Ansible workshop workshop Ansible The easiest way to: The easiest - - PowerPoint PPT Presentation
Ansible workshop workshop Ansible The easiest way to: The easiest way to: orchestrate, deploy and manage orchestrate, deploy and manage http://dag.wiee.rs/attic/ansible-workshop/ http://dag.wiee.rs/attic/ansible-workshop/ NLUUG Spring
http://dag.wiee.rs/attic/ansible-workshop/ http://dag.wiee.rs/attic/ansible-workshop/
NLUUG Spring Conference, Utrecht, NL NLUUG Spring Conference, Utrecht, NL Jeroen Hoekx, jeroen@hoekx.be Jeroen Hoekx, jeroen@hoekx.be Dag Wieërs, dag@wiee.rs Dag Wieërs, dag@wiee.rs
– Well-defined unique selling proposition
Well-defined unique selling proposition
– Small auditable codebase (back in the day ;-))
Small auditable codebase (back in the day ;-))
– 700+ unique contributors in first 2 years
700+ unique contributors in first 2 years
– Has slowed down when maturing
Has slowed down when maturing
– large dotcoms, hosting providers, universities,
large dotcoms, hosting providers, universities, banks, government agencies, consultants, banks, government agencies, consultants, startups, Open Source projects startups, Open Source projects
Uses SSH, no agent
– Self-bootstrapping, no installation
Self-bootstrapping, no installation
– No extraneous PKI, uses existing authentication/authorization
No extraneous PKI, uses existing authentication/authorization
Swiss army knife
– parallel execution, provisioning, application deployment, configuration
parallel execution, provisioning, application deployment, configuration management, orchestration, use-as-a-library, reporting tool, ... management, orchestration, use-as-a-library, reporting tool, ...
Complex orchestration made easy
– Simple management language (YAML-based !)
Simple management language (YAML-based !)
– “
“Infrastructure as data” (not as code !) Infrastructure as data” (not as code !)
– Multi-tier management, multi-user
Multi-tier management, multi-user
Core written in python
– Modules can be in any language, interfaces using JSON
Modules can be in any language, interfaces using JSON
Get started in less than 10 minutes
Privilege escalation
– sudo, su, powerbroker, …
sudo, su, powerbroker, …
Idempotency
– Not enforced, but advised
Not enforced, but advised
Orchestration
– Control “when”, “what”
Control “when”, “what” and “where” and “where”
Declarative
– Language limits
Language limits complexity complexity
Multi-user
– Power to the people !
Power to the people !
Module development
– Any language supported by
Any language supported by target target (python, powershell) (python, powershell)
Transports
– local, ssh, chroot, jail, lxc,
local, ssh, chroot, jail, lxc, winrm, zone, fireball, winrm, zone, fireball, accelerate, funcd accelerate, funcd
Integration
– Design allows integration at
Design allows integration at various levels various levels
– python 2.6, paramiko/openssh, PyYAML, jinja2
python 2.6, paramiko/openssh, PyYAML, jinja2
– git clone git://github.com/ansible/ansible.git
git clone git://github.com/ansible/ansible.git
– cd ./ansible
cd ./ansible 1. 1. source ./hacking/env-setup source ./hacking/env-setup 2. 2. make install make install
3. 3. make deb make deb / / make rpm make rpm
KVM and Libvirt KVM and Libvirt
Copy vm-noname.img vm-noname.img to local to local disk-store (/var/lib/libvirt/images) disk-store (/var/lib/libvirt/images)
Create new VM “vm-master”
– Use “import existing disk image” but
Use “import existing disk image” but “Browse local” to vm-master.img “Browse local” to vm-master.img
– As a Linux guest using Red Hat EL6
As a Linux guest using Red Hat EL6
– Use 1 CPU and 512MB RAM
Use 1 CPU and 512MB RAM
– Use the “Virtual network 'default':
Use the “Virtual network 'default': NAT” NAT”
Clone this VM as “vm-web
Clone this VM again as “vm-db”
Start all VMs Virtual Box Virtual Box
Copy vm-noname.vmdk vm-noname.vmdk to local disk to local disk
Create a Host-Only network vboxnet0 and use it below and use it below
Create new VM “vm-master”
– As a Linux guest using Red Hat (32bit)
As a Linux guest using Red Hat (32bit)
– Use 512MB RAM
Use 512MB RAM
– Use “an existing virtual hard drive file”
Use “an existing virtual hard drive file” (vmdk) (vmdk)
– Modify the VM to use the created Host-
Modify the VM to use the created Host- Only network vboxnet0 Only network vboxnet0
Clone this VM as “vm-web”
Clone this VM again as “vm-db”
Start all VMs
During this session:
– Documentation available from:
Documentation available from: docs.ansible.com docs.ansible.com
– Let us know if you need help
Let us know if you need help
To proceed, log on to vm-master using SSH vm-master using SSH
– Username:
Username: root root / Password: / Password: root root
– Go inside
Go inside ~/workshop/ ~/workshop/
– Edit the
Edit the hosts hosts file file
– Use the IP addresses from the other VMs
Use the IP addresses from the other VMs
– flat file(s), yaml or custom scripts
– Collection of groups, hosts, variables
Collection of groups, hosts, variables
– scripted in any language, using json
– Offers specific functionality used in tasks
Offers specific functionality used in tasks
– python scripts
– action, callback, connection, filter, lookup, ...
action, callback, connection, filter, lookup, ...
– yaml description
– Collection of plays
Collection of plays
Collection of tasks
Action Action
assemble, command, copy, fetch, get_url, ping, raw, script, assemble, command, copy, fetch, get_url, ping, raw, script, shell, slurp, template, uri shell, slurp, template, uri
Management Management
authorized_keys, cron, file, group, ini_file, lineinfile, lvol, mount, authorized_keys, cron, file, group, ini_file, lineinfile, lvol, mount, seboolean, selinux, service, supervisorctl, sysctl, user, virt, zfs seboolean, selinux, service, supervisorctl, sysctl, user, virt, zfs
Deployment Deployment
cloudformation, django_manage, easy_install, fireball, gem, git, cloudformation, django_manage, easy_install, fireball, gem, git, hg, mongodb_user, mysql_db, mysql_user, nagios, pip, hg, mongodb_user, mysql_db, mysql_user, nagios, pip, postgresql_db, postgresql_user, rabbitmq_parameter, postgresql_db, postgresql_user, rabbitmq_parameter, rabbitmq_plugin, rabbitmq_user, rabbitmq_vhost, subversion rabbitmq_plugin, rabbitmq_user, rabbitmq_vhost, subversion
OS specific OS specific
apt, apt_key, apt_repository, macports, opkg, pacman, pkgin, apt, apt_key, apt_repository, macports, opkg, pacman, pkgin, svr4pkg, yum svr4pkg, yum
Workflow Workflow
add_host, async_status, debug, fail, group_by, mail, pause, add_host, async_status, debug, fail, group_by, mail, pause, wait_for wait_for
Inventory Inventory
ec2_facts, facter, hpilo_facts, network_facts, ohai, setup, ec2_facts, facter, hpilo_facts, network_facts, ohai, setup, virt_facts, vsphere_facts virt_facts, vsphere_facts
Provisioning Provisioning
ec2, ec2_vol, hpilo_boot, virt_boot, virt_create, vsphere_boot ec2, ec2_vol, hpilo_boot, virt_boot, virt_create, vsphere_boot
Action Action
assemble, command, copy, fetch, get_url, ping, raw, script, assemble, command, copy, fetch, get_url, ping, raw, script, shell, slurp, template, uri shell, slurp, template, uri
Management Management
authorized_keys, cron, file, group, ini_file, lineinfile, lvol, mount, authorized_keys, cron, file, group, ini_file, lineinfile, lvol, mount, seboolean, selinux, service, supervisorctl, sysctl, user, virt, zfs seboolean, selinux, service, supervisorctl, sysctl, user, virt, zfs
Deployment Deployment
cloudformation, django_manage, easy_install, fireball, gem, git, cloudformation, django_manage, easy_install, fireball, gem, git, hg, mongodb_user, mysql_db, mysql_user, nagios, pip, hg, mongodb_user, mysql_db, mysql_user, nagios, pip, postgresql_db, postgresql_user, rabbitmq_parameter, postgresql_db, postgresql_user, rabbitmq_parameter, rabbitmq_plugin, rabbitmq_user, rabbitmq_vhost, subversion rabbitmq_plugin, rabbitmq_user, rabbitmq_vhost, subversion
OS specific OS specific
apt, apt_key, apt_repository, macports, opkg, pacman, pkgin, apt, apt_key, apt_repository, macports, opkg, pacman, pkgin, svr4pkg, yum svr4pkg, yum
Workflow Workflow
add_host, async_status, debug, fail, group_by, mail, pause, add_host, async_status, debug, fail, group_by, mail, pause, wait_for wait_for
Inventory Inventory
ec2_facts, facter, hpilo_facts, network_facts, ohai, setup, ec2_facts, facter, hpilo_facts, network_facts, ohai, setup, virt_facts, vsphere_facts virt_facts, vsphere_facts
Provisioning Provisioning
ec2, ec2_vol, hpilo_boot, virt_boot, virt_create, vsphere_boot ec2, ec2_vol, hpilo_boot, virt_boot, virt_create, vsphere_boot
Actions: Increase verbosity Increase verbosity
Display JSON module output Display JSON module output
Display (real) targets / communication Display (real) targets / communication
Display low-level SSH execution Display low-level SSH execution
Display SSH verbose communication Display SSH verbose communication
Modules: Test individual modules remotely Test individual modules remotely
export ANSIBLE_KEEP_REMOTE_FILES=1 export ANSIBLE_KEEP_REMOTE_FILES=1
Delays: Use “pstree” on remote ends Use “pstree” on remote ends
watch -n1 'for pid in $(pgrep sshd); do pstree -al $pid; done' watch -n1 'for pid in $(pgrep sshd); do pstree -al $pid; done'
Freezes: Disable pty's to avoid input prompts (paramiko) Disable pty's to avoid input prompts (paramiko)
Logic: Add debug actions to print data structures Add debug actions to print data structures
Templates: Use --check and --diff during development Use --check and --diff during development
The “action: module” dilemma
– Don't be fooled, YAML tasks
Don't be fooled, YAML tasks are are dictionaries (!) dictionaries (!)
Playbooks are “documented” declarations
– Always name your actions
Always name your actions
– Don't describe, but give meaning
Don't describe, but give meaning
Keep playbooks simple and honest
– Use dynamic inventories to state context
Use dynamic inventories to state context
– Templates can help to reduce playbook spaghetti
Templates can help to reduce playbook spaghetti
– Push complex logic into custom modules (locality)
Push complex logic into custom modules (locality)
– Sometimes custom lookup_plugins and with_* can help
Sometimes custom lookup_plugins and with_* can help
Idem-potency is key ! Modules can help, but...
– Use “creates=” and “removes=” where possible
Use “creates=” and “removes=” where possible
– Use “changed_when:” and “failed_when:” to influence outcome
Use “changed_when:” and “failed_when:” to influence outcome
This workshop is available from: This workshop is available from: github.com/ansible-provisioning github.com/ansible-provisioning