AnsibleConfiguration Management Made EasyFrom zero to running you 1st playbook before you go home this weekend!

Jonathan FrappierSenior Technical Consultant,

EMC Education

@jfrappier | @commitmas | @vbrownabag

/in/joanthanfrappier

github.com/jfrappiergithub.com/commitmas

virtxpert.comprofessionalvmware.com

Agenda

• What is Ansible?• Why Ansible• Who can use Ansible?• What can Ansible do for you?• Ansible Basics (e.g. run your 1st playbook

tomorrow)• Live Demo (ZOMG LIVE DEMO!)• Quick Start• Q&A

Disclaimer*

Always assume:

• When I say how awesome something is what I really mean “In most cases” that thing is awesome

• Here is one way you could do it, there are many others

• I can’t draw 7 red lines all perpendicular with red, green, or transparent ink

What is Ansible?

What is Ansible

“App deployment, configuration management and orchestration - all from one system.”

If I Ansible, do I DevOps?

Ansible != DevOps

“DevOps is a cultural and operational model that foster collaboration to

enable high performance IT to achieve business goals”

Brian Gracely, Wikibon

http://bit.ly/emc-ed-devops

Alternatives

Which one do I chose?

…It depends…

• What are you trying to do?

• What Operating Systems are you managing?

• What other systems do you work with?

• What languages is your team familiar with?

Nail…Meet Hammer

Why Ansible?

Hand crafted: great for beer, bad for IT

Easy

Easy to setup

Secure (and helps you be secure)

Easy to write, easy to read

Supported OS & Cloud Providers*

New focus on network devices

Who can use Ansible?

ZOMG Big DevOps

You can

What can Ansible do for you?

Example - What can Ansible do for you?Deploy VM’s:

e.g. vsphere_guest, ec2, azure, gce

Apply and enforce configurationse.g. yum, apt-get, postgresql_db,

win_iis_website

Backup files, databasese.g. copy, mysql_db state=dump

Deploy softwaree.g. git, subversion, hg

Got APIs?

uri (not University of Rhode Island)

# Create a JIRA issue - uri: url: https://your.jira.example.com/rest/api/2/issue/ method: POST user: your_username password: your_password body: "{{ lookup('file','issue.json') }}” force_basic_auth: yes status_code: 201 body_format: json

# Check that a page returns a status 200 and fail if the word AWESOME is not in the page contents.

- action: uri url=http://www.example.com return_content=yes register: webpage

- action: fail when: "'AWESOME' not in webpage.content"

Ansible Basics

Agentless

Ansible connects to hosts using SSH or WinRM

SSH Key – Key based authentication

Password – append --ask-pass and --ask-become-pass

Windows – PowerShell and WinRM

Modules

Core – Ansible supported

Extras – Community contributed

Files

Ansible can be useful using just two files (though you can do a lot more as well)

Inventory (hosts file) – List of all hosts for Ansible to manage

Playbook – List of commands processed in order (no guessing) for the specified hosts

Inventory

Located in /etc/ansible/hosts - can be as simple as you want/need it to be

Inventory

Awesome as you wanna be…

Tasks

Playbooks

Shell Module

• Don’t just convert existing bash scripts tothe shell module

• Use native modules whenever possible• There isn’t always a module, that’s when you

use shell

Facts

Information about remote systems gathered by Ansible

• OS, and hardware information

• Processor, network, and disk information

• Hostname, OS family, Python version, SELinux

• Refer to facts as {{ factname }}

• Gather facts anytime

Ansible hostname –m setup

Vault

Encrypt sensitive information that may need to be stored in playbooks, vars, hostsEncrypt playbookansible-vault encrypt playbook.yml

Run Ansible Playbookansible-playbook playbook.yml --ask-vault-pass

Handy command line options

--ask-pass – prompts for a password to connect to the specified host(s), used when not using SSH keys (requires additional sshpass package)

--ask-become-pass – Use when sudo is required to run the playbook/command

--check – Checks the playbook to see if it will work, but doesn’t execute on the remote host (or –C)

--module-name – specific the module you want to run for ad-hoc commands (or –m)

--module-path – path to the module if required (or –M)

--tree – path to log output (or –t)

--verbose – more output from the playbook run (or –v)

--limit – limit the playbook run to a specific host/group (or –l)

Availability

All you need is love… no wait wrong presentation

All you need is GitHub (or a backup of your playbooks and hosts file)

A few hosts pre-reqsLinux

Python – at least 2.5, no issue with modern distributions

SSH – SSH/Port 22 must be open from the control machine to the host (agentless and all)

SSH Keys – Ensure user account used by Ansible has SSH keys added from control-machine to all hosts

User account – Account used by Ansible has correct permissions on hosts (e.g. sudo for installs)

WindowsPowerShell – 3.0 or higher

WinRM – Enabled/Port 5986 must be open from the control machine to the host

User account – Account used by Ansible has correct permissions on hosts

Advanced Stuffs

Roles – Separates vars, files, handlers. Use ansible-galaxy command to create folder structure.Handlers – Allows you to do a thing, you can call that thing more than onceRegister – Allows you to capture results of a task for later useAnsible Galaxy – Repository of community contributed rolesAnsible Tower – Commercial version, free for up to 10 nodes

• Scheduling• RBAC

Demo Time!

Demo Time!

VMware Workstation NATAnsible Control

MachineVanilla Ubuntu 14.04

IP: 192.168.10.10User: ansible-root

IP: 192.168.10.11User: ansible-remote

Quick Start & Tips

Tips

• If its sink or swim..

• Don’t jump into the deep end

• Invest in good technique

• Use the buddy system

• It takes time to go bananas

• Practice, practice practice

TipsPlease, please, please, please don’t test in prod

http://www.independent.co.uk/life-style/gadgets-and-tech/news/man-accidentally-deletes-his-entire-company-with-one-line-of-bad-code-a6984256.html

TipsEven if it was a hoax …

 ¯\_(ツ )_/¯

Quick Start: Install

• From distribution repos

yum install ansible or apt-get install ansible (tends to be older versions)

• From alternate repos

apt-get install python-setuptools

easy install pip

pip install ansible

• From source (latest greatest…err buggiest?)

http://bit.ly/vtugansible

http://bit.ly/vtugansible2

• http://docs.ansible.com

Quick Start: Playbooks and RolesYou are not a beautiful and unique snowflake

http://www.meetup.com/Ansible-Boston/

https://galaxy.ansible.com/

You don’t have to go it alone, big communityYou don’t have to write everything from scratch

MOAR EXAMPLES

https://www.geekandi.com/2016/01/26/ansible-v2-0-vs-windows-update/

http://everythingshouldbevirtual.com/ansible-setting-up-an-ansible-control-machine-part-1

http://everythingshouldbevirtual.com/ansible-highly-available-elk-stack

http://docs.ansible.com/ansible/intro_windows.htmlPatch Windows

Deploy ELK

Deploy OpenStackhttps://github.com/openstack/openstack-ansible

http://bit.ly/ansibleosadMOAR

http://professionalvmware.com/?s=ansiblehttps://github.com/ansible/ansible-blog-examples/

https://blog.emccode.com/2016/02/09/automating-docker-swarm-and-rex-ray-installs-in-gce-with-ansible/

Q&A

Q: How do I do this crazy silly thing you likely do not know about?

A: https://docs.ansible.com

Q: What about this random version of linux that some guy wrote out of his basement?

A: https://docs.ansible.com

Q: Are the slides available?

A: http://bit.ly/vtug16jfrapp

Q: What is better, Star Wars or Star Strek

A:

Ansible

Don't think you can. Know you can!