Fundamentals
Intros
Existential Slide
To get to these slides:
To follow along with these slides as they are presented:
Learning Outcomes
- Explain what Ansible is and what it’s used for
- Identify use cases and describe the solutions Ansible provide
- Know the components of Ansible
- Write a simple playbook to deploy, configure, and start Apache
What is Ansible?
Ansible is...
Application Deployment
Multi-Tier Orchestration
Configuration Management
Why Ansible?
Simple
Easy to write, read, maintain and evolve- without writing scripts or custom code
FAST to learn and setup
Efficient
Doesn't require a custom agent or software to install.
Ansible runs on OpenSSH.
Secure
No agent
SSH transport
Ansible plays can be read by anyone
Important Terms
Inventory
Ansible works against multiple systems in your infrastructure at the same time. It does this by selecting portions of systems listed in Ansible’s inventory file, which defaults to being saved in the location /etc/ansible/hosts.
Hosts
A host is simply a remote machine that Ansible manages. They can have individual variables assigned to them, and can also be organized in groups. All hosts have a name they can be reached at (which is either an IP address or a domain name) and optionally a port number if they are not to be accessed on the default SSH port.
Groups
A group consists of several hosts assigned to a pool that can be conveniently targeted together, and also given variables that they share in common.
Playbook
Playbooks are the language by which Ansible orchestrates, configures, administers, or deploys systems. Playbooks contain Plays .
Play
A play is a mapping between a set of hosts selected by a host specifier and the tasks which run on those hosts to define the role that those systems will perform. There can be one or many plays in a playbook.
Tasks
Tasks combine an action with a name and optionally some other keywords (like looping directives). Tasks call modules .
Modules
Modules are the units of work that Ansible ships out to remote machines. Modules can be implemented in any language. Modules just have to return JSON or simple key=value pairs. Once modules are executed on remote machines, they are removed, so no long running daemons are used. Ansible refers to the collection of available modules as a ‘ library ’.
Library
A collection of modules made available to /usr/bin/ansible or an Ansible playbook.
Example
Ansible Architecture
Ansible Use Cases
Remote Execution
- Replacement for traditional systems administration tasks
- Checking system responsiveness and uptime
- Gathering information about a collection of systems
- Replace one off rsync scripts, fabric, or terminal multiplexing
Remote Execution
ansible -m user -a "name=bob state=present" webservers
ansible -m apt -a "pkg=apache2 state=present" webservers
Config Management
- Lengthy system configuration, to include adding users, ssh keys, installing and configuring services, and bootstrapping systems to a given state.
- "Configuration remediation" Consistent server configuration. Removes manual configuration errors.
Application Deployment and Orchestration
Ansible can be used to replace various deployment and orchestration tools.
- Deploy your custom application.
- Replacement for Capistrano and Fabric (i.e., git deployments)
- Good for large, complex environments
Application Development: Two Schools of Thought
Rolling Release
Remove node from production, update components, and put back into rotation.
Fresh Start
Deploy entirely new infrastructure and replace current environment wholesale.
Provisioning Infrastructure Dynamically
- Infrastructure is Data.
- You can provision to various clouds.
- Dynamic Inventory plugins for various providers (Rackspace, Amazon, Digital Ocean, OpenStack, Eucalyptus, etc.)
What is your team currently using for:
Application Deployment
Multi-Tier Orchestration
Configuration Management
LAB
Install Ansible
System Requirements
Control machine:
Linux, BSD, OS X (Not Windows!)
Python 2.6 or 2.7
Target machines:
Linux, BSD, OS X, Windows
Python 2.4 or greater (2.5 or greater recommended)
Installation
CentOS 7:
Must configure EPEL (if not already setup)
$ sudo yum install ansibleUbuntu:
$ sudo apt-get install software-properties-common
$ sudo apt-add-repository ppa:ansible/ansible
$ sudo apt-get update
$ sudo apt-get install ansible Use pip
$ sudo pip install ansibleVerify Installation
$ ansible --version Ansible Key Components
What makes Ansible tick!
Key components of Ansible
- Inventory
- Modules/Tasks
- Plays
- Playbooks
Inventory
Inventory concepts
- Hosts
- Groupings
- Inventory-specific data
- Static or Dynamic sources
Inventory: Hosts
Hosts can have Ansible specific attributes such as:
- Connection IP addresses and ports
- Remote user and sudo user
- Connection types (Paramiko, OpenSSH, local, etc.)
- Further limit targeted hosts using --limit
Inventory: Hosts
This is an example of a host entry in an inventory file:
web1.example.com ansible_ssh_port=5555 ansible_ssh_host=192.168.1.50
Inventory:
Host Entries Using Ranges
You can have ranges of machine names or letters like this:
www[01:50].example.com ansible_ssh_port=5555
db-[a-f].example.com ansible_ssh_port=5555
Inventory: Groups
Inventory Host Organization: Groups
- Allow targeted operations against different types of hosts.
- Can have variables that apply to all hosts within them.
- Limit allows you to specify only certain groups to act against.
- Hosts can exist in more than one group at once.
Inventory: Groups
Groups are represented in brackets above host lists in the inventory file.
[webservers] www[01:50].example.com ansible_ssh_port=5555[databases]db-[a-f].example.com ansible_ssh_port=5555
Dynamic Inventory: Ansible and the Cloud
Inventory can also be gathered on demand from other sources dynamically. Those sources include:
- Cloud API (Rackspace, Amazon, Digital Ocean, OpenStack, Eucalyptus , etc.)
- Cobbler
- Create your own for fun and profit!
Inventory: Ansible and the Cloud
Dynamic inventories also respect groups and other details.
- Groups are auto-determined by instance tags, regions and other attributes.
- Dynamic Inventories can be used alongside Static Inventories for a hybrid cloud approach.
Tasks
Tasks
A task is a discrete action that is a declaration about the state of a system.
Example Tasks:
- Directory should exist
- Package should be installed
- Service should be running
- Cloud Instance should exist
Tasks: Examples
Ansible can execute single tasks on sets of hosts to full-fill an
ad-hoc declarations
$ ansible web-hosts -m file -a "path=/opt/cache state=directory"
$ ansible web-hosts -m yum -a "name=nginx state=present"
$ ansible web-hosts -m service -a "name=nginx enabled=yes state=started"
Tasks: Sources
Code for tasks can come from:
- Existing modules
- Custom modules
- Raw ssh commands
LAB
Add a User using an Ansible ad-hoc command
Modules
Modules
Modules are the bits of code copied to the target system to be executed to satisfy the task declaration.
- Code need not exist on remote host -- ansible copies it over
- Many modules come with Ansible -- "batteries included"
- Custom modules can be developed easily
- Command/shell modules exists for simple commands
- Script module exists for using existing code
- Raw module exists for executing raw commands over ssh
Module Interactions
Module listing and documentation via ansible-doc
$ ansible-doc -l
acl Sets and retrieves file ACL information.
apt Manages apt-packages
$ ansible-doc acl
> ACL
Sets and retrieves file ACL information.
Options (= is mandatory):
- entry
The acl to set or remove. This must always be quoted in the [...]
Module Interactions in Tasks
A series of tasks
- name: add cache dir
file: path=/opt/cache state=directory
- name: install nginx
yum: name=nginx state=present
- name: start nginx
service: name=nginx enabled=yes state=started
Module Index
PLays
Plays
Plays are ordered sets of tasks to execute against host
selections from your inventory.
Play Naming
- name: This is a Play
Plays: Hosts Selection
- name: This is a Play
hosts: web-servers
Play Arguments
- name: This is a Play
hosts: web-servers
remote_user: fred
sudo: yes
connection: ssh
Play: Variables
- name: This is a Play
hosts: web-servers
remote_user: fred
sudo: yes
connection: ssh
vars:
http_port: 80
cache_dir: /opt/cache
Play: Tasks
- name: This is a Play
hosts: web-servers
remote_user: fred
sudo: yes
connection: ssh
gather_facts: no
vars:
http_port: 80
cache_dir: /opt/cache
tasks:
- name: create cache dir
file: path={{ cache_dir }} state=directory
- name: install nginx
yum: name=nginx state=installed
Plays: Concurrency and Order of Operations
- name: This is a Play
hosts: web-servers
remote_user: fred
sudo: yes
connection: ssh
vars:
http_port: 80
cache_dir: /opt/cache
tasks:
- name: create cache dir
file: path={{ cache_dir }} state=directory
- name: install nginx
yum: name=nginx state=installed
Plays: Conditionals
- name: This is a Play
hosts: web-servers
remote_user: fred
sudo: yes
connection: ssh
vars:
http_port: 80
cache_dir: /opt/cache
tasks:
- name: create cache dir
file: path={{ cache_dir }} state=directory
- name: install apache
yum: name=httpd state=installed
when: ansible_os_family == "RedHat"
- name: install apache
apt: pkg=apache2 state=installed
when: ansible_os_family == "Debian"
Plays: Error Handling
- name: This is a Play
hosts: web-servers
remote_user: fred
sudo: yes
connection: ssh
vars:
http_port: 80
cache_dir: /opt/cache
tasks:
- name: create cache dir
file: path={{ cache_dir }} state=directory
- name: install nginx
yum: name=httpd state=installed
when: ansible_os_family == "RedHat"
- name: install nginx
apt: pkg=apache2 state=installed
when: ansible_os_family == "Debian"
- name: failing command
command: /bin/fail
ignore_errors: yes
Plays: Inclusions
- name: This is a Play
hosts: web-servers
remote_user: fred
sudo: yes
connection: ssh
vars_files:
- vars/nginx.yaml
tasks:
- name: create cache dir
file: path={{ cache_dir }} state=directory
- include: tasks/install-apache.yaml
- name: failing command
command: /bin/fail
ignore_errors: yes
LAB
Write and run a play that creates the directory /opt/cache on a targeted host machine
Playbooks
Playbooks
Playbooks are ordered sets of plays to execute against inventory selections.
Playbooks: Inventory Selection
$ ansible-playbook -i production play.yaml
$ ansible-playbook -i pre-prod play.yaml
$ ansible-playbook -i hosts/dfw/ play.yaml
Playbooks: Global Variables
$ ansible-playbook -i pre-prod -e "cache_dir=/srv/cache/" play.yaml
Playbooks: Forks
$ ansible-playbook -f 30 -i pre-prod -e "cache_dir=/srv/cache/" play.yaml
Playbooks: Inventory-Limits
$ ansible-playbook --limit dfw -f 30 -i pre-prod -e "cache_dir=/srv/cache/" play.yaml
Playbooks: Inclusions
- name: This is a Play
hosts: web-servers
remote_user: fred
sudo: yes
connection: ssh
gather_facts: no
vars:
http_port: 80
cache_dir: /opt/cache
tasks:
- name: create cache dir
file: path={{ cache_dir }} state=directory
- include: playbook2.yaml
Playbooks: Roles
Roles are portable units of task organization in playbooks.
Basic Playbook Structure
Play Header
---
- name: this is the name of a play
hosts: all
user: root
tasks: []
Write the tasks
---
- name: this is the name of a play
hosts: all
user: root
tasks:
- name: install nginx
yum: package=nginx state=present
Run the playbook
LAB
Write playbook to install nginx, start the service and enable it at time of boot
Galaxy
Galaxy: Sharing is Caring
The Galaxy is a site where you can share roles.
Ansible Tower
A massive thanks to the content dev team...
Chris Caillouet
Chris Old
David Federlein
Jesse Keating
Justin Phelps
Matt Martz
Mike Martin
Paul Durivage
Peter Isburgh
Tim Gerla
Your feedback is important to us
Please take a moment to fill out a brief evaluation for this class:
- Go to mylearn.rackspace.com
- Scroll down to My Tasks on your myLearn welcome page
- Click on the evaluation link for this class
- Fill out the evaluation, then submit
We appreciate your feedback!
Ansible Fundamentals
By Rackspace University
