Hands On Ansible


About Me

DevOps@RajeshKumar.XYZ

Hands-on Ansible


Introduction

What Is Ansible?


What Is Ansible?


  • Change Management
  • Provisioning
  • Automation
  • Orchestration

Change Management


Define a "System State"

  • Enforce the System State

System State

  • Apache Web Installed
  • Apache Web at version x.xx.x
  • Apache Web Started

CHANGE EVENT


Change Event
Change Event

A function is idempotent if repeated applications has the same affect as a single application

IDEMPOTENCE

Defining State

Don't pay attention to the 'HOW', just the 'WHAT'

Defining State

Provisioning


Prepare a system to make it ready

  • Transition from one state to a different state

Examples

  • Make an FTP Server
  • Make an Email Server
  • Make a DB Server
Basic OS Web server

Automation


Define tasks to be executed automatically

  • Ordered Tasks
  • Make decisions
  • Make decisions

Set it and Forget it

  • Run the task
  • Get a cup of coffee
  • Walk back to desk seeing tasks finished
  • Sip your coffee and feel productive

Orchestration


Coordinates automation BETWEEN systems

  • Task 1 - System 1
  • Task 2 - System 2
  • Task 3 - System 3
  • Task 4 - System 1
Ansible Control Server
Ansible Control Server

Why Ansible?


What makes it so different?

It's clean!


  • No agents
  • No database
  • No residual software
  • No complex upgrades

YAML


Ansible Execution

  • No programming required
  • NOT a markup language
  • Structured
  • Easy to read and write

SECURE


Built-in security

  • Uses SSH
  • Root / Sudo usage
  • Encrypted vault
  • No PKI needed

Easy to extend

  • URL / RESTful calls
  • Shell Commands
  • Scripts
  • Ansible-Galaxy

Ansible Introduction


Ansible IS:

  • Change Management
  • Easy to implement
  • Provisioning
  • Easy to program
  • Automation
  • Inherently Secure
  • Orchestration
  • Very extendable

Architecture and Process Flow


Architecture and Process Flow

Ansible Requirements


(Control Server)

Python 2.6+

Must be *NIX (Linux/Unix/Mac)

Windows not supported

Ansible Requirements


(Remote Server)

*NIX:
Python 2.4 (simplejson)
Python 2.5+
SSH

Windows:
Remote Powershell
Enabled

Python 3.x is not an upgrade to Python 2.x

Python 3.x is not supported

Python
Python
Python

Module


A programmed unit of work to be done.

Python
Python

Play


A single task from a module, executed on a host or set of hosts

Playbook


A set of plays built in specific order sequence to produce an expected outcome or outcomes.

Python
Python

Variables


Host Variables

  • Use variables defined in Inventory per host or group

Facts

  • Use data gathered from the remote managed host

Dynamic Variables

  • Use data gathered by tasks or created at runtime
Python Package
Ansible Control Server

Execution Types

Execution Types

Packaged Tasks Executed on Remote-End

Packaged Tasks Executed on Ansible Server
Mostly used for webservice/API calls

Ansible Architecture


  • Inventory maps hosts
  • Configuration sets Ansible parameters
  • Modules define actions
  • Playbooks to coordinate multiple tasks
  • Python to build the execution
  • SSH to deliver the tasks

Execution Types


Remote

  • Remote execution of plays

Local

  • When remote box is not executing plays

Creating Environment


Components

Components

Vagrant: Virtual Machine Controller


Define VM's to startup, and initial configs (ip, hostname, etc)

VirtualBox: Virtual Machine Provider


Environment to run virtual machines

Ansible: Automation / Provisioning


Application to push configuration and automation to remote systems.

Environment Review


  • Vagrant: Environment Controller
  • Virtual Box: Server Hypervisor
  • Ansible: Automation

Install Ansible (Debian)


$ sudo apt-get install ansible

Install Ansible (CentOS)


$ sudo yum install epel-release
$ sudo yum install ansible

PIP Install (All others)


Install Libraries (gcc, python-devel)

Install Python SetupTools

Install Ansible

Ansible Inventory and Configuration


Python

Inventory Features


  • Behavioral Parameters
  • Groups
  • Groups of Groups
  • Assign Variables
  • Scaling out using multiple files
  • Static/Dynamic

Inventory File


[db]
db1.company.com
db2.company.com

[db]
db1.company.comansible_ssh_user=aaron ansible_ssh_pass=123
db2.company.com

[db]
db1.company.comansible_ssh_user=aaron ansible_ssh_pass=123
db2.company.comansible_python_interpreter=/usr/bin/python

[db]
db1.company.comansible_ssh_user=aaron ansible_ssh_pass=123
db2.company.comansible_python_interpreter=/usr/bin/python
[datacenter-west:children]
db

[db]
db1.company.comansible_ssh_user=aaron ansible_ssh_pass=123
db2.company.comansible_python_interpreter=/usr/bin/python
[datacenter-west]
db

[db]
db1.company.comansible_ssh_user=aaron ansible_ssh_pass=123
db2.company.comansible_python_interpreter=/usr/bin/python
[datacenter-west:children]
db

[db]
db1.company.comansible_ssh_user=aaron ansible_ssh_pass=123
db2.company.comansible_python_interpreter=/usr/bin/python
[datacenter-west:children]
db
[datacenter-west:vars]
ansible_ssh_user=ansible_user
ansible_ssh_pass=#45e!@Gh
ntp-server=5.6.7.8

Creating our Inventory File


  • Add Behavioral Parameters
  • Create host-based variables
  • Create a Group
  • Create group-based variables

Scaling-out Inventory Files


Using Directories

  • Can use to break-out long-running inventory files.
  • Very useful when dealing with large environments.
Basic Directory Structure
Multi-Environment Directory Structure

Order-of-Operations (Precedence)


  • (Group_Vars) All
  • (Group_Vars) GroupName
  • (Host_Vars) HostName

Variable File Example

Variable File Example

Scaling Variable Files


  • Create Group Variables in separate file
  • Show Order-of-Precedence
Python

Configuration Settings Order-of-Operations

Configuration Settings Order-of-Operations

Configuration files are not merged.
First one wins!

Environment Variable Overrides

Environment Variable Overrides

[defaults] forks


Default set to 5

  • Total number of parallel operations Ansible executes

Production Recommendation: 20

  • Start at 20, and go up or down depending on performance

[defaults] host_key_checking


Default set to True

  • For Production environments, do not change

Development Environment: set to False

  • Due to the dynamic environment of Dev, keeps it easy

[defaults] log_path


Default set to Null

  • Write information on Ansible executions

Set path to log file

  • Make sure all users of Ansible has permissions to write

Editing Configuration


  • Define settings in configuration file
  • Override setting in environment variable

Ansible Modules


Python

3 Types of Modules

Modules

Module Docs



	$ ansible-doc -l | $ ansible-doc -s  |  $ ansible-doc
					

Module Categories


  • Manage Servers
  • Deploy Configurations
  • Configure network equipment
  • Maintain virtual servers
  • Manage databases and tables
  • Deploy load-balancer configurations

Copy Module


  • Copies a file from local box to remote system
  • Has "backup" capability
  • Can do validation remotely

Fetch Module


  • Pulls a file from remote host to local system
  • Can use md5 checksums to validate

Apt Module


  • Manages installed applications on Debianbased systems
  • Can install, update, or delete packages
  • Can update entire system

Yum Module


  • Manages installed applications on Redhatbased systems
  • Can install, update, or delete packages
  • Can update entire system

Service Module


  • Can stop, start, or restart services
  • Can enable services to start on boot

Demo: Using Modules to Install/Start


  • Browse module documentation
  • Install Web Server (Yum module)
  • Start Web Server (Service module)
  • Install DB Server (Yum module)
  • Start DB Server (Service module)
  • Stop Firewalls (Service module)

Host/Group Target Patterns


  • OR (group1:group2)
  • NOT (!group2)
  • Wildcard (web*.ex.com)
  • Regex (~web[0-9]+)

Complex Patterns

AND (group1:& group2) Complex Patterns
AND(Webservers:& Production) Complex Patterns

webservers:& prod:!python3

Hosts defined in Webservers AND Prod but NOT in Python3

Demo: Using Setup Module


  • Gather facts on remote systems
  • Used in Playbooks

Plays and Playbooks


Python
Python

Plays map hosts to tasks

A play can have multiple tasks

A playbook can have multiple plays

Playbook Breakdown

Playbook Breakdown

YAML Whitespace

YAML Whitespace

Whitespace is crucial!

Play Breakdown

Play Breakdown
Play Breakdown

Play Declarations

Play Declarations
Play Declarations
Play Declarations
Play Declarations

Tasks are executed in order - top down

Tasks use modules

Tasks

Tasks

Execution of playbooks:

$ ansible-playbook playbook.yml

If a host fails a task, that host is removed from the rest of the playbook execution

Retrying Failed Host Executions

Retrying Failed Host Executions

Demo: Our First Playbook


  • Write a playbook
  • Add play to install web server
  • Add play to install db server
  • Add play to start services
  • Fail a play
  • Retry a failed play

Including Files

Including Files

Register Task Output

Register Task Output

Debug Module

Debug Module

Prompting for Input

Prompting for Input

Prompting for Input


  • Tasks with asynchronous execution
  • Only runs tasks when notified
  • Tasks only notify when state=changed
  • Does not run until all playbook tasks have executed
  • Most common for restarting services to load changes (if changes are made)

Handlers

Handlers

Conditional Execution


Use the clause "when" to choose if task should run.

Conditional Clause

Conditional Clause

Conditional Clause Based on Output

Conditional Clause Based on Output

Templates


Uses Jinja2 Engine

  • Insert variables into static files

Creates and copies dynamic files

  • Deploy custom configurations

Template Module

Template Module

httpd.j2



			……
		
			
			ServerAdmin {{ server_admin }}
			DocumentRoot {{ site_root }}
			ServerName {{ inventory_hostname }}
					
			……
				

Demo: Playbook Controls


  • Add install decisions based on OS
  • Create template for Apache Config
  • Deploy configuration
  • Restart service if needed

Roles


Role Examples


  • Wordpress
  • MySQL
  • JBoss
  • Repository
  • Server-Common
  • Build

Current Playbook

Current Playbook

Efficient Role Design


BUILD: Compiler/Unit Test Role

  • Install GCC
  • Install JDK
  • Install Unit Testing

REPO: Code Repository Role

  • Install Git
  • Configure Git
  • Schedule hourly pulls

Directory Structure

Directory Structure
Directory Structure
Directory Structure
Directory Structure
Directory Structure
Directory Structure
Directory Structure
Directory Structure
Directory Structure

Tagging Tasks

Tagging Tasks

Adding Roles to Playbook



	---
		-hosts: code-dev
		gather_facts: no
		- server-common
		tasks:
		# Build your extra tasks here like
		# creating users, or deploying a specific config
				

Pre-tasks and Post-tasks


pre_tasks:

  • Executes plays BEFORE roles
  • Use-Cases
  • Setup of maintenance windows
  • Removing servers from Load-balancers
  • Silencing alarms

post_tasks:

  • Executes plays AFTER roles
  • Use-Cases
  • Clearing of maintenance windows
  • Adding servers to Load-balancers
  • Enabling Alarms

Adding Pre and Post Tasks



		---
			- hosts: webservers
			pre_tasks:
			- # Remove from load-balancer
			roles:
			- server-common
			- jboss
			post_tasks:
			- # Add to load-balancer
			gather_facts: no
				

Executing Roles - Basic


Basic execution of roles:

$ ansible-playbook site.yml

Executing Roles - Tags


Tagged execution of roles:

$ ansible-playbook site.yml
—tags "web"

Executing Roles - Tags with Limits


Limited tagged execution of roles:

$ ansible-playbook site.yml
—tags "web"
—limit atlanta

Demo: Build Webserver Role


  • Define "webserver" role
  • Define "dbserver" role
  • Define "common-server" role
  • Apply roles

Getting Roles


Create your own roles

  • Perfect for proprietary applications or workflows

Find roles to download

  • Look for others that had the same requirement and shared their work

Ansible Galaxy

Ansible Galaxy

Installing Galaxy Roles


Use username.role

$ ansible-galaxy install username.role

Use username.role

$ ansible-galaxy install apaxson.ultimate

Demo: Ansible Galaxy


  • Browse/Search Ansible Galaxy
  • Find a Role and install

Questions

THANKS...!