SlideShare a Scribd company logo

IT Automation with Ansible

Rayed Alrashed
Rayed Alrashed

This document provides an overview of IT automation using Ansible. It discusses using Ansible to automate tasks across multiple servers like installing packages and copying files without needing to login to each server individually. It also covers Ansible concepts like playbooks, variables, modules, and vault for securely storing passwords. Playbooks allow defining automation jobs as code that can be run on multiple servers simultaneously in a consistent and repeatable way.

Technology
1 of 27
Download to read offline
IT Automation with Rayed Alrashed
About Me • 1993 - 1997 KSU • 1997 - 1999 ISU KACST • 1999 - 2001 GWU • 2001 - 2007 SAUDI NET • 2008 - 2011 CITC • 2011 - Now WireFilter
Linux Admin Accounts • root user • Superuser, can do anything • Dangerous, please don’t use it! • sudo • Better accountability • Fine tune permissions root# rm /var/db/mysql user1$ sudo visudo : # Members of the admin group may gain root privileges %admin ALL=(ALL) ALL : Cmnd_Alias APTITUDE = /usr/bin/aptitude update, /usr/ bin/aptitude upgrade user1 ALL=(ALL) NOPASSWD: APTITUDE user1$ sudo aptitude update … no password needed! user1$ sudo rm /var/lib/mysql Password: : user1$ sudo rm /var/lib/postgresql … no password for few minutes …
What is SSH • SSH have more goodies: • Access using Keys / Password less • Compression • Secure File Transfer (scp, sftp) • Tunneling SSH is acronym for Secure Shell telnet = clear text SSH = encrypted
SSH Keys authorized_keys server1 host1 id_rsa id_rsa.pub id_rsa.pub host2 id_rsa id_rsa.pub host1$ ssh-keygen This will create 2 files: id_rsa : private key id_rsa.pub : public key id_rsa.pub host1$ ssh-copy-id server1 add id_rsa.pub to server authorized_keys (Password is needed) host1$ ssh server1 No Password!!
Poor Man’s Administration $ ssh www1.example.com www1$ sudo vi /etc/resolv.conf www1$ sudo apt-get install nginx : $ $ ssh www2.example.com www2$ sudo vi /etc/resolv.conf www2$ sudo apt-get install nginx : $ $ ssh www3.example.com www3$ sudo vi /etc/resolv.conf www3$ sudo apt-get install nginx : : : etc … • Connecting to each server one by one • Time consuming • Repetitive & error prone • Not Reproducible • No way to track changes!
Poor Man’s Automation #!/bin/sh HOSTS=" www1.rayed.com www2.rayed.com www3.rayed.com db1.rayed.com db2.rayed.com " for host in $HOSTS do # Copy DNS settings to all servers scp resolv.conf $host:/etc/resolv.conf # Install Nginx ssh $host “sudo apt-get install nginx” done • Loop in a shell script • Hard to write • Hard to maintain • Error prone
What is Ansible? • IT Automation Tool • Open Source / Commercial support available • No server on Management Node • No agent on Managed Nodes • Uses ssh; no special ports, passwords, or keys • No need to install on dedicated machine • Easy to Install, Learn and Use
Installation • Linux:
 $ sudo easy_install pip
 $ sudo pip install ansible • OSX:
 $ brew update
 $ brew install ansible
Inventory • List of machine you want to manage • Location: • Default: /etc/ansible/host • export ANSIBLE_HOST=my_hosts • Use -i option: ansible -i my_hosts • Defined in ansible.cfg • Dynamic Inventory: Ask AWS, Linode, DigitalOcean, your own script! # file: ansible_hosts mail.example.com [webservers] www[1:5].example.com [dbservers] db-[a:d].example.com # file: ansible.cfg [defaults] hostfile = ./ansible_hosts
Ad-Hoc Commands
Ad-Hoc Commands • Do something quick, not worth saving! • Not worth writing a Playbook for • e.g.: shutdown a lab! • Examples: ansible all -i ansible_hosts -m ping ansible all -m ping ansible webservers -m ping ansible www1.example.com -m ping ansible all -m command —a date ansible all -a date ansible all -a reboot ansible all -a reboot -s ansible all -a reboot -s -K
module: ping • Check connectivity • If you can ssh you can ping:
 $ ssh user@host • You can specify group or “all” • Execute in parallel $ ansible webservers -m ping www1.example.com | success >> { "changed": false, "ping": "pong" } $ ansible www404.example.com -m ping www404.example.com | FAILED => SSH encountered an unknown error during the connection. We recommend you re-run the command using -vvvv, which will enable SSH debugging output to help diagnose the issue
module: setup • Get tons of information about the machine • Name, Disks, IP, OS version, etc … • Can be used for conditional operations $ ansible www1.example.com -m setup www1.example.com | success >> { "ansible_facts": { "ansible_all_ipv4_addresses": [ "178.79.182.89" ], "ansible_all_ipv6_addresses": [ "2a01:7e00::f03c:91ff:fe70:5c6a", "fe80::f03c:91ff:fe70:5c6a" ], "ansible_architecture": "x86_64", "ansible_bios_date": "NA", "ansible_bios_version": "NA", :
module: command • Execute command on remote machine • e.g. reboot $ ansible www1.example.com -m command -a “echo hello” www1.example.com | rc=0 >> { hello $ ansible www1.example.com -a “echo hello” www1.example.com | rc=0 >> { hello
module: apt • Package management for Debian & Ubuntu • Install, Uninstall, Update • There is also “yum” module for RedHat, CentOS, and Fedora. • You might need: • -s : command need sudo • -K : Ask for sudo password $ ansible www1.example.com -m apt -a “name=nginx state=present” $ ansible www1.example.com -m apt -a “update_cache=yes upgrade=safe”
Other Interesting Modules • user: Manage user accounts • lineinfile: Ensure a particular line is in a file, or replace an existing line using a back-referenced regular expression. • copy: Copies files to remote locations. • template: Templates a file out to a remote server.
Other Interesting Modules • authorized_key: Adds or removes an SSH authorized key • service: Manage services, start/stop/restart/ restart on reboot. • mysql_db, mysql_user, postgresql_db, postgresql_user: Can you guess it! • git: Deploy software (or files) from git checkouts
Playbooks
What is a Playbook • Ansible’s configuration, deployment, and orchestration language. • Modules are the tools in your workshop, Playbooks are your design plans. • YAML! --- # An employee record name: Example Developer job: Developer skill: Elite employed: True foods: - Apple - Orange - Strawberry - Mango languages: ruby: Elite python: Elite dotnet: Lame
Playbook Example --- - hosts: webservers #remote_user: root sudo: yes tasks: - name: Install Nginx apt: name=nginx state=present - name: Copy static site copy: src=files/my_site dest=/var/www - name: Configure Nginx template: src=files/nginx_site.conf dest=/etc/nginx/new_site.conf notify: my_nginx_reload handlers: - name: my_nginx_reload service: name=nginx state=restarted my_playbook.yml ansible-playbook my_playbook.yml -KExecute Playbook
Variables • Defined • Inventory • Playbook • Discovered (Facts) • Use # playbook - hosts: webservers vars: http_port: 80 # inventory file host1 http_port=80 [webservers:vars] http_port=80 # facts : "ansible_distribution": "Ubuntu", "ansible_distribution_release": "precise", "ansible_distribution_version": “12.04", : # in playbook template: src=foo.cfg.j2 dest={{ remote_install_path }}/foo.cfg # in template files server { listen 80; root /var/www/my_site; index index.html index.htm; server_name {{ ansible_default_ipv4.address }}; }
Conditions • Use Variables & Facts • Conditional Tasks • Conditional Includes • Conditional Roles - name: Install Apache (Ubuntu) apt: name=apache state=latest when: ansible_os_family == ‘Debian’ - name: Install Apache (CentOS) yum: name= httpd state=latest when: ansible_os_family == ‘RedHat’ - include: tasks/sometasks.yml when: "'reticulating splines' in output" - hosts: webservers roles: - { role: debian_stock_config, when: ansible_os_family == 'Debian' }
Loops # With Loops - name: Install Packages apt: name={{item}} state=present with_items: - iptables-persistent - fail2ban - exim4-daemon-light - apticron - git - figlet - nginx # Without Loops - name: Install Packages apt: name= fail2ban state=present - name: Install Packages apt: name= apticron state=present - name: Install Packages apt: name= git state=present - name: Install Packages apt: name= figlet state=present - name: Install Packages apt: name= nginx state=present # Loop with Hash (Dictionary) - name: add several users user: name={{ item.name }} state=present groups={{ item.groups }} with_items: - { name: 'testuser1', groups: 'wheel' } - { name: 'testuser2', groups: 'root' } Other Loop Types Available
Vault • Ansible + GIT • What about passwords? ansible-playbook site.yml —ask-vault-pass ansible-playbook site.yml --vault-password-file ~/.vault_pass.txt $ANSIBLE_VAULT;1.1;AES256 35373133613062323636623536666439396531656662313262326562353261376435343934346433 3563333532333362303430323666313931376138623437380a623461636265633561313064313564 37666561306661663237323466343166653738633765383666383066396234646539633565373636 3961643731363130340a336465666334633839333061356439316237323262633364613037623164 3965 ansible-vault create site.yml ansible-vault edit site.yml
–Anonymous “A lazy sysadmin is the best admin”
More • http://www.ansible.com/ • http://docs.ansible.com/ • https://galaxy.ansible.com/ • http://docs.ansible.com/list_of_all_modules.html

Recommended

Introduction to Ansible
Introduction to AnsibleIntroduction to Ansible
Introduction to AnsibleCoreStack
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentationJohn Lynch
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentationSuresh Kumar
 
Ansible Introduction
Ansible Introduction Ansible Introduction
Ansible Introduction Robert Reiz
 
Ansible
AnsibleAnsible
AnsibleKnoldus Inc.
 
Automation with ansible
Automation with ansibleAutomation with ansible
Automation with ansibleKhizer Naeem
 
Ansible
AnsibleAnsible
AnsibleRahul Bajaj
 
Ansible - Introduction
Ansible - IntroductionAnsible - Introduction
Ansible - IntroductionStephane Manciot
 

Recommended

Introduction to Ansible
Introduction to AnsibleIntroduction to Ansible
Introduction to AnsibleCoreStack
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentationJohn Lynch
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentationSuresh Kumar
 
Ansible Introduction
Ansible Introduction Ansible Introduction
Ansible Introduction Robert Reiz
 
Ansible
AnsibleAnsible
AnsibleKnoldus Inc.
 
Automation with ansible
Automation with ansibleAutomation with ansible
Automation with ansibleKhizer Naeem
 
Ansible
AnsibleAnsible
AnsibleRahul Bajaj
 
Ansible - Introduction
Ansible - IntroductionAnsible - Introduction
Ansible - IntroductionStephane Manciot
 
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...Simplilearn
 
Introduction to Ansible
Introduction to AnsibleIntroduction to Ansible
Introduction to AnsibleKnoldus Inc.
 
DevOps with Ansible
DevOps with AnsibleDevOps with Ansible
DevOps with AnsibleSwapnil Jain
 
Automating with Ansible
Automating with AnsibleAutomating with Ansible
Automating with AnsibleRicardo Schmidt
 
Introduction to ansible
Introduction to ansibleIntroduction to ansible
Introduction to ansibleOmid Vahdaty
 
Ansible
AnsibleAnsible
AnsibleVishal Yadav
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentationKumar Y
 
ansible why ?
ansible why ?ansible why ?
ansible why ?Yashar Esmaildokht
 
DevOps Meetup ansible
DevOps Meetup ansibleDevOps Meetup ansible
DevOps Meetup ansiblesriram_rajan
 
Getting started with Ansible
Getting started with AnsibleGetting started with Ansible
Getting started with AnsibleIvan Serdyuk
 
Ansible, best practices
Ansible, best practicesAnsible, best practices
Ansible, best practicesBas Meijer
 
Ansible - Hands on Training
Ansible - Hands on TrainingAnsible - Hands on Training
Ansible - Hands on TrainingMehmet Ali Aydın
 
Ansible
AnsibleAnsible
AnsibleKamil Lelonek
 
Configuration Management in Ansible
Configuration Management in Ansible Configuration Management in Ansible
Configuration Management in Ansible Bangladesh Network Operators Group
 
Docker Networking Overview
Docker Networking OverviewDocker Networking Overview
Docker Networking OverviewSreenivas Makam
 
Ansible 101
Ansible 101Ansible 101
Ansible 101Gena Mykhailiuta
 
Ansible Tutorial For Beginners | What Is Ansible And How It Works? | Ansible ...
Ansible Tutorial For Beginners | What Is Ansible And How It Works? | Ansible ...Ansible Tutorial For Beginners | What Is Ansible And How It Works? | Ansible ...
Ansible Tutorial For Beginners | What Is Ansible And How It Works? | Ansible ...Simplilearn
 
Network Automation with Ansible
Network Automation with AnsibleNetwork Automation with Ansible
Network Automation with AnsibleAnas
 
Ansible for beginners
Ansible for beginnersAnsible for beginners
Ansible for beginnersKuo-Le Mei
 
Ansible intro
Ansible introAnsible intro
Ansible introMarcelo Quintiliano da Silva
 
Ansible is the simplest way to automate. MoldCamp, 2015
Ansible is the simplest way to automate. MoldCamp, 2015Ansible is the simplest way to automate. MoldCamp, 2015
Ansible is the simplest way to automate. MoldCamp, 2015Alex S
 
Ansible new paradigms for orchestration
Ansible new paradigms for orchestrationAnsible new paradigms for orchestration
Ansible new paradigms for orchestrationPaolo Tonin
 

More Related Content

What's hot

What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...Simplilearn
 
Introduction to Ansible
Introduction to AnsibleIntroduction to Ansible
Introduction to AnsibleKnoldus Inc.
 
DevOps with Ansible
DevOps with AnsibleDevOps with Ansible
DevOps with AnsibleSwapnil Jain
 
Introduction to ansible
Introduction to ansibleIntroduction to ansible
Introduction to ansibleOmid Vahdaty
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentationKumar Y
 
DevOps Meetup ansible
DevOps Meetup ansibleDevOps Meetup ansible
DevOps Meetup ansiblesriram_rajan
 
Getting started with Ansible
Getting started with AnsibleGetting started with Ansible
Getting started with AnsibleIvan Serdyuk
 
Ansible, best practices
Ansible, best practicesAnsible, best practices
Ansible, best practicesBas Meijer
 
Docker Networking Overview
Docker Networking OverviewDocker Networking Overview
Docker Networking OverviewSreenivas Makam
 
Ansible Tutorial For Beginners | What Is Ansible And How It Works? | Ansible ...
Ansible Tutorial For Beginners | What Is Ansible And How It Works? | Ansible ...Ansible Tutorial For Beginners | What Is Ansible And How It Works? | Ansible ...
Ansible Tutorial For Beginners | What Is Ansible And How It Works? | Ansible ...Simplilearn
 
Network Automation with Ansible
Network Automation with AnsibleNetwork Automation with Ansible
Network Automation with AnsibleAnas
 
Ansible for beginners
Ansible for beginnersAnsible for beginners
Ansible for beginnersKuo-Le Mei
 

What's hot (20)

What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
 
Introduction to Ansible
Introduction to AnsibleIntroduction to Ansible
Introduction to Ansible
 
DevOps with Ansible
DevOps with AnsibleDevOps with Ansible
DevOps with Ansible
 
Automating with Ansible
Automating with AnsibleAutomating with Ansible
Automating with Ansible
 
Introduction to ansible
Introduction to ansibleIntroduction to ansible
Introduction to ansible
 
Ansible
AnsibleAnsible
Ansible
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentation
 
ansible why ?
ansible why ?ansible why ?
ansible why ?
 
DevOps Meetup ansible
DevOps Meetup ansibleDevOps Meetup ansible
DevOps Meetup ansible
 
Getting started with Ansible
Getting started with AnsibleGetting started with Ansible
Getting started with Ansible
 
Ansible, best practices
Ansible, best practicesAnsible, best practices
Ansible, best practices
 
Ansible - Hands on Training
Ansible - Hands on TrainingAnsible - Hands on Training
Ansible - Hands on Training
 
Ansible
AnsibleAnsible
Ansible
 
Configuration Management in Ansible
Configuration Management in Ansible Configuration Management in Ansible
Configuration Management in Ansible
 
Docker Networking Overview
Docker Networking OverviewDocker Networking Overview
Docker Networking Overview
 
Ansible 101
Ansible 101Ansible 101
Ansible 101
 
Ansible Tutorial For Beginners | What Is Ansible And How It Works? | Ansible ...
Ansible Tutorial For Beginners | What Is Ansible And How It Works? | Ansible ...Ansible Tutorial For Beginners | What Is Ansible And How It Works? | Ansible ...
Ansible Tutorial For Beginners | What Is Ansible And How It Works? | Ansible ...
 
Network Automation with Ansible
Network Automation with AnsibleNetwork Automation with Ansible
Network Automation with Ansible
 
Ansible for beginners
Ansible for beginnersAnsible for beginners
Ansible for beginners
 
Ansible intro
Ansible introAnsible intro
Ansible intro
 

Similar to IT Automation with Ansible

Ansible is the simplest way to automate. MoldCamp, 2015
Ansible is the simplest way to automate. MoldCamp, 2015Ansible is the simplest way to automate. MoldCamp, 2015
Ansible is the simplest way to automate. MoldCamp, 2015Alex S
 
Ansible new paradigms for orchestration
Ansible new paradigms for orchestrationAnsible new paradigms for orchestration
Ansible new paradigms for orchestrationPaolo Tonin
 
A tour of Ansible
A tour of AnsibleA tour of Ansible
A tour of AnsibleDevOps Ltd.
 
Automating Complex Setups with Puppet
Automating Complex Setups with PuppetAutomating Complex Setups with Puppet
Automating Complex Setups with PuppetKris Buytaert
 
Ansible 101 - Presentation at Ansible STL Meetup
Ansible 101 - Presentation at Ansible STL MeetupAnsible 101 - Presentation at Ansible STL Meetup
Ansible 101 - Presentation at Ansible STL MeetupJeff Geerling
 
Ansible - Swiss Army Knife Orchestration
Ansible - Swiss Army Knife OrchestrationAnsible - Swiss Army Knife Orchestration
Ansible - Swiss Army Knife Orchestrationbcoca
 
Puppet: Eclipsecon ALM 2013
Puppet: Eclipsecon ALM 2013Puppet: Eclipsecon ALM 2013
Puppet: Eclipsecon ALM 2013grim_radical
 
Automating complex infrastructures with Puppet
Automating complex infrastructures with PuppetAutomating complex infrastructures with Puppet
Automating complex infrastructures with PuppetKris Buytaert
 
Virtualization and automation of library software/machines + Puppet
Virtualization and automation of library software/machines + PuppetVirtualization and automation of library software/machines + Puppet
Virtualization and automation of library software/machines + PuppetOmar Reygaert
 
Hadoop meet Rex(How to construct hadoop cluster with rex)
Hadoop meet Rex(How to construct hadoop cluster with rex)Hadoop meet Rex(How to construct hadoop cluster with rex)
Hadoop meet Rex(How to construct hadoop cluster with rex)Jun Hong Kim
 
Nagios Conference 2014 - Mike Weber - Expanding NRDS Capabilities on Linux Sy...
Nagios Conference 2014 - Mike Weber - Expanding NRDS Capabilities on Linux Sy...Nagios Conference 2014 - Mike Weber - Expanding NRDS Capabilities on Linux Sy...
Nagios Conference 2014 - Mike Weber - Expanding NRDS Capabilities on Linux Sy...Nagios
 
20100425 Configuration Management With Puppet Lfnw
20100425 Configuration Management With Puppet Lfnw20100425 Configuration Management With Puppet Lfnw
20100425 Configuration Management With Puppet Lfnwgarrett honeycutt
 
Ansible is the simplest way to automate. SymfonyCafe, 2015
Ansible is the simplest way to automate. SymfonyCafe, 2015Ansible is the simplest way to automate. SymfonyCafe, 2015
Ansible is the simplest way to automate. SymfonyCafe, 2015Alex S
 
Automate with Ansible basic (2/e, English)
Automate with Ansible basic (2/e, English)Automate with Ansible basic (2/e, English)
Automate with Ansible basic (2/e, English)Chu-Siang Lai
 
Deploying to Ubuntu on Linode
Deploying to Ubuntu on LinodeDeploying to Ubuntu on Linode
Deploying to Ubuntu on LinodeWO Community
 
WordPress CLI in-depth
WordPress CLI in-depthWordPress CLI in-depth
WordPress CLI in-depthSanjay Willie
 
EC2 AMI Factory with Chef, Berkshelf, and Packer
EC2 AMI Factory with Chef, Berkshelf, and PackerEC2 AMI Factory with Chef, Berkshelf, and Packer
EC2 AMI Factory with Chef, Berkshelf, and PackerGeorge Miranda
 
Modern tooling to assist with developing applications on FreeBSD
Modern tooling to assist with developing applications on FreeBSDModern tooling to assist with developing applications on FreeBSD
Modern tooling to assist with developing applications on FreeBSDSean Chittenden
 

Similar to IT Automation with Ansible (20)

Ansible is the simplest way to automate. MoldCamp, 2015
Ansible is the simplest way to automate. MoldCamp, 2015Ansible is the simplest way to automate. MoldCamp, 2015
Ansible is the simplest way to automate. MoldCamp, 2015
 
Ansible new paradigms for orchestration
Ansible new paradigms for orchestrationAnsible new paradigms for orchestration
Ansible new paradigms for orchestration
 
A tour of Ansible
A tour of AnsibleA tour of Ansible
A tour of Ansible
 
Automating Complex Setups with Puppet
Automating Complex Setups with PuppetAutomating Complex Setups with Puppet
Automating Complex Setups with Puppet
 
Hadoop on osx
Hadoop on osxHadoop on osx
Hadoop on osx
 
Ansible 101 - Presentation at Ansible STL Meetup
Ansible 101 - Presentation at Ansible STL MeetupAnsible 101 - Presentation at Ansible STL Meetup
Ansible 101 - Presentation at Ansible STL Meetup
 
Ansible - Swiss Army Knife Orchestration
Ansible - Swiss Army Knife OrchestrationAnsible - Swiss Army Knife Orchestration
Ansible - Swiss Army Knife Orchestration
 
Puppet: Eclipsecon ALM 2013
Puppet: Eclipsecon ALM 2013Puppet: Eclipsecon ALM 2013
Puppet: Eclipsecon ALM 2013
 
Automating complex infrastructures with Puppet
Automating complex infrastructures with PuppetAutomating complex infrastructures with Puppet
Automating complex infrastructures with Puppet
 
Virtualization and automation of library software/machines + Puppet
Virtualization and automation of library software/machines + PuppetVirtualization and automation of library software/machines + Puppet
Virtualization and automation of library software/machines + Puppet
 
DevOps for database
DevOps for databaseDevOps for database
DevOps for database
 
Hadoop meet Rex(How to construct hadoop cluster with rex)
Hadoop meet Rex(How to construct hadoop cluster with rex)Hadoop meet Rex(How to construct hadoop cluster with rex)
Hadoop meet Rex(How to construct hadoop cluster with rex)
 
Nagios Conference 2014 - Mike Weber - Expanding NRDS Capabilities on Linux Sy...
Nagios Conference 2014 - Mike Weber - Expanding NRDS Capabilities on Linux Sy...Nagios Conference 2014 - Mike Weber - Expanding NRDS Capabilities on Linux Sy...
Nagios Conference 2014 - Mike Weber - Expanding NRDS Capabilities on Linux Sy...
 
20100425 Configuration Management With Puppet Lfnw
20100425 Configuration Management With Puppet Lfnw20100425 Configuration Management With Puppet Lfnw
20100425 Configuration Management With Puppet Lfnw
 
Ansible is the simplest way to automate. SymfonyCafe, 2015
Ansible is the simplest way to automate. SymfonyCafe, 2015Ansible is the simplest way to automate. SymfonyCafe, 2015
Ansible is the simplest way to automate. SymfonyCafe, 2015
 
Automate with Ansible basic (2/e, English)
Automate with Ansible basic (2/e, English)Automate with Ansible basic (2/e, English)
Automate with Ansible basic (2/e, English)
 
Deploying to Ubuntu on Linode
Deploying to Ubuntu on LinodeDeploying to Ubuntu on Linode
Deploying to Ubuntu on Linode
 
WordPress CLI in-depth
WordPress CLI in-depthWordPress CLI in-depth
WordPress CLI in-depth
 
EC2 AMI Factory with Chef, Berkshelf, and Packer
EC2 AMI Factory with Chef, Berkshelf, and PackerEC2 AMI Factory with Chef, Berkshelf, and Packer
EC2 AMI Factory with Chef, Berkshelf, and Packer
 
Modern tooling to assist with developing applications on FreeBSD
Modern tooling to assist with developing applications on FreeBSDModern tooling to assist with developing applications on FreeBSD
Modern tooling to assist with developing applications on FreeBSD
 

Recently uploaded

Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 

Recently uploaded (20)

Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 

IT Automation with Ansible

  • 2. About Me • 1993 - 1997 KSU • 1997 - 1999 ISU KACST • 1999 - 2001 GWU • 2001 - 2007 SAUDI NET • 2008 - 2011 CITC • 2011 - Now WireFilter
  • 3. Linux Admin Accounts • root user • Superuser, can do anything • Dangerous, please don’t use it! • sudo • Better accountability • Fine tune permissions root# rm /var/db/mysql user1$ sudo visudo : # Members of the admin group may gain root privileges %admin ALL=(ALL) ALL : Cmnd_Alias APTITUDE = /usr/bin/aptitude update, /usr/ bin/aptitude upgrade user1 ALL=(ALL) NOPASSWD: APTITUDE user1$ sudo aptitude update … no password needed! user1$ sudo rm /var/lib/mysql Password: : user1$ sudo rm /var/lib/postgresql … no password for few minutes …
  • 4. What is SSH • SSH have more goodies: • Access using Keys / Password less • Compression • Secure File Transfer (scp, sftp) • Tunneling SSH is acronym for Secure Shell telnet = clear text SSH = encrypted
  • 5. SSH Keys authorized_keys server1 host1 id_rsa id_rsa.pub id_rsa.pub host2 id_rsa id_rsa.pub host1$ ssh-keygen This will create 2 files: id_rsa : private key id_rsa.pub : public key id_rsa.pub host1$ ssh-copy-id server1 add id_rsa.pub to server authorized_keys (Password is needed) host1$ ssh server1 No Password!!
  • 6. Poor Man’s Administration $ ssh www1.example.com www1$ sudo vi /etc/resolv.conf www1$ sudo apt-get install nginx : $ $ ssh www2.example.com www2$ sudo vi /etc/resolv.conf www2$ sudo apt-get install nginx : $ $ ssh www3.example.com www3$ sudo vi /etc/resolv.conf www3$ sudo apt-get install nginx : : : etc … • Connecting to each server one by one • Time consuming • Repetitive & error prone • Not Reproducible • No way to track changes!
  • 7. Poor Man’s Automation #!/bin/sh HOSTS=" www1.rayed.com www2.rayed.com www3.rayed.com db1.rayed.com db2.rayed.com " for host in $HOSTS do # Copy DNS settings to all servers scp resolv.conf $host:/etc/resolv.conf # Install Nginx ssh $host “sudo apt-get install nginx” done • Loop in a shell script • Hard to write • Hard to maintain • Error prone
  • 8. What is Ansible? • IT Automation Tool • Open Source / Commercial support available • No server on Management Node • No agent on Managed Nodes • Uses ssh; no special ports, passwords, or keys • No need to install on dedicated machine • Easy to Install, Learn and Use
  • 9. Installation • Linux:
 $ sudo easy_install pip
 $ sudo pip install ansible • OSX:
 $ brew update
 $ brew install ansible
  • 10. Inventory • List of machine you want to manage • Location: • Default: /etc/ansible/host • export ANSIBLE_HOST=my_hosts • Use -i option: ansible -i my_hosts • Defined in ansible.cfg • Dynamic Inventory: Ask AWS, Linode, DigitalOcean, your own script! # file: ansible_hosts mail.example.com [webservers] www[1:5].example.com [dbservers] db-[a:d].example.com # file: ansible.cfg [defaults] hostfile = ./ansible_hosts
  • 12. Ad-Hoc Commands • Do something quick, not worth saving! • Not worth writing a Playbook for • e.g.: shutdown a lab! • Examples: ansible all -i ansible_hosts -m ping ansible all -m ping ansible webservers -m ping ansible www1.example.com -m ping ansible all -m command —a date ansible all -a date ansible all -a reboot ansible all -a reboot -s ansible all -a reboot -s -K
  • 13. module: ping • Check connectivity • If you can ssh you can ping:
 $ ssh user@host • You can specify group or “all” • Execute in parallel $ ansible webservers -m ping www1.example.com | success >> { "changed": false, "ping": "pong" } $ ansible www404.example.com -m ping www404.example.com | FAILED => SSH encountered an unknown error during the connection. We recommend you re-run the command using -vvvv, which will enable SSH debugging output to help diagnose the issue
  • 14. module: setup • Get tons of information about the machine • Name, Disks, IP, OS version, etc … • Can be used for conditional operations $ ansible www1.example.com -m setup www1.example.com | success >> { "ansible_facts": { "ansible_all_ipv4_addresses": [ "178.79.182.89" ], "ansible_all_ipv6_addresses": [ "2a01:7e00::f03c:91ff:fe70:5c6a", "fe80::f03c:91ff:fe70:5c6a" ], "ansible_architecture": "x86_64", "ansible_bios_date": "NA", "ansible_bios_version": "NA", :
  • 15. module: command • Execute command on remote machine • e.g. reboot $ ansible www1.example.com -m command -a “echo hello” www1.example.com | rc=0 >> { hello $ ansible www1.example.com -a “echo hello” www1.example.com | rc=0 >> { hello
  • 16. module: apt • Package management for Debian & Ubuntu • Install, Uninstall, Update • There is also “yum” module for RedHat, CentOS, and Fedora. • You might need: • -s : command need sudo • -K : Ask for sudo password $ ansible www1.example.com -m apt -a “name=nginx state=present” $ ansible www1.example.com -m apt -a “update_cache=yes upgrade=safe”
  • 17. Other Interesting Modules • user: Manage user accounts • lineinfile: Ensure a particular line is in a file, or replace an existing line using a back-referenced regular expression. • copy: Copies files to remote locations. • template: Templates a file out to a remote server.
  • 18. Other Interesting Modules • authorized_key: Adds or removes an SSH authorized key • service: Manage services, start/stop/restart/ restart on reboot. • mysql_db, mysql_user, postgresql_db, postgresql_user: Can you guess it! • git: Deploy software (or files) from git checkouts
  • 20. What is a Playbook • Ansible’s configuration, deployment, and orchestration language. • Modules are the tools in your workshop, Playbooks are your design plans. • YAML! --- # An employee record name: Example Developer job: Developer skill: Elite employed: True foods: - Apple - Orange - Strawberry - Mango languages: ruby: Elite python: Elite dotnet: Lame
  • 21. Playbook Example --- - hosts: webservers #remote_user: root sudo: yes tasks: - name: Install Nginx apt: name=nginx state=present - name: Copy static site copy: src=files/my_site dest=/var/www - name: Configure Nginx template: src=files/nginx_site.conf dest=/etc/nginx/new_site.conf notify: my_nginx_reload handlers: - name: my_nginx_reload service: name=nginx state=restarted my_playbook.yml ansible-playbook my_playbook.yml -KExecute Playbook
  • 22. Variables • Defined • Inventory • Playbook • Discovered (Facts) • Use # playbook - hosts: webservers vars: http_port: 80 # inventory file host1 http_port=80 [webservers:vars] http_port=80 # facts : "ansible_distribution": "Ubuntu", "ansible_distribution_release": "precise", "ansible_distribution_version": “12.04", : # in playbook template: src=foo.cfg.j2 dest={{ remote_install_path }}/foo.cfg # in template files server { listen 80; root /var/www/my_site; index index.html index.htm; server_name {{ ansible_default_ipv4.address }}; }
  • 23. Conditions • Use Variables & Facts • Conditional Tasks • Conditional Includes • Conditional Roles - name: Install Apache (Ubuntu) apt: name=apache state=latest when: ansible_os_family == ‘Debian’ - name: Install Apache (CentOS) yum: name= httpd state=latest when: ansible_os_family == ‘RedHat’ - include: tasks/sometasks.yml when: "'reticulating splines' in output" - hosts: webservers roles: - { role: debian_stock_config, when: ansible_os_family == 'Debian' }
  • 24. Loops # With Loops - name: Install Packages apt: name={{item}} state=present with_items: - iptables-persistent - fail2ban - exim4-daemon-light - apticron - git - figlet - nginx # Without Loops - name: Install Packages apt: name= fail2ban state=present - name: Install Packages apt: name= apticron state=present - name: Install Packages apt: name= git state=present - name: Install Packages apt: name= figlet state=present - name: Install Packages apt: name= nginx state=present # Loop with Hash (Dictionary) - name: add several users user: name={{ item.name }} state=present groups={{ item.groups }} with_items: - { name: 'testuser1', groups: 'wheel' } - { name: 'testuser2', groups: 'root' } Other Loop Types Available
  • 25. Vault • Ansible + GIT • What about passwords? ansible-playbook site.yml —ask-vault-pass ansible-playbook site.yml --vault-password-file ~/.vault_pass.txt $ANSIBLE_VAULT;1.1;AES256 35373133613062323636623536666439396531656662313262326562353261376435343934346433 3563333532333362303430323666313931376138623437380a623461636265633561313064313564 37666561306661663237323466343166653738633765383666383066396234646539633565373636 3961643731363130340a336465666334633839333061356439316237323262633364613037623164 3965 ansible-vault create site.yml ansible-vault edit site.yml
  • 26. –Anonymous “A lazy sysadmin is the best admin”
  • 27. More • http://www.ansible.com/ • http://docs.ansible.com/ • https://galaxy.ansible.com/ • http://docs.ansible.com/list_of_all_modules.html