SlideShare a Scribd company logo
1 of 34
Download to read offline
Go Faster with Ansible
Richard Donkin
@rdonkin
$ whoami
• Richard Donkin
• DevOps engineer / contractor
• Ansible, Vagrant, Docker, Linux, AWS,
databases, …
• Experience of sys admin, DevOps,
backend dev, architecture, startups, …
@rdonkin
linkedin.com/in/rdonkin
Goal: Faster Correct Setup
Servers
Apps
Developers
• Correct configuration
• No snowflake servers
• Dev, Test, Production
Infrastructure
As
Code
Infrastructure as Code
Software processes for server configs:
• Code review
• Version control
• Automated tests
• Automated push to servers
What is Configuration Management?
Code that Controls Config
What Ansible Does
Configuration Management
App Deployment
• Basic, "Atomic", zero downtime, ...
Orchestration
• Sequence operations on servers, APIs, etc.
• Harder with Configuration Management
Why Ansible?
• Agentless & serverless
• Simple
• Sequential
• Declarative tasks
• “Ensure nginx installed”
• Enables idempotence
• Easy to learn
• Scales to complex cloud orchestration
Quick Install
Mac:
brew install ansible
Debian/Ubuntu:
sudo apt-add-repository ppa:ansible/ansible
sudo apt-get install -y ansible
RHEL/CentOS: use EPEL, then:
sudo yum –y install ansible
Any Linux (latest Ansible, requires Python):
sudo easy_install pip
sudo pip install ansible
Hello PHPMailer
Playbooks
Tasks
Idempotence
Key Concepts
Playbook = series of tasks
• Targets one server or thousands
• Servers defined by Inventory
Task = "ensure X is done" action
Play = set of tasks in playbook
Running a Playbook (1)
Running a Playbook (2)
Tasks will "skip" if state already OK
(Idempotence)
Writing a Playbook
Play – hosts to process, become == sudo
Tasks - descriptive name
- invoke module (apt) with parameters
Play
Task
The Secret Life of Tasks
Each task runs SSH commands that
• Upload a Module (e.g. apt)
• Run module with task's parameters
• Return JSON output
Inventory and Variables
Group your servers and assign key parameters ("variables")
[web]
10.0.1.51
10.0.1.52
[db]
10.0.1.61
[web:vars]
ansible_port=2222
$ ansible-playbook -i prod apache.yml --limit web
Run different Ansible code per group
Recommended:
• Inventory file per environment (or dynamic inventory)
• Put vars in group_vars/mygroup/vars.yml
Apache Playbook (1)
Vars = parameters for this playbook
Can be in separate include files
Or attach to hosts or host-groups in Inventory
- e.g. Listening IP address should be in inventory
Apache Playbook (2)
template task runs Jinja2 on local file and copies to
server
notify sends event to Handler
- Each Handler runs just once, at end of whole playbook
- Restart a service, notify Slack, ...
Apache Playbook (3)
service task uses systemctl to enable start on boot
- {{ apache_service }} instantiates var with Jinja2
Handler restarts apache at end if any task does a notify
Apache Playbook
Playbooks
Variables
Handlers
Modules (1)
Over 840 modules "in the box"
- Git, yum, apt, compose, pear, pip, …
- Copy files, template files
- Edit files
- Permissions, ownership, SELinux
- Services – systemd, sysvinit, ...
- Crontabs
- MySQL, PostgreSQL, MongoDB, ...
Modules (2)
More modules (AWS alone has 87)
- Firewalls, routers, switches, ...
- AWS, Google, Digital Ocean, ...
- Docker, VMware, …
- Fallback to shell, upload script, …
Runs best on Linux/Unix including Mac
Windows as a target only
Roles
"Modularised playbooks"
- Split playbook into folder per type of content
- defaults folder for "parameter vars"
- vars folder for "role vars" – hard to override
- meta folder for role dependencies
Vars
Tasks
Handlers
Apache + PHP
playbook
Apache
role
PHP
role
Roles
Use Roles for everything!
Skinny playbooks + modular roles
Ideal playbook only calls roles, not tasks
Typical roles:
• mysql
• apache
• php, php-fpm
• deploy-app
"Wrapper roles" to invoke third party roles
Ansible Galaxy
Hub for 1000s of roles: galaxy.ansible.com
Discovery: Galaxy, GitHub, blogs, …
Assess quality carefully
Install the roles needed by project:
ansible-galaxy install –r requirements.yml
Pin the role to a version or Git commit
Testing Infra Code
Basic testing:
- Separate test playbook using Vagrant VM
- Travis CI popular for open source
- Smoke test at end of playbook:
Test frameworks:
- Test-Kitchen, ServerSpec, InSpec, testinfra
- Run whole series of tests - easier diagnosis
One Liners
Ad hoc command on single host, or group from inventory
Drupal VM
Create a VM with one command: vagrant up
Ansible: 37 roles, 630 tasks, 7,200 lines of code
Drupal VM
Multiple Roles
Trellis: Modern WordPress
Near Twelve Factor WordPress
• Dev to Prod
• PHP 7.1, A+ SSL, HTTP/2, WP-CLI, …
• Example: rightsinfo.org
Related roots.io projects:
• Bedrock (WP boilerplate)
• Sage (starter theme)
• Some commercial add-ons
Example project (blog post):
• Install node, gulp, bower, Vagrant plugins
• vagrant up
• Some fixes required for Ansible 2.2
Resources
Book: Ansible for DevOps by Jeff Geerling – regular updates
Help: Stack Overflow, Ansible IRC + email lists
Roles:
• Geerlingguy roles – wide range – pragmatic & well maintained
• Ansistrano: Deploying PHP apps demo (atomic model)
Projects:
• Drupal-VM – http://drupalvm.com
• Trellis - https://roots.io/trellis/ - very complete WordPress setup
• Use example project – requires node, bower & gulp
Best practices: Ansible.com, blogs by Leucos and Nylas
Podcasts: Arrested DevOps – general DevOps and Infra as Code
Thank You
Richard Donkin
@rdonkin
linkedin.com/in/rdonkin
Traction – Google Trends, 5 years
Advanced: Write a Module
Much more common to write a role
Required for major new features:
• New API
• New package tool
• New container format
Most modules written in Python
Any language works: PHP, C, Go, Perl, …
Writing a module using PHP

More Related Content

What's hot

Getting started with Ansible
Getting started with AnsibleGetting started with Ansible
Getting started with AnsibleIvan Serdyuk
 
Docker ansible-make-chef-puppet-unnecessary-minnihan
Docker ansible-make-chef-puppet-unnecessary-minnihanDocker ansible-make-chef-puppet-unnecessary-minnihan
Docker ansible-make-chef-puppet-unnecessary-minnihanjbminn
 
Managing Your Cisco Datacenter Network with Ansible
Managing Your Cisco Datacenter Network with AnsibleManaging Your Cisco Datacenter Network with Ansible
Managing Your Cisco Datacenter Network with Ansiblefmaccioni
 
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'rmcleay
 
docker build with Ansible
docker build with Ansibledocker build with Ansible
docker build with AnsibleBas Meijer
 
Ansible Introduction
Ansible Introduction Ansible Introduction
Ansible Introduction Robert Reiz
 
DevOps, A brief introduction to Vagrant & Ansible
DevOps, A brief introduction to Vagrant & AnsibleDevOps, A brief introduction to Vagrant & Ansible
DevOps, A brief introduction to Vagrant & AnsibleArnaud LEMAIRE
 
DevOps for Humans - Ansible for Drupal Deployment Victory!
DevOps for Humans - Ansible for Drupal Deployment Victory!DevOps for Humans - Ansible for Drupal Deployment Victory!
DevOps for Humans - Ansible for Drupal Deployment Victory!Jeff Geerling
 
Ansible new paradigms for orchestration
Ansible new paradigms for orchestrationAnsible new paradigms for orchestration
Ansible new paradigms for orchestrationPaolo Tonin
 
Learn you some Ansible for great good!
Learn you some Ansible for great good!Learn you some Ansible for great good!
Learn you some Ansible for great good!David Lapsley
 
Infrastructure Automation with Chef & Ansible
Infrastructure Automation with Chef & AnsibleInfrastructure Automation with Chef & Ansible
Infrastructure Automation with Chef & Ansiblewajrcs
 
Automated Deployments with Ansible
Automated Deployments with AnsibleAutomated Deployments with Ansible
Automated Deployments with AnsibleMartin Etmajer
 
Ansible module development 101
Ansible module development 101Ansible module development 101
Ansible module development 101yfauser
 
Automation with Ansible and Containers
Automation with Ansible and ContainersAutomation with Ansible and Containers
Automation with Ansible and ContainersRodolfo Carvalho
 
Deploying PHP Applications with Ansible
Deploying PHP Applications with AnsibleDeploying PHP Applications with Ansible
Deploying PHP Applications with AnsibleOrestes Carracedo
 
Ansible: How to Get More Sleep and Require Less Coffee
Ansible: How to Get More Sleep and Require Less CoffeeAnsible: How to Get More Sleep and Require Less Coffee
Ansible: How to Get More Sleep and Require Less CoffeeSarah Z
 

What's hot (20)

Network automation (NetDevOps) with Ansible
Network automation (NetDevOps) with AnsibleNetwork automation (NetDevOps) with Ansible
Network automation (NetDevOps) with Ansible
 
Getting started with Ansible
Getting started with AnsibleGetting started with Ansible
Getting started with Ansible
 
Ansible and AWS
Ansible and AWSAnsible and AWS
Ansible and AWS
 
Ansible intro
Ansible introAnsible intro
Ansible intro
 
Docker ansible-make-chef-puppet-unnecessary-minnihan
Docker ansible-make-chef-puppet-unnecessary-minnihanDocker ansible-make-chef-puppet-unnecessary-minnihan
Docker ansible-make-chef-puppet-unnecessary-minnihan
 
Ansible - A 'crowd' introduction
Ansible - A 'crowd' introductionAnsible - A 'crowd' introduction
Ansible - A 'crowd' introduction
 
Managing Your Cisco Datacenter Network with Ansible
Managing Your Cisco Datacenter Network with AnsibleManaging Your Cisco Datacenter Network with Ansible
Managing Your Cisco Datacenter Network with Ansible
 
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
 
docker build with Ansible
docker build with Ansibledocker build with Ansible
docker build with Ansible
 
Ansible Introduction
Ansible Introduction Ansible Introduction
Ansible Introduction
 
DevOps, A brief introduction to Vagrant & Ansible
DevOps, A brief introduction to Vagrant & AnsibleDevOps, A brief introduction to Vagrant & Ansible
DevOps, A brief introduction to Vagrant & Ansible
 
DevOps for Humans - Ansible for Drupal Deployment Victory!
DevOps for Humans - Ansible for Drupal Deployment Victory!DevOps for Humans - Ansible for Drupal Deployment Victory!
DevOps for Humans - Ansible for Drupal Deployment Victory!
 
Ansible new paradigms for orchestration
Ansible new paradigms for orchestrationAnsible new paradigms for orchestration
Ansible new paradigms for orchestration
 
Learn you some Ansible for great good!
Learn you some Ansible for great good!Learn you some Ansible for great good!
Learn you some Ansible for great good!
 
Infrastructure Automation with Chef & Ansible
Infrastructure Automation with Chef & AnsibleInfrastructure Automation with Chef & Ansible
Infrastructure Automation with Chef & Ansible
 
Automated Deployments with Ansible
Automated Deployments with AnsibleAutomated Deployments with Ansible
Automated Deployments with Ansible
 
Ansible module development 101
Ansible module development 101Ansible module development 101
Ansible module development 101
 
Automation with Ansible and Containers
Automation with Ansible and ContainersAutomation with Ansible and Containers
Automation with Ansible and Containers
 
Deploying PHP Applications with Ansible
Deploying PHP Applications with AnsibleDeploying PHP Applications with Ansible
Deploying PHP Applications with Ansible
 
Ansible: How to Get More Sleep and Require Less Coffee
Ansible: How to Get More Sleep and Require Less CoffeeAnsible: How to Get More Sleep and Require Less Coffee
Ansible: How to Get More Sleep and Require Less Coffee
 

Viewers also liked

DevOps with Ansible
DevOps with AnsibleDevOps with Ansible
DevOps with AnsibleSwapnil Jain
 
Integrating Web Apps with Canvas - Salesforce1 World Tour
Integrating Web Apps with Canvas - Salesforce1 World TourIntegrating Web Apps with Canvas - Salesforce1 World Tour
Integrating Web Apps with Canvas - Salesforce1 World TourRichard Donkin
 
Druid realtime indexing
Druid realtime indexingDruid realtime indexing
Druid realtime indexingSeoeun Park
 
Near Real Time Indexing Kafka Messages into Apache Blur: Presented by Dibyend...
Near Real Time Indexing Kafka Messages into Apache Blur: Presented by Dibyend...Near Real Time Indexing Kafka Messages into Apache Blur: Presented by Dibyend...
Near Real Time Indexing Kafka Messages into Apache Blur: Presented by Dibyend...Lucidworks
 
Building and deploying PHP applications with Phing
Building and deploying PHP applications with PhingBuilding and deploying PHP applications with Phing
Building and deploying PHP applications with PhingMichiel Rook
 
The User Experience Brief
The User Experience BriefThe User Experience Brief
The User Experience BriefJohn Yesko
 
User Experience: A Lean UX Process
User Experience: A Lean UX ProcessUser Experience: A Lean UX Process
User Experience: A Lean UX ProcessRicardo Luiz
 
2014 UX/UI trends for mobile solutions
2014 UX/UI trends for mobile solutions2014 UX/UI trends for mobile solutions
2014 UX/UI trends for mobile solutionsDMI
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentationJohn Lynch
 
Holy Crap! You Can Get Fired For Social Media Posts?
Holy Crap! You Can Get Fired For Social Media Posts?Holy Crap! You Can Get Fired For Social Media Posts?
Holy Crap! You Can Get Fired For Social Media Posts?Eric T. Tung
 
How to build a great coding culture
How to build a great coding cultureHow to build a great coding culture
How to build a great coding cultureMark Halvorson
 
Final venture outlook 2016
Final venture outlook 2016Final venture outlook 2016
Final venture outlook 2016Mark Suster
 
SpringOwl's 99 Page Presentation On How To Best Turnaround Yahoo!
SpringOwl's 99 Page Presentation On How To Best Turnaround Yahoo!SpringOwl's 99 Page Presentation On How To Best Turnaround Yahoo!
SpringOwl's 99 Page Presentation On How To Best Turnaround Yahoo!Eric Jackson
 
DocSend Fundraising Research: What we Learned from 200 Startups Who Raised $360M
DocSend Fundraising Research: What we Learned from 200 Startups Who Raised $360MDocSend Fundraising Research: What we Learned from 200 Startups Who Raised $360M
DocSend Fundraising Research: What we Learned from 200 Startups Who Raised $360MDocSend
 
Ansible tips & tricks
Ansible tips & tricksAnsible tips & tricks
Ansible tips & tricksbcoca
 

Viewers also liked (18)

DevOps with Ansible
DevOps with AnsibleDevOps with Ansible
DevOps with Ansible
 
Integrating Web Apps with Canvas - Salesforce1 World Tour
Integrating Web Apps with Canvas - Salesforce1 World TourIntegrating Web Apps with Canvas - Salesforce1 World Tour
Integrating Web Apps with Canvas - Salesforce1 World Tour
 
Ansible 101
Ansible 101Ansible 101
Ansible 101
 
Wiad17
Wiad17Wiad17
Wiad17
 
Ansible
AnsibleAnsible
Ansible
 
Druid realtime indexing
Druid realtime indexingDruid realtime indexing
Druid realtime indexing
 
Near Real Time Indexing Kafka Messages into Apache Blur: Presented by Dibyend...
Near Real Time Indexing Kafka Messages into Apache Blur: Presented by Dibyend...Near Real Time Indexing Kafka Messages into Apache Blur: Presented by Dibyend...
Near Real Time Indexing Kafka Messages into Apache Blur: Presented by Dibyend...
 
Building and deploying PHP applications with Phing
Building and deploying PHP applications with PhingBuilding and deploying PHP applications with Phing
Building and deploying PHP applications with Phing
 
The User Experience Brief
The User Experience BriefThe User Experience Brief
The User Experience Brief
 
User Experience: A Lean UX Process
User Experience: A Lean UX ProcessUser Experience: A Lean UX Process
User Experience: A Lean UX Process
 
2014 UX/UI trends for mobile solutions
2014 UX/UI trends for mobile solutions2014 UX/UI trends for mobile solutions
2014 UX/UI trends for mobile solutions
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentation
 
Holy Crap! You Can Get Fired For Social Media Posts?
Holy Crap! You Can Get Fired For Social Media Posts?Holy Crap! You Can Get Fired For Social Media Posts?
Holy Crap! You Can Get Fired For Social Media Posts?
 
How to build a great coding culture
How to build a great coding cultureHow to build a great coding culture
How to build a great coding culture
 
Final venture outlook 2016
Final venture outlook 2016Final venture outlook 2016
Final venture outlook 2016
 
SpringOwl's 99 Page Presentation On How To Best Turnaround Yahoo!
SpringOwl's 99 Page Presentation On How To Best Turnaround Yahoo!SpringOwl's 99 Page Presentation On How To Best Turnaround Yahoo!
SpringOwl's 99 Page Presentation On How To Best Turnaround Yahoo!
 
DocSend Fundraising Research: What we Learned from 200 Startups Who Raised $360M
DocSend Fundraising Research: What we Learned from 200 Startups Who Raised $360MDocSend Fundraising Research: What we Learned from 200 Startups Who Raised $360M
DocSend Fundraising Research: What we Learned from 200 Startups Who Raised $360M
 
Ansible tips & tricks
Ansible tips & tricksAnsible tips & tricks
Ansible tips & tricks
 

Similar to Go Faster with Ansible (PHP meetup)

Ansible 101 - Presentation at Ansible STL Meetup
Ansible 101 - Presentation at Ansible STL MeetupAnsible 101 - Presentation at Ansible STL Meetup
Ansible 101 - Presentation at Ansible STL MeetupJeff Geerling
 
Ansible 2.0 - How to use Ansible to automate your applications in AWS.
Ansible 2.0 - How to use Ansible to automate your applications in AWS.Ansible 2.0 - How to use Ansible to automate your applications in AWS.
Ansible 2.0 - How to use Ansible to automate your applications in AWS.Idan Tohami
 
Ansible on aws - Pop-up Loft Tel Aviv
Ansible on aws - Pop-up Loft Tel AvivAnsible on aws - Pop-up Loft Tel Aviv
Ansible on aws - Pop-up Loft Tel AvivAmazon Web Services
 
Ansible 2.0 - How to use Ansible to automate your applications in AWS.
Ansible 2.0 - How to use Ansible to automate your applications in AWS.Ansible 2.0 - How to use Ansible to automate your applications in AWS.
Ansible 2.0 - How to use Ansible to automate your applications in AWS.Idan Tohami
 
Cobbler, Func and Puppet: Tools for Large Scale Environments
Cobbler, Func and Puppet: Tools for Large Scale EnvironmentsCobbler, Func and Puppet: Tools for Large Scale Environments
Cobbler, Func and Puppet: Tools for Large Scale EnvironmentsMichael Zhang
 
Ansible Tutorial.pdf
Ansible Tutorial.pdfAnsible Tutorial.pdf
Ansible Tutorial.pdfNigussMehari4
 
Ansible Devops North East - slides
Ansible Devops North East - slides Ansible Devops North East - slides
Ansible Devops North East - slides InfinityPP
 
A tour of Ansible
A tour of AnsibleA tour of Ansible
A tour of AnsibleDevOps Ltd.
 
DrupalCon Los Angeles - Continuous Integration Toolbox
DrupalCon Los Angeles - Continuous Integration ToolboxDrupalCon Los Angeles - Continuous Integration Toolbox
DrupalCon Los Angeles - Continuous Integration ToolboxAndrii Podanenko
 
RTP NPUG: Ansible Intro and Integration with ACI
RTP NPUG: Ansible Intro and Integration with ACIRTP NPUG: Ansible Intro and Integration with ACI
RTP NPUG: Ansible Intro and Integration with ACIJoel W. King
 
InSpec For DevOpsDays Amsterdam 2017
InSpec For DevOpsDays Amsterdam 2017InSpec For DevOpsDays Amsterdam 2017
InSpec For DevOpsDays Amsterdam 2017Mandi Walls
 
Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment Arun prasath
 
Ansible is the simplest way to automate. MoldCamp, 2015
Ansible is the simplest way to automate. MoldCamp, 2015Ansible is the simplest way to automate. MoldCamp, 2015
Ansible is the simplest way to automate. MoldCamp, 2015Alex S
 
OpenStack Summit 2013 Hong Kong - OpenStack and Windows
OpenStack Summit 2013 Hong Kong - OpenStack and WindowsOpenStack Summit 2013 Hong Kong - OpenStack and Windows
OpenStack Summit 2013 Hong Kong - OpenStack and WindowsAlessandro Pilotti
 
MoldCamp - multidimentional testing workflow. CIBox.
MoldCamp  - multidimentional testing workflow. CIBox.MoldCamp  - multidimentional testing workflow. CIBox.
MoldCamp - multidimentional testing workflow. CIBox.Andrii Podanenko
 
IT Automation with Ansible
IT Automation with AnsibleIT Automation with Ansible
IT Automation with AnsibleRayed Alrashed
 
Gianluca Varisco - DevOoops (Increase awareness around DevOps infra security)
Gianluca Varisco - DevOoops (Increase awareness around DevOps infra security)Gianluca Varisco - DevOoops (Increase awareness around DevOps infra security)
Gianluca Varisco - DevOoops (Increase awareness around DevOps infra security)Codemotion
 
CIbox - OpenSource solution for making your #devops better
CIbox - OpenSource solution for making your #devops betterCIbox - OpenSource solution for making your #devops better
CIbox - OpenSource solution for making your #devops betterAndrii Podanenko
 

Similar to Go Faster with Ansible (PHP meetup) (20)

Ansible 101 - Presentation at Ansible STL Meetup
Ansible 101 - Presentation at Ansible STL MeetupAnsible 101 - Presentation at Ansible STL Meetup
Ansible 101 - Presentation at Ansible STL Meetup
 
Ansible 2.0 - How to use Ansible to automate your applications in AWS.
Ansible 2.0 - How to use Ansible to automate your applications in AWS.Ansible 2.0 - How to use Ansible to automate your applications in AWS.
Ansible 2.0 - How to use Ansible to automate your applications in AWS.
 
Ansible on aws - Pop-up Loft Tel Aviv
Ansible on aws - Pop-up Loft Tel AvivAnsible on aws - Pop-up Loft Tel Aviv
Ansible on aws - Pop-up Loft Tel Aviv
 
Ansible 2.0 - How to use Ansible to automate your applications in AWS.
Ansible 2.0 - How to use Ansible to automate your applications in AWS.Ansible 2.0 - How to use Ansible to automate your applications in AWS.
Ansible 2.0 - How to use Ansible to automate your applications in AWS.
 
Cobbler, Func and Puppet: Tools for Large Scale Environments
Cobbler, Func and Puppet: Tools for Large Scale EnvironmentsCobbler, Func and Puppet: Tools for Large Scale Environments
Cobbler, Func and Puppet: Tools for Large Scale Environments
 
Cobbler, Func and Puppet: Tools for Large Scale Environments
Cobbler, Func and Puppet: Tools for Large Scale EnvironmentsCobbler, Func and Puppet: Tools for Large Scale Environments
Cobbler, Func and Puppet: Tools for Large Scale Environments
 
Ansible - Hands on Training
Ansible - Hands on TrainingAnsible - Hands on Training
Ansible - Hands on Training
 
Ansible Tutorial.pdf
Ansible Tutorial.pdfAnsible Tutorial.pdf
Ansible Tutorial.pdf
 
Ansible Devops North East - slides
Ansible Devops North East - slides Ansible Devops North East - slides
Ansible Devops North East - slides
 
A tour of Ansible
A tour of AnsibleA tour of Ansible
A tour of Ansible
 
DrupalCon Los Angeles - Continuous Integration Toolbox
DrupalCon Los Angeles - Continuous Integration ToolboxDrupalCon Los Angeles - Continuous Integration Toolbox
DrupalCon Los Angeles - Continuous Integration Toolbox
 
RTP NPUG: Ansible Intro and Integration with ACI
RTP NPUG: Ansible Intro and Integration with ACIRTP NPUG: Ansible Intro and Integration with ACI
RTP NPUG: Ansible Intro and Integration with ACI
 
InSpec For DevOpsDays Amsterdam 2017
InSpec For DevOpsDays Amsterdam 2017InSpec For DevOpsDays Amsterdam 2017
InSpec For DevOpsDays Amsterdam 2017
 
Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment
 
Ansible is the simplest way to automate. MoldCamp, 2015
Ansible is the simplest way to automate. MoldCamp, 2015Ansible is the simplest way to automate. MoldCamp, 2015
Ansible is the simplest way to automate. MoldCamp, 2015
 
OpenStack Summit 2013 Hong Kong - OpenStack and Windows
OpenStack Summit 2013 Hong Kong - OpenStack and WindowsOpenStack Summit 2013 Hong Kong - OpenStack and Windows
OpenStack Summit 2013 Hong Kong - OpenStack and Windows
 
MoldCamp - multidimentional testing workflow. CIBox.
MoldCamp  - multidimentional testing workflow. CIBox.MoldCamp  - multidimentional testing workflow. CIBox.
MoldCamp - multidimentional testing workflow. CIBox.
 
IT Automation with Ansible
IT Automation with AnsibleIT Automation with Ansible
IT Automation with Ansible
 
Gianluca Varisco - DevOoops (Increase awareness around DevOps infra security)
Gianluca Varisco - DevOoops (Increase awareness around DevOps infra security)Gianluca Varisco - DevOoops (Increase awareness around DevOps infra security)
Gianluca Varisco - DevOoops (Increase awareness around DevOps infra security)
 
CIbox - OpenSource solution for making your #devops better
CIbox - OpenSource solution for making your #devops betterCIbox - OpenSource solution for making your #devops better
CIbox - OpenSource solution for making your #devops better
 

Recently uploaded

Women in Automation 2024: Career session - explore career paths in automation
Women in Automation 2024: Career session - explore career paths in automationWomen in Automation 2024: Career session - explore career paths in automation
Women in Automation 2024: Career session - explore career paths in automationDianaGray10
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...amber724300
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Introduction-to-Wazuh-and-its-integration.pptx
Introduction-to-Wazuh-and-its-integration.pptxIntroduction-to-Wazuh-and-its-integration.pptx
Introduction-to-Wazuh-and-its-integration.pptxmprakaash5
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2
Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2
Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2DianaGray10
 
Laying the Data Foundations for Artificial Intelligence!
Laying the Data Foundations for Artificial Intelligence!Laying the Data Foundations for Artificial Intelligence!
Laying the Data Foundations for Artificial Intelligence!Memoori
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Jeffrey Haguewood
 
THE STATE OF STARTUP ECOSYSTEM - INDIA x JAPAN 2023
THE STATE OF STARTUP ECOSYSTEM - INDIA x JAPAN 2023THE STATE OF STARTUP ECOSYSTEM - INDIA x JAPAN 2023
THE STATE OF STARTUP ECOSYSTEM - INDIA x JAPAN 2023Joshua Flannery
 
Software Security in the Real World w/Kelsey Hightower
Software Security in the Real World w/Kelsey HightowerSoftware Security in the Real World w/Kelsey Hightower
Software Security in the Real World w/Kelsey HightowerAnchore
 
WomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyoneWomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyoneUiPathCommunity
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxAna-Maria Mihalceanu
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFMichael Gough
 
Arti Languages Pre Seed Pitchdeck 2024.pdf
Arti Languages Pre Seed Pitchdeck 2024.pdfArti Languages Pre Seed Pitchdeck 2024.pdf
Arti Languages Pre Seed Pitchdeck 2024.pdfwill854175
 
Dynamical Context introduction word sensibility orientation
Dynamical Context introduction word sensibility orientationDynamical Context introduction word sensibility orientation
Dynamical Context introduction word sensibility orientationBuild Intuit
 
A PowerPoint Presentation on Vikram Lander pptx
A PowerPoint Presentation on Vikram Lander pptxA PowerPoint Presentation on Vikram Lander pptx
A PowerPoint Presentation on Vikram Lander pptxatharvdev2010
 
Dublin_mulesoft_meetup_API_specifications.pptx
Dublin_mulesoft_meetup_API_specifications.pptxDublin_mulesoft_meetup_API_specifications.pptx
Dublin_mulesoft_meetup_API_specifications.pptxKunal Gupta
 

Recently uploaded (20)

Women in Automation 2024: Career session - explore career paths in automation
Women in Automation 2024: Career session - explore career paths in automationWomen in Automation 2024: Career session - explore career paths in automation
Women in Automation 2024: Career session - explore career paths in automation
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Introduction-to-Wazuh-and-its-integration.pptx
Introduction-to-Wazuh-and-its-integration.pptxIntroduction-to-Wazuh-and-its-integration.pptx
Introduction-to-Wazuh-and-its-integration.pptx
 
BoSEU24 | Bill Thompson | Talk From Another Century
BoSEU24 | Bill Thompson | Talk From Another CenturyBoSEU24 | Bill Thompson | Talk From Another Century
BoSEU24 | Bill Thompson | Talk From Another Century
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2
Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2
Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2
 
Laying the Data Foundations for Artificial Intelligence!
Laying the Data Foundations for Artificial Intelligence!Laying the Data Foundations for Artificial Intelligence!
Laying the Data Foundations for Artificial Intelligence!
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
 
THE STATE OF STARTUP ECOSYSTEM - INDIA x JAPAN 2023
THE STATE OF STARTUP ECOSYSTEM - INDIA x JAPAN 2023THE STATE OF STARTUP ECOSYSTEM - INDIA x JAPAN 2023
THE STATE OF STARTUP ECOSYSTEM - INDIA x JAPAN 2023
 
Software Security in the Real World w/Kelsey Hightower
Software Security in the Real World w/Kelsey HightowerSoftware Security in the Real World w/Kelsey Hightower
Software Security in the Real World w/Kelsey Hightower
 
WomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyoneWomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyone
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance Toolbox
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDF
 
Arti Languages Pre Seed Pitchdeck 2024.pdf
Arti Languages Pre Seed Pitchdeck 2024.pdfArti Languages Pre Seed Pitchdeck 2024.pdf
Arti Languages Pre Seed Pitchdeck 2024.pdf
 
Dynamical Context introduction word sensibility orientation
Dynamical Context introduction word sensibility orientationDynamical Context introduction word sensibility orientation
Dynamical Context introduction word sensibility orientation
 
A PowerPoint Presentation on Vikram Lander pptx
A PowerPoint Presentation on Vikram Lander pptxA PowerPoint Presentation on Vikram Lander pptx
A PowerPoint Presentation on Vikram Lander pptx
 
Dublin_mulesoft_meetup_API_specifications.pptx
Dublin_mulesoft_meetup_API_specifications.pptxDublin_mulesoft_meetup_API_specifications.pptx
Dublin_mulesoft_meetup_API_specifications.pptx
 

Go Faster with Ansible (PHP meetup)

  • 1. Go Faster with Ansible Richard Donkin @rdonkin
  • 2. $ whoami • Richard Donkin • DevOps engineer / contractor • Ansible, Vagrant, Docker, Linux, AWS, databases, … • Experience of sys admin, DevOps, backend dev, architecture, startups, … @rdonkin linkedin.com/in/rdonkin
  • 3. Goal: Faster Correct Setup Servers Apps Developers • Correct configuration • No snowflake servers • Dev, Test, Production
  • 5. Infrastructure as Code Software processes for server configs: • Code review • Version control • Automated tests • Automated push to servers
  • 6. What is Configuration Management? Code that Controls Config
  • 7. What Ansible Does Configuration Management App Deployment • Basic, "Atomic", zero downtime, ... Orchestration • Sequence operations on servers, APIs, etc. • Harder with Configuration Management
  • 8. Why Ansible? • Agentless & serverless • Simple • Sequential • Declarative tasks • “Ensure nginx installed” • Enables idempotence • Easy to learn • Scales to complex cloud orchestration
  • 9. Quick Install Mac: brew install ansible Debian/Ubuntu: sudo apt-add-repository ppa:ansible/ansible sudo apt-get install -y ansible RHEL/CentOS: use EPEL, then: sudo yum –y install ansible Any Linux (latest Ansible, requires Python): sudo easy_install pip sudo pip install ansible
  • 11. Key Concepts Playbook = series of tasks • Targets one server or thousands • Servers defined by Inventory Task = "ensure X is done" action Play = set of tasks in playbook
  • 13. Running a Playbook (2) Tasks will "skip" if state already OK (Idempotence)
  • 14. Writing a Playbook Play – hosts to process, become == sudo Tasks - descriptive name - invoke module (apt) with parameters Play Task
  • 15. The Secret Life of Tasks Each task runs SSH commands that • Upload a Module (e.g. apt) • Run module with task's parameters • Return JSON output
  • 16. Inventory and Variables Group your servers and assign key parameters ("variables") [web] 10.0.1.51 10.0.1.52 [db] 10.0.1.61 [web:vars] ansible_port=2222 $ ansible-playbook -i prod apache.yml --limit web Run different Ansible code per group Recommended: • Inventory file per environment (or dynamic inventory) • Put vars in group_vars/mygroup/vars.yml
  • 17. Apache Playbook (1) Vars = parameters for this playbook Can be in separate include files Or attach to hosts or host-groups in Inventory - e.g. Listening IP address should be in inventory
  • 18. Apache Playbook (2) template task runs Jinja2 on local file and copies to server notify sends event to Handler - Each Handler runs just once, at end of whole playbook - Restart a service, notify Slack, ...
  • 19. Apache Playbook (3) service task uses systemctl to enable start on boot - {{ apache_service }} instantiates var with Jinja2 Handler restarts apache at end if any task does a notify
  • 21. Modules (1) Over 840 modules "in the box" - Git, yum, apt, compose, pear, pip, … - Copy files, template files - Edit files - Permissions, ownership, SELinux - Services – systemd, sysvinit, ... - Crontabs - MySQL, PostgreSQL, MongoDB, ...
  • 22. Modules (2) More modules (AWS alone has 87) - Firewalls, routers, switches, ... - AWS, Google, Digital Ocean, ... - Docker, VMware, … - Fallback to shell, upload script, … Runs best on Linux/Unix including Mac Windows as a target only
  • 23. Roles "Modularised playbooks" - Split playbook into folder per type of content - defaults folder for "parameter vars" - vars folder for "role vars" – hard to override - meta folder for role dependencies Vars Tasks Handlers Apache + PHP playbook Apache role PHP role
  • 24. Roles Use Roles for everything! Skinny playbooks + modular roles Ideal playbook only calls roles, not tasks Typical roles: • mysql • apache • php, php-fpm • deploy-app "Wrapper roles" to invoke third party roles
  • 25. Ansible Galaxy Hub for 1000s of roles: galaxy.ansible.com Discovery: Galaxy, GitHub, blogs, … Assess quality carefully Install the roles needed by project: ansible-galaxy install –r requirements.yml Pin the role to a version or Git commit
  • 26. Testing Infra Code Basic testing: - Separate test playbook using Vagrant VM - Travis CI popular for open source - Smoke test at end of playbook: Test frameworks: - Test-Kitchen, ServerSpec, InSpec, testinfra - Run whole series of tests - easier diagnosis
  • 27. One Liners Ad hoc command on single host, or group from inventory
  • 28. Drupal VM Create a VM with one command: vagrant up Ansible: 37 roles, 630 tasks, 7,200 lines of code
  • 30. Trellis: Modern WordPress Near Twelve Factor WordPress • Dev to Prod • PHP 7.1, A+ SSL, HTTP/2, WP-CLI, … • Example: rightsinfo.org Related roots.io projects: • Bedrock (WP boilerplate) • Sage (starter theme) • Some commercial add-ons Example project (blog post): • Install node, gulp, bower, Vagrant plugins • vagrant up • Some fixes required for Ansible 2.2
  • 31. Resources Book: Ansible for DevOps by Jeff Geerling – regular updates Help: Stack Overflow, Ansible IRC + email lists Roles: • Geerlingguy roles – wide range – pragmatic & well maintained • Ansistrano: Deploying PHP apps demo (atomic model) Projects: • Drupal-VM – http://drupalvm.com • Trellis - https://roots.io/trellis/ - very complete WordPress setup • Use example project – requires node, bower & gulp Best practices: Ansible.com, blogs by Leucos and Nylas Podcasts: Arrested DevOps – general DevOps and Infra as Code
  • 33. Traction – Google Trends, 5 years
  • 34. Advanced: Write a Module Much more common to write a role Required for major new features: • New API • New package tool • New container format Most modules written in Python Any language works: PHP, C, Go, Perl, … Writing a module using PHP

Editor's Notes

  1. Photo credit: https://www.flickr.com/photos/automobileitalia/16675249764/
  2. Go Faster without creating new problems... "Faster" really means more iterations per day / week Servers created much faster, without manual work Apps deployed automatically, without mistakes or omissions Deveopers on-boarded very fast, without manual installs This means: Configuration must be correct, even when moving faster Avoid snowflake servers (every one is different in detailed config) scale across dev, test, staging, production
  3. Server config problem? Code a fix
  4. Some people like the definition that CM is "Executable Documentation" and it's true that CM replaces server documentation. However, the more complex CM setups are definitely software not just documentation. Competition: Your memory! Shell scripts …
  5. Capistrano style "atomic symlink" deployment involves having a single symbolic link called "current" pointing to the release that's live. Deployment means pushing the new files into a new release directory, then atomically switching the link. See Ansistrano, which enables this Capistrano model using Ansible, enabling customisation for more complex models as required. There is also f500.project-deploy, which is less powerful e.g. no before/after hooks. Rocketeer is a PHP tool that does the same thing. Fabric is a Python tool that can do anything on servers, often used for simpler deployments – requires Python coding and is lower level than Ansistrano Although Ansible can do both CM and App deployment, you normally want quite separate server configuration management and app deployment scripts (Playbooks). - "CM is a process, deployment is an event"
  6. – agentless - only requires SSH & Python on server simple but powerful sequential model for tasks Declarative tasks easy to learn compared to Puppet/Chef/Salt - explicit ordering visible in code, unlike Puppet/Salt easy orchestration e.g. easy to remove servers from LB during upgrade, and rollback if X% fail: Remove server from load balancer Deploy app & reboot Restore to load balancer
  7. Upgrades are easy with the "Any Linux" method – just do "pip install --upgrade ansible" For Windows, use a Linux VM on VirtualBox – Ubuntu is probably easiest option. Or Windows 10's "bash shell" option may work fine.
  8. Setup task = get server info (OS, hardware) – built in, can disable with "gather_facts: no" at top of play
  9. Parameters – single line or indented YAML The single line format (e.g. update_cache=yes) is unique to Ansible, and not part of YAML The indented format (e.g. "apt:") is YAML YAML is equivalent to JSON, using indentation. Use the "-" syntax to create a list – each new item is a list entry (equivalent to a PHP array with integer index values) Use the "foo: bar" syntax to create a key-value pair within a dictionary (equivalent to a PHP array with string index values)
  10. Originally known as "hosts file" – term still used in Ansible error messages Default is /etc/ansible/hosts but that's not very useful in most cases where you have different projects, environments, etc. Getting the right inventory structure, and locating variables in right place, is a key decision in Ansible projects. Generally, try to have variables in as few places as possible, e.g.: role defaults, role vars, host group vars, and use wrapper roles (mentioned later) to encapsulate vars you need for roles. Some people prefer a "group + environment" naming scheme, or moving each inventory file to a separate directory – this enables vars that are specific to combination of
  11. - This is a simplified extract from a real-world Ansible project, the Drupal-VM role "geerlingguy.apache", combining various elements into a single playbook.
  12. Can also target network switches and routers that don't have Python, using modules that don't require Python on the target device. If you use Windows, you would need a Linux VM to actually run Ansible, targetting Windows servers. Ansible's Windows support is still evolving and less complete than on Linux/Unix.
  13. Roles are more reusable if they focus on a single logical service, or a related set of config – e.g. Apache, PHP and PHP-FPM are more re-usable if written as separate roles. Files are searched for within the current role, avoiding complex relative paths in many cases
  14. Look for steady development, several contributors, many commits, discussion on GitHub Always pin the role – this avoids surprises when your project changes "Vendoring" the role can help i.e. install into a "vendor/roles" folder in your project – be sure to adjust your ansible.cfg's role_path Galaxy is not that easy to browse/search, and most of the action is on GitHub I usually install directly from GitHub using Ansible Galaxy as a discovery and installation tool only.
  15. Goal: Test-driven infrastructure ServerSpec and InSpec provide English-like BDD testing using a DSL based on Ruby Testinfra provides simple unit tests using Python Just as with app testing, infra testing frameworks are generally more powerful than using Ansible to test itself – e.g. you can easily run just a few tests RoleSpec specifically tests Ansible roles – the others focus more on the outputs of the roles
  16. Try these as well: ansible web -m setup -a 'filter=ansible_all_ip* ansible devbox -m setup -a 'filter=ansible_mem*'
  17. Fully open source
  18. Requires node, bower and gulp and some Vagrant plugins Should work with Ansible 2.0.2.0 as specified in the docs (run "pip install --upgrade ansible==2.0.2.0" as long as you're already using the "pip install ansible" method to install Ansible). Some fixes needed for Ansible 2.2 (mailhog and logrotate roles, php-fpm pool from wordpress-setup role, and composer role) Trellis clone gives you trellis tree (ansible), then Bedrock clone gives you WP site tree, and Sage clone populates WP theme inside that Includes Nginx "micro caching" for 5 sec to Reddit-proof your site
  19. - can't really track "Chef" searches as Google Trends doesn't offer a software classification of term.