SlideShare a Scribd company logo

IT Automation with Ansible

Rayed Alrashed
Rayed Alrashed

This document provides an overview of IT automation using Ansible. It discusses using Ansible to automate tasks across multiple servers like installing packages and copying files without needing to login to each server individually. It also covers Ansible concepts like playbooks, variables, modules, and vault for securely storing passwords. Playbooks allow defining automation jobs as code that can be run on multiple servers simultaneously in a consistent and repeatable way.

Technology
1 of 27
Download to read offline
IT Automation with Rayed Alrashed
About Me • 1993 - 1997 KSU • 1997 - 1999 ISU KACST • 1999 - 2001 GWU • 2001 - 2007 SAUDI NET • 2008 - 2011 CITC • 2011 - Now WireFilter
Linux Admin Accounts • root user • Superuser, can do anything • Dangerous, please don’t use it! • sudo • Better accountability • Fine tune permissions root# rm /var/db/mysql user1$ sudo visudo : # Members of the admin group may gain root privileges %admin ALL=(ALL) ALL : Cmnd_Alias APTITUDE = /usr/bin/aptitude update, /usr/ bin/aptitude upgrade user1 ALL=(ALL) NOPASSWD: APTITUDE user1$ sudo aptitude update … no password needed! user1$ sudo rm /var/lib/mysql Password: : user1$ sudo rm /var/lib/postgresql … no password for few minutes …
What is SSH • SSH have more goodies: • Access using Keys / Password less • Compression • Secure File Transfer (scp, sftp) • Tunneling SSH is acronym for Secure Shell telnet = clear text SSH = encrypted
SSH Keys authorized_keys server1 host1 id_rsa id_rsa.pub id_rsa.pub host2 id_rsa id_rsa.pub host1$ ssh-keygen This will create 2 files: id_rsa : private key id_rsa.pub : public key id_rsa.pub host1$ ssh-copy-id server1 add id_rsa.pub to server authorized_keys (Password is needed) host1$ ssh server1 No Password!!
Poor Man’s Administration $ ssh www1.example.com www1$ sudo vi /etc/resolv.conf www1$ sudo apt-get install nginx : $ $ ssh www2.example.com www2$ sudo vi /etc/resolv.conf www2$ sudo apt-get install nginx : $ $ ssh www3.example.com www3$ sudo vi /etc/resolv.conf www3$ sudo apt-get install nginx : : : etc … • Connecting to each server one by one • Time consuming • Repetitive & error prone • Not Reproducible • No way to track changes!
Poor Man’s Automation #!/bin/sh HOSTS=" www1.rayed.com www2.rayed.com www3.rayed.com db1.rayed.com db2.rayed.com " for host in $HOSTS do # Copy DNS settings to all servers scp resolv.conf $host:/etc/resolv.conf # Install Nginx ssh $host “sudo apt-get install nginx” done • Loop in a shell script • Hard to write • Hard to maintain • Error prone
What is Ansible? • IT Automation Tool • Open Source / Commercial support available • No server on Management Node • No agent on Managed Nodes • Uses ssh; no special ports, passwords, or keys • No need to install on dedicated machine • Easy to Install, Learn and Use
Installation • Linux:
 $ sudo easy_install pip
 $ sudo pip install ansible • OSX:
 $ brew update
 $ brew install ansible
Inventory • List of machine you want to manage • Location: • Default: /etc/ansible/host • export ANSIBLE_HOST=my_hosts • Use -i option: ansible -i my_hosts • Defined in ansible.cfg • Dynamic Inventory: Ask AWS, Linode, DigitalOcean, your own script! # file: ansible_hosts mail.example.com [webservers] www[1:5].example.com [dbservers] db-[a:d].example.com # file: ansible.cfg [defaults] hostfile = ./ansible_hosts
Ad-Hoc Commands
Ad-Hoc Commands • Do something quick, not worth saving! • Not worth writing a Playbook for • e.g.: shutdown a lab! • Examples: ansible all -i ansible_hosts -m ping ansible all -m ping ansible webservers -m ping ansible www1.example.com -m ping ansible all -m command —a date ansible all -a date ansible all -a reboot ansible all -a reboot -s ansible all -a reboot -s -K
module: ping • Check connectivity • If you can ssh you can ping:
 $ ssh user@host • You can specify group or “all” • Execute in parallel $ ansible webservers -m ping www1.example.com | success >> { "changed": false, "ping": "pong" } $ ansible www404.example.com -m ping www404.example.com | FAILED => SSH encountered an unknown error during the connection. We recommend you re-run the command using -vvvv, which will enable SSH debugging output to help diagnose the issue
module: setup • Get tons of information about the machine • Name, Disks, IP, OS version, etc … • Can be used for conditional operations $ ansible www1.example.com -m setup www1.example.com | success >> { "ansible_facts": { "ansible_all_ipv4_addresses": [ "178.79.182.89" ], "ansible_all_ipv6_addresses": [ "2a01:7e00::f03c:91ff:fe70:5c6a", "fe80::f03c:91ff:fe70:5c6a" ], "ansible_architecture": "x86_64", "ansible_bios_date": "NA", "ansible_bios_version": "NA", :
module: command • Execute command on remote machine • e.g. reboot $ ansible www1.example.com -m command -a “echo hello” www1.example.com | rc=0 >> { hello $ ansible www1.example.com -a “echo hello” www1.example.com | rc=0 >> { hello
module: apt • Package management for Debian & Ubuntu • Install, Uninstall, Update • There is also “yum” module for RedHat, CentOS, and Fedora. • You might need: • -s : command need sudo • -K : Ask for sudo password $ ansible www1.example.com -m apt -a “name=nginx state=present” $ ansible www1.example.com -m apt -a “update_cache=yes upgrade=safe”
Other Interesting Modules • user: Manage user accounts • lineinfile: Ensure a particular line is in a file, or replace an existing line using a back-referenced regular expression. • copy: Copies files to remote locations. • template: Templates a file out to a remote server.
Other Interesting Modules • authorized_key: Adds or removes an SSH authorized key • service: Manage services, start/stop/restart/ restart on reboot. • mysql_db, mysql_user, postgresql_db, postgresql_user: Can you guess it! • git: Deploy software (or files) from git checkouts
Playbooks
What is a Playbook • Ansible’s configuration, deployment, and orchestration language. • Modules are the tools in your workshop, Playbooks are your design plans. • YAML! --- # An employee record name: Example Developer job: Developer skill: Elite employed: True foods: - Apple - Orange - Strawberry - Mango languages: ruby: Elite python: Elite dotnet: Lame
Playbook Example --- - hosts: webservers #remote_user: root sudo: yes tasks: - name: Install Nginx apt: name=nginx state=present - name: Copy static site copy: src=files/my_site dest=/var/www - name: Configure Nginx template: src=files/nginx_site.conf dest=/etc/nginx/new_site.conf notify: my_nginx_reload handlers: - name: my_nginx_reload service: name=nginx state=restarted my_playbook.yml ansible-playbook my_playbook.yml -KExecute Playbook
Variables • Defined • Inventory • Playbook • Discovered (Facts) • Use # playbook - hosts: webservers vars: http_port: 80 # inventory file host1 http_port=80 [webservers:vars] http_port=80 # facts : "ansible_distribution": "Ubuntu", "ansible_distribution_release": "precise", "ansible_distribution_version": “12.04", : # in playbook template: src=foo.cfg.j2 dest={{ remote_install_path }}/foo.cfg # in template files server { listen 80; root /var/www/my_site; index index.html index.htm; server_name {{ ansible_default_ipv4.address }}; }
Conditions • Use Variables & Facts • Conditional Tasks • Conditional Includes • Conditional Roles - name: Install Apache (Ubuntu) apt: name=apache state=latest when: ansible_os_family == ‘Debian’ - name: Install Apache (CentOS) yum: name= httpd state=latest when: ansible_os_family == ‘RedHat’ - include: tasks/sometasks.yml when: "'reticulating splines' in output" - hosts: webservers roles: - { role: debian_stock_config, when: ansible_os_family == 'Debian' }
Loops # With Loops - name: Install Packages apt: name={{item}} state=present with_items: - iptables-persistent - fail2ban - exim4-daemon-light - apticron - git - figlet - nginx # Without Loops - name: Install Packages apt: name= fail2ban state=present - name: Install Packages apt: name= apticron state=present - name: Install Packages apt: name= git state=present - name: Install Packages apt: name= figlet state=present - name: Install Packages apt: name= nginx state=present # Loop with Hash (Dictionary) - name: add several users user: name={{ item.name }} state=present groups={{ item.groups }} with_items: - { name: 'testuser1', groups: 'wheel' } - { name: 'testuser2', groups: 'root' } Other Loop Types Available
Vault • Ansible + GIT • What about passwords? ansible-playbook site.yml —ask-vault-pass ansible-playbook site.yml --vault-password-file ~/.vault_pass.txt $ANSIBLE_VAULT;1.1;AES256 35373133613062323636623536666439396531656662313262326562353261376435343934346433 3563333532333362303430323666313931376138623437380a623461636265633561313064313564 37666561306661663237323466343166653738633765383666383066396234646539633565373636 3961643731363130340a336465666334633839333061356439316237323262633364613037623164 3965 ansible-vault create site.yml ansible-vault edit site.yml
–Anonymous “A lazy sysadmin is the best admin”
More • http://www.ansible.com/ • http://docs.ansible.com/ • https://galaxy.ansible.com/ • http://docs.ansible.com/list_of_all_modules.html

Recommended

Ansible presentation
Ansible presentationAnsible presentation
Ansible presentationSuresh Kumar
 
DevOps Meetup ansible
DevOps Meetup ansibleDevOps Meetup ansible
DevOps Meetup ansiblesriram_rajan
 
Ansible Introduction
Ansible Introduction Ansible Introduction
Ansible Introduction Robert Reiz
 
Introduction to Ansible
Introduction to AnsibleIntroduction to Ansible
Introduction to AnsibleCoreStack
 
Automating with Ansible
Automating with AnsibleAutomating with Ansible
Automating with AnsibleRicardo Schmidt
 
Ansible 101
Ansible 101Ansible 101
Ansible 101Gena Mykhailiuta
 
Introduction to ansible
Introduction to ansibleIntroduction to ansible
Introduction to ansibleOmid Vahdaty
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentationJohn Lynch
 

Recommended

Ansible presentation
Ansible presentationAnsible presentation
Ansible presentationSuresh Kumar
 
DevOps Meetup ansible
DevOps Meetup ansibleDevOps Meetup ansible
DevOps Meetup ansiblesriram_rajan
 
Ansible Introduction
Ansible Introduction Ansible Introduction
Ansible Introduction Robert Reiz
 
Introduction to Ansible
Introduction to AnsibleIntroduction to Ansible
Introduction to AnsibleCoreStack
 
Automating with Ansible
Automating with AnsibleAutomating with Ansible
Automating with AnsibleRicardo Schmidt
 
Ansible 101
Ansible 101Ansible 101
Ansible 101Gena Mykhailiuta
 
Introduction to ansible
Introduction to ansibleIntroduction to ansible
Introduction to ansibleOmid Vahdaty
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentationJohn Lynch
 
Ansible - Introduction
Ansible - IntroductionAnsible - Introduction
Ansible - IntroductionStephane Manciot
 
Automation with ansible
Automation with ansibleAutomation with ansible
Automation with ansibleKhizer Naeem
 
Configuration Management in Ansible
Configuration Management in Ansible Configuration Management in Ansible
Configuration Management in Ansible Bangladesh Network Operators Group
 
Ansible
AnsibleAnsible
AnsibleVishal Yadav
 
Ansible intro
Ansible introAnsible intro
Ansible introMarcelo Quintiliano da Silva
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentationKumar Y
 
Ansible, best practices
Ansible, best practicesAnsible, best practices
Ansible, best practicesBas Meijer
 
Ansible
AnsibleAnsible
AnsibleKnoldus Inc.
 
ansible why ?
ansible why ?ansible why ?
ansible why ?Yashar Esmaildokht
 
Ansible
AnsibleAnsible
AnsibleRahul Bajaj
 
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...Simplilearn
 
Introduction to Ansible
Introduction to AnsibleIntroduction to Ansible
Introduction to AnsibleKnoldus Inc.
 
Ansible
AnsibleAnsible
AnsibleRaul Leite
 
DevOps with Ansible
DevOps with AnsibleDevOps with Ansible
DevOps with AnsibleSwapnil Jain
 
Ansible Tutorial For Beginners | What Is Ansible And How It Works? | Ansible ...
Ansible Tutorial For Beginners | What Is Ansible And How It Works? | Ansible ...Ansible Tutorial For Beginners | What Is Ansible And How It Works? | Ansible ...
Ansible Tutorial For Beginners | What Is Ansible And How It Works? | Ansible ...Simplilearn
 
Getting started with Ansible
Getting started with AnsibleGetting started with Ansible
Getting started with AnsibleIvan Serdyuk
 
Ansible for beginners
Ansible for beginnersAnsible for beginners
Ansible for beginnersKuo-Le Mei
 
Ansible
AnsibleAnsible
AnsibleKamil Lelonek
 
Windows Server 2016 First Look (Part 1)
Windows Server 2016 First Look (Part 1)Windows Server 2016 First Look (Part 1)
Windows Server 2016 First Look (Part 1)Tuan Yang
 
Hands on ansible
Hands on ansibleHands on ansible
Hands on ansiblesumit23kumar
 
Ansible is the simplest way to automate. MoldCamp, 2015
Ansible is the simplest way to automate. MoldCamp, 2015Ansible is the simplest way to automate. MoldCamp, 2015
Ansible is the simplest way to automate. MoldCamp, 2015Alex S
 
Ansible new paradigms for orchestration
Ansible new paradigms for orchestrationAnsible new paradigms for orchestration
Ansible new paradigms for orchestrationPaolo Tonin
 

More Related Content

What's hot

Automation with ansible
Automation with ansibleAutomation with ansible
Automation with ansibleKhizer Naeem
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentationKumar Y
 
Ansible, best practices
Ansible, best practicesAnsible, best practices
Ansible, best practicesBas Meijer
 
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...Simplilearn
 
Introduction to Ansible
Introduction to AnsibleIntroduction to Ansible
Introduction to AnsibleKnoldus Inc.
 
DevOps with Ansible
DevOps with AnsibleDevOps with Ansible
DevOps with AnsibleSwapnil Jain
 
Ansible Tutorial For Beginners | What Is Ansible And How It Works? | Ansible ...
Ansible Tutorial For Beginners | What Is Ansible And How It Works? | Ansible ...Ansible Tutorial For Beginners | What Is Ansible And How It Works? | Ansible ...
Ansible Tutorial For Beginners | What Is Ansible And How It Works? | Ansible ...Simplilearn
 
Getting started with Ansible
Getting started with AnsibleGetting started with Ansible
Getting started with AnsibleIvan Serdyuk
 
Ansible for beginners
Ansible for beginnersAnsible for beginners
Ansible for beginnersKuo-Le Mei
 
Windows Server 2016 First Look (Part 1)
Windows Server 2016 First Look (Part 1)Windows Server 2016 First Look (Part 1)
Windows Server 2016 First Look (Part 1)Tuan Yang
 

What's hot (20)

Ansible - Introduction
Ansible - IntroductionAnsible - Introduction
Ansible - Introduction
 
Automation with ansible
Automation with ansibleAutomation with ansible
Automation with ansible
 
Configuration Management in Ansible
Configuration Management in Ansible Configuration Management in Ansible
Configuration Management in Ansible
 
Ansible
AnsibleAnsible
Ansible
 
Ansible intro
Ansible introAnsible intro
Ansible intro
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentation
 
Ansible, best practices
Ansible, best practicesAnsible, best practices
Ansible, best practices
 
Ansible
AnsibleAnsible
Ansible
 
ansible why ?
ansible why ?ansible why ?
ansible why ?
 
Ansible
AnsibleAnsible
Ansible
 
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
 
Introduction to Ansible
Introduction to AnsibleIntroduction to Ansible
Introduction to Ansible
 
Ansible
AnsibleAnsible
Ansible
 
DevOps with Ansible
DevOps with AnsibleDevOps with Ansible
DevOps with Ansible
 
Ansible Tutorial For Beginners | What Is Ansible And How It Works? | Ansible ...
Ansible Tutorial For Beginners | What Is Ansible And How It Works? | Ansible ...Ansible Tutorial For Beginners | What Is Ansible And How It Works? | Ansible ...
Ansible Tutorial For Beginners | What Is Ansible And How It Works? | Ansible ...
 
Getting started with Ansible
Getting started with AnsibleGetting started with Ansible
Getting started with Ansible
 
Ansible for beginners
Ansible for beginnersAnsible for beginners
Ansible for beginners
 
Ansible
AnsibleAnsible
Ansible
 
Windows Server 2016 First Look (Part 1)
Windows Server 2016 First Look (Part 1)Windows Server 2016 First Look (Part 1)
Windows Server 2016 First Look (Part 1)
 
Hands on ansible
Hands on ansibleHands on ansible
Hands on ansible
 

Similar to IT Automation with Ansible

Ansible is the simplest way to automate. MoldCamp, 2015
Ansible is the simplest way to automate. MoldCamp, 2015Ansible is the simplest way to automate. MoldCamp, 2015
Ansible is the simplest way to automate. MoldCamp, 2015Alex S
 
Ansible new paradigms for orchestration
Ansible new paradigms for orchestrationAnsible new paradigms for orchestration
Ansible new paradigms for orchestrationPaolo Tonin
 
A tour of Ansible
A tour of AnsibleA tour of Ansible
A tour of AnsibleDevOps Ltd.
 
Automating Complex Setups with Puppet
Automating Complex Setups with PuppetAutomating Complex Setups with Puppet
Automating Complex Setups with PuppetKris Buytaert
 
Ansible 101 - Presentation at Ansible STL Meetup
Ansible 101 - Presentation at Ansible STL MeetupAnsible 101 - Presentation at Ansible STL Meetup
Ansible 101 - Presentation at Ansible STL MeetupJeff Geerling
 
Ansible - Swiss Army Knife Orchestration
Ansible - Swiss Army Knife OrchestrationAnsible - Swiss Army Knife Orchestration
Ansible - Swiss Army Knife Orchestrationbcoca
 
Puppet: Eclipsecon ALM 2013
Puppet: Eclipsecon ALM 2013Puppet: Eclipsecon ALM 2013
Puppet: Eclipsecon ALM 2013grim_radical
 
Automating complex infrastructures with Puppet
Automating complex infrastructures with PuppetAutomating complex infrastructures with Puppet
Automating complex infrastructures with PuppetKris Buytaert
 
Virtualization and automation of library software/machines + Puppet
Virtualization and automation of library software/machines + PuppetVirtualization and automation of library software/machines + Puppet
Virtualization and automation of library software/machines + PuppetOmar Reygaert
 
Hadoop meet Rex(How to construct hadoop cluster with rex)
Hadoop meet Rex(How to construct hadoop cluster with rex)Hadoop meet Rex(How to construct hadoop cluster with rex)
Hadoop meet Rex(How to construct hadoop cluster with rex)Jun Hong Kim
 
Nagios Conference 2014 - Mike Weber - Expanding NRDS Capabilities on Linux Sy...
Nagios Conference 2014 - Mike Weber - Expanding NRDS Capabilities on Linux Sy...Nagios Conference 2014 - Mike Weber - Expanding NRDS Capabilities on Linux Sy...
Nagios Conference 2014 - Mike Weber - Expanding NRDS Capabilities on Linux Sy...Nagios
 
20100425 Configuration Management With Puppet Lfnw
20100425 Configuration Management With Puppet Lfnw20100425 Configuration Management With Puppet Lfnw
20100425 Configuration Management With Puppet Lfnwgarrett honeycutt
 
Ansible is the simplest way to automate. SymfonyCafe, 2015
Ansible is the simplest way to automate. SymfonyCafe, 2015Ansible is the simplest way to automate. SymfonyCafe, 2015
Ansible is the simplest way to automate. SymfonyCafe, 2015Alex S
 
Automate with Ansible basic (2/e, English)
Automate with Ansible basic (2/e, English)Automate with Ansible basic (2/e, English)
Automate with Ansible basic (2/e, English)Chu-Siang Lai
 
Deploying to Ubuntu on Linode
Deploying to Ubuntu on LinodeDeploying to Ubuntu on Linode
Deploying to Ubuntu on LinodeWO Community
 
WordPress CLI in-depth
WordPress CLI in-depthWordPress CLI in-depth
WordPress CLI in-depthSanjay Willie
 
EC2 AMI Factory with Chef, Berkshelf, and Packer
EC2 AMI Factory with Chef, Berkshelf, and PackerEC2 AMI Factory with Chef, Berkshelf, and Packer
EC2 AMI Factory with Chef, Berkshelf, and PackerGeorge Miranda
 
Modern tooling to assist with developing applications on FreeBSD
Modern tooling to assist with developing applications on FreeBSDModern tooling to assist with developing applications on FreeBSD
Modern tooling to assist with developing applications on FreeBSDSean Chittenden
 

Similar to IT Automation with Ansible (20)

Ansible is the simplest way to automate. MoldCamp, 2015
Ansible is the simplest way to automate. MoldCamp, 2015Ansible is the simplest way to automate. MoldCamp, 2015
Ansible is the simplest way to automate. MoldCamp, 2015
 
Ansible new paradigms for orchestration
Ansible new paradigms for orchestrationAnsible new paradigms for orchestration
Ansible new paradigms for orchestration
 
A tour of Ansible
A tour of AnsibleA tour of Ansible
A tour of Ansible
 
Automating Complex Setups with Puppet
Automating Complex Setups with PuppetAutomating Complex Setups with Puppet
Automating Complex Setups with Puppet
 
Hadoop on osx
Hadoop on osxHadoop on osx
Hadoop on osx
 
Ansible 101 - Presentation at Ansible STL Meetup
Ansible 101 - Presentation at Ansible STL MeetupAnsible 101 - Presentation at Ansible STL Meetup
Ansible 101 - Presentation at Ansible STL Meetup
 
Ansible - Swiss Army Knife Orchestration
Ansible - Swiss Army Knife OrchestrationAnsible - Swiss Army Knife Orchestration
Ansible - Swiss Army Knife Orchestration
 
Puppet: Eclipsecon ALM 2013
Puppet: Eclipsecon ALM 2013Puppet: Eclipsecon ALM 2013
Puppet: Eclipsecon ALM 2013
 
Automating complex infrastructures with Puppet
Automating complex infrastructures with PuppetAutomating complex infrastructures with Puppet
Automating complex infrastructures with Puppet
 
Virtualization and automation of library software/machines + Puppet
Virtualization and automation of library software/machines + PuppetVirtualization and automation of library software/machines + Puppet
Virtualization and automation of library software/machines + Puppet
 
DevOps for database
DevOps for databaseDevOps for database
DevOps for database
 
Hadoop meet Rex(How to construct hadoop cluster with rex)
Hadoop meet Rex(How to construct hadoop cluster with rex)Hadoop meet Rex(How to construct hadoop cluster with rex)
Hadoop meet Rex(How to construct hadoop cluster with rex)
 
Nagios Conference 2014 - Mike Weber - Expanding NRDS Capabilities on Linux Sy...
Nagios Conference 2014 - Mike Weber - Expanding NRDS Capabilities on Linux Sy...Nagios Conference 2014 - Mike Weber - Expanding NRDS Capabilities on Linux Sy...
Nagios Conference 2014 - Mike Weber - Expanding NRDS Capabilities on Linux Sy...
 
20100425 Configuration Management With Puppet Lfnw
20100425 Configuration Management With Puppet Lfnw20100425 Configuration Management With Puppet Lfnw
20100425 Configuration Management With Puppet Lfnw
 
Ansible is the simplest way to automate. SymfonyCafe, 2015
Ansible is the simplest way to automate. SymfonyCafe, 2015Ansible is the simplest way to automate. SymfonyCafe, 2015
Ansible is the simplest way to automate. SymfonyCafe, 2015
 
Automate with Ansible basic (2/e, English)
Automate with Ansible basic (2/e, English)Automate with Ansible basic (2/e, English)
Automate with Ansible basic (2/e, English)
 
Deploying to Ubuntu on Linode
Deploying to Ubuntu on LinodeDeploying to Ubuntu on Linode
Deploying to Ubuntu on Linode
 
WordPress CLI in-depth
WordPress CLI in-depthWordPress CLI in-depth
WordPress CLI in-depth
 
EC2 AMI Factory with Chef, Berkshelf, and Packer
EC2 AMI Factory with Chef, Berkshelf, and PackerEC2 AMI Factory with Chef, Berkshelf, and Packer
EC2 AMI Factory with Chef, Berkshelf, and Packer
 
Modern tooling to assist with developing applications on FreeBSD
Modern tooling to assist with developing applications on FreeBSDModern tooling to assist with developing applications on FreeBSD
Modern tooling to assist with developing applications on FreeBSD
 

Recently uploaded

What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 

Recently uploaded (20)

What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 

IT Automation with Ansible

  • 2. About Me • 1993 - 1997 KSU • 1997 - 1999 ISU KACST • 1999 - 2001 GWU • 2001 - 2007 SAUDI NET • 2008 - 2011 CITC • 2011 - Now WireFilter
  • 3. Linux Admin Accounts • root user • Superuser, can do anything • Dangerous, please don’t use it! • sudo • Better accountability • Fine tune permissions root# rm /var/db/mysql user1$ sudo visudo : # Members of the admin group may gain root privileges %admin ALL=(ALL) ALL : Cmnd_Alias APTITUDE = /usr/bin/aptitude update, /usr/ bin/aptitude upgrade user1 ALL=(ALL) NOPASSWD: APTITUDE user1$ sudo aptitude update … no password needed! user1$ sudo rm /var/lib/mysql Password: : user1$ sudo rm /var/lib/postgresql … no password for few minutes …
  • 4. What is SSH • SSH have more goodies: • Access using Keys / Password less • Compression • Secure File Transfer (scp, sftp) • Tunneling SSH is acronym for Secure Shell telnet = clear text SSH = encrypted
  • 5. SSH Keys authorized_keys server1 host1 id_rsa id_rsa.pub id_rsa.pub host2 id_rsa id_rsa.pub host1$ ssh-keygen This will create 2 files: id_rsa : private key id_rsa.pub : public key id_rsa.pub host1$ ssh-copy-id server1 add id_rsa.pub to server authorized_keys (Password is needed) host1$ ssh server1 No Password!!
  • 6. Poor Man’s Administration $ ssh www1.example.com www1$ sudo vi /etc/resolv.conf www1$ sudo apt-get install nginx : $ $ ssh www2.example.com www2$ sudo vi /etc/resolv.conf www2$ sudo apt-get install nginx : $ $ ssh www3.example.com www3$ sudo vi /etc/resolv.conf www3$ sudo apt-get install nginx : : : etc … • Connecting to each server one by one • Time consuming • Repetitive & error prone • Not Reproducible • No way to track changes!
  • 7. Poor Man’s Automation #!/bin/sh HOSTS=" www1.rayed.com www2.rayed.com www3.rayed.com db1.rayed.com db2.rayed.com " for host in $HOSTS do # Copy DNS settings to all servers scp resolv.conf $host:/etc/resolv.conf # Install Nginx ssh $host “sudo apt-get install nginx” done • Loop in a shell script • Hard to write • Hard to maintain • Error prone
  • 8. What is Ansible? • IT Automation Tool • Open Source / Commercial support available • No server on Management Node • No agent on Managed Nodes • Uses ssh; no special ports, passwords, or keys • No need to install on dedicated machine • Easy to Install, Learn and Use
  • 9. Installation • Linux:
 $ sudo easy_install pip
 $ sudo pip install ansible • OSX:
 $ brew update
 $ brew install ansible
  • 10. Inventory • List of machine you want to manage • Location: • Default: /etc/ansible/host • export ANSIBLE_HOST=my_hosts • Use -i option: ansible -i my_hosts • Defined in ansible.cfg • Dynamic Inventory: Ask AWS, Linode, DigitalOcean, your own script! # file: ansible_hosts mail.example.com [webservers] www[1:5].example.com [dbservers] db-[a:d].example.com # file: ansible.cfg [defaults] hostfile = ./ansible_hosts
  • 12. Ad-Hoc Commands • Do something quick, not worth saving! • Not worth writing a Playbook for • e.g.: shutdown a lab! • Examples: ansible all -i ansible_hosts -m ping ansible all -m ping ansible webservers -m ping ansible www1.example.com -m ping ansible all -m command —a date ansible all -a date ansible all -a reboot ansible all -a reboot -s ansible all -a reboot -s -K
  • 13. module: ping • Check connectivity • If you can ssh you can ping:
 $ ssh user@host • You can specify group or “all” • Execute in parallel $ ansible webservers -m ping www1.example.com | success >> { "changed": false, "ping": "pong" } $ ansible www404.example.com -m ping www404.example.com | FAILED => SSH encountered an unknown error during the connection. We recommend you re-run the command using -vvvv, which will enable SSH debugging output to help diagnose the issue
  • 14. module: setup • Get tons of information about the machine • Name, Disks, IP, OS version, etc … • Can be used for conditional operations $ ansible www1.example.com -m setup www1.example.com | success >> { "ansible_facts": { "ansible_all_ipv4_addresses": [ "178.79.182.89" ], "ansible_all_ipv6_addresses": [ "2a01:7e00::f03c:91ff:fe70:5c6a", "fe80::f03c:91ff:fe70:5c6a" ], "ansible_architecture": "x86_64", "ansible_bios_date": "NA", "ansible_bios_version": "NA", :
  • 15. module: command • Execute command on remote machine • e.g. reboot $ ansible www1.example.com -m command -a “echo hello” www1.example.com | rc=0 >> { hello $ ansible www1.example.com -a “echo hello” www1.example.com | rc=0 >> { hello
  • 16. module: apt • Package management for Debian & Ubuntu • Install, Uninstall, Update • There is also “yum” module for RedHat, CentOS, and Fedora. • You might need: • -s : command need sudo • -K : Ask for sudo password $ ansible www1.example.com -m apt -a “name=nginx state=present” $ ansible www1.example.com -m apt -a “update_cache=yes upgrade=safe”
  • 17. Other Interesting Modules • user: Manage user accounts • lineinfile: Ensure a particular line is in a file, or replace an existing line using a back-referenced regular expression. • copy: Copies files to remote locations. • template: Templates a file out to a remote server.
  • 18. Other Interesting Modules • authorized_key: Adds or removes an SSH authorized key • service: Manage services, start/stop/restart/ restart on reboot. • mysql_db, mysql_user, postgresql_db, postgresql_user: Can you guess it! • git: Deploy software (or files) from git checkouts
  • 20. What is a Playbook • Ansible’s configuration, deployment, and orchestration language. • Modules are the tools in your workshop, Playbooks are your design plans. • YAML! --- # An employee record name: Example Developer job: Developer skill: Elite employed: True foods: - Apple - Orange - Strawberry - Mango languages: ruby: Elite python: Elite dotnet: Lame
  • 21. Playbook Example --- - hosts: webservers #remote_user: root sudo: yes tasks: - name: Install Nginx apt: name=nginx state=present - name: Copy static site copy: src=files/my_site dest=/var/www - name: Configure Nginx template: src=files/nginx_site.conf dest=/etc/nginx/new_site.conf notify: my_nginx_reload handlers: - name: my_nginx_reload service: name=nginx state=restarted my_playbook.yml ansible-playbook my_playbook.yml -KExecute Playbook
  • 22. Variables • Defined • Inventory • Playbook • Discovered (Facts) • Use # playbook - hosts: webservers vars: http_port: 80 # inventory file host1 http_port=80 [webservers:vars] http_port=80 # facts : "ansible_distribution": "Ubuntu", "ansible_distribution_release": "precise", "ansible_distribution_version": “12.04", : # in playbook template: src=foo.cfg.j2 dest={{ remote_install_path }}/foo.cfg # in template files server { listen 80; root /var/www/my_site; index index.html index.htm; server_name {{ ansible_default_ipv4.address }}; }
  • 23. Conditions • Use Variables & Facts • Conditional Tasks • Conditional Includes • Conditional Roles - name: Install Apache (Ubuntu) apt: name=apache state=latest when: ansible_os_family == ‘Debian’ - name: Install Apache (CentOS) yum: name= httpd state=latest when: ansible_os_family == ‘RedHat’ - include: tasks/sometasks.yml when: "'reticulating splines' in output" - hosts: webservers roles: - { role: debian_stock_config, when: ansible_os_family == 'Debian' }
  • 24. Loops # With Loops - name: Install Packages apt: name={{item}} state=present with_items: - iptables-persistent - fail2ban - exim4-daemon-light - apticron - git - figlet - nginx # Without Loops - name: Install Packages apt: name= fail2ban state=present - name: Install Packages apt: name= apticron state=present - name: Install Packages apt: name= git state=present - name: Install Packages apt: name= figlet state=present - name: Install Packages apt: name= nginx state=present # Loop with Hash (Dictionary) - name: add several users user: name={{ item.name }} state=present groups={{ item.groups }} with_items: - { name: 'testuser1', groups: 'wheel' } - { name: 'testuser2', groups: 'root' } Other Loop Types Available
  • 25. Vault • Ansible + GIT • What about passwords? ansible-playbook site.yml —ask-vault-pass ansible-playbook site.yml --vault-password-file ~/.vault_pass.txt $ANSIBLE_VAULT;1.1;AES256 35373133613062323636623536666439396531656662313262326562353261376435343934346433 3563333532333362303430323666313931376138623437380a623461636265633561313064313564 37666561306661663237323466343166653738633765383666383066396234646539633565373636 3961643731363130340a336465666334633839333061356439316237323262633364613037623164 3965 ansible-vault create site.yml ansible-vault edit site.yml
  • 26. –Anonymous “A lazy sysadmin is the best admin”
  • 27. More • http://www.ansible.com/ • http://docs.ansible.com/ • https://galaxy.ansible.com/ • http://docs.ansible.com/list_of_all_modules.html