View
295
Download
2
Category
Preview:
Citation preview
Ansible Barcelona@AnsibleBCN
Barcelona
CC https://www.flickr.com/photos/din_bcn/2551132104/
Ansible Barcelona@AnsibleBCN
Said Ziouani @SaidZiouani CEO/Founder
Greg DeKoenigsberg @gregdek VP Community
IsmaelBenítez
CTO at Roca SalvatellaAssociate Professor at La Salle
Ansible Barcelonaco-organiser
@isma_tech
whoami
Ansible Barcelona@AnsibleBCN
Orestes Carracedo
CTO at Zyrcle Full-Stack Developer
Est. 2005
Ansible Barcelona Founder
@OrestesCA
whoami
Ansible Barcelona@AnsibleBCN
$ vagrant init https://github.com/holms/vagrant-jessie-box/releases/download/Jessie-v0.1/Debian-jessie-amd64-netboot.box … $ vagrant up … $ vagrant ssh-config HostName 127.0.0.1 User vagrant Port 2222 …
Managed Node setup
http://vagrantup.com http://vagrantbox.es
Ansible Barcelona@AnsibleBCN
Managed Node security credentials
$ vagrant ssh --command "echo `cat ~/.ssh/id_rsa.pub` >> ~/.ssh/authorized_keys” $ ssh vagrant@localhost -p 2222 … Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[localhost]:2222' (RSA) to the list of known hosts. … Last login: Sun Jun 7 01:21:33 2015 from 10.0.2.2 vagrant@Debian-jessie-amd64-netboot:~$ exit
Ansible Barcelona@AnsibleBCN
Control Machine setup
http://docs.ansible.com
$ sudo pip install paramiko PyYAML Jinja2 httplib2 $ git clone git://github.com/ansible/ansible.git --recursive $ cd ./ansible $ source hacking/env-setup … $ ansible ansible ansible-doc ansible-galaxy ansible-playbook ansible-pull ansible-vault
Ansible Barcelona@AnsibleBCN
Inventory setup
$ export ANSIBLE_INVENTORY=~/ansible_hosts
[vagrant] 127.0.0.1:2222 foo=bar
[vagrant:vars] ansible_ssh_user=vagrant env=local
http://docs.ansible.com/intro_inventory.html https://docs.ansible.com/playbooks_variables.html
Ansible Barcelona@AnsibleBCN
Precedence: -i file or $ANSIBLE_INVENTORY or /etc/ansible/hosts
Random
Ansible Barcelona@AnsibleBCN
_________________ < GATHERING FACTS > ----------------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || ||
http://docs.ansible.com/faq.html#how-do-i-disable-cowsay
export ANSIBLE_NOCOWS=1
Ping a.k.a. Hello world
$ ansible vagrant -m ping --vvvv <127.0.0.1> ESTABLISH CONNECTION FOR USER: vagrant on PORT 2222 TO 127.0.0.1 <127.0.0.1> REMOTE_MODULE ping … 127.0.0.1 | success >> { "changed": false, "ping": "pong" } $ ansible all -m ping —vvvv …
Ansible Barcelona@AnsibleBCN
Playbooks
Ansible Barcelona@AnsibleBCN
- hosts: vagrant sudo: True tasks: - name: Install ntp apt: pkg=ntp state=installed
$ ansible-playbook test_playbook.yml … GATHERING FACTS ok: [127.0.0.1] TASK: [Install ntp] changed: [127.0.0.1] PLAY RECAP 127.0.0.1: ok=2 changed=1 unreachable=0 failed=0
test_playbook.yml
Idempotence
Ansible Barcelona@AnsibleBCN
- hosts: vagrant sudo: True tasks: - name: Install ntp apt: pkg=ntp state=installed
$ ansible-playbook test_playbook.yml … GATHERING FACTS ok: [127.0.0.1] TASK: [Install ntp] ok: [127.0.0.1] PLAY RECAP 127.0.0.1: ok=2 changed=0 unreachable=0 failed=0
test_playbook.yml
Idempotence
Ansible Barcelona@AnsibleBCN
- hosts: vagrant sudo: True tasks: - name: Install ntp apt: pkg=ntp state=installed
$ ansible-playbook test_playbook.yml … GATHERING FACTS ok: [127.0.0.1] TASK: [Install ntp] ok: [127.0.0.1] PLAY RECAP 127.0.0.1: ok=2 changed=0 unreachable=0 failed=0
test_playbook.yml
Facts
$ ansible vagrant -m setup 127.0.0.1 | success >> { "ansible_facts": { "ansible_all_ipv4_addresses": [ "10.0.2.15" ], "ansible_all_ipv6_addresses": [ "fe80::a00:27ff:fe6b:d3e" ], "ansible_architecture": "x86_64", "ansible_bios_date": "12/01/2006", "ansible_bios_version": "VirtualBox", …
Ansible Barcelona@AnsibleBCN
Templates, facts and variables
Ansible Barcelona@AnsibleBCN
- hosts: vagrant sudo: True
tasks: - name: Write MOTD template: src=templates/motd dest=/etc/motd
You’re now in the {{ env | upper }} environment at {{ ansible_hostname }} {{ ansible_distribution }} {{ansible_distribution_release }} {{ ansible_distribution_version }} {{ ansible_system }} {{ ansible_kernel }} {{ ansible_architecture }}
test_playbook.yml
templates/motd
You’re now in the LOCAL environment at Debian-jessie-amd64-netboot Debian jessie 8.0 Linux 3.16.0-4-amd64 x86_64
Conditionals
Ansible Barcelona@AnsibleBCN
- name: Enable LOCAL env prompt indicator template: src=templates/env/local/.bash_profile dest=~/.bash_profile when: env == "local"
test_playbook.yml
export PS1="\[$(tput setaf 2)\][\u@\h \W]\\$ \[$(tput setaf 7)\]\[$(tput sgr0)\]"
templates/.bash_profile
[vagrant@Debian-jessie-amd64-netboot ~]$
https://docs.ansible.com/playbooks_conditionals.html
Notifications and handlers
Ansible Barcelona@AnsibleBCN
- hosts: webservers vars: http_port: 80 max_clients: 200 remote_user: root tasks: - name: ensure apache is at the latest version yum: pkg=httpd state=latest - name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf notify: - restart apache - name: ensure apache is running (and enable it at boot) service: name=httpd state=started enabled=yes handlers: - name: restart apache service: name=httpd state=restarted
Roles
Ansible Barcelona@AnsibleBCN
site.yml roles/ common/ files/ templates/ tasks/ handlers/ vars/ defaults/ meta/ webserver/ …
files
https://docs.ansible.com/playbooks_roles.html https://github.com/ansible/ansible-examples
- hosts: webservers roles: - common - webserver
site.yml
Install dependencies
Ansible Barcelona@AnsibleBCN
$ ansible-playbook test_playbook.yml … /bin/sh: 1: /usr/bin/python: not found …
Missing Python
gather_facts: False tasks: - name: Install Python raw: apt-get install python -y - name: Gather facts after python install setup: - name: Write MOTD …
test_playbook.yml
Install dependencies
Ansible Barcelona@AnsibleBCN
$ ansible-playbook test_playbook.yml --sudo PLAY [vagrant] TASK: [Install Python] ok: [127.0.0.1] TASK: [Gather facts] ok: [127.0.0.1] TASK: [Write MOTD] changed: [127.0.0.1] PLAY RECAP 127.0.0.1: ok=3 changed=1 unreachable=0 failed=0
test_playbook.yml
Setup remote access
Ansible Barcelona@AnsibleBCN
- name: Setup access authorized_key: user="{{ ansible_ssh_user }}" key="{{ item }}" with_file: - ~/.ssh/id_rsa.pub - /some/secure/dir/keys/admin.pub
test_playbook.yml
http://docs.ansible.com/authorized_key_module.html
$ ansible-playbook test_playbook.yml --ask-pass SSH password: TASK: [Setup access] ok: [127.0.0.1] => (item=ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD… orestes@mjolnir.local) …
Simple deployment
Ansible Barcelona@AnsibleBCN
- name: Clone git repository git: > dest=/var/www/awesome-app repo=https://github.com/initech/awesome-app update=no sudo: yes sudo_user: www-data register: cloned
- name: Clear cache … when: cloned|changed
test_playbook.yml
https://github.com/ansistranohttp://www.future500.nl/articles/2014/07/thoughts-on-deploying-with-ansible/
Advanced deployment
Ansible Barcelona@AnsibleBCN
http://www.ansible.com/application-deployment http://docs.ansible.com/playbooks_delegation.html
- hosts: webservers max_fail_percentage: 30 serial: 10
Learning from the community
Ansible Barcelona@AnsibleBCN
https://galaxy.ansible.com
Visual inventory management Push-button deployments
Team workflow Role-based security
Demo https://youtu.be/wEB7C3OAnYo
Going enterprise
Ansible Barcelona@AnsibleBCN
EOF
Ansible Barcelona@AnsibleBCN
___________________ < THAT’S ALL FOLKS! > ------------------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || ||
Feedback welcome orestes.ca@gmail.com
Thanks!
Ansible Barcelona@AnsibleBCN
Recommended