Upload
francesco-pantano
View
322
Download
0
Embed Size (px)
Citation preview
#Outline
1 A day in the life of a sysadmin
2 Automation
3 Introducing Ansible
4 Ansible Playbooks: beyond the Basics
5 Roles and Includes
6 Automating Your Automation
A day in the life of a sysadmin 2/32
The timeline
”We have the misfortune to be living in the present. In the future,of course, computers will be smart enough to just figure out whatwe want, and do it. Until then, we have to spend a lot of timetelling the computer things it should already know.”
A day in the life of a sysadmin 3/32
Keeping the configuration synchronized
A day in the life of a sysadmin 4/32
Repeating changes across many servers
The command to create a new user account is slightly different forRed Hat Linux from the equivalent command for Ubuntu, forexample. Solaris is a little different again.
Each command is doing basically the same job, but has differencesin syntax, arguments, and default values.
A day in the life of a sysadmin 5/32
Self-updating documentation
A new sysadmin joins your organization, and he needs to knowwhere all the servers are, and what they do. Even if you keepscrupulous documentation, it can’t always be relied on.
The only accurate documentation, in fact, is the serversthemselves. You can look at a server to see how it’s configured,but that only applies while you still have the machine. If somethinggoes wrong and you can’t access the machine, or the data on it,your only option is to reconstruct the lost configuration fromscratch.
Wouldn’t it be nice if you had a configuration document which wasguaranteed to be up to date?
A day in the life of a sysadmin 6/32
Version control, history, continuous integration
A day in the life of a sysadmin 7/32
#Outline
1 A day in the life of a sysadmin
2 Automation
3 Introducing Ansible
4 Ansible Playbooks: beyond the Basics
5 Roles and Includes
6 Automating Your Automation
Automation 8/32
Why Automation?
Fast deployment time
It’s cheap and flexible
Scalability and support
Standard environments
Automation as a standardized approach
IT automation is a standard approach thatcombines multi-node software deployment,ad-hoc task execution and configurationmanagement.
Automation 9/32
The Automation environment
Automation 10/32
IT Automation: Terminology
Idempotence: the ability to run an operation which produces thesame result whether run once or multiple times
Inventory: hosts file that defines:I the description of the nodes that can be
accessedI the IP address or hostname of each nodeI nodes group to run a different set of
tasksI nodes parameters such as username,
password or ssh keys
Playbooks: they express configurations, deployment andorchestration in Ansible. Each Playbook maps a group of hosts toa set of roles. Each role is represented by calls to Ansible call tasks.
Automation 11/32
#Outline
1 A day in the life of a sysadmin
2 Automation
3 Introducing Ansible
4 Ansible Playbooks: beyond the Basics
5 Roles and Includes
6 Automating Your Automation
Introducing Ansible 12/32
Quick Start
I Linux - run natively e.g. on a Fedora/RHEL/CentOS:
I yum -y install ansible
I Debian or UbuntuI sudo apt-add-repository -y ppa:ansible/ansible
I sudo apt-get update
I sudo apt-get install -y ansible
Verify your installation
$ ansible –versionansible 2.0.1.0config file = /etc/ansible/ansible.cfgconfigured module search path = Default w/o overrides
Introducing Ansible 13/32
Quick Start
I Linux - run natively e.g. on a Fedora/RHEL/CentOS:
I yum -y install ansible
I Debian or UbuntuI sudo apt-add-repository -y ppa:ansible/ansible
I sudo apt-get update
I sudo apt-get install -y ansible
Verify your installation
$ ansible –versionansible 2.0.1.0config file = /etc/ansible/ansible.cfgconfigured module search path = Default w/o overrides
Introducing Ansible 13/32
Quick Start
I Linux - run natively e.g. on a Fedora/RHEL/CentOS:
I yum -y install ansible
I Debian or UbuntuI sudo apt-add-repository -y ppa:ansible/ansible
I sudo apt-get update
I sudo apt-get install -y ansible
Verify your installation
$ ansible –versionansible 2.0.1.0config file = /etc/ansible/ansible.cfgconfigured module search path = Default w/o overrides
Introducing Ansible 13/32
Quick Start
I Linux - run natively e.g. on a Fedora/RHEL/CentOS:
I yum -y install ansible
I Debian or UbuntuI sudo apt-add-repository -y ppa:ansible/ansible
I sudo apt-get update
I sudo apt-get install -y ansible
Verify your installation
$ ansible –versionansible 2.0.1.0config file = /etc/ansible/ansible.cfgconfigured module search path = Default w/o overrides
Introducing Ansible 13/32
The inventory file
Where it is located
/etc/ansible/hosts
What is the format
[mailservers]mail.example.com
[webservers]foo.example.com ansible ssh user = user001bar.example.com ansible ssh private key file =/.ssh/ansible key001
[dbservers]one.example.comtwo.example.comdb-[a:f].example.com
Introducing Ansible 14/32
The inventory file
I can define a group of machines
# Group ’multi’ with all servers[multi:children]vm01vm02
# Variables that will be applied to all servers[multi:vars]ansible ssh user=user001ansible ssh private key file = /.ssh/pkey
..available parameters
https://docs.ansible.com/ansible/intro inventory.html
Introducing Ansible 15/32
The Ansible command line
I ansible-playbookExecute a playbook
I ansible-galaxyRoles management
I ansible example -a ”free -m” -u [username]Run the free command on the example domain
I ansible example -m ping -u [username]Run the ping command on the example domain
I ansible atlanta -m copy -a ”src=/etc/hostsdest=/tmp/hosts”File copy using the copy module
I ansible all -m user -a ”name=foo password=’cryptedpassword here’”User and group management
Introducing Ansible 16/32
Your first Ansible playbook
Host section
It is related to a section of the inventory file described above
---
- hosts: webservers
vars:
http_port: 80
max_clients: 200
remote_user: root
tasks:
- name: ensure apache is at the latest version
yum: name=httpd state=latest
- name: write the apache config file
template: src=/srv/httpd.j2 dest=/etc/httpd.conf
notify:
- restart apache
- name: ensure apache is running (and enable it at boot)
service: name=httpd state=started enabled=yes
handlers:
- name: restart apache
service: name=httpd state=restarted
Vars Section
Variables used to the tasks in order to parametrize something
Introducing Ansible 17/32
Your first Ansible playbook
Task section
Groups of tasks that are performed on a certain set of hosts toallow them to fulfill the function you want to assign to them.
Notify section
This is not an internal Ansible command, it is a reference to ahandler, which can perform certain functions when it is called fromwithin a task.
Handlers section
Handlers are just like tasks, but they only run when they have beentold by a task that changes have occurred on the client system.
Run the playbook
ansible-playbook playbook.yml
Introducing Ansible 18/32
#Outline
1 A day in the life of a sysadmin
2 Automation
3 Introducing Ansible
4 Ansible Playbooks: beyond the Basics
5 Roles and Includes
6 Automating Your Automation
Ansible Playbooks: beyond the Basics 19/32
Playing with variables
---
- hosts: example
vars:
foo: bar
tasks:
# Prints "Variable ’foo’ is set to bar".
- debug: msg="’foo’ is set to {{ foo }}"
Variables always begin with a letter ([A-Za-z]), and can includeany number of underscores ( ) or numbers ([0-9]).
Variables can be passed in via the command line, when callingansible-playbook, with the –extra-vars option:
ansible-playbook example.yml –extra-vars ”foo=bar”
Ansible Playbooks: beyond the Basics 20/32
Registering/Accessing variables
Send a command and register the result...
name: Get the value of the environment variable we just added.shell: ”source /.bash profile && echo $ENV VAR”register: foo
..and then use it as before
- name: Print the value of the environment variable.debug: msg = ”The variable is {{ foo.stdout }}”
Ansible Playbooks: beyond the Basics 21/32
Per-play environment variables
# Set to ’absent ’ to disable proxy:
proxy_state: present
# In the ’tasks ’ section of the playbook:
- name: Configure the proxy.
lineinfile:
dest: /etc/environment
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
state: "{{ proxy_state }}"
with_items:
- {regexp:"^http_proxy=",line:"http_proxy=http :// example -proxy :80/"}
- {regexp:"^https_proxy=",line:"https_proxy=https :// example -proxy :443/"}
- {regexp:"^ftp_proxy=",line:"ftp_proxy=http :// example -proxy :80/"}
Doing it this way allows me to configure whether the proxy isenabled per-server, and with one play, set the http, https, and ftpproxies. You can use a similar kind of play for any other types ofenvironment variables you need to set system-wide.
Ansible Playbooks: beyond the Basics 22/32
#Outline
1 A day in the life of a sysadmin
2 Automation
3 Introducing Ansible
4 Ansible Playbooks: beyond the Basics
5 Roles and Includes
6 Automating Your Automation
Roles and Includes 23/32
Roles and Includes
Ansible is very flexible when it comes to organizing your tasks inmore efficient ways so you can make your playbooks moremaintainable, reusable, and powerful. We are talking about:
I Includes
I Roles
Includes examples
handlers:
- include: included-handlers.yml
tasks:
- include: tasks/common.yml
- include: tasks/apache.yml
- include: tasks/mysql.yml
Roles and Includes 24/32
More about roles
Including playbooks inside other playbooks makes your playbookorganization a little more sane, but once you start wrapping upyour entire infrastructures configuration in playbooks, you mightend up with something resembling Russian nesting dolls. Thesolution comes with the keyword: roles.
Roles provides a way to take bits of configuration and packagesand make them flexible so we can use them throughout ourinfrastructure and we can include them in this way:
roles:
- yum-repo-setup
- firewall
- nodejs
- app-deploy
Roles and Includes 25/32
Role essentials
Instead of requiring you to explicitly include certain files andplaybooks in a role, Ansible automatically includes any main.ymlfiles inside specific directories that make up the role.
Roles structure
There are only twodirectories required tomake a working role:
role name/
meta/main.ymltasks/main.yml
Ansible will run all the tasksdefined in tasks/main.yml, youjust need to include the createdrole using following syntax:- - -- hosts: allroles:- role name
Your roles can live in a couple different placesin the default globalAnsible role path configurable in /etc/ansible/ansible.cfg.
Roles and Includes 26/32
Enter Ansible Galaxy: Be social
Wouldnt it be better if people could share roles forcommonly-installed applications and services?
Helpful Galaxy commands
Some other helpful ansible-galaxy commands you might use fromtime to time:
I ansible-galaxy list displays a list of installed roles, withversion numbers
I ansible-galaxy remove [role] removes an installed role
I ansible-galaxy init can be used to create a role templatesuitable for submission to Ansible Galaxy
Roles and Includes 27/32
#Outline
1 A day in the life of a sysadmin
2 Automation
3 Introducing Ansible
4 Ansible Playbooks: beyond the Basics
5 Roles and Includes
6 Automating Your Automation
Automating Your Automation 28/32
Ansible tower
Continuous integration
It’s always a good practise use a continuous integration modelinside your infrastructure
Go Over the CLII The business needs detailed reporting of infrastructure
deployments and failures, especially for audit purposes.
I Team-based infrastructure management requires varying levelsof involvement in playbook management, inventorymanagement, and key and password access.
I A through visual overview of the current and historicalplaybook runs and server health helps identify potential issuesbefore they affect the bottom line.
I Playbook scheduling can help ensure infrastructure remains ina known state.
Automating Your Automation 29/32
Ansible tower
Automating Your Automation 30/32
Thank you! Questions?
More examples athttps://github.com/ansible/
Automating Your Automation 31/32
References
Ansible for DevOpshttps://leanpub.com/ansible-for-devops
Ansible in Real Lifehttps://www.reinteractive.net/posts/167-ansible-real-life-good-practices
Ansible Towerhttps://docs.ansible.com/ansible-tower/
Official dochttps://docs.ansible.com/
Automating Your Automation 32/32