This document provides an introduction to using Ansible in a top-down approach. It discusses using Ansible to provision infrastructure including load balancers, application servers, and databases. It covers using ad-hoc commands and playbooks to configure systems. Playbooks can target groups of hosts, apply roles to automate common tasks, and allow variables to customize configurations. Selective execution allows running only certain parts of a playbook. Overall the document demonstrates how Ansible can be used to deploy and manage infrastructure and applications in a centralized, automated way.

1. Practical Ansible: A Top-down Introduction
Architect @ Gogolook

2. 3
--no-provision

3. 4

4. 5

5. 6
Modern Web 2015
Bottom-up Ansible
IT
Top-down
”

6. 7
Modern Web 2015
Bottom-up Ansible
IT
Top-down
”

7. 8

8. 9
☛ https://github.com/ansible/ansible

9. 9
☛ https://github.com/ansible/ansible

10. 9
☛ https://github.com/ansible/ansible

11. 10
VPC
CloudFront ELB API servers MongoDB

12. 11

13. 11

14. 12
lb 10.0.0.10 app1 10.0.0.20
app2 10.0.0.21
app3 10.0.0.22
db 10.0.0.30
CentOS 7.1 CentOS 7.1Ubuntu 14.04

15. 13
ad-hoc commands
inventory
playbook - push
playbook - pull

16. 13
ad-hoc commands
inventory
playbook - push
playbook - pull
roles
selective execution

17. 13
ad-hoc commands
inventory
playbook - push
playbook - pull
roles
selective execution

18. 13
ad-hoc commands
inventory
playbook - push
playbook - pull
roles
selective execution
Capistrano-style
zero-downtime
blue-green
rolling upgrade

19. 13
ad-hoc commands
inventory
playbook - push
playbook - pull
roles
selective execution
Capistrano-style
zero-downtime
blue-green
rolling upgrade

20. roles
selective execution
Capistrano-style
zero-downtime
blue-green
rolling upgrade
14
ad-hoc commands
inventory
playbook - push
playbook - pull

21. 15

22. 16
control machine managed node

23. 16
control machine managed node
Python ≥ 2.5

24. 16
control machine managed node
Python ≥ 2.5
SSH

25. 16
control machine managed node
Python ≥ 2.5
SSH
Ansible:
pip install ansible
yum install ansible
apt-get install ansible
brew install ansible

26. 16
control machine managed node
Python ≥ 2.5Python ≥ 2.6/2.7
SSH
Ansible:
pip install ansible
yum install ansible
apt-get install ansible
brew install ansible

27. 17
control machine managed node
SSH
SSH
SSH
host1
host2
host3

28. 17
control machine managed node
SSH
SSH
SSH
host1
host2
host3
inventory file
host1
host2 ansible_ssh_host=10.0.0.10
host3 ansible_ssh_port=2222

29. 18
inventory file
lb ansible_ssh_host=10.0.0.10
app1 ansible_ssh_host=10.0.0.20
app2 ansible_ssh_host=10.0.0.21
app3 ansible_ssh_host=10.0.0.22
db ansible_ssh_host=10.0.0.30

30. 19
ansible
--inventory-file=hosts-vagrant
--user=vagrant --ask-pass
all
-a hostname
inventory file

31. 19
ansible
--inventory-file=hosts-vagrant
--user=vagrant --ask-pass
all
-a hostname
inventory file
user account

32. 19
ansible
--inventory-file=hosts-vagrant
--user=vagrant --ask-pass
all
-a hostname
inventory file
apply to “all” hosts
in the inventory file
user account

33. 19
ansible
--inventory-file=hosts-vagrant
--user=vagrant --ask-pass
all
-a hostname
inventory file
ad-hoc command
apply to “all” hosts
in the inventory file
user account

34. 20
inventory filedefault:
• /etc/ansible/hosts
• /usr/local/etc/ansible/hosts

35. 20
inventory file
cp hosts-vagrant /usr/local/etc/ansible/hosts
ansible
--user=vagrant --ask-pass
all
-a hostname
default:
• /etc/ansible/hosts
• /usr/local/etc/ansible/hosts

36. 21
ansible
--user=vagrant --ask-pass
all
-m setup
host information

37. 22

38. 22

39. 23

40. 24
ansible
--user=vagrant --ask-pass
lb
-m yum
-a "name=openssh"
apply to the “lb” host
in the inventory file
lb 10.0.0.10
CentOS 7.1

41. 24
ansible
--user=vagrant --ask-pass
lb
-m yum
-a "name=openssh"
apply to the “lb” host
in the inventory file
invoke Ansible module “yum”
lb 10.0.0.10
CentOS 7.1

42. 24
ansible
--user=vagrant --ask-pass
lb
-m yum
-a "name=openssh"
apply to the “lb” host
in the inventory file
invoke Ansible module “yum”
inspect package status
lb 10.0.0.10
CentOS 7.1

43. 25
ansible
--user=vagrant --ask-pass
--become
lb
-m yum
-a "name=openssh state=latest"
install or update latest package
lb 10.0.0.10
CentOS 7.1

44. 25
ansible
--user=vagrant --ask-pass
--become
lb
-m yum
-a "name=openssh state=latest"
install or update latest package
become “sudo” privilege
lb 10.0.0.10
CentOS 7.1

45. 26
ansible
--user=vagrant --ask-pass
--become
lb:db
-m yum
-a "name=openssh state=latest"
apply to the “lb” and “db” hosts
in the inventory file
lb 10.0.0.10 db 10.0.0.30
CentOS 7.1 CentOS 7.1

46. 27
ansible
--user=vagrant --ask-pass
--become
'app*'
-m apt
-a "name=openssh-server state=latest"
apply to the “app*” hosts
in the inventory file
app1 10.0.0.20
app2 10.0.0.21
app3 10.0.0.22
Ubuntu 14.04

47. 27
ansible
--user=vagrant --ask-pass
--become
'app*'
-m apt
-a "name=openssh-server state=latest"
apply to the “app*” hosts
in the inventory file
app1 10.0.0.20
app2 10.0.0.21
app3 10.0.0.22
Ubuntu 14.04
invoke Ansible module
“apt”

48. 28

49. [lbservers]
lb ansible_ssh_host=10.0.0.10
[appservers]
app1 ansible_ssh_host=10.0.0.20
app2 ansible_ssh_host=10.0.0.21
app3 ansible_ssh_host=10.0.0.22
[dbservers]
db ansible_ssh_host=10.0.0.30
29
inventory file

50. 30
“push” mode

51. 31
control machine managed node
SSH
SSH
SSH
host1
host2
host3
inventory
file

52. 31
control machine managed node
SSH
SSH
SSH
host1
host2
host3
playbook
inventory
file

53. 31
control machine managed node
SSH
SSH
SSH
host1
host2
host3
playbook
inventory
file

54. 32
playbook
- hosts: lbservers:dbservers
tasks:
- name: update openssh
yum: name=openssh state=latest
- hosts: appservers
tasks:
- name: update openssh
apt: name=openssh-server state=latest

55. 33
ansible-playbook
--user=vagrant --ask-pass
--become
openssh.yml
apply Ansible playbook “openssh.yml”
to all hosts in the inventory

56. 34

57. How about the “pull” mode?
35

58. 36
managed node
host1
host2
playbook
❶

59. 36
managed node
host1
host2
playbook
• git pull …
• sftp …
• rsync …
• wget …
• …
❶

60. 36
managed node
host1
host2
playbook
• git pull …
• sftp …
• rsync …
• wget …
• …
❶ ansible-playbook
--connection=local
playbook.yml
apply locally
❷

61. 37
managed node
host1
host2
playbook
❶
ansible-pull --url=xxxx

62. 37
managed node
host1
host2
playbook
❶
ansible-pull --url=xxxx
❷

63. 37
managed node
host1
host2
playbook
❶
ansible-pull --url=xxxx
❷
apply locally
❸

64. Capistrano-style
zero-downtime
blue-green
rolling upgrade
ad-hoc commands
inventory
playbook - push
playbook - pull
38
roles
selective execution

65. 39
lb 10.0.0.10 app1 10.0.0.20
app2 10.0.0.21
app3 10.0.0.22
db 10.0.0.30
CentOS 7.1 CentOS 7.1Ubuntu 14.04

66. 40

67. 41
lb 10.0.0.10 app1 10.0.0.20
app2 10.0.0.21
app3 10.0.0.22
db 10.0.0.30
CentOS 7.1 CentOS 7.1Ubuntu 14.04
timezone
ntp
All nodes will need these…

68. 42
lb 10.0.0.10 app1 10.0.0.20
app2 10.0.0.21
app3 10.0.0.22
db 10.0.0.30
CentOS 7.1 CentOS 7.1Ubuntu 14.04
haproxy

69. 43
lb 10.0.0.10 app1 10.0.0.20
app2 10.0.0.21
app3 10.0.0.22
db 10.0.0.30
CentOS 7.1 CentOS 7.1Ubuntu 14.04
repo-epel
redis

70. 44
lb 10.0.0.10 app1 10.0.0.20
app2 10.0.0.21
app3 10.0.0.22
db 10.0.0.30
CentOS 7.1 CentOS 7.1Ubuntu 14.04
nodejs
git
project_deploy

71. 45
playbook
- hosts: all
tasks: ...
- hosts: lbservers
tasks: ...
- hosts: appservers
tasks: ...
- hosts: dbservers
tasks: ...
timezone, ntp
haproxy
repo-epel, redis
nodejs, git, project_deploy

72. 46
ansible galaxy [pic]
is your friend…

73. 46
ansible galaxy [pic]
is your friend…
Ansible Galaxy is your friend…

74. 47
playbook
- hosts: all
tasks: ...
lb 10.0.0.10 app1 10.0.0.20
app2 10.0.0.21
app3 10.0.0.22
db 10.0.0.30
CentOS 7.1 CentOS 7.1Ubuntu 14.04

75. 47
playbook
- hosts: all
tasks: ...
lb 10.0.0.10 app1 10.0.0.20
app2 10.0.0.21
app3 10.0.0.22
db 10.0.0.30
CentOS 7.1 CentOS 7.1Ubuntu 14.04

76. 47
playbook
- hosts: all
tasks: ...
roles:
- yatesr.timezone
- geerlingguy.ntp
lb 10.0.0.10 app1 10.0.0.20
app2 10.0.0.21
app3 10.0.0.22
db 10.0.0.30
CentOS 7.1 CentOS 7.1Ubuntu 14.04

77. 47
playbook
- hosts: all
tasks: ...
roles:
- yatesr.timezone
- geerlingguy.ntp
vars:
timezone: Asia/Taipei
ntp_timezone: Asia/Taipei
lb 10.0.0.10 app1 10.0.0.20
app2 10.0.0.21
app3 10.0.0.22
db 10.0.0.30
CentOS 7.1 CentOS 7.1Ubuntu 14.04

78. 48
playbook
- hosts: appservers
roles:
- williamyeh.nodejs
- geerlingguy.git
- project_deploy
lb 10.0.0.10 app1 10.0.0.20
app2 10.0.0.21
app3 10.0.0.22
db 10.0.0.30
CentOS 7.1 CentOS 7.1Ubuntu 14.04

79. 48
playbook
- hosts: appservers
roles:
- williamyeh.nodejs
- geerlingguy.git
- project_deploy
vars:
project_git_repo: "https://github.com/..."
project_version: "master"
project_has_npm: true
lb 10.0.0.10 app1 10.0.0.20
app2 10.0.0.21
app3 10.0.0.22
db 10.0.0.30
CentOS 7.1 CentOS 7.1Ubuntu 14.04

80. 49

81. 50
ansible-playbook
--user=vagrant --ask-pass
--become
--limit=appservers
playbook.yml
apply to all “appservers” hosts in the inventory
lb 10.0.0.10 app1 10.0.0.20
app2 10.0.0.21
app3 10.0.0.22
db 10.0.0.30
CentOS 7.1 CentOS 7.1Ubuntu 14.04

82. 51
playbook
- hosts: appservers
roles:
- williamyeh.nodejs
- geerlingguy.git
- project_deploy
vars:
project_git_repo: "https://github.com/..."
project_version: "master"
project_has_npm: true
lb 10.0.0.10 app1 10.0.0.20
app2 10.0.0.21
app3 10.0.0.22
db 10.0.0.30
CentOS 7.1 CentOS 7.1Ubuntu 14.04

83. 51
playbook
- hosts: appservers
roles:
- williamyeh.nodejs
- geerlingguy.git
- project_deploy
vars:
project_git_repo: "https://github.com/..."
project_version: "master"
project_has_npm: true
lb 10.0.0.10 app1 10.0.0.20
app2 10.0.0.21
app3 10.0.0.22
db 10.0.0.30
CentOS 7.1 CentOS 7.1Ubuntu 14.04

84. 51
playbook
- hosts: appservers
roles:
- williamyeh.nodejs
- geerlingguy.git
- project_deploy
vars:
project_git_repo: "https://github.com/..."
project_version: "master"
project_has_npm: true
- { role: project_deploy, tags: ['deploy'] }
lb 10.0.0.10 app1 10.0.0.20
app2 10.0.0.21
app3 10.0.0.22
db 10.0.0.30
CentOS 7.1 CentOS 7.1Ubuntu 14.04

85. 52
ansible-playbook
--user=vagrant --ask-pass
--become
--tags=deploy
playbook.yml
apply only the roles/tasks with a “deploy” tag
to all hosts in the inventory
lb 10.0.0.10 app1 10.0.0.20
app2 10.0.0.21
app3 10.0.0.22
db 10.0.0.30
CentOS 7.1 CentOS 7.1Ubuntu 14.04

86. ad-hoc commands
inventory
playbook - push
playbook - pull
roles
selective execution
53
Capistrano-style
zero-downtime
blue-green
rolling upgrade

87. 54

88. 54

89. 55

90. 56
https://galaxy.ansible.com/list#/roles/732

91. 57

92. 57
Deploy software projects (Capistrano-like)

93. 58
git source

94. 58
git source
older build

95. 58
git source
older build
newer build

96. 58
git source
older build
newer build
current active build

97. 59

98. 60
lb 10.0.0.10 app1 10.0.0.20
app2 10.0.0.21
app3 10.0.0.22
db 10.0.0.30
CentOS 7.1 CentOS 7.1Ubuntu 14.04

99. 60
lb 10.0.0.10 app1 10.0.0.20
app2 10.0.0.21
app3 10.0.0.22
db 10.0.0.30
CentOS 7.1 CentOS 7.1Ubuntu 14.04
shutdown this on purpose!

100. 60
lb 10.0.0.10 app1 10.0.0.20
app2 10.0.0.21
app3 10.0.0.22
db 10.0.0.30
CentOS 7.1 CentOS 7.1Ubuntu 14.04
shutdown this on purpose!
visible downtime?

101. 61

102. 62
playbook
- hosts: appservers
roles:
- williamyeh.nodejs
- geerlingguy.git
vars:
project_git_repo: "https://github.com/..."
project_version: "master"
project_has_npm: true
- { role: project_deploy, tags: ['deploy'] }
lb 10.0.0.10 app1 10.0.0.20
app2 10.0.0.21
app3 10.0.0.22
db 10.0.0.30
CentOS 7.1 CentOS 7.1Ubuntu 14.04

103. 63
ansible-playbook
--user=vagrant --ask-pass
--become
--extra-vars='project_version=green'
--limit=app1
--tags=deploy
playbook.yml
apply only the roles/tasks with a “deploy” tag
lb 10.0.0.10 app1 10.0.0.20
app2 10.0.0.21
app3 10.0.0.22
db 10.0.0.30
CentOS 7.1 CentOS 7.1Ubuntu 14.04
apply to the “app1” host

104. 63
ansible-playbook
--user=vagrant --ask-pass
--become
--extra-vars='project_version=green'
--limit=app1
--tags=deploy
playbook.yml
apply only the roles/tasks with a “deploy” tag
lb 10.0.0.10 app1 10.0.0.20
app2 10.0.0.21
app3 10.0.0.22
db 10.0.0.30
CentOS 7.1 CentOS 7.1Ubuntu 14.04
apply to the “app1” host
checkout “green” branch

105. 64

106. 65
playbook
- hosts: appservers
serial: 1
roles:
- williamyeh.nodejs
- geerlingguy.git
- { role: project_deploy, tags: ['deploy'] }
vars:
project_git_repo: "https://github.com/..."
project_version: "master"
project_has_npm: true
lb 10.0.0.10 app1 10.0.0.20
app2 10.0.0.21
app3 10.0.0.22
db 10.0.0.30
CentOS 7.1 CentOS 7.1Ubuntu 14.04

107. ad-hoc commands
inventory
playbook - push
playbook - pull
roles
selective execution
Capistrano-style
zero-downtime
blue-green
rolling upgrade
66

108. 67

109. •
67

110. •
•
67

111. •
•
•
67

112. 68

113. 69

114. 70
☛ https://github.com/ansible/ansible

115. 70
☛ https://github.com/ansible/ansible

116. 70
☛ https://github.com/ansible/ansible

117. 71
ad-hoc commands
inventory
playbook - push
playbook - pull
roles
selective execution
Capistrano-style
zero-downtime
blue-green
rolling upgrade

118. 72