Q: Používáte někdo AWS? Q: Používáte ho jinak, než platformu pro spuštění virtuálů/S3 úložiště
Q: Do you use ansible? How?
Ansible + Amazon AWS talk installfest.cz 2016
Ansible + Amazon AWS
● Started as flexible virtual machine provider with
pay per hour billing.
● Evolved to provide PaaS for all usual work
● Performance/price ratio bigger, than for
dedicated servers, but great flexibility and you
can save your time (Time is money, friend!).
● Immutable architecture ready!
– On several places thru world
● Availability zones
– Region has several availability zones, isolated from
– Internal IP`s only
– 1:1 nat if public IP enabled
– Ec2 roles
● Individual user for ansible
– Only the permissions that are needed (you do not
want to be bitcoin miner)
– Cost alert
AWS architecture (networking)
● Virtual private cloud (VPC)
– Isolated internal network inside AWS
– You can define own VPC for mysql instances, for app server
– Can be connected thru VPN to your company internal
network (paid service).
● Security groups
– Firewall, by default nothing in, all out.
– One server instance can have more atached security groups
AWS (LB, server instances)
● Elastic Load Balancer (ELB)
– Scalable load balancer, capable of http, https
(HTTP/2 not yet available :()
– CNAME only, do not use IP address
● EC2 (Server instances)
– Work with cattles, not pets
– Predefined images (AMIs) – can be easily created
● Database as a server
● Supports MySQL, MSSQL, Postgres, …
● Can create HA instance of database thru 2
availability zones in one region with automatic
● Snapshots, auto upgrades (maintenance time
Autoscaling group + Cloudformation
● Autoscaling ensures that you have servers
running. If some instance stop working, it is
automagically trashed and new one is spawned
– Infrastructure as a code tool
– You can describe your platform and magic will
● Easy to start
● Data driven
– List of managed computers, can be grouped.
– Default in /etc/ansible/hosts.
– May be dynamically generated.
– Basic work units.
– Plenty of them (hundreds) available.
– Template, copy, user, ...
Key concepts (2)
– Defined on multiple levels (host, group, inventory).
– Used for conditionals and in templates.
– Special variables taken from server (hostname,
date and time, networking setup, …).
– ansible -m setup localhost
Key concepts (3)
– One task do one thing (usually it is module invocation).
– Set of tasks that run on group of computers.
– Bunch of plays in one file.
– Encapsulate set of tasks, variables, templates, files together.
Gluing it together
● Ansible has plenty of AWS modules
● Internally it is using python boto library, can do
anything, boto can.
● Dynamic inventory.
● Tags, tags everywhere!
Advertisement: We are training ansible: