Ansible A brief overview Robin Long June 22, 2016 Robin Long - - PowerPoint PPT Presentation

ansible
SMART_READER_LITE
LIVE PREVIEW

Ansible A brief overview Robin Long June 22, 2016 Robin Long - - PowerPoint PPT Presentation

Mar 26, 2024 231 likes •470 views

Ansible A brief overview Robin Long June 22, 2016 Robin Long (Lancaster University) Ansible June 22, 2016 1 / 1 Introduction How could we configure a server? Manual install? - Slow Shell scripts? - What is I run them a second

slide-1
SLIDE 1

Ansible

A brief overview

Robin Long June 22, 2016

Robin Long (Lancaster University) Ansible June 22, 2016 1 / 1

slide-2
SLIDE 2

Introduction

  • How could we configure a server?
  • Manual install? - Slow
  • Shell scripts? - What is I run them a second time?
  • Configuration Managment? Many options here.
  • What do you mean I need a server to setup a server?

Robin Long (Lancaster University) Ansible June 22, 2016 2 / 1

slide-3
SLIDE 3

Why Ansible?

  • Lightweight.
  • Simple.
  • It is its own documentation.
  • Forces better practises.

Robin Long (Lancaster University) Ansible June 22, 2016 3 / 1

slide-4
SLIDE 4

Cutting the strings and setting yourself free.

  • Why not puppet?
  • Very complex, nested, unclear.
  • Need a server to setup a server.
  • Getting too big.
  • RedHat bought ansible.

Robin Long (Lancaster University) Ansible June 22, 2016 4 / 1

slide-5
SLIDE 5

Ansible Requirements

  • Needs very few dependencies:
  • Python
  • Jinja2
  • PyYAML
  • Paramiko
  • laptop
  • Ansible just uses SSH, no need for servers, certificates and

client installs.

Robin Long (Lancaster University) Ansible June 22, 2016 5 / 1

slide-6
SLIDE 6

Ansible Setup - Hosts file

  • Ansible uses a very simple hosts file
  • default is /etc/ansible/hosts
  • pass a -i <inventory file> to ansible

[storage-nodes] stor[000:031].hec.lancs.ac.uk [service-nodes] fal-pygrid-15.lancs.ac.uk fal-pygrid-30 [loki] py-loki.lancs.ac.uk:222 [norse] py-loki.lancs.ac.uk:222 py-eir.lancs.ac.uk

Robin Long (Lancaster University) Ansible June 22, 2016 6 / 1

slide-7
SLIDE 7

Ansible - Basic commands

  • We can use ansible on the command line to issue basic

commands and tasks

$ ansible <host-pattern> [-f forks] [-m module_name] [-a args] $ ansible storage-nodes -m yum -a ‘‘name=httpd state=installed’’ $ ansible storage-nodes -m service -a ‘‘name=httpd state=running enabled=yes’’

  • ansible uses variables. System defaults called facts

$ ansible local -m setup

  • use -u <user> if host and client differ.

Robin Long (Lancaster University) Ansible June 22, 2016 7 / 1

slide-8
SLIDE 8

Ansible - Playbooks

  • simple way to manage many machines.
  • Declare configurations and orchestrate complex processes
  • Uses YAML
  • Contain many different plays - each play is a task (install and

start running apache.)

Robin Long (Lancaster University) Ansible June 22, 2016 8 / 1

slide-9
SLIDE 9

Ansible - Playbooks

  • hosts: webservers

vars: http_port: 80 max_clients: 200 remote_user: root tasks:

  • name: ensure apache is at the latest version

yum: name=httpd state=latest

  • name: write the apache config file

template: src=/srv/httpd.j2 dest=/etc/httpd.conf notify:

  • restart apache
  • name: ensure apache is running (and enable it at boot)

service: name=httpd state=started enabled=yes handlers:

  • name: restart apache

service: name=httpd state=restarted

Robin Long (Lancaster University) Ansible June 22, 2016 9 / 1

slide-10
SLIDE 10

Playbooks

Splitting long lines

  • hosts: webservers

vars: http_port: 80 max_clients: 200 remote_user: root tasks:

  • name: ensure apache is at the latest version

yum: name: httpd state: latest

  • name: write the apache config file

template: src: /srv/httpd.j2 dest: /etc/httpd.conf notify:

  • restart apache
  • name: ensure apache is running (and enable it at boot)

service: name: httpd state: started enabled: yes handlers:

  • name: restart apache

service: name: httpd state: restarted Robin Long (Lancaster University) Ansible June 22, 2016 10 / 1

slide-11
SLIDE 11

Ansible - Playbooks

  • execute by running

ansible-playbook playbook.yml -f 10

Robin Long (Lancaster University) Ansible June 22, 2016 11 / 1

slide-12
SLIDE 12

Ansible - Roles

  • we can include other playbooks in our main one with
  • include: servers.yml
  • This allows more complex playbooks, and roles.
  • Roles are much the same as playbooks, just with added search

paths.

site.yml storage-servers.yml roles/ common/ files/ templates/ tasks/ handlers/ vars/ defaults/ meta/ storage-servers/ ...

Robin Long (Lancaster University) Ansible June 22, 2016 12 / 1

slide-13
SLIDE 13

Ansible - Roles

  • storage-servers.yml would then be:
  • hosts: webservers

roles:

  • common
  • storage-servers

Robin Long (Lancaster University) Ansible June 22, 2016 13 / 1

slide-14
SLIDE 14

Variables, Jinja2, Conditionals and Loops

  • Ansible variables can be used in playbooks and templates.
  • System created “facts” can be seen from running

ansible hostname -m setup

  • most useful with templates.
  • variables called in playbooks and tempates using

{{ variable_name }}

  • can filter variables using jinja2.

Robin Long (Lancaster University) Ansible June 22, 2016 14 / 1

slide-15
SLIDE 15

examples - loops I

  • name: Install cvmfs and dependencies.

yum: name={{ item }} state=present with_items:

  • fuse
  • cvmfs
  • cvmfs-init-scripts

Robin Long (Lancaster University) Ansible June 22, 2016 15 / 1

slide-16
SLIDE 16

examples - loops II

# copy host cert and key to /etc/grid-security/

  • name: copy host cert and key to /etc/grid-security/

copy: src={{item.src}} dest={{item.dest}} mode={{item.mode}} with_items:

  • {src: ‘‘{{ host_cert }}’’, dest: /etc/grid-security/hostcert.pem, mode: ‘‘u=rw,g=r,o=r’’}
  • {src: ‘‘{{ host_key }}’’,

dest: /etc/grid-security/hostkey.pem, mode: ‘‘u=r,g=,o=’’} Robin Long (Lancaster University) Ansible June 22, 2016 16 / 1

slide-17
SLIDE 17

examples - template - file

# Automatically created by ansible # using the ansible-bdii-site role SITEBDII ldap://{{ ansible_fqdn }}:2170/mds-vo-name=resource,o=grid {%if SITEURLS is defined %} {% for alias, url in SITEURLS.iteritems() %} {{ alias }} ldap://{{ url }}:2170/mds-vo-name=resource,o=grid {% endfor %} {% endif %}

Robin Long (Lancaster University) Ansible June 22, 2016 17 / 1

slide-18
SLIDE 18

examples - loops

  • SITEURLS:

HEC: carceri.hec.lancs.ac.uk DPM: fal-pygrid-30.lancs.ac.uk

Robin Long (Lancaster University) Ansible June 22, 2016 18 / 1

slide-19
SLIDE 19

examples - loops

# Automatically created by ansible # using the ansible-bdii-site role SITEBDII ldap://py-fjalar.hec.lancs.ac.uk:2170/mds-vo-name=resource,o=grid DPM ldap://fal-pygrid-30.lancs.ac.uk:2170/mds-vo-name=resource,o=grid HEC ldap://carceri.hec.lancs.ac.uk:2170/mds-vo-name=resource,o=grid

Robin Long (Lancaster University) Ansible June 22, 2016 19 / 1

slide-20
SLIDE 20

group variables

group_vars/ all bdii-site cvmfs-client loki service-nodes squid storage-nodes vac

Robin Long (Lancaster University) Ansible June 22, 2016 20 / 1

slide-21
SLIDE 21

group variables

  • # Variables here are applicable to the bdii-site group

SITE_NAME: UKI-NORTHGRID-LANCS-HEP SITE_COUNTRY: UK SITE_DESC: UKI-NORTHGRID-LANCS-HEP SITE_WEB: https://lancsgrid.wordpress.com SITE_LOC: Lancaster, UK SITE_LAT: 54.0105 SITE_LONG: -2.784 SITE_EMAIL: lcg-admin@lancs.ac.uk SITE_SECURITY_EMAIL: lcg-admin@lancs.ac.uk SITE_SUPPORT_EMAIL: lcg-admin@lancs.ac.uk OTHERINFO:

  • GRID=EGEE
  • GRID=GRIDPP
  • GRID=WLCG
  • GRID=NORTHGRID
  • TIER=2

SITEURLS: HEC: carceri.hec.lancs.ac.uk DPM: fal-pygrid-30.lancs.ac.uk

Robin Long (Lancaster University) Ansible June 22, 2016 21 / 1

slide-22
SLIDE 22

Collaborate?

  • Time to share code?
  • https://github.com/lancsgrid/
  • squid ( production )
  • bdii ( production )
  • cvmfs-client ( production )
  • argus ( in progress )

Robin Long (Lancaster University) Ansible June 22, 2016 22 / 1

slide-23
SLIDE 23

Robin Long June 22, 2016