This document provides an overview of the IT automation tool Ansible. It discusses why Ansible is useful, including that it can configure systems, deploy software, and orchestrate tasks across multiple servers. The basics of Ansible like installation, inventory files, modules, playbooks and tasks are covered. More advanced topics like variables, conditionals, loops, roles and secrets are also summarized.

1. Getting Started with
Ansible
Andrew Hamilton

2. Who Am I?
Ops at Prevoty
Former SRE @Twitter and Sys Adm at
Eucalyptus

3. What We’ll Discuss
Why Ansible?
The basics of Ansible
Moving past the basics

4. Ansible is an IT automation tool. It can
configure systems, deploy software,
and orchestrate more advanced IT
tasks such as continuous deployments
or zero downtime rolling updates.
http://docs.ansible.com/

5. One Tool, Multiple Jobs

6. One Tool, Multiple Jobs
Ad-hoc commands
Configuration Management
Deployments

7. Agentless

8. Agentless
Cloud native
Great for ad-hoc commands
SSH based

9. Idempotent

10. Idempotent
Well mostly…
Allows you to run most
modules multiple times without
fear

11. Extensible

12. Extensible
Large community
Lots of prebuilt modules (100s)
Easy to build custom modules
Modules are “Polygot”

13. Simple

14. Simple
Syntax based on YAML
Quick and easy setup
Tasks are executed in the order written

15. It isn’t eventually
convergent

16. 1. Setup nginx repo
2. Install nginx
3. Configure vhost
4. Copy over the site files

17. 2. Install nginx
1. Setup nginx repo
4. Copy over the site files
3. Configure vhost

18. 2. Install nginx
1. Setup nginx repo
4. Copy over the site files
3. Configure nginx

19. 2. Install nginx
1. Setup nginx repo
4. Copy over the site files
3. Configure nginx

20. 2. Install nginx
1. Setup nginx repo
4. Copy over the site files
3. Configure nginx

21. Installation

22. Installation: Packages
$ pip install ansible
# yum install ansible
# aptitude install ansible
$ brew install ansible

23. Installation: Source
$ git clone
> https://github.com/ansible/ansible
$ source ansible/hacking/env-setup

24. Inventory

25. Inventory
A list of systems built into groups
Either static or dynamic

26. Inventory: Static
[my_hosts]
host1.example.com
host2.example.com
[webservers]
www1.example.com
www2.example.com
[dbs]
db1.example.com
db2.example.com

27. Inventory: Dynamic
Builds a JSON inventory of hosts
Provided: AWS, GCE, Azure,
OpenStack, VMWare, Rackspace,
Linode, Digital Ocean, Cobbler,
Vagrant, Fleet, Consul, ...

28. Run an ad-hoc task

29. Run an ad-hoc task
$ ansible -i <inventory>
> -m <module>
> -a <args>
> <hosts_identifier>

30. Run an ad-hoc task
$ ansible -i my_inventory
> -m ping
> all

31. But what if I want to run
a command often or
multiple commands?

32. Playbooks

33. ---
- hosts: tag_service_web_server
vars:
- local_dir: “/myapp”
- dest_dir: “/var/www”
tasks:
- name: Install nginx
yum: name=nginx.x86_64 state=present
- name: Start nginx
service: name=nginx state=started
- name: Copy over the app
copy: src={{ local_dir }} dest={{ dest_dir }}
recursive=yes owner=nginx mode=0644
directory_mode=yes

34. ansible-playbook -i <inventory>
<playbook>

35. Hosts

36. ---
- hosts: tag_service_web_server
vars:
- local_dir: “/myapp”
- dest_dir: “/var/www”
tasks:
- name: Install nginx
yum: name=nginx.x86_64 state=present
- name: Start nginx
service: name=nginx state=started
- name: Copy over the app
copy: src={{ local_dir }} dest={{ dest_dir }}
recursive=yes owner=nginx mode=0644
directory_mode=yes

37. Hosts
Allows you to specify groups of hosts
Uses the provided inventory

38. Vars

39. ---
- hosts: tag_service_web_server
vars:
- local_dir: “/myapp”
- dest_dir: “/var/www”
tasks:
- name: Install nginx
yum: name=nginx.x86_64 state=present
- name: Start nginx
service: name=nginx state=started
- name: Copy over the app
copy: src={{ local_dir }} dest={{ dest_dir }}
recursive=yes owner=nginx mode=0644
directory_mode=yes

40. Vars
Allows you to dynamically change values
Can be used in playbooks and templates
Different types of variables for different
workloads

41. Vars: Runtime
You can add variables from the CLI at runtime
Runtime variables take precedence
$ ansible-playbook -i <inventory>
> -e key1=value1 playbook.yml

42. 3 types of vars
Standard:
my_str: “my string”
my_num: 1
my_float: 1.234923409
my_bool: false*
* booleans also allow “yes” and “no”

43. 3 types of vars
Lists:
a_list: [‘one’, ‘two’, ‘three’]
another: [1, 2, 3]

44. 3 types of vars
Hashes (Dictionaries):
a_hash: { “key”: “value”, }
hashing_it_up: { “such”: “wow”,
“chosen”: 1, }

45. 3 types of vars
Combining them together
my_var: “Here”
complex: [
{ “key”: “value”, },
{ “key”: “blah”, },
{ “key”: my_var },
]

46. Jinja templating for vars
Use “{{ <var> }}” to access variables
{{ my_var }}
{{ my_list[0] }}
{{ my_hash[“key”] }}

47. Tasks

48. ---
- hosts: tag_service_web_server
vars:
- local_dir: “/myapp”
- dest_dir: “/var/www”
tasks:
- name: Install nginx
yum: name=nginx.x86_64 state=present
- name: Start nginx
service: name=nginx state=started
- name: Copy over the app
copy: src={{ local_dir }} dest={{ dest_dir }}
recursive=yes owner=nginx mode=0644
directory_mode=yes

49. Tasks
Uses modules to complete tasks
100s of prebuilt modules
Examples: template, copy, yum, apt, pip, ec2,
elb, docker
Can use custom modules in tasks too

50. Tasks
Required:
- <module_name>: <key1>=<value1>
<key2>=<value2> …

51. Tasks
Optional:
name, become, become_user,
connection, delegate_to, etc

52. Tasks
Example:
- name: Install nginx
become: yes
yum: name=nginx state=latest

53. Questions?
http://www.slideshare.net/ahamilton55

54. Loops

55. Loops
Allows for cycling through items in a
task
with_items, with_nested,
with_dict, etc

56. Loops
with_items:
- <item1>
- <item2>
- <item3>

57. Loops
- name: Install nginx
yum: name=nginx.x86_64 state=latest
- name: Install php5
yum: name=php5.x86_64 state=latest
- name: Install Laravel
yum: name=php5-laravel.x86_64 state=latest

58. Loops
- name: Install packages
yum: name={{ item }} state=latest
with_items:
- nginx.x86_64
- php5.x86_64
- php5-laravel.x86_64

59. Loops
- name: Install packages
yum: name={{ item.name }} state={{ item.ver }}
with_items:
- { “name”: ”nginx.x86_64”, “ver”: ”latest” }
- { “name”: ”php5.x86_64”, “ver”: ”5.4-1” }
- { “name”: ”php5-laravel.x86_64”, ver”: ”5.4-123-1” }

60. Conditionals

61. Conditionals
Allows you to run tasks only when
constraints are met
when

62. Conditionals
when: <some boolean logic>

63. Conditionals
- name: Install nginx
yum: name=nginx.x86_64 state=latest
But what if we want to also use a Deb
based distro?

64. Conditionals
- name: Install nginx (RH)
yum: name=nginx.x86_64 state=latest
when: ansible_os_family == “RedHat”
- name: Install nginx (Deb)
apt: name=nginx state=latest
when: ansible_os_family == “Debian”

65. Variables Files

66. Variables Files
Just files full of variables…
Makes using a large number of
variables easier
Cleans up your playbooks

67. Variables Files
Multiple level:
- Site
- Group
- Host

68. Variables Files
Site / Groups:
Best practice to place in a group_vars
dir
group_vars/all for site vars
group_vars/<group_name> for groups

69. Variables Files
Hosts:
Best practice to place in a host_vars
dir
host_vars/<hostname>

70. Variables Files: webserver
index_page: index.html
domains: [
‘example.com’,
‘www.example.com’
]
server_names: “{{ domains|join(‘ ‘) }}”
vhost_root_dir: “/usr/local/www/{{ domains[0] }}
/htdocs”

71. Variables Files
- hosts: webservers
vars_files:
- group_vars/all
- group_vars/webservers
tasks:
- name: Install nginx
yum: name=nginx state=latest

72. Roles

73. Roles
Used as a way to organize playbooks
Allows for portability and reuse

74. Roles
Download roles from the community at
https://galaxy.ansible.com/
Use ansible-galaxy CLI too

75. Roles
<role_name>/
files/
templates/
tasks/
handlers/
vars/
defaults/
meta/

76. Roles
Create this directory structure easily
$ ansible-galaxy init <role_name>

77. Roles
By default the main.yml file will be run
Can create multiple playbooks in a role

78. Roles: webserver.yml
hosts: webservers
vars_files:
- group_vars/all
- group_vars/webservers
roles:
- nginx

79. Roles
nginx/
templates/
nginx.conf
tasks/
main.yml
redhat.yml
debian.yml
handlers/
main.yml

80. Roles: templates/nginx.conf
http {
index {{ index_page }};
server {
server_name {{ server_names }};
access_log logs/{{ main_domain }}.access.log main;
root {{ vhost_root_dir }};
}
}

81. Roles: tasks/redhat.yml
---
- name: Install nginx
yum: name=nginx state=latest
notify:
- start nginx
- enable nginx

82. Roles: tasks/debian.yml
---
- name: Install nginx
apt: name=nginx state=latest
notify:
- start nginx
- enable nginx

83. Roles: tasks/main.yml
---
- include: redhat.yml
when: ansible_os_family == “RedHat”
- include: debian.yml
when: ansible_os_family == “Debian"
- name: Copy over the nginx.conf template
template: src=nginx.conf dest=/etc/nginx/nginx.conf
notify: restart nginx

84. Roles: handlers/main.yml
---
- include: redhat.yml
when: ansible_os_family == “RedHat”
- include: debian.yml
when: ansible_os_family == “Debian”
- name: start nginx
service: name=nginx state=started
- name: restart nginx
service: name=nginx state=restarted

85. Roles: handlers/redhat.yml
---
- name: enable nginx
service: name=nginx enabled=yes

86. Roles: handlers/debian.yml
---
- name: enable nginx
command: update-rc.d nginx enable

87. Secrets

88. Secrets
$ANSIBLE_VAULT;1.1;AES256
34383662653437316564366265636337386662663939653539306333633633316264383235346638
6631366536656336353137363462643435376164363339360a303264343761336135386564653138
39326461396165643066663938333965346530333061333336633036613138303335376164346362
3161373230353036640a643961306466646639386163303461353461396665393335383731653266
39646464353438373238656130613131373465353432396533343763643239323162383861613037
64343665346666333231333461636634353061313332613934313433343834366434623866636366
31393665646336383234313064313963653536343233386131343034303337656661376462316161
65653764663838333061643865326566623064373334643431393763626139336539646435363432
65623438346634616462313965643038366265646264636538636238306330306430343439633165
32333032353961616533303935626161333239333237663363643665663661363961343866333531
65326435363262646465366365366230613836616565346331306635343161626462366366313238
66336530393562636565636166646637616465313037396339633264643731366436623030326633
39393434643763666363656333383230316563363730306534373232353964383464306661373436
33666439336135333436313039306237656162383236333936383337336638356166373066356664
66636633323437343665646433383637623932316139363639323565663230656432363731623230

89. Secrets
Builtin support for using AES256
encrypted variables files
Files kept in group_vars files for easy
access
Pass in password at execution

90. Secrets
ansible-vault CLI tool
Easy to edit, view, encrypt, decrypt,
create and rekey files

91. Secrets
ansible-playbook --ask-vault-pass …
ansible-playbook --vault-password-file ...

92. Also, I’m hiring
andrew@prevoty.com