Devops with ansible
-
Upload
edwin-cruz -
Category
Technology
-
view
160 -
download
3
Transcript of Devops with ansible
Devops with AnsibleEdwin Cruz
Tuesday, March 10, 15
What is Ansible?
• Simple IT automation engine
• Automates
• Cloud provisioning
• Configuration Management
• Application Deployment
• Intra-Service Orchestration, etc
Tuesday, March 10, 15
Architecture
Ansible works by connecting to your nodes and pushing out small programs, called “Ansible Modules” to them. Ansible then executes these modules (over SSH by default), and removes them when finished.
Tuesday, March 10, 15
Components
• Inventory Files
• Roles
• Playbooks
Tuesday, March 10, 15
Inventory Files$ app.inv[webservers]www1.example.comwww2.example.com
[appservers]app1.example.comapp2.example.com
[memcached]memcached.example.com
[redis]redis.example.com
[dbservers]db0.example.com
Tuesday, March 10, 15
Roles
• This is where all the automation happens
• Components
• Tasks
• Templates
• Variables
Tuesday, March 10, 15
Rolesapp_config.yml- name: Install ruby_build dependencies sudo: true apt: pkg={{ item }} state=latest install_recommends=no with_items: - build-essential - git - libcurl4-openssl-dev - libpq-dev - libssl-dev - libxml2-dev - libxslt1-dev - zlib1g-dev- service: name=app_server state=running enabled=yes
- template: src=/opt/code/templates/foo.j2 dest=/etc/foo.conf notify: - restart app server
Tuesday, March 10, 15
Templates
$ application.yml.j2
AWS_S3_BUCKET_NAME: {{staging[0]['aws_s3_bucket_name']}}AWS_ACCESS_KEY_ID: {{staging[0]['aws_access_key_id']}}AWS_SECRET_ACCESS_KEY: {{staging[0]['aws_secret_access_key']}}
REDIS_HOST: {{hostvars[groups['redis'][0]]['private_ip_address']}}MEMCACHE_SERVERS: {% for host in groups['memcached'] %}{{hostvars[host]['private_ip_address']}}:11211,{% endfor %}
HONEYBADGER_ENV: {{ honeybadger_env }}
IMAGES_CDN: {{ images_cdn }}
Tuesday, March 10, 15
Templates
$ nginx/conf.d/default
upstream rails_app { {% for host in groups['appservers'] %} server {{ hostvars[host]['private_ip_address'] }}:8080; {% endfor %}}
server { root /home/{{ansible_env.USER}}/current/public;}
Tuesday, March 10, 15
Variables
staging.yml
site_url: https://staging.example.comhoneybadger_env: stagingpuma_workers: 8images_cdn: example-cdn%d.global.ssl.fastly.netrails_env: staging
Tuesday, March 10, 15
Playbooksbalancer.yml
- name: Load Balancers hosts: webserver gather_facts: true sudo: false user: deploy vars: rbenv_root: /home/{{ansible_env.USER}}/.rbenv version: 2.1.2
roles: - { role: common, deploy_user: deploy, deploy_group: deploy } - app - web
Tuesday, March 10, 15
Playbooksbalancer.yml
- name: Load Balancers hosts: webserver gather_facts: true sudo: false user: deploy vars: rbenv_root: /home/{{ansible_env.USER}}/.rbenv version: 2.1.2
roles: - { role: common, deploy_user: deploy, deploy_group: deploy } - app - web
Tuesday, March 10, 15
Now what?
brew install ansibleansible-playbook -i servers.inv balancer.ymlansible-playbook -i servers.inv appserver.ymlansible-playbook -i servers.inv fullstack.yml
Tuesday, March 10, 15
Sensitive Information?
• Ansible Vault
• ansible-vault edit hosts/production/db.yml
• ansible-playbook -i servers.inv app.yml --ask-vault-pass
Tuesday, March 10, 15
Thanks!
Tuesday, March 10, 15