Ansible 2

Cloud Modules
Guido García · @palmerabollo · 2015

Ansible is an automation tool

Ansible works by running a playbook against a set of hosts (inventory), organized into groups.

Agentless

Ansible works by running a playbook against a set of hosts (inventory), organized into groups.

inventory.ini

[myservers]
10.95.82.182

playbook.yml

- hosts: myservers
  remote_user: cloud-user

  tasks:
    - name: Run a simple task
      command: ls
> ansible-playbook playbook.yml -i inventory.ini -v

Hello World

inventory.ini

[myservers]
10.95.82.182

playbook_redis.yml

- hosts: myservers
  remote_user: cloud-user
  sudo: true

  tasks:
    - name: Install redis
      yum: name=redis

    - name: Create redis group
      group: name=redis

    - name: Create redis user
      user: name=redis group=redis

    - name: Create log folder
      file: path=/var/log/redis state=directory
            owner=redis group=redis mode=0700 

    - name: Start redis
      service: name=redis state=started



> ansible-playbook playbook_redis.yml -i inventory.ini

Some modules

inventory.ini

[myservers]
10.95.82.182

playbook_config.yml

- hosts: myservers
  remote_user: cloud-user
  sudo: true

  tasks:
    - name: Install nodejs package
      npm: name={{ pkg }} global=yes

> ansible-playbook playbook_config.yml -i inventory.ini -e @config.yml
config.yml

pkg: rest-confidence

Variables

inventory.ini

[myservers]
10.95.82.182

playbook_config.yml

- hosts: myservers
  remote_user: cloud-user
  sudo: true

  tasks:
  - name: Install mongo
    yum: name={{ item }} state=installed
    with_items:
      - mongodb-org
      - mongodb-org-server
      - mongodb-org-shell
      - mongodb-org-mongos
      - mongodb-org-tools

 

Loops

inventory.ini

[myservers]
10.95.82.182

playbook_role.yml

- hosts: myservers
  remote_user: cloud-user
  sudo: true

  roles:
    - role: bennojoy.ntp
      ntp_server: [1.ubuntu.pool.ntp.org]

> ansible-galaxy install bennojoy.ntp -p ./roles
> ansible-playbook playbook_role.yml -i inventory.ini

Roles

A role is the Ansible way of bundling automation content and making it reusable.

https://galaxy.ansible.com/

Ansible Modules

Ansible 2.x
(alpha 2)

Cloud Modules

Network Modules

Solaris Zones

openvswitch, F5, etc

Openstack: 21 modules

- hosts: localhost
  connection: local

  tasks:
    - name: Create security group (basic_access)
      os_security_group:
        name: basic_access
        description: Basic access (ssh)
        state: present

    - name: Create ssh security group rule
      os_security_group_rule:
        security_group: basic_access
        protocol: tcp
        port_range_min: 22
        port_range_max: 22
        remote_ip_prefix: 0.0.0.0/0
[...]

    - name: Create a new instance
      os_server:
        name: demo
        image: tdaf-base-server
        flavor_ram: 512
        key_name: tdaf
        security_groups: basic_access
        nics:
          - net-name: private_management
          - net-name: private_external
        auto_floating_ip: false
      register: instance
[...]

    - name: Create a volume
      os_volume:
        size: 5
        display_name: data-volume

    - name: Attach volume to host
      os_server_volume:
        server: "{{ instance.id }}"
        volume: data-volume
        device: /dev/vdb

Demo

dynamic infrastructure

ansible-boilerplate

A template to automate your deployments with Ansible. Work less, live more.

  • Common project structure
  • Dynamic inventory
  • EPG & DSN ready
> export OS_AUTH_URL=https://prod-epg-ostlb-vip.hi.inet:5000/v2.0
> export OS_USERNAME=guido
> export OS_TENANT_NAME=349-techunit
> export OS_CACERT=openstack/ca_openstack_epg.crt
> export OS_PASSWORD=1234

 

> git clone git@pdihub.hi.inet:ansible-roles/tdigital-ansible-boilerplate.git

> ansible-galaxy install -r requirements.yml -p ./roles
> ansible-playbook playbook.yml -e @config.yml

end

https://pdihub.hi.inet/ansible-roles

Reusable ansible roles. Do yourself a favor and save some time. This org is open to contributions.

 

TDAF roles