Your SlideShare is downloading. ×
0
Ansible
Systems configuration doesn't have to be complicated
Jan-Piet Mens
April 2014
@jpmens
@jpmens: consultant,
author, architect, part-time
admin, small-scale fiddler,
loves LDAP, DNS,
plain text, and things
that ...
once upon a time, we
had shell scripts and
SSH loops
then it got
complicated ...
this is what we
want:
No more daemons
No more agents
Not yet another PKI
Not another host
No more open ports
No databases
Automation should not
require programming
experience; it MUST
[RFC 2119] be easy
We all have other stuff to do, don't we?
compréhansible
welcome to
Ansible
push-based
pull possible
from zero to prod in
minutes
Python
2.6 + PyYAML, Jinja2 on manager
2.4 + simplejson on nodes
Can run in virtualenv and from git checkout
SSH
keys, Kerberos, passwords
doesn't need root
can sudo
Modus operandi
Do this once, now
ad-hoc
Install packages
yum, apt, zypper, ...
Minimal config
language
no XML, no Ruby, no ...
Inventory
$ cat ${ANSIBLE_HOSTS:-/etc/ansible/hosts}
[local]
127.0.0.1
[webservers]
www.example.com ntp=ntp1.pool.ntp.org
...
executable inventory
• CMDB (LDAP, SQL, etc.)
• Cobbler
• EC2, OpenStack, etc.
• make your own: JSON
Target selection
webservers
all
ldap.example.com
webservers:!web20.example.com
*.example.com
192.168.6.*
ad-hoc copy
$ ansible devservers -m copy -a 'src=resolv.conf dest=/etc/resolv.conf'
a1.ww.mens.de | success >> {
"changed"...
facts
Plus ohai and facter if installed on node
"ansible_architecture": "x86_64",
"ansible_default_ipv4": {
"address": "19...
modules
Plus many more: provisioning, contrib, etc.
add_host apt apt_key apt_repository assemble async_status
authorized_k...
Playbooks
• YAML
• OS configuration
• APP deployment
• collections of actions using modules
• each group of actions is a pl...
Install, configure tmux
---
- hosts: devservers
user: f2
sudo: True
vars:
editmode: vi
tasks:
- name: Install tmux package
...
variables
• From inventory
• In plays
• From host_vars/ files
• From group_vars/ files
• From register
---
editmode: emacs
a...
{{ templates }}
templates in Jinja2
# {{ ansible_managed }}
{# editmode is either "vi" or "emacs" #}
set -g prefix C-a
set -g status-utf8 ...
generate /etc/hosts
{% for k,v in hostvars.iteritems() -%}
{{ v['ansible_eth0']['ipv4']['address']}} {{ k }} 
{{ v['ansibl...
$LOOKUP
• files, CSV
• pipe
• Redis
• DNS TXT
• ...
delegation
pull mode
fast, faster, fireball
roles
roles/
nginx/
files/
handlers/main.yml
meta/main.yml
tasks/main.yml
templates/
vars/main.yml
---
- hosts: all
roles:...
vault
$ ansible-vault create yy.yml
Vault password:
Confirm Vault password:
$ cat yy.yml
$ANSIBLE_VAULT;1.1;AES256
1306434...
API: task execution
#!/usr/bin/env python
import ansible.runner
import sys
res = ansible.runner.Runner(
pattern='a1*',
mod...
Extansible
• Callbacks (Python)
• Action plugins (Python)
• Data sources (Python)
• Inventory sources (any language)
ansible galaxy
• reusable roles
• New command: ansible-galaxy
More time for stuff
that matters
ansible.com
@ansible
Join the party!
OSDC 2014: Jan-Piet Mens - Configuration Management with Ansible
Upcoming SlideShare
Loading in...5
×

OSDC 2014: Jan-Piet Mens - Configuration Management with Ansible

809

Published on

Ansible is a simple configuration management and command execution framework for push and pull deployments for Unix/Linux systems using an existing SSH infrastructure. It's particularly easy to deploy because neither does it require an agent on managed nodes (a newish implementation of Python suffices) nor does it require a complex PKI. We show you how to quickly get started using Ansible for ad-hoc tasks, discuss some of its modules and introduce you to Ansible's playbooks and variables. We show you how to run Ansible as a normal user (non-root), how to configure inventory data, and give you sundry tips on using Ansible effectively. If you prefer a pull-based setup, we show you how to implement that as well. We'll discuss roles, use of variables and lookup plugins.

Published in: Software, Technology
0 Comments
5 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
809
On Slideshare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
35
Comments
0
Likes
5
Embeds 0
No embeds

No notes for slide

Transcript of "OSDC 2014: Jan-Piet Mens - Configuration Management with Ansible "

  1. 1. Ansible Systems configuration doesn't have to be complicated Jan-Piet Mens April 2014 @jpmens
  2. 2. @jpmens: consultant, author, architect, part-time admin, small-scale fiddler, loves LDAP, DNS, plain text, and things that work.
  3. 3. once upon a time, we had shell scripts and SSH loops
  4. 4. then it got complicated ...
  5. 5. this is what we want:
  6. 6. No more daemons
  7. 7. No more agents
  8. 8. Not yet another PKI
  9. 9. Not another host
  10. 10. No more open ports
  11. 11. No databases
  12. 12. Automation should not require programming experience; it MUST [RFC 2119] be easy We all have other stuff to do, don't we?
  13. 13. compréhansible
  14. 14. welcome to Ansible
  15. 15. push-based pull possible
  16. 16. from zero to prod in minutes
  17. 17. Python 2.6 + PyYAML, Jinja2 on manager 2.4 + simplejson on nodes Can run in virtualenv and from git checkout
  18. 18. SSH keys, Kerberos, passwords
  19. 19. doesn't need root can sudo
  20. 20. Modus operandi
  21. 21. Do this once, now ad-hoc
  22. 22. Install packages yum, apt, zypper, ...
  23. 23. Minimal config language no XML, no Ruby, no ...
  24. 24. Inventory $ cat ${ANSIBLE_HOSTS:-/etc/ansible/hosts} [local] 127.0.0.1 [webservers] www.example.com ntp=ntp1.pool.ntp.org web[10-23].example.com sushi ansible_ssh_host=127.0.0.1 ansible_ssh_port=222 [devservers] a1.ww.mens.de
  25. 25. executable inventory • CMDB (LDAP, SQL, etc.) • Cobbler • EC2, OpenStack, etc. • make your own: JSON
  26. 26. Target selection webservers all ldap.example.com webservers:!web20.example.com *.example.com 192.168.6.*
  27. 27. ad-hoc copy $ ansible devservers -m copy -a 'src=resolv.conf dest=/etc/resolv.conf' a1.ww.mens.de | success >> { "changed": true, "dest": "/etc/resolv.conf", "group": "adm", "md5sum": "c6fce6e28c46be0512eaf3b7cfdb66d7", "mode": "0644", "owner": "jpm", "path": "resolv.conf", "src": "/home/jpm/.ansible/tmp/ansible-322091977449/resolv.conf", "state": "file" }
  28. 28. facts Plus ohai and facter if installed on node "ansible_architecture": "x86_64", "ansible_default_ipv4": { "address": "192.168.1.194", "gateway": "192.168.1.1", "interface": "eth0", "macaddress": "22:54:00:02:8e:0f", }, "ansible_distribution": "CentOS", "ansible_distribution_version": "6.2", "ansible_fqdn": "a1.ww.mens.de", "ansible_hostname": "a1", "ansible_processor_count": 1, "ansible_product_name": "KVM", "ansible_swapfree_mb": 989,
  29. 29. modules Plus many more: provisioning, contrib, etc. add_host apt apt_key apt_repository assemble async_status authorized_key bzr cloudformation command copy cron debug django_manage easy_install ec2 ec2_facts ec2_vol facter fail fetch file fireball gem get_url git group group_by hg homebrew ini_file lineinfile lvg lvol macports mail mongodb_user mount mysql_db mysql_user nagios netscaler ohai openbsd_pkg opkg pacman pause ping pip pkgin postgresql_db postgresql_user rabbitmq_parameter rabbitmq_plugin rabbitmq_user rabbitmq_vhost raw s3 script seboolean selinux service setup shell slurp subversion supervisorctl svr4pkg sysctl template uri user vagrant virt wait_for yum zfs
  30. 30. Playbooks • YAML • OS configuration • APP deployment • collections of actions using modules • each group of actions is a play • notification handlers
  31. 31. Install, configure tmux --- - hosts: devservers user: f2 sudo: True vars: editmode: vi tasks: - name: Install tmux package action: yum name=tmux state=installed - name: Configure tmux action: template src=tmux.conf.j2 dest=/etc/tmux.conf - name: Tell master action: shell echo "{{ansible_fqdn}} done" >> /tmp/list delegate_to: k4.ww.mens.de
  32. 32. variables • From inventory • In plays • From host_vars/ files • From group_vars/ files • From register --- editmode: emacs admin: Jane Jolie location: Bldg Z8/211
  33. 33. {{ templates }}
  34. 34. templates in Jinja2 # {{ ansible_managed }} {# editmode is either "vi" or "emacs" #} set -g prefix C-a set -g status-utf8 on setw -g mode-keys {{ editmode }} # Ansible managed: tmux.conf.j2 modified on 2012-10-14 09:47:11 by jpm on hippo set -g prefix C-a set -g status-utf8 on setw -g mode-keys vi
  35. 35. generate /etc/hosts {% for k,v in hostvars.iteritems() -%} {{ v['ansible_eth0']['ipv4']['address']}} {{ k }} {{ v['ansible_hostname'] }} {% endfor %} 192.168.1.218 k4.ww.mens.de k4 192.168.1.194 a1.ww.mens.de a1 ...
  36. 36. $LOOKUP • files, CSV • pipe • Redis • DNS TXT • ...
  37. 37. delegation
  38. 38. pull mode
  39. 39. fast, faster, fireball
  40. 40. roles roles/ nginx/ files/ handlers/main.yml meta/main.yml tasks/main.yml templates/ vars/main.yml --- - hosts: all roles: - nginx - mysql - { role: app, dir: '/etc/app', ntp: 'n1.example.org' } - { role: special, when: "ansible_os_family == 'RedHat'" } tasks: - ...
  41. 41. vault $ ansible-vault create yy.yml Vault password: Confirm Vault password: $ cat yy.yml $ANSIBLE_VAULT;1.1;AES256 13064343538613362376132363832663335626463656265333132613932363833 [...] 3539 $ ansible-playbook yy.yml ERROR: A vault password must be specified to decrypt data $ ansible-playbook --ask-vault-pass yy.yml Vault password:
  42. 42. API: task execution #!/usr/bin/env python import ansible.runner import sys res = ansible.runner.Runner( pattern='a1*', module_name='command', module_args='/usr/bin/uptime' ).run() print res {'dark': {}, 'contacted': {'a1.ww.mens.de': {u'changed': True, u'end': u'2012-10-22 09:07:18.327568', u'stdout': u'09:07:18 up 100 days, 2:13, 3 users, load average: 0.00, 0.00, 0.00', u'cmd': [u'/usr/bin/uptime'], u'rc': 0, u'start': u'2012-10-22 09:07:18.323645', u'stderr': u'', u'delta': u'0:00:00.003923', 'invocation': {'module_name': u'command', 'module_args': u'/usr/bin/uptime'}}}}
  43. 43. Extansible • Callbacks (Python) • Action plugins (Python) • Data sources (Python) • Inventory sources (any language)
  44. 44. ansible galaxy • reusable roles • New command: ansible-galaxy
  45. 45. More time for stuff that matters
  46. 46. ansible.com @ansible Join the party!
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×