Ansible pour le cloud
PHP Tour Luxembourg 12/05/15
Maxime Thoonsen
![](https://s3.amazonaws.com/media-p.slid.es/uploads/maximethoonsen/images/772102/ansible.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1283682/Chef_Vertical_CCan_Reg.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1283681/puppet-labs-logo.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/maximethoonsen/images/772102/ansible.png)
Ansible est un framework d'automatisation de tâches
![](https://s3.amazonaws.com/media-p.slid.es/uploads/maximethoonsen/images/1218079/whyansible.png)
Ansible est simple
“La perfection est atteinte, non pas lorsqu'il n'y a plus rien à ajouter, mais lorsqu'il n'y a plus rien à retirer.”.
- Antoine de Saint-Exupéry
Sans agent à installer
Local
Serveur distant
Commande Ansible
Modules de bases
apt, template, shell, ...
mongodb, mysql, ...
Ecrire du Ansible
YAML
Template en jinja2 (Twig)
Un script Ansible
hosts/
roles/
vars/
playbook.yml
Playbook
---
- name: Symfony app
hosts: all
vars_files:
- vars/main.yml
- vars/fail2ban.yml
- vars/iptables.yml
sudo: yes
roles:
- common
- { role: ANXS.mysql, tags: mysql }
- nginx-symfony
- php
- composer
- nickjj.fail2ban
- Stouts.iptables
Un script Ansible
hosts/
roles/
vars/
playbook.yml
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1276243/mysql_role.png)
Rôle
Rôle
roles/mysql/
defaults/
handlers/
tasks/
template/
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1283726/ansible_task_nginx.png)
- Nom
- Module
Tâche
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1283762/ansible_condition_simple_standard.png)
Tâche + Condition
Handlers
roles/mysql/
defaults/
handlers/
tasks/
template/
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1283731/ansible_handler_simple.png)
Tâche + Handler
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1283824/ansible_reload_handler_format.png)
Les variables
hosts/
roles/
vars/
playbook.yml
Les variables
roles/mysql/
defaults/
handlers/
tasks/
template/
![](https://s3.amazonaws.com/media-p.slid.es/uploads/maximethoonsen/images/771625/ansible-vars.png)
Les variables
Tâche + Variables
- name: Ensure PHP packages are installed
apt: name={{ item }} state=installed
with_items: php_packages
- name: Create mods-available directory
file:
path={{ php_conf_basepath }}/mods-available
state=directory
Rôle
mysql/
defaults/
handlers/
tasks/
template/
Tâche + Template
- name: add server main conf
template:
src=etc/nginx/conf.d/conf
dest=/etc/nginx/conf.d/main.conf
notify: restart-nginx
Template
![](https://s3.amazonaws.com/media-p.slid.es/uploads/maximethoonsen/images/771602/ansible-template.png)
Le cloud ?
![](https://s3.amazonaws.com/media-p.slid.es/uploads/maximethoonsen/images/1217985/qui_veut_gagner_des_millions.jpg)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/maximethoonsen/images/1217929/modele_cloud.png)
Modules natifs pour IAAS
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1283642/rackspace.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1366285/aws_logo.jpg)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1366297/gce.jpg)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1366303/azure.jpg)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1366315/openstack-logo2.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1366327/digitalocean.png)
Modules de gestion de VM
# Amazon Elastic Compute Cloud
# création de 3 VMs ubuntu
- ec2:
key_name: mykey
instance_type: t2.micro
image: ubuntu-1204-lts
wait: yes
group: webserver
count: 3
assign_public_ip: yes
Modules de gestion de VM
# Openstack
# Assign a floating ip to the instance
- quantum_floating_ip:
login_username=admin
login_password=admin
login_tenant_name=admin
network_name=external_network
instance_name=vm1
Les serveurs
hosts/
roles/
vars/
playbook.yml
Inventaires
#groupe
[paris]
75.0.0.1
75.0.0.2
[bretagne]
22.22.22.22
29.29.29.29
#groupe de groupes
[france:children]
paris
bretagne
Variables serveur/groupe
---
#hosts/host_var/bretagne
serveur_name: prod.bzh
mysql_pwd: crepes
Ansible vault
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1300792/ansible_vault_format.png)
Heartbleed
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1325173/Heart-Bleed-Patch-2-by-Merlin2525.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1325173/Heart-Bleed-Patch-2-by-Merlin2525.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1325173/Heart-Bleed-Patch-2-by-Merlin2525.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1325173/Heart-Bleed-Patch-2-by-Merlin2525.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1325173/Heart-Bleed-Patch-2-by-Merlin2525.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1325173/Heart-Bleed-Patch-2-by-Merlin2525.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1325173/Heart-Bleed-Patch-2-by-Merlin2525.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1325173/Heart-Bleed-Patch-2-by-Merlin2525.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1325173/Heart-Bleed-Patch-2-by-Merlin2525.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1325173/Heart-Bleed-Patch-2-by-Merlin2525.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1325173/Heart-Bleed-Patch-2-by-Merlin2525.png)
Heartbleed
- hosts: france
sudo: yes
tasks:
- name: Update OpenSSL and OpenSSH (Debian)
apt: name={{ item }} state=latest update_cache=yes
with_items:
- openssl
- openssh-client
- openssh-server
post_tasks:
- name: Reboot servers
command: reboot
Ansible Tower
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1331220/ansible-tower1.png)
Ansible Tower
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1331226/ansible-tower-manage.png)
DevOps et Ansible
dans le cloud
![](https://s3.amazonaws.com/media-p.slid.es/uploads/maximethoonsen/images/758464/DevOpsDays.png)
Le DevOps c'est l'amélioration continue du flux développement-production et non quelques outils spécifiques.
- Dave Roberts
![](https://s3.amazonaws.com/media-p.slid.es/uploads/maximethoonsen/images/931829/arton1856.jpg)
Communication
![](https://s3.amazonaws.com/media-p.slid.es/uploads/maximethoonsen/images/758469/WallOfConfusion.png)
Compréhension
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1281726/cerveau-_change.jpg)
Amélioration continue
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1283607/buildmeasurelearn.jpg)
Embarquer toute la chaîne
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1364248/devopssec.png)
Le provisioning automatique de serveurs, un bon moyen de faire du DevOps(ArchSec)
PROD
PREPROD
STAGING
LOCAL
![](https://s3.amazonaws.com/media-p.slid.es/uploads/maximethoonsen/images/758525/Vagrant.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1283642/rackspace.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1283632/ubuntu-logo32.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1283632/ubuntu-logo32.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1283632/ubuntu-logo32.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1283632/ubuntu-logo32.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1283634/symfony_black_031.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1283634/symfony_black_031.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1283634/symfony_black_031.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1283634/symfony_black_031.png)
Provisioning de serveurs
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1283642/rackspace.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1283642/rackspace.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/maximethoonsen/images/758764/machines.jpg)
M PROD + N PREPROD + P STAGING + Q DEV =
PROD
PREPROD
STAGING
LOCAL
![](https://s3.amazonaws.com/media-p.slid.es/uploads/maximethoonsen/images/758525/Vagrant.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1283642/rackspace.png)
Provisioning avec Ansible
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1283642/rackspace.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1283642/rackspace.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/maximethoonsen/images/772102/ansible.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/maximethoonsen/images/772093/Vagrant.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/maximethoonsen/images/772102/ansible.png)
Vagrantfile
# Ansible
config.vm.provision "ansible" do |ansible|
ansible.sudo = true
ansible.playbook = "provision/playbook.yml"
ansible.limit = "vagrant" # hosts group
ansible.inventory_path = "provision/hosts/vagrant"
ansible.verbose = "v" #Use vvvv to get more log
end
Ansible et Docker
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1331617/ansible_docker_blog_together.png)
Gestion de l'OS du serveur
![](https://s3.amazonaws.com/media-p.slid.es/uploads/maximethoonsen/images/772102/ansible.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1331274/docker_small_v-dark.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1283632/ubuntu-logo32.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1283634/symfony_black_031.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1331274/docker_small_v-dark.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1331274/docker_small_v-dark.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1283634/symfony_black_031.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1283634/symfony_black_031.png)
Gérer les containers
![](https://s3.amazonaws.com/media-p.slid.es/uploads/maximethoonsen/images/772102/ansible.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1331274/docker_small_v-dark.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1283632/ubuntu-logo32.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1283634/symfony_black_031.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1331274/docker_small_v-dark.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1331274/docker_small_v-dark.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1283634/symfony_black_031.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1283634/symfony_black_031.png)
Module de base Docker
# Ensure that a data container
# with the name "mydata" exists.
- name: data container
docker:
name: mydata
image: busybox
state: present
volumes:
- /data
Ansible in Dockerfile
#Sécurité
FROM ubuntu
COPY ./symfony-ansible /ansible
RUN install_ansible.sh
RUN ansible-playbook -i "localhost," \
-c local /ansible/provisioning/playbook.yml
CMD ["start.sh"]
Démarrez maintenant !
![](https://s3.amazonaws.com/media-p.slid.es/uploads/simonconstans/images/627918/ansible-galaxy-screenshot.png)
Rejoignez nous !
![](https://s3.amazonaws.com/media-p.slid.es/uploads/maximethoonsen/images/932013/screenshot_-github4.png)
fansible
![](https://s3.amazonaws.com/media-p.slid.es/uploads/201766/images/1283634/symfony_black_031.png)
Feedback
-
Les devs aiment Ansible !
-
Les sysadmins moins
-
J'adore le provisioning !
-
Ansible est facile à apprendre
Questions ?
![](https://s3.amazonaws.com/media-p.slid.es/uploads/maximethoonsen/images/772606/questions.jpg)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/maximethoonsen/images/1217797/theodo.jpg)
@maxthoon
https://slides.com/maximethoonsen