Upload
alexander-schedrov
View
2.660
Download
2
Embed Size (px)
Citation preview
Getting started with Ansible.!
Be efficient.Alexander Schedrov aka sanchiz
Drupal Cafe Kyiv, Jan 2015
Presentation
• How to start use Ansible in your current project
• Provisioning
• Ansible Deployments
• Ansible and Drupal
How it was earlier
• Developer wrote code
• SysAdmins deployed code and configure servers
until one day… infrastructure orchestration
What is Ansible
Ansible is a radically simple IT automation engine that automates cloud provisioning, configuration
management, application deployment, intra-service orchestration, and many
other IT needs.
YAML
Ansible• Clear - Ansible uses a simple syntax (YAML).
• Fast - Fast to learn and fast to set up.
• Complete - you have everything you need in one complete package.
• Efficient - No extra software on your servers. Extensible with modules on any programming language.
• Secure - Ansible uses SSH and requires no extra open ports or daemons
Where you can use Ansible
Apahce, MySQL, PHP
Infrastructure orcestration
Dev Test
ProdLocal developer's server
Other places• Deployment scripts
• Script for common use
• Configuration management
• Ah-doc commands
• Updates
• Notification
• and so on….
Ansible vs Shell scripts
# Install the PGP key gpg --keyserver keyserver.ubuntu.com --recv-keys 561F9B9CAC40B2F7 gpg --armor --export 561F9B9CAC40B2F7 | apt-key add - !# Install https support for apt apt-get install apt-transport-https -y !# Add the passenger apt repository echo "deb https://oss-binaries.phusionpassenger.com/apt/passenger raring main" > /etc/apt/sources.list.d/passenger.list chown root: /etc/apt/sources.list.d/passenger.list chmod 600 /etc/apt/sources.list.d/passenger.list !# Update the apt cache so we can use the new repo apt-get update !# Install nginx apt-get install nginx-full passenger -y !# Set up passenger in the nginx configuration sed -i "s/# passenger_root/passenger_root/" /etc/nginx/nginx.conf sed -i "s/# passenger_ruby/passenger_ruby/" /etc/nginx/nginx.conf !# Start nginx service nginx restart
Shell script
--- - hosts: all tasks: ! - name: Ensure the PGP key is installed apt_key: id=AC40B2F7 state=present url="http://keyserver.ubuntu.com/pks/lookup?op=get&fingerprint=on&search=0x561F9B9CAC40B2F7" ! - name: Ensure https support for apt is installed apt: pkg=apt-transport-https state=present ! - name: Ensure the passenger apt repository is added apt_repository: state=present repo='deb https://oss-binaries.phusionpassenger.com/apt/passenger raring main' ! - name: Ensure nginx is installed apt: pkg=nginx-full state=present ! - name: Ensure passenger is installed apt: pkg=passenger state=present update_cache=yes ! - name: Ensure the nginx configuration file is set copy: src=/app/config/nginx.conf dest=/etc/nginx/nginx.conf ! - name: Ensure nginx is running service: name=nginx state=started
Ansible script
Why Ansible• Idempotent
• Robust
• Usage in source control
• Can be run multiple times safely with confidence
• can easily be run against multiple servers
• Supports easily templating
Installation
sudo pip install ansible
*nix!Packages: python-pip and python-devel
Windows!
• Cywgin
• PyYAML
• Jinja2
• …
https://servercheck.in/blog/running-ansible-within-windows
Inventory# Group name [localhost] # Hosts in group 127.0.0.1 !# Group name [mysql_group] !# Hosts in group mysqlserver.com 192.168.1.1 !# Group vars [mysql_group:vars] ansible_ssh_user=root ansible_ssh_port=2222
/etc/ansible/hosts
Requirements: connection by ssh without password.
ansible mysql_group -m ping
“ansible” command. Ad-hoc.
ansible mysql_group -a "free -m"
ansible mysql_group -s -m apt -a "pkg=ntp state=installed"
Command Group name Arguments
ModuleSudo
Ansible task
- name: Install libraries apt: pkg={{ item }} state=installed with_items: - git - apache2 - php5 - php5-mysql
Comment/Documentation
Module
Item
Iterate through array
Real world playbook
--- - hosts: mysql_group sudo: yes ! vars: download_dir: /tmp ! vars_files: - solr_vars.yml ! pre_tasks: - name: Update apt cache if needed. apt: update_cache=yes cache_valid_time=3600
playbook.yml:
tasks: - name: Install Tomcat 7. apt: "pkg={{ item }} state=installed" with_items: - tomcat7 - tomcat7-admin ! - name: Ensure Tomcat 7 is started and enabled on boot. service: name=tomcat7 state=started enabled=yes ! - name: Download Solr. get_url: url: http://apache.osuosl.org/lucene/solr/{{ solr_version }}/solr-{{ solr_version }}.tgz dest: "{{ download_dir }}/solr-{{ solr_version }}.tgz"
playbook.yml:
- name: Set up solr data directory. file: path: "{{ solr_dir }}/data" state: directory owner: tomcat7 group: tomcat7 notify: restart tomcat ! handlers: - name: restart tomcat service: name=tomcat7 state=restarted
playbook.yml:
Templates. Jinja2.
--- - host: lamp_local vars: drupal_core_path: “/var/www/drupal.dev" domain: "drupal" tasks: - name: Add Apache virtualhost for Drupal development. template: src: "templates/drupal.dev.conf.j2" dest: "/etc/apache2/sites-available/{{ domain }}.dev.conf" owner: root group: root mode: 0644
drupal.dev.conf.j2<VirtualHost *:80> ServerAdmin webmaster@localhost ServerName {{ domain }}.192.168.60.25.xip.io ServerAlias www.{{ domain }}.192.168.60.25.xip.io DocumentRoot {{ drupal_core_path }} <Directory "{{ drupal_core_path }}"> Options FollowSymLinks Indexes AllowOverride All </Directory> </VirtualHost>
Keeps things organized
Roles
--- - hosts: webservers roles: - jenkins - webservers
roles/jenkins
Use includes.--- - hosts: mysql_group sudo: yes ! vars_files: - solr_vars.yml ! pre_tasks: - include: pre_tasks.yml ! tasks: - { include: drupal.yml, user: admin, ssh_keys: [ 'keys/one.txt', 'keys/two.txt' ] } ! handlers: - include: handlers/handlers.yml
Deployments
!--- - hosts: localhost connection: local tasks: - name: Make database backup command: drush sql-dump > latest.sql ! - name: Get latest hash for tag command: "git rev-list --tags --max-count=1" register: latest_hash ! - name: Get latest git tag command: "git describe --tags {{ latest_hash.stdout }}" register: latest_tag ! - name: Pull new code command: "git pull origin production" ! - name: Run updates command: drush updb -y register: update_result ignore_errors: True ! - name: Rollback database command: "drush sql-drop -y && drush sql-cli < ./latest.sql" when: update_result.failed == true ! - name: Rollback code command: "git checkout {{ latest_hash.stdout }}" when: update_result.failed == true ! - name: Throw failed message fail: msg="The update failed" when: update_result.failed == true !
Jenkins + Ansible = ♥
Provisioning. Vagrant.
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| config.vm.box = "ubuntu/trusty64" config.vm.network :private_network, ip: "192.168.60.77" config.vm.network :forwarded_port, host: 4567, guest: 80 ! config.vm.provision "ansible" do |ansible| ansible.playbook = "playbook.yml" end end
Vagrantfile:
Migrate to Ansible
Just run shell scripts through Ansible
- name: deploy system module sudo: yes shell: /usr/bin/deploy -t -v --tags=system
# Install role ansible-galaxy install sanchiz.jenkins !# List all availabel roles ansible-galaxy list !# List all available roles ansible-galaxy remove sanchiz.jenkins !# Init new ansible role ansible-galaxy init
Demo
Thank you!
Drupal.org: https://www.drupal.org/u/sanchiz GitHub: https://github.com/Sanchiz Blog: http://sanchiz.net Email: [email protected] Twitter: @alexschedrov