Uploaded byDonghuKIM2
PDF, PPTX1,014 views

Ansible with oci

This document provides an overview of Ansible including: - What Ansible is and how it compares to other configuration management tools like Chef and Puppet - How Ansible works in an agentless manner over SSH and ensures idempotency - The basic components of Ansible like playbooks, tasks, modules, variables, and roles - How to install and configure Ansible including installing on control and managed nodes and using Ansible inventory - Examples of using Ansible playbooks including tasks, modules, handlers, templates, conditionals, and loops - Common Ansible commands like ansible-playbook, ansible-inventory, ansible-galaxy and how to use them

Embed presentation

Download as PDF, PPTX
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Confidential – Oracle Internal/Restricted/Highly Restricted 1 th 김동후 donghu.kim@oracle.com Ansible with OCI 2020.1.18 16 thOracle Developer Meetup
Who is this guy? --- name: Kim Donghu experience: - 10 years experienced Java Developer. - 8 years experienced Solution Engineer @ Oracle Korea interests: - DevOps - Cloud Native - MSA - Front-End Frameworks
{ "name": "Kim Donghu", "experience": [ "10 years experienced Java Developer.", "8 years experienced Solution Engineer @ Oracle Korea" ], "interests": [ "DevOps", "Cloud Native", "MSA", "Front-End Frameworks" ] } Who is this guy?
Ansible named from novel <<Ender's Game>>. It is a fictional superluminal communication device.
Ansible Puppet Chef Salt
Ansible is... • 오픈소스 구성관리 및 프로비저닝 도구 (similar to Chef, Puppet, Salt) • 실행 작업을 작성하기 쉬운 YAML 형식으로 정의 • SSH 접속만 가능하면 대부분 Ansible을 통해 작업을 수행 • Agentless: 대상 서버에 Agent 설치가 필요 없음 • Idempotency: 같은 작업을 여러번 수행하더라도 결과는 같음
Agentless... Application Servers (no agent) Database Servers (no agent) Web Servers (no agent) SSH push push push You don't have to install something extra onto the remote hosts you want to manage.
Idempotency... SSH 1. create a cron job 2. create the same cron job 3. create the same cron job only 1 cron job non-idempotent - file - shell - command --- - hosts: dev-servers tasks: - shell: echo test >> /tmp/forbar
Idempotency Demo
Shell Script Ansible Playbook
What can it automate? Infrastructure Provisioning Configuration Management Application Deployment SSH
Ansible Architecture Ansible Control Node (Desktop, Laptop) Playbook (YAML) - name connection hosts: DB tasks: module .... - name connection hosts: WEB tasks: module .... ssh ssh pip install ansible Inventory (hostfile) [WEB] 10.0.1.100 10.0.2.100 10.0.3.100 [DB] 10.0.4.100 10.0.5.100 WEB (Managed Node) 10.0.1.100 10.0.2.100 10.0.3.100 DB (Managed Node) 10.0.5.10010.0.4.100
How to install Ansible? Control Node Requirements • Python 2 (version 2.7) • Python 3 (version 3.5 and higher) • Windows is not supported for the control node Managed Node Requirements • Native OpenSSH (1.3 or later) • By default this uses sftp • If that's not available, you can switch to scp • Python 2 (2.6 or later) or Python 3 (3.5 or later) Installing Ansible (RHEL and CentOS) $ yum install python $ yum install python-pip $ pip install virtualenv $ pip install ansible
What is Ansible Inventory? mail.example.com [WEB] 10.0.1.100 10.0.2.100 10.0.3.100 [DB] 10.0.4.100 10.0.5.100 INI, GROUP, HOST WEB: hosts: 10.0.1.100: 10.0.2.100: vars: some_server: some_server=test.exam ple.com YAML, HOST, HOST VAR [WEB] host1 ansible_connection=ssh ansible_host=10.0.1.11 ansible_user=opc host2 ansible_connection=ssh ansible_host=10.0.1.12 ansible_user=opc INI, GROUP, HOST, HOST VAR [WEB] 10.0.1.100 [WAS1:children] 10.0.1.101 10.0.1.102 [WAS1:vars] some_server=test.exampl e.com INI, GROUP, CHILD GROUP & VAR • 기본 Inventory File: /etc/ansible/hosts • 별도의 경로에 별도의 파일로 생성 가능[Inventory] • host, group, group children에 대한 변 수를 별도의 파일로 관리 가능 (권장) • Managed Node (구성할 리모트 서버)에 대 한 호스트 정보를 가짐, 그룹과 호스트로 관리
Playbook - Basic --- - name: Web Server Play hosts: web remote_user: opc become_method: sudo become: yes tasks: - name: add web user user: name: webuser shell: /bin/bash append: yes state: present tags: - add_web_user - name: DB Server Play hosts: db remote_user: opc tasks: - name: add db user user: name: oracle shell: /bin/bash append: yes state: present tags: - add_db_user ... YAML https://docs.ansible.com/ansible/2.4/playbooks_keywords.html Playbook keywords Playbook Keywords Tasks Module Module Input Parameters Tags Play1 Play2
Playbook - Keywords --- - name: Web Server Play hosts: web remote_user: opc become_method: sudo become: yes tasks: YAML Keywords: Common Playbook Objects • Play • Role • Block • Task Keywords
Playbook - Tasks --- - name: Web Server Play hosts: web remote_user: opc become_method: sudo become: yes tasks: - name: add web user user: name: 'webuser' shell: /bin/bash append: yes state: present tags: - add_web_user - name: debug debug: msg: "debug..." YAML Each task contains: • Task name • Module • Module Parameter • Conditions (when, failed_when..) • Processing directives (become, register..) Task1 Task2
Playbook - Module --- - name: Web Server Play hosts: web remote_user: opc become_method: sudo become: yes tasks: - name: add web user user: name: 'webuser' shell: /bin/bash append: yes state: present tags: - add_web_user - name: debug debug: msg: "debug..." YAML https://docs.ansible.com/ansible/latest/modules/modules_by_category.html User Module Module Input Parameters Debug Module Module Input Parameters Ansible Module List
Playbook - Working with Modules https://docs.ansible.com/ansible/latest/modules/find_module.html#find-module 예) File find Module
Playbook - Working with Modules Input Parameters Return Values • Return Values는 Ansible에서 기본 제공하는 Common Return Value와 Internal 사용을 위한 Value를 별도 제공 https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html
Playbook - Working with Modules - name: Recursively find /tmp files older than 2 days find: paths: /tmp age: 2d recurse: yes register: result - name: print find files result debug: msg: "{{ result }}" find Module 사용 예시 Input Parameter find Module Capture return value to a variable debug Module Print output variable < TASK [print find files result] > ok: [1.2.3.4] => { "result": { "changed": false, "examined": 3119, "files": [ { "atime": 1483973253.7295375, ... "mode": "0600", "mtime": 1483973253.7295375, "nlink": 1, "path": "/tmp/delme",
Playbook - Variables --- - name: Web Server Play hosts: web vars: web user_name: webuser vars_files: - /home/user/ansible/users.yml remote_user: opc become_method: sudo become: yes tasks: - name: add web user user: name: '{{ user_name }}' shell: /bin/bash append: yes state: present tags: - add_web_user YAML --- users: - user: user1 tenancy: ocid1.tenancy.oc1.. region: ap-seoul-1 - user: user2 tenancy: ocid1.tenancy.oc1.. region: ap-seoul-1 vars ansible-playbook release.yml --extra-vars "user_name=webuser" extra vars inventory vars host_vars, group_vars - /etc/ansible/hosts/host_vars/{host} - /etc/ansible/hosts/group_vars/{group} var file facts ansible hostname -m setup - ansible_hostname, ansible_version.. Role Defaults The lowest priority of any variables available
Playbook - Handler --- - name: Web Server Play hosts: web remote_user: opc become_method: sudo become: yes tasks: - name: httpd package is present yum: name: httpd state: latest notify: Restart httpd handlers: httpd package is present - name: Restart httpd service: httpd name: httpd state: restarted YAML notify handler Handlers: Running Operations On Change • Only run if triggered by the notify directive • Any module can be used for the handler action • Indicates a change in the system state
Playbook - TemplatesYAML --- - name: Web Server Play hosts: web remote_user: opc become_method: sudo become: yes tasks: - name: Install nginx yum: name: nginx state: present - name: Copy nginx conf for wordpress - template: src=default.conf dest=/ etc/nginx/conf.d/default.conf notify: restart nginx server { listen {{ nginx_port }} default_server; server_name {{ server_hostname }}; root /src/wordpress/ ; client_max_body_size 64M; location ~* /(?:uploads|files)/.*.php$ { deny all; } .... • Jinja is a modern and designer-friendly templating language for Python • Jinja2 template language used in Ansible • {% … %} for control statements (conditions) • {{ … }} for expressions (variables) • {# … #} for comments (describe the task) Jinja2 Template default.conf How it works
Playbook - Roles --- - name: WordPress,MariaDB,NginX, php-fpm hosts: all remote_user: opc become_method: sudo become: yes roles: - common - mariadb - nginx - php-fpm - wordpress YAML site.yml roles/ common/ tasks/ handlers/ files/ templates/ vars/ defaults/ meta/ Role Directory Structure The main list of tasks Handlers (used by this role or anywhere) Can be deployed via this role Can be deployed via this role Other variables for the role Default variables for the role Some meta data for this role Using Role Ansible Galaxy • Free site for finding, downloading, rating, and reviewing all kinds of community developed Ansible roles (https://galaxy.ansible.com) • Command line tool for Ansible Galaxy: ansible-galaxy Using ansible-galaxy • ansible-galaxy init --force common • ansible-galaxy install oracle.oci_ansible_modules • ansible-galaxy remove oracle.oci_ansible_modules • ansible-galaxy list
Playbook - Conditionals & Loops Loop and Conditionals --- tasks: - command: echo {{ item }} loop: [ 0, 2, 4, 6, 8, 10 ] when: item > 5 When --- tasks: - name: "shut down Debian flavored systems" command: /sbin/shutdown -t now when: ansible_facts['os_family'] == "Debian" # note that all variables can be used directly in conditionals without double curly braces Iterating over a simple list --- - name: add several users user: name: "{{ item }}" state: present groups: "wheel" loop: - testuser1 - testuser2 Iterating over a list of hashes --- - name: add several users user: name: "{{ item.name }}" state: present groups: "{{ item.groups }}" loop: - { name: 'testuser1', groups: 'wheel' } - { name: 'testuser2', groups: 'root' } with_list --- - name: with_list debug: msg: "{{ item }}" with_list: - one - two with_items --- - name: with_items debug: msg: "{{ item }}" with_items: "{{ items }}" with_list -> loop loop and the flatten filter.
Ansible Commands ansible ansible-playbook ansible-inventory ansible-galaxy ansible-doc ansible-valut ansible-pull ansible-config ansible ad-hoc commands $ ansible-playbook -i hosts -l client -t add_users make_handson_client_env.yml -e "group=handson append=yes" $ ansible-inventory -i oci_inventory.py --list $ ansible-galaxy install oracle.oci_ansible_modules $ ansible-doc file $ ansible-vault create group_vars/all $ 0 3 * * * ansible-pull -U https://github.com/mangan/ansible-pull-example -i hosts $ ansible-config list $ ansible testserver -a "ls -al" $ ansible -i hosts host1 -m ping
Playbook Demo
Advanced Topics https://github.com/ansible/awx https://www.ansible.com/products/tower https://docs.ansible.com/ansible/latest/reference_appendices/test_strategies.html https://docs.ansible.com/ansible/latest/reference_appendices/special_variables.html https://docs.ansible.com/ansible/latest/user_guide/playbooks_best_practices.html#playbooks-best-practices Best Practices - Dynamic Inventory PlugIn - Group and Host Variables - Top Level Playbooks Are Separated By Role - Task And Handler Organization For A Role - Building Ansible Modules - Vaults Testing Strategies - The Right Level of Testing - Check Mode As A Drift Test - Modules That Are Useful for Testing - Testing Lifecycle - Integrating Testing With Rolling Updates - Achieving Continuous Deployment Special Variables - Magic - Facts - Connection Variables - Configuration UI Console - Ansible Tower - Ansible AWX
Oracle Ansible Module • Dynamic Inventory Script • Security and IAM • Logging/Telemetry • Retries/Backoff • Idempotency OCI ansible modules architecture diagram • Services supported 1. Block Volume 2. Compute 3. Container Engine for Kubernetes Service (OKE) 4. Database (including support for Autonomous Transaction Processing and Autonomous Data Warehouse Services) 5. Edge Services (DNS, WAF) 6. IAM 7. Load Balancing 8. Networking 9. Object Storage 10.File Storage 11.Email Delivery 12.Search
Oracle Ansible Module OCI Ansible Modules (251)
Oracle Ansible Dynamic Inventory ansible-galaxy https://galaxy.ansible.com/oracle/oci_ansible_modules Output (JSON) ansible-inventory -i ~/.ansible/roles/oracle.oci_ansible_modules/ inventory-script/oci_inventory.py --list
Dynamic Inventory Demo
Terraform and Ansible with OCI
nginx.ymlmariadb.yml phpfpm.yml wordpress.yml HTTP Dynamic Inventory HTTP SSH compartment.tf vcn.tf compute.tf 1 OCI Terraform Plug-in 2 3 OCI Ansible Module 4 5 6 Provisioning Configuration 전체 시나리오
ORACLE CLOUD INFRASTRUCTURE (SEOUL REGION) Virtual Cloud Network Public Subnet 10.0.2.0/24 Internet G/W Security List (22, 80) Route Table Compute Instance1 (Oracle Linux7) Compute Instance2 (Oracle Linux7) API Terraform Hands-On 구성도
~/.terraform/env/env.tfvars 2 3 4 1 실습용 Terraform 프로젝트 구조
~/.terraform/env/env.tfvars 1 2 사용 사용 4 3 실습용 Terraform 프로젝트 구조 - 변수 사용 할당
ORACLE CLOUD INFRASTRUCTURE (SEOUL REGION) Virtual Cloud Network Public Subnet 10.0.2.0/24 Security List (22, 80) Route Table Compute Instance1 (Oracle Linux7) Compute Instance2 (Oracle Linux7) SSH Internet G/W Ansible Hands-On 구성도
yum repository tasks: upload files handler: mariadb start tasks: install mariadb template: mariadb config (jinja2 template) handler: nginx start tasks: install nginx template: nginx config handler: start php-fpm tasks: install php-fpm template: php-fpm config tasks: install wordpress template: php file group variables --- - name: Install WordPress, MariaDB, Nginx, and php-fpm hosts: all remote_user: opc become_method: sudo become: yes roles: - common - mariadb - nginx - php-fpm - wordpress 실습용 Ansible 프로젝트 구조
Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Confidential – Oracle Internal/Restricted/Highly Restricted 감사합니다 42

More Related Content

PDF
Ansible intro
byMarcelo Quintiliano da Silva
 
PPTX
Introduction to Ansible
byCoreStack
 
PDF
[1A7]Ansible의이해와활용
byNAVER D2
 
PDF
Ansible - Introduction
byStephane Manciot
 
PDF
Ansible - Hands on Training
byMehmet Ali Aydın
 
PDF
Ansible Introduction
byRobert Reiz
 
PDF
Ansible
byRahul Bajaj
 
PPTX
Docker introduction
byGourav Varma
 
Ansible intro
byMarcelo Quintiliano da Silva
 
Introduction to Ansible
byCoreStack
 
[1A7]Ansible의이해와활용
byNAVER D2
 
Ansible - Introduction
byStephane Manciot
 
Ansible - Hands on Training
byMehmet Ali Aydın
 
Ansible Introduction
byRobert Reiz
 
Ansible
byRahul Bajaj
 
Docker introduction
byGourav Varma
 

What's hot

PPTX
Ansible presentation
byKumar Y
 
ODP
ansible why ?
byYashar Esmaildokht
 
PDF
Docker Introduction
byMANAOUIL Karim
 
PDF
Introduction to Docker
byLuong Vo
 
PDF
Ansible
byVishal Yadav
 
PPTX
Docker introduction for the beginners
byJuneyoung Oh
 
PDF
Ansible
byRaul Leite
 
PDF
DevOps with Ansible
bySwapnil Jain
 
PDF
Introduzione a Docker (Maggio 2017) [ITA]
byValerio Radice
 
PDF
Ansible 101
byGena Mykhailiuta
 
PPT
Ansible presentation
byJohn Lynch
 
PDF
IT Automation with Ansible
byRayed Alrashed
 
PPTX
Automating with Ansible
byRicardo Schmidt
 
PDF
Giới thiệu docker và ứng dụng trong ci-cd
byGMO-Z.com Vietnam Lab Center
 
PPTX
Ansible presentation
bySuresh Kumar
 
PDF
Docker Compose by Aanand Prasad
byDocker, Inc.
 
PPTX
A brief study on Kubernetes and its components
byRamit Surana
 
PDF
Virtual Machines and Docker
byDanish Khakwani
 
PDF
Docker Tutorial.pdf
byMuhammadYusuf767705
 
PPTX
Why Docker
bydotCloud
 
Ansible presentation
byKumar Y
 
ansible why ?
byYashar Esmaildokht
 
Docker Introduction
byMANAOUIL Karim
 
Introduction to Docker
byLuong Vo
 
Ansible
byVishal Yadav
 
Docker introduction for the beginners
byJuneyoung Oh
 
Ansible
byRaul Leite
 
DevOps with Ansible
bySwapnil Jain
 
Introduzione a Docker (Maggio 2017) [ITA]
byValerio Radice
 
Ansible 101
byGena Mykhailiuta
 
Ansible presentation
byJohn Lynch
 
IT Automation with Ansible
byRayed Alrashed
 
Automating with Ansible
byRicardo Schmidt
 
Giới thiệu docker và ứng dụng trong ci-cd
byGMO-Z.com Vietnam Lab Center
 
Ansible presentation
bySuresh Kumar
 
Docker Compose by Aanand Prasad
byDocker, Inc.
 
A brief study on Kubernetes and its components
byRamit Surana
 
Virtual Machines and Docker
byDanish Khakwani
 
Docker Tutorial.pdf
byMuhammadYusuf767705
 
Why Docker
bydotCloud
 

Similar to Ansible with oci

PPTX
Introduction to ansible
byOmid Vahdaty
 
PPTX
Basics of Ansible - Sahil Davawala
bySahil Davawala
 
PDF
DevOpsDaysCPT Ansible Infrastrucutre as Code 2017
byJumping Bean
 
PDF
Getting Started with Ansible - Jake.pdf
byssuserd254491
 
PPTX
Introduction to Ansible - (dev ops for people who hate devops)
byJude A. Goonawardena
 
PPTX
Ansible as configuration management tool for devops
byPuneet Kumar Bhatia (MBA, ITIL V3 Certified)
 
PPTX
Ansible Devops North East - slides
byInfinityPP
 
PDF
A tour of Ansible
byDevOps Ltd.
 
PPTX
Ansible Hands On
byGianluca Farinelli
 
PPTX
ansible : Infrastructure automation,idempotent and more
bySabarinath Gnanasekar
 
PDF
Ansible Automation to Rule Them All
byTim Fairweather
 
PDF
Ansible is the simplest way to automate. MoldCamp, 2015
byAlex S
 
PDF
Ansible is the simplest way to automate. SymfonyCafe, 2015
byAlex S
 
PDF
Ansible for Configuration Management for Lohika DevOps training 2018 @ Lohika...
byIhor Banadiga
 
PDF
Automation with ansible
byKhizer Naeem
 
PDF
Introducing Ansible
byFrancesco Pantano
 
PPTX
Ansible
byAfroz Hussain
 
PDF
Configuration Management in Ansible
byBangladesh Network Operators Group
 
PPTX
SESSION Ansible how to deploy and push resources
bySaravanan68713
 
PPTX
Automate DBA Tasks With Ansible
byIvica Arsov
 
Introduction to ansible
byOmid Vahdaty
 
Basics of Ansible - Sahil Davawala
bySahil Davawala
 
DevOpsDaysCPT Ansible Infrastrucutre as Code 2017
byJumping Bean
 
Getting Started with Ansible - Jake.pdf
byssuserd254491
 
Introduction to Ansible - (dev ops for people who hate devops)
byJude A. Goonawardena
 
Ansible as configuration management tool for devops
byPuneet Kumar Bhatia (MBA, ITIL V3 Certified)
 
Ansible Devops North East - slides
byInfinityPP
 
A tour of Ansible
byDevOps Ltd.
 
Ansible Hands On
byGianluca Farinelli
 
ansible : Infrastructure automation,idempotent and more
bySabarinath Gnanasekar
 
Ansible Automation to Rule Them All
byTim Fairweather
 
Ansible is the simplest way to automate. MoldCamp, 2015
byAlex S
 
Ansible is the simplest way to automate. SymfonyCafe, 2015
byAlex S
 
Ansible for Configuration Management for Lohika DevOps training 2018 @ Lohika...
byIhor Banadiga
 
Automation with ansible
byKhizer Naeem
 
Introducing Ansible
byFrancesco Pantano
 
Ansible
byAfroz Hussain
 
Configuration Management in Ansible
byBangladesh Network Operators Group
 
SESSION Ansible how to deploy and push resources
bySaravanan68713
 
Automate DBA Tasks With Ansible
byIvica Arsov
 

Recently uploaded

PDF
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
PPTX
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
PPTX
Protecting Data in an AI Driven World - Cybersecurity in 2026
byYasir Naveed Riaz
 
PDF
Cybersecurity: Safeguarding Digital Assets
byYasir Naveed Riaz
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
PDF
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PPTX
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
PDF
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
PDF
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
PPT
software-security-intro in information security.ppt
byismaeelsahib032
 
PDF
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
PDF
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
PPTX
Unit-4-ARTIFICIAL NEURAL NETWORKS.pptx ANN ppt Artificial neural network
byssuserd4481a
 
PDF
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PPTX
Technology Consulting _ by Slidesgo.pptx
byfh82277
 
PPTX
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
PDF
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 
PDF
December Patch Tuesday
byIvanti
 
PPTX
AI's Impact on Cybersecurity - Challenges and Opportunities
byYasir Naveed Riaz
 
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
Protecting Data in an AI Driven World - Cybersecurity in 2026
byYasir Naveed Riaz
 
Cybersecurity: Safeguarding Digital Assets
byYasir Naveed Riaz
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
software-security-intro in information security.ppt
byismaeelsahib032
 
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
Unit-4-ARTIFICIAL NEURAL NETWORKS.pptx ANN ppt Artificial neural network
byssuserd4481a
 
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Technology Consulting _ by Slidesgo.pptx
byfh82277
 
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 
December Patch Tuesday
byIvanti
 
AI's Impact on Cybersecurity - Challenges and Opportunities
byYasir Naveed Riaz
 

Ansible with oci

  • 1.
    Copyright © 2017,Oracle and/or its affiliates. All rights reserved. | Confidential – Oracle Internal/Restricted/Highly Restricted 1 th 김동후 donghu.kim@oracle.com Ansible with OCI 2020.1.18 16 thOracle Developer Meetup
  • 2.
    Who is thisguy? --- name: Kim Donghu experience: - 10 years experienced Java Developer. - 8 years experienced Solution Engineer @ Oracle Korea interests: - DevOps - Cloud Native - MSA - Front-End Frameworks
  • 3.
    { "name": "Kim Donghu", "experience":[ "10 years experienced Java Developer.", "8 years experienced Solution Engineer @ Oracle Korea" ], "interests": [ "DevOps", "Cloud Native", "MSA", "Front-End Frameworks" ] } Who is this guy?
  • 4.
    Ansible named fromnovel <<Ender's Game>>. It is a fictional superluminal communication device.
  • 5.
  • 6.
    Ansible is... • 오픈소스구성관리 및 프로비저닝 도구 (similar to Chef, Puppet, Salt) • 실행 작업을 작성하기 쉬운 YAML 형식으로 정의 • SSH 접속만 가능하면 대부분 Ansible을 통해 작업을 수행 • Agentless: 대상 서버에 Agent 설치가 필요 없음 • Idempotency: 같은 작업을 여러번 수행하더라도 결과는 같음
  • 7.
    Agentless... Application Servers (no agent) DatabaseServers (no agent) Web Servers (no agent) SSH push push push You don't have to install something extra onto the remote hosts you want to manage.
  • 8.
    Idempotency... SSH 1. create a cron job 2. create thesame cron job 3. create the same cron job only 1 cron job non-idempotent - file - shell - command --- - hosts: dev-servers tasks: - shell: echo test >> /tmp/forbar
  • 9.
  • 10.
  • 11.
    What can itautomate? Infrastructure Provisioning Configuration Management Application Deployment SSH
  • 12.
    Ansible Architecture Ansible ControlNode (Desktop, Laptop) Playbook (YAML) - name connection hosts: DB tasks: module .... - name connection hosts: WEB tasks: module .... ssh ssh pip install ansible Inventory (hostfile) [WEB] 10.0.1.100 10.0.2.100 10.0.3.100 [DB] 10.0.4.100 10.0.5.100 WEB (Managed Node) 10.0.1.100 10.0.2.100 10.0.3.100 DB (Managed Node) 10.0.5.10010.0.4.100
  • 13.
    How to installAnsible? Control Node Requirements • Python 2 (version 2.7) • Python 3 (version 3.5 and higher) • Windows is not supported for the control node Managed Node Requirements • Native OpenSSH (1.3 or later) • By default this uses sftp • If that's not available, you can switch to scp • Python 2 (2.6 or later) or Python 3 (3.5 or later) Installing Ansible (RHEL and CentOS) $ yum install python $ yum install python-pip $ pip install virtualenv $ pip install ansible
  • 14.
    What is AnsibleInventory? mail.example.com [WEB] 10.0.1.100 10.0.2.100 10.0.3.100 [DB] 10.0.4.100 10.0.5.100 INI, GROUP, HOST WEB: hosts: 10.0.1.100: 10.0.2.100: vars: some_server: some_server=test.exam ple.com YAML, HOST, HOST VAR [WEB] host1 ansible_connection=ssh ansible_host=10.0.1.11 ansible_user=opc host2 ansible_connection=ssh ansible_host=10.0.1.12 ansible_user=opc INI, GROUP, HOST, HOST VAR [WEB] 10.0.1.100 [WAS1:children] 10.0.1.101 10.0.1.102 [WAS1:vars] some_server=test.exampl e.com INI, GROUP, CHILD GROUP & VAR • 기본 Inventory File: /etc/ansible/hosts • 별도의 경로에 별도의 파일로 생성 가능[Inventory] • host, group, group children에 대한 변 수를 별도의 파일로 관리 가능 (권장) • Managed Node (구성할 리모트 서버)에 대 한 호스트 정보를 가짐, 그룹과 호스트로 관리
  • 15.
    Playbook - Basic --- -name: Web Server Play hosts: web remote_user: opc become_method: sudo become: yes tasks: - name: add web user user: name: webuser shell: /bin/bash append: yes state: present tags: - add_web_user - name: DB Server Play hosts: db remote_user: opc tasks: - name: add db user user: name: oracle shell: /bin/bash append: yes state: present tags: - add_db_user ... YAML https://docs.ansible.com/ansible/2.4/playbooks_keywords.html Playbook keywords Playbook Keywords Tasks Module Module Input Parameters Tags Play1 Play2
  • 16.
    Playbook - Keywords --- -name: Web Server Play hosts: web remote_user: opc become_method: sudo become: yes tasks: YAML Keywords: Common Playbook Objects • Play • Role • Block • Task Keywords
  • 17.
    Playbook - Tasks --- -name: Web Server Play hosts: web remote_user: opc become_method: sudo become: yes tasks: - name: add web user user: name: 'webuser' shell: /bin/bash append: yes state: present tags: - add_web_user - name: debug debug: msg: "debug..." YAML Each task contains: • Task name • Module • Module Parameter • Conditions (when, failed_when..) • Processing directives (become, register..) Task1 Task2
  • 18.
    Playbook - Module --- -name: Web Server Play hosts: web remote_user: opc become_method: sudo become: yes tasks: - name: add web user user: name: 'webuser' shell: /bin/bash append: yes state: present tags: - add_web_user - name: debug debug: msg: "debug..." YAML https://docs.ansible.com/ansible/latest/modules/modules_by_category.html User Module Module Input Parameters Debug Module Module Input Parameters Ansible Module List
  • 19.
    Playbook - Workingwith Modules https://docs.ansible.com/ansible/latest/modules/find_module.html#find-module 예) File find Module
  • 20.
    Playbook - Workingwith Modules Input Parameters Return Values • Return Values는 Ansible에서 기본 제공하는 Common Return Value와 Internal 사용을 위한 Value를 별도 제공 https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html
  • 21.
    Playbook - Workingwith Modules - name: Recursively find /tmp files older than 2 days find: paths: /tmp age: 2d recurse: yes register: result - name: print find files result debug: msg: "{{ result }}" find Module 사용 예시 Input Parameter find Module Capture return value to a variable debug Module Print output variable < TASK [print find files result] > ok: [1.2.3.4] => { "result": { "changed": false, "examined": 3119, "files": [ { "atime": 1483973253.7295375, ... "mode": "0600", "mtime": 1483973253.7295375, "nlink": 1, "path": "/tmp/delme",
  • 22.
    Playbook - Variables --- -name: Web Server Play hosts: web vars: web user_name: webuser vars_files: - /home/user/ansible/users.yml remote_user: opc become_method: sudo become: yes tasks: - name: add web user user: name: '{{ user_name }}' shell: /bin/bash append: yes state: present tags: - add_web_user YAML --- users: - user: user1 tenancy: ocid1.tenancy.oc1.. region: ap-seoul-1 - user: user2 tenancy: ocid1.tenancy.oc1.. region: ap-seoul-1 vars ansible-playbook release.yml --extra-vars "user_name=webuser" extra vars inventory vars host_vars, group_vars - /etc/ansible/hosts/host_vars/{host} - /etc/ansible/hosts/group_vars/{group} var file facts ansible hostname -m setup - ansible_hostname, ansible_version.. Role Defaults The lowest priority of any variables available
  • 23.
    Playbook - Handler --- -name: Web Server Play hosts: web remote_user: opc become_method: sudo become: yes tasks: - name: httpd package is present yum: name: httpd state: latest notify: Restart httpd handlers: httpd package is present - name: Restart httpd service: httpd name: httpd state: restarted YAML notify handler Handlers: Running Operations On Change • Only run if triggered by the notify directive • Any module can be used for the handler action • Indicates a change in the system state
  • 24.
    Playbook - TemplatesYAML --- -name: Web Server Play hosts: web remote_user: opc become_method: sudo become: yes tasks: - name: Install nginx yum: name: nginx state: present - name: Copy nginx conf for wordpress - template: src=default.conf dest=/ etc/nginx/conf.d/default.conf notify: restart nginx server { listen {{ nginx_port }} default_server; server_name {{ server_hostname }}; root /src/wordpress/ ; client_max_body_size 64M; location ~* /(?:uploads|files)/.*.php$ { deny all; } .... • Jinja is a modern and designer-friendly templating language for Python • Jinja2 template language used in Ansible • {% … %} for control statements (conditions) • {{ … }} for expressions (variables) • {# … #} for comments (describe the task) Jinja2 Template default.conf How it works
  • 25.
    Playbook - Roles --- -name: WordPress,MariaDB,NginX, php-fpm hosts: all remote_user: opc become_method: sudo become: yes roles: - common - mariadb - nginx - php-fpm - wordpress YAML site.yml roles/ common/ tasks/ handlers/ files/ templates/ vars/ defaults/ meta/ Role Directory Structure The main list of tasks Handlers (used by this role or anywhere) Can be deployed via this role Can be deployed via this role Other variables for the role Default variables for the role Some meta data for this role Using Role Ansible Galaxy • Free site for finding, downloading, rating, and reviewing all kinds of community developed Ansible roles (https://galaxy.ansible.com) • Command line tool for Ansible Galaxy: ansible-galaxy Using ansible-galaxy • ansible-galaxy init --force common • ansible-galaxy install oracle.oci_ansible_modules • ansible-galaxy remove oracle.oci_ansible_modules • ansible-galaxy list
  • 26.
    Playbook - Conditionals& Loops Loop and Conditionals --- tasks: - command: echo {{ item }} loop: [ 0, 2, 4, 6, 8, 10 ] when: item > 5 When --- tasks: - name: "shut down Debian flavored systems" command: /sbin/shutdown -t now when: ansible_facts['os_family'] == "Debian" # note that all variables can be used directly in conditionals without double curly braces Iterating over a simple list --- - name: add several users user: name: "{{ item }}" state: present groups: "wheel" loop: - testuser1 - testuser2 Iterating over a list of hashes --- - name: add several users user: name: "{{ item.name }}" state: present groups: "{{ item.groups }}" loop: - { name: 'testuser1', groups: 'wheel' } - { name: 'testuser2', groups: 'root' } with_list --- - name: with_list debug: msg: "{{ item }}" with_list: - one - two with_items --- - name: with_items debug: msg: "{{ item }}" with_items: "{{ items }}" with_list -> loop loop and the flatten filter.
  • 27.
    Ansible Commands ansible ansible-playbook ansible-inventory ansible-galaxy ansible-doc ansible-valut ansible-pull ansible-config ansible ad-hoccommands $ ansible-playbook -i hosts -l client -t add_users make_handson_client_env.yml -e "group=handson append=yes" $ ansible-inventory -i oci_inventory.py --list $ ansible-galaxy install oracle.oci_ansible_modules $ ansible-doc file $ ansible-vault create group_vars/all $ 0 3 * * * ansible-pull -U https://github.com/mangan/ansible-pull-example -i hosts $ ansible-config list $ ansible testserver -a "ls -al" $ ansible -i hosts host1 -m ping
  • 28.
  • 29.
    Advanced Topics https://github.com/ansible/awx https://www.ansible.com/products/tower https://docs.ansible.com/ansible/latest/reference_appendices/test_strategies.html https://docs.ansible.com/ansible/latest/reference_appendices/special_variables.html https://docs.ansible.com/ansible/latest/user_guide/playbooks_best_practices.html#playbooks-best-practices Best Practices -Dynamic Inventory PlugIn - Group and Host Variables - Top Level Playbooks Are Separated By Role - Task And Handler Organization For A Role - Building Ansible Modules - Vaults Testing Strategies - The Right Level of Testing - Check Mode As A Drift Test - Modules That Are Useful for Testing - Testing Lifecycle - Integrating Testing With Rolling Updates - Achieving Continuous Deployment Special Variables - Magic - Facts - Connection Variables - Configuration UI Console - Ansible Tower - Ansible AWX
  • 30.
    Oracle Ansible Module •Dynamic Inventory Script • Security and IAM • Logging/Telemetry • Retries/Backoff • Idempotency OCI ansible modules architecture diagram • Services supported 1. Block Volume 2. Compute 3. Container Engine for Kubernetes Service (OKE) 4. Database (including support for Autonomous Transaction Processing and Autonomous Data Warehouse Services) 5. Edge Services (DNS, WAF) 6. IAM 7. Load Balancing 8. Networking 9. Object Storage 10.File Storage 11.Email Delivery 12.Search
  • 31.
    Oracle Ansible Module OCIAnsible Modules (251)
  • 32.
    Oracle Ansible DynamicInventory ansible-galaxy https://galaxy.ansible.com/oracle/oci_ansible_modules Output (JSON) ansible-inventory -i ~/.ansible/roles/oracle.oci_ansible_modules/ inventory-script/oci_inventory.py --list
  • 33.
  • 34.
  • 35.
  • 36.
    ORACLE CLOUD INFRASTRUCTURE(SEOUL REGION) Virtual Cloud Network Public Subnet 10.0.2.0/24 Internet G/W Security List (22, 80) Route Table Compute Instance1 (Oracle Linux7) Compute Instance2 (Oracle Linux7) API Terraform Hands-On 구성도
  • 37.
  • 38.
  • 39.
    ORACLE CLOUD INFRASTRUCTURE(SEOUL REGION) Virtual Cloud Network Public Subnet 10.0.2.0/24 Security List (22, 80) Route Table Compute Instance1 (Oracle Linux7) Compute Instance2 (Oracle Linux7) SSH Internet G/W Ansible Hands-On 구성도
  • 40.
    yum repository tasks: uploadfiles handler: mariadb start tasks: install mariadb template: mariadb config (jinja2 template) handler: nginx start tasks: install nginx template: nginx config handler: start php-fpm tasks: install php-fpm template: php-fpm config tasks: install wordpress template: php file group variables --- - name: Install WordPress, MariaDB, Nginx, and php-fpm hosts: all remote_user: opc become_method: sudo become: yes roles: - common - mariadb - nginx - php-fpm - wordpress 실습용 Ansible 프로젝트 구조
  • 42.
    Copyright © 2019,Oracle and/or its affiliates. All rights reserved. | Confidential – Oracle Internal/Restricted/Highly Restricted 감사합니다 42