Ansible is een open source configuratie, implementatie- en orkestratie software. Het is in veel opzichten uniek in vergelijking met andere managementtools. Als doel wilt Ansible een grote productiviteitswinst behalen voor een arsenaal aan automatiseringsuitdagingen. Tevens is het ook een meer productieve vervanging van vele kernmogelijkheden in andere automatiseringsoplossingen.
We laten je in deze demo zien hoe je je volledige IT Infrastructuur (en meer) kan automatiseren met Ansible.
3. 3
Ansible Engine
SIMPLE POWERFUL AGENTLESS
App deployment
Configuration management
Workflow orchestration
Network automation
Orchestrate the app lifecycle
Human readable automation
No special coding skills needed
Tasks executed in order
Usable by every team
Supported
Get productive quickly
Agentless architecture
Uses OpenSSH & WinRM
No agents to exploit or update
Get started immediately
More efficient & more secure
4. What can I do with Ansible?
4
Orchestration
Do this...
Firewalls
Configuration
Management
Application
Deployment
Provisioning
Continuous
Delivery
Security and
Compliance
On these...
Load Balancers Applications Containers Clouds
Servers Infrastructure Storage And more...Network Devices
Automate the deployment and management of your entire IT footprint.
6. 6
Modules are pieces of code that enable a specific functionality
Fully documented on docs.ansible.com
Vendors are increasingly developing and shipping modules for their products
You can develop your own modules
Example: service
Ansible Engine
Modules
ansible all -m service -a “name=httpd
state=started enabled=yes”
8. 8
Inventory is the set of nodes to be managed by Ansible. They are stored in a ini formatted file. Examples:
Ansible Engine
Inventory
[webservers]
web1.example.com
server1.example.com
[dbservers]
db1.example.com
server1.example.com
[wildcardservers]
*.example.com
db%.example.com
[rangeservers]
w[01:50].example.com
db-[a:f].example.com
[example:children]
webservers
dbservers
[specialservers]
srv.example.com:5143
9. 9
General format:
Guess what this does:
Ansible Engine
Ad-Hoc commands
ansible <server pattern> -m <module> -a
“<arguments>”
ansible all -m yum -a “name=* state=latest”
10. 10
Ansible Engine
Playbooks
# This playbook will install and start/enable Apache
---
- hosts: webservers
vars:
http_port: 80
max_clients: 200
remote_user: root
tasks:
- name: ensure apache is at the latest version
yum: name=httpd state=latest
- name: ensure apache is running (and enable it at boot)
service: name=httpd state=started enabled=yes
11. 11
Ansible Engine
Playbooks
# This playbook will install and start/enable Apache
---
- hosts: webservers
vars:
http_port: 80
max_clients: 200
remote_user: root
tasks:
- name: ensure apache is at the latest version
yum: name=httpd state=latest
- name: ensure apache is running (and enable it at boot)
service: name=httpd state=started enabled=yes
YAML
12. 12
Ansible is agentless, so how can it execute stuff on the target servers?
Transport types:
● OpenSSH (port 22) on Linux/Unix/...
○ Clients need to have Python installed
● WinRM (port 5986 for https or port 5985 for http) on Windows:
○ Clients need to have Powershell installed
● Many other transport types: local/paramiko ssh/network_cli/netconf/...
Sudo and runas constructs are fully supported
Transports are plugins, so are extendable
Ansible has a push architecture
Ansible Engine
Transports
13. 13
Ansible Engine
Variables (or vars)
---
- hosts: webservers
vars:
http_port: 80
max_clients: 200
tasks:
- name: ...
---
alpha: ['a', 'b', 'c']
numbers: [1, 2, 3, 4]
---
users:
alice:
name: Alice Appleworth
telephone: 123-456-7890
bob:
name: Bob Bananarama
telephone: 987-654-3210
simple vars in playbook array vars in separate file dict vars
14. 14
● = pieces of information regarding the remote system
● E.g.: IP addresses, Operating System, Ethernet devices, mac address, ...
● Implemented using the “setup” module
● Implicitly runs at the start of a playbook, so you can use them in your code
Ansible Engine
Facts
ansible webserver -m setup
"ansible_dns": {
"nameservers": [
"192.168.100.1",
"10.1.1.12"
],
}
15. 15
Vaults are encrypted files protected with a password (file)
Any file can be a vault: playbooks, inventory, var files, even binaries
Unlock during playbook run giving password
Password can be asked or delivered using a file or script
Vaulted data is NEVER shown in logs
Ansible Engine
Vaults
ansible-playbook site.yml --vault-password-file ~/.vault_pass.py