SlideShare ist ein Scribd-Unternehmen logo

Ansible - The Swiss Army Knife of IT Orchestration

B
bcoca

A quick intro into ansible with a view on the BSDs

Technologie
1 von 26
Downloaden Sie, um offline zu lesen
Ansible swiss army knife orchestration Brian Coca May 2013
My Ops evolution manual updates + logbook at + .bat scripts (yes, Windows) {telnet, rsh, ssh} + for loops + command line shells/perl/python custom scripts + cssh/pssh CM and Provisioning Applications
What I DON'T want agents/daemons (more software to manage) ports (more firewall rules) ssl/pki (cert/key management!!!) any setup in general (I'm lazy that way) translations for provision, config and ad-hoc
Enter Ansible ● Minimal setup (my definition: just needs Python*) ● Leverages existing auth{entication,orization} ○ SSH as default transport ○ Can use sudo or root keys ● Supports ad-hoc (1 liner reuse!) ● Can run from checkout (port/rpm/deb/pip/etc) ● Predictable, easily expandable, portable ● Aims to be idempotent
The diagram
Terminology Inventory: list of hosts, groups and variables Modules: actually do the work, any language Plugins: callback, action and other hooks Facts: data gathered from target hosts Playbook: collections of plays Play: loops over a list of tasks mapped to a list of hosts Task: invokes a module to do the work (handlers are a type of task)
Inventory (hosts and groups) Simple ini: [web] web0 web1.example.com ansible_ssh_port=1234 web[02:15] [db] mysql[1:3] mysql_port=6666 mysqlbackup ansible_ssh_host=10.10.1.23 Can be dynamic (+x): - ec2.py - cobbler - just return json (easy to write your own) - directory: will use all contained files
Modules at first I knew all core, now ... : add_host,debug,get_url,mount,postgresql_user,slurp, apt,django_manage,git,mysql_db,rabbitmq_parameter, subversion,apt_key,easy_install,group,mysql_user, rabbitmq_plugin,supervisorctl,apt_repository,ec2,group_by, nagios,rabbitmq_user,svr4pkg,assemble,ec2_facts,hg,ohai, rabbitmq_vhost,sysctl,async_status,ec2_vol,ini_file,opkg,raw, template,async_wrapper,facter,libr,pacman,script,uri, authorized_key,fail,lineinfile,pause,seboolean,user, cloudformation,fetch,lvol,ping,selinux,virt,command,file, macports,pip,service,wait_for,copy,fireball,mail,pkgin,setup, yum,cron,gem,mongodb_user,postgresql_db,shell,zfs * The list was probably outdated at the time I updated it
Plugins ● callback/action can use data returned (log, db update) or as triggers (update dns) ● connection ssh alternatives (local, chroot, etc) ● inventory, lookup, vars, filter data from other sources or formats
Facts On by default (gather_facts: False to disable) Can use ohai/facter or custom fact modules BSDs, Solaris, AIX lag behind, but not much * mdehaan: 'send me a patch :-)' Usable in plays and modules (template)
Facts #>ansible -m setup testbsd|head -n 10 testbsd | success >> { "ansible_facts": { "ansible_all_ipv4_addresses": [ "10.1.1.4" ], "ansible_all_ipv6_addresses": [], "ansible_architecture": "amd64", "ansible_machine": "amd64", "ansible_memfree_mb": 1161, "ansible_memtotal_mb": 15850,
Playbooks Plays and Tasks nginx.yml --- - hosts: web sudo: True vars: domain: example.com tasks: - name: Install nginx action: shell pkg_add -r nginx creates=/usr/local/bin/nginx - name: configure nginx template: src=templates/nginx.conf.j2 dest=/usr/local/etc/nginx.conf notify: nginx-restart handlers: - name: nginx-restart service: name=nginx state=restarted #> ansible-playbook -K nginx.yml
Playbooks Plays and Tasks (again) Organize it your way! users/ users/app.yml users/admins.yml users/departed.yml users/devs.ym users/user_actions.yml users/files users/files/keys users/files/keys/user1.keys users/files/keys/user2.keys users/var_files users/var_files/users.yml users/var_files/app.yml - name: Ensure ops users exist everywhere with wheel hosts: all gather_facts: False sudo: True vars_files : [ var_files/users.yml ] vars: - active: [ bcoca, eoot, dog ] - user_groups: '${admin_group}' tasks: - include: user_actions.yml with_items: $active admins.yml
Plays and Tasks (user_actions.yml) - name: Ensure user exists user: > name=${item} uid=${users.${item}.id} password="${users.$item.pass}" comment="${users.$item.name}" groups="${user_groups}" shell=${ansible_bash_interpreter} append=true state=present - name: Ensure .ssh exists file: dest=/home/${item}/.ssh state=directory owner=${item} group=${item} mode=0700 - name: Setup ssh keys authorized_key: key="$FILE(files/keys/${item}.keys)" user=${item} - name: Log it now! local_action: shell logger "Verified user: ${item} at $ansible_hostname"
Variable files (users.yml) users: alan: id: 1069 name: Alan Parsons pass: '$1$UxoGyasdfX$kOj0MgisMK.eYtgRuP7R0' bcoca: id: 1056 name: Brian Coca pass: '$2a$04$ra3LpTMihRH5v6/YASDF/33Fyhe8SWk/RZuJiN5wK' brian: id: 1096 name: Brian May pass: '$2a$04$Sx.lL2ejqe6bxOeNSCAh/f8nd1.q9rO/ER2gW'
ad-hoc #>ansible webs -m shell -a "awk '{print $9}' /var/log/nginx/access.log|sort |uniq -c |sort -k1,1nr 2>/dev/null|column -t" web1 | success | rc=0 >> 204417 200 48108 304 8550 302 6541 301 1696 404 269 206 web2 | success | rc=0 >> 205807 200 43762 304 ad-hoc
And many other features (I've ignored/glossed over) ● delegate_to, tags, roles ● local, pull and fireball modes, ansible-doc ● fork and serial ● conditionals (only_if, when_+, notify) ● cowsay, jinja in playbooks ● --check, --diff, --limit, --list-+, --step, ... ● $PIPE, $FILE, $PASSWORD, ... ● 3rd party modules (http://ansible.cc/docs/contrib.html) ● and others I forgot or don't know ● new features daily, releases ~ 2 months
FreeBSD bootstrap - hosts: all gather_facts: false vars: - ansible_python_interpreter: /usr/local/bin/python tasks: - name: check for python raw: which python register: pypath ignore_errors: True # Ansible targets require python >=2.4 + json, 2.6 and above include json - name: install python raw: pkg_add -r python27 when_failed: $pypath - name: now start working with ansible! template: src=templates/sudoers dest=/usr/local/etc/sudoers validate='visudo -c %s'
My (BSD) TODO list: ● Service Management ● Network facts ● Jails: facts and management (service module) ● ZFS: facts and management ● General facts improvement (distro, release, product, osfamily, etc) ● Package management {Free, Open, Net}BSD ● Improve FreeBSD port
More info and credits http://ansible.cc http://groups.google.com/group/ansible-project #Ansible irc.freenode.net http://ansible.cc/docs/contrib.html (3rd party) Slides/info I sto... er borrowed: https://speakerdeck.com/mpdehaan/ansible http://www.slideshare.net/gnosek/ansible http://jpmens.net/2012/06/06/configuration-management-with-ansible/ https://speakerdeck.com/jpmens/ansible-an-introduction http://www.feyrer.de/NetBSD/pkgsrcCon2013/
Other examples: #!/usr/bin/env ansible-playbook -K --- - name: Ensure only valid users hosts: all gather_facts: False sudo: True vars: departed: [ alan, bcoca, isaac, mathew, mike, venizio, willy ] tasks: - name: Delete departed user user: name=${item} state=absent remove=yes with_items: $departed bin/departed
Interactive release (release.yml): --- - hosts: localhost sudo: False gather_facts: False vars_prompt: - name: "branch" prompt: "Enter branch" private: False tasks: - pause: prompt="Hit 'Enter' key to start deployment" - debug: msg="deploying $repo/$branch to $target" - include: mainapp/prep.yml - include: secondaryapp/prep.yml - hosts: $target sudo: true gather_facts: true vars: monitor: mynagiosserver tasks: - include: mainapp/deploy.yml - include: services/nuke.yml - include: mainapp/update.yml - include: dbhost/update.yml only_if: is_set($dbhost) - include: services/unnuke.yml
Interactive Release (services/nuke.yml): - pause: "are you sure you want to stop all services?" # Take out of rotation and stop services - name: shush nagios nagios: action=silence host=$inventory_hostname delegate_to: ${monitor} tags: [ mon ] - name: nginx graceful stop action: shell /usr/local/etc/rc.d/nginx gracefulstop async: 60 register: graceful ignore_errors: true tags: [ stop ] - name: nginx forceful action: service name=nginx state=stopped when_integer: ${graceful.rc} != 0 tags: [ stop ] - name: stop svscan action: service name=svscan state=stopped ....
netbsd + mysql + ec2 --- - hosts: - security_group_ec2-dbservers sudo: yes gather_facts: false tasks: - name: Install mysql action: pkgin name=mysql-server-5.1.65 state=present - name: Install MySQL rc.d script template: src=/usr/pkg/share/examples/rc.d/mysqld dest=/etc/rc.d/mysqld mode=0755 - name: Start MySQL service service: name=mysqld enabled=yes state=started - name: Install python-mysqldb (for mysql_user module) action: pkgin name=py27-mysqldb state=present - name: Setup DB mysql_db: db=webapp state=present - name: Add db-user mysql_user: name=webapp password=webapp state=present priv='webapp.*:INSERT,UPDATE,DROP,CREATE, ALTER,LOCK TABLES,SELECT' - name: Copy over DB template copy: src=db/dump-names.sql dest=/tmp/dump-names.sql - name: Import DB data mysql_db: db=webapp state=import target=/tmp/dump-names.sql login_user=webapp login_password=webapp
netbsd + mysql + ec2 output % env ANSIBLE_HOSTS=./ec2.py ansible-playbook config-ec2-dbserver.yml PLAY [security_group_ec2-dbservers] ********************* TASK: [Install mysql] ********************* changed: [ec2-anon.compute-1.amazonaws.com] TASK: [Install MySQL rc.d script] ********************* changed: [ec2-anon.compute-1.amazonaws.com] TASK: [Start MySQL service] ********************* changed: [ec2-anon.compute-1.amazonaws.com] TASK: [Install python-mysqldb (for mysql_user module)] ********************* changed: [ec2-anon.compute-1.amazonaws.com] TASK: [Setup DB] ********************* changed: [ec2-anon.compute-1.amazonaws.com] TASK: [Add db-user] ********************* changed: [ec2-anon.compute-1.amazonaws.com] TASK: [Copy over DB template] ********************* changed: [ec2-anon.compute-1.amazonaws.com] TASK: [Import DB data] ********************* changed: [ec2-anon.compute-1.amazonaws.com] PLAY RECAP ********************* ec2-anon.compute-1.amazonaws.com : ok=8 changed=8 unreachable=0 failed=0

Empfohlen

Using Ansible Dynamic Inventory with Amazon EC2
Using Ansible Dynamic Inventory with Amazon EC2Using Ansible Dynamic Inventory with Amazon EC2
Using Ansible Dynamic Inventory with Amazon EC2Brian Schott
 
Ansible is the simplest way to automate. MoldCamp, 2015
Ansible is the simplest way to automate. MoldCamp, 2015Ansible is the simplest way to automate. MoldCamp, 2015
Ansible is the simplest way to automate. MoldCamp, 2015Alex S
 
Ansible for beginners ...?
Ansible for beginners ...?Ansible for beginners ...?
Ansible for beginners ...?shirou wakayama
 
Automation with ansible
Automation with ansibleAutomation with ansible
Automation with ansibleKhizer Naeem
 
Ansible roles done right
Ansible roles done rightAnsible roles done right
Ansible roles done rightDan Vaida
 
Introduction to ansible
Introduction to ansibleIntroduction to ansible
Introduction to ansibleOmid Vahdaty
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentationJohn Lynch
 
Ansible tips & tricks
Ansible tips & tricksAnsible tips & tricks
Ansible tips & tricksbcoca
 

Empfohlen

Using Ansible Dynamic Inventory with Amazon EC2
Using Ansible Dynamic Inventory with Amazon EC2Using Ansible Dynamic Inventory with Amazon EC2
Using Ansible Dynamic Inventory with Amazon EC2Brian Schott
 
Ansible is the simplest way to automate. MoldCamp, 2015
Ansible is the simplest way to automate. MoldCamp, 2015Ansible is the simplest way to automate. MoldCamp, 2015
Ansible is the simplest way to automate. MoldCamp, 2015Alex S
 
Ansible for beginners ...?
Ansible for beginners ...?Ansible for beginners ...?
Ansible for beginners ...?shirou wakayama
 
Automation with ansible
Automation with ansibleAutomation with ansible
Automation with ansibleKhizer Naeem
 
Ansible roles done right
Ansible roles done rightAnsible roles done right
Ansible roles done rightDan Vaida
 
Introduction to ansible
Introduction to ansibleIntroduction to ansible
Introduction to ansibleOmid Vahdaty
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentationJohn Lynch
 
Ansible tips & tricks
Ansible tips & tricksAnsible tips & tricks
Ansible tips & tricksbcoca
 
Ansible 2.0 - How to use Ansible to automate your applications in AWS.
Ansible 2.0 - How to use Ansible to automate your applications in AWS.Ansible 2.0 - How to use Ansible to automate your applications in AWS.
Ansible 2.0 - How to use Ansible to automate your applications in AWS.Idan Tohami
 
#OktoCampus - Workshop : An introduction to Ansible
#OktoCampus - Workshop : An introduction to Ansible#OktoCampus - Workshop : An introduction to Ansible
#OktoCampus - Workshop : An introduction to AnsibleCédric Delgehier
 
Ansible - Introduction
Ansible - IntroductionAnsible - Introduction
Ansible - IntroductionStephane Manciot
 
IT Automation with Ansible
IT Automation with AnsibleIT Automation with Ansible
IT Automation with AnsibleRayed Alrashed
 
Best practices for ansible
Best practices for ansibleBest practices for ansible
Best practices for ansibleGeorge Shuklin
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentationKumar Y
 
DevOpsDaysCPT Ansible Infrastrucutre as Code 2017
DevOpsDaysCPT Ansible Infrastrucutre as Code 2017DevOpsDaysCPT Ansible Infrastrucutre as Code 2017
DevOpsDaysCPT Ansible Infrastrucutre as Code 2017Jumping Bean
 
Automation and Ansible
Automation and AnsibleAutomation and Ansible
Automation and Ansiblejtyr
 
Introduction to Ansible
Introduction to AnsibleIntroduction to Ansible
Introduction to AnsibleCoreStack
 
More tips n tricks
More tips n tricksMore tips n tricks
More tips n tricksbcoca
 
Ansible Meetup Hamburg / Quickstart
Ansible Meetup Hamburg / QuickstartAnsible Meetup Hamburg / Quickstart
Ansible Meetup Hamburg / QuickstartHenry Stamerjohann
 
V2 and beyond
V2 and beyondV2 and beyond
V2 and beyondjimi-c
 
Ansible leveraging 2.0
Ansible leveraging 2.0Ansible leveraging 2.0
Ansible leveraging 2.0bcoca
 
A quick intro to Ansible
A quick intro to AnsibleA quick intro to Ansible
A quick intro to AnsibleDan Vaida
 
Getting started with Ansible
Getting started with AnsibleGetting started with Ansible
Getting started with AnsibleIvan Serdyuk
 
Configuration Management in Ansible
Configuration Management in Ansible Configuration Management in Ansible
Configuration Management in Ansible Bangladesh Network Operators Group
 
Ansible Automation to Rule Them All
Ansible Automation to Rule Them AllAnsible Automation to Rule Them All
Ansible Automation to Rule Them AllTim Fairweather
 
Jenkins and ansible reference
Jenkins and ansible referenceJenkins and ansible reference
Jenkins and ansible referencelaonap166
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentationArthur Freyman
 
Ansible basics workshop
Ansible basics workshopAnsible basics workshop
Ansible basics workshopDavid Karban
 
Ansible Introduction
Ansible Introduction Ansible Introduction
Ansible Introduction Robert Reiz
 
Automated Deployments with Ansible
Automated Deployments with AnsibleAutomated Deployments with Ansible
Automated Deployments with AnsibleMartin Etmajer
 

Weitere ähnliche Inhalte

Was ist angesagt?

Ansible 2.0 - How to use Ansible to automate your applications in AWS.
Ansible 2.0 - How to use Ansible to automate your applications in AWS.Ansible 2.0 - How to use Ansible to automate your applications in AWS.
Ansible 2.0 - How to use Ansible to automate your applications in AWS.Idan Tohami
 
#OktoCampus - Workshop : An introduction to Ansible
#OktoCampus - Workshop : An introduction to Ansible#OktoCampus - Workshop : An introduction to Ansible
#OktoCampus - Workshop : An introduction to AnsibleCédric Delgehier
 
IT Automation with Ansible
IT Automation with AnsibleIT Automation with Ansible
IT Automation with AnsibleRayed Alrashed
 
Best practices for ansible
Best practices for ansibleBest practices for ansible
Best practices for ansibleGeorge Shuklin
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentationKumar Y
 
DevOpsDaysCPT Ansible Infrastrucutre as Code 2017
DevOpsDaysCPT Ansible Infrastrucutre as Code 2017DevOpsDaysCPT Ansible Infrastrucutre as Code 2017
DevOpsDaysCPT Ansible Infrastrucutre as Code 2017Jumping Bean
 
Automation and Ansible
Automation and AnsibleAutomation and Ansible
Automation and Ansiblejtyr
 
Introduction to Ansible
Introduction to AnsibleIntroduction to Ansible
Introduction to AnsibleCoreStack
 
More tips n tricks
More tips n tricksMore tips n tricks
More tips n tricksbcoca
 
Ansible Meetup Hamburg / Quickstart
Ansible Meetup Hamburg / QuickstartAnsible Meetup Hamburg / Quickstart
Ansible Meetup Hamburg / QuickstartHenry Stamerjohann
 
V2 and beyond
V2 and beyondV2 and beyond
V2 and beyondjimi-c
 
Ansible leveraging 2.0
Ansible leveraging 2.0Ansible leveraging 2.0
Ansible leveraging 2.0bcoca
 
A quick intro to Ansible
A quick intro to AnsibleA quick intro to Ansible
A quick intro to AnsibleDan Vaida
 
Getting started with Ansible
Getting started with AnsibleGetting started with Ansible
Getting started with AnsibleIvan Serdyuk
 
Ansible Automation to Rule Them All
Ansible Automation to Rule Them AllAnsible Automation to Rule Them All
Ansible Automation to Rule Them AllTim Fairweather
 
Jenkins and ansible reference
Jenkins and ansible referenceJenkins and ansible reference
Jenkins and ansible referencelaonap166
 
Ansible basics workshop
Ansible basics workshopAnsible basics workshop
Ansible basics workshopDavid Karban
 

Was ist angesagt? (20)

Ansible 2.0 - How to use Ansible to automate your applications in AWS.
Ansible 2.0 - How to use Ansible to automate your applications in AWS.Ansible 2.0 - How to use Ansible to automate your applications in AWS.
Ansible 2.0 - How to use Ansible to automate your applications in AWS.
 
#OktoCampus - Workshop : An introduction to Ansible
#OktoCampus - Workshop : An introduction to Ansible#OktoCampus - Workshop : An introduction to Ansible
#OktoCampus - Workshop : An introduction to Ansible
 
Ansible - Introduction
Ansible - IntroductionAnsible - Introduction
Ansible - Introduction
 
IT Automation with Ansible
IT Automation with AnsibleIT Automation with Ansible
IT Automation with Ansible
 
Best practices for ansible
Best practices for ansibleBest practices for ansible
Best practices for ansible
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentation
 
DevOpsDaysCPT Ansible Infrastrucutre as Code 2017
DevOpsDaysCPT Ansible Infrastrucutre as Code 2017DevOpsDaysCPT Ansible Infrastrucutre as Code 2017
DevOpsDaysCPT Ansible Infrastrucutre as Code 2017
 
Automation and Ansible
Automation and AnsibleAutomation and Ansible
Automation and Ansible
 
Introduction to Ansible
Introduction to AnsibleIntroduction to Ansible
Introduction to Ansible
 
More tips n tricks
More tips n tricksMore tips n tricks
More tips n tricks
 
Ansible Meetup Hamburg / Quickstart
Ansible Meetup Hamburg / QuickstartAnsible Meetup Hamburg / Quickstart
Ansible Meetup Hamburg / Quickstart
 
V2 and beyond
V2 and beyondV2 and beyond
V2 and beyond
 
Ansible leveraging 2.0
Ansible leveraging 2.0Ansible leveraging 2.0
Ansible leveraging 2.0
 
A quick intro to Ansible
A quick intro to AnsibleA quick intro to Ansible
A quick intro to Ansible
 
Getting started with Ansible
Getting started with AnsibleGetting started with Ansible
Getting started with Ansible
 
Configuration Management in Ansible
Configuration Management in Ansible Configuration Management in Ansible
Configuration Management in Ansible
 
Ansible Automation to Rule Them All
Ansible Automation to Rule Them AllAnsible Automation to Rule Them All
Ansible Automation to Rule Them All
 
Jenkins and ansible reference
Jenkins and ansible referenceJenkins and ansible reference
Jenkins and ansible reference
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentation
 
Ansible basics workshop
Ansible basics workshopAnsible basics workshop
Ansible basics workshop
 

Andere mochten auch

Ansible Introduction
Ansible Introduction Ansible Introduction
Ansible Introduction Robert Reiz
 
Automated Deployments with Ansible
Automated Deployments with AnsibleAutomated Deployments with Ansible
Automated Deployments with AnsibleMartin Etmajer
 
Ansible: How to Get More Sleep and Require Less Coffee
Ansible: How to Get More Sleep and Require Less CoffeeAnsible: How to Get More Sleep and Require Less Coffee
Ansible: How to Get More Sleep and Require Less CoffeeSarah Z
 
Testing Ansible with Jenkins and Docker
Testing Ansible with Jenkins and DockerTesting Ansible with Jenkins and Docker
Testing Ansible with Jenkins and DockerDennis Rowe
 
How Ansible Makes Automation Easy
How Ansible Makes Automation EasyHow Ansible Makes Automation Easy
How Ansible Makes Automation EasyPeter Sankauskas
 
Managing Your Cisco Datacenter Network with Ansible
Managing Your Cisco Datacenter Network with AnsibleManaging Your Cisco Datacenter Network with Ansible
Managing Your Cisco Datacenter Network with Ansiblefmaccioni
 
Infrastructure Deployment with Docker & Ansible
Infrastructure Deployment with Docker & AnsibleInfrastructure Deployment with Docker & Ansible
Infrastructure Deployment with Docker & AnsibleRobert Reiz
 
Test-Driven Infrastructure with Ansible, Test Kitchen, Serverspec and RSpec
Test-Driven Infrastructure with Ansible, Test Kitchen, Serverspec and RSpecTest-Driven Infrastructure with Ansible, Test Kitchen, Serverspec and RSpec
Test-Driven Infrastructure with Ansible, Test Kitchen, Serverspec and RSpecMartin Etmajer
 
Deploying PHP Applications with Ansible
Deploying PHP Applications with AnsibleDeploying PHP Applications with Ansible
Deploying PHP Applications with AnsibleOrestes Carracedo
 
It Works On My Machine: Vagrant for Software Development
It Works On My Machine: Vagrant for Software DevelopmentIt Works On My Machine: Vagrant for Software Development
It Works On My Machine: Vagrant for Software DevelopmentCarlos Perez
 
Microservices: The Right Way
Microservices: The Right WayMicroservices: The Right Way
Microservices: The Right WayDaniel Woods
 
Automated Deployment with Capistrano
Automated Deployment with CapistranoAutomated Deployment with Capistrano
Automated Deployment with CapistranoSumit Chhetri
 
Multi-provider Vagrant and Chef: AWS, VMware, and more
Multi-provider Vagrant and Chef: AWS, VMware, and moreMulti-provider Vagrant and Chef: AWS, VMware, and more
Multi-provider Vagrant and Chef: AWS, VMware, and moreChef Software, Inc.
 
Vagrant for real (codemotion rome 2016)
Vagrant for real (codemotion rome 2016)Vagrant for real (codemotion rome 2016)
Vagrant for real (codemotion rome 2016)Michele Orselli
 
Ansible, best practices
Ansible, best practicesAnsible, best practices
Ansible, best practicesBas Meijer
 
AnsibleBuilding a Docker-ized Microservice In Node, Using Ansible - AnsibleF...
AnsibleBuilding a Docker-ized Microservice In Node, Using Ansible - AnsibleF...AnsibleBuilding a Docker-ized Microservice In Node, Using Ansible - AnsibleF...
AnsibleBuilding a Docker-ized Microservice In Node, Using Ansible - AnsibleF...Irakli Nadareishvili
 

Andere mochten auch (20)

Ansible Introduction
Ansible Introduction Ansible Introduction
Ansible Introduction
 
Automated Deployments with Ansible
Automated Deployments with AnsibleAutomated Deployments with Ansible
Automated Deployments with Ansible
 
Ansible: How to Get More Sleep and Require Less Coffee
Ansible: How to Get More Sleep and Require Less CoffeeAnsible: How to Get More Sleep and Require Less Coffee
Ansible: How to Get More Sleep and Require Less Coffee
 
Testing Ansible with Jenkins and Docker
Testing Ansible with Jenkins and DockerTesting Ansible with Jenkins and Docker
Testing Ansible with Jenkins and Docker
 
How Ansible Makes Automation Easy
How Ansible Makes Automation EasyHow Ansible Makes Automation Easy
How Ansible Makes Automation Easy
 
Managing Your Cisco Datacenter Network with Ansible
Managing Your Cisco Datacenter Network with AnsibleManaging Your Cisco Datacenter Network with Ansible
Managing Your Cisco Datacenter Network with Ansible
 
Infrastructure Deployment with Docker & Ansible
Infrastructure Deployment with Docker & AnsibleInfrastructure Deployment with Docker & Ansible
Infrastructure Deployment with Docker & Ansible
 
Test-Driven Infrastructure with Ansible, Test Kitchen, Serverspec and RSpec
Test-Driven Infrastructure with Ansible, Test Kitchen, Serverspec and RSpecTest-Driven Infrastructure with Ansible, Test Kitchen, Serverspec and RSpec
Test-Driven Infrastructure with Ansible, Test Kitchen, Serverspec and RSpec
 
Deploying PHP Applications with Ansible
Deploying PHP Applications with AnsibleDeploying PHP Applications with Ansible
Deploying PHP Applications with Ansible
 
It Works On My Machine: Vagrant for Software Development
It Works On My Machine: Vagrant for Software DevelopmentIt Works On My Machine: Vagrant for Software Development
It Works On My Machine: Vagrant for Software Development
 
Vagrant For DevOps
Vagrant For DevOpsVagrant For DevOps
Vagrant For DevOps
 
Vagrant to-aws-flow
Vagrant to-aws-flowVagrant to-aws-flow
Vagrant to-aws-flow
 
Microservices: The Right Way
Microservices: The Right WayMicroservices: The Right Way
Microservices: The Right Way
 
Automated Deployment with Capistrano
Automated Deployment with CapistranoAutomated Deployment with Capistrano
Automated Deployment with Capistrano
 
Multi-provider Vagrant and Chef: AWS, VMware, and more
Multi-provider Vagrant and Chef: AWS, VMware, and moreMulti-provider Vagrant and Chef: AWS, VMware, and more
Multi-provider Vagrant and Chef: AWS, VMware, and more
 
Vagrant for real (codemotion rome 2016)
Vagrant for real (codemotion rome 2016)Vagrant for real (codemotion rome 2016)
Vagrant for real (codemotion rome 2016)
 
Ansible
AnsibleAnsible
Ansible
 
Ansible, best practices
Ansible, best practicesAnsible, best practices
Ansible, best practices
 
AnsibleBuilding a Docker-ized Microservice In Node, Using Ansible - AnsibleF...
AnsibleBuilding a Docker-ized Microservice In Node, Using Ansible - AnsibleF...AnsibleBuilding a Docker-ized Microservice In Node, Using Ansible - AnsibleF...
AnsibleBuilding a Docker-ized Microservice In Node, Using Ansible - AnsibleF...
 
Cyansible
CyansibleCyansible
Cyansible
 

Ähnlich wie Ansible - The Swiss Army Knife of IT Orchestration

A tour of Ansible
A tour of AnsibleA tour of Ansible
A tour of AnsibleDevOps Ltd.
 
Virtualization and automation of library software/machines + Puppet
Virtualization and automation of library software/machines + PuppetVirtualization and automation of library software/machines + Puppet
Virtualization and automation of library software/machines + PuppetOmar Reygaert
 
Puppet: Eclipsecon ALM 2013
Puppet: Eclipsecon ALM 2013Puppet: Eclipsecon ALM 2013
Puppet: Eclipsecon ALM 2013grim_radical
 
Ansible not only for Dummies
Ansible not only for DummiesAnsible not only for Dummies
Ansible not only for DummiesŁukasz Proszek
 
Introduction to Ansible - Peter Halligan
Introduction to Ansible - Peter HalliganIntroduction to Ansible - Peter Halligan
Introduction to Ansible - Peter HalliganCorkOpenTech
 
Hadoop meet Rex(How to construct hadoop cluster with rex)
Hadoop meet Rex(How to construct hadoop cluster with rex)Hadoop meet Rex(How to construct hadoop cluster with rex)
Hadoop meet Rex(How to construct hadoop cluster with rex)Jun Hong Kim
 
Automating Complex Setups with Puppet
Automating Complex Setups with PuppetAutomating Complex Setups with Puppet
Automating Complex Setups with PuppetKris Buytaert
 
Automating complex infrastructures with Puppet
Automating complex infrastructures with PuppetAutomating complex infrastructures with Puppet
Automating complex infrastructures with PuppetKris Buytaert
 
Using Puppet to Create a Dynamic Network - PuppetConf 2013
Using Puppet to Create a Dynamic Network - PuppetConf 2013Using Puppet to Create a Dynamic Network - PuppetConf 2013
Using Puppet to Create a Dynamic Network - PuppetConf 2013Puppet
 
Learning Puppet basic thing
Learning Puppet basic thing Learning Puppet basic thing
Learning Puppet basic thing DaeHyung Lee
 
Ansible, voyage au centre de l'automatisation
Ansible, voyage au centre de l'automatisationAnsible, voyage au centre de l'automatisation
Ansible, voyage au centre de l'automatisationMickael Hubert
 
Vagrant, Ansible, and OpenStack on your laptop
Vagrant, Ansible, and OpenStack on your laptopVagrant, Ansible, and OpenStack on your laptop
Vagrant, Ansible, and OpenStack on your laptopLorin Hochstein
 
Stack kicker devopsdays-london-2013
Stack kicker devopsdays-london-2013Stack kicker devopsdays-london-2013
Stack kicker devopsdays-london-2013Simon McCartney
 
Puppet at Opera Sofware - PuppetCamp Oslo 2013
Puppet at Opera Sofware - PuppetCamp Oslo 2013Puppet at Opera Sofware - PuppetCamp Oslo 2013
Puppet at Opera Sofware - PuppetCamp Oslo 2013Cosimo Streppone
 
Ansible new paradigms for orchestration
Ansible new paradigms for orchestrationAnsible new paradigms for orchestration
Ansible new paradigms for orchestrationPaolo Tonin
 
Ansible with oci
Ansible with ociAnsible with oci
Ansible with ociDonghuKIM2
 

Ähnlich wie Ansible - The Swiss Army Knife of IT Orchestration (20)

A tour of Ansible
A tour of AnsibleA tour of Ansible
A tour of Ansible
 
Ansible
AnsibleAnsible
Ansible
 
Virtualization and automation of library software/machines + Puppet
Virtualization and automation of library software/machines + PuppetVirtualization and automation of library software/machines + Puppet
Virtualization and automation of library software/machines + Puppet
 
Puppet
PuppetPuppet
Puppet
 
Puppet: Eclipsecon ALM 2013
Puppet: Eclipsecon ALM 2013Puppet: Eclipsecon ALM 2013
Puppet: Eclipsecon ALM 2013
 
Ansible not only for Dummies
Ansible not only for DummiesAnsible not only for Dummies
Ansible not only for Dummies
 
Puppi. Puppet strings to the shell
Puppi. Puppet strings to the shellPuppi. Puppet strings to the shell
Puppi. Puppet strings to the shell
 
Introduction to Ansible - Peter Halligan
Introduction to Ansible - Peter HalliganIntroduction to Ansible - Peter Halligan
Introduction to Ansible - Peter Halligan
 
Hadoop meet Rex(How to construct hadoop cluster with rex)
Hadoop meet Rex(How to construct hadoop cluster with rex)Hadoop meet Rex(How to construct hadoop cluster with rex)
Hadoop meet Rex(How to construct hadoop cluster with rex)
 
Automating Complex Setups with Puppet
Automating Complex Setups with PuppetAutomating Complex Setups with Puppet
Automating Complex Setups with Puppet
 
Automating complex infrastructures with Puppet
Automating complex infrastructures with PuppetAutomating complex infrastructures with Puppet
Automating complex infrastructures with Puppet
 
Using Puppet to Create a Dynamic Network - PuppetConf 2013
Using Puppet to Create a Dynamic Network - PuppetConf 2013Using Puppet to Create a Dynamic Network - PuppetConf 2013
Using Puppet to Create a Dynamic Network - PuppetConf 2013
 
Learning Puppet basic thing
Learning Puppet basic thing Learning Puppet basic thing
Learning Puppet basic thing
 
Ansible, voyage au centre de l'automatisation
Ansible, voyage au centre de l'automatisationAnsible, voyage au centre de l'automatisation
Ansible, voyage au centre de l'automatisation
 
DevOps Braga #6
DevOps Braga #6DevOps Braga #6
DevOps Braga #6
 
Vagrant, Ansible, and OpenStack on your laptop
Vagrant, Ansible, and OpenStack on your laptopVagrant, Ansible, and OpenStack on your laptop
Vagrant, Ansible, and OpenStack on your laptop
 
Stack kicker devopsdays-london-2013
Stack kicker devopsdays-london-2013Stack kicker devopsdays-london-2013
Stack kicker devopsdays-london-2013
 
Puppet at Opera Sofware - PuppetCamp Oslo 2013
Puppet at Opera Sofware - PuppetCamp Oslo 2013Puppet at Opera Sofware - PuppetCamp Oslo 2013
Puppet at Opera Sofware - PuppetCamp Oslo 2013
 
Ansible new paradigms for orchestration
Ansible new paradigms for orchestrationAnsible new paradigms for orchestration
Ansible new paradigms for orchestration
 
Ansible with oci
Ansible with ociAnsible with oci
Ansible with oci
 

Kürzlich hochgeladen

Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 

Kürzlich hochgeladen (20)

Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 

Ansible - The Swiss Army Knife of IT Orchestration

  • 2. My Ops evolution manual updates + logbook at + .bat scripts (yes, Windows) {telnet, rsh, ssh} + for loops + command line shells/perl/python custom scripts + cssh/pssh CM and Provisioning Applications
  • 3. What I DON'T want agents/daemons (more software to manage) ports (more firewall rules) ssl/pki (cert/key management!!!) any setup in general (I'm lazy that way) translations for provision, config and ad-hoc
  • 4. Enter Ansible ● Minimal setup (my definition: just needs Python*) ● Leverages existing auth{entication,orization} ○ SSH as default transport ○ Can use sudo or root keys ● Supports ad-hoc (1 liner reuse!) ● Can run from checkout (port/rpm/deb/pip/etc) ● Predictable, easily expandable, portable ● Aims to be idempotent
  • 5.
  • 7. Terminology Inventory: list of hosts, groups and variables Modules: actually do the work, any language Plugins: callback, action and other hooks Facts: data gathered from target hosts Playbook: collections of plays Play: loops over a list of tasks mapped to a list of hosts Task: invokes a module to do the work (handlers are a type of task)
  • 8. Inventory (hosts and groups) Simple ini: [web] web0 web1.example.com ansible_ssh_port=1234 web[02:15] [db] mysql[1:3] mysql_port=6666 mysqlbackup ansible_ssh_host=10.10.1.23 Can be dynamic (+x): - ec2.py - cobbler - just return json (easy to write your own) - directory: will use all contained files
  • 9. Modules at first I knew all core, now ... : add_host,debug,get_url,mount,postgresql_user,slurp, apt,django_manage,git,mysql_db,rabbitmq_parameter, subversion,apt_key,easy_install,group,mysql_user, rabbitmq_plugin,supervisorctl,apt_repository,ec2,group_by, nagios,rabbitmq_user,svr4pkg,assemble,ec2_facts,hg,ohai, rabbitmq_vhost,sysctl,async_status,ec2_vol,ini_file,opkg,raw, template,async_wrapper,facter,libr,pacman,script,uri, authorized_key,fail,lineinfile,pause,seboolean,user, cloudformation,fetch,lvol,ping,selinux,virt,command,file, macports,pip,service,wait_for,copy,fireball,mail,pkgin,setup, yum,cron,gem,mongodb_user,postgresql_db,shell,zfs * The list was probably outdated at the time I updated it
  • 10. Plugins ● callback/action can use data returned (log, db update) or as triggers (update dns) ● connection ssh alternatives (local, chroot, etc) ● inventory, lookup, vars, filter data from other sources or formats
  • 11. Facts On by default (gather_facts: False to disable) Can use ohai/facter or custom fact modules BSDs, Solaris, AIX lag behind, but not much * mdehaan: 'send me a patch :-)' Usable in plays and modules (template)
  • 12. Facts #>ansible -m setup testbsd|head -n 10 testbsd | success >> { "ansible_facts": { "ansible_all_ipv4_addresses": [ "10.1.1.4" ], "ansible_all_ipv6_addresses": [], "ansible_architecture": "amd64", "ansible_machine": "amd64", "ansible_memfree_mb": 1161, "ansible_memtotal_mb": 15850,
  • 13. Playbooks Plays and Tasks nginx.yml --- - hosts: web sudo: True vars: domain: example.com tasks: - name: Install nginx action: shell pkg_add -r nginx creates=/usr/local/bin/nginx - name: configure nginx template: src=templates/nginx.conf.j2 dest=/usr/local/etc/nginx.conf notify: nginx-restart handlers: - name: nginx-restart service: name=nginx state=restarted #> ansible-playbook -K nginx.yml
  • 14. Playbooks Plays and Tasks (again) Organize it your way! users/ users/app.yml users/admins.yml users/departed.yml users/devs.ym users/user_actions.yml users/files users/files/keys users/files/keys/user1.keys users/files/keys/user2.keys users/var_files users/var_files/users.yml users/var_files/app.yml - name: Ensure ops users exist everywhere with wheel hosts: all gather_facts: False sudo: True vars_files : [ var_files/users.yml ] vars: - active: [ bcoca, eoot, dog ] - user_groups: '${admin_group}' tasks: - include: user_actions.yml with_items: $active admins.yml
  • 15. Plays and Tasks (user_actions.yml) - name: Ensure user exists user: > name=${item} uid=${users.${item}.id} password="${users.$item.pass}" comment="${users.$item.name}" groups="${user_groups}" shell=${ansible_bash_interpreter} append=true state=present - name: Ensure .ssh exists file: dest=/home/${item}/.ssh state=directory owner=${item} group=${item} mode=0700 - name: Setup ssh keys authorized_key: key="$FILE(files/keys/${item}.keys)" user=${item} - name: Log it now! local_action: shell logger "Verified user: ${item} at $ansible_hostname"
  • 16. Variable files (users.yml) users: alan: id: 1069 name: Alan Parsons pass: '$1$UxoGyasdfX$kOj0MgisMK.eYtgRuP7R0' bcoca: id: 1056 name: Brian Coca pass: '$2a$04$ra3LpTMihRH5v6/YASDF/33Fyhe8SWk/RZuJiN5wK' brian: id: 1096 name: Brian May pass: '$2a$04$Sx.lL2ejqe6bxOeNSCAh/f8nd1.q9rO/ER2gW'
  • 17. ad-hoc #>ansible webs -m shell -a "awk '{print $9}' /var/log/nginx/access.log|sort |uniq -c |sort -k1,1nr 2>/dev/null|column -t" web1 | success | rc=0 >> 204417 200 48108 304 8550 302 6541 301 1696 404 269 206 web2 | success | rc=0 >> 205807 200 43762 304 ad-hoc
  • 18. And many other features (I've ignored/glossed over) ● delegate_to, tags, roles ● local, pull and fireball modes, ansible-doc ● fork and serial ● conditionals (only_if, when_+, notify) ● cowsay, jinja in playbooks ● --check, --diff, --limit, --list-+, --step, ... ● $PIPE, $FILE, $PASSWORD, ... ● 3rd party modules (http://ansible.cc/docs/contrib.html) ● and others I forgot or don't know ● new features daily, releases ~ 2 months
  • 19. FreeBSD bootstrap - hosts: all gather_facts: false vars: - ansible_python_interpreter: /usr/local/bin/python tasks: - name: check for python raw: which python register: pypath ignore_errors: True # Ansible targets require python >=2.4 + json, 2.6 and above include json - name: install python raw: pkg_add -r python27 when_failed: $pypath - name: now start working with ansible! template: src=templates/sudoers dest=/usr/local/etc/sudoers validate='visudo -c %s'
  • 20. My (BSD) TODO list: ● Service Management ● Network facts ● Jails: facts and management (service module) ● ZFS: facts and management ● General facts improvement (distro, release, product, osfamily, etc) ● Package management {Free, Open, Net}BSD ● Improve FreeBSD port
  • 21. More info and credits http://ansible.cc http://groups.google.com/group/ansible-project #Ansible irc.freenode.net http://ansible.cc/docs/contrib.html (3rd party) Slides/info I sto... er borrowed: https://speakerdeck.com/mpdehaan/ansible http://www.slideshare.net/gnosek/ansible http://jpmens.net/2012/06/06/configuration-management-with-ansible/ https://speakerdeck.com/jpmens/ansible-an-introduction http://www.feyrer.de/NetBSD/pkgsrcCon2013/
  • 22. Other examples: #!/usr/bin/env ansible-playbook -K --- - name: Ensure only valid users hosts: all gather_facts: False sudo: True vars: departed: [ alan, bcoca, isaac, mathew, mike, venizio, willy ] tasks: - name: Delete departed user user: name=${item} state=absent remove=yes with_items: $departed bin/departed
  • 23. Interactive release (release.yml): --- - hosts: localhost sudo: False gather_facts: False vars_prompt: - name: "branch" prompt: "Enter branch" private: False tasks: - pause: prompt="Hit 'Enter' key to start deployment" - debug: msg="deploying $repo/$branch to $target" - include: mainapp/prep.yml - include: secondaryapp/prep.yml - hosts: $target sudo: true gather_facts: true vars: monitor: mynagiosserver tasks: - include: mainapp/deploy.yml - include: services/nuke.yml - include: mainapp/update.yml - include: dbhost/update.yml only_if: is_set($dbhost) - include: services/unnuke.yml
  • 24. Interactive Release (services/nuke.yml): - pause: "are you sure you want to stop all services?" # Take out of rotation and stop services - name: shush nagios nagios: action=silence host=$inventory_hostname delegate_to: ${monitor} tags: [ mon ] - name: nginx graceful stop action: shell /usr/local/etc/rc.d/nginx gracefulstop async: 60 register: graceful ignore_errors: true tags: [ stop ] - name: nginx forceful action: service name=nginx state=stopped when_integer: ${graceful.rc} != 0 tags: [ stop ] - name: stop svscan action: service name=svscan state=stopped ....
  • 25. netbsd + mysql + ec2 --- - hosts: - security_group_ec2-dbservers sudo: yes gather_facts: false tasks: - name: Install mysql action: pkgin name=mysql-server-5.1.65 state=present - name: Install MySQL rc.d script template: src=/usr/pkg/share/examples/rc.d/mysqld dest=/etc/rc.d/mysqld mode=0755 - name: Start MySQL service service: name=mysqld enabled=yes state=started - name: Install python-mysqldb (for mysql_user module) action: pkgin name=py27-mysqldb state=present - name: Setup DB mysql_db: db=webapp state=present - name: Add db-user mysql_user: name=webapp password=webapp state=present priv='webapp.*:INSERT,UPDATE,DROP,CREATE, ALTER,LOCK TABLES,SELECT' - name: Copy over DB template copy: src=db/dump-names.sql dest=/tmp/dump-names.sql - name: Import DB data mysql_db: db=webapp state=import target=/tmp/dump-names.sql login_user=webapp login_password=webapp
  • 26. netbsd + mysql + ec2 output % env ANSIBLE_HOSTS=./ec2.py ansible-playbook config-ec2-dbserver.yml PLAY [security_group_ec2-dbservers] ********************* TASK: [Install mysql] ********************* changed: [ec2-anon.compute-1.amazonaws.com] TASK: [Install MySQL rc.d script] ********************* changed: [ec2-anon.compute-1.amazonaws.com] TASK: [Start MySQL service] ********************* changed: [ec2-anon.compute-1.amazonaws.com] TASK: [Install python-mysqldb (for mysql_user module)] ********************* changed: [ec2-anon.compute-1.amazonaws.com] TASK: [Setup DB] ********************* changed: [ec2-anon.compute-1.amazonaws.com] TASK: [Add db-user] ********************* changed: [ec2-anon.compute-1.amazonaws.com] TASK: [Copy over DB template] ********************* changed: [ec2-anon.compute-1.amazonaws.com] TASK: [Import DB data] ********************* changed: [ec2-anon.compute-1.amazonaws.com] PLAY RECAP ********************* ec2-anon.compute-1.amazonaws.com : ok=8 changed=8 unreachable=0 failed=0