A quick intro to Ansible
Transcript of A quick intro to Ansible
![Page 1: A quick intro to Ansible](https://reader033.fdocuments.net/reader033/viewer/2022052916/58adc4331a28ab56468b5af1/html5/thumbnails/1.jpg)
Ansible Berlin Meetup, @danvaida
Ansible Berlin meetup 01/17
![Page 2: A quick intro to Ansible](https://reader033.fdocuments.net/reader033/viewer/2022052916/58adc4331a28ab56468b5af1/html5/thumbnails/2.jpg)
Ansible Berlin Meetup, @danvaida
STOP!Highly opinionated
content ahead!
Press any key to continue…
![Page 3: A quick intro to Ansible](https://reader033.fdocuments.net/reader033/viewer/2022052916/58adc4331a28ab56468b5af1/html5/thumbnails/3.jpg)
Ansible Berlin Meetup, @danvaida
Some fresh GitHub stats
dated 28.01.17 @ 2PM
$ curl -s https://api.github.com/repos/ansible/ansible | grep created_at "created_at": “2012-03-06T14:58:02Z”, $ curl -s https://api.github.com/repos/saltstack/salt | grep created_at "created_at": "2011-02-20T20:16:56Z", $ curl -s https://api.github.com/repos/puppetlabs/puppet | grep created_at "created_at": “2010-09-14T19:26:44Z", $ curl -s https://api.github.com/repos/chef/chef | grep created_at "created_at": “2009-01-15T20:40:48Z",
![Page 4: A quick intro to Ansible](https://reader033.fdocuments.net/reader033/viewer/2022052916/58adc4331a28ab56468b5af1/html5/thumbnails/4.jpg)
Ansible Berlin Meetup, @danvaida
How can Ansible help?It can:
be used for provisioning almost any part of your IT infrastructure
do configuration management on just about anything
fit right into your CI workflows for continuous-everything
orchestrate complex application deployments (yes, even of s-e-r-v-e-r-l-e-s-s apps*)
etc.
* You can provision an AWS S3 bucket and upload a NodeJS app or a static website there.
![Page 5: A quick intro to Ansible](https://reader033.fdocuments.net/reader033/viewer/2022052916/58adc4331a28ab56468b5af1/html5/thumbnails/5.jpg)
Ansible Berlin Meetup, @danvaida
Taken from michaeldehaan.net/post/19090587784/ansible-architecture-diagram-as-posted4 years old!
![Page 6: A quick intro to Ansible](https://reader033.fdocuments.net/reader033/viewer/2022052916/58adc4331a28ab56468b5af1/html5/thumbnails/6.jpg)
Ansible Berlin Meetup, @danvaida
Thank you Ansible• For helping me to successfully & completely bridge the gap between Devs and
SysAdmins in 4 companies, over the course of almost 4 years
• For not using XML
• For powerful ad-hoc, reusable one-liners
• For not having a DSL
• For having such a gentle learning curve and fast getting-started process
• For not using agents/daemons with SSLTLS certificates on custom ports
• For offering idempotence (i.e. ƒ(ƒ(x)) ≡ ƒ(x)) and helpful dry-runs
• For continuously expanding & improving the support for cloud providers (esp. AWS)
![Page 7: A quick intro to Ansible](https://reader033.fdocuments.net/reader033/viewer/2022052916/58adc4331a28ab56468b5af1/html5/thumbnails/7.jpg)
Ansible Berlin Meetup, @danvaida
Tip: Configuration convergenceAlthough it can be configured, Ansible doesn’t work in pull mode by default. That means your hosts’ configuration might drift away sometimes (i.e. human intervention)
Fight for reaching 100% idempotence and dry-run support (i.e. changed_when, check_mode)
Annotate configuration files with {{ ansible_managed | comment }} to raise awareness
The days of servers having uptime measured in years or even months are long gone
Build your golden images with Ansible and decommission those VMs as often as you can (check out the Packer project by HashiCorp)
![Page 8: A quick intro to Ansible](https://reader033.fdocuments.net/reader033/viewer/2022052916/58adc4331a28ab56468b5af1/html5/thumbnails/8.jpg)
Ansible Berlin Meetup, @danvaida
For the most cases a stable version from some package should be fine (i.e. pip install ansible==2.2)
If you run Ansible out of checkout, you might wonder what to pick from git tag —-list or git branch -r:
in general, branches are more stable than tags, so checking out origin/stable-2.2 is fine
however, sometimes a tag is more stable than a branch. for example, I prefer checking out v2.2.1.0-1 for a fresh/stable balance
it’s fairly easy to understand the micro versions and RC tags, but check out the schedule for regular meetings on IRC: github.com/ansible/community/blob/master/MEETINGS.md
Tip: What version should you use?
This is based on what I’ve gathered from some Ansible core developers many months ago but it seems to still be their release flow. See releases announcements: groups.google.com/d/forum/ansible-announce
![Page 9: A quick intro to Ansible](https://reader033.fdocuments.net/reader033/viewer/2022052916/58adc4331a28ab56468b5af1/html5/thumbnails/9.jpg)
Ansible Berlin Meetup, @danvaida
Configuring AnsibleANSIBLE_CONFIG (env var)
./ansible.cfg
~/.ansible.cfg
/etc/ansible/ansible.cfg
See complete list here:https://raw.githubusercontent.com/ansible/ansible/devel/examples/ansible.cfghttps://raw.githubusercontent.com/ansible/ansible/devel/lib/ansible/constants.py
![Page 10: A quick intro to Ansible](https://reader033.fdocuments.net/reader033/viewer/2022052916/58adc4331a28ab56468b5af1/html5/thumbnails/10.jpg)
Ansible Berlin Meetup, @danvaida
General nomenclatureTask - calls a module or action plugin with specific parameters
Handler - a special type of task, normally triggered by a task
Block - logical grouping of tasks (very useful for treating task failures)
Play - list of tasks applied to a list of hosts
Playbook - collection of plays, executed sequentially
Role - group related, set of tasks
Module - actual code that makes Tasks happen
Inventory - list of hosts, groups and variables
Fact - information collected from targeted hosts
Plugin - can be a callback, action or other hooks
![Page 11: A quick intro to Ansible](https://reader033.fdocuments.net/reader033/viewer/2022052916/58adc4331a28ab56468b5af1/html5/thumbnails/11.jpg)
Ansible Berlin Meetup, @danvaida
InventoryStatic - it’s a simple way to get things started and works great for simple architectures
Dynamic
comes in handy for more complex architectures
can write your own script in any language as long as it returns JSON
recursively descends in all sub-folders and uses all contained files
built-in scripts for AWS, DigitalOcean, GCE, Vagrant, Docker, SoftLayer, Spacewalk, Azure, Rackspace, OpenStack, etc.
A combination of both (i.e. static grouping of dynamic inventories)
See the add_host and group_by action plugins for creating an in-memory, ephemeral inventory
![Page 12: A quick intro to Ansible](https://reader033.fdocuments.net/reader033/viewer/2022052916/58adc4331a28ab56468b5af1/html5/thumbnails/12.jpg)
Ansible Berlin Meetup, @danvaida
Modules
90 AWS50 OpenStack26 Rackspace
26 VMware20 Azure13 GCE
5 Digital Ocean…}≈ 770*
*Includes deprecated modules, as reported by ansible-doc —-list
![Page 13: A quick intro to Ansible](https://reader033.fdocuments.net/reader033/viewer/2022052916/58adc4331a28ab56468b5af1/html5/thumbnails/13.jpg)
Ansible Berlin Meetup, @danvaida
since Ansible 2.1, “the copy module can now transparently use a vaulted file as source”. That’s great for things such as certificate keys.automation friendly: -—vault-password-file or ANSIBLE_VAULT_PASSWORD_FILE (env var)pip install cryptography for better performance
Sensitive data, meet Ansible Vault!
![Page 14: A quick intro to Ansible](https://reader033.fdocuments.net/reader033/viewer/2022052916/58adc4331a28ab56468b5af1/html5/thumbnails/14.jpg)
Ansible Berlin Meetup, @danvaida
FactsGrab information from the hosts
On by default
Can use ohai (Chef) / facter (Puppet) or other custom facts modules (i.e. to gather information from network devices, etc.)
Help write resources-specific templates (i.e. nginx worker_processes, elasticsearch ES_HEAP_SIZE)
Powerful complement to the inventory facts
![Page 15: A quick intro to Ansible](https://reader033.fdocuments.net/reader033/viewer/2022052916/58adc4331a28ab56468b5af1/html5/thumbnails/15.jpg)
Ansible Berlin Meetup, @danvaida
Hosts targetingYou can apply AND, OR, NOT on top of simple or complex inventory scripts:
ansible -m ping webservers:databases
ansible -m ping webservers:!databases
ansible -m ping webservers:&databases
ansible -m ping webservers:&databases:!loadbalancers
![Page 16: A quick intro to Ansible](https://reader033.fdocuments.net/reader033/viewer/2022052916/58adc4331a28ab56468b5af1/html5/thumbnails/16.jpg)
Ansible Berlin Meetup, @danvaida
Ansible Binariesansible-doc
ansible-vault
ansible-playbook
ansible
ansible-galaxy
ansible-pull
ansible-container (separate tool)
![Page 17: A quick intro to Ansible](https://reader033.fdocuments.net/reader033/viewer/2022052916/58adc4331a28ab56468b5af1/html5/thumbnails/17.jpg)
Ansible Berlin Meetup, @danvaida
Tips/GotchasDon’t forget: every task creates a new SSH connection (new ENV, etc.)
Tag all the things
Set a default for every variable
You’re not cool if you use ansible-pull, vars_prompt or the prompt parameter of the pause module
By default, every task copies the script to execute on the destination machine. Removes it after the script runs (or times out). Fire and forget. Can be changed with pipeliningIncrease the # of forks if you target >= 5 hosts
Use SSH multiplexing (ControlPersist) for improved performance
![Page 18: A quick intro to Ansible](https://reader033.fdocuments.net/reader033/viewer/2022052916/58adc4331a28ab56468b5af1/html5/thumbnails/18.jpg)
Ansible Berlin Meetup, @danvaida
Community & ResourcesIRC (#ansible on Freenode)
Mailing lists on Google Groups
GitHub
Ansible Galaxy (the best Ansible content, shared and re-used)
Docs (nice examples of use cases)
Books
Free, live Webinars (everything from intro to complex scenarios)
![Page 19: A quick intro to Ansible](https://reader033.fdocuments.net/reader033/viewer/2022052916/58adc4331a28ab56468b5af1/html5/thumbnails/19.jpg)
Ansible Berlin Meetup, @danvaida
Recommended reading material