- Ideato uses Ansible to provision and configure 50+ VMs across development, staging, and production environments. This allows developers easy configuration of their environments and saves sysadmins time on maintenance tasks.
- Ansible roles provide a painless way to perform rolling updates across environments similarly to Puppet modules. Learning YAML is easier than Ruby DSLs for configuring nodes.
- A demo was shown using Ansible to deploy an Elasticsearch cluster on AWS across multiple availability zones for high availability. Tasks included launching EC2 instances, configuring the cluster, and inserting sample data.
2. WHY ANSIBLE
we will consider some facts:
ideato’s scenario
dev needs
sysadm needs
3. IDEATO SCENARIO
focus on great software
development and good practices
50+VM’s to provision, configure
and maintain, no need a high
level of orchestration
4. DEV NEEDS
• easy CM tool to setup their
environments
• time spent to debug CM tool
error is waste
11. Node specific information
template Jinja + ansible vars + ansible
vault
add a yaml file on host_vars/ or group_vars for example:
—
aws_access_key: AKIA
aws_secret_key: ngxiw
and encrypt to AES: ansible-vault encrypt aws.yaml
12. Agentless
only SSH/SFTP/SCP are required
no central server scalability
no need to update minions or
puppet over your infrastructure
13. Inconsistency
• Ruby & PE
• Puppetforge modules
• Puppet skip everything
based on dep what just
failed
• Rspec needed
17. Why Elasticsearch is fit for CM management
tools like Ansible?
Lot of sys adm configuration tips for a cluster
environment
• java settings( jmx, mlockall….)
• sysctl settings( swappiness, max_map,count..)
• ulimit settings
Do I have to change these settings by hand
repeated for n° instance times?
NOTHANKS!
18. As a mention before Ansible has a plenty of
sysadm modules:
- name: firewalld applying conf
firewalld: service=elasticsearch
permanent=true zone=public state=enabled
tags:
- firewall
- name: sysctl configs
sysctl: name=fs.file-max value=64000 state=present
tags:
- sysctl
19. Here’ s come AWS
AWS provides a special plugin for discovery your ES
instances inside your cluster just by
their security group!
discovery.type: ec2
discovery.zen.ping.multicast.enabled: false
discovery.ec2.groups: my_security_group
I don’t have to update the other node -1 configurations
if i need to replace or add a new node!!
26. -
name: set up elasticsearch.yaml
template: src=elasticsearch.j2 dest=/etc/elasticsearch/elasticsearch.yml owner=root mode=0644 backup=yes
tags:
- elconf
-
name: ensure exists log directory and data directory
file: path={{ item }} state=directory owner=elasticsearch
with_items:
- /var/data/elasticsearch
- /var/log/elasticsearch
tags:
- directory
sudo: true
-
name: start elastic
service: name=elasticsearch state=restarted enabled=yes
-
name: copy json accounts
copy: src=accounts.json dest=/home/centos owner=centos mode=0640
tags:
- accounts
sudo: true
Set up ES cluster(4/4)
27. Ansible provides a special plugin to find the running
instances inside your EC2 account…
it’s called dynamic inventory
ansible-playbook -i inventories/dynamic/ec2.py
el-aws_deploy-instance.yml
./ec2.py —list
"eu-central-1b": [
“5*.2*.8*.4*”,
“5*.2*.3*.9*”,
“5*.2*.4*.3*”
],
28. Insert some data
let’s try to insert a sample bank dataset, here a small part of it:
{
"account_number": 0,
"balance": 16623,
"firstname": "Bradshaw",
"lastname": "Mckenzie",
"age": 29,
"gender": "F",
"address": "244 Columbus Place",
"employer": "Euron",
"email": "bradshawmckenzie@euron.com",
"city": "Hobucken",
"state": “CO"
}
curl -XPOST 'localhost:9200/bank/account/
_bulk?pretty' --data-binary @accounts.json
31. What we have achieved?
• a mass production system without handy configuration
• a fully reproducible environment
• scalability
• availability
• exit staff proof
• fully documentated by the code
• reduced stress
……………………………………………………
35. Current workflow
Assumptions:
dev environment = local environment
developers usingVagrant and Ansible to configure
their environment
deploys are via Idephix or rsync
dev asks to sysadmins to provision staging & prod
37. roles repo is inside local network,
remote dev can’t obtain that roles
we haven’t a single source of code for
Ansible roles
we don’t share efforts on roles
Issues
38. we got rolling updates on all machines
though Ansible
on newer machines we have some
sysadmin roles like:
• distrib role
• security role
• s3 role
• vpn role
but we haven’t any application oriented
roles like webserver role or php role on
stag/prod
39. easiest workflow
sysadmin will provision staging and
production using same roles that dev use
•developers deploy app code
•syasadmin deploy roles