Ansible in Operatjon Bruce Becker: Coordinator, SAGrid | - - PowerPoint PPT Presentation

Bruce Becker: Coordinator, SAGrid | bbecker@csir.co.za | http://www.sagrid.ac.za

Ansible in Operatjon

Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 2

Learning Goals

• Manage inventory
• Ansible ad-hoc commands
• Write & run Playbooks
• Understanding of variables
• Loops and conditjons

Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 3

Inventories

• A list of hosts, groups and aspects of hosts
• Can be dynamic or statjc
• Groups defjned by brackets [

] and by name

• Describe systems
• Decide what systems you are controlling at what tjmes and for what

purpose (roles)

• Groups can be nested with :

c h i l d r e n

• Hosts can be in more than one group
• server could be both a webserver and a dbserver.
• variables will come from all of the groups they are a member of

Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 4

Statjc Inventories

• Statjc inventory : simplest, most common form
• Add a group
• Add host variables

l

• c

a l h

• s

t l

• c

a l h

• s

t [ C e n t O S ] l

• c

a l h

• s

t L

• c

a l h

• s

t a n s i b l e _ s s h _ h

• s

t = 1 2 7 . . . 1 [ C e n t O S ] l

• c

a l h

• s

t

Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 5

Dynamic Inventories

• Statjc inventories negate the environment of the

cloud

• Can use almost data source to generate dynamic

inventories

Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 6

Lesson 1: Run an empty play

• 1. g

i t i n i t

• 2. Confjgure an inventory fjle
• 3. Create at least one group (by OS)
• 4. Start a playbook
• 5. Run the empty playbook against all hosts

Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 7

Host selectjon

• Host selectjon can be done by incuding or excluding

groups and single hosts

• Selectjon can be done by passing :
• a

l l / *

• Groups names
• Exclusion (a

l l : ! C e n t O S )

• Intersectjon (w

e b s e r v e r s : & s t a g i n g )

• Regex

Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 8

Executjng - Tasks

• Ad-Hoc: commands which execute single tasks
• Tasks: leverage an Ansible module, which is

executed on the target host

• Modules:
• (Mostly) writuen in Python
• Shipped via SSH to the target host
• Return JSON, interpreted by Ansible for outcome
• Removed once executed

Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 9

Executjng - Modules

• Modules are the ”Batueries included” of Ansible
• Core modules provided by Ansible and ”extras”

by the community

• Well-documented
• Web :

htup:/ /docs.ansible.com/ansible/modules_by_category .html

• CLI : a

n s i b l e

• d
• c
• l

Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 10

Hands-on session Ansible ad-hoc commands

Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 11

Ad-hoc actjons

• 1. Check facts on all hosts

1 . A n s i b l e a l l

• i

i n v e n t

• r

y

• m

s e t u p

• 2. Copy a fjle
• 3. Install nginx and add a user
• 4. Clone a git repo to a path
• 5. Ensure that htupd is present and started
• 6. Background operatjons, with polling

Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 12

Orchestratjon

• The true power of ansible comes from

abstractjon and orchestratjon, using playbooks

• Playbook is a set of ordered tasks, combined with

selected targets

• Playbooks provide ready-made strategies for

bringing (groups of) hosts to a desired state

Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 13

Roles

• Roles provide a way to encapsulate and re-use

code

• Instead of writjng lots of tasks, your playbook can

be more readable and understandable to someone else :

• h
• s

t s : d i r a c u s e r : a n s i b l e s u d

• :

t r u e r

• l

e s :

• b
• t

s t r a p

• c
• m

m

• n
• c

e r t i f i c a t e s

• d

i r a c

Roles are applied in order Roles may have dependencies

Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 14

Roles and fjlesystem structure

s i t e . y m l r

• l

e s / r

• l

e 1 / f i l e s / t e m p l a t e s / t a s k s / h a n d l e r s / v a r s / m e t a /

• Roles are usually

placed in a ”library” in a sub-directory.

• Each role has a

standard structure

• Roles can be

scafgolded using a n s i b l e

• g

a l a x y

Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 15

Creatjng new roles with Galaxy

• A new role can be created using

a n s i b l e

• g

a l a x y i n i t < r

• l

e n a m e >

• Ensure that you create the role in the ”roles” directory,
• r you won't be able to simply call them by name in the

playbooks.

• Ansible Galaxy creates all the fjles you need to get

started, including a README and a meta fjle

• Roles can be shared and discovered via

htup:/ /galaxy.ansible.com

Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 16

Variables

• While automatjon exists to make it easier to make things

repeatable, all of your systems are likely not exactly alike.

• The behaviour or state of confjgured machines may change

and impact the desired state of other services, dynamically

• Certain confjguratjon fjles may exist as templates, which

need instantjatjon, based on their context

• Variables in Ansible are how we deal with difgerences

between systems and states

• Variables allow you to ”program” with conditj

tjons and loops

Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 17

Settjng Variables

• Variables in Ansible help you to contextualise and

abstract roles.

• Variables can be defjned in several areas
• Inventory
• Playbook
• Files and Roles
• Command Line
• Facts

Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 18

Variable Hierarchy

1) Command line variables have the highest precedence. - e 2) 'most everything else' come next.

1)Role vars 2)Task and play variables

3) Variables defjned in inventory.

1)Host and group vars

4) Next comes facts discovered about a system. 5) Default vars defjned in roles have the lowest priority

Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 19

Host Variables

• Host variables are assigned in the inventory
• Arbitrary variables can be assigned to individual

hosts

• There are also variables which change the way

Ansible behaves when managing hosts e.g

http://docs.ansible.com/ansible/intro_inventory.html#host-variables

9 . 1 4 7 . 1 5 6 . 1 7 5 \ a n s i b l e _ s s h _ p r i v a t e _ k e y _ f i l e = ~ / . s s h / a n s i b l e

• d

e f a u l t . k e y \ a n s i b l e _ s s h _ u s e r = c e n t

• s

Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 20

Group Variables

• Hosts are grouped according to aspects, or any desired

grouping

• Ansible allows you to defjne group variables which are

available for any host in a group

• Group variables can be defjned in the inventory:

[ w e b s e r v e r s : v a r s ] h t t p _ p

• r

t = 8

• Or in separate fjles under group_vars

g r

• u

p _ v a r s / w e b s e r v e r s →

• h

t t p _ p

• r

t = 8

Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 21

Facts

• Facts are discovered about the play hosts at the start
• f each play
• Unless turned ofg with g

a t h e r _ f a c t s = f a l s e

• Facts can be cached
• Facts uses the setup module, which uses various tools

such as f a c t e r and o h a i to obtain facts about hosts

• Facts are useful in determining the state of the

machines in the play

Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 22

Registering and using variables

• Variables can be statjcly set in the inventory,

roles or plays, but can also be picked up based on the events of the play

• Use register to set transient variables

r e g i s t e r : n e w v a r

• Call variables using {

{ n e w v a r } }

Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 23

Example – Ensure that EPEL is available only on RedHat machines

• Vars set in role/x/vars:
• e

p e l _ p a c k a g e : ' 6 ' : h t t p : / / f t p . f a u . d e / e p e l / 6 / x 8 6 _ 6 4 / e p e l

• r

e l e a s e

• 6
• 8

. n

• a

r c h . r p m ' 7 ' : h t t p s : / / f t p . f a u . d e / e p e l / 7 / x 8 6 _ 6 4 / e / e p e l

• r

e l e a s e

• 7
• 5

. n

• a

r c h . r p m b a s e _ p a c k a g e s :

• h

t t p d

Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 24

Example – Ensure that EPEL is available only on RedHat machines

• Use the facts and role variables in a task
• a

n s i b l e _ d i s t r i b u t i

• n

_ m a j

• r

_ v e r s i

• n

: discovered fact

• e

p e l _ p a c k a g e : role variable

• e

p e l i n s t a l l : registered variable

• n

a m e : E n s u r e t h a t E P E L i s p r e s e n t a n d c

• n

f i g u r e y u m : n a m e : " { { e p e l _ p a c k a g e [ a n s i b l e _ d i s t r i b u t i

• n

_ m a j

• r

_ v e r s i

• n

] } } " s t a t e : p r e s e n t r e g i s t e r : e p e l i n s t a l l

• n

a m e : R e

• g

e n e r a t e m e t a d a t a y u m : n a m e : ' * ' s t a t e : l a t e s t w h e n : e p e l i n s t a l l . c h a n g e d

Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 25

Magic Variables

• Some variables are automatjcally created and

fjlled by Ansible :

• i

n v e n t

• r

y _ d i r

• i

n v e n t

• r

y _ h

• s

t n a m e

• i

n v e n t

• r

y _ h

• s

t n a m e _ s h

• r

t

• i

n v e n t

• r

y _ f i l e

• p

l a y b

• k

_ d i r

• p

l a y _ h

• s

t s

• h
• s

t v a r s

• g

r

• u

p s

• g

r

• u

p _ n a m e s

• a

n s i b l e _ s s h _ u s e r

Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 26

Variable from a n s i b l e _ f a c t s

" a n s i b l e _ f a c t s " : { " a n s i b l e _ a l l _ i p v 4 _ a d d r e s s e s " : [ " 1 9 2 . 1 6 8 . 2 . 2 2 " , " 1 7 2 . 1 7 . 4 2 . 1 " ] , " a n s i b l e _ d e f a u l t _ i p v 4 " : { " a d d r e s s " : " 1 9 2 . 1 6 8 . 2 . 2 2 " , " a l i a s " : " w l a n " , " g a t e w a y " : " 1 9 2 . 1 6 8 . 2 . 1 " , " i n t e r f a c e " : " w l a n " , " m a c a d d r e s s " : " 3 c : a 9 : f 4 : d : 7 4 : c 8 " , " m t u " : 1 5 , " n e t m a s k " : " 2 5 5 . 2 5 5 . 2 5 5 . " , " n e t w

• r

k " : " 1 9 2 . 1 6 8 . 2 . " , " t y p e " : " e t h e r " } } ,

Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 27

Calling complex variables

• Ansible uses mostly JSON to manage variables.
• Variables can have arbitrary complexity.
• Variables can be dereferenced using two

difgerent syntaxes :

• {

{ a n s i b l e _ e t h [ " i p v 4 " ] [ " a d d r e s s " ] } }

• {

{ a n s i b l e _ e t h . i p v 4 . a d d r e s s } }

Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 28

Conditjons

• Ansible provides a means to apply boolean or other conditjons on

variables

• Usually used in tasks or templates with the Jinja w

h e n statement – e.g.

• n

a m e : " s h u t d

• w

n D e b i a n f l a v

• r

e d s y s t e m s " c

• m

m a n d : / s b i n / s h u t d

• w

n

• t

n

• w

w h e n : a n s i b l e _

• s

_ f a m i l y = = " D e b i a n "

• Use parentheses () to group conditjons:

w h e n : a n s i b l e _ d i s t r i b u t i

• n

= = " C e n t O S " a n d ( a n s i b l e _ d i s t r i b u t i

• n

_ m a j

• r

_ v e r s i

• n

= = " 6 "

• r

a n s i b l e _ d i s t r i b u t i

• n

_ m a j

• r

_ v e r s i

• n

= = " 7 " )

Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 29

Loops

• Ansible loops are useful for writjng cleaner

playbooks and templates.

• Ansible provides several ways to loop:
• Standard Loops
• Nested Loops
• Looping over Hashes
• Looping over Fileglobs
• Looping over Parallel Sets of

Data

• Looping over Subelements
• Looping over Integer Sequences
• Random Choices
• Do-Untjl Loops
• Finding First Matched Files
• Iteratjng Over The Results of a

Program Executjon

http://docs.ansible.com/ansible/playbooks_loops.html

Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 30

Example: Loops in templates

• An easy way to generate an /

e t c / h

• s

t s fjle { % f

• r

h

• s

t i n g r

• u

p s [ ' h e a d

• n
• d

e s ' ] % } { { h

• s

t v a r s [ h

• s

t ] [ ' a n s i b l e _ e t h ' ] [ ' i p v 4 ' ] [ ' a d d r e s s ' ] } } { { h

• s

t } } { % e n d f

• r

% }

Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 31

Example: Loop over a list

• A list variable can be used in a task to perform

several similar actjons using the same module:

• n

a m e : I n s t a l l b a s e p a c k a g e s y u m : n a m e : " { { i t e m } } " s t a t e : p r e s e n t w i t h _ i t e m s :

• t

h i s _ p a c k a g e

• t

h a t p a c a k g e

• a

n

• t

h e r p a c k a g e

Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 32

Recap

• We have writuen our fjrst inventory and started to manage
• ur machines with Ansible
• Ad-hoc commands are once-ofg ways to perform tasks on

sets of hosts

• Playbooks are more complex groupings of tasks which

defjne the desired states of our managed hosts

• Playbooks depend on variables, which have a hierarchical

precedence and allow proper contextualisatjon of the tasks

• Ansible has the powerful feature of variables, including the

possibility to have conditjonal statements and loops.

Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 33

Hands-on session Startjng our Ansible playbooks