manage docker containers• hipchat Send a message to hipchat• s3 - manage objects in S3• twilio - Sends a text message to a phone• win_service - Manages Windows services• zfs - Manage zfs
SMOOTH OPERATION•Get and set variables easily•Simple variable precedence•Ordered, predictable execution•Tagged, resumable execution•ansible doc [foo]
SECURITY• Can be centralized and locked down via Ansible Tower
• Can be run from a centralized bastion server
• Vault encrypts sensitive data
• Uses ordinary SSH, paramiko or custom transport plugins
• No extra open ports, use your own user account, sudo!
• No agents to update or risk vulnerabilities
ADVANCED CAPABILITIES• Rolling updates/deployment/orchestration (1, 5, n at a time)
• Canary testing (check for page content or response code)
• Variable timeouts and parellelism
• Ansible-pull to invert execution - nodes check in to a master
MORE INFORMATIONhttps://docs.ansible.com
https://docs.ansible.com/playbooks_best_practices.html
https://galaxy.ansible.com
https://github.com/ansible/ansible-examples
THANK YOU!
http://devopsdays.org/events/2015-toronto (shameless plug)