@pas256 @Answers4AWS
How Ansible Makes Automation Easy
Gluecon: May 2014 !!
Peter Sankauskas Founder, Answers for AWS
@pas256 @Answers4AWS
• Engineer
• Founder of Answers for AWS
• Wrote the EC2 inventory plugin for Ansible
• Run the Advanced AWS meetup in SF
• Won a NetflixOSS Cloud Prize for my Ansible playbooks
About Me
@pas256 @Answers4AWS
!
!
Beautiful, flexible shell scripts
What is Ansible?
@pas256 @Answers4AWS
• Installation and configuration of services
• Code deployment
• Provisioning
• Image creation
What can you automate?
@pas256 @Answers4AWS
• Easy to read, write and share playbooks
• Thousands of modules *
• Great documentation
• Support
Why is it easy?
* 2015 projection
@pas256 @Answers4AWS
@pas256 @Answers4AWS
!!!- name: Install Apache web server apt: pkg=apache2 state=latest
What does this do?
@pas256 @Answers4AWS
!!!- name: Install Apache web server apt: pkg=apache2 state=latest
What does this do?Documentation
ArgumentsModule
@pas256 @Answers4AWS
- name: Install Apache web server with PHP apt: pkg={{ item }} state=latest with_items: - apache2 - php5 - libapache2-mod-php5 - php-apc
!
@pas256 @Answers4AWS
- name: Install Apache web server with PHP (apt version) apt: pkg={{ item }} state=latest with_items: - apache2 - php5 - libapache2-mod-php5 - php-apc when: ansible_distribution == ‘Ubuntu'"!!- name: Install Apache web server with PHP (yum version) yum: pkg={{ item }} state=latest with_items: - httpd24 - php55 - php55-pecl-apc when: ansible_distribution == 'Amazon'
@pas256 @Answers4AWS
- name: Copy website configuration copy: src=site.conf dest=/etc/apache2/sites-available/site.conf owner=root group=root mode=0755 notify: restart apache tags: config
A little more complex
@pas256 @Answers4AWS
• Contains one or more “plays”
• Written in YAML
• Declare configuration
• YAML is not code
• Executed in the order it is written
• No dependency graph
Playbooks
@pas256 @Answers4AWS
• apt/yum/pip
• Add/Remove packages
• command/shell
• Execute any shell command (with or without environment)
• copy
• Copy a file from source to destination on host
• file
• Create directories, symlinks, change permissions
• service
• Start/Stop/Enable services
• template
• Same as copy, but with variable substitutions in file
Modules
@pas256 @Answers4AWS
accelerate
acl
add_host
airbrake_deployment
alternatives
apache2_module
apt
apt_key
apt_repository
apt_rpm
arista_interface
arista_l2interface
arista_lag
arista_vlan
assemble
assert
async_status
async_wrapper
at
authorized_key
bigip_facts
bigip_monitor_http
bigip_monitor_tcp
bigip_node
bigip_pool
bigip_pool_member
boundary_meter
bzr
campfire
capabilities
cloudformation
command
composer
copy
cpanm
cron
datadog_event
debconf
debug
digital_ocean
digital_ocean_domain
digital_ocean_sshkey
django_manage
dnsimple
dnsmadeeasy
docker
docker_image
easy_install
ec2
ec2_ami
ec2_ami_search
ec2_asg
ec2_eip
ec2_elb
ec2_elb_lb
ec2_facts
ec2_group
ec2_key
ec2_lc
ec2_metric_alarm
ec2_scaling_policy
ec2_snapshot
ec2_tag
ec2_vol
ec2_vpc
ejabberd_user
elasticache
facter
fail
fetch
file
filesystem
fireball
firewalld
flowdock
gc_storage
gce
gce_lb
gce_net
gce_pd
gem
get_url
git
github_hooks
glance_image
group
group_by
grove
hg
hipchat
homebrew
homebrew_cask
homebrew_tap
hostname
htpasswd
include_vars
ini_file
irc
jabber
jboss
jira
kernel_blacklist
keystone_user
layman
librato_annotation
lineinfile
linode
lldp
locale_gen
logentries
lvg
lvol
macports
modprobe
mongodb_user
monit
mount
mqtt
mysql_db
@pas256 @Answers4AWS
mysql_replication
mysql_user
mysql_variables
nagios
netscaler
newrelic_deployment
nexmo
nova_compute
nova_keypair
npm
ohai
open_iscsi
openbsd_pkg
openvswitch_bridge
openvswitch_port
opkg
osx_say
ovirt
pacman
pagerduty
pause
ping
pingdom
pip
pkgin
pkgng
pkgutil
portage
portinstall
postgresql_db
postgresql_privs
postgresql_user
quantum_floating_ip
quantum_floating_ip_associate
quantum_network
quantum_router
quantum_router_gateway
quantum_router_interface
quantum_subnet
rabbitmq_parameter
rabbitmq_plugin
rabbitmq_policy
rabbitmq_user
rabbitmq_vhost
raw
rax
rax_cbs
rax_cbs_attachments
rax_clb
rax_clb_nodes
rax_dns
rax_dns_record
rax_facts
rax_files
rax_files_objects
rax_identity
rax_keypair
rax_network
rax_queue
rds
rds_param_group
rds_subnet_group
redhat_subscription
redis
replace
rhn_channel
rhn_register
riak
rollbar_deployment
route53
rpm_key
s3
script
seboolean
selinux
service
set_fact
setup
shell
slack
slurp
sns
stackdriver
stat
subversion
supervisorctl
svr4pkg
swdepot
synchronize
sysctl
template
twilio
typetalk
ufw
unarchive
uri
urpmi
user
virt
vsphere_guest
wait_for
xattr
yum
zfs
zypper
zypper_repository
@pas256 @Answers4AWS
• Reuse a set of tasks, files, variables and templates
• Ansible Galaxy for being social
• Web
• Database
• System
• more…
Roles
@pas256 @Answers4AWS
Documentation
http://docs.ansible.com/
Slides
http://www.slideshare.net/pas256/code-mash
Video
http://answersforaws.com/episodes/2-ansible-and-aws/
Introduction to Ansible
@pas256 @Answers4AWS
✓ Installation and configuration of services
• Code deployment
• Provisioning
• Image creation
What can you automate?
@pas256 @Answers4AWS
- name: Get code from GitHub for branch {{ branch }} git: [email protected]:company/website.git dest=/var/www/website version={{ branch }} accept_hostkey=yes" " - name: Copy database.yml from S3 to rails s3: bucket=company-devops object=database.yml dest=/var/www/website/config/database.yml mode=get"! - name: Bundle install shell: chdir=/var/www/website bundle install --without development test"! - name: Precompile assets with rake shell: chdir=/var/www/website RAILS_ENV={{ env }} bundle exec rake assets:precompile
Code deployment
@pas256 @Answers4AWS
• Create security group
• Launch instance
• Create load balancer
• Register instance with load balancer
Provisioning
@pas256 @Answers4AWS
Don’t do this
@pas256 @Answers4AWS
• Use CloudFormation
• Dependency management
• Delete for free
• Ultimate combination
• python + boto + troposphere
Don’t do this on AWS
@pas256 @Answers4AWS
- local_action: module: gce name: test-instance zone: us-central1-a machine_type: n1-standard-1 image: debian-7
Provisioning on GCE is fine
@pas256 @Answers4AWS
✓ Installation and configuration of services
✓ Code deployment
✓ Provisioning
• Image creation
What can you automate?
@pas256 @Answers4AWS
• Run in local mode
• Do not start services
• Use Ansible provisioner for
• aminator
• packer
• Use Bakery4AWS (apply for beta access)
Image creation
@pas256 @Answers4AWS
Flexible playbooks
@pas256 @Answers4AWS
Same playbook can:
• Run on a single instance
Flexible playbooks
Ansible Playbook
Laptop
@pas256 @Answers4AWS
Same playbook can:
• Run on a single instance
• Run on multiple instances
Flexible playbooks
Ansible Playbook
Laptop
@pas256 @Answers4AWS
Same playbook can:
• Run on a single instance
• Run on multiple instances
• Run against multiple OSes
Flexible playbooks
Ansible Playbook
Laptop
@pas256 @Answers4AWS
Same playbook can:
• Run on a single instance
• Run on multiple instances
• Run against multiple OSes
• Run in local mode to create image
Flexible playbooks
Ansible Playbook
Laptop
Packer/Aminator
@pas256 @Answers4AWS
Four things to consider to write highly flexible playbooks
• Header
• Common variables
• Services
• Handlers
How?
@pas256 @Answers4AWS
--- - name: My Playbook hosts: all sudo: True roles: - role1 - role2 vars_files: - vars/common.yml - vars/{{ ansible_distribution }}.yml
Playbook header
@pas256 @Answers4AWS
--- ami_build: ami is defined and ami not_ami_build: ami is not defined or not ami
Common Variables File
@pas256 @Answers4AWS
- name: Enable Apache HTTP Web Server service service: name=httpd enabled=yes"!- name: Starting Apache HTTP Web Server service service: name=httpd state=started when: not_ami_build"!- name: Stopping Apache HTTP Web Server service service: name=httpd state=stopped when: ami_build
Services
@pas256 @Answers4AWS
--- - name: restart apache service: name=httpd state=restarted when: not_ami_build
Handlers
@pas256 @Answers4AWS
• Against Ubuntu web servers
ansible-playbook myplaybook.yml -u ubuntu -l web"
• Against Amazon Linux web servers
ansible-playbook myplaybook.yml -u ec2-user -l web"
• Build an AMI
ansible-playbook myplaybook.yml -u ubuntu -e “ami=True” -c local -i “127.0.0.1,”
Execution
@pas256 @Answers4AWS
!
Questions? Play Stump the Presenter
!
Slides available online:
• http://bit.ly/gluecon-ansible
Thank you