ansible talk
TRANSCRIPT
-
7/23/2019 Ansible Talk
1/36
Ansible
Go directly to project site
-
7/23/2019 Ansible Talk
2/36
What is it and whyshould I be using it?
-
7/23/2019 Ansible Talk
3/36
What
is
it?
Ansible is a radically simple IT automation platform thatmakes your applications and systems easier to deploy.
Avoid writing scripts or custom code to deploy and
update your applications
Automate in a language that approaches plain English,using SSH
No agents to install on remote systems
-
7/23/2019 Ansible Talk
4/36
What
is
it?
Why
use
it?
Ansible as a project dislikes complexity
Simplicity is relevant to all sizes of environments andusers of all types
It's not meant to be a tool you should have to obsessover, and it believes "perfect is the enemy of good" inmany cases. Therefore the learning curve is reallyfast.
No coding, instructions are plain YAML
Ansible is appropriate for managing small setups aswell as enterprise environments with manythousands.
-
7/23/2019 Ansible Talk
5/36
Setup the control machine
-
7/23/2019 Ansible Talk
6/36
Setup
the
controlmachine
Ansible uses python2.7 and SSH to communicate withyour remote systems
Have python2.7 installed
Use SSH keys for your authentication:
ssh-agent bashssk-keygenssh-add ~/.ssh/id_rsassh-copy-id -i /root/.ssh/id_rsa root@localhost
Install required packages
apt-get install python-pipapt-get install python-dev
Work in a virtualenv
pip install virtualenvvirtualenv myprojectcd myproject. bin/activatepip install ansible
-
7/23/2019 Ansible Talk
7/36
Your first commands
-
7/23/2019 Ansible Talk
8/36
Your
first
command
Ansible requires an inventory file
echo"localhost"> ansible_hosts
Ping all hosts in your inventory file
ansible all -m ping -i ansible_hosts
Congratulations. Youve just contacted your nodes withAnsible:
localhost | success >> { "changed": false,
"ping": "pong"}
-
7/23/2019 Ansible Talk
9/36
Your
first
commands
Examine
the
commandline
ansible all -m ping -i ansible_hosts
all
Ansible works against multiple systems in yourinfrastructure at the same time. It does this byselecting portions of systems listed in Ansiblesinventory file. "all" is a special word to work with allthe hosts at the same time.
-m
will accept a correct module name (e.g., "ping").Ansible ships with a module library but you can writeyour own module too. Modules are idempotent,meaning they will seek to avoid changes to the systemunless a change needs to be made. The (long) list ofmodules can be found here.
-i
The name of the inventory file.
http://docs.ansible.com/modules_by_category.html -
7/23/2019 Ansible Talk
10/36
The inventory file
-
7/23/2019 Ansible Talk
11/36
The
inventory
file
The format for ansible_hosts is an INI-like format andlooks like this:
[webservers]
localhost
[dbservers]one.example.comtwo.example.comthree.example.com
The things in brackets are group names, which are used inclassifying systems and deciding what systems you arecontrolling at what times and for what purpose.
It is ok to put systems in more than one group, forinstance a server could be both a webserver and adbserver.
-
7/23/2019 Ansible Talk
12/36
Modules
-
7/23/2019 Ansible Talk
13/36
Modules Ansible ships with a number of modules.Users can also write their own modules.
Each module supports taking arguments. Nearly allmodules take key=value arguments, space delimited.Some modules take no arguments, and thecommand/shell modules simply take the string of thecommand you want to run.
Most used modules
apt -- Add/Remove packages filecommand -- Execute any shell commandservice -- Start/Stop/Enable servicescopy -- Copy a file from source to destination on hostfile -- Create directories, symlinks, change permissionstemplate -- Copy, but with variable substitution in file
Example:
ansible all -m apt -i ansible_hosts -a "name=apache2 state=present"ansible all -m service -i ansible_hosts -a "name=apache2 state=started"
-
7/23/2019 Ansible Talk
14/36
Playbooks
-
7/23/2019 Ansible Talk
15/36
Playbooks Playbooks are Ansibles configuration, deployment,and orchestration language. They can describe a set ofconnected actions in a general IT process.
If Ansible modules are the tools in your workshop,playbooks are your design plans.
Playbooks are expressed in YAML format (see YAMLSyntax) and have a minimum of syntax, whichintentionally tries to not be a programming languageor script, but rather a model of a configuration or a
process.
Each playbook is composed of one or more plays in alist.
While it is possible to write a playbook in one verylarge file, eventually youll want to reuse files andstart to organize things.
-
7/23/2019 Ansible Talk
16/36
Playbook
Example
Write an inventory file
echolocalhost > ansible_hosts
Open a file named playbook.yml
---- hosts: all vars: http_port: 80 remote_user: root
tasks: - name: ensure apache2 is installed apt: name=apache2 state=present
Run your playbook:
ansible-playbook -i ansible_hosts playbook.yml
-
7/23/2019 Ansible Talk
17/36
Test passed:
PLAY [test]************************************************************
TASK: [ensure apache2 is installed]******************************************ok: [localhost] => {"changed": false}PLAY RECAP************************************************************localhost : ok=2 changed=0 unreachable=0 failed=0
-
7/23/2019 Ansible Talk
18/36
Playbook Roles and Include Actions
-
7/23/2019 Ansible Talk
19/36
Playbook
Roles
andInclude
Actions
A playbook that includes a role:
- hosts: webservers vars:
http_port: 80remote_user: root roles:
- webservers
Roles are ways of automatically loading certain variables,tasks, templates, handlers based on a known file structure.
Grouping content by roles also allows easy sharing of roleswith other users. Example role structure:
ansible_hostswebservers.ymlroles/ webservers/
files/ templates/ tasks/ handlers/ vars/ defaults/ meta/
-
7/23/2019 Ansible Talk
20/36
Playbook
Roles
andInclude
Actions
Role hierarchy:
If roles/x/tasks/main.yml exists, tasks listed thereinwill be added to the play
If roles/x/handlers/main.yml exists, handlers listedtherein will be added to the playIf roles/x/vars/main.yml exists, variables listed thereinwill be added to the playIf roles/x/meta/main.yml exists, any roledependencies listed therein will be added to the list ofroles (1.3 and later)
Any copy tasks can reference files in roles/x/files/without having to path them relatively or absolutelyAny script tasks can reference scripts in roles/x /files/without having to path them relatively or absolutelyAny template tasks can reference files inroles/x/templates/ without having to path themrelatively or absolutelyAny include tasks can reference files in roles/x/tasks/without having to path them relatively or absolutely
-
7/23/2019 Ansible Talk
21/36
Variables Variables should always start with a letter.foo_port is a great variable. foo5 is fine too.foo-port, foo port, foo.port and 12 are not validvariable names.
Variables can be defined in many places (pros & cons..)
in inventoryin a playbookincluded files
There are "facts", a type of variable that are discovered,not set by the user. Facts are returned by the module"setup", for example: The hostname as the system reportsit is: {{ ansible_hostname }}
registered variables (a task output)command line (--extra-vars)
-
7/23/2019 Ansible Talk
22/36
Variables
hierarchy
extra vars (-e in the command line) always winthen comes connection variables defined in inventory(ansible_ssh_user, etc)then comes "most everything else" (command line
switches, vars in play, included vars, role vars, etc)then comes the rest of the variables defined ininventorythen comes facts discovered about a systemthen "role defaults", which are the most "defaulty" andlose in priority to everything.
-
7/23/2019 Ansible Talk
23/36
Ansible and AWS
-
7/23/2019 Ansible Talk
24/36
Ansible
and
AWS
Ansible contains a number of modules for controllingAmazon Web Services (AWS). All of the modules requireand are tested against recent versions of boto. Youll needthis Python module installed on your control machine.
pip install boto
Static inventory or dynamic Inventory?If you use AmazonWeb Services EC2, maintaining an inventory file might notbe the best approach, because hosts may come and goover time, be managed by external applications, or youmight even be using AWS autoscaling.
-
7/23/2019 Ansible Talk
25/36
Ansible
and
AWS
AWS services ships with a set of credentials:
ssh keyacces_id
secret_key
Add the ssh key
ssh-add keyname
and set its name in aws-related playbooks (ansible will
look for your ssh-key in the standard path ~/.ssh/). Setyour access_id and secret_key in a "vars" file, then sourceit:
exportBOTO_CONFIG=/path/boto.confexportEC2_INI_PATH=/path/ec2.ini
exportAWS_ACCESS_KEY_ID=EXAMPLEKEYexport AWS_SECRET_ACCESS_KEY=ThisIsAnExampleexportAWS_DEFAULT_REGION=region
. aws-vars
-
7/23/2019 Ansible Talk
26/36
Ansible
and
AWS
Some simple checks:
./plugins/inventory/ec2.py --list
{ "_meta": { "hostvars": { ... "ec2_architecture": "x86_64", ... }}
"ec2": [ ... "ec2-name.region.compute.amazonaws.com" ... ]}
ansible all -i ./plugins/inventory/ec2.py -m ping --user=admin
ec2-name.region.compute.amazonaws.com | success >> { "changed": false,
"ping": "pong"}
-
7/23/2019 Ansible Talk
27/36
Manage your AWSnodes with ansible
-
7/23/2019 Ansible Talk
28/36
Create
and
starta
node
demo-create.yml
- name: Creates aws-nodes hosts: all
connection: local remote_user: root vars: image_id: image-id
instance: instance-typekey_name: ssh-key
region: region-name
tasks: - name: Create and launch instance ec2: key_name: "{{ ssh-key }}"
instance_type: "{{ instance }}"image: "{{ image_id }}"region: "{{ region }}"
state: present
count: 1 wait: yes
ansible-playbook -i aws.ini demo-create.yml
-
7/23/2019 Ansible Talk
29/36
Stop
a
node
demo-stop.yml
- name: Stop aws servers connection: local
remote_user: root vars:- region: region_name
tasks: - name: Stop instances ec2: region: "{{ region }}" state: stopped
instance_ids: "{{ec2_id}}"
ansible-playbook -i plugins/inventory/ec2.py demo-stop.yml
To see your instances being stopped.
-
7/23/2019 Ansible Talk
30/36
Provision
nodes
Provision your nodesInstall apache on remote AWS hosts
./bin/ansible all -m apt -i plugins/inventory/ec2.py -a
"name=apache2 state=present"--user=admin -become=sudo
"changed": true,"stderr": "","stdout": "Reading package lists...
Building dependency tree... Reading state information... ...
Setting up apache2"
-
7/23/2019 Ansible Talk
31/36
Delete
nodes
demo-terminate.yml
- name: Delete aws servers remote_user: root
vars:- region: region_name tasks: - name: Delete hosts ec2: instance_ids: "{{ ec2_id }}" region: "{{ region }}" state: absent
wait: yes
ansible-playbook -i plugins/inventory/ec2.py demo-terminate.yml
-
7/23/2019 Ansible Talk
32/36
Some tools
-
7/23/2019 Ansible Talk
33/36
Some
tools
ansible-galaxyIt is the Ansibles official community hub for finding,downloading, rating, and sharing Ansible roles.
ansible-galaxy install username.rolename
You can use ansible-galaxy to start a project of yourown
ansible-galaxy init --offline test-role
|-- test-role| |-- defaults| | `-- main.yml| |-- files| |-- handlers| | `-- main.yml| |-- meta| | `-- main.yml| |-- README.md| |-- tasks| | `-- main.yml| |-- templates| `-- vars| `-- main.yml
-
7/23/2019 Ansible Talk
34/36
Some
tools
debops
Your Debian-based data center in a box. It is a framework.It can be installed through ansible-galaxy. It is a collectionof Ansible playbooks, scalable from one container to anentire data center.
ansible-galaxy install debops.aptansible all -s -m apt -a 'update_cache=yes upgrade=yes'
-
7/23/2019 Ansible Talk
35/36
Some
tools
epdb
epdb or pdb? The reason to use epdb over pdb is epdbcontains a remote debugging feature that can sometimesbe useful for debugging processes where you dont haveconsole access.
In python module write:
importepdbepdb.serve()
Command line to execute module:
ansible --forks 1 -i ansible_hosts --module-pathpath-m module_name -a ''
Command line to see breakpoint:
python -c "import epdb; epdb.connect()"
-
7/23/2019 Ansible Talk
36/36
"All parts should go together without forcing. You must
remember that the parts you are reassembling were
disassembled by you. Therefore, if you can't get themtogether again, there must be a reason. By all means, do not
use a hammer."
-- IBM maintenance manual, 1925
Slideshow created using remark.
http://github.com/gnab/remark