Ansible Intro - June 2015 / Ansible Barcelona User Group

  • View
    266

  • Download
    1

Embed Size (px)

Transcript

1. Ansible Barcelona@AnsibleBCN Barcelona CC https://www.flickr.com/photos/din_bcn/2551132104/ 2. Ansible Barcelona@AnsibleBCN @enricostano 3. Ansible Barcelona@AnsibleBCN Said Ziouani @SaidZiouani CEO/Founder Greg DeKoenigsberg @gregdek VP Community 4. Ansible Barcelona@AnsibleBCN 5. Ismael Bentez CTO at Roca Salvatella Associate Professor at La Salle Ansible Barcelona co-organiser @isma_tech whoami Ansible Barcelona@AnsibleBCN 6. Orestes Carracedo CTO at Zyrcle Full-Stack Developer Est. 2005 Ansible Barcelona Founder @OrestesCA whoami Ansible Barcelona@AnsibleBCN 7. Ansible Barcelona@AnsibleBCN Barcelona @AnsibleBCNAnsible Barcelona 8. Introduction to Ansible Ansible Barcelona@AnsibleBCN 9. What is Ansible Ansible Barcelona@AnsibleBCN SCM automation tool agent-less simple + powerful 10. Basics Managed Node #1 Managed Node #2 Ansible Barcelona@AnsibleBCN Control Machine Inventory ssh 11. $ vagrant init https://github.com/ holms/vagrant-jessie-box/releases/ download/Jessie-v0.1/Debian-jessie- amd64-netboot.box $ vagrant up $ vagrant ssh-config HostName 127.0.0.1 User vagrant Port 2222 Managed Node setup http://vagrantup.com http://vagrantbox.es Ansible Barcelona@AnsibleBCN 12. Managed Node security credentials $ vagrant ssh --command "echo `cat ~/.ssh/id_rsa.pub` >> ~/.ssh/ authorized_keys $ ssh vagrant@localhost -p 2222 Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[localhost]:2222' (RSA) to the list of known hosts. Last login: Sun Jun 7 01:21:33 2015 from 10.0.2.2 vagrant@Debian-jessie-amd64-netboot:~$ exit Ansible Barcelona@AnsibleBCN 13. Control Machine setup http://docs.ansible.com $ sudo pip install paramiko PyYAML Jinja2 httplib2 $ git clone git://github.com/ansible/ansible.git --recursive $ cd ./ansible $ source hacking/env-setup $ ansible ansible ansible-doc ansible-galaxy ansible- playbook ansible-pull ansible-vault Ansible Barcelona@AnsibleBCN 14. Inventory setup $ export ANSIBLE_INVENTORY=~/ansible_hosts [vagrant] 127.0.0.1:2222 foo=bar [vagrant:vars] ansible_ssh_user=vagrant env=local http://docs.ansible.com/intro_inventory.html https://docs.ansible.com/playbooks_variables.html Ansible Barcelona@AnsibleBCN Precedence: -i file or $ANSIBLE_INVENTORY or /etc/ansible/hosts 15. Random Ansible Barcelona@AnsibleBCN _________________ < GATHERING FACTS > -----------------^__^(oo)_______ (__) )/ ||----w | || || http://docs.ansible.com/faq.html#how-do-i-disable-cowsay export ANSIBLE_NOCOWS=1 16. Ping a.k.a. Hello world $ ansible vagrant -m ping --vvvv ESTABLISH CONNECTION FOR USER: vagrant on PORT 2222 TO 127.0.0.1 REMOTE_MODULE ping 127.0.0.1 | success >> { "changed": false, "ping": "pong" } $ ansible all -m ping vvvv Ansible Barcelona@AnsibleBCN 17. Playbooks Ansible Barcelona@AnsibleBCN - hosts: vagrant sudo: True tasks: - name: Install ntp apt: pkg=ntp state=installed $ ansible-playbook test_playbook.yml GATHERING FACTS ok: [127.0.0.1] TASK: [Install ntp] changed: [127.0.0.1] PLAY RECAP 127.0.0.1: ok=2 changed=1 unreachable=0 failed=0 test_playbook.yml 18. Idempotence Ansible Barcelona@AnsibleBCN - hosts: vagrant sudo: True tasks: - name: Install ntp apt: pkg=ntp state=installed $ ansible-playbook test_playbook.yml GATHERING FACTS ok: [127.0.0.1] TASK: [Install ntp] ok: [127.0.0.1] PLAY RECAP 127.0.0.1: ok=2 changed=0 unreachable=0 failed=0 test_playbook.yml 19. Idempotence Ansible Barcelona@AnsibleBCN - hosts: vagrant sudo: True tasks: - name: Install ntp apt: pkg=ntp state=installed $ ansible-playbook test_playbook.yml GATHERING FACTS ok: [127.0.0.1] TASK: [Install ntp] ok: [127.0.0.1] PLAY RECAP 127.0.0.1: ok=2 changed=0 unreachable=0 failed=0 test_playbook.yml 20. Facts $ ansible vagrant -m setup 127.0.0.1 | success >> { "ansible_facts": { "ansible_all_ipv4_addresses": [ "10.0.2.15" ], "ansible_all_ipv6_addresses": [ "fe80::a00:27ff:fe6b:d3e" ], "ansible_architecture": "x86_64", "ansible_bios_date": "12/01/2006", "ansible_bios_version": "VirtualBox", Ansible Barcelona@AnsibleBCN 21. Templates, facts and variables Ansible Barcelona@AnsibleBCN - hosts: vagrant sudo: True tasks: - name: Write MOTD template: src=templates/motd dest=/etc/motd Youre now in the {{ env | upper }} environment at {{ ansible_hostname }} {{ ansible_distribution }} {{ansible_distribution_release }} {{ ansible_distribution_version }} {{ ansible_system }} {{ ansible_kernel }} {{ ansible_architecture }} test_playbook.yml templates/motd Youre now in the LOCAL environment at Debian-jessie-amd64- netboot Debian jessie 8.0 Linux 3.16.0-4-amd64 x86_64 22. Conditionals Ansible Barcelona@AnsibleBCN - name: Enable LOCAL env prompt indicator template: src=templates/env/local/.bash_profile dest=~/.bash_profile when: env == "local" test_playbook.yml export PS1="[$(tput setaf 2)][u@h W]$ [$(tput setaf 7)][$(tput sgr0)]" templates/.bash_profile [vagrant@Debian-jessie-amd64-netboot ~]$ https://docs.ansible.com/playbooks_conditionals.html 23. Notifications and handlers Ansible Barcelona@AnsibleBCN - hosts: webservers vars: http_port: 80 max_clients: 200 remote_user: root tasks: - name: ensure apache is at the latest version yum: pkg=httpd state=latest - name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf notify: - restart apache - name: ensure apache is running (and enable it at boot) service: name=httpd state=started enabled=yes handlers: - name: restart apache service: name=httpd state=restarted 24. Roles Ansible Barcelona@AnsibleBCN site.yml roles/ common/ files/ templates/ tasks/ handlers/ vars/ defaults/ meta/ webserver/ files https://docs.ansible.com/playbooks_roles.html https://github.com/ansible/ansible-examples - hosts: webservers roles: - common - webserver site.yml 25. First steps in practice Ansible Barcelona@AnsibleBCN Dependencies Credentials Deployment 26. Install dependencies Ansible Barcelona@AnsibleBCN $ ansible-playbook test_playbook.yml /bin/sh: 1: /usr/bin/python: not found Missing Python gather_facts: False tasks: - name: Install Python raw: apt-get install python -y - name: Gather facts after python install setup: - name: Write MOTD test_playbook.yml 27. Install dependencies Ansible Barcelona@AnsibleBCN $ ansible-playbook test_playbook.yml --sudo PLAY [vagrant] TASK: [Install Python] ok: [127.0.0.1] TASK: [Gather facts] ok: [127.0.0.1] TASK: [Write MOTD] changed: [127.0.0.1] PLAY RECAP 127.0.0.1: ok=3 changed=1 unreachable=0 failed=0 test_playbook.yml 28. Setup remote access Ansible Barcelona@AnsibleBCN - name: Setup access authorized_key: user="{{ ansible_ssh_user }}" key="{{ item }}" with_file: - ~/.ssh/id_rsa.pub - /some/secure/dir/keys/admin.pub test_playbook.yml http://docs.ansible.com/authorized_key_module.html $ ansible-playbook test_playbook.yml --ask-pass SSH password: TASK: [Setup access] ok: [127.0.0.1] => (item=ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD orestes@mjolnir.local) 29. Simple deployment Ansible Barcelona@AnsibleBCN - name: Clone git repository git: > dest=/var/www/awesome-app repo=https://github.com/initech/awesome-app update=no sudo: yes sudo_user: www-data register: cloned - name: Clear cache when: cloned|changed test_playbook.yml https://github.com/ansistrano http://www.future500.nl/articles/2014/07/thoughts-on-deploying-with-ansible/ 30. Advanced deployment Ansible Barcelona@AnsibleBCN http://www.ansible.com/application-deployment http://docs.ansible.com/playbooks_delegation.html - hosts: webservers max_fail_percentage: 30 serial: 10 31. Learning from the community Ansible Barcelona@AnsibleBCN https://galaxy.ansible.com 32. Visual inventory management Push-button deployments Team workflow Role-based security Demo https://youtu.be/wEB7C3OAnYo Going enterprise Ansible Barcelona@AnsibleBCN 33. EOF Ansible Barcelona@AnsibleBCN ___________________ < THATS ALL FOLKS! > -------------------^__^(oo)_______ (__) )/ ||----w | || || 34. Swag giveaway time! Ansible Barcelona@AnsibleBCN 35. Feedback welcome orestes.ca@gmail.com Thanks! Ansible Barcelona@AnsibleBCN