Ansible

Ansible

1 / 47

Ansible

What is it?

Ansible is a radically simple IT automation platform that makes yourapplications and systems easier to deploy.

Avoid writing scripts or custom code to deploy and update yourapplicationsAutomate in a language that approaches plain English, using SSHNo agents to install on remote systems

2 / 47

Ansible

Why should I use it?

Ansible as a project dislikes complexitySimplicity is relevant to all sizes of environments and users of all typesIt’s not meant to be a tool you should have to obsess over, and itbelieves “perfect is the enemy of good” in many cases. Therefore thelearning curve is really fastNo coding, instructions are plain YAMLAnsible is appropriate for managing small setups as well as enterpriseenvironments with many thousands

3 / 47

Ansible

Work in a Vagrant box

Download our Vagrant machine

4 / 47

Ansible

Work in a Vagrant boxYou can find a pre-configured Vagrant machine here: urlInstall vagrant

apt-get install virtualboxapt-get install vagrantvagrant init

Edit the VagrantFile to set the box name

config.vm.box = "jessie-biodec.box"

Run the commands

vagrant up

ssh-add.vagrant.d/boxes/jessie-biodec.box/0/virtualbox/vagrant_private_key

ssh root@localhost -p 2222

5 / 47

Ansible

Work in a Vagrant box

Perform all ansible actions from this Vagrant environmentIf you want to work with a different user, each Vagrant machine comeswith a “vagrant” user with sudo permissions

6 / 47

Ansible

Work in a Vagrant box

Provision the box

7 / 47

Ansible

Work in a Vagrant boxAnsible uses python2.7 and SSH to communicate with your remote systems

Have python2.7 installedUse SSH keys for your authentication:

eval `ssh-agent`ssh-keygenssh-add ~/.ssh/id_rsacat .ssh/id_rsa.pub >> .ssh/authorized_keys

Install required packages

apt-get updateapt-get install python-pip python-devapt-get install build-essential libssl-dev libffi-dev

8 / 47

Ansible

Work in a Vagrant box

Work in a virtualenv

pip install virtualenvvirtualenv myprojectcd myproject. bin/activatepip install ansible==2.1.0.0

9 / 47

Ansible

Your first command

Run your first ansible command line

10 / 47

Ansible

Your first command

Ansible requires an inventory file

echo "localhost" > ansible_hosts

Ping all hosts in your inventory file

ansible all -m ping -i ansible_hosts

Congratulations. You’ve just contacted your nodes with Ansible:

localhost | success >> {"changed": false,"ping": "pong"

}

11 / 47

Ansible

Examine the command line

ansible all -m ping -i ansible_hosts

all

Ansible works against multiple systems in your infrastructure at the sametime. It does this by selecting portions of systems listed in Ansible’sinventory file. “all” is a special word to work with all the hosts at the sametime.

12 / 47

Ansible

Examine the command line

-m

will accept a correct module name (e.g., “ping”). Ansible ships with amodule library but you can write your own module too. Modules areidempotent, meaning they will seek to avoid changes to the system unlessa change needs to be made. The (long) list of modules can be found here.

-i

The name of the inventory file.

13 / 47

Ansible

The inventory file

A core concept

14 / 47

Ansible

The inventory file

The format for ansible_hosts is an INI-like format and looks like this:[webservers]localhost

[dbservers]one.example.comtwo.example.comthree.example.com

The things in brackets are group names, which are used in classifyingsystems and deciding what systems you are controlling at what times andfor what purpose.It is ok to put systems in more than one group, for instance a server couldbe both a webserver and a dbserver.

15 / 47

Ansible

Modules

The ansible tools

16 / 47

Ansible

Modules

Ansible ships with a number of modules.Users can also write their own modules.Each module supports taking arguments. Nearly all modules takekey=value arguments, space delimited. Some modules take no arguments,and the command/shell modules simply take the string of the commandyou want to run.

17 / 47

Ansible

Modules

Most used modulesapt – Add/Remove packages fileshell – Execute any shell commandcommand – Execute programsservice – Start/Stop/Enable servicescopy – Copy a file from source to destination on hostfile – Create directories, symlinks, change permissionstemplate – Copy, but with variable substitution in file

18 / 47

Ansible

Modules

Example:

ansible all -m apt -i ansible_hosts -a "name=apache2 \state=present"ansible all -m service -i ansible_hosts -a "name=apache2 \state=started"

19 / 47

Ansible

Playbooks

Orchestrate modules using tasks

20 / 47

Ansible

Playbooks

Playbooks are Ansible’s configuration, deployment, and orchestrationlanguage. They can describe a set of connected actions in a generalIT process.If Ansible modules are the tools in your workshop, playbooks are yourdesign plans.Playbooks are expressed in YAML format (see YAML Syntax) andhave a minimum of syntax, which intentionally tries to not be aprogramming language or script, but rather a model of aconfiguration or a process.Each playbook is composed of one or more ‘plays’ in a list.While it is possible to write a playbook in one very large file,eventually you’ll want to reuse files and start to organize things.

21 / 47

Ansible

A playbook

Configure git:wget git-deploy-key -O ~/.ssh/git-deploy-key_rsa

chmod 600 ~/.ssh/git-deploy-key_rsassh-add ~/.ssh/git-deploy-key_rsa

Clone this repo:git clone git@git.biodec.com:corso-ansible/base.git

22 / 47

Ansible

A playbook

Open the file named playbook.yml

- hosts: allvars:

http_port: 80remote_user: roottasks:- name: ensure apache2 is installed

apt: name=apache2 state=present

23 / 47

Ansible

Run your playbook

ansible-playbook -i ansible_hosts playbook.yml

24 / 47

Ansible

Test passed:PLAY [test]***************************************************************TASK: [ensure apache2 is installed]*******************************************ok: [localhost] => {"changed": false}PLAY RECAP***************************************************************localhost : ok=2 changed=0 unreachable=0

25 / 47

Ansible

Playbook Roles and Include Actions

High-level orchestration

26 / 47

Ansible

Playbook Roles and Include Actions

A playbook that includes a role:

- hosts: webserversvars:

http_port: 80remote_user: rootroles:- webservers

Roles are ways of automatically loading certain variables, tasks, templates,handlers based on a known file structure. Grouping content by roles alsoallows easy sharing of roles with other users.

27 / 47

Ansible

Example role structure:

ansible_hostswebservers.ymlroles/

webservers/files/templates/tasks/handlers/vars/defaults/meta/

28 / 47

Ansible

Playbook Roles and Include Actions

Role hierarchy:If roles/x/tasks/main.yml exists, tasks listed therein will be added tothe playIf roles/x/handlers/main.yml exists, handlers listed therein will beadded to the playIf roles/x/vars/main.yml exists, variables listed therein will be addedto the playIf roles/x/meta/main.yml exists, any role dependencies listed thereinwill be added to the list of roles (1.3 and later)

29 / 47

Ansible

Any copy tasks can reference files in roles/x/files/ without having topath them relatively or absolutelyAny script tasks can reference scripts in roles/x/files/ without havingto path them relatively or absolutelyAny template tasks can reference files in roles/x/templates/ withouthaving to path them relatively or absolutelyAny include tasks can reference files in roles/x/tasks/ without havingto path them relatively or absolutely

30 / 47

Ansible

Variables

Variables should always start with a letter.“foo_port” is a great variable. “foo5” is fine too.“foo-port”, “foo port”, “foo.port” and “12” are not valid variable names.Variables can be defined in many places (pros & cons..)

in inventoryin a playbookincluded files

There are “facts”, a type of variable that are discovered, not set by theuser. Facts are returned by the module “setup”, for example: Thehostname as the system reports it is: {{ ansible_hostname }}

registered variables (a task output)command line (–extra-vars)

31 / 47

Ansible

Variables hierarchy

extra vars (-e in the command line) always winthen comes connection variables defined in inventory(ansible_ssh_user, etc)then comes “most everything else” (command line switches, vars inplay, included vars, role vars, etc)then comes the rest of the variables defined in inventorythen comes facts discovered about a systemthen “role defaults”, which are the most “defaulty” and lose inpriority to everything.

32 / 47

Ansible

Biodec setup role

Biodec-setup is a series of packages and configuations that we install onevery (Debian) host.

33 / 47

Ansible

Biodec setup role

edit the biodec-setup.ini file in order to have your set of hostsavailable and your email address properly configurededit the “hosts” line in biodec_setup.yml file to match your groupedit the “mail” line in biodec_setup.inirun the command:

ansible-playbook -i biodec-setup.ini biodec-setup.yml -vv

And wait for your hosts to be configured

34 / 47

Ansible

Some tools

ansible-galaxyIt is the Ansible’s official community hub for finding, downloading, rating,and sharing Ansible roles.ansible-galaxy install username.rolename

You can use ansible-galaxy to start a project of your ownansible-galaxy init --offline test-role

35 / 47

Ansible

|-- test-role| |-- defaults| | `-- main.yml| |-- files| |-- handlers| | `-- main.yml| |-- meta| | `-- main.yml| |-- README.md| |-- tasks| | `-- main.yml| |-- templates| `-- vars| `-- main.yml

36 / 47

Ansible

Some tools

debopsYour Debian-based data center in a box. It is a framework.It can be installed through ansible-galaxy. It is a collection of Ansibleplaybooks, scalable from one container to an entire data center.ansible-galaxy install debops.aptansible all -s -m apt -a 'update_cache=yes upgrade=yes'

37 / 47

Ansible

Some tools

epdbepdb or pdb? The reason to use “epdb” over “pdb” is epdb contains aremote debugging feature that can sometimes be useful for debuggingprocesses where you don’t have console access.In python module write:

import epdbepdb.serve()

Command line to execute module:

ansible --forks 1 -i ansible_hosts --module-path path-m module_name -a ''

38 / 47

Ansible

Command line to see breakpoint:

python -c "import epdb; epdb.connect()"

39 / 47

Gitlab CI

Gitlab CI

40 / 47

Gitlab CI

Gitlab CI

This course covers the steps necessary to perform a Continuous Integration(CI) workflow using Gitlab. It assumes that:

you have Gitlab (version >= 8.0) installedyou are part of a group and have a project to work on

41 / 47

Gitlab CI

CI

Continuous Integration (CI) is a development practice that requiresdevelopers to integrate code into a shared repository as often as possible(at least daily) several times a day. Each check-in is then verified by anautomated build, allowing teams to detect problems early.

42 / 47

Gitlab CI

How to do CI

developers checkout code into private workspacewhen done (local test pass) commit to the repositorythe CI server checks out changesthe CI server builds the system and runs unit and integration testsif the build fails the CI server alerts the team

43 / 47

Gitlab CI

Configure Gitlab CI

If you add a .gitlab-ci.yml file to the root directory of your repository,and configure your GitLab project to use a Runner, then each mergerequest or push triggers your CI pipeline.Runners run your yaml. A runner is an isolated (virtual) machine thatpicks up builds through the coordinator API of GitLab CI.Runners allow to run jobs which can be run using different executors. Wewill use the Docker executor. See here for a more detailed explanation.

44 / 47

Gitlab CI

Configure Gitlab CI

Allow the Runner to run jobs for your project (Project>Settings>Runners)and write the build instructions into a .gitlab-ci.yml file. You can finda simple ci file in this repository.

45 / 47

Gitlab CI

The CI file

.gitlab-ci.yml is the YAML file that contains the instructions toperform CI workflow. See here a more detailed description. The minimalCI file requires 2 sections: * image: a docker image that simulates theproduction environment (e.g. a debian host or a python environment) *script: job instructionsAn example:

image: debian:jessiejob1:

script:- apt-get update- apt-get install apache2

46 / 47

Gitlab CI

Push .gitlab-ci.yml to GitLab

Once you’ve created .gitlab-ci.yml, you should add it to your git repositoryand push it to GitLab.

git add .gitlab-ci.ymlgit commit -m "Add .gitlab-ci.yml"git push origin master

You should see the status of your last commit change from pending toeither running, success or failed.

47 / 47