Ansible for Beginners

Daniel Banck, @dbanck

#bcki14

Automatisierte

  • Erzeugung von Servern
  • Installation von Software
  • Konfiguration von Software
  • Deployments

Ansible

  • Open Source (~7k ★s)
  • Python
    • mit Modulen in beliebigen Sprachen
  • YAML → SSH
  • Ansible Inc.
    • Ansible Tower
    • Ansible Guru
    • Ansible Consulting & Training

Alternativen

  • Chef
    • große Ruby-Runtime
    • Polling an Master-Server
    • furchtbare Stacktraces
  • Puppet
    • große Ruby-Runtime
    • Polling an Master-Server
    • eigene DSL
    • nicht-deterministisch
  • Salt Stack

Installation

(oder via yum, apt, aura, brew, source...)

pip install ansible

Struktur

Modul

  • große Sammlung an Standardmodulen
  • Ausfuehrung:
    • direkt auf einem Host
    • via Playbooks (spaeter mehr)
  • eigene Module moeglich
    • JSON Eingabe, JSON Ausgabe
ansible webservers -m service -a "name=httpd state=started"
ansible webservers -m ping
ansible webservers -m command -a "/sbin/reboot -t now"

Inventory

  • Besteht aus Hosts und Groups
  • dynamisch oder statisch
    • Scripts fuer ec2, linode, uvm.
mail.example.com

[webservers]
foo.example.com
bar.example.com

[dbservers]
one.example.com
two.example.com
three.example.com

Variablen

  • Host spezifische
  • Gruppen spezifische
  • "ansible-vault" fuer Verschluesselung
---
ntp_server: acme.example.org
database_server: storage.example.org

Templates

  • Jinja2
    • Schleifen, Filter, uvm.
  • Variablen
  • bzw. Webserverconfig
server {
        listen [::]:80;
        server_name {{ server_name }};

        index  index.html;

        access_log /home/www/{{ user }}/logs/access.log;
        error_log /home/www/{{ user }}/logs/error.log;
}

Playbook

---
- hosts: webservers
  vars:
    http_port: 80
    max_clients: 200
  remote_user: root
  tasks:
  - name: ensure apache is at the latest version
    yum: pkg=httpd state=latest
  - name: write the apache config file
    template: src=/srv/httpd.j2 dest=/etc/httpd.conf
    notify:
    - restart apache
  - name: ensure apache is running
    service: name=httpd state=started
  handlers:
    - name: restart apache
      service: name=httpd state=restarted

Roles

  • Paket aus Playbooks, Variablen und Stuktur
  • Enthalten
    • tasks
    • handlers
    • templates
    • files
    • ...

Environments

  • Enthalten
    • Host Vars
    • Group Vars
    • inventory
  • z.B. development, staging, ci, production
production/               # production environment
    group_vars/
       group1             # here we assign variables to particular groups
    host_vars/
       hostname1          # if systems need specific variables, put them here
    inventory
staging/

site.yml                  # master playbook
webservers.yml            # playbook for webserver tier
dbservers.yml             # playbook for dbserver tier

roles/
    common/               # this hierarchy represents a "role"
        tasks/            #
            main.yml      #  <-- tasks file can include smaller files
        handlers/         #
            main.yml      #  <-- handlers file
        templates/        #  <-- files for use with the template resource
            ntp.conf.j2   #  <------- templates end in .j2
        files/            #
            bar.txt       #  <-- files for use with the copy resource
            foo.sh        #  <-- script files for use with the script resource

    webtier/              # same kind of structure as "common" was above
    monitoring/           # ""
    fooapp/               # ""

Code.

Ansible Galaxy

Ansible Generator

coming soon™

Immutable Server

Ressourcen

  • https://github.com/dbanck/ansible-bcki14
  • http://docs.ansible.com/
  • http://docs.ansible.com/playbooks_best_practices.html
  • http://docs.ansible.com/playbooks_vault.html
  • https://galaxy.ansible.com/
Made with Slides.com