How to use Ansible to automate your applications in AWS. What is Ansible and why is it different? How to control cloud deployments securely and how to control AWS resources using dynamic inventory and tags.
2. • Open source configuration management platform written in Python
and backed by software giant RedHat
• Salt, Chef, Puppet are other CM platforms
• Scripting on a high level
• Designed to be centralized, lightweight, scalable, fast, easy to
install and use
• Used for any task that you need to do more than once
• Playbooks (Ansible scripts) written in YAML
• No agent required on target hosts
What is Ansible?
3. How Ansible is Different
from Other CM Platforms
Ansible Other CM Platforms
(Chef, Puppet, Salt)
SSH (22)
Control
Node
Remote Hosts
CM Agent
Control
Node
4. • Ansible performs tasks on hosts and calls modules to
perform them
• Ansible runs through its tasks on a set of hosts in parallel
• Modules provide wrappers for tasks
• Tasks make changes only if necessary
• Core set of modules for common SysAdmin tasks
(package maintenance, filesystem maintenance etc.)
• Modules for shell commands and scripts
How does Ansible Work?
5. • Many cloud modules come built-in
• Can be run as a local action and perform the action from your
laptop
• Covers most common cloud tasks.
ec2 - create, terminate, start or stop an instance in ec2
ec2_ami - create or destroy an image in ec2
ec2_ami_search - Retrieve AWS AMI information for a given operating system.
ec2_asg - Create or delete AWS Autoscaling Groups
ec2_eip - associate an EC2 elastic IP with an instance.
ec2_elb - De-registers or registers instances from EC2 ELBs
ec2_facts - Gathers facts about remote hosts within ec2 (aws)
ec2_group - maintain an ec2 VPC security group.
ec2_key - maintain an ec2 key pair.
ec2_vol - create and attach a volume, return volume id and device map
… and many more)
AWS Cloud Modules
6. How Cloud Modules Work
Regular Module
Python Script Sent over SSH
e.g. Install Apache
AWS Cloud Module
Control Node
Control Node
Amazon API
Boto
Provision AWS Service e.g. Add EBS
Remote Host
Local
Action
Remote Host
7. • Ansible needs to know where to run commands
• This information is found in an inventory file
• It can be static and manually maintained
localhost ansible_connection=local <——-> Host
[webservers] <——-> Group
10.10.10.10 ansible_user=ec2-user ansible_ssh_private_key_file=~/.ssh/aws.pem
10.10.10.20
[dbservers]
one.example.com
• You can include many extra details in inventory file - tags,
SSH keys, aliases, login user etc.
Inventory File
8. • Inventory file that is generated automatically at runtime by
a script
• Ansible knows to run the inventory file as a script because
of executable permissions on the file
• Useful for cloud environments because hosts and their
addresses change often
• Script makes API calls to cloud provider and uses
information to generate inventory file
• Scripts for AWS, OpenStack etc on Ansible Github repo
Dynamic Inventory
9. • Defines each host as a JSON object
• Public or private IP used as host identifier (ec2.ini)
• Groups hosts according to many filters (instance
type, tags, security groups, AZs)
• EC2 instance details can be referenced at runtime
(e.g. tags, instance type, private key name etc.)
AWS Dynamic Inventory
10. • Extremely powerful Ansible module (setup) that is
optionally run at the beginning of a Playbook
• Gathers LOTS of information about the host that can
be accessed by Playbook at runtime
• Variables defined by facts can be referenced at run
time by the Playbook
• Useful for provisioning systems based on conditions
(OS, kernel, volumes, network interfaces etc.)
Get Facts
11. • Ansible can either be run as an ad-hoc command
or as script called a Playbook (YAML format)
• Ad-hoc command is for one time command on
many servers
• Ad-hoc Command Usage:
# ansible <host-pattern> -m <module> -
a <arguments> -i inventory [options]
Ad-hoc Command
13. • The real power of Ansible are Playbooks
• Easily readable set of tasks to perform
• Include files for easy grouping of tasks
• Only perform tasks on based on instance specific info
(AWS instance tags, AWS instance type, OS type, etc.)
• Playbook Command Usage:
# ansible-playbook playbook.yml -i
inventory [options]
Playbooks
14. • Comprehensive documentation on Ansible website
• Example playbooks on Ansible Github repo
• Ansible Galaxy - community repo of Playbooks
(galaxy.ansible.com)
• Ansible Tower - Commercial visual dashboard
Getting Started
15. • Released at beginning of 2016
• Introduced code blocks
• Try-catch statements
• Extended support for Windows (winrm)
• Many more cloud modules
Ansible 2.0
16. 1. Provision instances in AWS environment
2. Apply AWS configurations (Security Groups etc.)
3. Install LAMP services
4. Copy custom configuration files, set services to on
etc.
Provision LAMP Stack
17. • There isn’t time to do things manually if you want to
remain profitable
• Tasks that you thought were not easy to automate
often are
• Ansible does not make mistakes - people do!
• Can prepare environment for Ansible with a
wrapper script
Tip 1: Be Lazy
18. • All configuration done with SSH
• All key locations are passed as a dynamically
generated path
• Boto credentials are set as environment variables
with a wrapper script
• No sensitive data ever included in playbook -
customer specific data stored at a separate
location
Tip 2: Be Secure
19. • Write playbooks that can run on many OSs
• Automatically detect login user name
• Use templates, dynamic inventory variables and
Ansible facts
• Dynamically locate customer specific variables
Tip 3: Be Dynamic
20. Thank you!
By the way, we’re hiring:
Cloud engineers and DevOps
contact@cloudzone.io