Ansible is...

Application Deployment

Multi-Tier Orchestration

Configuration Management

Why Ansible?

Simple 

Easy to write, read, maintain and evolve- without writing scripts or custom code

FAST to learn and setup

Efficient

Doesn't require a custom agent or software to install.

Ansible runs on OpenSSH.

Secure

No agent

SSH transport

Ansible plays can be read by anyone

Important Terms

Inventory

Ansible works against multiple systems in your infrastructure at the same time. It does this by selecting portions of systems listed in Ansible’s inventory file, which defaults to being saved in the location /etc/ansible/hosts.

Hosts

A host is simply a remote machine that Ansible manages. They can have individual variables assigned to them, and can also be organized in groups. All hosts have a name they can be reached at (which is either an IP address or a domain name) and optionally a port number if they are not to be accessed on the default SSH port.

Groups

A group consists of several hosts assigned to a pool that can be conveniently targeted together, and also given variables that they share in common.

Playbook

Playbooks are the language by which Ansible orchestrates, configures, administers, or deploys systems.  Playbooks contain Plays .

Play

A play is a mapping between a set of hosts selected by a host specifier and the tasks which run on those hosts to define the role that those systems will perform. There can be one or many plays in a playbook.

Tasks

Tasks combine an action with a name and optionally some other keywords (like looping directives). Tasks call modules . 

Modules

Modules are the units of work that Ansible ships out to remote machines. Modules can be implemented in any language. Modules just have to return JSON or simple key=value pairs. Once modules are executed on remote machines, they are removed, so no long running daemons are used. Ansible refers to the collection of available modules as a ‘ library ’.

Library

A collection of modules made available to /usr/bin/ansible or an Ansible playbook.

Example

Ansible Architecture

Remote Execution

• Replacement for traditional systems administration tasks 
• Checking system responsiveness and uptime
• Gathering information about a collection of systems
• Replace one off rsync scripts, fabric, or terminal multiplexing

Remote Execution

ansible -m user -a "name=bob state=present" webservers

ansible -m apt -a "pkg=apache2 state=present" webservers

Config Management

• Lengthy system configuration, to include adding users, ssh keys, installing and configuring services, and bootstrapping systems to a given state.
• "Configuration remediation" Consistent server configuration. Removes manual configuration errors.

Application Deployment and Orchestration

Ansible can be used to replace various deployment and orchestration tools.

• Deploy your custom application.
• Replacement for Capistrano and Fabric (i.e., git deployments)
• Good for large, complex environments

Application Development: Two Schools of Thought

Rolling Release

Remove node from production, update components, and put back into rotation.

Fresh Start

Deploy entirely new infrastructure and replace current environment wholesale.

Provisioning Infrastructure Dynamically

• Infrastructure is Data.
• You can provision to various clouds.
• Dynamic Inventory plugins for various providers (Rackspace, Amazon, Digital Ocean, OpenStack, Eucalyptus, etc.)

What is your team currently using for:

Application Deployment

Multi-Tier Orchestration

Configuration Management

Inventory

Inventory concepts

• Hosts
• Groupings
• Inventory-specific data
• Static or Dynamic sources

Inventory: Hosts

Hosts can have Ansible specific attributes such as:

• Connection IP addresses and ports
• Remote user and sudo user
• Connection types (Paramiko, OpenSSH, local, etc.)
• Further limit targeted hosts using --limit

Inventory: Hosts

This is an example of a host entry in an inventory file:

web1.example.com ansible_ssh_port=5555 ansible_ssh_host=192.168.1.50

Inventory: Host Entries Using Ranges

You can have ranges of machine names or letters like this:

www[01:50].example.com ansible_ssh_port=5555
db-[a-f].example.com ansible_ssh_port=5555

Inventory: Groups

Inventory Host Organization: Groups

• Allow targeted operations against different types of hosts.
• Can have variables that apply to all hosts within them.
• Limit allows you to specify only certain groups to act against.
• Hosts can exist in more than one group at once.

Inventory: Groups

Groups are represented in brackets above host lists in the inventory file.

[webservers]
www[01:50].example.com ansible_ssh_port=5555 
[databases]db-[a-f].example.com ansible_ssh_port=5555

Dynamic Inventory: Ansible and the Cloud

Inventory can also be gathered on demand from other sources dynamically. Those sources include:

• Cloud API (Rackspace, Amazon, Digital Ocean, OpenStack,    Eucalyptus , etc.)
• Cobbler
• Create your own for fun and profit!

Inventory: Ansible and the Cloud

Dynamic inventories also respect groups and other details.

• Groups are auto-determined by instance tags, regions and other attributes.
• Dynamic Inventories can be used alongside Static Inventories for a hybrid cloud approach.

Tasks

Tasks

 A task is a discrete action that is a declaration about the state of a system.

Example Tasks:

• Directory should exist
• Package should be installed
• Service should be running
• Cloud Instance should exist

Tasks: Examples

Ansible can execute single tasks on sets of hosts to full-fill an
ad-hoc declarations

$ ansible web-hosts -m file -a "path=/opt/cache state=directory"
$ ansible web-hosts -m yum -a "name=nginx state=present"
$ ansible web-hosts -m service -a "name=nginx enabled=yes state=started"

               Tasks: Sources

Code for tasks can come from:

• Existing modules
• Custom modules
• Raw ssh commands

 LAB 

Add a User using an Ansible ad-hoc command

Modules

Modules

Modules are the bits of code copied to the target system to be executed to satisfy the task declaration.

• Code need not exist on remote host -- ansible copies it over
• Many modules come with Ansible -- "batteries included"
• Custom modules can be developed easily
• Command/shell modules exists for simple commands
• Script module exists for using existing code
• Raw module exists for executing raw commands over ssh

Module Interactions

Module listing and documentation via ansible-doc

$ ansible-doc -l
acl                  Sets and retrieves file ACL information.
apt                  Manages apt-packages

$ ansible-doc acl
> ACL

  Sets and retrieves file ACL information.

  Options (= is mandatory):

  - entry
          The acl to set or remove.  This must always be quoted in the [...]

Module Interactions in Tasks

A series of tasks

- name: add cache dir
  file: path=/opt/cache state=directory

- name: install nginx
  yum: name=nginx state=present

- name: start nginx
  service: name=nginx enabled=yes state=started

Module Index

http://docs.ansible.com/modules_by_category.html

PLays

Plays

Plays are ordered sets of tasks to execute against host
selections from your inventory.

Play Naming

- name: This is a Play

Plays: Hosts Selection

- name: This is a Play
  hosts: web-servers

Play Arguments

- name: This is a Play
  hosts: web-servers
  remote_user: fred
  sudo: yes
  connection: ssh

Play: Variables

- name: This is a Play
  hosts: web-servers
  remote_user: fred
  sudo: yes
  connection: ssh
  vars:
    http_port: 80
    cache_dir: /opt/cache

Play: Tasks

- name: This is a Play
  hosts: web-servers
  remote_user: fred
  sudo: yes
  connection: ssh
  gather_facts: no
  vars:
    http_port: 80
    cache_dir: /opt/cache

  tasks:
    - name: create cache dir
      file: path={{ cache_dir }} state=directory

    - name: install nginx
      yum: name=nginx state=installed

Plays: Concurrency and Order of Operations

- name: This is a Play
  hosts: web-servers
  remote_user: fred
  sudo: yes
  connection: ssh
  vars:
    http_port: 80
    cache_dir: /opt/cache

  tasks:
    - name: create cache dir
      file: path={{ cache_dir }} state=directory

    - name: install nginx
      yum: name=nginx state=installed

Plays: Conditionals

- name: This is a Play
  hosts: web-servers
  remote_user: fred
  sudo: yes
  connection: ssh
  vars:
    http_port: 80
    cache_dir: /opt/cache

  tasks:
    - name: create cache dir
      file: path={{ cache_dir }} state=directory

    - name: install apache
      yum: name=httpd state=installed
      when: ansible_os_family == "RedHat"

    - name: install apache
      apt: pkg=apache2 state=installed
      when: ansible_os_family == "Debian"

Plays: Error Handling

- name: This is a Play
  hosts: web-servers
  remote_user: fred
  sudo: yes
  connection: ssh
  vars:
    http_port: 80
    cache_dir: /opt/cache

  tasks:
    - name: create cache dir
      file: path={{ cache_dir }} state=directory

    - name: install nginx
      yum: name=httpd state=installed
      when: ansible_os_family == "RedHat"

    - name: install nginx
      apt: pkg=apache2 state=installed
      when: ansible_os_family == "Debian"

    - name: failing command
      command: /bin/fail
      ignore_errors: yes

Plays: Inclusions

- name: This is a Play
  hosts: web-servers
  remote_user: fred
  sudo: yes
  connection: ssh
  vars_files:
    - vars/nginx.yaml

  tasks:
    - name: create cache dir
      file: path={{ cache_dir }} state=directory

    - include: tasks/install-apache.yaml

    - name: failing command
      command: /bin/fail
      ignore_errors: yes

 LAB 

Write and run a play that creates the directory /opt/cache on a targeted host machine

Playbooks

Playbooks

Playbooks are ordered sets of plays to execute against inventory selections.

Playbooks: Inventory Selection

$ ansible-playbook -i production play.yaml
$ ansible-playbook -i pre-prod play.yaml
$ ansible-playbook -i hosts/dfw/ play.yaml

Playbooks: Global Variables

$ ansible-playbook -i pre-prod -e "cache_dir=/srv/cache/" play.yaml

Playbooks: Forks

$ ansible-playbook -f 30 -i pre-prod -e "cache_dir=/srv/cache/" play.yaml

Playbooks: Inventory-Limits

$ ansible-playbook --limit dfw -f 30 -i pre-prod -e "cache_dir=/srv/cache/" play.yaml

Playbooks: Inclusions

- name: This is a Play
  hosts: web-servers
  remote_user: fred
  sudo: yes
  connection: ssh
  gather_facts: no
  vars:
    http_port: 80
    cache_dir: /opt/cache

  tasks:
    - name: create cache dir
      file: path={{ cache_dir }} state=directory

- include: playbook2.yaml

Playbooks: Roles

Roles are portable units of task organization in playbooks.

Basic Playbook Structure

Play Header

---
- name: this is the name of a play
  hosts: all
  user: root

  tasks: []

Write the tasks

---
- name: this is the name of a play
  hosts: all
  user: root

  tasks:
  - name: install nginx
    yum: package=nginx state=present

Run the playbook

 LAB 

Write playbook to install nginx, start the service and enable it at time of boot

Galaxy: Sharing is Caring

The Galaxy is a site where you can share roles.

http://galaxy.ansible.com

Ansible Tower

ansible.com/tower