Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Ansible @ WebElement 2015


Published on

Automation integration for systems @ VisualDNA.

Published in: Software
  • Be the first to comment

  • Be the first to like this

Ansible @ WebElement 2015

  1. 1. Automation with Ansible @
  2. 2. 2 About me Michal Maxo Maxian • 15+ years Linux sysadmin • DevOps @ VisualDNA now • Startuper, non-profit • Squash, beer, table-football Twitter @mmaxian Linked in too
  3. 3. 3 Our implementation Our environment
  4. 4. 4 Ansible = UNIX admin wet dream • Easy to start • Only ssh public key and sudo definition on machines • Agent-less • Easy to run (I have 5 aliases) • Fast runs • Good docs - • Good debugging
  5. 5. 5 Ansible plugins • Many plugins • Files, copy, lineinfile, replace, template • Shell, firewall, cron, apt, rpm, pip, pingdom, nagios • Docker, ec2, vsphere_guest, lxc_containers, openstack • Jira, htpasswd, jboss • Mysql, postgresql, redis, riak • Many more…
  6. 6. 6 Developer’s POV • asi ako hociaky takyto system zavadza jeden standard, resp. taky common ground ako sa veci robia, tym padom zvysuje produktivitu a manazovatelnost • tym ze je to niekde verzovane tak je prehlad a popis systemu a ulahcuje prelinanie sveta sys a dev • je to dalsi faktor ktory nuti ludi automatizovat, resp. ich uci automatizovat - vytvara navyk • blizke developerom, kedze je to skor skladacka nad bashom, pomerne rychlo naucitelne, ziadne super specialne dsl a konstrukty z konkretnejsich veci pre mna z pohladu dev • nepotrebuje ziadne prerekvizity na "klientoch" (okrem ssh a prav) • celkom je navrhnuty tak ze podporuje reusability (cez skladanie a dedicnost) • vytvaranie devel prostredi (resp. to potom mozu byt aj produkcne prostredia) spolu s vagrantom (cez roznych providerov - tam uz aj docker je, nie len virtualbox) • viem si predstavit aj ze si urobim playbook co mi nabootstrapuje moju samotnu devel masinu ked zmenim notebook (a tam pouzije aj dotfiles :D) • tym padom teda aj automatizacia veci na lokalnom kompe - napr. co si clovek niekedy robil v bashi skripty moze robit ansible playbooky
  7. 7. 7 Developer’s POV • Environment Unification • Build your dev environment from prod receipt Prod = Stag = Dev • Automation of local machine build • Automation is good
  8. 8. 8 Puppet vs Ansible Agent oriented Auto-run per day Terrible secret management Template After big code in really slow run Better cfg and role mngmt via UI UI (FOREMAN) CLI 20k lines of code Agent-less Easy to start Easy to write Fast runs Secret management via vault Templates Bad cfg mngmt Lack of UI Solid CLI ~5000 lines of code
  9. 9. 9 Why not Puppet • Templates are not easy • Call of variables • No secrets in • After 10k lines of code it’s total mess • Migration to ansible took 2 month • After that we have only “short” ansible git repo X
  10. 10. 10 Ansible structure • Inventory • Vault • Variables • Roles • Playbooks • Tasklist • Meta • Vault • Variables • Templates • Playbooks • Tasklist o All systems inventory o Per inventory variables and vaults (with passwords) o Role definition (per service) o Tasklist are grouped in playbooks o Dependencies definitions o Variables and vaults could be defined in roles o Templates to modify configs with variables o Main playbooks definitions o Tasklist and playbook are defined as yml file
  11. 11. 11 Role hbase.yml playbook file - hosts: hbase_clients_prod gather_facts: no tags: - hbase - hbase_clients roles: - role: hbase_client tags: hbase_client_prod,hbase_client ns: prod Role hbase_client files . ./defaults ./defaults/main.yml ./meta ./meta/main.yml ./tasks ./tasks/main.yml ./templates ./templates/hbase.wrapper.j2 # ansible-playbooks –i ./inventories/production -s --vault-password-file=~/.ansible_vault.password hbase.yml
  12. 12. 12 Playbook / Tasklist # cat tasks/main.yml --- - apt: name={{item}} state=latest with_items: - hbase - name: Installing wrappers template: dest=/usr/local/bin/{{item}}.{{ns|mandatory}} src={{item}}.wrapper.j2 mode=755 with_items: - hbase
  13. 13. 13 Inventories $ cat inventories/production/hosts [standalone:children] blog public_sftp [blog] eu-blog-p01 standalone=true [public_sftp] eu-comms-p01 standalone=true [report] bl-analytics-p01 [reporting] bl-reporting-p01 [hdpctrl] bl-hdpctrl-p01 bl-hdpctrl-p02 bl-hdpctrl-p03 ./group_vars ./group_vars/all ./group_vars/all/kafka ./group_vars/all/vars ./group_vars/all/vault ./group_vars/app ./group_vars/app/rlsa ./group_vars/backoffice_loadbalancers ./group_vars/cassandra ./group_vars/crystalball ./group_vars/dsppipe ./group_vars/dspstream ./group_vars/eu_zookeeper ./group_vars/events ./group_vars/events/environment ./group_vars/events/vars ./group_vars/hw_R720_6hdd ./group_vars/mgmt ./group_vars/mgmt_slaves ./group_vars/mysql_cluster ./group_vars/rdpipe ./group_vars/risk_analytics ./group_vars/web ./group_vars/yarnpoc ./group_vars/zookeeper ./host_vars/bl-dev-p01 ./host_vars/bl-dsppipe-p01 ./host_vars/bl-dspstream-p01 ./host_vars/bl-message-p01 ./host_vars/bl-message-p02 ./host_vars/bl-message-p03 ./host_vars/bl-mgmt-p02 ./host_vars/bl-monitor-p01 ./host_vars/bl-queue-p01 ./host_vars/bl-queue-p02 ./host_vars/bl-queue-p03 ./host_vars/bl-rdpipe-p02 ./host_vars/bl-stream-p01 ./host_vars/bl-stream-p02 ./host_vars/bl-stream-p03 ./host_vars/bl-yarnpoc-p01 ./host_vars/eu-blog-p01 ./host_vars/eu-comms-p01 ./host_vars/eu-events-p01 ./host_vars/eu-events-p02 ./host_vars/eu-events-p03 ./host_vars/eu-mgmt-p01 ./host_vars/eu-mgmt-p02 ./host_vars/eu-zookeeper-p01 ./host_vars/eu-zookeeper-p02 ./host_vars/eu-zookeeper-p03 $ cat ./host_vars/eu-mgmt-p02 bind_config_master_forwarders: - - - variables per group of hosts variables per host
  14. 14. 14 Vault alias ansvp='ansible-vault edit inventories/production/group_vars/all/vault' alias ansvs='ansible-vault edit inventories/staging/group_vars/all/vault' cat inventories/staging/group_vars/all/vault $ANSIBLE_VAULT;1.1;AES256 37353536303939353064363931623563363361383336303864626366383861353634316462373537 3765313034316437333833636134616333363263383032380a363537643765663039353532323361 64646464663464326261346632303930633135383161396135336161616361383862633662316337 3064313063646365330a626338383235626239383233656166376334353730396132373261366265 65633735383937653663636663306531353664353339316136303266633065386131393566373732 37333361653531653036656265633262363364643237386533393134343231663330646232343166 39656235333730616662623663623762666263383066666266316661653662353763643739366364 30663562383531353365646463653935346233356663333837623839323833366663353361386539 35663165373865666536336436616162653564666164366132626164383036313338313161346261 38343737666664383734343762616133363631613834393637646332626337663831636636316161 63373837383132633536343838386634336666353639356630303339323532343032643236626139 32303230633238666534343638333665303334363733623934346537666332323035663239313333 64336363313465336336326366376239666563373134303532393935643364643064613839646433 39616530326635316638323234646535643030376432663964313765313963336430656333333866 31306163306230653333313965356338373261353764666434343434616463353361626563393762 62383833613765646463373761343530373663356532663664306164303361353332396236313966 62643166663636633664626266373663373838663031636337646566636439376436333339326135 30336264326439383031633663323430393664313164356464333636653463646330306339323134 62663635386138636135333037313838353531336531353466363233393362343763636538666439 39626334353765393233333763376162343030613837643138303537353266323066343136333361 36323764343430343735356333663233663830383333363164393736323030373535643361643765 61306363303735616630373330356232393562363339353463663833373536306133616465653639 38316538353834363438373939386634303635663830653732326463396331333335333334613634 35316537396130326339636531303530393931663534636265653763393565333233383230323461 37633332666430373134633062366365333466346466333437393235666639383966396562363333 All secrets in one place
  15. 15. 15 Cons Problem with big bunch of features and roles • Complexity is problem all the time. Problem with dependencies • Best practice to write dependencies meta Store playbooks via service • Security, Apache, Backups, etc. We integrated ansible run into jenkins run when we are running VM creation. Best to have it in git repo to track changes.
  16. 16. 16 We are looking for new colleagues 2 frontend developers Q A&