Upload
lydang
View
244
Download
0
Embed Size (px)
Citation preview
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
Ansible Advanced
Oleg Fiksel
Security Consultant @ CSPI GmbH
[email protected] | [email protected]
FrOSCon 2016
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
AGENDA
ABOUT
INTRODUCTION
PLAYBOOKS IN DEEP
WHAT’S NEW
Amazon AWS
Upcoming topics
END
Q & A
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
ABOUT ME
I Security Consultant @ CSPI 1 (former MODCOMP 2)I Main topics
I AutomationI VirtualisationI Application Switching (load balancing)I Perl Coding
1About CSPi2Wikipedia: MODCOMP
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
GOALS OF THIS TALK
I This is not a comparison of configuration managementsystems.
I Provide overview of some (not all) advanced features ofansible.
I Using examplesI Provide links for possible deep dive on a particular subject
I Talk about new features in ansible 2.0 (and ansible 2.2)I Discuss new topics ansible is approaching
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
GOALS OF THIS TALK
I This is not a comparison of configuration managementsystems.
I Provide overview of some (not all) advanced features ofansible.
I Using examplesI Provide links for possible deep dive on a particular subject
I Talk about new features in ansible 2.0 (and ansible 2.2)I Discuss new topics ansible is approaching
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
GOALS OF THIS TALK
I This is not a comparison of configuration managementsystems.
I Provide overview of some (not all) advanced features ofansible.
I Using examplesI Provide links for possible deep dive on a particular subject
I Talk about new features in ansible 2.0 (and ansible 2.2)I Discuss new topics ansible is approaching
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
GOALS OF THIS TALK
I This is not a comparison of configuration managementsystems.
I Provide overview of some (not all) advanced features ofansible.
I Using examples
I Provide links for possible deep dive on a particular subject
I Talk about new features in ansible 2.0 (and ansible 2.2)I Discuss new topics ansible is approaching
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
GOALS OF THIS TALK
I This is not a comparison of configuration managementsystems.
I Provide overview of some (not all) advanced features ofansible.
I Using examplesI Provide links for possible deep dive on a particular subject
I Talk about new features in ansible 2.0 (and ansible 2.2)I Discuss new topics ansible is approaching
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
GOALS OF THIS TALK
I This is not a comparison of configuration managementsystems.
I Provide overview of some (not all) advanced features ofansible.
I Using examplesI Provide links for possible deep dive on a particular subject
I Talk about new features in ansible 2.0 (and ansible 2.2)
I Discuss new topics ansible is approaching
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
GOALS OF THIS TALK
I This is not a comparison of configuration managementsystems.
I Provide overview of some (not all) advanced features ofansible.
I Using examplesI Provide links for possible deep dive on a particular subject
I Talk about new features in ansible 2.0 (and ansible 2.2)I Discuss new topics ansible is approaching
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
WHY ANSIBLE?
I Fresh
I Started February 2012I Core rewrite January 2016
I Simple syntaxI Bloody Enterprise compatible
I Works with no agents on the systemsI Works via jumphostsI Works on stripped down / hardened systems
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
WHY ANSIBLE?
I Fresh
I Started February 2012I Core rewrite January 2016
I Simple syntaxI Bloody Enterprise compatible
I Works with no agents on the systemsI Works via jumphostsI Works on stripped down / hardened systems
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
WHY ANSIBLE?
I FreshI Started February 2012
I Core rewrite January 2016
I Simple syntaxI Bloody Enterprise compatible
I Works with no agents on the systemsI Works via jumphostsI Works on stripped down / hardened systems
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
WHY ANSIBLE?
I FreshI Started February 2012I Core rewrite January 2016
I Simple syntaxI Bloody Enterprise compatible
I Works with no agents on the systemsI Works via jumphostsI Works on stripped down / hardened systems
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
WHY ANSIBLE?
I FreshI Started February 2012I Core rewrite January 2016
I Simple syntax
I Bloody Enterprise compatible
I Works with no agents on the systemsI Works via jumphostsI Works on stripped down / hardened systems
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
WHY ANSIBLE?
I FreshI Started February 2012I Core rewrite January 2016
I Simple syntaxI Bloody Enterprise compatible
I Works with no agents on the systemsI Works via jumphostsI Works on stripped down / hardened systems
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
WHY ANSIBLE?
I FreshI Started February 2012I Core rewrite January 2016
I Simple syntaxI Bloody Enterprise compatible
I Works with no agents on the systems
I Works via jumphostsI Works on stripped down / hardened systems
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
WHY ANSIBLE?
I FreshI Started February 2012I Core rewrite January 2016
I Simple syntaxI Bloody Enterprise compatible
I Works with no agents on the systemsI Works via jumphosts
I Works on stripped down / hardened systems
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
WHY ANSIBLE?
I FreshI Started February 2012I Core rewrite January 2016
I Simple syntaxI Bloody Enterprise compatible
I Works with no agents on the systemsI Works via jumphostsI Works on stripped down / hardened systems
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
PLAYBOOK BEST PRACTICESSource: http://docs.ansible.com/ansible/playbooks_best_practices.html#directory-layout
1 s tage # i n v e n t o r y f i l e f o r s t a g e env i ronment2 production # i n v e n t o r y f i l e f o r p r o d u c t i o n env i ronment34 group_vars/5 group1 # a s s i g n v a r i a b l e s t o p a r t i c u l a r s e r v e r groups6 host_vars/7 hostname1 # s y s t e m s s p e c i f i c v a r i a b l e s89 s i t e . yml # m as t e r p l a y b o o k
10 webservers . yml # p l a y b o o k f o r w e b s e r v e r t i e r1112 r o l e s /13 common/ # t h i s h i e r a r c h y r e p r e s e n t s a " r o l e "14 t a s k s/ #15 main . yml # <−− t a s k s f i l e can i n c l u d e s m a l l e r f i l e s i f warrant ed16 handlers/ #17 main . yml # <−− h a n d l e r s f i l e18 templates/ # <−− f i l e s f o r use with t h e t e m p l a t e r e s o u r c e19 ntp . conf . j 2 # <−−−−−−− t e m p l a t e s end in . j 220 f i l e s / #21 foo . sh # <−− s c r i p t f i l e s f o r use with t h e s c r i p t r e s o u r c e22 vars/ #23 main . yml # <−− v a r i a b l e s a s s o c i a t e d with t h i s r o l e24 d e f a u l t s / #25 main . yml # <−− d e f a u l t l o w e r p r i o r i t y v a r i a b l e s f o r t h i s r o l e26 meta/ #27 main . yml # <−− r o l e d e p e n d e n c i e s2829 monitoring/ # same k ind o f s t r u c t u r e a s "common" r o l e
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
MODULE INSIGHTS
Most work in ansible is handled by modules 1.
I connection modules
I connect to machines
I lookup modules
I give data
I filter modules
I transform data
I callback modules
I register events that happen when tasks are executed
I task modules
I self contained scriptI any programming language (core modules - python only)I do the heavy liftingI copied to the target machineI executed with (json) inputI (json) output is registered
1Ansible - Developing Plugins
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
MODULE INSIGHTSMost work in ansible is handled by modules 1.
I connection modules
I connect to machines
I lookup modules
I give data
I filter modules
I transform data
I callback modules
I register events that happen when tasks are executed
I task modules
I self contained scriptI any programming language (core modules - python only)I do the heavy liftingI copied to the target machineI executed with (json) inputI (json) output is registered
1Ansible - Developing Plugins
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
MODULE INSIGHTSMost work in ansible is handled by modules 1.
I connection modules
I connect to machinesI lookup modules
I give data
I filter modules
I transform data
I callback modules
I register events that happen when tasks are executed
I task modules
I self contained scriptI any programming language (core modules - python only)I do the heavy liftingI copied to the target machineI executed with (json) inputI (json) output is registered
1Ansible - Developing Plugins
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
MODULE INSIGHTSMost work in ansible is handled by modules 1.
I connection modulesI connect to machines
I lookup modules
I give data
I filter modules
I transform data
I callback modules
I register events that happen when tasks are executed
I task modules
I self contained scriptI any programming language (core modules - python only)I do the heavy liftingI copied to the target machineI executed with (json) inputI (json) output is registered
1Ansible - Developing Plugins
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
MODULE INSIGHTSMost work in ansible is handled by modules 1.
I connection modulesI connect to machines
I lookup modules
I give dataI filter modules
I transform data
I callback modules
I register events that happen when tasks are executed
I task modules
I self contained scriptI any programming language (core modules - python only)I do the heavy liftingI copied to the target machineI executed with (json) inputI (json) output is registered
1Ansible - Developing Plugins
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
MODULE INSIGHTSMost work in ansible is handled by modules 1.
I connection modulesI connect to machines
I lookup modulesI give data
I filter modules
I transform data
I callback modules
I register events that happen when tasks are executed
I task modules
I self contained scriptI any programming language (core modules - python only)I do the heavy liftingI copied to the target machineI executed with (json) inputI (json) output is registered
1Ansible - Developing Plugins
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
MODULE INSIGHTSMost work in ansible is handled by modules 1.
I connection modulesI connect to machines
I lookup modulesI give data
I filter modules
I transform dataI callback modules
I register events that happen when tasks are executed
I task modules
I self contained scriptI any programming language (core modules - python only)I do the heavy liftingI copied to the target machineI executed with (json) inputI (json) output is registered
1Ansible - Developing Plugins
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
MODULE INSIGHTSMost work in ansible is handled by modules 1.
I connection modulesI connect to machines
I lookup modulesI give data
I filter modulesI transform data
I callback modules
I register events that happen when tasks are executed
I task modules
I self contained scriptI any programming language (core modules - python only)I do the heavy liftingI copied to the target machineI executed with (json) inputI (json) output is registered
1Ansible - Developing Plugins
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
MODULE INSIGHTSMost work in ansible is handled by modules 1.
I connection modulesI connect to machines
I lookup modulesI give data
I filter modulesI transform data
I callback modules
I register events that happen when tasks are executedI task modules
I self contained scriptI any programming language (core modules - python only)I do the heavy liftingI copied to the target machineI executed with (json) inputI (json) output is registered
1Ansible - Developing Plugins
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
MODULE INSIGHTSMost work in ansible is handled by modules 1.
I connection modulesI connect to machines
I lookup modulesI give data
I filter modulesI transform data
I callback modulesI register events that happen when tasks are executed
I task modules
I self contained scriptI any programming language (core modules - python only)I do the heavy liftingI copied to the target machineI executed with (json) inputI (json) output is registered
1Ansible - Developing Plugins
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
MODULE INSIGHTSMost work in ansible is handled by modules 1.
I connection modulesI connect to machines
I lookup modulesI give data
I filter modulesI transform data
I callback modulesI register events that happen when tasks are executed
I task modules
I self contained scriptI any programming language (core modules - python only)I do the heavy liftingI copied to the target machineI executed with (json) inputI (json) output is registered
1Ansible - Developing Plugins
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
MODULE INSIGHTSMost work in ansible is handled by modules 1.
I connection modulesI connect to machines
I lookup modulesI give data
I filter modulesI transform data
I callback modulesI register events that happen when tasks are executed
I task modulesI self contained script
I any programming language (core modules - python only)I do the heavy liftingI copied to the target machineI executed with (json) inputI (json) output is registered
1Ansible - Developing Plugins
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
MODULE INSIGHTSMost work in ansible is handled by modules 1.
I connection modulesI connect to machines
I lookup modulesI give data
I filter modulesI transform data
I callback modulesI register events that happen when tasks are executed
I task modulesI self contained scriptI any programming language (core modules - python only)
I do the heavy liftingI copied to the target machineI executed with (json) inputI (json) output is registered
1Ansible - Developing Plugins
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
MODULE INSIGHTSMost work in ansible is handled by modules 1.
I connection modulesI connect to machines
I lookup modulesI give data
I filter modulesI transform data
I callback modulesI register events that happen when tasks are executed
I task modulesI self contained scriptI any programming language (core modules - python only)I do the heavy lifting
I copied to the target machineI executed with (json) inputI (json) output is registered
1Ansible - Developing Plugins
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
MODULE INSIGHTSMost work in ansible is handled by modules 1.
I connection modulesI connect to machines
I lookup modulesI give data
I filter modulesI transform data
I callback modulesI register events that happen when tasks are executed
I task modulesI self contained scriptI any programming language (core modules - python only)I do the heavy liftingI copied to the target machine
I executed with (json) inputI (json) output is registered
1Ansible - Developing Plugins
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
MODULE INSIGHTSMost work in ansible is handled by modules 1.
I connection modulesI connect to machines
I lookup modulesI give data
I filter modulesI transform data
I callback modulesI register events that happen when tasks are executed
I task modulesI self contained scriptI any programming language (core modules - python only)I do the heavy liftingI copied to the target machineI executed with (json) input
I (json) output is registered
1Ansible - Developing Plugins
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
MODULE INSIGHTSMost work in ansible is handled by modules 1.
I connection modulesI connect to machines
I lookup modulesI give data
I filter modulesI transform data
I callback modulesI register events that happen when tasks are executed
I task modulesI self contained scriptI any programming language (core modules - python only)I do the heavy liftingI copied to the target machineI executed with (json) inputI (json) output is registered
1Ansible - Developing Plugins
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
TAGS
1 # main.yml2 ---3 − hosts : webservers4 g a t h e r _ f a c t s : f a l s e5 t a s k s :6 - package:7 name: "lighttpd"8 s t a t e : i n s t a l l e d9 tags :
10 - packages11 - template:12 s r c : "template/lighttpd.j2"13 dest : "/etc/lighttpd/lighttpd.conf"14 tags :15 - c o n f i g u r a t i o n
Run:ans ib le−playbook main . yml −−tags packages
ans ib le−playbook main . yml −−skip−tags c o n f i g u r a t i o n
1More details: Ansible - Playbook Tags
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
TAGS1 # main.yml2 ---3 − hosts : webservers4 g a t h e r _ f a c t s : f a l s e5 t a s k s :6 - package:7 name: "lighttpd"8 s t a t e : i n s t a l l e d9 tags :
10 - packages11 - template:12 s r c : "template/lighttpd.j2"13 dest : "/etc/lighttpd/lighttpd.conf"14 tags :15 - c o n f i g u r a t i o n
Run:ans ib le−playbook main . yml −−tags packages
ans ib le−playbook main . yml −−skip−tags c o n f i g u r a t i o n
1More details: Ansible - Playbook Tags
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
TAGS1 # main.yml2 ---3 − hosts : webservers4 g a t h e r _ f a c t s : f a l s e5 t a s k s :6 - package:7 name: "lighttpd"8 s t a t e : i n s t a l l e d9 tags :
10 - packages11 - template:12 s r c : "template/lighttpd.j2"13 dest : "/etc/lighttpd/lighttpd.conf"14 tags :15 - c o n f i g u r a t i o n
Run:ans ib le−playbook main . yml −−tags packages
ans ib le−playbook main . yml −−skip−tags c o n f i g u r a t i o n
1More details: Ansible - Playbook Tags
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
CUSTOM ACTIONS
1 ---2 − inc lude_vars : "includes/{{ ansible_os_family }}.yml"3 − name: "remove the apache package"4 a c t i o n : "{{custom_package_mgr}} name={{apache}} state=absent"
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
CUSTOM ACTIONS
1 ---2 − inc lude_vars : "includes/{{ ansible_os_family }}.yml"3 − name: "remove the apache package"4 a c t i o n : "{{custom_package_mgr}} name={{apache}} state=absent"
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
COMMANDLINE/FILE
ans ib le−playbook −e ’ apache_hostname=example . com ’ deploy . yml
ans ib le−playbook −−extra−vars " @vars . j son " deploy . yml
1 # v a r s . j s o n2 { " apache_hostname " : " example . com" }
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
COMMANDLINE/FILE
ans ib le−playbook −e ’ apache_hostname=example . com ’ deploy . yml
ans ib le−playbook −−extra−vars " @vars . j son " deploy . yml
1 # v a r s . j s o n2 { " apache_hostname " : " example . com" }
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
PROMPTS AND PAUSE
1 ---2 − hosts : l o c a l h o s t3 g a t h e r _ f a c t s : f a l s e4 vars_prompt:5 - name: "name"6 prompt: "What is your name?"7 p r i v a t e : no8 - name: "location"9 prompt: "What is you location?"
10 p r i v a t e : no11 t a s k s :12 - debug:13 msg: "{{name}}, let me think for a moment..."14 - pause:15 seconds: 1016 - debug:17 msg: "Let me guess, you are now at {{location}}?"
1Ansible - Playbook Prompts2Ansible - Pause Module
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
PROMPTS AND PAUSE
1 ---2 − hosts : l o c a l h o s t3 g a t h e r _ f a c t s : f a l s e4 vars_prompt:5 - name: "name"6 prompt: "What is your name?"7 p r i v a t e : no8 - name: "location"9 prompt: "What is you location?"
10 p r i v a t e : no11 t a s k s :12 - debug:13 msg: "{{name}}, let me think for a moment..."14 - pause:15 seconds: 1016 - debug:17 msg: "Let me guess, you are now at {{location}}?"
1Ansible - Playbook Prompts2Ansible - Pause Module
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
PLAYBOOK AS AN EXECUTABLE
Use Shebang to run ansible as an executable.
1 #!/usr/bin/ansible-playbook2 ---3 − hosts : a l l4 g a t h e r _ f a c t s : f a l s e5 # sudo: true6 v a r s _ f i l e s :7 - departed_users . yml8 t a s k s :9 - name: Delete departed users and a l l i t ’s files
10 user: name= { { item } } s t a t e =absent remove=yes11 with_items: "{{departed}}"
1 # departed_users.yml2 ---3 − departed: ["toor" , "admin" ]
./ dele te_depar ted_users . yml −i . . / inventory −l host1
1Example from: Ansible Webinar - Tips and Tricks by Brian Coca
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
PLAYBOOK AS AN EXECUTABLE
Use Shebang to run ansible as an executable.
1 #!/usr/bin/ansible-playbook2 ---3 − hosts : a l l4 g a t h e r _ f a c t s : f a l s e5 # sudo: true6 v a r s _ f i l e s :7 - departed_users . yml8 t a s k s :9 - name: Delete departed users and a l l i t ’s files
10 user: name= { { item } } s t a t e =absent remove=yes11 with_items: "{{departed}}"
1 # departed_users.yml2 ---3 − departed: ["toor" , "admin" ]
./ dele te_depar ted_users . yml −i . . / inventory −l host1
1Example from: Ansible Webinar - Tips and Tricks by Brian Coca
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
PLAYBOOK AS AN EXECUTABLE
Use Shebang to run ansible as an executable.
1 #!/usr/bin/ansible-playbook2 ---3 − hosts : a l l4 g a t h e r _ f a c t s : f a l s e5 # sudo: true6 v a r s _ f i l e s :7 - departed_users . yml8 t a s k s :9 - name: Delete departed users and a l l i t ’s files
10 user: name= { { item } } s t a t e =absent remove=yes11 with_items: "{{departed}}"
1 # departed_users.yml2 ---3 − departed: ["toor" , "admin" ]
./ dele te_depar ted_users . yml −i . . / inventory −l host1
1Example from: Ansible Webinar - Tips and Tricks by Brian Coca
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
PLAYBOOK AS AN EXECUTABLE
Use Shebang to run ansible as an executable.
1 #!/usr/bin/ansible-playbook2 ---3 − hosts : a l l4 g a t h e r _ f a c t s : f a l s e5 # sudo: true6 v a r s _ f i l e s :7 - departed_users . yml8 t a s k s :9 - name: Delete departed users and a l l i t ’s files
10 user: name= { { item } } s t a t e =absent remove=yes11 with_items: "{{departed}}"
1 # departed_users.yml2 ---3 − departed: ["toor" , "admin" ]
./ dele te_depar ted_users . yml −i . . / inventory −l host1
1Example from: Ansible Webinar - Tips and Tricks by Brian Coca
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
DELEGATION
1 ---2 − name: shush nagios before deployment3 nagios:4 a c t i o n : s i l e n c e5 host : "{{inventory_hostname}}"6 d el eg a t e _ t o : "{{nagios_host}}"7
8 . . . deployment9
10 − name: unshush nagios a f t e r deployment11 nagios:12 a c t i o n : uns i l ence13 host : "{{inventory_hostname}}"14 d el eg a t e _ t o : "{{nagios_host}}"
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
DELEGATION
1 ---2 − name: shush nagios before deployment3 nagios:4 a c t i o n : s i l e n c e5 host : "{{inventory_hostname}}"6 d el eg a t e _ t o : "{{nagios_host}}"7
8 . . . deployment9
10 − name: unshush nagios a f t e r deployment11 nagios:12 a c t i o n : uns i l ence13 host : "{{inventory_hostname}}"14 d el eg a t e _ t o : "{{nagios_host}}"
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
LOOKUPS 1/4
Lookups are executed on ansible controller.
Probably most well known lookup is:1 ---2 − name: add ssh key3 authorized_key:4 user: root5 key: "{{ lookup(’file’, ’~/.ssh/id_rsa.pub’) }}"
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
LOOKUPS 1/4
Lookups are executed on ansible controller.Probably most well known lookup is:
1 ---2 − name: add ssh key3 authorized_key:4 user: root5 key: "{{ lookup(’file’, ’~/.ssh/id_rsa.pub’) }}"
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
LOOKUPS 2/4
You can use lookups for other weird things too:
1 ---2 − hosts : l o c a l h o s t3 g a t h e r _ f a c t s : f a l s e4 t a s k s :5 - name: random number ( using lookup )6 debug:7 msg: "Random number {{ lookup(’pipe’, ’perl -e "p r i n t i n t (
rand ( 1 0 0 ) )"’) }}"
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
LOOKUPS 2/4
You can use lookups for other weird things too:1 ---2 − hosts : l o c a l h o s t3 g a t h e r _ f a c t s : f a l s e4 t a s k s :5 - name: random number ( using lookup )6 debug:7 msg: "Random number {{ lookup(’pipe’, ’perl -e "p r i n t i n t (
rand ( 1 0 0 ) )"’) }}"
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
LOOKUPS 3/4
Or just use build-in function:
1 ---2 − hosts : l o c a l h o s t3 g a t h e r _ f a c t s : f a l s e4 t a s k s :5 - name: a n s i b l e nat ive random number6 debug:7 msg: "{{100 | random}}"
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
LOOKUPS 3/4
Or just use build-in function:1 ---2 − hosts : l o c a l h o s t3 g a t h e r _ f a c t s : f a l s e4 t a s k s :5 - name: a n s i b l e nat ive random number6 debug:7 msg: "{{100 | random}}"
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
LOOKUPS 4/4
Lookups list (incomplete):I pipeI redis_kvI templateI etcdI dig (DNS)I csvfileI iniI . . .
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
FILTERS
Filters manipulate data and are executed on the ansiblecontroller.
More information:I http://docs.ansible.com/ansible/playbooks_filters.html
I http://jinja.pocoo.org/docs/dev/templates/#builtin-filters
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
FILTERS
Filters manipulate data and are executed on the ansiblecontroller.
More information:I http://docs.ansible.com/ansible/playbooks_filters.html
I http://jinja.pocoo.org/docs/dev/templates/#builtin-filters
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
EXAMPLE 1
Not all filters are dependency-free.IP address validation needs python-netaddr.
1 ---2 − hosts : l o c a l h o s t3 g a t h e r _ f a c t s : no4 t a s k s :5 - debug: msg= { { ip | ipv4 } }
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
EXAMPLE 2
1 ---2 − hosts : l o c a l h o s t3 g a t h e r _ f a c t s : f a l s e4 t a s k s :5 - debug:6 msg: "{{ ’ansible’ | regex_replace(’^a.*i(.*)$’, ’a\\1’) }}"
Produces: “able”
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
VARIABLE VALIDATION
1 ---2 − hosts : a l l3 g a t h e r _ f a c t s : no4 t a s k s :5 - debug: msg= { { hostname | mandatory } }6 - debug: msg= { { ip | mandatory } }7 . . .
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
VARIABLE VALIDATION
1 ---2 − hosts : a l l3 g a t h e r _ f a c t s : no4 t a s k s :5 - debug: msg= { { hostname | mandatory } }6 - debug: msg= { { ip | mandatory } }7 . . .
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
INCLUDES
1 ---2 − s e r v e r s : a l l3 t a s k s :4 - inc lude: set_mysql_password . yml mysql_user=root mysql_pass
= { { var_mysql_pass } }5 . . .
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
INCLUDES
1 ---2 − s e r v e r s : a l l3 t a s k s :4 - inc lude: set_mysql_password . yml mysql_user=root mysql_pass
= { { var_mysql_pass } }5 . . .
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
ROLES
1 # sample r o l e s t r u c t u r e2 r o l e s /3 common/4 f i l e s /5 templates/6 t a s k s /7 handlers/8 vars/9 d e f a u l t s /
10 meta/
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
ROLES
1 # sample r o l e s t r u c t u r e2 r o l e s /3 common/4 f i l e s /5 templates/6 t a s k s /7 handlers/8 vars/9 d e f a u l t s /
10 meta/
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
INCLUDES V.S. ROLES
When use includes and when roles?
I includes for small code pieces
I if you have files/templates/handlers - use roles
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
INCLUDES V.S. ROLES
When use includes and when roles?
I includes for small code pieces
I if you have files/templates/handlers - use roles
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
VERBOSITY AND ERROR HANDLING
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
IGNORE_ERRORS
Continue running the task disregarding an error.1 ---2 − name: mysql root password3 mysql_user: name=root password = { { db_root_password } }4 i g n o r e _ e r r o r s : t rue
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
ASSERT
1 ---2 − hosts : l o c a l h o s t3 g a t h e r _ f a c t s : f a l s e4 vars_prompt:5 - name: "name"6 prompt: "What is your name?"7 # show input contents8 p r i v a t e : no9 t a s k s :
10 - name: Very secure user v a l i d a t i o n11 a s s e r t :12 t h a t : "name == ’Oleg’"
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
FAIL
1 ---2 − hosts : l o c a l h o s t3 g a t h e r _ f a c t s : f a l s e4 vars_prompt:5 - name: "name"6 prompt: "What is your name?"7 # show input contents8 p r i v a t e : no9 t a s k s :
10 - name: Very secure user v a l i d a t i o n11 f a i l :12 msg: "You are not allowed to run this playbook, {{name}}!"13 when: "name != ’Oleg’"
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
WHAT’S NEW IN ANSIBLE 2.0
I Task BlocksI Playbook parsing and Error Reporting improvements
I Syntax error shows the exact place in a playbook and givessugestions
I No more escaping of escapings needed (\\\\)
I Dynamic IncludesI Execution Strategy Plugins
1Details: Ansible 2.0 Release Notes
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
WHAT’S NEW IN ANSIBLE 2.0
I Task Blocks
I Playbook parsing and Error Reporting improvements
I Syntax error shows the exact place in a playbook and givessugestions
I No more escaping of escapings needed (\\\\)
I Dynamic IncludesI Execution Strategy Plugins
1Details: Ansible 2.0 Release Notes
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
WHAT’S NEW IN ANSIBLE 2.0
I Task BlocksI Playbook parsing and Error Reporting improvements
I Syntax error shows the exact place in a playbook and givessugestions
I No more escaping of escapings needed (\\\\)
I Dynamic IncludesI Execution Strategy Plugins
1Details: Ansible 2.0 Release Notes
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
WHAT’S NEW IN ANSIBLE 2.0
I Task BlocksI Playbook parsing and Error Reporting improvements
I Syntax error shows the exact place in a playbook and givessugestions
I No more escaping of escapings needed (\\\\)
I Dynamic IncludesI Execution Strategy Plugins
1Details: Ansible 2.0 Release Notes
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
WHAT’S NEW IN ANSIBLE 2.0
I Task BlocksI Playbook parsing and Error Reporting improvements
I Syntax error shows the exact place in a playbook and givessugestions
I No more escaping of escapings needed (\\\\)
I Dynamic IncludesI Execution Strategy Plugins
1Details: Ansible 2.0 Release Notes
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
WHAT’S NEW IN ANSIBLE 2.0
I Task BlocksI Playbook parsing and Error Reporting improvements
I Syntax error shows the exact place in a playbook and givessugestions
I No more escaping of escapings needed (\\\\)
I Dynamic Includes
I Execution Strategy Plugins
1Details: Ansible 2.0 Release Notes
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
WHAT’S NEW IN ANSIBLE 2.0
I Task BlocksI Playbook parsing and Error Reporting improvements
I Syntax error shows the exact place in a playbook and givessugestions
I No more escaping of escapings needed (\\\\)
I Dynamic IncludesI Execution Strategy Plugins
1Details: Ansible 2.0 Release Notes
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
TASK BLOCKS - BASIC EXAMPLE
1 t a s k s :2 - block:3 - debug: msg=’i execute normally’4 - command: /bin/ f a l s e5 - debug: msg=’i never execute, cause ERROR!’6 rescue:7 - debug: msg=’I caught an error’8 - command: /bin/ f a l s e9 - debug: msg=’I also never execute :-(’
10 always:11 - debug: msg="this always executes"
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
TASK BLOCKS - BASIC EXAMPLE
1 t a s k s :2 - block:3 - debug: msg=’i execute normally’4 - command: /bin/ f a l s e5 - debug: msg=’i never execute, cause ERROR!’6 rescue:7 - debug: msg=’I caught an error’8 - command: /bin/ f a l s e9 - debug: msg=’I also never execute :-(’
10 always:11 - debug: msg="this always executes"
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
TASK BLOCKS - ADVANCED EXAMPLE1 ---2 − hosts : a l l3 s e r i a l : 14 vars:5 - debug: f a l s e6 - packages: [ g i t , l i g h t t p d ]7 t a s k s :8 - block:9 - name: i n s t a l l packages
10 package: name="{{item}}" s t a t e = i n s t a l l e d11 with_items:12 - "{{packages}}"13 r e g i s t e r : packages_s ta te14 - debug: msg="{{packages_state}}"15 when: "debug == true"16 - name: copy l i g h t t p d conf ig f i l e17 template:18 s r c : "lighttpd.conf.j2"19 dest : "/etc/lighttpd/conf-enabled/00-test.conf"20 - name: r e s t a r t l i g h t t p d21 s e r v i c e : name="lighttpd" s t a t e = r e s t a r t e d22 rescue:23 - name: remove l i g h t t p conf ig f i l e24 f i l e :25 dest : "/etc/lighttpd/conf-enabled/00-test.conf"26 s t a t e : absent27 - name: remove i n s t a l l e d packages28 package: name="{{item}}" s t a t e =absent purge= t rue29 with_items:30 - "{{packages}}"31 when: "packages_state[’changed’] == true"32 - f a i l :
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
DYNAMIC INCLUDES
I Before ansible 2.0 includes were preprocessed (once atstart-time)
I From ansible 2.0 on includes are dynamically evaluated inruntime
I The fact that your plabook from ansible < 2.0 is parsedcorrectly in ansible 2.0 doesn’t mean it will behave thesame way
I Examples:
I − inc lude: "{{ ansible_os_family }}.yml"
I − inc lude_vars : "{{ ansible_os_family }}.yml"
1Porting guide to ansible 2.0
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
DYNAMIC INCLUDES
I Before ansible 2.0 includes were preprocessed (once atstart-time)
I From ansible 2.0 on includes are dynamically evaluated inruntime
I The fact that your plabook from ansible < 2.0 is parsedcorrectly in ansible 2.0 doesn’t mean it will behave thesame way
I Examples:
I − inc lude: "{{ ansible_os_family }}.yml"
I − inc lude_vars : "{{ ansible_os_family }}.yml"
1Porting guide to ansible 2.0
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
DYNAMIC INCLUDES
I Before ansible 2.0 includes were preprocessed (once atstart-time)
I From ansible 2.0 on includes are dynamically evaluated inruntime
I The fact that your plabook from ansible < 2.0 is parsedcorrectly in ansible 2.0 doesn’t mean it will behave thesame way
I Examples:
I − inc lude: "{{ ansible_os_family }}.yml"
I − inc lude_vars : "{{ ansible_os_family }}.yml"
1Porting guide to ansible 2.0
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
DYNAMIC INCLUDES
I Before ansible 2.0 includes were preprocessed (once atstart-time)
I From ansible 2.0 on includes are dynamically evaluated inruntime
I The fact that your plabook from ansible < 2.0 is parsedcorrectly in ansible 2.0 doesn’t mean it will behave thesame way
I Examples:
I − inc lude: "{{ ansible_os_family }}.yml"
I − inc lude_vars : "{{ ansible_os_family }}.yml"
1Porting guide to ansible 2.0
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
DYNAMIC INCLUDES
I Before ansible 2.0 includes were preprocessed (once atstart-time)
I From ansible 2.0 on includes are dynamically evaluated inruntime
I The fact that your plabook from ansible < 2.0 is parsedcorrectly in ansible 2.0 doesn’t mean it will behave thesame way
I Examples:
I − inc lude: "{{ ansible_os_family }}.yml"
I − inc lude_vars : "{{ ansible_os_family }}.yml"
1Porting guide to ansible 2.0
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
DYNAMIC INCLUDES
I Before ansible 2.0 includes were preprocessed (once atstart-time)
I From ansible 2.0 on includes are dynamically evaluated inruntime
I The fact that your plabook from ansible < 2.0 is parsedcorrectly in ansible 2.0 doesn’t mean it will behave thesame way
I Examples:
I − inc lude: "{{ ansible_os_family }}.yml"
I − inc lude_vars : "{{ ansible_os_family }}.yml"
1Porting guide to ansible 2.0
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
DYNAMIC INCLUDES
I Before ansible 2.0 includes were preprocessed (once atstart-time)
I From ansible 2.0 on includes are dynamically evaluated inruntime
I The fact that your plabook from ansible < 2.0 is parsedcorrectly in ansible 2.0 doesn’t mean it will behave thesame way
I Examples:
I − inc lude: "{{ ansible_os_family }}.yml"
I − inc lude_vars : "{{ ansible_os_family }}.yml"
1Porting guide to ansible 2.0
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
EXECUTION STRATEGIES
Sice ansible 2.0 execution strategies are plugins.
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
EXECUTION STRATEGIES
Sice ansible 2.0 execution strategies are plugins.
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
EXECUTION STRATEGIES 1/3strategy: linear
(default)
host1host2
task1=1sec
task1=5sec
task2=5sec
task2=9sec
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
EXECUTION STRATEGIES 2/3strategy: linear
(default)strategy: free
host1host2 host1host2
task1=1sec
task1=5sec
task2=5sec
task2=9sec
t1=5sec
t1=5sec
task1=1sec
task2=9sec
task1=5sec
task2=5sec
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
EXECUTION STRATEGIES 3/3strategy: linear
(default)strategy: free strategy: linear
serial: 1
host1host2 host1host2 host1host2
task1=1sec
task1=5sec
task2=5sec
task2=9sec
t1=5sec
t1=5sec
task1=1sec
task2=9sec
task1=5sec
task2=5sec
task1=5sec
task2=5sec
task1=1sec
task2=9sec
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
EXECUTION STRATEGIES - PLAYBOOK 1/3
1 # F i l e s t r u c t u r e :2
3 ./ deploy_fac t s . yml4 ./ f i l e s5 ./ f i l e s /host1 . f a c t6 ./ f i l e s /host2 . f a c t7 ./ run . yml
1 # f i l e s / h o s t 1 . f a c t2 [ genera l ]3 t 1 =14 t 2 =9
1 # f i l e s / h o s t 2 . f a c t2 [ genera l ]3 t 1 =54 t 2 =5
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
EXECUTION STRATEGIES - PLAYBOOK 1/3
1 # F i l e s t r u c t u r e :2
3 ./ deploy_fac t s . yml4 ./ f i l e s5 ./ f i l e s /host1 . f a c t6 ./ f i l e s /host2 . f a c t7 ./ run . yml
1 # f i l e s / h o s t 1 . f a c t2 [ genera l ]3 t 1 =14 t 2 =9
1 # f i l e s / h o s t 2 . f a c t2 [ genera l ]3 t 1 =54 t 2 =5
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
EXECUTION STRATEGIES - PLAYBOOK 2/3
1 # deploy_facts.yml2 ---3 − hosts : a l l4 t a s k s :5 - debug:6 msg: "{{ ansible_local[’times’][’general’] }}"7 i g n o r e _ e r r o r s : True8 - f i l e :9 path: ’/etc/ansible/facts.d’
10 s t a t e : d i r e c t o r y11 - copy:12 s r c : "files/{{ inventory_hostname }}.fact"13 dest : "/etc/ansible/facts.d/times.fact"
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
EXECUTION STRATEGIES - PLAYBOOK 3/3
1 # run.yml2 ---3 − hosts : a l l4 s t r a t e g y : f r e e5 # strategy: linear6 # serial: 17 t a s k s :8 - debug:9 msg: "{{ ansible_local[’times’][’general’] }}"
10 - s h e l l :11 cmd: "sleep {{ ansible_local[’times’][’general’][’t1’] }}"12 - s h e l l :13 cmd: "sleep {{ ansible_local[’times’][’general’][’t2’] }}"
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
GENERIC PACKAGE MODULE
1 ---2 − package: name= g i t s t a t e =present
We all have been waiting for it!
1Details: Ansible - Package Module
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
GENERIC PACKAGE MODULE
1 ---2 − package: name= g i t s t a t e =present
We all have been waiting for it!
1Details: Ansible - Package Module
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
GENERIC PACKAGE MODULE
But wait a minute...Does this ease the pain of creating playbook for different
distros?
I apache package nameI CentOS/RHEL: httpdI Debian: apache2
I apache config directoryI CentOS/RHEL: /etc/httpd/conf.dI Debian: /etc/apache2/conf-enabled
How to solve?
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
GENERIC PACKAGE MODULE
But wait a minute...Does this ease the pain of creating playbook for different
distros?
I apache package nameI CentOS/RHEL: httpdI Debian: apache2
I apache config directoryI CentOS/RHEL: /etc/httpd/conf.dI Debian: /etc/apache2/conf-enabled
How to solve?
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
GENERIC PACKAGE MODULE
But wait a minute...Does this ease the pain of creating playbook for different
distros?
I apache package nameI CentOS/RHEL: httpdI Debian: apache2
I apache config directoryI CentOS/RHEL: /etc/httpd/conf.dI Debian: /etc/apache2/conf-enabled
How to solve?
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
GENERIC PACKAGE MODULEWorking with distro-dependent variables.
1 # remove_apache.yml2 ---3 − hosts : a l l4 t a s k s :5 - inc lude_vars : "includes/{{ ansible_os_family }}.yml"6
7 - debug:8 msg: "going to remove package {{apache}}"9
10 # This uses a variable as this changes per distribution.11 - name: "remove the apache package"12 package: name= { { apache } } s t a t e =absent
1 # includes/Debian.yml2 ---3 apache: "apache2"
1 # includes/RedHat.yml2 ---3 apache: "httpd"
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
GENERIC PACKAGE MODULEWorking with distro-dependent variables.
1 # remove_apache.yml2 ---3 − hosts : a l l4 t a s k s :5 - inc lude_vars : "includes/{{ ansible_os_family }}.yml"6
7 - debug:8 msg: "going to remove package {{apache}}"9
10 # This uses a variable as this changes per distribution.11 - name: "remove the apache package"12 package: name= { { apache } } s t a t e =absent
1 # includes/Debian.yml2 ---3 apache: "apache2"
1 # includes/RedHat.yml2 ---3 apache: "httpd"
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
IPTABLES MODULE
1 ---2 # Block specific IP3 − i p t a b l e s :4 ip_vers ion : ipv45 chain: INPUT6 source: 8 . 8 . 8 . 87 jump: DROP8 # this must be runned as root (sudo)9 become: t rue
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
IPTABLES MODULE
1 ---2 # Block specific IP3 − i p t a b l e s :4 ip_vers ion : ipv45 chain: INPUT6 source: 8 . 8 . 8 . 87 jump: DROP8 # this must be runned as root (sudo)9 become: t rue
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
ANSIBLE 2.2 (CURRENT DEVELOPMENT)
Currently in development.
I Added support for binary modules."Yeah!" to all Golang programmers.
I letsencryptI cisco ASAI lxd moduleI aws_vpc_∗I telegramI wakeonlanI ...
1Changelog
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
ANSIBLE 2.2 (CURRENT DEVELOPMENT)
Currently in development.
I Added support for binary modules."Yeah!" to all Golang programmers.
I letsencryptI cisco ASAI lxd moduleI aws_vpc_∗I telegramI wakeonlanI ...
1Changelog
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
ANSIBLE 2.2 (CURRENT DEVELOPMENT)
Currently in development.I Added support for binary modules.
"Yeah!" to all Golang programmers.
I letsencryptI cisco ASAI lxd moduleI aws_vpc_∗I telegramI wakeonlanI ...
1Changelog
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
ANSIBLE 2.2 (CURRENT DEVELOPMENT)
Currently in development.I Added support for binary modules.
"Yeah!" to all Golang programmers.I letsencrypt
I cisco ASAI lxd moduleI aws_vpc_∗I telegramI wakeonlanI ...
1Changelog
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
ANSIBLE 2.2 (CURRENT DEVELOPMENT)
Currently in development.I Added support for binary modules.
"Yeah!" to all Golang programmers.I letsencryptI cisco ASA
I lxd moduleI aws_vpc_∗I telegramI wakeonlanI ...
1Changelog
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
ANSIBLE 2.2 (CURRENT DEVELOPMENT)
Currently in development.I Added support for binary modules.
"Yeah!" to all Golang programmers.I letsencryptI cisco ASAI lxd module
I aws_vpc_∗I telegramI wakeonlanI ...
1Changelog
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
ANSIBLE 2.2 (CURRENT DEVELOPMENT)
Currently in development.I Added support for binary modules.
"Yeah!" to all Golang programmers.I letsencryptI cisco ASAI lxd moduleI aws_vpc_∗
I telegramI wakeonlanI ...
1Changelog
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
ANSIBLE 2.2 (CURRENT DEVELOPMENT)
Currently in development.I Added support for binary modules.
"Yeah!" to all Golang programmers.I letsencryptI cisco ASAI lxd moduleI aws_vpc_∗I telegram
I wakeonlanI ...
1Changelog
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
ANSIBLE 2.2 (CURRENT DEVELOPMENT)
Currently in development.I Added support for binary modules.
"Yeah!" to all Golang programmers.I letsencryptI cisco ASAI lxd moduleI aws_vpc_∗I telegramI wakeonlan
I ...
1Changelog
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
ANSIBLE 2.2 (CURRENT DEVELOPMENT)
Currently in development.I Added support for binary modules.
"Yeah!" to all Golang programmers.I letsencryptI cisco ASAI lxd moduleI aws_vpc_∗I telegramI wakeonlanI ...
1Changelog
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
AMAZON AWS
I Current status
I ansible 2.0 ∼ 70 AWS modulesI For everthing else use awscli (until module will be
implemented)
I For better experience
I Use ansible = 2.0 + Boto3 (long-term Boto will go away)I ansible 2.2 (current development) has more aws modules,
see changelog 1 for details
1Changelog2List of cloud modules
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
AMAZON AWS
I Current status
I ansible 2.0 ∼ 70 AWS modulesI For everthing else use awscli (until module will be
implemented)
I For better experience
I Use ansible = 2.0 + Boto3 (long-term Boto will go away)I ansible 2.2 (current development) has more aws modules,
see changelog 1 for details
1Changelog2List of cloud modules
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
AMAZON AWS
I Current statusI ansible 2.0 ∼ 70 AWS modules
I For everthing else use awscli (until module will beimplemented)
I For better experience
I Use ansible = 2.0 + Boto3 (long-term Boto will go away)I ansible 2.2 (current development) has more aws modules,
see changelog 1 for details
1Changelog2List of cloud modules
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
AMAZON AWS
I Current statusI ansible 2.0 ∼ 70 AWS modulesI For everthing else use awscli (until module will be
implemented)
I For better experience
I Use ansible = 2.0 + Boto3 (long-term Boto will go away)I ansible 2.2 (current development) has more aws modules,
see changelog 1 for details
1Changelog2List of cloud modules
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
AMAZON AWS
I Current statusI ansible 2.0 ∼ 70 AWS modulesI For everthing else use awscli (until module will be
implemented)
I For better experience
I Use ansible = 2.0 + Boto3 (long-term Boto will go away)I ansible 2.2 (current development) has more aws modules,
see changelog 1 for details
1Changelog2List of cloud modules
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
AMAZON AWS
I Current statusI ansible 2.0 ∼ 70 AWS modulesI For everthing else use awscli (until module will be
implemented)
I For better experienceI Use ansible = 2.0 + Boto3 (long-term Boto will go away)
I ansible 2.2 (current development) has more aws modules,see changelog 1 for details
1Changelog2List of cloud modules
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
AMAZON AWS
I Current statusI ansible 2.0 ∼ 70 AWS modulesI For everthing else use awscli (until module will be
implemented)
I For better experienceI Use ansible = 2.0 + Boto3 (long-term Boto will go away)I ansible 2.2 (current development) has more aws modules,
see changelog 1 for details
1Changelog2List of cloud modules
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
EXAMPLE
1 ---2 − name: seamless deployment3 hosts : nodes_behind_elb4 s e r i a l : 15 pre_tasks :6 - name: get ec2 f a c t s7 e c 2 _ f a c t s :8 - name: d i a c t i v a t e node in e lb9 ec2_e lb : s t a t e =absent # arguments
10 d el eg a te _ t o : l o c a l h o s t11
12 t a s k s :13 - name: deploy new software14 g i t : # arguments15
16 pos t_ tasks :17 - name: a c t i v a t e node in e lb18 ec2_e lb : s t a t e =present # arguments19 d el eg a te _ t o : l o c a l h o s t
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
COMPLIANCE
ansible-lockdown 1
I goal - implement STIG baselineI IMHO good ideaI current status: v0.1
1ansible-lockdown
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
COMPLIANCE
ansible-lockdown 1
I goal - implement STIG baselineI IMHO good ideaI current status: v0.1
1ansible-lockdown
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
COMPLIANCE
ansible-lockdown 1
I goal - implement STIG baseline
I IMHO good ideaI current status: v0.1
1ansible-lockdown
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
COMPLIANCE
ansible-lockdown 1
I goal - implement STIG baselineI IMHO good idea
I current status: v0.1
1ansible-lockdown
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
COMPLIANCE
ansible-lockdown 1
I goal - implement STIG baselineI IMHO good ideaI current status: v0.1
1ansible-lockdown
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
NETWORK ORCHESTRATION
Support in ansible 2.0 1:I Arista EOS (cli, eapi)I Cisco NXOS (cli, nsapi)I Cisco IOS (cli)I Cisco IOSXR (cli, netconf)I Cumulus Linux (ssh)I Juniper JUNOS (cli, netconf)I OpenSwitch (ssh, cli, rest)
1Ansible - List of Network Modules
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
NETWORK ORCHESTRATION
Support in ansible 2.0 1:I Arista EOS (cli, eapi)I Cisco NXOS (cli, nsapi)I Cisco IOS (cli)I Cisco IOSXR (cli, netconf)I Cumulus Linux (ssh)I Juniper JUNOS (cli, netconf)I OpenSwitch (ssh, cli, rest)
1Ansible - List of Network Modules
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
EXAMPLE
1 ---2 − hosts : i o s 13 t a s k s :4 - ios_command:5 commands: show running−conf ig a l l6 provider: "{{cli}}"7 r e g i s t e r : deviceconf ig8
9 - i o s _ c o n f i g10 l i n e s :11 - d e s c r i p t i o n configured by a n s i b l e12 - ip address 1 0 . 0 . 0 . 1 2 5 5 . 2 5 5 . 2 5 5 . 013 - no shutdown14 parents : i n t e r f a c e Gigabi tEthernet0 /115 conf ig : "{{ deviceconfig.stdout[0] }}"16 provider: "{{cli}}"
1Ansible Webcast - Automating your network
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
ANSIBLE-CONTAINER
I For all you Docker hipsters out there.I Aim is to use ansible playbooks for physical hosts, VMs as
well as containers.I Workflow: build, flatten the image, (run), push to
container registry.I Current status:
I Only Docker support now
I Support for other container providers will come (Rocket?)
I Until now no network function support for docker
1ansible-container readme
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
ANSIBLE-CONTAINER
I For all you Docker hipsters out there.
I Aim is to use ansible playbooks for physical hosts, VMs aswell as containers.
I Workflow: build, flatten the image, (run), push tocontainer registry.
I Current status:
I Only Docker support now
I Support for other container providers will come (Rocket?)
I Until now no network function support for docker
1ansible-container readme
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
ANSIBLE-CONTAINER
I For all you Docker hipsters out there.I Aim is to use ansible playbooks for physical hosts, VMs as
well as containers.
I Workflow: build, flatten the image, (run), push tocontainer registry.
I Current status:
I Only Docker support now
I Support for other container providers will come (Rocket?)
I Until now no network function support for docker
1ansible-container readme
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
ANSIBLE-CONTAINER
I For all you Docker hipsters out there.I Aim is to use ansible playbooks for physical hosts, VMs as
well as containers.I Workflow: build, flatten the image, (run), push to
container registry.
I Current status:
I Only Docker support now
I Support for other container providers will come (Rocket?)
I Until now no network function support for docker
1ansible-container readme
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
ANSIBLE-CONTAINER
I For all you Docker hipsters out there.I Aim is to use ansible playbooks for physical hosts, VMs as
well as containers.I Workflow: build, flatten the image, (run), push to
container registry.I Current status:
I Only Docker support now
I Support for other container providers will come (Rocket?)
I Until now no network function support for docker
1ansible-container readme
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
ANSIBLE-CONTAINER
I For all you Docker hipsters out there.I Aim is to use ansible playbooks for physical hosts, VMs as
well as containers.I Workflow: build, flatten the image, (run), push to
container registry.I Current status:
I Only Docker support now
I Support for other container providers will come (Rocket?)I Until now no network function support for docker
1ansible-container readme
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
ANSIBLE-CONTAINER
I For all you Docker hipsters out there.I Aim is to use ansible playbooks for physical hosts, VMs as
well as containers.I Workflow: build, flatten the image, (run), push to
container registry.I Current status:
I Only Docker support nowI Support for other container providers will come (Rocket?)
I Until now no network function support for docker
1ansible-container readme
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
ANSIBLE-CONTAINER
I For all you Docker hipsters out there.I Aim is to use ansible playbooks for physical hosts, VMs as
well as containers.I Workflow: build, flatten the image, (run), push to
container registry.I Current status:
I Only Docker support nowI Support for other container providers will come (Rocket?)
I Until now no network function support for docker
1ansible-container readme
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
SUMMARY
I Ansible is expanding it’s work area and developingrapidly
I Play the slides after the talk and try things out
I Use the links in slides to dive deeper
I Most of standard recurring tasks can be automated usingansible
I Playbooks from the slides are available on Github 1
I ansible-doc is pretty handy for writing playbooks offline
1Playbooks from this talk
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
SUMMARY
I Ansible is expanding it’s work area and developingrapidly
I Play the slides after the talk and try things out
I Use the links in slides to dive deeper
I Most of standard recurring tasks can be automated usingansible
I Playbooks from the slides are available on Github 1
I ansible-doc is pretty handy for writing playbooks offline
1Playbooks from this talk
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
SUMMARY
I Ansible is expanding it’s work area and developingrapidly
I Play the slides after the talk and try things out
I Use the links in slides to dive deeper
I Most of standard recurring tasks can be automated usingansible
I Playbooks from the slides are available on Github 1
I ansible-doc is pretty handy for writing playbooks offline
1Playbooks from this talk
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
SUMMARY
I Ansible is expanding it’s work area and developingrapidly
I Play the slides after the talk and try things out
I Use the links in slides to dive deeper
I Most of standard recurring tasks can be automated usingansible
I Playbooks from the slides are available on Github 1
I ansible-doc is pretty handy for writing playbooks offline
1Playbooks from this talk
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
SUMMARY
I Ansible is expanding it’s work area and developingrapidly
I Play the slides after the talk and try things out
I Use the links in slides to dive deeper
I Most of standard recurring tasks can be automated usingansible
I Playbooks from the slides are available on Github 1
I ansible-doc is pretty handy for writing playbooks offline
1Playbooks from this talk
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
SUMMARY
I Ansible is expanding it’s work area and developingrapidly
I Play the slides after the talk and try things out
I Use the links in slides to dive deeper
I Most of standard recurring tasks can be automated usingansible
I Playbooks from the slides are available on Github 1
I ansible-doc is pretty handy for writing playbooks offline
1Playbooks from this talk
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
SUMMARY
I Ansible is expanding it’s work area and developingrapidly
I Play the slides after the talk and try things out
I Use the links in slides to dive deeper
I Most of standard recurring tasks can be automated usingansible
I Playbooks from the slides are available on Github 1
I ansible-doc is pretty handy for writing playbooks offline
1Playbooks from this talk
ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END
Thanks!