ANSIBLE + WORDPRESS WORDCAMP TORONTO 2016

ALAN LOK

FOLLOW ALONG WITHOUT TAKING PICTURES!THE GOODS

• Slides http://www.slideshare.net/alanlok1/ansible-wordpress-wordcamp-toronto-2016

• Code https://github.com/alanlok/wcto2016-ansible-playbook

BECAUSE YOU NEED THEMGOALS

• Simple* and repeatable installs • Automate your tasks

*Simple ≠ Easy Sorry, everything takes effort

MASTER (WORDPRESS) BUILDER?

ARE YOU A

CC, Source: Flickr/VGB.Studios

A TOOL FOR ALL OF USANSIBLE

• Automate machine provisioning and deployments

• Agentless • Configuration management

• Idempotent

(TELL ME THE MAGIC)HOW DOES ANSIBLE FIT IN?

• An orchestration machine with a usable shell prompt (*NIX)

• Server(s) accessible by SSH to orchestrate changes

SSH

http://docs.ansible.com/ansible/intro_installation.htmlHOW TO INSTALL ANSIBLE

• CentOS/RH/Amazon Linux: sudo yum install ansible

• Debian: sudo apt-get install ansible

• OS X: sudo easy_install pip; sudo pip install ansible

• Windows: sorry :(

BASICSANSIBLE

THE THING YOU DOTASK AND HANDLER

• A task is the most granular “thing” you do. For example:

• Copy a file • Start a process • Create a file using Jinja2 syntax

• Tasks are linear, whereas handlers are invoked by task completion (similar to WordPress hooks)

• Tasks can loop, and may contain conditional evaluation

A CONTAINER FOR TASKS AND HANDLERSROLES

• Roles are sets of tasks and handlers that Ansible executes • Think shell script, but better organized and easier to read

• Roles can have default variables, and be overridden by a play

HOW ANSIBLE STITCHES IT TOGETHERPLAYBOOK

• A playbook is a collection of plays • A play is a collection of roles

• One can assign plays to a host or host group

http://docs.ansible.com/ansible/playbooks.html

CONFIGURATION MANAGEMENT’S BEST FRIENDVARIABLES

• Variables can be specified at 3 levels • Global (config / env /

command line) • Play • Host

• Don’t hard code configuration, leverage variables and set defaults for overriding

{x}http://docs.ansible.com/ansible/playbooks_variables.html

DEFINING WHO WE AREHOSTS

• A play can target a host or a group of hosts

• Inventory may be static or dynamic (eg. AWS)

• Specific host-related information to access server

• User must have sudo privileges to perform system tasks

TOGETHERPUTTING IT ALL

CONFIGURE A HOST

1.Make a SSH key pair ssh-keygen -t ecdsa -f deploy

2.Copy your key file to the host (deploy.pub) and append the file contents to ~/.ssh/authorized_keys

3.Ansible user needs sudo access (or “become” won’t work)

4. Install python modules python-httplib2 and libselinux-python

http://docs.ansible.com/ansible/intro_inventory.htmlCREATE YOUR HOST FILE

[wordpress] 172.16.12.146 ansible_user=alan ansible_ssh_private_key_file=deploy

Host Group

IP or FQDN Ansible options

YOU DON’T HAVE TO WRITE EVERY ROLEDOWNLOAD SOME ROLES

ansible-galaxy install sbaerlocher.wp-cli ansible-galaxy install linuxhq.ius ansible-galaxy install geerlingguy.apache ansible-galaxy install geerlingguy.php ansible-galaxy install geerlingguy.mysql ansible-galaxy install geerlingguy.php-mysql ansible-galaxy install geerlingguy.firewall

BECAUSE NOT ALL ROLES WORK OUT OF THE BOXMODIFING GALAXY ROLES

• Let’s check out 2 roles I modified https://github.com/alanlok/ansible-role-wordpress.git https://github.com/alanlok/ansible-role-wordpress-apache.git

• Modified from ansible-galaxy author darthwade’s roles

• Made more variables available for customization

• Made roles RedHat Linux friendly

• You can write your own roles too!

FILES IN YOUR STRUCTURECREATING YOUR OWN PLAYBOOK

•vault •wordpress-simple.yml

•group_vars •wordpress

•config

•roles •ansible-role-wordpress •ansible-role-wordpress-apache

•hosts

•wordpress-simple.yml

YAML file containing yourhost group’s variables

Your custom rolesin the roles directory

Which hosts should Ansible act onYour playbook

Where I like to keep my secrets

SECRET SAUCE TO MAKE IT UNIQUETHE GROUP VARIABLES

--- apache_user: "apache" apache_group: "apache" wp_version: 4.5 wp_site_name: 'site1' wp_install_dir: '/var/www/html/{{ wp_site_name }}' wp_db_name: '{{ wp_site_name }}' wp_db_user: '{{ wp_site_name }}_user' wp_db_host: 'localhost' wp_apache_hostname: '{{ wp_site_name }}.vm'

Yup, how else can I give a demo!

SECURE YOUR SECRETSANSIBLE-VAULT

• Create your own password variables by running ansible-vault create vault/wordpress-simple.yml

• This ansible file is encrypted once you save: --- wp_db_password: 'password' admin_db_password: 'root'

THE PLAYBOOK- hosts: wordpress

become: yes

vars_files:

- vault/wordpress-simple.yml

roles:

- geerlingguy.apache

- role: linuxhq.ius

ius_repos:

ius: True

- geerlingguy.php

- geerlingguy.mysql

- geerlingguy.firewall

- geerlingguy.php-mysql

- ansible-role-wordpress

- ansible-role-wordpress-apache

- sbaerlocher.wp-cli

LET’S RUN THIS…ansible-playbook --ask-vault-pass -i hosts wordpress-simple.yml

SORTA?IT’S DEPLOYED…

THE REAL VOODOOLET’S RUN SOME AD-HOC COMMANDS

• Configure WordPress for the first time ansible -i hosts wordpress --become -a "sudo -u apache wp core install --url\=site1.vm --title\=\"Yet another demo\" --admin_user\=alan --admin_password\=alan --admin_email\=\"alan@wlx.ca\" --path\=/var/www/html/site1"

• Update WordPress ansible -i hosts wordpress --become -a "sudo -u apache wp core update —path\=/var/www/html/site1"

• Update server: ansible -i hosts wordpress --become -a "yum update -y"

• Reboot server: ansible -i hosts wordpress --become -a "reboot"

”

“

— The LEGO® Movie

EVERYTHING IS AWESOME!!!

THANKS@alan_lok