What?

What is Ansible?

• Application Deployment
  • Fetch source from VCS
  • Install from package
  • Pull artifact from CI
• Simple IT Orchestration
  • Rolling changes
  • Ad-hoc commands
• Configuration Management
  • Version control of 'state'
  • Reproducable environments
  • Easily spin up test / development environments
  • No more wondering who made what change

What makes Ansible different?

• Written in Python
• YAML config
• Uses 'push' strategy
• Doesn't require a remote agent to be running
• Doesn't require a central server to 'pull' from
• Uses 'ssh' for a transport
• Idempotent

Getting Ansible

Linux

 |# CentOS/RPM based distro
 |yum install ansible
 |
 |# Ubuntu via PPA
 |apt-get install apt-add-repository
 |apt-add-repository ppa:rquillo/ansible
 |apt-get update
 |apt-get install ansible
 

Mac

 |# Homebrew
 |brew install ansible
 |# or via PIP (includes development deps)
 |pip install ansible
 

Windows

NOPE.JPG

Running of ad-hoc commands

 |# Internal PING (not actual ICMP)
 |ansible -m ping all
 |
 |# Uptime of all your inventory
 |ansible -m command -a "uptime"
 

Be aware...

• Good for evaluating the status of your inventory
• Anything more involved should be in a Playbook

Modules

What are modules?

• Small programs pushed to nodes for Ansible to execute
• Provide a structured interface for performing a specific management function
• Can be written in any language (normally Python)
• Cover an incredible range of operations
• Already 237 pre-written (as of July 2014)

Calling a Module

 |module_name: argument=value argument=value argument=value
 

Some common tasks with module examples...

Package Management

 |# Add the PPA
 |- apt_repository: repo="ppa:chris-lea/node.js"
 |
 |# Install the package
 |- apt: pkg=nodejs state=present
 |
 |# Pinned versions
 |- apt: pkg=php=5.6 state=present
 

Setup up authorized keys

 |- authorized_key: user=deployer key="{{item}}"
 | with_file:
 | - keys/adam.pub
 | - keys/otherUser.pub
 

Manage files/folders

 |- file: dest=/home/someUser/.ssh state=directory mode=0700 owner=someUser group=someGroup
 |
 |- copy: src="{{item}}" dest=/home/someUser/.ssh/ owner=someUser mode=0600
 | with_items:
 | - id_rsa
 | - id_rsa.pub
 

Manage crontab entries

 |# Ensure a job that runs at 2 and 5 exists.
 |# Creates an entry like "* 5,2 * * ls -alh> /dev/null"
 |- cron: name="check dirs" hour="5,2" job="ls -alh> /dev/null"
 |
 |# Ensure an old job is no longer present. Removes any job that is
 |# prefixed by "#Ansible: an old job" from the crontab
 |- cron: name="an old job" state=absent
 

Manage lines in files

 |# Search and replace
 |- replace:>
 | dest=/etc/php5/fpm/pool.d/www.conf
 | regexp='^listen = /var/run/php5-fpm.sock'
 | replace='listen = 127.0.0.1:9000'
 |
 |# Ensure line doesn't exist in file
 |- lineinfile: dest=/etc/sudoers state=absent regexp="^%wheel"
 

Manage mySQL resources

 |# Ensure the python dependency exists for Ansible to manage mySQL
 |- apt: pkg=python-mysqldb state=present
 |
 |# Create our deployer user
 |- mysql_user: name=deployer password=deployer state=present priv=*.*:ALL
 |
 |# Create our database
 |- mysql_db: name=some_db state=present
 

Manage files using Templates

Templates use the Jinga2 library, which is covered in the next section.

 |# Upload template somefile.j2 to /home/someUser/someFile
 |# Replacing variables/expressions
 |- template: src=somefile.j2 dest=/home/someUser/someFile
 

Manage Services

 |# Service must be running
 |- service: name=apache2 state=running
 |
 |# Restart service if running, start if not
 |- service: name=ntpd state=restarted
 |
 |# Stop service if running
 |- service: name=samba state=stopped
 

Playbooks

What are Playbooks

• Written in YAML
• Describe policy on how remote systems should be configured
• Human readable

If Ansible modules are the tools in your workshop, playbooks are your design plans.

YAML for configuration

 |---
 |# Start your YAML file with 3 dashes to signify start
 |
 |# Define a value
 |php_version: 5.6
 |
 |# Create an array
 |create_users:
 | - adam
 | - admin
 | - deployer
 |
 |# Multi-dimensional hash/dict/whatever name you are familiar with
 |virtual_hosts:
 | production:
 | - web1.somehost.com
 | - web2.somehost.com
 | staging:
 | - test.somehost.com
 

Not covering much YAML here - check the docs!

Variables

Some variables are provided by Ansible

 |ansible_distribution # Ubuntu
 |ansible_distribution_release # precise
 |ansible_distribution_version # 12.04
 

Can be defined by the user as well

Templates

• Parsed using the Python Jinga2 library
• Normal conventions use the *.j2 file extension
• Curly braces '{{ }}' to indicate variable interopolation
• Pipe to filters

 |<VirtualHost *:80>
 | # Expand docroot variable
 | DocumentRoot {{ docroot }}
 |
 | # Expand serveradmin variable with default filter
 | ServerAdmin {{ serveradmin | default("admin@admin.com") }}
 |</VirtualHost>
 

Roles

• Used to organize playbooks
• Grouping by roles allows easy sharing of playbooks
• When structured the Ansible way, facilitates automatic loading of certain vars, tasks, and handlers

Tasks

• Are executed in order, one at a time
• Should include a name (I've left the name off most examples thus far for brevity)
• Will accept variables for arguments

 |- name: Install Apache2
 | apt: pkg=apache2 state=present
 |
 |- name: Install php5 v{{ php5_version }}
 | apt: pkg=php5={{ php5_version }} state=present
 

Handlers

• Perform actions when something has "changed"
• Commonly used to restart services
• Run once at the end of the task list
• Use the same modules as tasks

 |# Task
 |- apt: pkg=php5 state=present
 | notify: restart Apache
 |
 |# Handler
 |- name: restart Apache
 | service: name=apache2 state=restarted
 

Demo

More Information

• Ansible
• Ansible Weekly
• YAML
• Ansible Tower
• Ansible Galaxy

Thank You

Github

github.com/adam12

Twitter

@adamrdaniels

Sourcecode

github.com/adam12/ansible-devtricks-2014