Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

Ansible is the simplest way to automate. SymfonyCafe, 2015

A
Alex S

Ansible is a radically simple IT automation engine that is clear, fast, complete, efficient, and secure. It can be used for configuration management and infrastructure orchestration, deployments and builds, and provisioning for Vagrant. Ansible uses YAML files and templates to define automation tasks and plays. It provides advantages over shell scripts such as organization, reusability, and parallelization.

1 of 47
Download to read offline
Ansible is the simplest way to automate. Alexander Schedrov aka sanchiz Team Lead, FFW Symfony Cafe Kyiv, May 2015
Alexander Schedrov aka sanchiz Team Lead, FFW (ex ProPeople) I love Open Source I'm contributor to Open Source That’s why I’m here Ukraine, Kyiv
How it was earlier Developers wrote code SysAdmins deployed code and configure servers
until one day… DevOps and Ansible
What is Ansible Ansible is a radically simple IT automation engine.
Ansible • Clear - Ansible uses a simple syntax (YAML). • Fast - Fast to learn and fast to set up. • Complete - You have everything you need in one complete package. • Efficient - No extra software on your servers. Extensible with modules on any programming language. • Secure - Ansible uses SSH and requires no extra open ports or daemons
Where we use Ansible
1. Configuration management and infrastructure orchestration
Apahce, MySQL, PHP
Ansible is the simplest way to automate. SymfonyCafe, 2015
Dev Test ProdLocal developer's server
2. Deployments and builds
Our approach • Configuration management as part of project • Deployments and builds should be automated • We should test each feature before merging into master • Everything that may be automated - should be automated
Simple and efficient way ansible-playbook [filename]
How do we generate builds • GitHub Pull Requests to inject new features to master branch • Jenkins triggers ansible script within repo • Ansible playbook download database from production • Ansible playbook apply changes to database
3. Provisioner for Vagrant
PUPHPET One day our Vagrantbox is died
Vagrant + Ansible = ♥
Provisioning. Vagrant. Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| config.vm.box = "ubuntu/trusty64" config.vm.network :private_network, ip: "192.168.60.77" config.vm.network :forwarded_port, host: 4567, guest: 80 config.vm.provision "ansible" do |ansible| ansible.playbook = "playbook.yml" end end Vagrantfile:
Meet the CIBox https://github.com/propeoplemd/cibox Kudos to @podarok,@ygerasimov, @m1r1k and other contributors
CIBox uses Ansible for: • Provisioning in CI server (Jenkins) • Provisioning in Vagrantbox • GitHub Pull Request builder
Ansible vs Shell scripts
# Install the PGP key gpg --keyserver keyserver.ubuntu.com --recv-keys 561F9B9CAC40B2F7 gpg --armor --export 561F9B9CAC40B2F7 | apt-key add - # Install https support for apt apt-get install apt-transport-https -y # Add the passenger apt repository echo "deb https://oss-binaries.phusionpassenger.com/apt/passenger raring main" > /etc/apt/sources.list.d/passenger.list chown root: /etc/apt/sources.list.d/passenger.list chmod 600 /etc/apt/sources.list.d/passenger.list # Update the apt cache so we can use the new repo apt-get update # Install nginx apt-get install nginx-full passenger -y # Set up passenger in the nginx configuration sed -i "s/# passenger_root/passenger_root/" /etc/nginx/nginx.conf sed -i "s/# passenger_ruby/passenger_ruby/" /etc/nginx/nginx.conf # Start nginx service nginx restart Shell script
--- - hosts: all tasks: - name: Ensure the PGP key is installed apt_key: id=AC40B2F7 state=present url="http://keyserver.ubuntu.com/ pks/lookup?op=get&fingerprint=on&search=0x561F9B9CAC40B2F7" - name: Ensure https support for apt is installed apt: pkg=apt-transport-https state=present - name: Ensure the passenger apt repository is added apt_repository: state=present repo='deb https://oss- binaries.phusionpassenger.com/apt/passenger raring main' - name: Ensure nginx is installed apt: pkg=nginx-full state=present - name: Ensure passenger is installed apt: pkg=passenger state=present update_cache=yes - name: Ensure the nginx configuration file is set copy: src=/app/config/nginx.conf dest=/etc/nginx/nginx.conf - name: Ensure nginx is running service: name=nginx state=started Ansible script
Why do we love Ansible • It perfectly fit into our infrastructure • It has a lot of modules and roles • Can easily be executed on multiple servers • Popular system • It supports simple templates
Installation sudo pip install ansible *nix Packages: python-pip and python-devel Windows • Cywgin • PyYAML • Jinja2 • … https://servercheck.in/blog/running-ansible-within-windows
What next?
3 main shell commands • ansible-doc [options] [module...] • ansible-playbook playbook.yml [options] • ansible <host-pattern> <command> [options]
Additional commands • ansible-galaxy [init|info|install|list|remove] [--help] [options] • ansible-lint playbook.yml [options] • ansible-pull [options] [playbook.yml] • ansible-vault [create|decrypt|edit|encrypt|rekey] [--help] [options] file_name
Run playbook on remote machine Host Guest 192.168.1.1 192.168.1.2 Playbook on host 192.168.1.2
Run playbook on local machine Host 192.168.1.1 Playbook on host 192.168.1.1
Structure of the playbook
--- - hosts: all # Get facts about hosts(OS, user and so on) gather_facts: no remote_user: root vars_prompt: # Variables that need should be entered vars: # List of variables var_files: # List of files with variables roles: # List of roles that should be included pre_tasks: # List of pre-tasks tasks: # List of main tasks post_tasks: # List of post-tasks handlers: # List of handlers
Ansible task - name: Install libraries apt: pkg={{ item }} state=installed with_items: - git - apache2 - php5 - php5-mysql Comment/Documentation Module Item Iterate through array
Inventory # Group name [localhost] # Hosts in group 127.0.0.1 # Group name [mysql_group] # Hosts in group mysqlserver.com 192.168.1.1 # Group vars [mysql_group:vars] ansible_ssh_user=root ansible_ssh_port=2222 /etc/ansible/hosts or ./hosts Requirements: connection by ssh without password.
“ansible” command. Ad-hoc. ansible mysql_group -a "free -m" ansible mysql_group -s -m apt -a "pkg=ntp state=installed" Command Group name Arguments ModuleSudo
Move your code to templates Jinja2.
--- - host: lamp_local vars: vhost_core_path: “/var/www/site.dev" domain: "site" tasks: - name: Add Apache virtualhost for development. template: src: "templates/vhost.dev.conf.j2" dest: "/etc/apache2/sites-available/{{ domain }}.dev.conf" owner: root group: root mode: 0644 vhost.dev.conf.j2 <VirtualHost *:80> ServerAdmin webmaster@localhost ServerName {{ domain }}.192.168.60.25.xip.io ServerAlias www.{{ domain }}.192.168.60.25.xip.io DocumentRoot {{ vhost_core_path }} <Directory "{{ vhost_core_path }}"> Options FollowSymLinks Indexes AllowOverride All </Directory> </VirtualHost>
Keeps things organized
Roles --- - hosts: webservers roles: - jenkins - webservers roles/jenkins
Use includes --- - hosts: mysql_group sudo: yes vars_files: - solr_vars.yml pre_tasks: - include: pre_tasks.yml tasks: - { include: deploy.yml, user: admin, ssh_keys: [ 'keys/ one.txt', 'keys/two.txt' ] } handlers: - include: handlers/handlers.yml
Migrate to Ansible
Just run shell scripts through Ansible - name: Deploy system module sudo: yes shell: /usr/bin/deploy -t -v --tags=system Start from small changes
Let’s contribute to OpenSource https://galaxy.ansible.com/
# Install role systemwide ansible-galaxy install sanchiz.jenkins # List all availabel roles systemwide ansible-galaxy list # Remove role systemwide ansible-galaxy remove sanchiz.jenkins # Init new ansible role in current dir ansible-galaxy init
Demo
Thank you! GitHub: https://github.com/Sanchiz Blog: http://sanchiz.net Email: alexander.schedrov@gmail.com Twitter: @alexschedrov Drupal.org: https://www.drupal.org/u/sanchiz

More Related Content

Ansible is the simplest way to automate. SymfonyCafe, 2015

  • 1. Ansible is the simplest way to automate. Alexander Schedrov aka sanchiz Team Lead, FFW Symfony Cafe Kyiv, May 2015
  • 2. Alexander Schedrov aka sanchiz Team Lead, FFW (ex ProPeople) I love Open Source I'm contributor to Open Source That’s why I’m here Ukraine, Kyiv
  • 3. How it was earlier Developers wrote code SysAdmins deployed code and configure servers
  • 4. until one day… DevOps and Ansible
  • 5. What is Ansible Ansible is a radically simple IT automation engine.
  • 6. Ansible • Clear - Ansible uses a simple syntax (YAML). • Fast - Fast to learn and fast to set up. • Complete - You have everything you need in one complete package. • Efficient - No extra software on your servers. Extensible with modules on any programming language. • Secure - Ansible uses SSH and requires no extra open ports or daemons
  • 7. Where we use Ansible
  • 8. 1. Configuration management and infrastructure orchestration
  • 13. Our approach • Configuration management as part of project • Deployments and builds should be automated • We should test each feature before merging into master • Everything that may be automated - should be automated
  • 14. Simple and efficient way ansible-playbook [filename]
  • 15. How do we generate builds • GitHub Pull Requests to inject new features to master branch • Jenkins triggers ansible script within repo • Ansible playbook download database from production • Ansible playbook apply changes to database
  • 17. PUPHPET One day our Vagrantbox is died
  • 19. Provisioning. Vagrant. Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| config.vm.box = "ubuntu/trusty64" config.vm.network :private_network, ip: "192.168.60.77" config.vm.network :forwarded_port, host: 4567, guest: 80 config.vm.provision "ansible" do |ansible| ansible.playbook = "playbook.yml" end end Vagrantfile:
  • 20. Meet the CIBox https://github.com/propeoplemd/cibox Kudos to @podarok,@ygerasimov, @m1r1k and other contributors
  • 21. CIBox uses Ansible for: • Provisioning in CI server (Jenkins) • Provisioning in Vagrantbox • GitHub Pull Request builder
  • 22. Ansible vs Shell scripts
  • 23. # Install the PGP key gpg --keyserver keyserver.ubuntu.com --recv-keys 561F9B9CAC40B2F7 gpg --armor --export 561F9B9CAC40B2F7 | apt-key add - # Install https support for apt apt-get install apt-transport-https -y # Add the passenger apt repository echo "deb https://oss-binaries.phusionpassenger.com/apt/passenger raring main" > /etc/apt/sources.list.d/passenger.list chown root: /etc/apt/sources.list.d/passenger.list chmod 600 /etc/apt/sources.list.d/passenger.list # Update the apt cache so we can use the new repo apt-get update # Install nginx apt-get install nginx-full passenger -y # Set up passenger in the nginx configuration sed -i "s/# passenger_root/passenger_root/" /etc/nginx/nginx.conf sed -i "s/# passenger_ruby/passenger_ruby/" /etc/nginx/nginx.conf # Start nginx service nginx restart Shell script
  • 24. --- - hosts: all tasks: - name: Ensure the PGP key is installed apt_key: id=AC40B2F7 state=present url="http://keyserver.ubuntu.com/ pks/lookup?op=get&fingerprint=on&search=0x561F9B9CAC40B2F7" - name: Ensure https support for apt is installed apt: pkg=apt-transport-https state=present - name: Ensure the passenger apt repository is added apt_repository: state=present repo='deb https://oss- binaries.phusionpassenger.com/apt/passenger raring main' - name: Ensure nginx is installed apt: pkg=nginx-full state=present - name: Ensure passenger is installed apt: pkg=passenger state=present update_cache=yes - name: Ensure the nginx configuration file is set copy: src=/app/config/nginx.conf dest=/etc/nginx/nginx.conf - name: Ensure nginx is running service: name=nginx state=started Ansible script
  • 25. Why do we love Ansible • It perfectly fit into our infrastructure • It has a lot of modules and roles • Can easily be executed on multiple servers • Popular system • It supports simple templates
  • 26. Installation sudo pip install ansible *nix Packages: python-pip and python-devel Windows • Cywgin • PyYAML • Jinja2 • … https://servercheck.in/blog/running-ansible-within-windows
  • 28. 3 main shell commands • ansible-doc [options] [module...] • ansible-playbook playbook.yml [options] • ansible <host-pattern> <command> [options]
  • 29. Additional commands • ansible-galaxy [init|info|install|list|remove] [--help] [options] • ansible-lint playbook.yml [options] • ansible-pull [options] [playbook.yml] • ansible-vault [create|decrypt|edit|encrypt|rekey] [--help] [options] file_name
  • 30. Run playbook on remote machine Host Guest 192.168.1.1 192.168.1.2 Playbook on host 192.168.1.2
  • 31. Run playbook on local machine Host 192.168.1.1 Playbook on host 192.168.1.1
  • 32. Structure of the playbook
  • 33. --- - hosts: all # Get facts about hosts(OS, user and so on) gather_facts: no remote_user: root vars_prompt: # Variables that need should be entered vars: # List of variables var_files: # List of files with variables roles: # List of roles that should be included pre_tasks: # List of pre-tasks tasks: # List of main tasks post_tasks: # List of post-tasks handlers: # List of handlers
  • 34. Ansible task - name: Install libraries apt: pkg={{ item }} state=installed with_items: - git - apache2 - php5 - php5-mysql Comment/Documentation Module Item Iterate through array
  • 35. Inventory # Group name [localhost] # Hosts in group 127.0.0.1 # Group name [mysql_group] # Hosts in group mysqlserver.com 192.168.1.1 # Group vars [mysql_group:vars] ansible_ssh_user=root ansible_ssh_port=2222 /etc/ansible/hosts or ./hosts Requirements: connection by ssh without password.
  • 36. “ansible” command. Ad-hoc. ansible mysql_group -a "free -m" ansible mysql_group -s -m apt -a "pkg=ntp state=installed" Command Group name Arguments ModuleSudo
  • 37. Move your code to templates Jinja2.
  • 38. --- - host: lamp_local vars: vhost_core_path: “/var/www/site.dev" domain: "site" tasks: - name: Add Apache virtualhost for development. template: src: "templates/vhost.dev.conf.j2" dest: "/etc/apache2/sites-available/{{ domain }}.dev.conf" owner: root group: root mode: 0644 vhost.dev.conf.j2 <VirtualHost *:80> ServerAdmin webmaster@localhost ServerName {{ domain }}.192.168.60.25.xip.io ServerAlias www.{{ domain }}.192.168.60.25.xip.io DocumentRoot {{ vhost_core_path }} <Directory "{{ vhost_core_path }}"> Options FollowSymLinks Indexes AllowOverride All </Directory> </VirtualHost>
  • 40. Roles --- - hosts: webservers roles: - jenkins - webservers roles/jenkins
  • 41. Use includes --- - hosts: mysql_group sudo: yes vars_files: - solr_vars.yml pre_tasks: - include: pre_tasks.yml tasks: - { include: deploy.yml, user: admin, ssh_keys: [ 'keys/ one.txt', 'keys/two.txt' ] } handlers: - include: handlers/handlers.yml
  • 43. Just run shell scripts through Ansible - name: Deploy system module sudo: yes shell: /usr/bin/deploy -t -v --tags=system Start from small changes
  • 45. # Install role systemwide ansible-galaxy install sanchiz.jenkins # List all availabel roles systemwide ansible-galaxy list # Remove role systemwide ansible-galaxy remove sanchiz.jenkins # Init new ansible role in current dir ansible-galaxy init
  • 46. Demo
  • 47. Thank you! GitHub: https://github.com/Sanchiz Blog: http://sanchiz.net Email: alexander.schedrov@gmail.com Twitter: @alexschedrov Drupal.org: https://www.drupal.org/u/sanchiz