Ansible Meetup Hamburg / Quickstart

Ge#ng&Started&with&Ansible
Ansible(Meetup(Hamburg,(henry(stamerjohann,(12/2014

A"brief"introduc.on"
to"Ansible

Simple'things'should'be'simple,'
complex'things'should'be'possible.
—"Alan"Kay

!Ansible!is!a!simple,!
declara0ve!push!based!
automa0on!tool!to!
describe!the!state!you!
want!servers!to!be!in.

History
• Created(by(Michael(DeHaan(
(CTO(Ansible(Inc.)
• Open(source(project,(started(February(
2012
• Maintained(by(very(acEve(Open(Source(
community
• Ansible(Inc.(provides(training,(
consulEng(services(and(oﬀers(a(webK
based(management(tool(called(Ansible(
Tower

Ansible(facts
• Ansible)is)based)on)Python)(v2.7)
• Standard)SSH)to)connect)to)managed)servers/nodes
• Push?based)system)
• Agentless)operaAon
• No)central)server,)no)special)soDware)on)managed)nodes

Ansible(facts((con/nued)
• Facts'from'each'node'used'for'state1full'decisions
• Fetch'context'before'tasks,'skip'intelligently
• Indempotent'ConﬁgMgmt'tool'(like'others)
• Extend'with'custom'modules,'use'any'language'which'can'return'
JSON'(Bash,'Ruby,'Go,'Python,'etc.)
• Source'inventory'from'various'datasource,'return'as'JSON

ConﬁgMgmt)in)comparison
• Ansible)is)similar)tool)to)Chef,)Puppet)or)Salt
• Shared)purpose)8)solve)tasks)for)CfgMgmt,)provisioning,)
deployment,)etc.
• Ansible)may)be)simplest)and)easiest)conﬁguraAon)management)
tool)to)start)with
• Chef,)Puppet,)Salt)are)great)tools)as)well,)may)be)more)complex)
to)start)with,)steeper)learning)curve,)etc.

Requirements+to+use+Ansible
• Ansible)installed)on)your)Control)Machine)(admin)machine)
• Python)required)on)all)nodes/servers)to)manage
• Installers)provided)for)OS)X,)Linux)machines)(only)
• Use)SSH)publicHkey)setup)to)connect)to)nodes

How$to$install$Ansible$(OS$X,$Linux)
Requirements:,
,•,python2dev,for,linux,
,•,xcode2command2line,tools,on,OS,X
sudo easy_install pip
sudo pip install ansible
Alterna(ve*install*methods:*
*•*homebrew*for*OS*X
*•*install*from*source

Ansible(Basic(Terminology:(
• Modules - accomplish dedicated Tasks (set values, use templates)
• Tasks - execute Module specific parameters, variables, etc.
• Variables - configuration-wide, Playbook / Roles specific vars
• Facts - gather information about the target system
• Handlers - like Tasks but usually get called by another Task
• Roles - group related Tasks, encapsulate data to accomplish Tasks
• Files - files directory contains files copied over to target
• Templates - Jinja2 format w/ placeholders to insert variables
• Vault - encrypt sensible data (i.e. files containing passwords)
• Plays - are lists of Tasks which apply to hosts / host groups
• Playbooks - YAML formatted files orchestrate steps sequentially
• Inventory - reference inside 'host' & 'ansible.cfg' files

Flexible'file'op+ons
Ansible(parses(into(subfolder
data(could(be(organized(in(nested(folder/file(structure,(
`-- vars # named subfolder
`-- main.yml # variables file
or#as#plain#file
`-- vars.yml # variables file

Ansible(Config
• You%can%use%environment%variables%
export ANSIBLE_SUDO_USER=root
• But%be3er%define%in%ansible.cfg%file%(global%or%project%based)
./ansible.cfg # current directory
~/.ansible.cfg # user's home dir
/etc/ansible/ansible.cfg # system default location

ansible.cfg!conﬁg!ﬁle!(example)
[defaults]
hostfile = hosts
forks = 5
timeout = 60
log_path = /var/log/ansible.log
nocows = 1

Inventory
• Simple:
• Manage-your-inventory-in-text-ﬁles-(INI-group-header-syntax)
• Advanced:
• use-various-datasource,-use/write-a-tool-that-speaks-to-
datasource-and-returns-JSON

Ansible(inventory(ﬁle(/(Hosts(ﬁle((Example)
# Application servers
[webserver]
web1.pretendco.com
54.93.172.13 ansible_ssh_user=ubuntu
# Database server
[db]
54.93.172.14 ansible_ssh_user=ubuntu
# Group 'multi', contains child servers
[multi:children]
webserver
db

Ansible(CLI

CLI$Commands$(overview)
ansible <host-pattern> [options] # run Ad hoc command
ansible-playbook <playbook-name> # run an Ansible playbook
ansible-galaxy <command> # share and download Ansible roles
ansible-pull [options] [playbook.yml] # setup Ansible pull architecture
ansible-doc [options] [module...] # show documentation
debug with -vvvv
dry run mode with --check
check playbooks with --syntax-check

Ansible(AdHoc(commands
ansible <pattern_goes_here> -m <module_name> -a <arguments> # -s <optional sudo>
## single server node
ansible webserver -a reboot -i /path/to/hosts ## path to hosts-file
ansible db -s -m apt -a "pkg=postgresql state=present" ## -i use path to hosts-file
## multiple server nodes
ansible multi -s -m apt -a "pkg=ntp state=installed" ## -i use path to hosts-file
ansible multi -s -m service -a "name=ntpd state=started enabled=yes" ## -i
## module example, git checkout
ansible webserver -s -m git -a "repo=git://github.com/path/to/repo.git
dest=/opt/myapp update=yes version=1.2.4" ## -i use path to hosts-file

Ansible(Playbook((simple(example)
#!/usr/bin/env ansible-playbook
---
- name: Configure webserver with nginx and ssl
hosts: webservers
sudo: True
vars:
key_file: /etc/nginx/ssl/nginx.key
cert_file: /etc/nginx/ssl/nginx.crt
conf_file: /etc/nginx/sites-available/default
server_name: localhost
tasks:
- name: Install nginx
apt: name=nginx update_cache=yes cache_valid_time=3600
...
- name: copy nginx config file
template: src=templates/nginx.conf.j2 dest={{ conf_file }}
notify: restart nginx
handlers:
- name: restart nginx
service: name=nginx state=restarted

Variables
• Variables*are*used/subs.tute*inside*tasks*or*template*ﬁles
apt: pkg={{ item }} state=installed update-cache=yes
with_items: {{ system_packages }}
# apt module will iterate over items in Array (YAML Sequence)

Example(Vars((could(be(in(external(vars.yml(ﬁle)
---
project_name: myproject
project_root: /var/projects/myproject
project_repo: git@bitbucket.org:myuser/myproject.git
system_packages:
- build-essential
- git
- libevent-dev
- nginx
- postgresql
- postgresql-server-dev-all
- python-dev
- python-setuptools
- redis-server
python_packages:
- pip
- virtualenv

Example(Vars(used(in(tasks
tasks:
- name: Create the project directory.
file: state=directory path={{ project_root }}
- name: Create user.
user: home={{ project_root }}/home/ name={{ project_name }} state=present
- name: Update the project directory.
file: group={{ project_name }} owner={{ project_name }} mode=755 state=directory path={{ project_root }}
- name: Install required system packages.
apt: pkg={{ item }} state=installed update-cache=yes
with_items: {{ system_packages }}
- name: Install required Python packages.
easy_install: name={{ item }}
with_items: {{ python_packages }}

templates/nginx.conf.j23
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
listen 443 ssl;
root /usr/share/nginx/html;
index index.html index.htm;
server_name {{ server_name }};
ssl_certificate {{ cert_file }};
ssl_certificate_key {{ key_file }};
location / {
try_files $uri $uri/ =404;
}
}

Playbooks

Playbooks
• Playbooks*format*is*YAML*
• Playbooks*express*configura<ons,*deployment*and*orchestra<on
• A*Playbook*maps*a*group*of*hosts*to*a*set*of*roles*or*tasks
• Playbook*reference*included*files*(vars.yml,*lookup*files,*etc.)
• Op<onally*you*can*prompt*for*user*input*during*run

---
- hosts: multi
sudo: True
vars:
app_name: my-app
license_file: "{{ lookup('file','license.xml') }}"
# prompt during run
vars_prompt:
- name: "set_password for x"
prompt: "enter password for x"
default: "super_dumb_pw"
private: yes
pre_tasks:
- name: display facts, print name and ip
debug: msg="System {{ inventory_hostname }} has ip {{ ansible_default_ipv4 }}"
# run gerneral tasks
tasks:
- name: Install ntp
apt: name=ntp update_cache=yes cache_valid_time=3600
...
# install roles sequentially
roles:
- { role: database, tags: db }
- { role: nginx, tags: webapp }
- { role: tomcat, tags: webapp }

Playbook(Anatomy
• name: display name of your playbook (optional)
• hosts: host or host group against run the tasks (mandatory)
• sudo: True/False (optional)
• vars: reference vars inline or /path/to/file (optional)
• tasks: list of actions to perform, call up modules use variables
• handlers: task that runs if it has been notified by another task
• roles: call role to execute bundled tasks
... and some more

Playbook(convenience(use
• Add$tags$to$your$playbook
• Run$ansible5playbook$but$only$tasks$with$tags:$
--tags templates,apache
• Run$ansible5playbook$but$exclude$--skip-tags templates
tasks:
- name: template apache config
template: src=httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf
tags:
- templates
- apache
notify:
- restart apache

Ansible(Galaxy
• community*roles*available*
• reference*to*public*github*repos
• source*to*learn*and*start*from
ansible-galaxy install username.rolename

Ansible(Tower
• Web%based)GUI)developed)by)Ansible)Inc.
• Dashboard)to)manage)your)nodes
• Provides)job)scheduling,)inventory)management,)job)status)
updates
• With)built%in)REST)API
h"p://www.ansible.com/tower

Few$common$use$cases

Nice%ci&zen%with%Vagrant
Working(Vagrant(provider(available
# Provisioning configuration for Ansible.
config.vm.provision "ansible" do |ansible|
ansible.playbook = "playbook.yml"
# Run commands as root.
ansible.sudo = true
end

Nice%ci&zen%with%Docker%(really?)
• Have&a&large&overlap,&let's&discuss&a4er&today's&talk&by&
Chris&an)Kniep&8&here's&the&commented&presenta<on:
h>p://qnib.org/2014/12/19/Docker8and8ConﬁgMgmt/
• You&can&manage&Docker&host&with&docker&modules
- docker-module # launch, provision, and delete Docker containers.
- docker-images module # build docker-files with Ansible.
- docker_facts module
- Docker inventory plugin
Note: Ansible Module has dependency on docker-py Docker client python library

Ansible(docker.module(example
# Start docker container running tomcat in each host of webserver group,
# bind tomcat's listening port to 8080 on the host:
---
- hosts: webserver
sudo: yes
tasks:
- name: run tomcat servers
docker: image=centos command="service tomcat6 start" ports=8080
# Create multiple named containers:
---
- hosts: webserver
sudo: yes
tasks:
- name: run tomcat servers
docker: image=centos name={{item}} command="service tomcat6 start" ports=8080
with_items:
- crookshank
- snowbell
- heathcliff
- felix
- sylvester

Scale&and&Orchestrate&with&Ansible
use$ansible*pull$mode$!
• Pulls&a&specified&git&repository&into&a&specified&directory
• If&the&repo&has&changed,&it&runs&a&file&called&<hostname>.yml&or&
local.yml&from&repo&root&directory
1. Add ansible-pull to crontab.
2. Add the <hostname>.yml or local.yml file to your repository.
Example:)ansible_pull.yml

Documenta*on
• Ge$ng'Started
• Advanced'Setups
• Module'Reference
• Examples
• Ressources
• Case'Studies
• etc.

Ansible(Up(&(Running
by#Lorin#Hochstein
Free$preview$of$Ansible$Up$&$Running$by$
Lorin$Hochstein.$
h"p://www.ansible.com/ansible2book
Preview Edition includes:
• Chapter 1 Introduction
• Chapter 2 Playbooks, a Beginning
• Chapter 3 Inventory: Describing Your Servers

Next%Ansible%HH%Meetup,%Feb%2015

Thank&You!

Ansible Meetup Hamburg / Quickstart

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (11)

Similar to Ansible Meetup Hamburg / Quickstart

Similar to Ansible Meetup Hamburg / Quickstart (20)

More from Henry Stamerjohann

More from Henry Stamerjohann (6)

Recently uploaded

Recently uploaded (20)

Ansible Meetup Hamburg / Quickstart