Ansible PythonGreg DeKoenigsberg

Director, Ansible Community, Red Hat@gregdek

Q+A

“Why are you starting with Q+A?”

What is Ansible, anyway?

“Isn’t it just distributed ssh?”

“Well, yes. Basically.”

“But it’s a lot more than that, too.”

Ansible is:

Distributed sshPlus a simple definition language

Plus hundreds of modules

Here’s a simple Ansible inventory.

mail.example.com

[webservers]foo.example.combar.example.comwww[01:50].example.com

[dbservers]db[a:f].example.com

[webservers:vars]proxy=proxy.example.com

Here are some simple Ansible commands.

$ ansible webservers -a "/sbin/reboot"

$ ansible webservers -m command -a "/sbin/reboot"

$ ansible webservers -m command -a "/sbin/reboot" -f 10

Here’s a simple Ansible playbook.

---- hosts: webservers remote_user: root

tasks: - name: ensure apache is at the latest version yum: name=httpd state=latest - name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf

- hosts: databases remote_user: root

tasks: - name: ensure postgresql is at the latest version yum: name=postgresql state=latest - name: ensure that postgresql is started service: name=postgresql state=started

So what is Ansible actually doing?● Connects to the target systems simultaneously

○ One ssh connection per host, up to fork limit

● Copies over Ansible and all necessary module code● Runs setup.py to assess the system state● Runs through each individual play

○ Plays invoke module code, which is (almost always) Python○ Runs in parallel by default, one play at a time over all systems

● Does things, or not● Gathers output and sends back over ssh● Removes itself when it’s finished!

○ (which is why we call Ansible “agentless”)

Oh btw, “state” is kind of a big deal in configuration management tools.

Old school sysadmin tool: bash

“Here’s a list of commands. Do exactly what I tell you to do.”

New school sysadmin tool: ansible

“Here’s a description of a desired system state. Do as little as possible to ensure that the system is in that state.”

(The cool kids call this “idempotence”, but no one seems to agree on how to pronounce that word.)

You can’t set a system to a desired state without knowing the system’s current state.

That’s why Ansible does “fact gathering” before every run,using the “setup” module.

Modules can look at facts, and they can also talk to the target host directly, to figure out state before taking action.

Here’s a simple Ansible module.

$ cat cloud/atomic/atomic_host.py

1 #!/usr/bin/python 2 # -*- coding: utf-8 -*- 3 4 # This file is part of Ansible 5 # 6 # Ansible is free software: you can redistribute it and/or modify 7 # it under the terms of the GNU General Public License as published by 8 # the Free Software Foundation, either version 3 of the License, or 9 # (at your option) any later version. 10 # 11 # Ansible is distributed in the hope that it will be useful, 12 # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 # GNU General Public License for more details. 15 # 16 # You should have received a copy of the GNU General Public licenses 17 # along with Ansible. If not, see <http://www.gnu.org/licenses/>. 18 19 ANSIBLE_METADATA = {'status': ['preview'], 20 'supported_by': 'community', 21 'version': '1.0'}

23 DOCUMENTATION=''' 24 --- 25 module: atomic_host 26 short_description: Manage the atomic host platform 27 description: 28 - Manage the atomic host platform 29 - Rebooting of Atomic host platform should be done outside this module 30 version_added: "2.2" 31 author: "Saravanan KR @krsacme" 32 notes: 33 - Host should be an atomic platform (verified by existence of '/run/ostree-booted' file) 34 requirements: 35 - atomic 36 - "python >= 2.6" 37 options: 38 revision: 39 description: 40 - The version number of the atomic host to be deployed. Providing C(latest) will upgrade to the latest available version. 41 required: false 42 default: latest 43 aliases: ["version"] 44 '''

46 EXAMPLES = ''' 47 48 # Upgrade the atomic host platform to the latest version (atomic host upgrade) 49 - atomic_host: 50 revision: latest 51 52 # Deploy a specific revision as the atomic host (atomic host deploy 23.130) 53 - atomic_host: 54 revision: 23.130 55 ''' 56 57 RETURN = ''' 58 msg: 59 description: The command standard output 60 returned: always 61 type: string 62 sample: 'Already on latest' 63 '''

65 def core(module): 66 revision = module.params['revision'] 67 args = [] 68 69 module.run_command_environ_update = dict(LANG='C', LC_ALL='C', LC_MESSA GES='C') 70 71 if revision == 'latest': 72 args = ['atomic', 'host', 'upgrade'] 73 else: 74 args = ['atomic', 'host', 'deploy', revision] 75 76 out = {} 77 err = {} 78 rc = 0 79 80 rc, out, err = module.run_command(args, check_rc=False) 81 82 if rc == 77 and revision == 'latest': 83 module.exit_json(msg="Already on latest", changed=False) 84 elif rc != 0: 85 module.fail_json(rc=rc, msg=err) 86 else: 87 module.exit_json(msg=out, changed=True)

90 def main(): 91 module = AnsibleModule( 92 argument_spec = dict( 93 revision = dict(default='latest', required=False, aliases=["version"]), 94 ), 95 ) 96 97 # Verify that the platform is atomic host 98 if not os.path.exists("/run/ostree-booted"): 99 module.fail_json(msg="Module atomic_host is applicable for Atomic Host Platforms only")100 101 try:102 core(module)103 except Exception as e:104 module.fail_json(msg=str(e))105 106 107 # import module snippets108 from ansible.module_utils.basic import *109 if __name__ == '__main__':110 main()

Ansible is “kind of a big deal” in Python-land

As in, it’s the largest project in contributors on GitHub.

By a lot.

As of 2/22/17, Ansible has 2,549 contributors.

Why does Ansible have so many contributors?

● Because the architecture is highly modular● Because there are lots of examples to cargo cult● Because the docs and guidelines are “good enough”● Because GitHub provides common participatory infrastructure● Because Python is an awesome language that’s easy to learn● Because our community matters to us

Join the Ansible Philadelphia meetup!

Kickoff meeting, Thursday March 23rd:https://www.meetup.com/Ansible-Philadelphia/

Thanks! / Q+A again / Story Time

@gregdekgreg@ansible.com