Openbar 5 - Leuven - Automating everything with Ansible - Piros
•
2 likes•124 views
Ansible is een open source configuratie, implementatie- en orkestratie software. Het is in veel opzichten uniek in vergelijking met andere managementtools. Als doel wilt Ansible een grote productiviteitswinst behalen voor een arsenaal aan automatiseringsuitdagingen. Tevens is het ook een meer productieve vervanging van vele kernmogelijkheden in andere automatiseringsoplossingen. We laten je in deze demo zien hoe je je volledige IT Infrastructuur (en meer) kan automatiseren met Ansible.
Recommended
More Related Content
What's hot
What's hot (19)
Similar to Openbar 5 - Leuven - Automating everything with Ansible - Piros
Similar to Openbar 5 - Leuven - Automating everything with Ansible - Piros (20)
More from Openbar
More from Openbar (20)
Recently uploaded
Recently uploaded (20)
Openbar 5 - Leuven - Automating everything with Ansible - Piros
- 1. ANSIBLE
- 2. A self-driving car is just a car with AUTOMATION Photo via Volvo
- 3. 3 Ansible Engine SIMPLE POWERFUL AGENTLESS App deployment Configuration management Workflow orchestration Network automation Orchestrate the app lifecycle Human readable automation No special coding skills needed Tasks executed in order Usable by every team Supported Get productive quickly Agentless architecture Uses OpenSSH & WinRM No agents to exploit or update Get started immediately More efficient & more secure
- 4. What can I do with Ansible? 4 Orchestration Do this... Firewalls Configuration Management Application Deployment Provisioning Continuous Delivery Security and Compliance On these... Load Balancers Applications Containers Clouds Servers Infrastructure Storage And more...Network Devices Automate the deployment and management of your entire IT footprint.
- 5. 5 ● modules ● inventory ● ad-hoc commands ● playbooks ● transports ● variables ● facts ● vaults Ansible Engine Concepts
- 6. 6 Modules are pieces of code that enable a specific functionality Fully documented on docs.ansible.com Vendors are increasingly developing and shipping modules for their products You can develop your own modules Example: service Ansible Engine Modules ansible all -m service -a “name=httpd state=started enabled=yes”
- 7. 7 CLOUD AWS Azure CenturyLink CloudScale Digital Ocean Docker Google Linode OpenStack Rackspace And more... WINDOWS ACLs Files Commands Packages IIS Regedits Shell Shares Services DSC Users Domains And more... VIRT AND CONTAINER Docker VMware RHV OpenStack OpenShift Atomic CloudStack And more... NETWORK Arista A10 Cumulus Big Switch Cisco Cumulus Dell F5 Juniper Palo Alto OpenSwitch And more... NOTIFY HipChat IRC Jabber Email RocketChat Sendgrid Slack Twilio And more... ANSIBLE SHIPS WITH OVER 1500 MODULES
- 8. 8 Inventory is the set of nodes to be managed by Ansible. They are stored in a ini formatted file. Examples: Ansible Engine Inventory [webservers] web1.example.com server1.example.com [dbservers] db1.example.com server1.example.com [wildcardservers] *.example.com db%.example.com [rangeservers] w[01:50].example.com db-[a:f].example.com [example:children] webservers dbservers [specialservers] srv.example.com:5143
- 9. 9 General format: Guess what this does: Ansible Engine Ad-Hoc commands ansible <server pattern> -m <module> -a “<arguments>” ansible all -m yum -a “name=* state=latest”
- 10. 10 Ansible Engine Playbooks # This playbook will install and start/enable Apache --- - hosts: webservers vars: http_port: 80 max_clients: 200 remote_user: root tasks: - name: ensure apache is at the latest version yum: name=httpd state=latest - name: ensure apache is running (and enable it at boot) service: name=httpd state=started enabled=yes
- 11. 11 Ansible Engine Playbooks # This playbook will install and start/enable Apache --- - hosts: webservers vars: http_port: 80 max_clients: 200 remote_user: root tasks: - name: ensure apache is at the latest version yum: name=httpd state=latest - name: ensure apache is running (and enable it at boot) service: name=httpd state=started enabled=yes YAML
- 12. 12 Ansible is agentless, so how can it execute stuff on the target servers? Transport types: ● OpenSSH (port 22) on Linux/Unix/... ○ Clients need to have Python installed ● WinRM (port 5986 for https or port 5985 for http) on Windows: ○ Clients need to have Powershell installed ● Many other transport types: local/paramiko ssh/network_cli/netconf/... Sudo and runas constructs are fully supported Transports are plugins, so are extendable Ansible has a push architecture Ansible Engine Transports
- 13. 13 Ansible Engine Variables (or vars) --- - hosts: webservers vars: http_port: 80 max_clients: 200 tasks: - name: ... --- alpha: ['a', 'b', 'c'] numbers: [1, 2, 3, 4] --- users: alice: name: Alice Appleworth telephone: 123-456-7890 bob: name: Bob Bananarama telephone: 987-654-3210 simple vars in playbook array vars in separate file dict vars
- 14. 14 ● = pieces of information regarding the remote system ● E.g.: IP addresses, Operating System, Ethernet devices, mac address, ... ● Implemented using the “setup” module ● Implicitly runs at the start of a playbook, so you can use them in your code Ansible Engine Facts ansible webserver -m setup "ansible_dns": { "nameservers": [ "192.168.100.1", "10.1.1.12" ], }
- 15. 15 Vaults are encrypted files protected with a password (file) Any file can be a vault: playbooks, inventory, var files, even binaries Unlock during playbook run giving password Password can be asked or delivered using a file or script Vaulted data is NEVER shown in logs Ansible Engine Vaults ansible-playbook site.yml --vault-password-file ~/.vault_pass.py
- 16. Let’s pray to the demo gods… DEMO TIME
- 17. 7
- 18. Thank you!