35
Ansible Barcelona @AnsibleBCN Barcelona CC https://www.ickr.com/photos/din_bcn/2551132104/

Ansible Intro - June 2015 / Ansible Barcelona User Group

Embed Size (px)

Citation preview

Ansible Barcelona@AnsibleBCN

Barcelona

CC https://www.flickr.com/photos/din_bcn/2551132104/

Ansible Barcelona@AnsibleBCN

@enricostano

Ansible Barcelona@AnsibleBCN

Said Ziouani @SaidZiouani CEO/Founder

Greg DeKoenigsberg @gregdek VP Community

Ansible Barcelona@AnsibleBCN

IsmaelBenítez

CTO at Roca SalvatellaAssociate Professor at La Salle

Ansible Barcelonaco-organiser

@isma_tech

whoami

Ansible Barcelona@AnsibleBCN

Orestes Carracedo

CTO at Zyrcle Full-Stack Developer

Est. 2005

Ansible Barcelona Founder

@OrestesCA

whoami

Ansible Barcelona@AnsibleBCN

Ansible Barcelona@AnsibleBCN

Barcelona

@AnsibleBCNAnsible Barcelona

Introduction to Ansible

Ansible Barcelona@AnsibleBCN

What is Ansible

Ansible Barcelona@AnsibleBCN

SCM automation tool agent-less

simple + powerful

Basics

Managed Node #1 Managed Node #2

Ansible Barcelona@AnsibleBCN

Control Machine

Inventory

ssh

$ vagrant init https://github.com/holms/vagrant-jessie-box/releases/download/Jessie-v0.1/Debian-jessie-amd64-netboot.box … $ vagrant up … $ vagrant ssh-config HostName 127.0.0.1 User vagrant Port 2222 …

Managed Node setup

http://vagrantup.com http://vagrantbox.es

Ansible Barcelona@AnsibleBCN

Managed Node security credentials

$ vagrant ssh --command "echo `cat ~/.ssh/id_rsa.pub` >> ~/.ssh/authorized_keys” $ ssh vagrant@localhost -p 2222 … Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[localhost]:2222' (RSA) to the list of known hosts. … Last login: Sun Jun 7 01:21:33 2015 from 10.0.2.2 vagrant@Debian-jessie-amd64-netboot:~$ exit

Ansible Barcelona@AnsibleBCN

Control Machine setup

http://docs.ansible.com

$ sudo pip install paramiko PyYAML Jinja2 httplib2 $ git clone git://github.com/ansible/ansible.git --recursive $ cd ./ansible $ source hacking/env-setup … $ ansible ansible ansible-doc ansible-galaxy ansible-playbook ansible-pull ansible-vault

Ansible Barcelona@AnsibleBCN

Inventory setup

$ export ANSIBLE_INVENTORY=~/ansible_hosts

[vagrant] 127.0.0.1:2222 foo=bar

[vagrant:vars] ansible_ssh_user=vagrant env=local

http://docs.ansible.com/intro_inventory.html https://docs.ansible.com/playbooks_variables.html

Ansible Barcelona@AnsibleBCN

Precedence: -i file or $ANSIBLE_INVENTORY or /etc/ansible/hosts

Random

Ansible Barcelona@AnsibleBCN

_________________ < GATHERING FACTS > ----------------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || ||

http://docs.ansible.com/faq.html#how-do-i-disable-cowsay

export ANSIBLE_NOCOWS=1

Ping a.k.a. Hello world

$ ansible vagrant -m ping --vvvv <127.0.0.1> ESTABLISH CONNECTION FOR USER: vagrant on PORT 2222 TO 127.0.0.1 <127.0.0.1> REMOTE_MODULE ping … 127.0.0.1 | success >> { "changed": false, "ping": "pong" } $ ansible all -m ping —vvvv …

Ansible Barcelona@AnsibleBCN

Playbooks

Ansible Barcelona@AnsibleBCN

- hosts: vagrant sudo: True tasks: - name: Install ntp apt: pkg=ntp state=installed

$ ansible-playbook test_playbook.yml … GATHERING FACTS ok: [127.0.0.1] TASK: [Install ntp] changed: [127.0.0.1] PLAY RECAP 127.0.0.1: ok=2 changed=1 unreachable=0 failed=0

test_playbook.yml

Idempotence

Ansible Barcelona@AnsibleBCN

- hosts: vagrant sudo: True tasks: - name: Install ntp apt: pkg=ntp state=installed

$ ansible-playbook test_playbook.yml … GATHERING FACTS ok: [127.0.0.1] TASK: [Install ntp] ok: [127.0.0.1] PLAY RECAP 127.0.0.1: ok=2 changed=0 unreachable=0 failed=0

test_playbook.yml

Idempotence

Ansible Barcelona@AnsibleBCN

- hosts: vagrant sudo: True tasks: - name: Install ntp apt: pkg=ntp state=installed

$ ansible-playbook test_playbook.yml … GATHERING FACTS ok: [127.0.0.1] TASK: [Install ntp] ok: [127.0.0.1] PLAY RECAP 127.0.0.1: ok=2 changed=0 unreachable=0 failed=0

test_playbook.yml

Facts

$ ansible vagrant -m setup 127.0.0.1 | success >> { "ansible_facts": { "ansible_all_ipv4_addresses": [ "10.0.2.15" ], "ansible_all_ipv6_addresses": [ "fe80::a00:27ff:fe6b:d3e" ], "ansible_architecture": "x86_64", "ansible_bios_date": "12/01/2006", "ansible_bios_version": "VirtualBox", …

Ansible Barcelona@AnsibleBCN

Templates, facts and variables

Ansible Barcelona@AnsibleBCN

- hosts: vagrant sudo: True

tasks: - name: Write MOTD template: src=templates/motd dest=/etc/motd

You’re now in the {{ env | upper }} environment at {{ ansible_hostname }} {{ ansible_distribution }} {{ansible_distribution_release }} {{ ansible_distribution_version }} {{ ansible_system }} {{ ansible_kernel }} {{ ansible_architecture }}

test_playbook.yml

templates/motd

You’re now in the LOCAL environment at Debian-jessie-amd64-netboot Debian jessie 8.0 Linux 3.16.0-4-amd64 x86_64

Conditionals

Ansible Barcelona@AnsibleBCN

- name: Enable LOCAL env prompt indicator template: src=templates/env/local/.bash_profile dest=~/.bash_profile when: env == "local"

test_playbook.yml

export PS1="\[$(tput setaf 2)\][\u@\h \W]\\$ \[$(tput setaf 7)\]\[$(tput sgr0)\]"

templates/.bash_profile

[vagrant@Debian-jessie-amd64-netboot ~]$

https://docs.ansible.com/playbooks_conditionals.html

Notifications and handlers

Ansible Barcelona@AnsibleBCN

- hosts: webservers vars: http_port: 80 max_clients: 200 remote_user: root tasks: - name: ensure apache is at the latest version yum: pkg=httpd state=latest - name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf notify: - restart apache - name: ensure apache is running (and enable it at boot) service: name=httpd state=started enabled=yes handlers: - name: restart apache service: name=httpd state=restarted

Roles

Ansible Barcelona@AnsibleBCN

site.yml roles/ common/ files/ templates/ tasks/ handlers/ vars/ defaults/ meta/ webserver/ …

files

https://docs.ansible.com/playbooks_roles.html https://github.com/ansible/ansible-examples

- hosts: webservers roles: - common - webserver

site.yml

First steps in practice

Ansible Barcelona@AnsibleBCN

Dependencies Credentials Deployment

Install dependencies

Ansible Barcelona@AnsibleBCN

$ ansible-playbook test_playbook.yml … /bin/sh: 1: /usr/bin/python: not found …

Missing Python

gather_facts: False tasks: - name: Install Python raw: apt-get install python -y - name: Gather facts after python install setup: - name: Write MOTD …

test_playbook.yml

Install dependencies

Ansible Barcelona@AnsibleBCN

$ ansible-playbook test_playbook.yml --sudo PLAY [vagrant] TASK: [Install Python] ok: [127.0.0.1] TASK: [Gather facts] ok: [127.0.0.1] TASK: [Write MOTD] changed: [127.0.0.1] PLAY RECAP 127.0.0.1: ok=3 changed=1 unreachable=0 failed=0

test_playbook.yml

Setup remote access

Ansible Barcelona@AnsibleBCN

- name: Setup access authorized_key: user="{{ ansible_ssh_user }}" key="{{ item }}" with_file: - ~/.ssh/id_rsa.pub - /some/secure/dir/keys/admin.pub

test_playbook.yml

http://docs.ansible.com/authorized_key_module.html

$ ansible-playbook test_playbook.yml --ask-pass SSH password: TASK: [Setup access] ok: [127.0.0.1] => (item=ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD… [email protected]) …

Simple deployment

Ansible Barcelona@AnsibleBCN

- name: Clone git repository git: > dest=/var/www/awesome-app repo=https://github.com/initech/awesome-app update=no sudo: yes sudo_user: www-data register: cloned

- name: Clear cache … when: cloned|changed

test_playbook.yml

https://github.com/ansistranohttp://www.future500.nl/articles/2014/07/thoughts-on-deploying-with-ansible/

Advanced deployment

Ansible Barcelona@AnsibleBCN

http://www.ansible.com/application-deployment http://docs.ansible.com/playbooks_delegation.html

- hosts: webservers max_fail_percentage: 30 serial: 10

Learning from the community

Ansible Barcelona@AnsibleBCN

https://galaxy.ansible.com

Visual inventory management Push-button deployments

Team workflow Role-based security

Demo https://youtu.be/wEB7C3OAnYo

Going enterprise

Ansible Barcelona@AnsibleBCN

EOF

Ansible Barcelona@AnsibleBCN

___________________ < THAT’S ALL FOLKS! > ------------------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || ||

Swag giveaway time!

Ansible Barcelona@AnsibleBCN

Feedback welcome [email protected]

Thanks!

Ansible Barcelona@AnsibleBCN