Ansible Berlin Meetup Intro talk by @danvaida
Transcript of Ansible Berlin Meetup Intro talk by @danvaida
Ansible Berlin Meetup, @danvaida
Welcome to Ansible Berlin Meetup
Kickoff Event 2015.02.11
Ansible Berlin Meetup, @danvaida
Where does the name ‘Ansible’ come from?
“The word ansible was coined by Ursula K. Le Guin in her 1966 novel Rocannon's World. Le Guin states that she derived the name from "answerable," as the device would allow its users to receive answers to their messages in a reasonable amount of time, even over interstellar distances.”
—Wikipedia
Ansible Berlin Meetup, @danvaida
still from “Ender’s Game” movie
Ansible Berlin Meetup, @danvaida
How can Ansible help?
It can:
• do configuration management
• deploy applications
• do continuous delivery and continuous integration
• be used for provisioning of cloud-based systems
Ansible Berlin Meetup, @danvaida
What I like about it• YAML - everyone can read YAML (mind that whitespace!)
• Jinja2 templates (blazing fast compilation to Python code, easy to debug, easy to use filter system)
• Ad-hoc, reusable one-liners
• Works over SSH (w/ sudo or root keys)
• Easy to install (homebrew/rpm/deb/pip/pkg) or simply checkout and fire away
• Idempotence (it gives the same result as if it were applied once; i.e., ƒ(ƒ(x)) ≡ ƒ(x))
Ansible Berlin Meetup, @danvaida
What I’m glad it doesn’t have
• DSLs (domain specific languages)
• Agents to configure, manage, scale
• worrying about time synchronization with the Master
• overhead by dealing with certificates between Master & Slaves
• ports to manage in the firewall
Ansible Berlin Meetup, @danvaida
Who uses Ansible?
Ansible Berlin Meetup, @danvaida
3 years old
current stable release: 1.8.2
dev release 1.9
v2 is also available (big refactoring, fully backwards compatible)
Ansible Berlin Meetup, @danvaida
Configuring Ansible• ANSIBLE_CONFIG (an environment variable)
• ./ansible.cfg (in the current directory)
• ~/.ansible.cfg (in the home directory)
• /etc/ansible/ansible.cfg
Ansible Berlin Meetup, @danvaida
General nomenclature• Task - calls a module with specific parameters
• Handler - a special type of task, normally triggered by a task
• Play - list of tasks applied to a list of hosts
• Playbook - collection of plays, executed sequentially
• Role - group related, set of tasks
• Module - actual code that makes Tasks happen
• Inventory - list of hosts, groups and variables
• Fact - information collected from targeted hosts
• Plugin - can be a callback, action or other hooks
Ansible Berlin Meetup, @danvaida
Inventory• Static - it’s a simple way to get things started and works great for
simple architectures
• Dynamic
• comes in handy for more complex architectures
• can write your own script in any language as long as it returns JSON
• recursively descends in all sub-folders and uses all contained files
• built-in scripts for AWS, DigitalOcean, GCE, Vagrant, Docker, SoftLayer, Spacewalk, Azure, etc.
• A combination of both
Ansible Berlin Meetup, @danvaida
Static Inventory
Ansible Berlin Meetup, @danvaida
Dynamic Inventory
Ansible Berlin Meetup, @danvaida
Folder Structure
Ansible Berlin Meetup, @danvaida
Playbook example: patching the ‘GHOST’ vulnerability
Ansible Berlin Meetup, @danvaida
Modules
Ansible Berlin Meetup, @danvaida
Roles
Ansible Berlin Meetup, @danvaida
Variables
Ansible Berlin Meetup, @danvaida
Sensitive Data, meet Ansible Vault
Ansible Berlin Meetup, @danvaida
Some exampleshttp://goo.gl/MlA7mE
Ansible Berlin Meetup, @danvaida
Facts• Grabs information from the hosts
• On by default
• Can use ohai (Chef) / facter (Puppet) or other custom facts modules (i.e. to gather information from network devices, etc.)
• Help write resources-specific templates (i.e. nginx worker_processes, elasticsearch ES_HEAP_SIZE)
Ansible Berlin Meetup, @danvaida
Hosts targeting
• You can apply AND, OR, NOT
• ansible -m ping webservers:databases
• ansible -m ping webservers:!databases
• ansible -m ping webservers:&databases
• ansible -m ping webservers:&databases:!loadbalancers
Ansible Berlin Meetup, @danvaida
Ansible Binaries• ansible-doc
• ansible-vault
• ansible-playbook
• ansible
• ansible-galaxy
• ansible-pull
Ansible Berlin Meetup, @danvaida
My pain with Ansible
• rds_param_group, elasticache, ec2_eip, etc.
• Can simply use Ansible as a wrapper around aws cli to use templates and create custom logic
Ansible Berlin Meetup, @danvaida
Tips/Gotchas• Don’t forget: every task creates a new SSH connection (new
ENV, etc.)
• Tag all the things
• Set a default for every variable
• Every task copies the script to execute on the destination machine. Removes it after the script runs (or times out). Fire and forget.
• Don’t always trust the output: it might not reflect the reality (real object), especially when dealing with the from_json filter. One fix is to use callbacks.
Ansible Berlin Meetup, @danvaida
Ansible Tower• The commercial product from Ansible Inc.
• Free Trial (30 days, up to 100 nodes)
• Free version supporting up to 10 hosts
• REST API (extremely useful for more complex setups like AWS CloudFormation)
• Integrates with LDAP
• Excellent for auditing
• Has a CLI
Ansible Berlin Meetup, @danvaida
Community & Resources• IRC (#ansible on Freenode)
• Mailing lists on Google Groups
• GitHub
• Ansible Galaxy (the best Ansible content, shared and re-used)
• Docs (nice examples of use cases)
• Books
• Free, live Webinars (everything from intro to complex scenarios)
Ansible Berlin Meetup, @danvaida
Ansible Book (work in progress)
http://www.ansible.com/ansible-book
Ansible Berlin Meetup, @danvaida
Ansible Berlin Meetup, @danvaida