Ansible - Crash course

RACKSPACE® HOSTING | [email protected]

Brown bag - Crash courseAutomation makes IT better

@soldasimo

simonesoldateschi


Agenda

● Presentation (20’)o The basicso Playbookso Sharing code

● Q&A (5’)● Quiz (5’)


The basics

Installation on management host:

$ pip install ansible

That’s it!


The basics

Installing agent onmanaged hosts:


The basics

Can be as simple as:

mail.example.comor:

10.1.157.183

Create an inventory file


The basics

Is host alive?

$ ansible -i ~/etc/hosts all -m ping

Ansible - Quickstart

ss-dfw-00 | success >> { "changed": false, "ping": "pong"}


The basics

Tons of servers to run commands on?$ ansible -i ~/etc/hosts all -m shell -a 'df -h'

Ansible - Quickstart

ss-dfw-00 | success | rc=0 >>Filesystem Size Used Avail Use% Mounted onrootfs 20G 1.6G 18G 9% /udev 10M 0 10M 0% /dev...


A few facts about Ansible


A few facts about Ansible● open-source

● free-software (GPL v3)

● written in Python

● agent-less

● push model ← K.I.S.S.

● commercial version

...OK, SSH is an agent ;)

● enterprise support, SLA, …


Why use ansible?

Automate repetitive tasks


Inventory


Inventory - Hosts and Groupsmail.example.com10.1.157.183[webservers]foo.example.combar.example.com

[dbservers]one.example.comtwo.example.comthree.example.com

$ ansible -i /path/to/inventory \GROUP_NAME …


Inventory - Hosts and Groups

ss-dfw-0010.182.37.244

$ ansible -i ~/etc/hosts all --sudo -m command -a 'aptitude update' ss-dfw-00 | success | rc=0 >>Get: 1 http://mirror.rackspace.com wheezy Release.gpg [1672 B]Get: 2 http://mirror.rackspace.com wheezy/updates Release.gpg [836 B]Get: 3 http://mirror.rackspace.com wheezy-backports Release.gpg [836 B]…



[webservers]foo.example.combar.example.com

[dbservers]one.example.comtwo.example.comthree.example.com



$ ansible -i hosts webserver -f10 \-m command \-a ‘aptitude install apache2’


[dbservers]one.example.comtwo.example.comthree.example.com$ ansible -i hosts dbserver -f10 \

-m command \-a ‘aptitude install mysql’




[dbservers]foo.example.com



[webservers]www[01:10].example.combar.example.com

[dbservers]db-[a:f].example.com


Inventory - Hosts variables

[atlanta]host1 http_port=80 maxRequestsPerChild=808host2 http_port=303 maxRequestsPerChild=909


ModulesWhat can modules do?

● run commands● transfer files● install packages● manage daemons● manage users and groups

● gather facts● deploy software with SCM● manage DBs (MySQL,

PostgreSQL, MongoDB, Redis, …)

● manage Cloud devices

See:http://docs.ansible.com/modules_by_category.html

http://docs.ansible.com/modules_by_category.html


Desired State

Go live!


Desired state

Write code to tell the computerhow to set up itself!


Agenda


● Q&A (5’)● Quiz (5’)


Playbooks● Contain one or more plays● Written in YAML

○ declarative config○ not code

● Executed in the order it is written (aka Imperative)

http://en.wikipedia.org/wiki/YAML


Playbooks---

- name: deploy web server user: foouser sudo: True hosts: all

tasks: - name: install apache apt: pkg=apache2-mpm-prefork state=latest


Playbooks---




Playbooks---



Inventory


Playbooks---




Playbooks---



DocumentationArguments

Module


Playbooks - output$ ansible-playbook -i ~/etc/hosts main.yml

PLAY [deploy web server] ******************************************************

GATHERING FACTS *************************************************************** ok: [ss-dfw-00]

TASK: [install apache] ******************************************************** changed: [ss-dfw-00]

PLAY RECAP ******************************************************************** ss-dfw-00 : ok=2 changed=1 unreachable=0 failed=0

foouser@ss-dfw-00:~$ sudo netstat -putan | grep 80 tcp6 0 0 :::80 :::* LISTEN 11306/apache2

Desired state





TASK: [install apache] ******************************************************** changed: [ss-dfw-00]


foouser@ss-dfw-00:~$ sudo netstat -putan | grep 80 tcp6 0 0 :::80 :::* LISTEN 11306/apache2

NOT Desired state


Playbooks

Idempotency

1 * N 0 + N





TASK: [install apache] ******************************************************** ok: [ss-dfw-00]


Idempotency


Playbooks - Conditionals--- ... tasks: - name: install apache on Debian based distros apt: pkg=apache2-mpm-prefork state=latest when: ansible_os_family=="Debian"

- name: install apache on Red-Hat based distros yum: pkg=httpd state=latest when: ansible_os_family=="RedHat"


Playbooks - Conditionals--- ... tasks: - name: install apache on Debian based distros apt: pkg=apache2-mpm-prefork state=latest when: ansible_os_family=="Debian"

- name: install apache on Red-Hat based distros yum: pkg=httpd state=latest when: ansible_os_family=="RedHat"


Playbooks - Includes--- ... tasks: - include: apache_debian.yml when: ansible_os_family=="Debian"

- include: apache_redhat.yml when: ansible_os_family=="RedHat"


Playbooks - Includes--- ... tasks: - include: apache_debian.yml when: ansible_os_family=="Debian"

- include: apache_redhat.yml when: ansible_os_family=="RedHat"


Playbooks - Includes

---# apache_debian.yml

tasks: - name: install apache on Debian based distros apt: pkg=apache2-mpm-prefork state=latest


Playbooks - Includes

---# apache_redhat.yml

tasks: - name: install apache on Red-Hat based distros yum: pkg=httpd state=latest


Playbooks - Deploy LAMP

Let’s deploy LAMP with Ansible!


Playbooks - Groups of servers

webservers dbservers



Inventory file

[webservers]web0web1

[dbservers]db0



roles

common

db

web

lamp_simple

---# This playbook deploys the whole application stack in this site.

- name: apply common configuration to all nodes hosts: all user: root

roles: - common

- name: configure and deploy the webservers and application code hosts: webservers user: root

roles: - web

- name: deploy MySQL and configure the databases hosts: dbservers user: root

roles: - db



roles

common

db

web

lamp_simple



roles: - common


roles: - web


roles: - db



roles

common

db

web

lamp_simple



roles: - common


roles: - web


roles: - db


Playbooks - Deploy LAMPcommon

tasks

db

tasks

web

tasksplaybooks


Playbooks - Deploy LAMPcommon

tasks

---# This playbook contains common plays that will be run on all nodes.

- name: Install ntp yum: name=ntp state=present tags: ntp

- name: Configure ntp file template: src=ntp.conf.j2 dest=/etc/ntp.conf tags: ntp notify: restart ntp…


Playbooks - Deploy LAMPdb

tasks

---# This playbook will install mysql# and create db user and give permissions.

- name: Install Mysql package yum: name={{ item }} state=installed with_items: - mysql-server - MySQL-python - libselinux-python - libsemanage-python…


Playbooks - Deploy LAMPweb

tasks

---# These tasks install http and the php modules.

- name: Install http and php etc yum: name={{ item }} state=present with_items: - httpd - php - php-mysql - …

- name: insert iptables rule for httpd lineinfile: dest=/etc/sysconfig/iptables create=yes state=present regexp="{{ httpd_port }}" insertafter="^:OUTPUT " line="-A INPUT -p tcp --dport {{ httpd_port }} -j ACCEPT" notify: restart iptables…


Best practices - Directory layoutsite.yml # master playbookwebservers.yml # playbook for webserver tierdbservers.yml # playbook for dbserver tier

roles/ common/ # this hierarchy represents a "role" tasks/ # main.yml # <-- tasks file can include smaller files if warranted handlers/ # main.yml # <-- handlers file templates/ # <-- files for use with the template resource ntp.conf.j2 # <------- templates end in .j2 files/ # bar.txt # <-- files for use with the copy resource foo.sh # <-- script files for use with the script resource vars/ # main.yml # <-- variables associated with this role

webtier/ # same kind of structure as "common" was above, done for the webtier role monitoring/ # "" fooapp/ # ""


Agenda


● Q&A (5’)● Quiz (5’)


Sharing playbooks


Sharing playbooks


Sharing playbooks

$ git clone https://github.com/ansible/ansible-examples

Cloning into 'ansible-examples'...remote: Reusing existing pack: 1698, done.remote: Total 1698 (delta 0), reused 0 (delta 0)Receiving objects: 100% (1698/1698), 3.73 MiB | 296.00 KiB/s, done.Resolving deltas: 100% (355/355), done.Checking connectivity... done


Sharing playbooks

$ ansible-playbook -i ~/etc/hosts lamp_simple/site.yml


Sharing playbooks


Sharing code



Agenda

● Presentation (20’)o The basicso Playbookso Git repositories

● Q&A (5’)● Quiz (5’)



Agenda

● Presentation (20’)o The basicso Playbookso Git repositories

● Q&A (5’)● Quiz (5’)


Quiz


Give your feedback!


ReferencesAnsible Workshttp://www.ansible.com/home

Ansible Documentationhttp://docs.ansible.com/index.html

Ansible source codehttps://github.com/ansible/ansible

Ansible exampleshttps://github.com/ansible/ansible-examples

Best practiceshttp://docs.ansible.com/playbooks_best_practices.html

http://www.ansible.com/home

http://docs.ansible.com/index.html

https://github.com/ansible/ansible

https://github.com/ansible/ansible-examples

http://docs.ansible.com/playbooks_best_practices.html

http://docs.ansible.com/playbooks_best_practices.html


Homework

● Replay examples● commit result to GitHub● send me a message



@soldasimo

simonesoldateschi

Ansible - Crash course

Software

pkghttpd statelatest

prefork statelatest

uk agenda

apply common

install apache

db rackspace

application

deploy web