Upload
richard-donkin
View
111
Download
0
Embed Size (px)
Citation preview
Go Faster with AnsibleRichard Donkin
@rdonkin
$ whoami• Richard Donkin• DevOps engineer / contractor• Ansible, Vagrant, Docker, Linux,
AWS, databases, …
• Experience of sys admin, DevOps, backend dev, architecture, startups, …
@rdonkin linkedin.com/in/rdonkin
Goal: Faster Correct Setup
ServersAppsDevelopers
• Correct configuration• No snowflake servers• Dev, Test, Production
Infrastructure As
Code
Infrastructure as Code
Software processes for server configs:• Code review• Version control• Automated tests• Automated push to servers
What is Configuration Management?
Code that Controls Config
What Ansible DoesConfiguration Management
App Deployment• Basic, "Atomic", zero downtime, ...
Orchestration• Sequence operations on servers,
APIs, etc.• Harder with Configuration
Management
Why Ansible?• Agentless & serverless• Simple• Sequential• Declarative tasks• “Ensure nginx installed” • Enables idempotence
• Easy to learn• Scales to complex cloud
orchestration
Quick InstallMac: brew install ansible
Debian/Ubuntu:sudo apt-add-repository ppa:ansible/ansiblesudo apt-get install -y ansible
RHEL/CentOS: use EPEL, then: sudo yum –y install ansible
Any Linux (latest Ansible, requires Python):sudo easy_install pipsudo pip install ansible
Hello PHPMailerPlaybooks
TasksIdempotence
Key ConceptsPlaybook = series of tasks• Targets one server or thousands• Servers defined by Inventory
Task = "ensure X is done" action
Play = set of tasks in playbook
Running a Playbook (1)
Running a Playbook (2)
Tasks will "skip" if state already OK
(Idempotence)
Writing a PlaybookPlay – hosts to process, become == sudoTasks - descriptive name- invoke module (apt) with parameters Play
Task
The Secret Life of Tasks
Each task runs SSH commands that • Upload a Module (e.g. apt)• Run module with task's
parameters• Return JSON output
Inventory and Variables
Group your servers and assign key parameters ("variables")
[web]10.0.1.5110.0.1.52
[db]10.0.1.61
[web:vars]ansible_port=2222
$ ansible-playbook -i prod apache.yml --limit web
Run different Ansible code per groupRecommended: • Inventory file per environment (or dynamic
inventory)• Put vars in group_vars/mygroup/vars.yml
Apache Playbook (1)
Vars = parameters for this playbookCan be in separate include filesOr attach to hosts or host-groups in Inventory - e.g. Listening IP address should be in inventory
Apache Playbook (2)
template task runs Jinja2 on local file and copies to servernotify sends event to Handler- Each Handler runs just once, at end of whole
playbook- Restart a service, notify Slack, ...
Apache Playbook (3)
service task uses systemctl to enable start on boot- {{ apache_service }} instantiates var with Jinja2Handler restarts apache at end if any task does a notify
Apache PlaybookPlaybooksVariablesHandlers
Modules (1)Over 840 modules "in the box"- Git, yum, apt, compose, pear, pip, …- Copy files, template files- Edit files- Permissions, ownership, SELinux- Services – systemd, sysvinit, ...- Crontabs- MySQL, PostgreSQL, MongoDB, ...
Modules (2)More modules (AWS alone has 87)- Firewalls, routers, switches, ...- AWS, Google, Digital Ocean, ...- Docker, VMware, …- Fallback to shell, upload script, …
Runs best on Linux/Unix including MacWindows as a target only
Roles
"Modularised playbooks"- Split playbook into folder per type of
content- defaults folder for "parameter vars"- vars folder for "role vars" – hard to
override- meta folder for role dependencies
Vars
Tasks
Handlers
Apache + PHPplaybook
Apache role
PHP role
RolesUse Roles for everything!Skinny playbooks + modular roles Ideal playbook only calls roles, not tasks
Typical roles:• mysql• apache• php, php-fpm• deploy-app
"Wrapper roles" to invoke third party roles
Ansible GalaxyHub for 1000s of roles: galaxy.ansible.com
Discovery: Galaxy, GitHub, blogs, …
Assess quality carefully Install the roles needed by project: ansible-galaxy install –r requirements.yml
Pin the role to a version or Git commit
Testing Infra CodeBasic testing:- Separate test playbook using Vagrant VM
- Travis CI popular for open source- Smoke test at end of playbook:
Test frameworks:- Test-Kitchen, ServerSpec, InSpec, testinfra - Run whole series of tests - easier diagnosis
One LinersAd hoc command on single host, or group from inventory
Drupal VM
Create a VM with one command: vagrant upAnsible: 37 roles, 630 tasks, 7,200 lines of code
Drupal VMMultiple Roles
Trellis: Modern WordPress
Near Twelve Factor WordPress• Dev to Prod• PHP 7.1, A+ SSL, HTTP/2, WP-CLI, …• Example: rightsinfo.org
Related roots.io projects: • Bedrock (WP boilerplate)• Sage (starter theme)• Some commercial add-ons
Example project (blog post):• Install node, gulp, bower, Vagrant
plugins• vagrant up• Some fixes required for Ansible 2.2
ResourcesBook: Ansible for DevOps by Jeff Geerling – regular updates
Help: Stack Overflow, Ansible IRC + email lists
Roles:• Geerlingguy roles – wide range – pragmatic & well
maintained• Ansistrano: Deploying PHP apps demo (atomic model)
Projects:• Drupal-VM – http://drupalvm.com• Trellis - https://roots.io/trellis/ - very complete WordPress
setup• Use example project – requires node, bower & gulp
Best practices: Ansible.com, blogs by Leucos and Nylas
Podcasts: Arrested DevOps – general DevOps and Infra as Code
Thank YouRichard Donkin
@rdonkin
linkedin.com/in/rdonkin
Traction – Google Trends, 5 years
Advanced: Write a Module
Much more common to write a roleRequired for major new features:• New API• New package tool• New container format
Most modules written in PythonAny language works: PHP, C, Go, Perl, …Writing a module using PHP