Getting started with Ansible.!

Be efficient.Alexander Schedrov aka sanchiz

Drupal Cafe Kyiv, Jan 2015

Presentation

• How to start use Ansible in your current project

• Provisioning

• Ansible Deployments

• Ansible and Drupal

How it was earlier

• Developer wrote code

• SysAdmins deployed code and configure servers

until one day… infrastructure orchestration

What is Ansible

Ansible is a radically simple IT automation engine that automates cloud provisioning, configuration

management, application deployment, intra-service orchestration, and many

other IT needs.

YAML

Ansible• Clear - Ansible uses a simple syntax (YAML).

• Fast - Fast to learn and fast to set up.

• Complete - you have everything you need in one complete package.

• Efficient - No extra software on your servers. Extensible with modules on any programming language.

• Secure - Ansible uses SSH and requires no extra open ports or daemons

Where you can use Ansible

Apahce, MySQL, PHP

Infrastructure orcestration

Dev Test

ProdLocal developer's server

Other places• Deployment scripts

• Script for common use

• Configuration management

• Ah-doc commands

• Updates

• Notification

• and so on….

Ansible vs Shell scripts

# Install the PGP key gpg --keyserver keyserver.ubuntu.com --recv-keys 561F9B9CAC40B2F7 gpg --armor --export 561F9B9CAC40B2F7 | apt-key add - !# Install https support for apt apt-get install apt-transport-https -y !# Add the passenger apt repository echo "deb https://oss-binaries.phusionpassenger.com/apt/passenger raring main" > /etc/apt/sources.list.d/passenger.list chown root: /etc/apt/sources.list.d/passenger.list chmod 600 /etc/apt/sources.list.d/passenger.list !# Update the apt cache so we can use the new repo apt-get update !# Install nginx apt-get install nginx-full passenger -y !# Set up passenger in the nginx configuration sed -i "s/# passenger_root/passenger_root/" /etc/nginx/nginx.conf sed -i "s/# passenger_ruby/passenger_ruby/" /etc/nginx/nginx.conf !# Start nginx service nginx restart

Shell script

--- - hosts: all tasks: ! - name: Ensure the PGP key is installed apt_key: id=AC40B2F7 state=present url="http://keyserver.ubuntu.com/pks/lookup?op=get&fingerprint=on&search=0x561F9B9CAC40B2F7" ! - name: Ensure https support for apt is installed apt: pkg=apt-transport-https state=present ! - name: Ensure the passenger apt repository is added apt_repository: state=present repo='deb https://oss-binaries.phusionpassenger.com/apt/passenger raring main' ! - name: Ensure nginx is installed apt: pkg=nginx-full state=present ! - name: Ensure passenger is installed apt: pkg=passenger state=present update_cache=yes ! - name: Ensure the nginx configuration file is set copy: src=/app/config/nginx.conf dest=/etc/nginx/nginx.conf ! - name: Ensure nginx is running service: name=nginx state=started

Ansible script

Why Ansible• Idempotent

• Robust

• Usage in source control

• Can be run multiple times safely with confidence

• can easily be run against multiple servers

• Supports easily templating

Installation

sudo pip install ansible

*nix!Packages: python-pip and python-devel

Windows!

• Cywgin

• PyYAML

• Jinja2

• …

https://servercheck.in/blog/running-ansible-within-windows

Inventory# Group name [localhost] # Hosts in group 127.0.0.1 !# Group name [mysql_group] !# Hosts in group mysqlserver.com 192.168.1.1 !# Group vars [mysql_group:vars] ansible_ssh_user=root ansible_ssh_port=2222

/etc/ansible/hosts

Requirements: connection by ssh without password.

ansible mysql_group -m ping

“ansible” command. Ad-hoc.

ansible mysql_group -a "free -m"

ansible mysql_group -s -m apt -a "pkg=ntp state=installed"

Command Group name Arguments

ModuleSudo

Ansible task

- name: Install libraries apt: pkg={{ item }} state=installed with_items: - git - apache2 - php5 - php5-mysql

Comment/Documentation

Module

Item

Iterate through array

Real world playbook

--- - hosts: mysql_group sudo: yes ! vars: download_dir: /tmp ! vars_files: - solr_vars.yml ! pre_tasks: - name: Update apt cache if needed. apt: update_cache=yes cache_valid_time=3600

playbook.yml:

tasks: - name: Install Tomcat 7. apt: "pkg={{ item }} state=installed" with_items: - tomcat7 - tomcat7-admin ! - name: Ensure Tomcat 7 is started and enabled on boot. service: name=tomcat7 state=started enabled=yes ! - name: Download Solr. get_url: url: http://apache.osuosl.org/lucene/solr/{{ solr_version }}/solr-{{ solr_version }}.tgz dest: "{{ download_dir }}/solr-{{ solr_version }}.tgz"

playbook.yml:

- name: Set up solr data directory. file: path: "{{ solr_dir }}/data" state: directory owner: tomcat7 group: tomcat7 notify: restart tomcat ! handlers: - name: restart tomcat service: name=tomcat7 state=restarted

playbook.yml:

Templates. Jinja2.

--- - host: lamp_local vars: drupal_core_path: “/var/www/drupal.dev" domain: "drupal" tasks: - name: Add Apache virtualhost for Drupal development. template: src: "templates/drupal.dev.conf.j2" dest: "/etc/apache2/sites-available/{{ domain }}.dev.conf" owner: root group: root mode: 0644

drupal.dev.conf.j2<VirtualHost *:80> ServerAdmin webmaster@localhost ServerName {{ domain }}.192.168.60.25.xip.io ServerAlias www.{{ domain }}.192.168.60.25.xip.io DocumentRoot {{ drupal_core_path }} <Directory "{{ drupal_core_path }}"> Options FollowSymLinks Indexes AllowOverride All </Directory> </VirtualHost>

Keeps things organized

Roles

--- - hosts: webservers roles: - jenkins - webservers

roles/jenkins

Use includes.--- - hosts: mysql_group sudo: yes ! vars_files: - solr_vars.yml ! pre_tasks: - include: pre_tasks.yml ! tasks: - { include: drupal.yml, user: admin, ssh_keys: [ 'keys/one.txt', 'keys/two.txt' ] } ! handlers: - include: handlers/handlers.yml

Deployments

!--- - hosts: localhost connection: local tasks: - name: Make database backup command: drush sql-dump > latest.sql ! - name: Get latest hash for tag command: "git rev-list --tags --max-count=1" register: latest_hash ! - name: Get latest git tag command: "git describe --tags {{ latest_hash.stdout }}" register: latest_tag ! - name: Pull new code command: "git pull origin production" ! - name: Run updates command: drush updb -y register: update_result ignore_errors: True ! - name: Rollback database command: "drush sql-drop -y && drush sql-cli < ./latest.sql" when: update_result.failed == true ! - name: Rollback code command: "git checkout {{ latest_hash.stdout }}" when: update_result.failed == true ! - name: Throw failed message fail: msg="The update failed" when: update_result.failed == true !

Jenkins + Ansible = ♥

Provisioning. Vagrant.

Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| config.vm.box = "ubuntu/trusty64" config.vm.network :private_network, ip: "192.168.60.77" config.vm.network :forwarded_port, host: 4567, guest: 80 ! config.vm.provision "ansible" do |ansible| ansible.playbook = "playbook.yml" end end

Vagrantfile:

Migrate to Ansible

Just run shell scripts through Ansible

- name: deploy system module sudo: yes shell: /usr/bin/deploy -t -v --tags=system

# Install role ansible-galaxy install sanchiz.jenkins !# List all availabel roles ansible-galaxy list !# List all available roles ansible-galaxy remove sanchiz.jenkins !# Init new ansible role ansible-galaxy init

Demo

Thank you!

Drupal.org: https://www.drupal.org/u/sanchiz GitHub: https://github.com/Sanchiz Blog: http://sanchiz.net Email: alexander.schedrov@gmail.com Twitter: @alexschedrov