->Introduction ->>What is Ansible? ->>Ansible history ->Basic concepts ->>Inventory ->>Playbook ->>Role ->>Module ->>Plugin ->Diving into Ansible roles ->>Getting started ->>Create a role ->>Roles under the hood ->>How to use roles?

1. Getting started with Ansible
Alexander Saprykin
Senior Software Engineer
13th October 2018

2. 2
Introduction
What is Ansible?
Ansible history
Diving into Ansible roles
Basic concepts
Inventory
Playbook
Role
Module
Plugin
Agenda
Getting started
Create a role
Roles under the hood
How to use roles?

3. BASIC CONCEPTS

4. 4
Inventory

5. 5
What is inventory?
Inventory
● Defines the infrastructure
● Static inventory - can be sourced from a text file (INI or YAML format)
● Dynamic inventory - generated from a script
● Ansible provides dozens of inventory scripts (e.g. AWS EC2, OpenStack, Docker):
https://github.com/ansible/ansible/tree/devel/contrib/inventory

6. 6
Inventory
INI YAML
all:
hosts:
mail.example.com:
children:
webservers:
hosts:
web01.example.com:
web02.example.com:
dbservers:
hosts:
db01.example.com:
db02.example.com:
db03.example.com:
mail.example.com
[webservers]
web01.example.com
web02.example.com
[dbservers]
db01.example.com
db02.example.com
db03.example.com

7. 7
Groups
Inventory
INI YAML
all:
hosts:
mail.example.com:
children:
webservers:
hosts:
web01.example.com:
web02.example.com:
dbservers:
hosts:
db01.example.com:
db02.example.com:
db03.example.com:
mail.example.com
[webservers]
web01.example.com
web02.example.com
[dbservers]
db01.example.com
db02.example.com
db03.example.com

8. 8
Hosts
Inventory
INI YAML
all:
hosts:
mail.example.com:
children:
webservers:
hosts:
web01.example.com:
web02.example.com:
dbservers:
hosts:
db01.example.com:
db02.example.com:
db03.example.com:
mail.example.com
[webservers]
web01.example.com
web02.example.com
[dbservers]
db01.example.com
db02.example.com
db03.example.com

9. 9
Inventory
INI YAML
all:
hosts:
mail.example.com:
children:
webservers:
hosts:
web01.example.com:
web02.example.com:
dbservers:
hosts:
db01.example.com:
db02.example.com:
db03.example.com:
mail.example.com
[webservers]
web01.example.com
web02.example.com
[dbservers]
db01.example.com
db02.example.com
db03.example.com

10. jumper ansible_host=192.0.2.50 ansible_port=5555
10
Parameters
Inventory
INI
YAML
all:
hosts:
jumper:
ansible_host: 192.0.2.50
ansible_port: 5555

11. 11
Playbook

12. 12
What is playbook?
Playbook
● A yaml document
● Defines set of plays
● Plays bring together inventory and tasks

13. 13
Playbook
- name: install and start nginx
hosts: web
become: yes
vars:
nginx_packages: [nginx, python-pip, python-devel, gcc]
nginx_test_message: This is a test message
nginx_keepalive_timeout: 115
tasks:
- name: install nginx packages
yum: name="{{ item }}" state=present
with_items: "{{ nginx_packages }}"
- name: install uwsgi
pip: name=uwsgi state=present

14. 14
Playbook
- name: install and start nginx
hosts: web
become: yes
vars:
nginx_packages: [nginx, python-pip, python-devel, gcc]
nginx_test_message: This is a test message
nginx_keepalive_timeout: 115
tasks:
- name: install nginx packages
yum: name="{{ item }}" state=present
with_items: "{{ nginx_packages }}"
- name: install uwsgi
pip: name=uwsgi state=present

15. 15
Playbook
- name: install and start nginx
hosts: web
become: yes
vars:
nginx_packages: [nginx, python-pip, python-devel, gcc]
nginx_test_message: This is a test message
nginx_keepalive_timeout: 115
tasks:
- name: install nginx packages
yum: name="{{ item }}" state=present
with_items: "{{ nginx_packages }}"
- name: install uwsgi
pip: name=uwsgi state=present

16. 16
Playbook
- name: install and start nginx
hosts: web
become: yes
vars:
nginx_packages: [nginx, python-pip, python-devel, gcc]
nginx_test_message: This is a test message
nginx_keepalive_timeout: 115
tasks:
- name: install nginx packages
yum: name="{{ item }}" state=present
with_items: "{{ nginx_packages }}"
- name: install uwsgi
pip: name=uwsgi state=present

17. 17
Playbook
- name: install and start nginx
hosts: web
become: yes
vars:
nginx_packages: [nginx, python-pip, python-devel, gcc]
nginx_test_message: This is a test message
nginx_keepalive_timeout: 115
tasks:
- name: install nginx packages
yum: name="{{ item }}" state=present
with_items: "{{ nginx_packages }}"
- name: install uwsgi
pip: name=uwsgi state=present

18. 18
Playbook
- name: install and start nginx
hosts: web
become: yes
vars:
nginx_packages: [nginx, python-pip, python-devel, gcc]
nginx_test_message: This is a test message
nginx_keepalive_timeout: 115
tasks:
- name: install nginx packages
yum: name="{{ item }}" state=present
with_items: "{{ nginx_packages }}"
- name: install uwsgi
pip: name=uwsgi state=present

19. 19
Playbook
- name: install and start nginx
hosts: web
become: yes
vars:
nginx_packages: [nginx, python-pip, python-devel, gcc]
nginx_test_message: This is a test message
nginx_keepalive_timeout: 115
tasks:
- name: install nginx packages
yum: name="{{ item }}" state=present
with_items: "{{ nginx_packages }}"
- name: install uwsgi
pip: name=uwsgi state=present

20. 20
Playbook
- name: install and start nginx
hosts: web
become: yes
vars:
nginx_packages: [nginx, python-pip, python-devel, gcc]
nginx_test_message: This is a test message
nginx_keepalive_timeout: 115
tasks:
- name: install nginx packages
yum: name="{{ item }}" state=present
with_items: "{{ nginx_packages }}"
- name: install uwsgi
pip: name=uwsgi state=present

21. 21
Playbook
- name: install and start nginx
hosts: web
become: yes
vars:
nginx_packages: [nginx, python-pip, python-devel, gcc]
nginx_test_message: This is a test message
nginx_keepalive_timeout: 115
tasks:
- name: install nginx packages
yum: name="{{ item }}" state=present
with_items: "{{ nginx_packages }}"
- name: install uwsgi
pip: name=uwsgi state=present

22. 22
Playbook
- name: install and start nginx
hosts: web
become: yes
vars:
nginx_packages: [nginx, python-pip, python-devel, gcc]
nginx_test_message: This is a test message
nginx_keepalive_timeout: 115
tasks:
- name: install nginx packages
yum: name="{{ item }}" state=present
with_items: "{{ nginx_packages }}"
- name: install uwsgi
pip: name=uwsgi state=present

23. 23
Playbook
- name: install and start nginx
hosts: web
become: yes
vars:
nginx_packages: [nginx, python-pip, python-devel, gcc]
nginx_test_message: This is a test message
nginx_keepalive_timeout: 115
tasks:
- name: install nginx packages
yum: name="{{ item }}" state=present
with_items: "{{ nginx_packages }}"
- name: install uwsgi
pip: name=uwsgi state=present

24. 24
Playbook
- name: install and start nginx
hosts: web
become: yes
vars:
nginx_packages: [nginx, python-pip, python-devel, gcc]
nginx_test_message: This is a test message
nginx_keepalive_timeout: 115
tasks:
- name: install nginx packages
yum: name="{{ item }}" state=present
with_items: "{{ nginx_packages }}"
- name: install uwsgi
pip: name=uwsgi state=present
with_items:
Loops through the list, executing
the task for each item.

25. 25
Include
● Import a file containing a list of tasks
● Pass parameters
● Dynamic
● Conditional
● Encourages code reuse

26. 26
Include
- name: Add hostname
include: add_hostname.yml
- name: Add hostname
include: add_hostname.yml
param: ”{{ item }}”
with_items: [1, 2, 3]
- name: Get the client assets
include: “{{ ansible_os_family }}.yml”

27. 27
Include
- name: Add hostname
include: add_hostname.yml
- name: Add hostname
include: add_hostname.yml
param: ”{{ item }}”
with_items: [1, 2, 3]
- name: Get the client assets
include: “{{ ansible_os_family }}.yml”

28. 28
Include
- name: Add hostname
include: add_hostname.yml
- name: Add hostname
include: add_hostname.yml
param: ”{{ item }}”
with_items: [1, 2, 3]
- name: Get the client assets
include: “{{ ansible_os_family }}.yml”

29. 29
Include
- name: Add hostname
include: add_hostname.yml
- name: Add hostname
include: add_hostname.yml
param: ”{{ item }}”
with_items: [1, 2, 3]
- name: Get the client assets
include: “{{ ansible_os_family }}.yml”

30. 30
Role
● Self-contained, reusable, complete unit of work
● Decoupled from assumptions made by plays
● Decoupled from inventory
● Encourages collaboration

31. 31
Module
● Called by a task (or used ad-hoc)
● Perform an action on a target host
● Can take direct action, wrap a command line tool, or talk to an API
● Ansible includes a 100’s of modules:
https://github.com/ansible/ansible/tree/devel/lib/ansible/modules

32. 32
Facts
● Provided by setup module
● Returned by modules
● Created using set_fact module
● Use for variable substitution, and conditional checks

33. 33
Plugin
● Augments Ansible core functionality
● Plugin types: action, cache, callback, connection, filter, lookup, shell, strategy,
terminal, test, vars
● Examples:
○ connection: local, ssh, docker, chroot
○ action: copy, fetch, synchronize
● See full list at https://github.com/ansible/ansible/tree/devel/lib/ansible/plugins

34. DIVING INTO ANSIBLE ROLES

35. 35
Getting started

36. 36
Playbooks
● Made up of plays
● Plays are opinionated: become, gather_facts, connection, vars, etc.
● Assume a specific inventory
● Target a specific use case
● Generally not reusable

37. 37
Example playbook
- name: install uwsgi
pip: name=uwsgi state=present
- name: copy default.conf
template: src=templates/nginx.conf.j2 dest=/etc/nginx/nginx.conf
> backup=yes
notify: start nginx
- name: copy index.html
template: src=templates/index.html.j2
> dest=/usr/share/nginx/html/index.html
notify: start nginx
# ...

38. 38
Example playbook
# ...
- name: get response
uri: url=http://localhost/ return_content: yes
register: response
until: 'nginx_test_message in response.content'
retries: 10
delay: 1
handlers:
- name: start nginx
service: name=nginx state=started enabled=yes

39. 39
Roles
● Decoupled from inventory and plays
● Not Just a set of tasks
● Self-contained, reusable, complete unit of work

40. 40
● Install packages
● Update configuration
● Run tests
● Package software
● Build images
● Orchestrate containers
What you can do with roles?

41. 41
Switch to a role
- name: install and start nginx
hosts: web
become: yes
roles:
- role: install-nginx
packages:
- nginx
- python-pip
- python-devel
- gcc
nginx_test_message: This is a test message
nginx_keepalive_timeout: 115

42. 42
Switch to a role
- name: install and start nginx
hosts: web
become: yes
roles:
- role: install-nginx
packages:
- nginx
- python-pip
- python-devel
- gcc
nginx_test_message: This is a test message
nginx_keepalive_timeout: 115

43. 43
Switch to a role
- name: install and start nginx
hosts: web
become: yes
roles:
- role: install-nginx
packages:
- nginx
- python-pip
- python-devel
- gcc
nginx_test_message: This is a test message
nginx_keepalive_timeout: 115

44. 44
Switch to a role
- name: install and start nginx
hosts: web
become: yes
roles:
- role: install-nginx
packages:
- nginx
- python-pip
- python-devel
- gcc
nginx_test_message: This is a test message
nginx_keepalive_timeout: 115

45. 45
Create a role

46. 46
From scratch
Create a role
1. Create a roles directory
2. Create a minimal role directory structure:
mkdir -p ./roles/nginx-install/tasks/
3. Start writing your tasks in main.yml file in tasks directory

47. 47
From template
Create a role
● Ansible Galaxy client tool
ansible-galaxy init nginx-install
● Creates a complete directory structure
● Creates default files

48. 48
From Ansible Galaxy (...or more)
Or just download one
● From Ansible Galaxy - https://galaxy.ansible.com
ansible-galaxy install <namespace>.<role-name>
● From Git
ansible-galaxy install git+https://github.com/acme/nginx-install.git
● ...

49. 49
Where are my roles?
● ANSIBLE_ROLES_PATH
● ansible.cfg
● Provide a colon : separated list of paths
● roles directory next to the playbook
[defaults]
roles_path=/path/to/roles

50. 50
Roles under the hood

51. 51
Role structure
roles/
└── install-nginx/
├── .travis.yml
├── README.md
├── defaults/
│ └── main.yml
├── files/
├── handles/
├── meta/
├── tasks/
│ └── main.yml
├── templates/
├── tests/
└── vars/

52. 52
Tasks
● tasks directory
● Entrypoint: tasks/main.yml
● Contains the main list of tasks to be executed by the role
● Tie together handlers, templates, files, variables and defaults

53. 53
Tasks
- name: install nginx packages
yum: name="{{ item }}" state=present
with_items: "{{ nginx_packages }}"
- name: install uwsgi
pip: name=uwsgi state=present
- name: copy default.conf
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf backup=yes
...

54. 54
● handlers directory
● Entrypoint: handlers/main.yml
● Module indicates when a change has been made
● In response to a change, a notify action can be triggered
● Notify handlers by name…
● … or by topic - new in Ansible 2.2
Handlers

55. ...
- name: copy index.html
template: src=index.html.j2 dest=/usr/share/nginx/html/index.html
notify: start nginx
...
55
Handlers
Task from tasks/main.yml

56. - name: start nginx
service: name=nginx state=started enabled=yes
56
Handlers by name
Handler from handlers/main.yml

57. - name: start and enable nginx
service: name=nginx state=started enabled=yes
listen: start nginx
- name: Restart and enable supervisord
service: name=supervisord state=restarted enabled=yes
listen: start nginx
57
Handlers by topic
Handler from handlers/main.yml

58. 58
● files is the base directory for copy and synchronize modules
● Files are copied to the target node
● templates is the base directory for the template module
● Templates contain variables - during execution, the file is transformed, and the result
is copied to the target node
● Ansible uses Jinja2 as a template engine:
https://docs.ansible.com/ansible/latest/user_guide/playbooks_templating.html
Files and templates

59. roles/
└── install-nginx/
├── ...
└── templates/
├── index.html.j2
└── nginx.conf.j2
59
Templates

60. - name: copy default.conf
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf backup=yes
- name: copy index.html
template: src=index.html.j2 dest=/usr/share/nginx/html/index.html
notify: start nginx
60
Templates
tasks/main.yml

61. ...
http {
...
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout {{ nginx_keepalive_timeout }};
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
61
Templates
templates/nginx.conf.j2

62. ...
<body>
<div class="container">
<img src="/static/images/happy-cow.png"/>
<p>{{ nginx_test_message }}</p>
</div>
<footer>Ansible by Red Hat</footer>
</body>
</html>
...
62
Templates
templates/index.html.j2

63. 63
● defaults/main.yml
○ Defines variables the user can override to change role behavior (e.g.
conditionals, configuration settings)
● variables/main.yml
○ Used by the author to organize the role (e.g. constants, choices)
○ Add additional files to dynamically shape the role
Variables

64. packages:
- nginx
- python-pip
- python-devel
- gcc
nginx_test_message: Hello World!
nginx_keepalive_timeout: 65
64
Templates
defaults/main.yml

65. 65
● meta/main.yml
● Resolved at install
● Executed before the role
● Recursive
● Each dependency executed once only
Dependencies

66. ---
dependencies:
- { role: common, some_parameter: 3 }
- { role: apache, apache_port: 80 }
- { role: postgres, dbname: blarg, other_parameter: 12 }
66
Dependencies
meta/main.yml

67. ...
dependencies:
- src: git+https://github.com/redhat/ansible-role-common.git
version: v1.0.0
name: common
some_parameter: 3
67
Dependencies
From SCM

68. ...
dependencies:
- role: geerlingguy.php-fpm
some_parameter: 3
68
Dependencies
From Galaxy

69. 69
● README.md
● meta/main.yml
● Example playbook
Documentation

70. ● library directory - add custom modules
● See: https://docs.ansible.com/ansible/latest/dev_guide/developing_plugins.html
● <type>_plugin - add custom plugin
● See: https://docs.ansible.com/ansible/2.5/dev_guide/developing_modules.html
70
Modules and plugins

71. 71
● Jeff Geerling (https://github.com/geerlingguy)
○ https://github.com/geerlingguy?tab=repositories&q=ansible-role
● DebOps
https://github.com/debops/debops
Some examples

72. 72
How to use roles?

73. 73
● Play can include roles and tasks
○ Roles are executed first, then tasks
○ For readability, list roles first
● Consider surfacing all defaults in the playbook
○ Make the playbook self-documenting
In a play

74. 74
In a play
hosts: web
name: install and start nginx with wsgi
become: yes
roles:
- role: install-nginx
packages:
- nginx
- python-pip
- python-devel
- gcc
nginx_test_message: This is a test message
nginx_keepalive_timeout: 115

75. 75
● New in Ansible 2.2
● include_role
● Treats the role more like a task
In a task

76. 76
In a play
- name: Run my role
include_role:
name: myrole
- name: Run tasks/other.yml instead of 'main'
include_role:
name: myrole
tasks_from: other
- name: Pass variables to role
include_role:
name: myrole
vars:
rolevar1: 'value from task'

77. 77
In a play
- name: Run my role
include_role:
name: myrole
- name: Run tasks/other.yml instead of 'main'
include_role:
name: myrole
tasks_from: other
- name: Pass variables to role
include_role:
name: myrole
vars:
rolevar1: 'value from task'

78. 78
In a play
- name: Run my role
include_role:
name: myrole
- name: Run tasks/other.yml instead of 'main'
include_role:
name: myrole
tasks_from: other
- name: Pass variables to role
include_role:
name: myrole
vars:
rolevar1: 'value from task'

79. 79
In a play
- name: Run my role
include_role:
name: myrole
- name: Run tasks/other.yml instead of 'main'
include_role:
name: myrole
tasks_from: other
- name: Pass variables to role
include_role:
name: myrole
vars:
rolevar1: 'value from task'

80. 80
In a play
- name: Use role in loop
include_role:
name: myrole
with_items:
- '{{ roleinput1 }}'
- '{{ roleinput2 }}'
- name: Conditional role
include_role:
name: myrole
when: not some_condition

81. 81
In a play
- name: Use role in loop
include_role:
name: myrole
with_items:
- '{{ roleinput1 }}'
- '{{ roleinput2 }}'
- name: Conditional role
include_role:
name: myrole
when: not some_condition

82. QUESTIONS?

83. THANK YOU
plus.google.com/+RedHat
linkedin.com/company/red-hat
youtube.com/user/RedHatVideos
facebook.com/redhatinc
twitter.com/RedHat