Hands On Ansible

About Me

DevOps@RajeshKumar.XYZ

Hands-on Ansible

Introduction

What Is Ansible?

What Is Ansible?

• Change Management
• Provisioning
• Automation
• Orchestration

Change Management

Define a "System State"

• Enforce the System State

System State

• Apache Web Installed
• Apache Web at version x.xx.x
• Apache Web Started

CHANGE EVENT

A function is idempotent if repeated applications has the same affect as a single application

IDEMPOTENCE

Defining State

Don't pay attention to the 'HOW', just the 'WHAT'

Provisioning

Prepare a system to make it ready

• Transition from one state to a different state

Examples

• Make an FTP Server
• Make an Email Server
• Make a DB Server

Automation

Orchestration

Coordinates automation BETWEEN systems

• Task 1 - System 1
• Task 2 - System 2
• Task 3 - System 3
• Task 4 - System 1

Why Ansible?

What makes it so different?

It's clean!

• No agents
• No database
• No residual software
• No complex upgrades

YAML

Ansible Execution

• No programming required
• NOT a markup language
• Structured
• Easy to read and write

SECURE

Built-in security

• Uses SSH
• Root / Sudo usage
• Encrypted vault
• No PKI needed

Easy to extend

• URL / RESTful calls
• Shell Commands
• Scripts
• Ansible-Galaxy

Ansible Introduction

Ansible IS:

• Change Management
• Easy to implement
• Provisioning
• Easy to program
• Automation
• Inherently Secure
• Orchestration
• Very extendable

Architecture and Process Flow

Ansible Requirements

Python 2.6+

Must be *NIX (Linux/Unix/Mac)

Windows not supported

Ansible Requirements

*NIX:
Python 2.4 (simplejson)
Python 2.5+
SSH

Windows:
Remote Powershell
Enabled

Python 3.x is not an upgrade to Python 2.x

Python 3.x is not supported

Module

A programmed unit of work to be done.

Play

A single task from a module, executed on a host or set of hosts

Playbook

A set of plays built in specific order sequence to produce an expected outcome or outcomes.

Variables

Host Variables

• Use variables defined in Inventory per host or group

Facts

• Use data gathered from the remote managed host

Dynamic Variables

• Use data gathered by tasks or created at runtime

Execution Types

Packaged Tasks Executed on Remote-End

Packaged Tasks Executed on Ansible Server
Mostly used for webservice/API calls

Ansible Architecture

Execution Types

Remote

• Remote execution of plays

Local

• When remote box is not executing plays

Creating Environment

Components

Vagrant: Virtual Machine Controller

Define VM's to startup, and initial configs (ip, hostname, etc)

VirtualBox: Virtual Machine Provider

Environment to run virtual machines

Ansible: Automation / Provisioning

Application to push configuration and automation to remote systems.

Environment Review

• Vagrant: Environment Controller
• Virtual Box: Server Hypervisor
• Ansible: Automation

Install Ansible (Debian)

$ sudo apt-get install ansible

Install Ansible (CentOS)

$ sudo yum install epel-release
$ sudo yum install ansible

PIP Install (All others)

Install Libraries (gcc, python-devel)

Install Python SetupTools

Install Ansible

Ansible Inventory and Configuration

Inventory Features

• Behavioral Parameters
• Groups
• Groups of Groups
• Assign Variables
• Scaling out using multiple files
• Static/Dynamic

Inventory File

Creating our Inventory File

• Add Behavioral Parameters
• Create host-based variables
• Create a Group
• Create group-based variables

Scaling-out Inventory Files

Using Directories

• Can use to break-out long-running inventory files.
• Very useful when dealing with large environments.

Order-of-Operations (Precedence)

• (Group_Vars) All
• (Group_Vars) GroupName
• (Host_Vars) HostName

Variable File Example

Scaling Variable Files

• Create Group Variables in separate file
• Show Order-of-Precedence

Configuration Settings Order-of-Operations

Configuration files are not merged.
First one wins!

Environment Variable Overrides

[defaults] forks

Default set to 5

• Total number of parallel operations Ansible executes

Production Recommendation: 20

• Start at 20, and go up or down depending on performance

[defaults] host_key_checking

Default set to True

• For Production environments, do not change

Development Environment: set to False

• Due to the dynamic environment of Dev, keeps it easy

[defaults] log_path

Default set to Null

• Write information on Ansible executions

Set path to log file

• Make sure all users of Ansible has permissions to write

Editing Configuration

• Define settings in configuration file
• Override setting in environment variable

Ansible Modules

3 Types of Modules

Module Docs

	$ ansible-doc -l | $ ansible-doc -s  |  $ ansible-doc
					

Module Categories

Copy Module

• Copies a file from local box to remote system
• Has "backup" capability
• Can do validation remotely

Fetch Module

• Pulls a file from remote host to local system
• Can use md5 checksums to validate

Apt Module

• Manages installed applications on Debianbased systems
• Can install, update, or delete packages
• Can update entire system

Yum Module

• Manages installed applications on Redhatbased systems
• Can install, update, or delete packages
• Can update entire system

Service Module

• Can stop, start, or restart services
• Can enable services to start on boot

Demo: Using Modules to Install/Start

• Browse module documentation
• Install Web Server (Yum module)
• Start Web Server (Service module)
• Install DB Server (Yum module)
• Start DB Server (Service module)
• Stop Firewalls (Service module)

Host/Group Target Patterns

• OR (group1:group2)
• NOT (!group2)
• Wildcard (web*.ex.com)
• Regex (~web[0-9]+)

Complex Patterns

AND (group1:& group2)

AND(Webservers:& Production)

Demo: Using Setup Module

• Gather facts on remote systems
• Used in Playbooks

Plays and Playbooks

Plays map hosts to tasks

A play can have multiple tasks

A playbook can have multiple plays

Playbook Breakdown

YAML Whitespace

Whitespace is crucial!

Play Breakdown

Play Declarations

Tasks are executed in order - top down

Tasks use modules

Tasks

Execution of playbooks:

$ ansible-playbook playbook.yml

If a host fails a task, that host is removed from the rest of the playbook execution

Retrying Failed Host Executions

Demo: Our First Playbook

• Write a playbook
• Add play to install web server
• Add play to install db server
• Add play to start services
• Fail a play
• Retry a failed play

Including Files

Register Task Output

Debug Module

Prompting for Input

Prompting for Input

• Tasks with asynchronous execution
• Only runs tasks when notified
• Tasks only notify when state=changed
• Does not run until all playbook tasks have executed
• Most common for restarting services to load changes (if changes are made)

Handlers

Conditional Execution

Use the clause "when" to choose if task should run.

Conditional Clause

Conditional Clause Based on Output

Templates

Uses Jinja2 Engine

• Insert variables into static files

Creates and copies dynamic files

• Deploy custom configurations

Template Module

httpd.j2

			……
		
			
			ServerAdmin {{ server_admin }}
			DocumentRoot {{ site_root }}
			ServerName {{ inventory_hostname }}
					
			……
				

Demo: Playbook Controls

• Add install decisions based on OS
• Create template for Apache Config
• Deploy configuration
• Restart service if needed

Roles

Role Examples

• Wordpress
• MySQL
• JBoss
• Repository
• Server-Common
• Build

Current Playbook

Efficient Role Design

BUILD: Compiler/Unit Test Role

• Install GCC
• Install JDK
• Install Unit Testing

REPO: Code Repository Role

• Install Git
• Configure Git
• Schedule hourly pulls

Directory Structure

Tagging Tasks

Adding Roles to Playbook

	---
		-hosts: code-dev
		gather_facts: no
		- server-common
		tasks:
		# Build your extra tasks here like
		# creating users, or deploying a specific config
				

Pre-tasks and Post-tasks

Adding Pre and Post Tasks

		---
			- hosts: webservers
			pre_tasks:
			- # Remove from load-balancer
			roles:
			- server-common
			- jboss
			post_tasks:
			- # Add to load-balancer
			gather_facts: no
				

Demo: Build Webserver Role

• Define "webserver" role
• Define "dbserver" role
• Define "common-server" role
• Apply roles

Getting Roles

Create your own roles

• Perfect for proprietary applications or workflows

Find roles to download

• Look for others that had the same requirement and shared their work

Ansible Galaxy

Installing Galaxy Roles

Demo: Ansible Galaxy

• Browse/Search Ansible Galaxy
• Find a Role and install

Questions

THANKS...!