Infrastructure = Code

Georg M. Sorst

CTO, FINDOLOGIC GmbH

What’s the challenge?

Who has already setup 1 server?

2 servers?

10, 1.000, 10.000?

Danger zone

● Setup: Manual shell commands

● Testing: Manual

● Multiple admins: Overwrite each other’s fixes

● Updates: Different versions on every server

Develop like it’s 1999

● Software Development has solved these issues:

● Installation: Deployment Scripts

● Testing: Unit Tests

● Multiple developers: git merge

● Updates: Version tagging

Infrastructure = Code?

● Define the desired state of the servers

● In human readable form

● Commit to VCS

● Automatically run tests

● Setup / Update server with single command

● Fail, fix and deploy

Ansible!

---

- hosts: webservers

tasks:

- name: ensure apache is at the latest version

yum: name=httpd state=latest

- name: write the apache config file

template: src=/srv/httpd.j2 dest=/etc/httpd.conf

notify:

- restart apache

- name: ensure apache is running (and enable it at boot)

service: name=httpd state=started enabled=yes

handlers:

- name: restart apache

service: name=httpd state=restarted

What?

● “Ansible” = fictional instantaneous hyperspace communication system

● Michael DeHaan 2012 / Red Hat

● Python

● Declare desired state, not how to get there○ name=apache state=present○ Idempotent

● Agentless○ Just needs SSH access

● Plain YAML○ Can be versioned

Structure

● Inventory: Which hosts / hostgroups are available?

● Hosts: Which hosts to run on?

● Vars: Use in config files, tasks etc.

● Tasks: What to do?

● Handlers: Restart service on config change

Inventory

https://docs.ansible.com/ansible/intro_inventory.html#groups-of-groups-and-group-variables

Playbook

https://github.com/georgms/ansible-meetup/blob/master/apache.yml

Demo

git clone https://github.com/georgms/ansible-meetup.git

Demo: Ansible + Vagrant

● vagrant up

● vagrant provision○ Idempotent

● http://localhost:8080/

Demo: Ansible + Docker

● Docker image with SSH + Python

● docker build -t ansible-meetup .

● docker run -i -t -p 8080:80 ansible-meetup

Testing, 1 2, Testing

● Use Ansible test modules○ Get response from port○ Check log file contents

● Jenkins: vagrant up

● Travis CI ○ https://github.com/georgms/ansible-meetup/blob/master/.travis.yml

● Automatically build Docker image / Vagrant box

What else

● Ad-hoc tasks: Reboot multiple servers

● Roles: This is a Web-Server, DB-Server, SSH

● Templates: Replace value in config file

● Conditionals: Run only on Ubuntu

● Loops: Install packages, create users

● Vault: Encrypt passwords, private keys

Lessons learned

● Use .d files, eg. /etc/apache2/conf.d/

● Takes a while to have really robust playbooks○ Absolutely requires automated testing

● Don’t make local changes on servers○ Commit to repo, run tests, deploy (just like code)

● < cowsay > --------

\ ^__^

\ (oo)\_______

(__)\ )\/\

||----w |

|| ||

Ecosystem

● Ansible Galaxy: More than 5.000 roles available

● Ansible Tower: Centralized control panel, $$$

● Works well with OpenStack (both Red Hat)

What are my options?

● Puppet (requires agent, Ruby DSL)

● Chef (requires agent, Ruby based configs)

● Salt (agentless,YAML config)

Meetup

● 11.05.

Thx

● @piefke_schorsch

● g.sorst@findologic.com