Ansible Meetup Hamburg / Quickstart

Ge#ng&Started&with&Ansible

Ansible(Meetup(Hamburg,(henry(stamerjohann,(12/2014

A"brief"introduc.on"to"Ansible


Simple'things'should'be'simple,'complex'things'should'be'possible.

—"Alan"Kay


!Ansible!is!a!simple,!declara0ve!push!based!automa0on!tool!to!

describe!the!state!you!want!servers!to!be!in.


History

• Created(by(Michael(DeHaan((CTO(Ansible(Inc.)

• Open(source(project,(started(February(2012

• Maintained(by(very(acEve(Open(Source(community

• Ansible(Inc.(provides(training,(consulEng(services(and(offers(a(webKbased(management(tool(called(Ansible(Tower


Ansible(facts• Ansible)is)based)on)Python)(v2.7)

• Standard)SSH)to)connect)to)managed)servers/nodes

• Push?based)system)

• Agentless)operaAon

• No)central)server,)no)special)soDware)on)managed)nodes


Ansible(facts((con/nued)• Facts'from'each'node'used'for'state1full'decisions

• Fetch'context'before'tasks,'skip'intelligently

• Indempotent'ConfigMgmt'tool'(like'others)

• Extend'with'custom'modules,'use'any'language'which'can'return'JSON'(Bash,'Ruby,'Go,'Python,'etc.)

• Source'inventory'from'various'datasource,'return'as'JSON


ConfigMgmt)in)comparison• Ansible)is)similar)tool)to)Chef,)Puppet)or)Salt

• Shared)purpose)8)solve)tasks)for)CfgMgmt,)provisioning,)deployment,)etc.

• Ansible)may)be)simplest)and)easiest)configuraAon)management)tool)to)start)with

• Chef,)Puppet,)Salt)are)great)tools)as)well,)may)be)more)complex)to)start)with,)steeper)learning)curve,)etc.


Requirements+to+use+Ansible• Ansible)installed)on)your)Control)Machine)(admin)machine)

• Python)required)on)all)nodes/servers)to)manage

• Installers)provided)for)OS)X,)Linux)machines)(only)

• Use)SSH)publicHkey)setup)to)connect)to)nodes


How$to$install$Ansible$(OS$X,$Linux)

Requirements:,,•,python2dev,for,linux,,•,xcode2command2line,tools,on,OS,X

sudo easy_install pipsudo pip install ansible

Alterna(ve*install*methods:**•*homebrew*for*OS*X*•*install*from*source


Ansible(Basic(Terminology:(

• Modules - accomplish dedicated Tasks (set values, use templates)• Tasks - execute Module specific parameters, variables, etc.• Variables - configuration-wide, Playbook / Roles specific vars• Facts - gather information about the target system• Handlers - like Tasks but usually get called by another Task• Roles - group related Tasks, encapsulate data to accomplish Tasks• Files - files directory contains files copied over to target• Templates - Jinja2 format w/ placeholders to insert variables • Vault - encrypt sensible data (i.e. files containing passwords)• Plays - are lists of Tasks which apply to hosts / host groups• Playbooks - YAML formatted files orchestrate steps sequentially • Inventory - reference inside 'host' & 'ansible.cfg' files


Demo%Filetree%(Example)

.|-- ansible.cfg # inventory config file|-- playbook.yml # playbook file|-- roles| |-- defaults # defaults file| | `-- main.yml| |-- files # files directory| |-- handlers| | `-- main.yml # handlers file| |-- tasks| | `-- main.yml # tasks file| |-- templates| | `-- template.conf.j2 # template file| `-- vars| `-- main.yml # variables file`-- hosts # hosts file


Flexible'file'op+ons

Ansible(parses(into(subfolderdata(could(be(organized(in(nested(folder/file(structure,(

`-- vars # named subfolder `-- main.yml # variables file

or#as#plain#file

`-- vars.yml # variables file


Ansible(Config• You%can%use%environment%variables%

export ANSIBLE_SUDO_USER=root

• But%be3er%define%in%ansible.cfg%file%(global%or%project%based)

./ansible.cfg # current directory~/.ansible.cfg # user's home dir/etc/ansible/ansible.cfg # system default location


ansible.cfg!config!file!(example)

[defaults]hostfile = hostsforks = 5timeout = 60log_path = /var/log/ansible.lognocows = 1


Inventory• Simple:

• Manage-your-inventory-in-text-files-(INI-group-header-syntax)

• Advanced:

• use-various-datasource,-use/write-a-tool-that-speaks-to-datasource-and-returns-JSON


Ansible(inventory(file(/(Hosts(file((Example)

# Application servers[webserver]web1.pretendco.com54.93.172.13 ansible_ssh_user=ubuntu

# Database server[db]54.93.172.14 ansible_ssh_user=ubuntu

# Group 'multi', contains child servers[multi:children]webserverdb


Ansible(CLI


CLI$Commands$(overview)

ansible <host-pattern> [options] # run Ad hoc command ansible-playbook <playbook-name> # run an Ansible playbookansible-galaxy <command> # share and download Ansible rolesansible-pull [options] [playbook.yml] # setup Ansible pull architecture ansible-doc [options] [module...] # show documentation

debug with -vvvvdry run mode with --checkcheck playbooks with --syntax-check


Ansible(AdHoc(commands

ansible <pattern_goes_here> -m <module_name> -a <arguments> # -s <optional sudo>

## single server nodeansible webserver -a reboot -i /path/to/hosts ## path to hosts-fileansible db -s -m apt -a "pkg=postgresql state=present" ## -i use path to hosts-file

## multiple server nodes ansible multi -s -m apt -a "pkg=ntp state=installed" ## -i use path to hosts-fileansible multi -s -m service -a "name=ntpd state=started enabled=yes" ## -i

## module example, git checkout ansible webserver -s -m git -a "repo=git://github.com/path/to/repo.git \dest=/opt/myapp update=yes version=1.2.4" ## -i use path to hosts-file


Ansible(Playbook((simple(example)#!/usr/bin/env ansible-playbook---- name: Configure webserver with nginx and ssl hosts: webservers sudo: True vars: key_file: /etc/nginx/ssl/nginx.key cert_file: /etc/nginx/ssl/nginx.crt conf_file: /etc/nginx/sites-available/default server_name: localhost tasks: - name: Install nginx apt: name=nginx update_cache=yes cache_valid_time=3600 ... - name: copy nginx config file template: src=templates/nginx.conf.j2 dest={{ conf_file }} notify: restart nginx handlers: - name: restart nginx service: name=nginx state=restarted


Variables• Variables*are*used/subs.tute*inside*tasks*or*template*files

apt: pkg={{ item }} state=installed update-cache=yes with_items: {{ system_packages }}

# apt module will iterate over items in Array (YAML Sequence)


Example(Vars((could(be(in(external(vars.yml(file)

---project_name: myprojectproject_root: /var/projects/myprojectproject_repo: [email protected]:myuser/myproject.gitsystem_packages: - build-essential - git - libevent-dev - nginx - postgresql - postgresql-server-dev-all - python-dev - python-setuptools - redis-serverpython_packages: - pip - virtualenv


Example(Vars(used(in(taskstasks: - name: Create the project directory. file: state=directory path={{ project_root }}

- name: Create user. user: home={{ project_root }}/home/ name={{ project_name }} state=present

- name: Update the project directory. file: group={{ project_name }} owner={{ project_name }} mode=755 state=directory path={{ project_root }}

- name: Install required system packages. apt: pkg={{ item }} state=installed update-cache=yes with_items: {{ system_packages }}

- name: Install required Python packages. easy_install: name={{ item }} with_items: {{ python_packages }}


templates/nginx.conf.j23

server { listen 80 default_server; listen [::]:80 default_server ipv6only=on; listen 443 ssl; root /usr/share/nginx/html; index index.html index.htm; server_name {{ server_name }}; ssl_certificate {{ cert_file }}; ssl_certificate_key {{ key_file }}; location / { try_files $uri $uri/ =404; } }


Playbooks


Playbooks• Playbooks*format*is*YAML*

• Playbooks*express*configura<ons,*deployment*and*orchestra<on

• A*Playbook*maps*a*group*of*hosts*to*a*set*of*roles*or*tasks

• Playbook*reference*included*files*(vars.yml,*lookup*files,*etc.)

• Op<onally*you*can*prompt*for*user*input*during*run


---- hosts: multi sudo: True vars: app_name: my-app license_file: "{{ lookup('file','license.xml') }}"

# prompt during run vars_prompt: - name: "set_password for x" prompt: "enter password for x" default: "super_dumb_pw" private: yes

pre_tasks: - name: display facts, print name and ip debug: msg="System {{ inventory_hostname }} has ip {{ ansible_default_ipv4 }}"

# run gerneral tasks tasks: - name: Install ntp apt: name=ntp update_cache=yes cache_valid_time=3600 ... # install roles sequentially roles: - { role: database, tags: db } - { role: nginx, tags: webapp } - { role: tomcat, tags: webapp }


Playbook(Anatomy• name: display name of your playbook (optional)• hosts: host or host group against run the tasks (mandatory)• sudo: True/False (optional)• vars: reference vars inline or /path/to/file (optional)• tasks: list of actions to perform, call up modules use variables • handlers: task that runs if it has been notified by another task• roles: call role to execute bundled tasks... and some more


Playbook(convenience(use• Add$tags$to$your$playbook

• Run$ansible5playbook$but$only$tasks$with$tags:$--tags templates,apache

• Run$ansible5playbook$but$exclude$--skip-tags templates tasks: - name: template apache config template: src=httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf tags: - templates - apache notify: - restart apache


Roles• Group'related'tasks,'configura4ons'and'data'into'a'bundle

|-- playbook.yml # playbook file|-- role| |-- sys-prep # basic sys prepare file| |-- database # setup database| |-- monitoring # configure monitoring| |-- nginx # install proxy server| `-- tomcat # install tomcat

• Central)installed)Roles)from)Galaxy:)/etc/ansible/rolesAnsible(Meetup(Hamburg,(henry(stamerjohann,(12/2014

Ansible(Galaxy• community*roles*available*

• reference*to*public*github*repos

• source*to*learn*and*start*from

ansible-galaxy install username.rolename


Ansible(Tower• Web%based)GUI)developed)by)Ansible)Inc.

• Dashboard)to)manage)your)nodes

• Provides)job)scheduling,)inventory)management,)job)status)updates

• With)built%in)REST)API

h"p://www.ansible.com/tower


http://www.ansible.com/tower

Few$common$use$cases


Nice%ci&zen%with%VagrantWorking(Vagrant(provider(available

# Provisioning configuration for Ansible. config.vm.provision "ansible" do |ansible| ansible.playbook = "playbook.yml" # Run commands as root. ansible.sudo = true end


Nice%ci&zen%with%Docker%(really?)• Have&a&large&overlap,&let's&discuss&a4er&today's&talk&by&Chris&an)Kniep&8&here's&the&commented&presenta<on:h>p://qnib.org/2014/12/19/Docker8and8ConfigMgmt/

• You&can&manage&Docker&host&with&docker&modules

- docker-module # launch, provision, and delete Docker containers.- docker-images module # build docker-files with Ansible.- docker_facts module- Docker inventory plugin

Note: Ansible Module has dependency on docker-py Docker client python library


http://qnib.org/2014/12/19/Docker-and-ConfigMgmt/

Ansible(docker.module(example# Start docker container running tomcat in each host of webserver group, # bind tomcat's listening port to 8080 on the host:---- hosts: webserver sudo: yes tasks: - name: run tomcat servers docker: image=centos command="service tomcat6 start" ports=8080

# Create multiple named containers:---- hosts: webserver sudo: yes tasks: - name: run tomcat servers docker: image=centos name={{item}} command="service tomcat6 start" ports=8080 with_items: - crookshank - snowbell - heathcliff - felix - sylvester


Scale&and&Orchestrate&with&Ansibleuse$ansible*pull$mode$!

• Pulls&a&specified&git&repository&into&a&specified&directory

• If&the&repo&has&changed,&it&runs&a&file&called&<hostname>.yml&or&local.yml&from&repo&root&directory

1. Add ansible-pull to crontab.2. Add the <hostname>.yml or local.yml file to your repository.

Example:)ansible_pull.yml


https://github.com/ansible/ansible-examples/blob/master/language_features/ansible_pull.yml

Documenta*on

• Ge$ng'Started

• Advanced'Setups

• Module'Reference

• Examples

• Ressources

• Case'Studies

• etc.


Ansible(Up(&(Running

by#Lorin#Hochstein

Free$preview$of$Ansible$Up$&$Running$by$Lorin$Hochstein.$

h"p://www.ansible.com/ansible2book

Preview Edition includes:

• Chapter 1 Introduction• Chapter 2 Playbooks, a Beginning• Chapter 3 Inventory: Describing Your Servers


http://www.ansible.com/ansible-book

Next%Ansible%HH%Meetup,%Feb%2015



Thank&You!



Technology

Ansible Meetup Hamburg / Quickstart