Ansible Workshop

Ansible is a radically simple IT automation engine that automates cloud provisioning, configuration management, application deployment, intra-service
orchestration, and many other IT needs.

What is Ansible ?

Being designed for multi-tier deployments since day one, Ansible models your IT
infrastructure by describing how all of your systems inter-relate, rather than
just managing one system at a time.

Design

It uses no agents and no additional custom security infrastructure, so it's
easy to deploy - if SSH and Python works then ansible works.

No Agent

Install ansible

The easy way

git clone https://github.com/novafloss/ansible-setup.py

./setup.sh

vagrant up

  1. Install python-virtualenv and git
  2. Create a Python isolated environment
  3. Activate the environment in this shell
  4. Install ansible's devel version
  5. Also install ansible role manager

Install Ansible

The hard way

sudo apt-get install git python-virtualenv
virtualenv ~/ansible_env
source ~/ansible_env/bin/activate
pip install -e git+https://github.com/ansible/ansible.git#egg=ansible

Because you are awesome

Terminology

Add health checks at the end of plays

Host

Group

Inventory

Fact

Module

Task

Role

Play

Playbook

Idempotence

Testing

A server, ie. db-0

Several servers, ie. db

DB of hosts, groups and variables, ie. prod

Variables generated from hosts, ie. num_cpu

Actual execution script, ie. user, template, etc

A Module + arguments, ie. user { name: norris }

Named group of tasks

Execution of tasks on a host group

File with one or more plays

Re-running doesn't change anything

project layout

  • db-update.yml
  • worker-update.yml
    
  • production
  • staging
  • host_vars/
    • ​all 
    • db-0
  • ​group_vars/
    • ​all
    • lb
      
  • roles/
    • db/
      • ​tasks/
      • defaults/
      • files/
      • templates/
    • lb/
    • worker/

Playbooks

Inventories

System-specific variables

Group-specific variables

Roles

Inventories

Static inventory

Dynamic inventory

[bastion]
bastion.example.com

[website]
web-[01-50].example.com

[loadbalancer]
lb-[a-f].example.com

[website:vars]
ansible_ssh_common_args='
    -o ProxyCommand="
        ssh -W %h:%p \ 
        -q %r@10.0.0.123
    "
'
{
    "loadbalancer": {
        "hosts": [
            "lb-a.example.com", 
            "lb-b.example.com"
        ], 
        "vars": {
            "custom_group_var": true
        }
    }, 
    "_meta": {
        "hostvars": {
            "lb-0.example.com": {
                "custom_host_var": "bar"
            }
        }
    }
}

Playbooks

---

- hosts: all
  vars:
    some_var: bar
  
  pre_tasks:
  - name: Some command
    shell: some_command
    register: some_command

  roles:
  - some_role
  - role: some_role
    some_role_var: other_var

  post_tasks:
  - debug: var=some_command

- hosts: loadbalancer
  tasks:
  - cron: 
      name: check dirs 
      minute: 0
      hour: 5,2
      job: ls -alh > /dev/null

Play

YAML marker

Module

Task

Awesome debug module

Role call with var override

Installing roles

A role is a named group of tasks

novafloss.boot

Static inventory

dynamic infrastructure !

[flow]
flow.lxc lxc_template_options='-r jessie'

[rabbitmq]
rabbitmq.lxc

[redis]
redis.lxc
---
- hosts: localhost
  become: true
  become_user: root
  become_method: sudo
  roles:
  - novafloss.boot

- hosts: redis
  roles:
  - role: geerlingguy.redis
  post_tasks:
  - name: Ensure redis was started
    wait_for: port=6379 timeout=10 host=0.0.0.0

- hosts: flow
  vars:
    flow_log_level: DEBUG
  roles:
  - novafloss.oracle-java
  - role: pdoc.apt
    apt_repositories:
    - deb http://debian.example.com/ jessie example-repo
  - flow
$ sudo lxc-ls -f
NAME                   STATE   IPV4
rabbitmq               RUNNING 10.0.30.45
redis                  RUNNING 10.0.30.46
flow                   RUNNING 10.0.30.47
ansible-playbook -i inventory playbook.yml

Getting started with novafloss.oracle-java

deploying flow

Made with Slides.com