Ansible - Fiorano Modenese · Ansible Why should I use it? Ansibleasaprojectdislikescomplexity...
Transcript of Ansible - Fiorano Modenese · Ansible Why should I use it? Ansibleasaprojectdislikescomplexity...
Ansible
What is it?
Ansible is a radically simple IT automation platform that makes yourapplications and systems easier to deploy.
Avoid writing scripts or custom code to deploy and update yourapplicationsAutomate in a language that approaches plain English, using SSHNo agents to install on remote systems
2 / 47
Ansible
Why should I use it?
Ansible as a project dislikes complexitySimplicity is relevant to all sizes of environments and users of all typesIt’s not meant to be a tool you should have to obsess over, and itbelieves “perfect is the enemy of good” in many cases. Therefore thelearning curve is really fastNo coding, instructions are plain YAMLAnsible is appropriate for managing small setups as well as enterpriseenvironments with many thousands
3 / 47
Ansible
Work in a Vagrant boxYou can find a pre-configured Vagrant machine here: urlInstall vagrant
apt-get install virtualboxapt-get install vagrantvagrant init
Edit the VagrantFile to set the box name
config.vm.box = "jessie-biodec.box"
Run the commands
vagrant up
ssh-add.vagrant.d/boxes/jessie-biodec.box/0/virtualbox/vagrant_private_key
ssh root@localhost -p 2222
5 / 47
Ansible
Work in a Vagrant box
Perform all ansible actions from this Vagrant environmentIf you want to work with a different user, each Vagrant machine comeswith a “vagrant” user with sudo permissions
6 / 47
Ansible
Work in a Vagrant boxAnsible uses python2.7 and SSH to communicate with your remote systems
Have python2.7 installedUse SSH keys for your authentication:
eval `ssh-agent`ssh-keygenssh-add ~/.ssh/id_rsacat .ssh/id_rsa.pub >> .ssh/authorized_keys
Install required packages
apt-get updateapt-get install python-pip python-devapt-get install build-essential libssl-dev libffi-dev
8 / 47
Ansible
Work in a Vagrant box
Work in a virtualenv
pip install virtualenvvirtualenv myprojectcd myproject. bin/activatepip install ansible==2.1.0.0
9 / 47
Ansible
Your first command
Ansible requires an inventory file
echo "localhost" > ansible_hosts
Ping all hosts in your inventory file
ansible all -m ping -i ansible_hosts
Congratulations. You’ve just contacted your nodes with Ansible:
localhost | success >> {"changed": false,"ping": "pong"
}
11 / 47
Ansible
Examine the command line
ansible all -m ping -i ansible_hosts
all
Ansible works against multiple systems in your infrastructure at the sametime. It does this by selecting portions of systems listed in Ansible’sinventory file. “all” is a special word to work with all the hosts at the sametime.
12 / 47
Ansible
Examine the command line
-m
will accept a correct module name (e.g., “ping”). Ansible ships with amodule library but you can write your own module too. Modules areidempotent, meaning they will seek to avoid changes to the system unlessa change needs to be made. The (long) list of modules can be found here.
-i
The name of the inventory file.
13 / 47
Ansible
The inventory file
The format for ansible_hosts is an INI-like format and looks like this:[webservers]localhost
[dbservers]one.example.comtwo.example.comthree.example.com
The things in brackets are group names, which are used in classifyingsystems and deciding what systems you are controlling at what times andfor what purpose.It is ok to put systems in more than one group, for instance a server couldbe both a webserver and a dbserver.
15 / 47
Ansible
Modules
Ansible ships with a number of modules.Users can also write their own modules.Each module supports taking arguments. Nearly all modules takekey=value arguments, space delimited. Some modules take no arguments,and the command/shell modules simply take the string of the commandyou want to run.
17 / 47
Ansible
Modules
Most used modulesapt – Add/Remove packages fileshell – Execute any shell commandcommand – Execute programsservice – Start/Stop/Enable servicescopy – Copy a file from source to destination on hostfile – Create directories, symlinks, change permissionstemplate – Copy, but with variable substitution in file
18 / 47
Ansible
Modules
Example:
ansible all -m apt -i ansible_hosts -a "name=apache2 \state=present"ansible all -m service -i ansible_hosts -a "name=apache2 \state=started"
19 / 47
Ansible
Playbooks
Playbooks are Ansible’s configuration, deployment, and orchestrationlanguage. They can describe a set of connected actions in a generalIT process.If Ansible modules are the tools in your workshop, playbooks are yourdesign plans.Playbooks are expressed in YAML format (see YAML Syntax) andhave a minimum of syntax, which intentionally tries to not be aprogramming language or script, but rather a model of aconfiguration or a process.Each playbook is composed of one or more ‘plays’ in a list.While it is possible to write a playbook in one very large file,eventually you’ll want to reuse files and start to organize things.
21 / 47
Ansible
A playbook
Configure git:wget git-deploy-key -O ~/.ssh/git-deploy-key_rsa
chmod 600 ~/.ssh/git-deploy-key_rsassh-add ~/.ssh/git-deploy-key_rsa
Clone this repo:git clone [email protected]:corso-ansible/base.git
22 / 47
Ansible
A playbook
Open the file named playbook.yml
- hosts: allvars:
http_port: 80remote_user: roottasks:- name: ensure apache2 is installed
apt: name=apache2 state=present
23 / 47
Ansible
Test passed:PLAY [test]***************************************************************TASK: [ensure apache2 is installed]*******************************************ok: [localhost] => {"changed": false}PLAY RECAP***************************************************************localhost : ok=2 changed=0 unreachable=0
25 / 47
Ansible
Playbook Roles and Include Actions
A playbook that includes a role:
- hosts: webserversvars:
http_port: 80remote_user: rootroles:- webservers
Roles are ways of automatically loading certain variables, tasks, templates,handlers based on a known file structure. Grouping content by roles alsoallows easy sharing of roles with other users.
27 / 47
Ansible
Example role structure:
ansible_hostswebservers.ymlroles/
webservers/files/templates/tasks/handlers/vars/defaults/meta/
28 / 47
Ansible
Playbook Roles and Include Actions
Role hierarchy:If roles/x/tasks/main.yml exists, tasks listed therein will be added tothe playIf roles/x/handlers/main.yml exists, handlers listed therein will beadded to the playIf roles/x/vars/main.yml exists, variables listed therein will be addedto the playIf roles/x/meta/main.yml exists, any role dependencies listed thereinwill be added to the list of roles (1.3 and later)
29 / 47
Ansible
Any copy tasks can reference files in roles/x/files/ without having topath them relatively or absolutelyAny script tasks can reference scripts in roles/x/files/ without havingto path them relatively or absolutelyAny template tasks can reference files in roles/x/templates/ withouthaving to path them relatively or absolutelyAny include tasks can reference files in roles/x/tasks/ without havingto path them relatively or absolutely
30 / 47
Ansible
Variables
Variables should always start with a letter.“foo_port” is a great variable. “foo5” is fine too.“foo-port”, “foo port”, “foo.port” and “12” are not valid variable names.Variables can be defined in many places (pros & cons..)
in inventoryin a playbookincluded files
There are “facts”, a type of variable that are discovered, not set by theuser. Facts are returned by the module “setup”, for example: Thehostname as the system reports it is: {{ ansible_hostname }}
registered variables (a task output)command line (–extra-vars)
31 / 47
Ansible
Variables hierarchy
extra vars (-e in the command line) always winthen comes connection variables defined in inventory(ansible_ssh_user, etc)then comes “most everything else” (command line switches, vars inplay, included vars, role vars, etc)then comes the rest of the variables defined in inventorythen comes facts discovered about a systemthen “role defaults”, which are the most “defaulty” and lose inpriority to everything.
32 / 47
Ansible
Biodec setup role
Biodec-setup is a series of packages and configuations that we install onevery (Debian) host.
33 / 47
Ansible
Biodec setup role
edit the biodec-setup.ini file in order to have your set of hostsavailable and your email address properly configurededit the “hosts” line in biodec_setup.yml file to match your groupedit the “mail” line in biodec_setup.inirun the command:
ansible-playbook -i biodec-setup.ini biodec-setup.yml -vv
And wait for your hosts to be configured
34 / 47
Ansible
Some tools
ansible-galaxyIt is the Ansible’s official community hub for finding, downloading, rating,and sharing Ansible roles.ansible-galaxy install username.rolename
You can use ansible-galaxy to start a project of your ownansible-galaxy init --offline test-role
35 / 47
Ansible
|-- test-role| |-- defaults| | `-- main.yml| |-- files| |-- handlers| | `-- main.yml| |-- meta| | `-- main.yml| |-- README.md| |-- tasks| | `-- main.yml| |-- templates| `-- vars| `-- main.yml
36 / 47
Ansible
Some tools
debopsYour Debian-based data center in a box. It is a framework.It can be installed through ansible-galaxy. It is a collection of Ansibleplaybooks, scalable from one container to an entire data center.ansible-galaxy install debops.aptansible all -s -m apt -a 'update_cache=yes upgrade=yes'
37 / 47
Ansible
Some tools
epdbepdb or pdb? The reason to use “epdb” over “pdb” is epdb contains aremote debugging feature that can sometimes be useful for debuggingprocesses where you don’t have console access.In python module write:
import epdbepdb.serve()
Command line to execute module:
ansible --forks 1 -i ansible_hosts --module-path path-m module_name -a ''
38 / 47
Gitlab CI
Gitlab CI
This course covers the steps necessary to perform a Continuous Integration(CI) workflow using Gitlab. It assumes that:
you have Gitlab (version >= 8.0) installedyou are part of a group and have a project to work on
41 / 47
Gitlab CI
CI
Continuous Integration (CI) is a development practice that requiresdevelopers to integrate code into a shared repository as often as possible(at least daily) several times a day. Each check-in is then verified by anautomated build, allowing teams to detect problems early.
42 / 47
Gitlab CI
How to do CI
developers checkout code into private workspacewhen done (local test pass) commit to the repositorythe CI server checks out changesthe CI server builds the system and runs unit and integration testsif the build fails the CI server alerts the team
43 / 47
Gitlab CI
Configure Gitlab CI
If you add a .gitlab-ci.yml file to the root directory of your repository,and configure your GitLab project to use a Runner, then each mergerequest or push triggers your CI pipeline.Runners run your yaml. A runner is an isolated (virtual) machine thatpicks up builds through the coordinator API of GitLab CI.Runners allow to run jobs which can be run using different executors. Wewill use the Docker executor. See here for a more detailed explanation.
44 / 47
Gitlab CI
Configure Gitlab CI
Allow the Runner to run jobs for your project (Project>Settings>Runners)and write the build instructions into a .gitlab-ci.yml file. You can finda simple ci file in this repository.
45 / 47
Gitlab CI
The CI file
.gitlab-ci.yml is the YAML file that contains the instructions toperform CI workflow. See here a more detailed description. The minimalCI file requires 2 sections: * image: a docker image that simulates theproduction environment (e.g. a debian host or a python environment) *script: job instructionsAn example:
image: debian:jessiejob1:
script:- apt-get update- apt-get install apache2
46 / 47
Gitlab CI
Push .gitlab-ci.yml to GitLab
Once you’ve created .gitlab-ci.yml, you should add it to your git repositoryand push it to GitLab.
git add .gitlab-ci.ymlgit commit -m "Add .gitlab-ci.yml"git push origin master
You should see the status of your last commit change from pending toeither running, success or failed.
47 / 47