Manage your prod with Ansible and Docker

Simon  C.

@kos_si

Maxime Thoonsen

@maxthoon

Short projects

Many new people

ISO PROD

Continuous Delivery

PROD

PREPROD

STAGING

LOCAL

ISO PROD

 PROD + PREPROD + STAGING + DEV =

PROD

PREPROD

STAGING

LOCAL

Automated Provisioning

2013/2014

8 hours to prod

Ansible is a automation framework

Agentless

SSH

Modules

apt, template, shell, ...
mongodb, mysql, ...

Writing Ansible

YAML

jinja2 templating

Architecture

hosts/

roles/

vars/

playbook.yml

Playbook

---
- name: Symfony app
  hosts: all
  vars_files:
    - vars/main.yml
  sudo: yes
  roles:
    - common       
    - ANXS.mysql
    - nginx-symfony
    - php
    - composer

Roles

hosts/

roles/

vars/

playbook.yml

Role

Tasks

roles/mysql/
          defaults/
          handlers/
          tasks/
          template/
  • Name
  • Module

Task

Variables

Variables

roles/mysql/
          defaults/
          handlers/
          tasks/
          template/

Variables

hosts/

roles/

vars/

playbook.yml

Group_vars

---
#hosts/group_vars/bretagne

serveur_name: prod.bzh
mysql_pwd: crepes

Task + Variables

- name: Ensure PHP packages are installed
  apt: name={{ item }} state=installed
  with_items: php_packages
- name: Create mods-available directory
  file:
    path={{ php_conf_basepath }}/mods-available
    state=directory

Typical dev environment

Production environment

Our story

5 projects

github.com/fansible

2014-2015

Simple and pedagogic

Adaptable

Faster

2015

1 hour with tywin

Demo

2016

10 mins to prod ?

+

How can we be faster ?

Microservices

Containers

Container ?

Image Docker

Download image

$ docker pull cbeer/piwik

Using default tag: latest
latest: Pulling from cbeer/piwik
4aaf1cf7fce1: Pull complete 
14cd1a413920: Pull complete 
eb6929b3b539: Pull complete 
64b84bf63430: Pull complete 
2ba751e646d8: Pull complete 
c4c90b297bf3: Pull complete 
8dba8d8cbb47: Pull complete 
Digest: sha256:ee070170380243ab73f2835da68344f3273ace4800b50fde360052713ea13ca8
Status: Downloaded newer image for cbeer/piwik:latest

Create image

$ docker build --tag="simon/piwik" .

Sending build context to Docker daemon 3.072 kB
Step 1 : FROM cbeer/piwik
 ---> 8dba8d8cbb47
Step 2 : MAINTAINER Simon C. "slidesforumphp2015@fafaru.com"
 ---> Running in a0fa9622bd77
 ---> 470ee0d343ad
Removing intermediate container a0fa9622bd77
Step 3 : ADD config.ini.php /app/config/
 ---> f7de2ff6c4f5
Removing intermediate container a9cb8aa2315e
Successfully built f7de2ff6c4f5

Dockerfile :

FROM cbeer/piwik

MAINTAINER Simon Constans "simon@constans.io"

ADD config.ini.php /app/config/

Dockerfile instructions

Dockerfile :

FROM busybox

ENV PIWIK_VERSION 2.15.0

MAINTAINER Simon Constans "simon@constans.io"

# download piwik
RUN wget http://builds.piwik.org/piwik-${PIWIK_VERSION}.tar.gz && \
    tar -xzf piwik-${PIWIK_VERSION}.tar.gz && \
    rm piwik-${PIWIK_VERSION}.tar.gz && \
    chown -R www-data:www-data /piwik/ && \
    chmod -R 0755 /piwik/tmp

VOLUME /piwik

Dockerfile :

FROM cbeer/piwik

MAINTAINER Simon C. "slidesforumphp2015@fafaru.com"

ADD config.ini.php /app/config/

Dockerfile instructions

Dockerfile :

FROM busybox

ENV PIWIK_VERSION 2.15.0

MAINTAINER Simon C. "slidesforumphp2015@fafaru.com"

# download piwik
RUN wget http://builds.piwik.org/piwik-${PIWIK_VERSION}.tar.gz && \
    tar -xzf piwik-${PIWIK_VERSION}.tar.gz && \
    rm piwik-${PIWIK_VERSION}.tar.gz && \
    chown -R www-data:www-data /piwik/ && \
    chmod -R 0755 /piwik/tmp

VOLUME /piwik

Show images

$ docker images

REPOSITORY          TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
simon/piwik         latest              f7de2ff6c4f5        6 minutes ago       283.8 MB
cbeer/piwik         latest              8dba8d8cbb47        3 weeks ago         283.8 MB

Remove image

$ docker rmi cbeer/piwik

Untagged: cbeer/piwik:latest
Deleted: 8dba8d8cbb47dcf84a512d6b8feb5339c17629bcc47131aff8a0df79866f89c8
Deleted: c4c90b297bf33747634486368f74e939fef3a95a609242bccd85a11bee99a9d5
Deleted: 2ba751e646d8b22144c2a4250c33826cddbbc45699c970f8ee198e13f26d5a89
Deleted: 64b84bf6343004f7d96e4d7a663db677d6fdbbba87bae6da5449f46c08f18029
Deleted: eb6929b3b53930c646aed6d5de1b66dd3497474750d4afcf1f62d6b44b12a4df
Deleted: 14cd1a413920c24c607fe0b2193fb7c57ae9777ed7985d40bda67a8992fb8490
Deleted: 4aaf1cf7fce1a958bf188de27bf3824f7171213e5ad4d35ea41bd4bc52af917d

Container ?

Create a container

$ docker run -d --name piwik --link db:db -p 8080:80 cbeer/piwik

02df401b707ae13e755320557413170e991538697be9504070f0ed26f4939537

Access a container

$ docker exec -it piwik bash

root@02df401b707a:/app#

docker-compose.yml

db:
  image: mysql:5.6
  environment:
     - MYSQL_ROOT_PASSWORD=piwik
     - MYSQL_DATABASE=piwik
     - MYSQL_USER=piwik
     - MYSQL_PASSWORD=piwik

piwik:
  image: cbeer/piwik
  ports:
    - 8080:80
  links:
    - db
$ docker-compose up -d

Creating piwik_db_1...
Creating piwik_piwik_1...

Containers

Docker Machine

Create Docker host

Drivers

on your computer

with

$ docker-machine create --driver virtualbox poss-dev

Running pre-create checks...
Creating machine...
Waiting for machine to be running, this may take a few minutes...
Machine is running, waiting for SSH to be available...
Detecting operating system of created instance...
Provisioning created instance...
Copying certs to the local machine directory...
Copying certs to the remote machine...
Setting Docker configuration on the remote daemon...
To see how to connect Docker to this machine, run: docker-machine env poss-dev
$ docker-machine env poss-dev

export DOCKER_TLS_VERIFY="1"
export DOCKER_HOST="tcp://192.168.99.100:2376"
export DOCKER_CERT_PATH="/home/simonc/.docker/machine/machines/poss-dev"
export DOCKER_MACHINE_NAME="poss-dev"
# Run this command to configure your shell: 
# eval "$(docker-machine env poss-dev)"

with...

on cloud providers

Google Compute Engine

$ docker-machine create --driver digitalocean --digitalocean-access-token=$TOKEN poss-preprod

Running pre-create checks...
Creating machine...
Waiting for machine to be running, this may take a few minutes...
Machine is running, waiting for SSH to be available...
Detecting operating system of created instance...
Provisioning created instance...
Copying certs to the local machine directory...
Copying certs to the remote machine...
Setting Docker configuration on the remote daemon...
To see how to connect Docker to this machine, run: docker-machine env poss-preprod
$ docker-machine env poss-preprod

export DOCKER_TLS_VERIFY="1"
export DOCKER_HOST="tcp://45.55.55.20:2376"
export DOCKER_CERT_PATH="/home/simonc/.docker/machine/machines/poss-preprod"
export DOCKER_MACHINE_NAME="poss-preprod"
# Run this command to configure your shell: 
# eval "$(docker-machine env poss-preprod)"

with ...

Inside your own
data center

Generic driver

eval $(docker-machine env poss-dev)

docker-compose up -d

docker-machine create --driver virtualbox poss-dev

Security

Container security

Talk Adrian Mouat

2 modules

Manage Docker images

  - name: check or download image
    docker_image:
      name="my/app"
      state=present

  - name: check or build image
    docker_image:
      path="/path/to/build/dir"
      name="my/app"
      state=present

  - name: remove image
    docker_image:
      name="my/app"
      state=absent

Manage Docker containers

  - name: application container
    docker:
      name: myapplication
      image: someuser/appimage
      state: reloaded
      pull: always
      links:
        - "myredis:aliasedredis"
      ports:
        - "8080:9000"
      env:
        SECRET_KEY: ssssh

Host provisioning with Ansible

Questions ?

Simon  C.

@kos_si

Maxime Thoonsen

@maxthoon

Made with Slides.com