ANSIBLE + WORDPRESSALAN LOK

BECAUSE YOU NEED THEMGOALS

• Simple* and repeatable installs • Automate your tasks

*Simple ≠ Easy Sorry, everything takes effort

MASTER (WORDPRESS) BUILDER?

ARE YOU A

CC, Source: Flickr/VGB.Studios

A TOOL FOR ALL OF USANSIBLE

• Automate machine provisioning and deployments

• Agentless • Configuration management

• Idempotent

(TELL ME THE MAGIC)HOW DOES ANSIBLE FIT IN?

• An orchestration machine with a usable shell prompt (*NIX)

• Server(s) accessible by SSH to orchestrate changes

SSH

http://docs.ansible.com/ansible/intro_installation.htmlHOW TO INSTALL ANSIBLE

• CentOS/RH/Amazon Linux: sudo yum install ansible

• Debian: sudo apt-get install ansible

• OS X: sudo easy_install pip; sudo pip install ansible

• Windows: sorry :(

BASICSANSIBLE

THE THING YOU DOTASK AND HANDLER

• A task is the most granular “thing” you do. For example:

• Copy a file • Start a process • Create a file using Jinja2 syntax

• Tasks are linear, whereas handlers are invoked by task completion (similar to WordPress hooks)

• Tasks can loop, and may contain conditional evaluation

A CONTAINER FOR TASKS AND HANDLERSROLES

• Roles are sets of tasks and handlers that Ansible executes • Think shell script, but better organized and easier to read

• Roles can have default variables, and be overridden by a play

HOW ANSIBLE STITCHES IT TOGETHERPLAYBOOK

• A playbook is a collection of plays • A play is a collection of roles

• One can assign plays to a host or host group

http://docs.ansible.com/ansible/playbooks.html

CONFIGURATION MANAGEMENT’S BEST FRIENDVARIABLES

• Variables can be specified at 3 levels • Global (config / env /

command line) • Play • Host

• Don’t hard code configuration, leverage variables and set defaults for overriding

{x}http://docs.ansible.com/ansible/playbooks_variables.html

DEFINING WHO WE AREHOSTS

• A play can target a host or a group of hosts

• Inventory may be static or dynamic (eg. AWS)

• Specific host-related information to access server

• User must have sudo privileges to perform system tasks

TOGETHERPUTTING IT ALL

CONFIGURE A HOST

1.Make a SSH key pair ssh-keygen -t ecdsa -f deploy

2.Copy your key file to the host (deploy.pub) and append the file contents to ~/.ssh/authorized_keys

3.Ensure the host user has sudo access (or else “become” parameter won’t work)

4.Ensure the python module python-httplib2 is installed

5.Disable selinux

http://docs.ansible.com/ansible/intro_inventory.htmlCREATE YOUR HOST FILE

[wordpress] 172.16.12.146 ansible_user=alan ansible_ssh_private_key_file=deploy

Host Group

IP or FQDN Ansible options

YOU DON’T HAVE TO WRITE EVERY ROLEDOWNLOAD SOME ROLES

ansible-galaxy install sbaerlocher.wp-cli geerlingguy.php geerlingguy.apache geerlingguy.mysqlgeerlingguy.php-mysqlgeerlingguy.firewall

BECAUSE NOT ALL ROLES WORK OUT OF THE BOXMODIFING GALAXY ROLES

• Let’s check out 2 roles I modified https://github.com/alanlok/ansible-role-wordpress.git https://github.com/alanlok/ansible-role-wordpress-apache.git

• Modified from ansible-galaxy author darthwade’s roles

• Made more variables available for customization

• Made roles RedHat/CentOS/Amazon Linux friendly

• You can write your own roles too!

FILES IN YOUR STRUCTURECREATING YOUR OWN PLAYBOOK

•group_vars •wordpress

•config

•roles •ansible-role-wordpress •ansible-role-wordpress-apache

•hosts

•wordpress-simple.yml

YAML file containing yourhost group’s variables

Your custom rolesin the roles directory

Which hosts should Ansible act on

Your playbook

SECRET SAUCE TO MAKE IT UNIQUETHE GROUP VARIABLES

--- apache_user: "apache" apache_group: "apache" wp_version: 4.5 wp_site_name: 'site1' wp_install_dir: '/var/www/html/{{ wp_site_name }}' wp_db_name: '{{ wp_site_name }}' wp_db_user: '{{ wp_site_name }}_user' wp_db_password: 'password' wp_db_host: 'localhost' wp_apache_hostname: '{{ wp_site_name }}.vm'

Yup, how else can I give a demo!

This is not pretty.See “vault” for more details.

DONEC QUIS NUNCTHE PLAYBOOK

- hosts: wordpress become: yes roles: - geerlingguy.apache - geerlingguy.php - geerlingguy.mysql - geerlingguy.firewall - geerlingguy.php-mysql - ansible-role-wordpress - ansible-role-wordpress-apache - sbaerlocher.wp-cli

LET’S RUN THIS…ansible-playbook -i hosts

wordpress-simple.yml

SORTA?IT’S DEPLOYED…

THE REAL VOODOOLET’S RUN SOME AD-HOC COMMANDS

• Configure WordPress for the first time ansible -i hosts wordpress --become -a "sudo -u apache wp core install --url\=site1.vm --title\=\"Yet another demo\" --admin_user\=alan --admin_password\=alan --admin_email\=\"alan@wlx.ca\" --path\=/var/www/html/site1"

• Update WordPress ansible -i hosts wordpress --become -a "sudo -u apache wp core update —path\=/var/www/html/site1"

• Update server: ansible -i hosts wordpress --become -a "yum update -y"

• Reboot server: ansible -i hosts wordpress --become -a "reboot"

”

“

— The LEGO® Movie

EVERYTHING IS AWESOME!!!

THANKS@alan_lok