boston vmug usercon - run your first ansible playbook tomorrow
TRANSCRIPT
Ansible
From zero to running you 1st playbook tomorrow!
Jonathan Frappier
Senior Technical Consultant, Dell EMC
Education
@jfrappier | @commitmas | @vbrownabag
/in/jonathanfrappier
github.com/jfrappier
github.com/commitmas
jfrap.com
vbrownbag.com
Disclaimer*
Always assume:
• When I say how awesome something is what I really mean “In most cases” that thing is awesome
• Here is one way you could do it, there are many others
• I can’t draw 7 red lines all perpendicular with red, green, or transparent ink
Why Ansible?
Also…
Your career
Get your bosses to buy in! http://www.cio.com/article/3197670/application-development/why-ansible-has-
become-the-devops-darling.html
Use cases
Think of a thing you did by hand this week…
Use cases
Think of a thing you did by hand this week…
THAT is probably a good use case!
Use cases
• Created, delete, manage and VMware VM
• Created, started, stopped an EC2 instance
• Archived log files
• Installed Apache
• Setup an ACL on a Cisco ASA firewall
• Verify server configuration is in a desired state or put it in the desired
state
Example - What can Ansible do for you?
Deploy VM’s:
e.g. vsphere_guest, ec2, azure, gce
Apply and enforce configurations
e.g. yum, apt-get, postgresql_db, win_iis_website
Backup files, databases
e.g. copy, mysql_db state=dump
Deploy software
e.g. git, subversion, hg
Control machine setup
Ubuntu – sudo apt-get install software-properties-common
sudo apt-add-repository ppa:ansible/ansible
sudo apt-get update
sudo apt-get install ansible
CentOS – sudo yum install epel
sudo yum install ansible
Source – git clone git://github.com/ansible/ansible.git –recursive
cd ./Ansible
source ./hacking/env-setup
git pull --rebaseRequires Python 2.7
https://docs.ansible.com/ansible/intro_installation.html
Connecting to hosts
Ansible connects to hosts using SSH or WinRM
SSH Key – Key based authentication
Password – append --ask-pass
and --ask-become-pass
Windows – PowerShell and WinRM
A few hosts pre-reqs
Linux
Python – at least 2.5, no issue with modern distributions
SSH – SSH/Port 22 must be open from the control machine to the host (agentless and all)
SSH Keys – Ensure user account used by Ansible has SSH keys added from control-machine to all hosts
User account – Account used by Ansible has correct permissions on hosts (e.g. sudo for installs)
Windows
PowerShell – 3.0 or higher
WinRM – Enabled/Port 5986 must be open from the control machine to the host
User account – Account used by Ansible has correct permissions on hosts
Inventory
Located in /etc/ansible/hosts - can be as simple as you want/need it to be
127.0.0.1
~
~
~
~
~
~
~
~
~
~
~
~
Inventory
Awesome as you wanna be…
127.0.0.1
[dev-web]
10.1.1.1
10.1.1.2
10.1.1.3
[prod-web]
10.3.1.[1:10] ansible_connectin=ssh ansible_port=2222 ansible_user=prodgod
[web:children]
prod-web
dev-web
Inventory
Dynamic Inventory
Facts
Stuff about your managed hosts
• OS – build, family
• Hardware info – processor, memory
Refer to facts in playbooks
Gather facts anytime by running ansible hostname –m setup
How do I do stuff
Core – Ansible supported
Curated – Ansible and Red Hat partner supported
Community – Community contributed
Playbooks, plays, and tasks
---
- hosts: sysdig
tasks:
- name: install sysdig
apt: name=sysdig state=present
Playbooks, plays, and tasks
---
- hosts: sysdig
vars:
package: sysdig
tasks:
- name: install sysdig
become: true
become_user: appgod
apt: name={{ package }} state=present
notify:
- start-sysdig
handlers
- name: start-sysdig
service:
name: sysdig
state: started
Running a playbook
[ansible@control-machine ~]# ansible-playbook sysdig.yml
Running a playbook
[ansible@control-machine ~]# ansible-playbook sysdig.yml
PLAY [all] ******************************************************************
TASK [Validating download directory] ****************************************
ok: [default]
TASK [Install Sysdig] *******************************************************
changed: [default]
PLAY RECAP ******************************************************************
default: ok=1 changed=1 unreachable=0 failed=0
Handy playbook options
--ask-pass – prompts for a password to connect to the specified host(s), used when not using SSH keys
--ask-become-pass – Use when sudo is required to run the playbook/command
--check – Checks the playbook to see if it will work, but doesn’t execute on the remote host (or –C)
--module-name – specific the module you want to run for ad-hoc commands (or –m)
--module-path – path to the module if required (or –M)
--tree – path to log output (or –t)
--verbose – more output from the playbook run (or –v)
--limit – limit the playbook run to a specific host/group (or –l)
---
- hosts: sysdig
vars:
package: sysdig
sysdig_key_url: https://s3.amazonaws.com/download.draios.com
sysdig_key: DRAIOS-GPG-KEY.public
sysdig_url: https://s3.amazonaws.com/download.draios.com/stable/install-sysdig
dl_dir: /downloads
sysdig_ins: install-sysdig
sysdig_repo: http://download.draios.com/stable/deb stable-$(ARCH)/
linux_headers: linux-headers-{{ ansible_kernel }}
remote_user: sshgod
become_method: sudo
become: yes
tasks:
- name: Validating download directory
file: path={{ dl_dir }} state=directory
- name: Download Sysdig public key
get_url: url={{ sysdig_key_url }}/{{ sysdig_key }} dest={{ dl_dir }} validate_certs=no
- name: Installing Sysdig public key
apt_key: file={{ dl_dir }}/{{ sysdig_key }} state=present
- name: Adding Sysdig apt repository
apt_repository: repo='deb {{ sysdig_repo }}' state=present
- name: Update apt repositories
apt: update_cache=yes
- name: Install Linux Headers
apt: name={{ linux_headers }} state=present
- name: Install Sysdig
apt: name={{ package }} state=present
Roles
Example playbook for a role
---
- hosts: web
become: yes
roles:
- sensu
Example playbook for a role
---
- hosts: web
become: yes
roles:
- sensu
- web
- openssl
- nginx
Example main task
---
# tasks file for ansible-gocd
- include: debian-srv.yml
when: ansible_os_family == "Debian"
- include: redhat-srv.yml
when: ansible_os_family == "RedHat"
Roles
Running a role
[ansible@control-machine ~]# ansible-playbook sensu.yml
Vault
• Stuff about vault
Shell Module
• Don’t just convert existing bash scripts with
the shell module
• Use native modules whenever possible
• There isn’t always a module, that’s when you
use shell
Got APIs?
uri (not University of Rhode Island)
# Create a JIRA issue
- uri:
url: https://your.jira.example.com/rest/api/2/issue/
method: POST
user: your_username
password: your_password
body: "{{ lookup('file','issue.json') }}”
force_basic_auth: yes
status_code: 201
body_format: json
# Check that a page returns a status 200 and fail
if the word AWESOME is not in the page
contents.
- action:
uri url=http://www.example.com
return_content=yes
register: webpage
- action: fail
when: "'AWESOME' not in webpage.content"
Using vSphere 6.5 REST APIs with Ansible
---
- hosts: localhost
become: no
tasks:
- name: vcenter login
uri:
url: https://cloudvc.student.lab/rest/com/vmware/cis/session
force_basic_auth: yes
method: POST
user: [email protected]
password: P@ssw0rd
status_code: 200
validate_certs: no
register: login
- name: disable ssh
uri:
url: https://cloudvc.student.lab/rest/appliance/access/ssh
force_basic_auth: yes
method: PUT
body_format: json
body: "{{ lookup('file','sshoff.json') }}"
validate_certs: no
headers:
Cookie: "{{login.set_cookie}}"
Using vSphere 6.5 REST APIs with Ansible Links
Getting Started with the vSphere Automation SDK for REST by Kyle Ruddy
https://blogs.vmware.com/code/2017/02/02/getting-started-vsphere-automation-sdk-rest/
Ansible uri module documentation
https://docs.ansible.com/ansible/uri_module.html
Shameless blog post and examples
https://jfrap.com/vsphere-65-api-ansible/
https://github.com/jfrappier/vSphere-6.5-API-Playbook-Examples
Simple
Ansible can be useful using just two files (though you can do a lot more as well)
Inventory (hosts file) – List of all hosts for Ansible to
manage
Playbook – List of commands processed in order (no
guessing) for the specified hosts
Easy to backup
All you need is love… no wait wrong presentation
All you need is GitHub (or a backup of your playbooks and hosts file)
MOAR LEARNING
https://www.geekandi.com/2016/01/26/ansible-v2-0-vs-windows-update/
http://everythingshouldbevirtual.com/ansible-setting-up-an-ansible-control-machine-part-1
http://docs.ansible.com/ansible/intro_windows.html
https://www.udemy.com/learn-ansible/ by Mumshad Mannambeth
Udemy
Patch Windows Example
Books
MOAR
http://professionalvmware.com/?s=ansible
https://github.com/ansible/ansible-blog-examples/
https://blog.emccode.com/2016/02/09/automating-docker-swarm-and-rex-ray-installs-in-gce-with-ansible/
https://www.ansiblefordevops.com/ by Jeff Geerling (@geerlingguy)
https://www.packtpub.com/networking-and-servers/mastering-ansible-second-
edition by Jesse Keating