Ansible - Crash course

RACKSPACE® HOSTING | WWW.RACKSPACE.COMsimone.soldateschi@rackspace.co.uk
Brown bag - Crash course
Automation makes IT better
@soldasimo
simonesoldateschi

Agenda
● Presentation (20’)
o The basics
o Playbooks
o Sharing code
● Q&A (5’)
● Quiz (5’)

The basics
Installation on management host:
$ pip install ansible
That’s it!

The basics
Installing agent on
managed hosts:

The basics
Can be as simple as:
mail.example.com
or:
10.1.157.183
Create an inventory file

The basics
Is host alive?
$ ansible -i ~/etc/hosts all -m ping
Ansible - Quickstart
ss-dfw-00 | success >> {
"changed": false,
"ping": "pong"
}

The basics
Tons of servers to run commands on?
$ ansible -i ~/etc/hosts all -m shell -a 'df -h'
Ansible - Quickstart
ss-dfw-00 | success | rc=0 >>
Filesystem Size Used Avail Use% Mounted on
rootfs 20G 1.6G 18G 9% /
udev 10M 0 10M 0% /dev
...

A few facts about Ansible

A few facts about Ansible
● open-source
● free-software (GPL v3)
● written in Python
● agent-less
● push model ← K.I.S.S.
● commercial version
...OK, SSH is an agent ;)
● enterprise support, SLA, …

Why use ansible?
Automate repetitive tasks

Inventory

Inventory - Hosts and Groups
mail.example.com
10.1.157.183
[webservers]
foo.example.com
bar.example.com
[dbservers]
one.example.com
two.example.com
three.example.com
$ ansible -i /path/to/inventory
GROUP_NAME …

ss-dfw-00
10.182.37.244
$ ansible -i ~/etc/hosts all --sudo -m command -a 'aptitude update'
ss-dfw-00 | success | rc=0 >>
Get: 1 http://mirror.rackspace.com wheezy Release.gpg [1672 B]
Get: 2 http://mirror.rackspace.com wheezy/updates Release.gpg [836 B]
Get: 3 http://mirror.rackspace.com wheezy-backports Release.gpg [836 B]
…

[webservers]
foo.example.com
bar.example.com
[dbservers]
one.example.com
two.example.com
three.example.com

$ ansible -i hosts webserver -f10
-m command
-a ‘aptitude install apache2’
[webservers]
foo.example.com
bar.example.com
[dbservers]
one.example.com
two.example.com
three.example.com
$ ansible -i hosts dbserver -f10
-m command
-a ‘aptitude install mysql’

[webservers]
foo.example.com
bar.example.com
[dbservers]
foo.example.com

[webservers]
www[01:10].example.com
bar.example.com
[dbservers]
db-[a:f].example.com

Inventory - Hosts variables
[atlanta]
host1 http_port=80 maxRequestsPerChild=808
host2 http_port=303 maxRequestsPerChild=909

Modules
What can modules do?
● run commands
● transfer files
● install packages
● manage daemons
● manage users and groups
● gather facts
● deploy software with SCM
● manage DBs (MySQL,
PostgreSQL, MongoDB,
Redis, …)
● manage Cloud devices
See:
http://docs.ansible.com/modules_by_category.html

Desired State
Go live!

Desired state
Write code to tell the computer
how to set up itself!

Playbooks
● Contain one or more plays
● Written in YAML
○ declarative config
○ not code
● Executed in the order it is
written (aka Imperative)

Playbooks
---
- name: deploy web server
user: foouser
sudo: True
hosts: all
tasks:
- name: install apache
apt: pkg=apache2-mpm-prefork state=latest

Playbooks
---
user: foouser
sudo: True
hosts: all
tasks:
Inventory

Playbooks
---
user: foouser
sudo: True
hosts: all
tasks:
Documentation
Arguments
Module

Playbooks - output
$ ansible-playbook -i ~/etc/hosts main.yml
PLAY [deploy web server] ******************************************************
GATHERING FACTS ***************************************************************
ok: [ss-dfw-00]
TASK: [install apache] ********************************************************
changed: [ss-dfw-00]
PLAY RECAP ********************************************************************
ss-dfw-00 : ok=2 changed=1 unreachable=0 failed=0
foouser@ss-dfw-00:~$ sudo netstat -putan | grep 80
tcp6 0 0 :::80 :::* LISTEN
11306/apache2
Desired state

Playbooks - output
GATHERING FACTS ***************************************************************
ok: [ss-dfw-00]
changed: [ss-dfw-00]
PLAY RECAP ********************************************************************
foouser@ss-dfw-00:~$ sudo netstat -putan | grep 80
tcp6 0 0 :::80 :::* LISTEN
11306/apache2
NOT Desired state

Playbooks
Idempotency
1 * N 0 + N

Playbooks - output
GATHERING FACTS ***************************************************************
ok: [ss-dfw-00]
ok: [ss-dfw-00]
PLAY RECAP ********************************************************************
Idempotency

Playbooks - Conditionals
---
.
.
.
tasks:
- name: install apache on Debian based distros
when: ansible_os_family=="Debian"
- name: install apache on Red-Hat based distros
yum: pkg=httpd state=latest
when: ansible_os_family=="RedHat"

Playbooks - Includes
---
.
.
.
tasks:
- include: apache_debian.yml
when: ansible_os_family=="Debian"
- include: apache_redhat.yml
when: ansible_os_family=="RedHat"

---
# apache_debian.yml
tasks:
- name: install apache on Debian based distros

---
# apache_redhat.yml
tasks:
- name: install apache on Red-Hat based distros
yum: pkg=httpd state=latest

Playbooks - Deploy LAMP
Let’s deploy LAMP with Ansible!

Playbooks - Groups of servers
webservers dbservers

Inventory file
[webservers]
web0
web1
[dbservers]
db0

roles
common
db
web
lamp_simple
---
# This playbook deploys the whole application stack in this
site.
- name: apply common configuration to all nodes
hosts: all
user: root
roles:
- common
- name: configure and deploy the webservers and application
code
hosts: webservers
user: root
roles:
- web
- name: deploy MySQL and configure the databases
hosts: dbservers
user: root
roles:
- db

common
tasks
db
tasks
web
tasks
playbooks

common
tasks
---
# This playbook contains common plays that will be run on all nodes.
- name: Install ntp
yum: name=ntp state=present
tags: ntp
- name: Configure ntp file
template: src=ntp.conf.j2 dest=/etc/ntp.conf
tags: ntp
notify: restart ntp
…

db
tasks
---
# This playbook will install mysql
# and create db user and give permissions.
- name: Install Mysql package
yum: name={{ item }} state=installed
with_items:
- mysql-server
- MySQL-python
- libselinux-python
- libsemanage-python
…

web
tasks
---
# These tasks install http and the php modules.
- name: Install http and php etc
yum: name={{ item }} state=present
with_items:
- httpd
- php
- php-mysql
- …
- name: insert iptables rule for httpd
lineinfile: dest=/etc/sysconfig/iptables create=yes state=present
regexp="{{ httpd_port }}" insertafter="^:OUTPUT "
line="-A INPUT -p tcp --dport {{ httpd_port }} -j
ACCEPT"
notify: restart iptables
…

Best practices - Directory layout
site.yml # master playbook
webservers.yml # playbook for webserver tier
dbservers.yml # playbook for dbserver tier
roles/
common/ # this hierarchy represents a "role"
tasks/ #
main.yml # <-- tasks file can include smaller files if warranted
handlers/ #
main.yml # <-- handlers file
templates/ # <-- files for use with the template resource
ntp.conf.j2 # <------- templates end in .j2
files/ #
bar.txt # <-- files for use with the copy resource
foo.sh # <-- script files for use with the script resource
vars/ #
main.yml # <-- variables associated with this role
webtier/ # same kind of structure as "common" was above, done for the webtier role
monitoring/ # ""
fooapp/ # ""

Sharing playbooks

Sharing playbooks
$ git clone https://github.com/ansible/ansible-examples
Cloning into 'ansible-examples'...
remote: Reusing existing pack: 1698, done.
remote: Total 1698 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (1698/1698), 3.73 MiB | 296.00
KiB/s, done.
Resolving deltas: 100% (355/355), done.
Checking connectivity... done

Sharing playbooks
$ ansible-playbook -i ~/etc/hosts lamp_simple/site.yml

Sharing code

Agenda
● Presentation (20’)
o The basics
o Playbooks
o Git repositories
● Q&A (5’)
● Quiz (5’)

Quiz

Give your feedback!

References
Ansible Workshttp://www.ansible.com/home
Ansible
Documentationhttp://docs.ansible.com/inde
x.html
Ansible source
codehttps://github.com/ansible/ansible
Ansible
exampleshttps://github.com/ansible/ansible-
examples
Best
practiceshttp://docs.ansible.com/
playbooks_best_practices.html

Homework
● Replay examples
● commit result to GitHub
● send me a message

@soldasimo
simonesoldateschi

Ansible - Crash course

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Ansible - Crash course

Similar to Ansible - Crash course (20)

Recently uploaded

Recently uploaded (20)

Ansible - Crash course

Editor's Notes