Ansible

• Open Source (~7k ★s)
• Python
  • mit Modulen in beliebigen Sprachen
• YAML → SSH
• Ansible Inc.
  • Ansible Tower
  • Ansible Guru
  • Ansible Consulting & Training

Alternativen

• Chef
  • große Ruby-Runtime
  • Polling an Master-Server
  • furchtbare Stacktraces
• Puppet
  • große Ruby-Runtime
  • Polling an Master-Server
  • eigene DSL
  • nicht-deterministisch
• Salt Stack

Struktur

Modul

• große Sammlung an Standardmodulen
• Ausfuehrung:
  • direkt auf einem Host
  • via Playbooks (spaeter mehr)
• eigene Module moeglich
  • JSON Eingabe, JSON Ausgabe

ansible webservers -m service -a "name=httpd state=started"
ansible webservers -m ping
ansible webservers -m command -a "/sbin/reboot -t now"

Inventory

• Besteht aus Hosts und Groups
• dynamisch oder statisch
  • Scripts fuer ec2, linode, uvm.

mail.example.com

[webservers]
foo.example.com
bar.example.com

[dbservers]
one.example.com
two.example.com
three.example.com

Variablen

• Host spezifische
• Gruppen spezifische
• "ansible-vault" fuer Verschluesselung

---
ntp_server: acme.example.org
database_server: storage.example.org

Templates

• Jinja2
  • Schleifen, Filter, uvm.
• Variablen
• bzw. Webserverconfig

server {
        listen [::]:80;
        server_name {{ server_name }};

        index  index.html;

        access_log /home/www/{{ user }}/logs/access.log;
        error_log /home/www/{{ user }}/logs/error.log;
}

Playbook

---
- hosts: webservers
  vars:
    http_port: 80
    max_clients: 200
  remote_user: root
  tasks:
  - name: ensure apache is at the latest version
    yum: pkg=httpd state=latest
  - name: write the apache config file
    template: src=/srv/httpd.j2 dest=/etc/httpd.conf
    notify:
    - restart apache
  - name: ensure apache is running
    service: name=httpd state=started
  handlers:
    - name: restart apache
      service: name=httpd state=restarted

Roles

• Paket aus Playbooks, Variablen und Stuktur
• Enthalten
  • tasks
  • handlers
  • templates
  • files
  • ...

Environments

• Enthalten
  • Host Vars
  • Group Vars
  • inventory
• z.B. development, staging, ci, production

production/               # production environment
    group_vars/
       group1             # here we assign variables to particular groups
    host_vars/
       hostname1          # if systems need specific variables, put them here
    inventory
staging/

site.yml                  # master playbook
webservers.yml            # playbook for webserver tier
dbservers.yml             # playbook for dbserver tier

roles/
    common/               # this hierarchy represents a "role"
        tasks/            #
            main.yml      #  <-- tasks file can include smaller files
        handlers/         #
            main.yml      #  <-- handlers file
        templates/        #  <-- files for use with the template resource
            ntp.conf.j2   #  <------- templates end in .j2
        files/            #
            bar.txt       #  <-- files for use with the copy resource
            foo.sh        #  <-- script files for use with the script resource

    webtier/              # same kind of structure as "common" was above
    monitoring/           # ""
    fooapp/               # ""

Ansible Galaxy

Ansible Generator

coming soon™

Immutable Server