Ansible

The configuration management tool for humans

Presentation by TheodorosPloumis / @theoploumis

Date 13 May 2015, Ansible Version 1.9.1

Source on GitHub

What is Configuration Management?

Configuration (eg servers)
App deployment
Continuous Deployment (eg tests)
Provisioning
Orchestration
Everything that can be automated...

A real life example

Image by devopsreactions

Why automation?

Tasks in code
Collaboration
Eliminate errors
Write once
Laziness
...

Why Ansible?

Open Source
Agentless!
Simple and human readable
Scaling up
Extensible (using any dynamic language!)
Tasks executed in order
Self documenting

Ansible needs

On Admin machine

One (non-Windows) machine
OpenSSH
YAML
Python (paramiko, PyYAML, Jinja2, httplib2)

Ansible needs

On Configured machine(s) (nodes)

Python
OpenSSH

Installation


  // Can also use apt, yum, brew, compile from source etc
  // We are installing version 1.9.1
  $sudo easy_install pip
  $sudo pip install ansible==1.9.1

How it Works

Image by sysadmincasts.com

Ansible concepts

Find more in the Ansible Docs.

Ad-hoc commands

Execute a quick command to a machine using /usr/bin/ansible.


$ansible localhost -m setup -i hosts
$ansible localhost -m service -a "name=apache2 state=started" -i hosts

Inventory

File (INI format) that describes Hosts and Groups


[webservers]
192.168.1.50
aserver.example.org
bserver.example.org

[dbservers]
localhost

Variables

Used with {{ variable }} replacement.


---
project_name: myproject
project_root: /var/projects/myproject
project_repo: git@bitbucket.org:myuser/myproject.git
system_packages:
  - build-essential
  - git
  - nginx
  - postgresql
  - redis-server
  - postfix

Modules

Accomplish dedicated Tasks (set values, use templates etc)

The "mini tools" of Ansible!

Playbook

YAML formatted files orchestrate steps sequentially

This is where you love Ansible!


---
- hosts: webservers
  sudo: yes

  tasks:

  - name: install nginx
    apt: name=nginx state=installed update_cache=yes

  - name: write our nginx.conf
    template: src=tpl/nginx.conf.j2 dest=/etc/nginx/nginx.conf
    notify: restart nginx

  - name: start nginx proccess
    service: name=nginx state=started

Tips

Look at the docs before anything else!

Avoid syntax mistakes with YAML


---
# Comments start with "#"
# All yaml files are jinja2 template
name: Example Developer
job: Developer
skill: Elite
employed: True
# Each list item starts with a "-"
foods:
    - Apple
    - Orange
    - Strawberry
# Spaces and tabs matter!
languages:
    ruby: Elite
    python: Elite
    dotnet: Lame

Linux man docs for core modules


$ansible-doc [options] [module...]

Encrypt with ansible-vault module


$ansible-vault encrypt foo.yml

Loops in Playbooks


- name: add several users
  user: name={{ item }} state=present groups=wheel
  with_items:
     - testuser1
     - testuser2

Debugging module


# Example that prints the loopback address and gateway for each host
- debug: msg="System {{ inventory_host }} has uuid {{ ansible_product_uuid }}"

- debug: msg="System {{ inventory_host }} has gateway {{ ansible_ipv4.gateway }}"
  when: ansible_ipv4.gateway is defined

- shell: /usr/bin/uptime
  register: result

- debug: var=result

- name: Display all variables/facts known for a host
  debug: var=hostvars[inventory_hostname]

Create Role structure automatically


$ansible-galaxy init roles/myrole

Conditional Statements


tasks:
  - name: "shutdown Debian flavored systems"
    command: /sbin/shutdown -t now
    when: ansible_os_family == "Debian"

Organize Playbooks with tags


tasks:
    - yum: name={{ item }} state=installed
      with_items:
         - httpd
         - memcached
      tags:
         - packages

    - template: src=templates/src.j2 dest=/etc/foo.conf
      tags:
         - configuration


$ansible-playbook example.yml --tags "configuration,packages"

Tasks with check mode (Dry Run)


$ansible-playbook foo.yml --check --diff

Share and download Ansible roles


$ansible-galaxy [command]

Set up a remote copy of ansible with ansible-pull

Pulls a specified git repo into a specified directory.
If the repository has changed, it runs a file called [hostname].yml or local.yml in the repo’s root directory.