How Ansible Makes Automation Easy

@pas256 @Answers4AWS
How Ansible Makes
Automation Easy
Gluecon: May 2014
!
!
Peter Sankauskas
Founder, Answers for AWS

• Engineer
• Founder of Answers for AWS
• Wrote the EC2 inventory plugin for Ansible
• Run the Advanced AWS meetup in SF
• Won a NetflixOSS Cloud Prize for my Ansible
playbooks
About Me

!
!
Beautiful, flexible shell scripts
What is Ansible?

• Installation and configuration of services
• Code deployment
• Provisioning
• Image creation
What can you automate?

• Easy to read, write and share playbooks
• Thousands of modules *
• Great documentation
• Support
Why is it easy?
* 2015 projection

!
!
!
- name: Install Apache web server 
apt: pkg=apache2 state=latest 
What does this do?

!
!
!
- name: Install Apache web server 
apt: pkg=apache2 state=latest 
What does this do?
Documentation
Arguments
Module

- name: Install Apache web server with PHP 
apt: pkg={{ item }} state=latest 
with_items: 
- apache2 
- php5 
- libapache2-mod-php5 
- php-apc 
!

- name: Install Apache web server with PHP (apt version) 
apt: pkg={{ item }} state=latest 
with_items: 
- apache2 
- php5 
- libapache2-mod-php5 
- php-apc 
when: ansible_distribution == ‘Ubuntu'"
!
!
- name: Install Apache web server with PHP (yum version) 
yum: pkg={{ item }} state=latest 
with_items: 
- httpd24 
- php55 
- php55-pecl-apc 
when: ansible_distribution == 'Amazon'

- name: Copy website configuration 
copy: src=site.conf  
dest=/etc/apache2/sites-available/site.conf  
owner=root 
group=root 
mode=0755 
notify: restart apache 
tags: config
A little more complex

• Contains one or more “plays”
• Written in YAML
• Declare configuration
• YAML is not code
• Executed in the order it is
written
• No dependency graph
Playbooks

• apt/yum/pip
• Add/Remove packages
• command/shell
• Execute any shell command
(with or without environment)
• copy
• Copy a file from source to
destination on host 
 
• file
• Create directories, symlinks,
change permissions
• service
• Start/Stop/Enable services
• template
• Same as copy, but with
variable substitutions in file
Modules

accelerate
acl
add_host
airbrake_deployment
alternatives
apache2_module
apt
apt_key
apt_repository
apt_rpm
arista_interface
arista_l2interface
arista_lag
arista_vlan
assemble
assert
async_status
async_wrapper
at
authorized_key
bigip_facts
bigip_monitor_http
bigip_monitor_tcp
bigip_node
bigip_pool
bigip_pool_member
boundary_meter
bzr
campfire
capabilities
cloudformation
command
composer
copy
cpanm
cron
datadog_event
debconf
debug
digital_ocean
digital_ocean_domain
digital_ocean_sshkey
django_manage
dnsimple
dnsmadeeasy
docker
docker_image
easy_install
ec2
ec2_ami
ec2_ami_search
ec2_asg
ec2_eip
ec2_elb
ec2_elb_lb
ec2_facts
ec2_group
ec2_key
ec2_lc
ec2_metric_alarm
ec2_scaling_policy
ec2_snapshot
ec2_tag
ec2_vol
ec2_vpc
ejabberd_user
elasticache
facter
fail
fetch
file
filesystem
fireball
firewalld
flowdock
gc_storage
gce
gce_lb
gce_net
gce_pd
gem
get_url
git
github_hooks
glance_image
group
group_by
grove
hg
hipchat
homebrew
homebrew_cask
homebrew_tap
hostname
htpasswd
include_vars
ini_file
irc
jabber
jboss
jira
kernel_blacklist
keystone_user
layman
librato_annotation
lineinfile
linode
lldp
locale_gen
logentries
lvg
lvol
macports
mail
modprobe
mongodb_user
monit
mount
mqtt
mysql_db

mysql_replication
mysql_user
mysql_variables
nagios
netscaler
newrelic_deployment
nexmo
nova_compute
nova_keypair
npm
ohai
open_iscsi
openbsd_pkg
openvswitch_bridge
openvswitch_port
opkg
osx_say
ovirt
pacman
pagerduty
pause
ping
pingdom
pip
pkgin
pkgng
pkgutil
portage
portinstall
postgresql_db
postgresql_privs
postgresql_user
quantum_floating_ip
quantum_floating_ip_
associate
quantum_network
quantum_router
quantum_router_gate
way
quantum_router_inter
face
quantum_subnet
rabbitmq_parameter
rabbitmq_plugin
rabbitmq_policy
rabbitmq_user
rabbitmq_vhost
raw
rax
rax_cbs
rax_cbs_attachments
rax_clb
rax_clb_nodes
rax_dns
rax_dns_record
rax_facts
rax_files
rax_files_objects
rax_identity
rax_keypair
rax_network
rax_queue
rds
rds_param_group
rds_subnet_group
redhat_subscription
redis
replace
rhn_channel
rhn_register
riak
rollbar_deployment
route53
rpm_key
s3
script
seboolean
selinux
service
set_fact
setup
shell
slack
slurp
sns
stackdriver
stat
subversion
supervisorctl
svr4pkg
swdepot
synchronize
sysctl
template
twilio
typetalk
ufw
unarchive
uri
urpmi
user
virt
vsphere_guest
wait_for
xattr
yum
zfs
zypper
zypper_repository

• Reuse a set of tasks, files, variables and templates
• Ansible Galaxy for being social
• Web
• Database
• System
• more…
Roles

Documentation
http://docs.ansible.com/
Slides
http://www.slideshare.net/pas256/code-mash
Video
http://answersforaws.com/episodes/2-ansible-and-aws/
Introduction to Ansible

✓ Installation and configuration of services
• Code deployment
• Provisioning
• Image creation

- name: Get code from GitHub for branch {{ branch }} 
git: repo=git@github.com:company/website.git 
dest=/var/www/website 
version={{ branch }} 
accept_hostkey=yes"
"
- name: Copy database.yml from S3 to rails 
s3: bucket=company-devops object=database.yml  
dest=/var/www/website/config/database.yml mode=get"
!
- name: Bundle install 
shell: chdir=/var/www/website bundle install  
--without development test"
!
- name: Precompile assets with rake 
shell: chdir=/var/www/website RAILS_ENV={{ env }}  
bundle exec rake assets:precompile
Code deployment

• Create security group
• Launch instance
• Create load balancer
• Register instance with load balancer
Provisioning

Don’t do this

• Use CloudFormation
• Dependency management
• Delete for free
• Ultimate combination
• python + boto + troposphere
Don’t do this on AWS

- local_action: 
module: gce 
name: test-instance 
zone: us-central1-a 
machine_type: n1-standard-1 
image: debian-7
Provisioning on GCE is fine

✓ Installation and configuration of services
✓ Code deployment
✓ Provisioning
• Image creation

• Run in local mode
• Do not start services
• Use Ansible provisioner for
• aminator
• packer
• Use Bakery4AWS (apply for beta access)
Image creation

Flexible playbooks

Same playbook can:
• Run on a single instance
Flexible playbooks
Ansible
Playbook
Laptop

Same playbook can:
• Run on multiple instances
Flexible playbooks
Ansible
Playbook
Laptop

Same playbook can:
• Run against multiple OSes
Flexible playbooks
Ansible
Playbook
Laptop

Same playbook can:
• Run against multiple OSes
• Run in local mode to
create image
Flexible playbooks
Ansible
Playbook
Laptop
Packer/Aminator

Four things to consider to write highly flexible
playbooks
• Header
• Common variables
• Services
• Handlers
How?

--- 
- name: My Playbook 
hosts: all 
sudo: True 
roles: 
- role1 
- role2 
vars_files: 
- vars/common.yml 
- vars/{{ ansible_distribution }}.yml
Playbook header

--- 
ami_build: ami is defined and ami  
not_ami_build: ami is not defined or not ami
Common Variables File

- name: Enable Apache HTTP Web Server service 
service: name=httpd enabled=yes"
!
- name: Starting Apache HTTP Web Server service 
service: name=httpd state=started 
when: not_ami_build"
!
- name: Stopping Apache HTTP Web Server service 
service: name=httpd state=stopped 
when: ami_build
Services

--- 
- name: restart apache 
service: name=httpd state=restarted 
when: not_ami_build
Handlers

• Against Ubuntu web servers
ansible-playbook myplaybook.yml -u ubuntu  
-l web"
• Against Amazon Linux web servers
ansible-playbook myplaybook.yml -u ec2-user  
-l web"
• Build an AMI
ansible-playbook myplaybook.yml -u ubuntu  
-e “ami=True” -c local -i “127.0.0.1,”
Execution

!
Questions? 
Play Stump the Presenter
!
Slides available online:
• http://bit.ly/gluecon-ansible
Thank you

How Ansible Makes Automation Easy

More Related Content

What's hot

Viewers also liked

Similar to How Ansible Makes Automation Easy

Recently uploaded

How Ansible Makes Automation Easy