Ansible: What, Why & How

Ansible Charlotte Meetup

Alfonso Cabrera

4/21/15

ANSIBLE: WHAT, WHY & HOW

WHAT IS IT?

• Open source project started by Michael DeHaan (Red Hat, Puppet) in

Feb. 2012

• Automation Engine written in Python

• Used as: config mgmt tool, orchestration tool, app deploy tool

• Similar tool to Chef, Puppet (but better!)

BASICS

TECHNICALLY SPEAKING,

• Python 2.7 internals

• Dependencies: Python

• Push based (can do pull too)

• Built for the cloud - connects to servers using SSH keys (Powershell too)

• Idempotent – run as many times as you wish!

• Human readable syntax: YAML

• No central server or special software on servers == AGENTLESS!

• Works with modules which can be written in any language (batteries

included)

WHY USE IT?

DESIGN PRINCIPLES

1. Simply Clear

Automation for Dev, Ops (anyone!)

2. Simply Fast

Minimal learning curve (automate fast!)

3. Simply Powerful

Several tools in one & batteries included

4. Simply Efficient

No complex setup – no agents

5. Simply Secure

Reduced footprint– uses standard SSH

END THE DRUDGERY!

• Package installs & updates

• Vulnerability patches

• Software deployments

• Server provisioning

• Config file consistency

• ProTip: Use Ansible to make life easier and enable you to work on the

things you want to work on.

SHOW ME DATA

• 6th most starred Python project on GitHub (10k stars)

• Over 1000 contributing developers on GitHub

• Ansible Inc. – in house dev team

• Received $6M in VC funding

A CHART!

MORE REASONS TO USE ANSIBLE

• Fastest 0 to 60 time in the market– no speed bumps to slow you down

• No new ports that need to be opened in your firewall

• No server certificates needed

• No master servers, no HA – don’t need to “manage the managers”

• Excellent documentation with useful examples

• There is probably already a core module for your use case:

Cloud DB Mon. Web System

EC2 MySQL Zabbix HAproxy Yum/Apt

Google PostgreSQL Pager Duty Apache Cron

Dig Ocean Redis Nagios Git Mount

VMware Riak Pingdom Docker SELinux

HOW DOES IT WORK?

BASIC TERMINOLOGY

• Inventory: what servers to connect to

• Facts: system info discovered

• Modules: abstract tasks for different uses

• Tasks: run an action from a module with specified arguments

• Plays: what tasks to run on what hosts

• Playbooks: a list of plays

• Roles: organize by server function/type

ANSIBLE CONFIG

• Rule #1: Don’t turn off cowsay!

• Control whether password is required

• Set how many parallel processes to use (default 5)

• Set Ansible log path

• Set private key file for SSH key auth

• Use custom SSH arguments as default

• Set defaults for remote user, remote SSH port, SSH timeout

INVENTORY

• Inventory file is in INI format

• Can specify custom port or SSH user alongside host

• Sample:

AD HOC MODE

• Run tasks outside of playbooks

• Run on full or partial inventory

• Can use modules with ad-hoc tasks (use –m)

PLAYBOOKS

• A list of plays run against specified hosts

• Put them in version control!

• Can run on one host at a time or all servers in parallel

• YAML syntax

• Can use variables

• Can use file templates (jinja2)

• Can specify only certain tasks to run based on tags

PLAYBOOK EXAMPLE

USE ROLES

A ROLE PLAYBOOK

HOW WE STARTED

• Real world use case – deploys were being done with manual, interactive

shell scripts by multiple teams!

• Dev team would handle first part and inform Ops when tar file was ready

for deployment

• Ops (me) would have to run a few shell scripts and cross my fingers

• Deployments were a pain point for the company

• Ansible to the rescue!

HOW WE FIXED DEPLOYMENTS

• Goal: Make deployments simpler and more stable

• Ansible workflow :

• Pull source code from Stash directly (using ro SSH key)

• Use composer module to pull in dependencies

• Create packaged tar file with code and dependencies

• Copy file to dev | test | prod and unpack tar file in webroot

• Apply proper file permissions

• Other tasks based on playbook logic that checks server/env/app

• Gracefully restart Apache

• Add comment to JIRA ticket informing team of successful deploy and assign ticket to PM

• POST deployment to New Relic using API

ANSIBLE TOWER

• Paid product w/ support by Ansible Inc

• Web based GUI

• Manage nodes, schedule jobs

• Auditing

• REST API

WRAP UP

• Free Preview of Ansible Up and Running by Lorin Hochstein

http://www.ansible.com/ansible-book

• Excellent docs at http://docs.ansible.com

THANK YOU!