How Ansible Makes Automation Easy

@pas256 @Answers4AWS
How Ansible Makes
Automation Easy
Gluecon: May 2014
!
!
Peter Sankauskas
Founder, Answers for AWS

• Engineer
• Founder of Answers for AWS
• Wrote the EC2 inventory plugin for Ansible
• Run the Advanced AWS meetup in SF
• Won a NetflixOSS Cloud Prize for my Ansible
playbooks
About Me

!
!
Beautiful, flexible shell scripts
What is Ansible?

• Installation and configuration of services
• Code deployment
• Provisioning
• Image creation
What can you automate?

• Easy to read, write and share playbooks
• Thousands of modules *
• Great documentation
• Support
Why is it easy?
* 2015 projection

!
!
!
- name: Install Apache web server 
apt: pkg=apache2 state=latest 
What does this do?

!
!
!
- name: Install Apache web server 
apt: pkg=apache2 state=latest 
What does this do?
Documentation
Arguments
Module

- name: Install Apache web server with PHP 
apt: pkg={{ item }} state=latest 
with_items: 
- apache2 
- php5 
- libapache2-mod-php5 
- php-apc 
!

- name: Install Apache web server with PHP (apt version) 
apt: pkg={{ item }} state=latest 
with_items: 
- apache2 
- php5 
- libapache2-mod-php5 
- php-apc 
when: ansible_distribution == ‘Ubuntu'"
!
!
- name: Install Apache web server with PHP (yum version) 
yum: pkg={{ item }} state=latest 
with_items: 
- httpd24 
- php55 
- php55-pecl-apc 
when: ansible_distribution == 'Amazon'

- name: Copy website configuration 
copy: src=site.conf  
dest=/etc/apache2/sites-available/site.conf  
owner=root 
group=root 
mode=0755 
notify: restart apache 
tags: config
A little more complex

• Contains one or more “plays”
• Written in YAML
• Declare configuration
• YAML is not code
• Executed in the order it is
written
• No dependency graph
Playbooks

• apt/yum/pip
• Add/Remove packages
• command/shell
• Execute any shell command
(with or without environment)
• copy
• Copy a file from source to
destination on host 
 
• file
• Create directories, symlinks,
change permissions
• service
• Start/Stop/Enable services
• template
• Same as copy, but with
variable substitutions in file
Modules

accelerate
acl
add_host
airbrake_deployment
alternatives
apache2_module
apt
apt_key
apt_repository
apt_rpm
arista_interface
arista_l2interface
arista_lag
arista_vlan
assemble
assert
async_status
async_wrapper
at
authorized_key
bigip_facts
bigip_monitor_http
bigip_monitor_tcp
bigip_node
bigip_pool
bigip_pool_member
boundary_meter
bzr
campfire
capabilities
cloudformation
command
composer
copy
cpanm
cron
datadog_event
debconf
debug
digital_ocean
digital_ocean_domain
digital_ocean_sshkey
django_manage
dnsimple
dnsmadeeasy
docker
docker_image
easy_install
ec2
ec2_ami
ec2_ami_search
ec2_asg
ec2_eip
ec2_elb
ec2_elb_lb
ec2_facts
ec2_group
ec2_key
ec2_lc
ec2_metric_alarm
ec2_scaling_policy
ec2_snapshot
ec2_tag
ec2_vol
ec2_vpc
ejabberd_user
elasticache
facter
fail
fetch
file
filesystem
fireball
firewalld
flowdock
gc_storage
gce
gce_lb
gce_net
gce_pd
gem
get_url
git
github_hooks
glance_image
group
group_by
grove
hg
hipchat
homebrew
homebrew_cask
homebrew_tap
hostname
htpasswd
include_vars
ini_file
irc
jabber
jboss
jira
kernel_blacklist
keystone_user
layman
librato_annotation
lineinfile
linode
lldp
locale_gen
logentries
lvg
lvol
macports
mail
modprobe
mongodb_user
monit
mount
mqtt
mysql_db

mysql_replication
mysql_user
mysql_variables
nagios
netscaler
newrelic_deployment
nexmo
nova_compute
nova_keypair
npm
ohai
open_iscsi
openbsd_pkg
openvswitch_bridge
openvswitch_port
opkg
osx_say
ovirt
pacman
pagerduty
pause
ping
pingdom
pip
pkgin
pkgng
pkgutil
portage
portinstall
postgresql_db
postgresql_privs
postgresql_user
quantum_floating_ip
quantum_floating_ip_
associate
quantum_network
quantum_router
quantum_router_gate
way
quantum_router_inter
face
quantum_subnet
rabbitmq_parameter
rabbitmq_plugin
rabbitmq_policy
rabbitmq_user
rabbitmq_vhost
raw
rax
rax_cbs
rax_cbs_attachments
rax_clb
rax_clb_nodes
rax_dns
rax_dns_record
rax_facts
rax_files
rax_files_objects
rax_identity
rax_keypair
rax_network
rax_queue
rds
rds_param_group
rds_subnet_group
redhat_subscription
redis
replace
rhn_channel
rhn_register
riak
rollbar_deployment
route53
rpm_key
s3
script
seboolean
selinux
service
set_fact
setup
shell
slack
slurp
sns
stackdriver
stat
subversion
supervisorctl
svr4pkg
swdepot
synchronize
sysctl
template
twilio
typetalk
ufw
unarchive
uri
urpmi
user
virt
vsphere_guest
wait_for
xattr
yum
zfs
zypper
zypper_repository

• Reuse a set of tasks, files, variables and templates
• Ansible Galaxy for being social
• Web
• Database
• System
• more…
Roles

Documentation
http://docs.ansible.com/
Slides
http://www.slideshare.net/pas256/code-mash
Video
http://answersforaws.com/episodes/2-ansible-and-aws/
Introduction to Ansible

✓ Installation and configuration of services
• Code deployment
• Provisioning
• Image creation

- name: Get code from GitHub for branch {{ branch }} 
git: repo=git@github.com:company/website.git 
dest=/var/www/website 
version={{ branch }} 
accept_hostkey=yes"
"
- name: Copy database.yml from S3 to rails 
s3: bucket=company-devops object=database.yml  
dest=/var/www/website/config/database.yml mode=get"
!
- name: Bundle install 
shell: chdir=/var/www/website bundle install  
--without development test"
!
- name: Precompile assets with rake 
shell: chdir=/var/www/website RAILS_ENV={{ env }}  
bundle exec rake assets:precompile
Code deployment

• Create security group
• Launch instance
• Create load balancer
• Register instance with load balancer
Provisioning

Don’t do this

• Use CloudFormation
• Dependency management
• Delete for free
• Ultimate combination
• python + boto + troposphere
Don’t do this on AWS

- local_action: 
module: gce 
name: test-instance 
zone: us-central1-a 
machine_type: n1-standard-1 
image: debian-7
Provisioning on GCE is fine

✓ Installation and configuration of services
✓ Code deployment
✓ Provisioning
• Image creation

• Run in local mode
• Do not start services
• Use Ansible provisioner for
• aminator
• packer
• Use Bakery4AWS (apply for beta access)
Image creation

Flexible playbooks

Same playbook can:
• Run on a single instance
Flexible playbooks
Ansible
Playbook
Laptop

Same playbook can:
• Run on multiple instances
Flexible playbooks
Ansible
Playbook
Laptop

Same playbook can:
• Run against multiple OSes
Flexible playbooks
Ansible
Playbook
Laptop

Same playbook can:
• Run against multiple OSes
• Run in local mode to
create image
Flexible playbooks
Ansible
Playbook
Laptop
Packer/Aminator

Four things to consider to write highly flexible
playbooks
• Header
• Common variables
• Services
• Handlers
How?

--- 
- name: My Playbook 
hosts: all 
sudo: True 
roles: 
- role1 
- role2 
vars_files: 
- vars/common.yml 
- vars/{{ ansible_distribution }}.yml
Playbook header

--- 
ami_build: ami is defined and ami  
not_ami_build: ami is not defined or not ami
Common Variables File

- name: Enable Apache HTTP Web Server service 
service: name=httpd enabled=yes"
!
- name: Starting Apache HTTP Web Server service 
service: name=httpd state=started 
when: not_ami_build"
!
- name: Stopping Apache HTTP Web Server service 
service: name=httpd state=stopped 
when: ami_build
Services

--- 
- name: restart apache 
service: name=httpd state=restarted 
when: not_ami_build
Handlers

• Against Ubuntu web servers
ansible-playbook myplaybook.yml -u ubuntu  
-l web"
• Against Amazon Linux web servers
ansible-playbook myplaybook.yml -u ec2-user  
-l web"
• Build an AMI
ansible-playbook myplaybook.yml -u ubuntu  
-e “ami=True” -c local -i “127.0.0.1,”
Execution

!
Questions? 
Play Stump the Presenter
!
Slides available online:
• http://bit.ly/gluecon-ansible
Thank you

How Ansible Makes Automation Easy

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to How Ansible Makes Automation Easy

Similar to How Ansible Makes Automation Easy (20)

Recently uploaded

Recently uploaded (20)

How Ansible Makes Automation Easy