SlideShare a Scribd company logo
Ansible - Introduction



Main features
○ Automating remote system provisioning and
applications deployment
○ With no agents to install on remote systems
○ Using existing SSHd on remote system
○ Native OpenSSH for remote communication on
control machine
○ Parallel by default
○ Automation language that approaches plain english
Installation - requirements
○ Control machine requirements
● Python 2.6
● Any OS except Windows
○ Managed node requirements
● Python 2.4
Installation - control machine - source
○ From source
● $ git clone git://github.com/ansible/ansible.git
● $ cd ./ansible
● $ source ./hacking/env-setup
○ Additional python modules
● sudo easy_install pip
● sudo pip install paramiko PyYAML jinja2 httplib2
Installation - control machine - Yum
○ Latest release Via Yum
● $ sudo yum install ansible
● make rpm from source
○ $ git clone git://github.com/ansible/ansible.git
○ $ cd ./ansible
○ make rpm
○ sudo rpm -Uvh ~/rpmbuild/ansible-*.noarch.rpm
Installation - control machine - Apt
○ Latest release Via Apt
● $ sudo apt-get install software-properties-common
● $ sudo apt-add-repository ppa:ansible/ansible
● $ sudo apt-get update
● $ sudo apt-get install ansible
Installation - control machine - Pip
○ Latest release Via pip
● $ sudo easy_install pip
● $ sudo pip install ansible
Installation - control machine - Homebrew
○ Latest release Via Homebrew
● $ brew update
● $ brew install ansible
Inventory file
○ Define how ansible will interact with remote hosts
○ Define logical groups of managed nodes
○ Default location : /etc/ansible/hosts
○ INI format
Inventory file - communication variables
○ ansible_connection : local, ssh or paramiko
○ ansible_ssh_host : the name of the host to connect
to
○ ansible_ssh_port : the ssh port number if not 22
○ ansible_ssh_user : the ssh user name to use
○ ansible_ssh_pass : the ssh password to use
(insecure)
○ ansible_ssh_private_key_file : private key file used
by ssh
Inventory file - hosts and groups
localhost ansible_connection=local
[webservers]
web[1:5].example.com ansible_connection=ssh ansible_ssh_user=webadmin
[dbservers]
db[1:2].example.com ansible_connection=ssh ansible_ssh_user=dbadmin
Inventory file - group variables
[webservers]
web[1:5].example.com ansible_connection=ssh ansible_ssh_user=webadmin
[webservers:vars]
http_port=80
Inventory file - groups of groups
[atlanta]
host1
host2
[raleigh]
host2
host3
[southeast:children]
atlanta
raleigh
Inventory file - splitting out specific data
○ Define specific data using variables within YAML
files relative to the inventory file
[atlanta]
host1
host2
○ /etc/ansible/group_vars/atlanta, /etc/ansible/
host_vars/host1
---
ntp_server: acme.example.org
database_server: storage.example.org
○ /etc/ansible/group_vars/atlanta/db_settings
Patterns
○ Decide which hosts to manage
● all hosts in the inventory (all or *)
● a specific host name or group name (host1, webservers)
● wildcard configuration (192.168.1.*)
● OR configuration (host1:host2, webservers:dbservers)
● NOT configuration (webservers:dbservers:!production)
● AND configuration (webservers:dbservers:&staging)
● REGEX configuration (~(web|db).*.example.com)
● exclude hosts using limit flag (ansible-playbook site.yml
--limit datacenter2)
Vault
○ Allows keeping encrypted data in source control
○ Created encrypted files
$ ansible-vault create foo.yml
○ Editing encrypted files
$ ansible-vault edit foo.yml
○ Encrypting unencrypted files
$ ansible-vault encrypt foo.yml
○ Decrypting encrypted files
$ ansible-vault decrypt foo.yml
○ Running ad-hoc or playbook with vault
$ ansible-playbook site.yml --vault-password-file
~/.vault_pass.txt
Vagrant integration
# Create a private network, which allows host-only access to the machine
# using a specific IP.
config.vm.network :private_network, ip: “192.168.33.10"
config.vm.provision :ansible do |ansible|
ansible.inventory_path = "vagrant-inventory.ini"
ansible.playbook = "dockers.yml"
ansible.extra_vars = { user: "vagrant" }
ansible.sudo = true
ansible.limit = 'all'
end
Ad-Hoc commands
○ $ ansible {pattern} -m {module} -a “{options}” {flags}
● pattern : which hosts
● module : which ansible module (command by default)
● options : which module options
● flags : command flags
○ -u {username}: to run the command as a different user (user
account by default)
○ -f {n}: to run the command in n parallel forks (5 by default)
○ --sudo: to run the command through sudo
○ -K: to interactively prompt you for the sudo password to use
○ -U {username}: to sudo to a user other than root
○ -i {file}: inventory file to use
○ --ask-vault-pass: to specify the vault-password interactively
○ --vault-password-file {file}: to specify the latter within a file
Ad-Hoc commands - samples
○ File transfer
$ ansible all -m copy -a "src=/etc/hosts dest=/tmp/hosts"
○ Deploying from source control
$ ansible webservers -m git -a "repo=git://
foo.example.org/repo.git dest=/srv/myapp version=HEAD"
○ Managing services
$ ansible webservers -m service -a "name=httpd
state=started"
○ Gathering facts
$ ansible all -m setup
Playbook
○ Expressed in YAML language
○ Composed of one or more “plays” in a list
○ Allowing multi-machine deployments orchestration
Playbook - play
---
- hosts: webservers
vars:
http_port: 80
max_clients: 200
remote_user: root
tasks:
- name: ensure apache is at the latest version
yum: pkg=httpd state=latest
- name: write the apache config file
template: src=/srv/httpd.j2 dest=/etc/httpd.conf
notify:
- restart apache
- name: ensure apache is running
service: name=httpd state=started
handlers:
- name: restart apache
service: name=httpd state=restarted
Playbook - hosts and users
○ hosts : one or more groups or host patterns
○ remote_user : the name of the remote user account
(per play or task)
○ sudo : run tasks using sudo (per play or task)
○ sudo_user : sudo to a different user than root
Playbook - tasks
○ Are executed in order against all machines matched
by the host pattern
○ May be Included from other files
tasks:
- include: tasks/foo.yml
○ Hosts with failed tasks are taken out for the entire
playbook
○ Each task executes a module with specific options
○ Modules are idempotent in order to bring the
system to the desired state
tasks:
- name: {task name}
{module}: {options}
Playbook - handlers
○ Notifications may be triggered at the end of each
block of tasks whenever a change has been made on
the remote system
○ Handlers are referenced by name
tasks:
- name: template configuration file
template: src=template.j2 dest=/etc/foo.conf
notify:
- restart apache
…
handlers:
- name: restart apache
service: name=apache state=restarted
Playbook - roles
○ Based on a known file structure
site.yml
webservers.yml
roles/
webservers/
files/
templates/
tasks/
handlers/
vars/
defaults/
meta/
…
---
- hosts: webservers
roles:
- webservers
If roles/x/tasks/main.yml exists, tasks listed therein will be added to the play

If roles/x/handlers/main.yml exists, handlers listed therein will be added to the play

If roles/x/vars/main.yml exists, variables listed therein will be added to the play

If roles/x/meta/main.yml exists, any role dependencies listed therein will be added
to the list of roles (1.3 and later)

Any copy tasks can reference files in roles/x/files/ without having to path them
relatively or absolutely

Any script tasks can reference scripts in roles/x/files/ without having to path them
relatively or absolutely

Any template tasks can reference files in roles/x/templates/ without having to path
them relatively or absolutely

Any include tasks can reference files in roles/x/tasks/ without having to path them
relatively or absolutely
Playbook - roles
○ May be applied conditionally
---
- hosts: webservers
roles:
- { role: some_role, when: "ansible_os_family ==
'RedHat'" }
○ May be applied before or after other tasks
---
- hosts: webservers
pre_tasks:
- shell: echo 'hello'
roles:
- { role: some_role }
tasks:
- shell: echo 'still busy'
post_tasks:
- shell: echo 'goodbye'
Playbook - variables
○ Define directly inline
- hosts: webservers
vars:
http_port: 80
○ Default role variables defined in {role}/defaults/
main.yml file
○ Included variables
---
- hosts: all
remote_user: root
vars:
favcolor: blue
vars_files:
- /vars/external_vars.yml
Playbook - variables - Jinja2
○ Within conditions
● failed, changed, success, skipped
- shell: /usr/bin/foo
register: result
ignore_errors: True
- debug: msg="it failed"
when: result|failed
● mandatory
{{ variable | mandatory }}
● version_compare
{{ ansible_distribution_version | version_compare('12.04',
'>=') }}
● …
○ Within templates
My amp goes to {{ max_amp_value }}
Playbook - variables - Facts
○ Information discovered from remote system
○ Frequently used in conditionals
---
- include: "Ubuntu.yml"
when: ansible_distribution == 'Ubuntu'
○ Local facts
● {file}.fact within /etc/ansible/facts.d
[general]
foo=1
bar=2
● can be accessed in a template/playbook as
{{ ansible_local.file.general.foo }}
Playbook - variables - Precedence
○ -e variables
ansible-playbook release.yml --extra-vars "version=1.23.45
other_variable=foo"
○ “most everything else”
○ variables defined in inventory
○ variables defined in facts
○ role defaults
Playbook - conditions
○ Execute task conditionally
tasks:
- shell: echo "I've got '{{ foo }}' and am not afraid
to use it!"
when: foo is defined
○ Include tasks conditionally
- include: tasks/sometasks.yml
when: "'reticulating splines' in output"
○ Execute role conditionally
- hosts: webservers
roles:
- { role: debian_stock_config, when: ansible_os_family
== 'Debian' }
Questions ?

More Related Content

What's hot

DevOps Meetup ansible
DevOps Meetup   ansibleDevOps Meetup   ansible
DevOps Meetup ansible
sriram_rajan
 
Introduction to Ansible
Introduction to AnsibleIntroduction to Ansible
Introduction to Ansible
Knoldus Inc.
 
Ansible - Hands on Training
Ansible - Hands on TrainingAnsible - Hands on Training
Ansible - Hands on Training
Mehmet Ali Aydın
 
Best practices for ansible
Best practices for ansibleBest practices for ansible
Best practices for ansible
George Shuklin
 
Ansible 101
Ansible 101Ansible 101
Ansible 101
Gena Mykhailiuta
 
Ansible
AnsibleAnsible
Ansible
Vishal Yadav
 
Ansible, best practices
Ansible, best practicesAnsible, best practices
Ansible, best practices
Bas Meijer
 
Ansible Tutorial For Beginners | What Is Ansible And How It Works? | Ansible ...
Ansible Tutorial For Beginners | What Is Ansible And How It Works? | Ansible ...Ansible Tutorial For Beginners | What Is Ansible And How It Works? | Ansible ...
Ansible Tutorial For Beginners | What Is Ansible And How It Works? | Ansible ...
Simplilearn
 
Ansible
AnsibleAnsible
Ansible
Kamil Lelonek
 
Automation with ansible
Automation with ansibleAutomation with ansible
Automation with ansible
Khizer Naeem
 
Ansible
AnsibleAnsible
Ansible
Rahul Bajaj
 
Ansible intro
Ansible introAnsible intro
Ansible get started
Ansible get startedAnsible get started
Ansible get started
Rafael Cassau
 
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
Simplilearn
 
DevOps with Ansible
DevOps with AnsibleDevOps with Ansible
DevOps with Ansible
Swapnil Jain
 
Ansible
AnsibleAnsible
Ansible
Knoldus Inc.
 
ansible why ?
ansible why ?ansible why ?
ansible why ?
Yashar Esmaildokht
 
Configuration Management in Ansible
Configuration Management in Ansible Configuration Management in Ansible
Configuration Management in Ansible
Bangladesh Network Operators Group
 
Ansible Playbook
Ansible PlaybookAnsible Playbook
Ansible Playbook
Knoldus Inc.
 
Automated Deployments with Ansible
Automated Deployments with AnsibleAutomated Deployments with Ansible
Automated Deployments with Ansible
Martin Etmajer
 

What's hot (20)

DevOps Meetup ansible
DevOps Meetup   ansibleDevOps Meetup   ansible
DevOps Meetup ansible
 
Introduction to Ansible
Introduction to AnsibleIntroduction to Ansible
Introduction to Ansible
 
Ansible - Hands on Training
Ansible - Hands on TrainingAnsible - Hands on Training
Ansible - Hands on Training
 
Best practices for ansible
Best practices for ansibleBest practices for ansible
Best practices for ansible
 
Ansible 101
Ansible 101Ansible 101
Ansible 101
 
Ansible
AnsibleAnsible
Ansible
 
Ansible, best practices
Ansible, best practicesAnsible, best practices
Ansible, best practices
 
Ansible Tutorial For Beginners | What Is Ansible And How It Works? | Ansible ...
Ansible Tutorial For Beginners | What Is Ansible And How It Works? | Ansible ...Ansible Tutorial For Beginners | What Is Ansible And How It Works? | Ansible ...
Ansible Tutorial For Beginners | What Is Ansible And How It Works? | Ansible ...
 
Ansible
AnsibleAnsible
Ansible
 
Automation with ansible
Automation with ansibleAutomation with ansible
Automation with ansible
 
Ansible
AnsibleAnsible
Ansible
 
Ansible intro
Ansible introAnsible intro
Ansible intro
 
Ansible get started
Ansible get startedAnsible get started
Ansible get started
 
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
 
DevOps with Ansible
DevOps with AnsibleDevOps with Ansible
DevOps with Ansible
 
Ansible
AnsibleAnsible
Ansible
 
ansible why ?
ansible why ?ansible why ?
ansible why ?
 
Configuration Management in Ansible
Configuration Management in Ansible Configuration Management in Ansible
Configuration Management in Ansible
 
Ansible Playbook
Ansible PlaybookAnsible Playbook
Ansible Playbook
 
Automated Deployments with Ansible
Automated Deployments with AnsibleAutomated Deployments with Ansible
Automated Deployments with Ansible
 

Viewers also liked

V2 and beyond
V2 and beyondV2 and beyond
V2 and beyond
jimi-c
 
Cyansible
CyansibleCyansible
Cyansible
Alan Norton
 
docker build with Ansible
docker build with Ansibledocker build with Ansible
docker build with Ansible
Bas Meijer
 
AnsibleBuilding a Docker-ized Microservice In Node, Using Ansible - AnsibleF...
AnsibleBuilding a Docker-ized Microservice  In Node, Using Ansible - AnsibleF...AnsibleBuilding a Docker-ized Microservice  In Node, Using Ansible - AnsibleF...
AnsibleBuilding a Docker-ized Microservice In Node, Using Ansible - AnsibleF...
Irakli Nadareishvili
 
Ansible roles done right
Ansible roles done rightAnsible roles done right
Ansible roles done right
Dan Vaida
 
Ansible tips & tricks
Ansible tips & tricksAnsible tips & tricks
Ansible tips & tricks
bcoca
 

Viewers also liked (6)

V2 and beyond
V2 and beyondV2 and beyond
V2 and beyond
 
Cyansible
CyansibleCyansible
Cyansible
 
docker build with Ansible
docker build with Ansibledocker build with Ansible
docker build with Ansible
 
AnsibleBuilding a Docker-ized Microservice In Node, Using Ansible - AnsibleF...
AnsibleBuilding a Docker-ized Microservice  In Node, Using Ansible - AnsibleF...AnsibleBuilding a Docker-ized Microservice  In Node, Using Ansible - AnsibleF...
AnsibleBuilding a Docker-ized Microservice In Node, Using Ansible - AnsibleF...
 
Ansible roles done right
Ansible roles done rightAnsible roles done right
Ansible roles done right
 
Ansible tips & tricks
Ansible tips & tricksAnsible tips & tricks
Ansible tips & tricks
 

Similar to Ansible - Introduction

Installing AtoM with Ansible
Installing AtoM with AnsibleInstalling AtoM with Ansible
Installing AtoM with Ansible
Artefactual Systems - AtoM
 
#OktoCampus - Workshop : An introduction to Ansible
#OktoCampus - Workshop : An introduction to Ansible#OktoCampus - Workshop : An introduction to Ansible
#OktoCampus - Workshop : An introduction to Ansible
Cédric Delgehier
 
Using Puppet to Create a Dynamic Network - PuppetConf 2013
Using Puppet to Create a Dynamic Network - PuppetConf 2013Using Puppet to Create a Dynamic Network - PuppetConf 2013
Using Puppet to Create a Dynamic Network - PuppetConf 2013
Puppet
 
2017-03-11 02 Денис Нелюбин. Docker & Ansible - лучшие друзья DevOps
2017-03-11 02 Денис Нелюбин. Docker & Ansible - лучшие друзья DevOps2017-03-11 02 Денис Нелюбин. Docker & Ansible - лучшие друзья DevOps
2017-03-11 02 Денис Нелюбин. Docker & Ansible - лучшие друзья DevOps
Омские ИТ-субботники
 
DevOpsDaysCPT Ansible Infrastrucutre as Code 2017
DevOpsDaysCPT Ansible Infrastrucutre as Code 2017DevOpsDaysCPT Ansible Infrastrucutre as Code 2017
DevOpsDaysCPT Ansible Infrastrucutre as Code 2017
Jumping Bean
 
js_injwqeweqwqewqewqewqewqewqewqeected_xss.pdf
js_injwqeweqwqewqewqewqewqewqewqeected_xss.pdfjs_injwqeweqwqewqewqewqewqewqewqeected_xss.pdf
js_injwqeweqwqewqewqewqewqewqewqeected_xss.pdf
qualwinforhacking
 
Virtualization and automation of library software/machines + Puppet
Virtualization and automation of library software/machines + PuppetVirtualization and automation of library software/machines + Puppet
Virtualization and automation of library software/machines + Puppet
Omar Reygaert
 
Linux Commands - Cheat Sheet
Linux Commands - Cheat Sheet Linux Commands - Cheat Sheet
Linux Commands - Cheat Sheet
Isham Rashik
 
Ansible for Beginners
Ansible for BeginnersAnsible for Beginners
Ansible for Beginners
Arie Bregman
 
Ansible - Swiss Army Knife Orchestration
Ansible - Swiss Army Knife OrchestrationAnsible - Swiss Army Knife Orchestration
Ansible - Swiss Army Knife Orchestration
bcoca
 
Intro to-puppet
Intro to-puppetIntro to-puppet
Intro to-puppet
F.L. Jonathan Araña Cruz
 
Introduction to containers
Introduction to containersIntroduction to containers
Introduction to containers
Nitish Jadia
 
Capistrano deploy Magento project in an efficient way
Capistrano deploy Magento project in an efficient wayCapistrano deploy Magento project in an efficient way
Capistrano deploy Magento project in an efficient way
Sylvain Rayé
 
Linux tech talk
Linux tech talkLinux tech talk
Linux tech talk
Prince Raj
 
Adhocr T-dose 2012
Adhocr T-dose 2012Adhocr T-dose 2012
Adhocr T-dose 2012
Gratien D'haese
 
Linux
LinuxLinux
Hadoop meet Rex(How to construct hadoop cluster with rex)
Hadoop meet Rex(How to construct hadoop cluster with rex)Hadoop meet Rex(How to construct hadoop cluster with rex)
Hadoop meet Rex(How to construct hadoop cluster with rex)
Jun Hong Kim
 
Introduction to Ansible - (dev ops for people who hate devops)
Introduction to Ansible - (dev ops for people who hate devops)Introduction to Ansible - (dev ops for people who hate devops)
Introduction to Ansible - (dev ops for people who hate devops)
Jude A. Goonawardena
 
Introduction to Ansible - Peter Halligan
Introduction to Ansible - Peter HalliganIntroduction to Ansible - Peter Halligan
Introduction to Ansible - Peter Halligan
CorkOpenTech
 
Managing your Minions with Func
Managing your Minions with FuncManaging your Minions with Func
Managing your Minions with Func
danhanks
 

Similar to Ansible - Introduction (20)

Installing AtoM with Ansible
Installing AtoM with AnsibleInstalling AtoM with Ansible
Installing AtoM with Ansible
 
#OktoCampus - Workshop : An introduction to Ansible
#OktoCampus - Workshop : An introduction to Ansible#OktoCampus - Workshop : An introduction to Ansible
#OktoCampus - Workshop : An introduction to Ansible
 
Using Puppet to Create a Dynamic Network - PuppetConf 2013
Using Puppet to Create a Dynamic Network - PuppetConf 2013Using Puppet to Create a Dynamic Network - PuppetConf 2013
Using Puppet to Create a Dynamic Network - PuppetConf 2013
 
2017-03-11 02 Денис Нелюбин. Docker & Ansible - лучшие друзья DevOps
2017-03-11 02 Денис Нелюбин. Docker & Ansible - лучшие друзья DevOps2017-03-11 02 Денис Нелюбин. Docker & Ansible - лучшие друзья DevOps
2017-03-11 02 Денис Нелюбин. Docker & Ansible - лучшие друзья DevOps
 
DevOpsDaysCPT Ansible Infrastrucutre as Code 2017
DevOpsDaysCPT Ansible Infrastrucutre as Code 2017DevOpsDaysCPT Ansible Infrastrucutre as Code 2017
DevOpsDaysCPT Ansible Infrastrucutre as Code 2017
 
js_injwqeweqwqewqewqewqewqewqewqeected_xss.pdf
js_injwqeweqwqewqewqewqewqewqewqeected_xss.pdfjs_injwqeweqwqewqewqewqewqewqewqeected_xss.pdf
js_injwqeweqwqewqewqewqewqewqewqeected_xss.pdf
 
Virtualization and automation of library software/machines + Puppet
Virtualization and automation of library software/machines + PuppetVirtualization and automation of library software/machines + Puppet
Virtualization and automation of library software/machines + Puppet
 
Linux Commands - Cheat Sheet
Linux Commands - Cheat Sheet Linux Commands - Cheat Sheet
Linux Commands - Cheat Sheet
 
Ansible for Beginners
Ansible for BeginnersAnsible for Beginners
Ansible for Beginners
 
Ansible - Swiss Army Knife Orchestration
Ansible - Swiss Army Knife OrchestrationAnsible - Swiss Army Knife Orchestration
Ansible - Swiss Army Knife Orchestration
 
Intro to-puppet
Intro to-puppetIntro to-puppet
Intro to-puppet
 
Introduction to containers
Introduction to containersIntroduction to containers
Introduction to containers
 
Capistrano deploy Magento project in an efficient way
Capistrano deploy Magento project in an efficient wayCapistrano deploy Magento project in an efficient way
Capistrano deploy Magento project in an efficient way
 
Linux tech talk
Linux tech talkLinux tech talk
Linux tech talk
 
Adhocr T-dose 2012
Adhocr T-dose 2012Adhocr T-dose 2012
Adhocr T-dose 2012
 
Linux
LinuxLinux
Linux
 
Hadoop meet Rex(How to construct hadoop cluster with rex)
Hadoop meet Rex(How to construct hadoop cluster with rex)Hadoop meet Rex(How to construct hadoop cluster with rex)
Hadoop meet Rex(How to construct hadoop cluster with rex)
 
Introduction to Ansible - (dev ops for people who hate devops)
Introduction to Ansible - (dev ops for people who hate devops)Introduction to Ansible - (dev ops for people who hate devops)
Introduction to Ansible - (dev ops for people who hate devops)
 
Introduction to Ansible - Peter Halligan
Introduction to Ansible - Peter HalliganIntroduction to Ansible - Peter Halligan
Introduction to Ansible - Peter Halligan
 
Managing your Minions with Func
Managing your Minions with FuncManaging your Minions with Func
Managing your Minions with Func
 

More from Stephane Manciot

Des principes de la démarche DevOps à sa mise en oeuvre
Des principes de la démarche DevOps à sa mise en oeuvreDes principes de la démarche DevOps à sa mise en oeuvre
Des principes de la démarche DevOps à sa mise en oeuvre
Stephane Manciot
 
Packaging et déploiement d'une application avec Docker et Ansible @DevoxxFR 2015
Packaging et déploiement d'une application avec Docker et Ansible @DevoxxFR 2015Packaging et déploiement d'une application avec Docker et Ansible @DevoxxFR 2015
Packaging et déploiement d'une application avec Docker et Ansible @DevoxxFR 2015
Stephane Manciot
 
DevOps avec Ansible et Docker
DevOps avec Ansible et DockerDevOps avec Ansible et Docker
DevOps avec Ansible et Docker
Stephane Manciot
 
Docker / Ansible
Docker / AnsibleDocker / Ansible
Docker / Ansible
Stephane Manciot
 
PSUG #52 Dataflow and simplified reactive programming with Akka-streams
PSUG #52 Dataflow and simplified reactive programming with Akka-streamsPSUG #52 Dataflow and simplified reactive programming with Akka-streams
PSUG #52 Dataflow and simplified reactive programming with Akka-streams
Stephane Manciot
 
De Maven à SBT ScalaIO 2013
De Maven à SBT ScalaIO 2013De Maven à SBT ScalaIO 2013
De Maven à SBT ScalaIO 2013
Stephane Manciot
 

More from Stephane Manciot (6)

Des principes de la démarche DevOps à sa mise en oeuvre
Des principes de la démarche DevOps à sa mise en oeuvreDes principes de la démarche DevOps à sa mise en oeuvre
Des principes de la démarche DevOps à sa mise en oeuvre
 
Packaging et déploiement d'une application avec Docker et Ansible @DevoxxFR 2015
Packaging et déploiement d'une application avec Docker et Ansible @DevoxxFR 2015Packaging et déploiement d'une application avec Docker et Ansible @DevoxxFR 2015
Packaging et déploiement d'une application avec Docker et Ansible @DevoxxFR 2015
 
DevOps avec Ansible et Docker
DevOps avec Ansible et DockerDevOps avec Ansible et Docker
DevOps avec Ansible et Docker
 
Docker / Ansible
Docker / AnsibleDocker / Ansible
Docker / Ansible
 
PSUG #52 Dataflow and simplified reactive programming with Akka-streams
PSUG #52 Dataflow and simplified reactive programming with Akka-streamsPSUG #52 Dataflow and simplified reactive programming with Akka-streams
PSUG #52 Dataflow and simplified reactive programming with Akka-streams
 
De Maven à SBT ScalaIO 2013
De Maven à SBT ScalaIO 2013De Maven à SBT ScalaIO 2013
De Maven à SBT ScalaIO 2013
 

Recently uploaded

Welcome to Cyberbiosecurity. Because regular cybersecurity wasn't complicated...
Welcome to Cyberbiosecurity. Because regular cybersecurity wasn't complicated...Welcome to Cyberbiosecurity. Because regular cybersecurity wasn't complicated...
Welcome to Cyberbiosecurity. Because regular cybersecurity wasn't complicated...
Snarky Security
 
UX Webinar Series: Essentials for Adopting Passkeys as the Foundation of your...
UX Webinar Series: Essentials for Adopting Passkeys as the Foundation of your...UX Webinar Series: Essentials for Adopting Passkeys as the Foundation of your...
UX Webinar Series: Essentials for Adopting Passkeys as the Foundation of your...
FIDO Alliance
 
Acumatica vs. Sage Intacct _Construction_July (1).pptx
Acumatica vs. Sage Intacct _Construction_July (1).pptxAcumatica vs. Sage Intacct _Construction_July (1).pptx
Acumatica vs. Sage Intacct _Construction_July (1).pptx
BrainSell Technologies
 
Types of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technologyTypes of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technology
ldtexsolbl
 
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
shanihomely
 
Connector Corner: Leveraging Snowflake Integration for Smarter Decision Making
Connector Corner: Leveraging Snowflake Integration for Smarter Decision MakingConnector Corner: Leveraging Snowflake Integration for Smarter Decision Making
Connector Corner: Leveraging Snowflake Integration for Smarter Decision Making
DianaGray10
 
Zaitechno Handheld Raman Spectrometer.pdf
Zaitechno Handheld Raman Spectrometer.pdfZaitechno Handheld Raman Spectrometer.pdf
Zaitechno Handheld Raman Spectrometer.pdf
AmandaCheung15
 
UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...
UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...
UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...
FIDO Alliance
 
Discovery Series - Zero to Hero - Task Mining Session 1
Discovery Series - Zero to Hero - Task Mining Session 1Discovery Series - Zero to Hero - Task Mining Session 1
Discovery Series - Zero to Hero - Task Mining Session 1
DianaGray10
 
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
bellared2
 
It's your unstructured data: How to get your GenAI app to production (and spe...
It's your unstructured data: How to get your GenAI app to production (and spe...It's your unstructured data: How to get your GenAI app to production (and spe...
It's your unstructured data: How to get your GenAI app to production (and spe...
Zilliz
 
Keynote : Presentation on SASE Technology
Keynote : Presentation on SASE TechnologyKeynote : Presentation on SASE Technology
Keynote : Presentation on SASE Technology
Priyanka Aash
 
COVID-19 and the Level of Cloud Computing Adoption: A Study of Sri Lankan Inf...
COVID-19 and the Level of Cloud Computing Adoption: A Study of Sri Lankan Inf...COVID-19 and the Level of Cloud Computing Adoption: A Study of Sri Lankan Inf...
COVID-19 and the Level of Cloud Computing Adoption: A Study of Sri Lankan Inf...
AimanAthambawa1
 
Communications Mining Series - Zero to Hero - Session 3
Communications Mining Series - Zero to Hero - Session 3Communications Mining Series - Zero to Hero - Session 3
Communications Mining Series - Zero to Hero - Session 3
DianaGray10
 
Choosing the Best Outlook OST to PST Converter: Key Features and Considerations
Choosing the Best Outlook OST to PST Converter: Key Features and ConsiderationsChoosing the Best Outlook OST to PST Converter: Key Features and Considerations
Choosing the Best Outlook OST to PST Converter: Key Features and Considerations
webbyacad software
 
Intel Unveils Core Ultra 200V Lunar chip .pdf
Intel Unveils Core Ultra 200V Lunar chip .pdfIntel Unveils Core Ultra 200V Lunar chip .pdf
Intel Unveils Core Ultra 200V Lunar chip .pdf
Tech Guru
 
NVIDIA at Breakthrough Discuss for Space Exploration
NVIDIA at Breakthrough Discuss for Space ExplorationNVIDIA at Breakthrough Discuss for Space Exploration
NVIDIA at Breakthrough Discuss for Space Exploration
Alison B. Lowndes
 
Required Documents for ISO 17021 Certification.PPT
Required Documents for ISO 17021 Certification.PPTRequired Documents for ISO 17021 Certification.PPT
Required Documents for ISO 17021 Certification.PPT
mithun772
 
Finetuning GenAI For Hacking and Defending
Finetuning GenAI For Hacking and DefendingFinetuning GenAI For Hacking and Defending
Finetuning GenAI For Hacking and Defending
Priyanka Aash
 
Mule Experience Hub and Release Channel with Java 17
Mule Experience Hub and Release Channel with Java 17Mule Experience Hub and Release Channel with Java 17
Mule Experience Hub and Release Channel with Java 17
Bhajan Mehta
 

Recently uploaded (20)

Welcome to Cyberbiosecurity. Because regular cybersecurity wasn't complicated...
Welcome to Cyberbiosecurity. Because regular cybersecurity wasn't complicated...Welcome to Cyberbiosecurity. Because regular cybersecurity wasn't complicated...
Welcome to Cyberbiosecurity. Because regular cybersecurity wasn't complicated...
 
UX Webinar Series: Essentials for Adopting Passkeys as the Foundation of your...
UX Webinar Series: Essentials for Adopting Passkeys as the Foundation of your...UX Webinar Series: Essentials for Adopting Passkeys as the Foundation of your...
UX Webinar Series: Essentials for Adopting Passkeys as the Foundation of your...
 
Acumatica vs. Sage Intacct _Construction_July (1).pptx
Acumatica vs. Sage Intacct _Construction_July (1).pptxAcumatica vs. Sage Intacct _Construction_July (1).pptx
Acumatica vs. Sage Intacct _Construction_July (1).pptx
 
Types of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technologyTypes of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technology
 
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
 
Connector Corner: Leveraging Snowflake Integration for Smarter Decision Making
Connector Corner: Leveraging Snowflake Integration for Smarter Decision MakingConnector Corner: Leveraging Snowflake Integration for Smarter Decision Making
Connector Corner: Leveraging Snowflake Integration for Smarter Decision Making
 
Zaitechno Handheld Raman Spectrometer.pdf
Zaitechno Handheld Raman Spectrometer.pdfZaitechno Handheld Raman Spectrometer.pdf
Zaitechno Handheld Raman Spectrometer.pdf
 
UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...
UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...
UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...
 
Discovery Series - Zero to Hero - Task Mining Session 1
Discovery Series - Zero to Hero - Task Mining Session 1Discovery Series - Zero to Hero - Task Mining Session 1
Discovery Series - Zero to Hero - Task Mining Session 1
 
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
 
It's your unstructured data: How to get your GenAI app to production (and spe...
It's your unstructured data: How to get your GenAI app to production (and spe...It's your unstructured data: How to get your GenAI app to production (and spe...
It's your unstructured data: How to get your GenAI app to production (and spe...
 
Keynote : Presentation on SASE Technology
Keynote : Presentation on SASE TechnologyKeynote : Presentation on SASE Technology
Keynote : Presentation on SASE Technology
 
COVID-19 and the Level of Cloud Computing Adoption: A Study of Sri Lankan Inf...
COVID-19 and the Level of Cloud Computing Adoption: A Study of Sri Lankan Inf...COVID-19 and the Level of Cloud Computing Adoption: A Study of Sri Lankan Inf...
COVID-19 and the Level of Cloud Computing Adoption: A Study of Sri Lankan Inf...
 
Communications Mining Series - Zero to Hero - Session 3
Communications Mining Series - Zero to Hero - Session 3Communications Mining Series - Zero to Hero - Session 3
Communications Mining Series - Zero to Hero - Session 3
 
Choosing the Best Outlook OST to PST Converter: Key Features and Considerations
Choosing the Best Outlook OST to PST Converter: Key Features and ConsiderationsChoosing the Best Outlook OST to PST Converter: Key Features and Considerations
Choosing the Best Outlook OST to PST Converter: Key Features and Considerations
 
Intel Unveils Core Ultra 200V Lunar chip .pdf
Intel Unveils Core Ultra 200V Lunar chip .pdfIntel Unveils Core Ultra 200V Lunar chip .pdf
Intel Unveils Core Ultra 200V Lunar chip .pdf
 
NVIDIA at Breakthrough Discuss for Space Exploration
NVIDIA at Breakthrough Discuss for Space ExplorationNVIDIA at Breakthrough Discuss for Space Exploration
NVIDIA at Breakthrough Discuss for Space Exploration
 
Required Documents for ISO 17021 Certification.PPT
Required Documents for ISO 17021 Certification.PPTRequired Documents for ISO 17021 Certification.PPT
Required Documents for ISO 17021 Certification.PPT
 
Finetuning GenAI For Hacking and Defending
Finetuning GenAI For Hacking and DefendingFinetuning GenAI For Hacking and Defending
Finetuning GenAI For Hacking and Defending
 
Mule Experience Hub and Release Channel with Java 17
Mule Experience Hub and Release Channel with Java 17Mule Experience Hub and Release Channel with Java 17
Mule Experience Hub and Release Channel with Java 17
 

Ansible - Introduction

  • 2. Main features ○ Automating remote system provisioning and applications deployment ○ With no agents to install on remote systems ○ Using existing SSHd on remote system ○ Native OpenSSH for remote communication on control machine ○ Parallel by default ○ Automation language that approaches plain english
  • 3. Installation - requirements ○ Control machine requirements ● Python 2.6 ● Any OS except Windows ○ Managed node requirements ● Python 2.4
  • 4. Installation - control machine - source ○ From source ● $ git clone git://github.com/ansible/ansible.git ● $ cd ./ansible ● $ source ./hacking/env-setup ○ Additional python modules ● sudo easy_install pip ● sudo pip install paramiko PyYAML jinja2 httplib2
  • 5. Installation - control machine - Yum ○ Latest release Via Yum ● $ sudo yum install ansible ● make rpm from source ○ $ git clone git://github.com/ansible/ansible.git ○ $ cd ./ansible ○ make rpm ○ sudo rpm -Uvh ~/rpmbuild/ansible-*.noarch.rpm
  • 6. Installation - control machine - Apt ○ Latest release Via Apt ● $ sudo apt-get install software-properties-common ● $ sudo apt-add-repository ppa:ansible/ansible ● $ sudo apt-get update ● $ sudo apt-get install ansible
  • 7. Installation - control machine - Pip ○ Latest release Via pip ● $ sudo easy_install pip ● $ sudo pip install ansible
  • 8. Installation - control machine - Homebrew ○ Latest release Via Homebrew ● $ brew update ● $ brew install ansible
  • 9. Inventory file ○ Define how ansible will interact with remote hosts ○ Define logical groups of managed nodes ○ Default location : /etc/ansible/hosts ○ INI format
  • 10. Inventory file - communication variables ○ ansible_connection : local, ssh or paramiko ○ ansible_ssh_host : the name of the host to connect to ○ ansible_ssh_port : the ssh port number if not 22 ○ ansible_ssh_user : the ssh user name to use ○ ansible_ssh_pass : the ssh password to use (insecure) ○ ansible_ssh_private_key_file : private key file used by ssh
  • 11. Inventory file - hosts and groups localhost ansible_connection=local [webservers] web[1:5].example.com ansible_connection=ssh ansible_ssh_user=webadmin [dbservers] db[1:2].example.com ansible_connection=ssh ansible_ssh_user=dbadmin
  • 12. Inventory file - group variables [webservers] web[1:5].example.com ansible_connection=ssh ansible_ssh_user=webadmin [webservers:vars] http_port=80
  • 13. Inventory file - groups of groups [atlanta] host1 host2 [raleigh] host2 host3 [southeast:children] atlanta raleigh
  • 14. Inventory file - splitting out specific data ○ Define specific data using variables within YAML files relative to the inventory file [atlanta] host1 host2 ○ /etc/ansible/group_vars/atlanta, /etc/ansible/ host_vars/host1 --- ntp_server: acme.example.org database_server: storage.example.org ○ /etc/ansible/group_vars/atlanta/db_settings
  • 15. Patterns ○ Decide which hosts to manage ● all hosts in the inventory (all or *) ● a specific host name or group name (host1, webservers) ● wildcard configuration (192.168.1.*) ● OR configuration (host1:host2, webservers:dbservers) ● NOT configuration (webservers:dbservers:!production) ● AND configuration (webservers:dbservers:&staging) ● REGEX configuration (~(web|db).*.example.com) ● exclude hosts using limit flag (ansible-playbook site.yml --limit datacenter2)
  • 16. Vault ○ Allows keeping encrypted data in source control ○ Created encrypted files $ ansible-vault create foo.yml ○ Editing encrypted files $ ansible-vault edit foo.yml ○ Encrypting unencrypted files $ ansible-vault encrypt foo.yml ○ Decrypting encrypted files $ ansible-vault decrypt foo.yml ○ Running ad-hoc or playbook with vault $ ansible-playbook site.yml --vault-password-file ~/.vault_pass.txt
  • 17. Vagrant integration # Create a private network, which allows host-only access to the machine # using a specific IP. config.vm.network :private_network, ip: “192.168.33.10" config.vm.provision :ansible do |ansible| ansible.inventory_path = "vagrant-inventory.ini" ansible.playbook = "dockers.yml" ansible.extra_vars = { user: "vagrant" } ansible.sudo = true ansible.limit = 'all' end
  • 18. Ad-Hoc commands ○ $ ansible {pattern} -m {module} -a “{options}” {flags} ● pattern : which hosts ● module : which ansible module (command by default) ● options : which module options ● flags : command flags ○ -u {username}: to run the command as a different user (user account by default) ○ -f {n}: to run the command in n parallel forks (5 by default) ○ --sudo: to run the command through sudo ○ -K: to interactively prompt you for the sudo password to use ○ -U {username}: to sudo to a user other than root ○ -i {file}: inventory file to use ○ --ask-vault-pass: to specify the vault-password interactively ○ --vault-password-file {file}: to specify the latter within a file
  • 19. Ad-Hoc commands - samples ○ File transfer $ ansible all -m copy -a "src=/etc/hosts dest=/tmp/hosts" ○ Deploying from source control $ ansible webservers -m git -a "repo=git:// foo.example.org/repo.git dest=/srv/myapp version=HEAD" ○ Managing services $ ansible webservers -m service -a "name=httpd state=started" ○ Gathering facts $ ansible all -m setup
  • 20. Playbook ○ Expressed in YAML language ○ Composed of one or more “plays” in a list ○ Allowing multi-machine deployments orchestration
  • 21. Playbook - play --- - hosts: webservers vars: http_port: 80 max_clients: 200 remote_user: root tasks: - name: ensure apache is at the latest version yum: pkg=httpd state=latest - name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf notify: - restart apache - name: ensure apache is running service: name=httpd state=started handlers: - name: restart apache service: name=httpd state=restarted
  • 22. Playbook - hosts and users ○ hosts : one or more groups or host patterns ○ remote_user : the name of the remote user account (per play or task) ○ sudo : run tasks using sudo (per play or task) ○ sudo_user : sudo to a different user than root
  • 23. Playbook - tasks ○ Are executed in order against all machines matched by the host pattern ○ May be Included from other files tasks: - include: tasks/foo.yml ○ Hosts with failed tasks are taken out for the entire playbook ○ Each task executes a module with specific options ○ Modules are idempotent in order to bring the system to the desired state tasks: - name: {task name} {module}: {options}
  • 24. Playbook - handlers ○ Notifications may be triggered at the end of each block of tasks whenever a change has been made on the remote system ○ Handlers are referenced by name tasks: - name: template configuration file template: src=template.j2 dest=/etc/foo.conf notify: - restart apache … handlers: - name: restart apache service: name=apache state=restarted
  • 25. Playbook - roles ○ Based on a known file structure site.yml webservers.yml roles/ webservers/ files/ templates/ tasks/ handlers/ vars/ defaults/ meta/ … --- - hosts: webservers roles: - webservers If roles/x/tasks/main.yml exists, tasks listed therein will be added to the play If roles/x/handlers/main.yml exists, handlers listed therein will be added to the play If roles/x/vars/main.yml exists, variables listed therein will be added to the play If roles/x/meta/main.yml exists, any role dependencies listed therein will be added to the list of roles (1.3 and later) Any copy tasks can reference files in roles/x/files/ without having to path them relatively or absolutely Any script tasks can reference scripts in roles/x/files/ without having to path them relatively or absolutely Any template tasks can reference files in roles/x/templates/ without having to path them relatively or absolutely Any include tasks can reference files in roles/x/tasks/ without having to path them relatively or absolutely
  • 26. Playbook - roles ○ May be applied conditionally --- - hosts: webservers roles: - { role: some_role, when: "ansible_os_family == 'RedHat'" } ○ May be applied before or after other tasks --- - hosts: webservers pre_tasks: - shell: echo 'hello' roles: - { role: some_role } tasks: - shell: echo 'still busy' post_tasks: - shell: echo 'goodbye'
  • 27. Playbook - variables ○ Define directly inline - hosts: webservers vars: http_port: 80 ○ Default role variables defined in {role}/defaults/ main.yml file ○ Included variables --- - hosts: all remote_user: root vars: favcolor: blue vars_files: - /vars/external_vars.yml
  • 28. Playbook - variables - Jinja2 ○ Within conditions ● failed, changed, success, skipped - shell: /usr/bin/foo register: result ignore_errors: True - debug: msg="it failed" when: result|failed ● mandatory {{ variable | mandatory }} ● version_compare {{ ansible_distribution_version | version_compare('12.04', '>=') }} ● … ○ Within templates My amp goes to {{ max_amp_value }}
  • 29. Playbook - variables - Facts ○ Information discovered from remote system ○ Frequently used in conditionals --- - include: "Ubuntu.yml" when: ansible_distribution == 'Ubuntu' ○ Local facts ● {file}.fact within /etc/ansible/facts.d [general] foo=1 bar=2 ● can be accessed in a template/playbook as {{ ansible_local.file.general.foo }}
  • 30. Playbook - variables - Precedence ○ -e variables ansible-playbook release.yml --extra-vars "version=1.23.45 other_variable=foo" ○ “most everything else” ○ variables defined in inventory ○ variables defined in facts ○ role defaults
  • 31. Playbook - conditions ○ Execute task conditionally tasks: - shell: echo "I've got '{{ foo }}' and am not afraid to use it!" when: foo is defined ○ Include tasks conditionally - include: tasks/sometasks.yml when: "'reticulating splines' in output" ○ Execute role conditionally - hosts: webservers roles: - { role: debian_stock_config, when: ansible_os_family == 'Debian' }