INTRODUCING ANSIBLE What is it? What do we do with it? How?! Tyler Turk
INTRODUCING ANSIBLEWhat is it? What do we do with it? How?!
Tyler Turk
Uh… What are we talking about?
• Configuration Management Utility
• Automation Utility
• Easily extensible and pluggable framework
• Michael DeHaan, 2012 (developer of cobbler)
Please sir, may I have some
more?
• Written in Python
• Used for server config management
• Used for auditing of environment
Server-CM: Ansible 1.7.3
Masterchief: Ansible 0.9
THE DYNAMIC INVENTORY
What are inventories? What do
they contain?
• List of groups
• List of hosts in groups
• Potentially some
variables
What’s our inventory?
• Dynamic inventory interface based off server-
meta
• inventory/server_meta.py
• Groups generated by:
• server-meta-ranges
• Datacenter values
• ansible_groups property
Currently Extant Groups
• 64b-pod
• hapod
• 4g
• 8g-legacy
• development
• staging
• production
• protostaging
• vendor_group
• cloud
• dedicated
• clusters
Managing Disparate
Environments
• Primary API services production
• Dev API services development
• Corporate servers are handled with a flat file
Why is the inventory important?
• Groups are managed by dynamic inventory
• Skipping dynamic inventory means no groups
• No groups means incorrect variables set
• Systems will be configured incorrectly
Why do we need a custom
inventory?
• Multi-vendor strategy
• Custom data
requirements
• Assurance of
environment isolation
INVENTORY PATTERN
MATCHING
Access The Servers You Want!
• ‘pod-*’ # All pods
• ‘utility-*’ # All servers
with utility in the name
• ‘cluster-*:!dbmaster*’ #
All servers in each
cluster excluding
dbmaster
• ‘vendor:&pod-*’ # All
pods that exist in vendor
A simple example
Another example with explicit inclusion
IMPORTANCE OF
IDEMPOTENCE
What is idempotence?
f(x) = f(f(x)) = f(f(f(f(f(f(x))))))
• property of certain
operations in
mathematics and
computer science, that
can be applied multiple
times without changing
the result beyond the
initial application
• f(x) = f(f(x))
Okay… why do we care?
• Less accident prone
• We don’t break things
• Playbook is repeatable
• Helps to ensure same state, each time
Examples
• Idempotent Task:
lineinfile: dest=/etc/hosts line=“127.0.01 localhost” state=present
• Non-Idempotent Task:
shell: echo “127.0.01 localhost” >> /etc/hosts
AD-HOC USAGE
Ansible RunnerWelcome to Ad-Hoc
Usage
Useful Modules
• Apt
• Command
• Copy
• Fetch
• File
• Service
• Shell
• Stat
• Template
• User
• Zabbix Maintenance
Issues with Bash-isms
• Complex audits can
require mixed quotations
• Susceptible to shell
limitations
• Use python wrapper to
avoid bash-isms
Command Examples
ansible -i inventory/server_meta.py -m shell -a ‘ls /nas/local/ssl’ vendor
ansible -f 50 -m shell -a 'grep mysql.heartbeat
/etc/zabbix/zabbix_agentd.conf | wc -l' -i inventory/server_meta.py 'cluster*'
&>heart.out
ansible -f 50 -m copy -a "src=/root/ssl_sucks/cloudflare.conf
dest=/etc/wpengine/nginx/ssl.d/cloudflare.conf owner=root group=root
mode=0644" -i inventory/server_meta.py 'pod-*:hapod-*:web-*'
WHAT IS THIS PLAYBOOK
SORCERY?
What are playbooks?
• List of tasks
• Run against subset of
hosts
• Hopefully idempotent
What’s in a playbook?
• Conditional task execution
• Hosts
• Notifiable handlers
• Roles
• Variables
Example Playbook
Server Provisioning Playbooks
• Remote Playbook:
• Executed remotely
• Handles partitioning
• Initial Configuration
• Copies files out
• Platform Playbook:
• Executed locally
• Facts from remote
• Ensures packages
• Completes Config
Platform Deployment Playbook
• phased-deploy:
• git prefetch
• git checkout
• ensures consistent
phases
One-Off Playbooks
• build-server.yml
• Handles build server provisioning
• fire_and_forget_pull.yml
• Similar to nas2-prefetch.yml
• prepare-loadtest.yml
• Stages the droid install on a server
• remove_user.yml
• Removes user from our infrastructure
VARIABLE PRECEDENCE &
TROUBLESHOOTING
Introduction to Ansible Variables
• Regular variables:
Variables that are
explicitly defined either
via register or various
files / CLI options
• Magic variables:
Variables that are
defined automatically
Some Magic Variables
• hostvars
• ansible_distribution
• ansible_INTERFACE
• ansible_fqdn
• ansible_pkg_mgr
• group_names
• inventory_hostname
Variable Precedence
• Defined on the CLI (-e, --extra-vars)
• Connection variables
• “Most everything else”
• Inventory variables
• Discovered facts
• Role defaults
Wait… “most everything else…?”
• Included variables
• Host variables
• Group Variables
• Child group
• Parent group
• “All” variables, the super parent
• Define a variable as few times as possible
Using Lookup Plugins for
Variables
• with_items - Iterate through a list of items
• with_dict - Iterate through a dictionary
• with_fileglob - Iterate through a glob of files
• with_first_found - Iterate through files until one
is found
• Create your own!
JINJA2 TEMPLATING
FRAMEWORK
Introduction to Templating
group_vars/all:
is_vagrant: false
roles/common/templates/etc/hosts:
{% if is_vagrant %}
192.168.1.1 api.wpengine.com
{% endif %}
How to Loop in Templates
roles/common/templates/etc/hosts:
{% for ip in ansible_all_ipv4_addresses | sort %}
{{ ip }} {{ ansible_fqdn }}
{% endfor %}
roles/common/templates/etc/ansible_groups:
{% for name in group_names | sort %}
{{ name }}
{% endfor %}
Conditionals and Extensions
roles/apache/templates/var/www/index.jn2:
<html><head>
{% if maintenance_mode | default('', false) | bool %}
{% include "maintenance_header.html" %}
{% else %}
<title>Production - Ansible
Example</title></head><body>
<h3>Production mode FTW!</h3>
{% endif %}
</body></html>
Simple Demo Time!
ansible-playbook sample.yml
ansible-playbook sample.yml -e "maintenance_mode=false"
ansible-playbook sample.yml -e “maintenance_mode=true"
file:///Users/tylerturk/meetup/output/index.html
I WANT MORE OUT OF IT
Possible to Extend Upon
• Additional plugins can easily be dropped in
• Researching sample plugins goes a long way
• Several different plugin types currently
available
• Return results in JSON or hook however you
choose
Got questions? Ask!
Examples Available At:
https://github.com/tylerturk/ansible-examples-
jan28
Twitter: tylerjturk