A BOUT I NTRODUCTION A NSIBLE E ND Ansible Basics Oleg Fiksel Security Consultant @ CSPI GmbH oleg.fiksel@cspi.com | oleg@fiksel.info FrOSCon 2015
A BOUT I NTRODUCTION A NSIBLE E ND A GENDA A BOUT I NTRODUCTION Goals of this talk Configuration management A NSIBLE Key Points Ad hoc Approach Playbook Run Playbook Idempotence Facts Handlers Best practices Summary E ND Q & A Links
A BOUT I NTRODUCTION A NSIBLE E ND A BOUT ME ◮ Security Consultant at CSPI (former MODCOMP) ◮ Main topics ◮ Automation ◮ Virtualisation ◮ Application Switching (load balancing) ◮ Perl Coding
A BOUT I NTRODUCTION A NSIBLE E ND A BOUT MODCOMP ◮ Founded in 1976 as MODCOMP Inc. Since 1985 in Germany. ◮ Main scope: production of minicomputer for real-time environments. Example: NASA Space Shuttle Program. ◮ Development of real-time operating system Real/IX. ◮ 1990 - 1992 Cray and Bull equip their HPCs with Real/IX. ◮ 1995 New scope: Security Consulting. ◮ 1996 purchased by CSPI. ◮ Since 2015 re-branded as CSPI Germany.
A BOUT I NTRODUCTION A NSIBLE E ND A BOUT CSPI ◮ 3 locations world wide: US, DE, UK. ◮ CSPI Germany (Köln) ~90 employees. ◮ 9 solution centers covering every aspect of IT-Security. ◮ An opportunity to work on big infrastructures with cutting edge technology.
A BOUT I NTRODUCTION A NSIBLE E ND G OALS OF THIS TALK
A BOUT I NTRODUCTION A NSIBLE E ND G OALS OF THIS TALK ◮ This is not a comparison of configuration management systems.
A BOUT I NTRODUCTION A NSIBLE E ND G OALS OF THIS TALK ◮ This is not a comparison of configuration management systems. ◮ Basic theoretical understanding of configuration management.
A BOUT I NTRODUCTION A NSIBLE E ND G OALS OF THIS TALK ◮ This is not a comparison of configuration management systems. ◮ Basic theoretical understanding of configuration management. ◮ Introduction to ansible.
A BOUT I NTRODUCTION A NSIBLE E ND G OALS OF THIS TALK ◮ This is not a comparison of configuration management systems. ◮ Basic theoretical understanding of configuration management. ◮ Introduction to ansible. ◮ Practical examples using ansible.
A BOUT I NTRODUCTION A NSIBLE E ND W HAT IS A GOAL OF CONFIGURATION MANAGEMENT ? Provide easy , repeatable and scalable provisioning and configuration management.
A BOUT I NTRODUCTION A NSIBLE E ND W HAT DOES THIS MEAN ?
A BOUT I NTRODUCTION A NSIBLE E ND W HAT DOES THIS MEAN ? ◮ easy
A BOUT I NTRODUCTION A NSIBLE E ND W HAT DOES THIS MEAN ? ◮ easy ◮ configuration is consolidated versioned
A BOUT I NTRODUCTION A NSIBLE E ND W HAT DOES THIS MEAN ? ◮ easy ◮ configuration is consolidated versioned ◮ repeatable
A BOUT I NTRODUCTION A NSIBLE E ND W HAT DOES THIS MEAN ? ◮ easy ◮ configuration is consolidated versioned ◮ repeatable ◮ provisioning produces every time the same result
A BOUT I NTRODUCTION A NSIBLE E ND W HAT DOES THIS MEAN ? ◮ easy ◮ configuration is consolidated versioned ◮ repeatable ◮ provisioning produces every time the same result ◮ scalable
A BOUT I NTRODUCTION A NSIBLE E ND W HAT DOES THIS MEAN ? ◮ easy ◮ configuration is consolidated versioned ◮ repeatable ◮ provisioning produces every time the same result ◮ scalable ◮ provisioning can be done to any number of machines
A BOUT I NTRODUCTION A NSIBLE E ND A NSIBLE K EY P OINTS
A BOUT I NTRODUCTION A NSIBLE E ND A NSIBLE K EY P OINTS ◮ Fresh (started February 2012)
A BOUT I NTRODUCTION A NSIBLE E ND A NSIBLE K EY P OINTS ◮ Fresh (started February 2012) ◮ Simple
A BOUT I NTRODUCTION A NSIBLE E ND A NSIBLE K EY P OINTS ◮ Fresh (started February 2012) ◮ Simple ◮ YAML Syntax
A BOUT I NTRODUCTION A NSIBLE E ND A NSIBLE K EY P OINTS ◮ Fresh (started February 2012) ◮ Simple ◮ YAML Syntax ◮ straight forward running scenario
A BOUT I NTRODUCTION A NSIBLE E ND A NSIBLE K EY P OINTS ◮ Fresh (started February 2012) ◮ Simple ◮ YAML Syntax ◮ straight forward running scenario ◮ Agentless
A BOUT I NTRODUCTION A NSIBLE E ND A NSIBLE K EY P OINTS ◮ Fresh (started February 2012) ◮ Simple ◮ YAML Syntax ◮ straight forward running scenario ◮ Agentless ◮ dependencies for node SSH + ( Python >= 2.5 | Python < 2.5 + python-simplejson)
A BOUT I NTRODUCTION A NSIBLE E ND U SING ANSIBLE AS PSSH Ansible can be used as pssh. ansible − i 1 0 . 0 . 0 . 1 , 1 0 . 0 . 0 . 2 , a l l − m command − a ’/ bin/date ’
A BOUT I NTRODUCTION A NSIBLE E ND U SING ANSIBLE AS PSSH Ansible can be used as pssh. ansible − i 1 0 . 0 . 0 . 1 , 1 0 . 0 . 0 . 2 , a l l − m command − a ’/ bin/date ’ Run /bin/date on machines 10.0.0.1 and 10.0.0.2.
A BOUT I NTRODUCTION A NSIBLE E ND P LAYBOOK Playbooks are YAML. 1 --- 2 # http://www.withoutthesarcasm.com/ubuntu-motd-landscape/ 3 − hosts: a l l remote_user: root 4 tasks: 5 - name: remove landscape − c l i e n t 6 apt: name=landscape − c l i e n t s t a t e =absent purge=yes 7 - name: remove landscape − common 8 apt: name=landscape − common s t a t e =absent purge=yes 9
A BOUT I NTRODUCTION A NSIBLE E ND R UN P LAYBOOK How to run a Playbook? ansible − playbook − i inventory_file playbook . yml ansible − playbook − i hostname1 , hostname2 , 1 9 2 . 1 6 8 . 0 . 1 0 , playbook . yml
A BOUT I NTRODUCTION A NSIBLE E ND I DEMPOTENCE 1 Wikipedia Quote
A BOUT I NTRODUCTION A NSIBLE E ND I DEMPOTENCE "Idempotence is the property of certain operations in mathematics and computer science, that can be applied multiple times without changing the result." 1 1 Wikipedia Quote
A BOUT I NTRODUCTION A NSIBLE E ND I DEMPOTENCE "Idempotence is the property of certain operations in mathematics and computer science, that can be applied multiple times without changing the result." 1 Simple: Goal of ansible playbook is to define the desired state and not script you way to this state. 1 Wikipedia Quote
A BOUT I NTRODUCTION A NSIBLE E ND E XAMPLE 1 1 ansible − i test − node , a l l − m s h e l l \ 2 − a ’ echo " 1 9 2 . 1 6 8 . 0 . 1 test − node " >> /etc/hosts ’
A BOUT I NTRODUCTION A NSIBLE E ND E XAMPLE 2 1 ansible − i test − node , a l l − m l i n e i n f i l e \ 2 − a ’ dest=/etc/hosts l i n e=" 1 9 2 . 1 6 8 . 0 . 1 test − node " ’
A BOUT I NTRODUCTION A NSIBLE E ND E XAMPLE 3 1 --- 2 − hosts: a l l tasks: 3 - name: clean up /etc/hosts 4 l i n e i n f i l e : dest=/etc/hosts regexp =192\.168\.0 s t a t e =absent 5 - name: add new /etc/hosts entry 6 l i n e i n f i l e : dest=/etc/hosts l i n e= "192.168.0.1 test-node" 7
A BOUT I NTRODUCTION A NSIBLE E ND F ACTS Facts are fetched from a host and exported as variables, which can be used in playbooks.
A BOUT I NTRODUCTION A NSIBLE E ND F ACTS Facts are fetched from a host and exported as variables, which can be used in playbooks. See all facts for a host: 1 ansible hostname − m setup 2 ansible − i hostname , a l l − m setup
A BOUT I NTRODUCTION A NSIBLE E ND E XAMPLE 1 --- 2 − hosts: a l l tasks: 3 - name: "shutdown CentOS 6 and 7 systems" 4 command: /sbin/shutdown − t now 5 when: ans ib l e_di str ib utio n == "CentOS" and 6 ( ansible_distribution_major_version == "6" 7 or 8 ansible_distribution_major_version == "7" ) 9
A BOUT I NTRODUCTION A NSIBLE E ND T URN OFF GATHERING FACTS IN A PLAYBOOK 1 --- 2 − hosts: a l l gather_facts: no 3 tasks: 4 - name: clean up /etc/hosts 5 l i n e i n f i l e : dest=/etc/hosts regexp =192\.168\.0 s t a t e =absent 6 - name: add new /etc/hosts entry 7 l i n e i n f i l e : dest=/etc/hosts l i n e= "192.168.0.1 test-node" 8
A BOUT I NTRODUCTION A NSIBLE E ND H ANDLERS Handlers only run after all of the tasks are run, and they only run once, even if they are notified multiple times. They always run in the order that they appear in the playbook, not the notification order.
A BOUT I NTRODUCTION A NSIBLE E ND E XAMPLE 1 --- 2 − hosts: webservers handlers: 3 - name: r e s t a r t apache 4 service: name=httpd s t a t e =restarted 5 tasks: 6 - name: ensure apache i s at the l a t e s t version 7 yum: name=httpd s t a t e = l a t e s t 8 - name: write the apache config f i l e 9 template: src=/srv/httpd . j 2 dest=/etc/httpd . conf 10 notify: 11 - r e s t a r t apache 12 - name: ensure apache i s running ( and enable i t at boot ) 13 service: name=httpd s t a t e =started enabled=yes 14
Recommend
More recommend
