Devops with AnsibleEdwin Cruz

Tuesday, March 10, 15

What is Ansible?

• Simple IT automation engine

• Automates

• Cloud provisioning

• Configuration Management

• Application Deployment

• Intra-Service Orchestration, etc

Tuesday, March 10, 15

Architecture

Ansible works by connecting to your nodes and pushing out small programs, called “Ansible Modules” to them. Ansible then executes these modules (over SSH by default), and removes them when finished.

Tuesday, March 10, 15

Components

• Inventory Files

• Roles

• Playbooks

Tuesday, March 10, 15

Inventory Files$ app.inv[webservers]www1.example.comwww2.example.com

[appservers]app1.example.comapp2.example.com

[memcached]memcached.example.com

[redis]redis.example.com

[dbservers]db0.example.com

Tuesday, March 10, 15

Roles

• This is where all the automation happens

• Components

• Tasks

• Templates

• Variables

Tuesday, March 10, 15

Rolesapp_config.yml- name: Install ruby_build dependencies sudo: true apt: pkg={{ item }} state=latest install_recommends=no with_items: - build-essential - git - libcurl4-openssl-dev - libpq-dev - libssl-dev - libxml2-dev - libxslt1-dev - zlib1g-dev- service: name=app_server state=running enabled=yes

- template: src=/opt/code/templates/foo.j2 dest=/etc/foo.conf notify: - restart app server

Tuesday, March 10, 15

Templates

$ application.yml.j2

AWS_S3_BUCKET_NAME: {{staging[0]['aws_s3_bucket_name']}}AWS_ACCESS_KEY_ID: {{staging[0]['aws_access_key_id']}}AWS_SECRET_ACCESS_KEY: {{staging[0]['aws_secret_access_key']}}

REDIS_HOST: {{hostvars[groups['redis'][0]]['private_ip_address']}}MEMCACHE_SERVERS: {% for host in groups['memcached'] %}{{hostvars[host]['private_ip_address']}}:11211,{% endfor %}

HONEYBADGER_ENV: {{ honeybadger_env }}

IMAGES_CDN: {{ images_cdn }}

Tuesday, March 10, 15

Templates

$ nginx/conf.d/default

upstream rails_app { {% for host in groups['appservers'] %} server {{ hostvars[host]['private_ip_address'] }}:8080; {% endfor %}}

server { root /home/{{ansible_env.USER}}/current/public;}

Tuesday, March 10, 15

Variables

staging.yml

site_url: https://staging.example.comhoneybadger_env: stagingpuma_workers: 8images_cdn: example-cdn%d.global.ssl.fastly.netrails_env: staging

Tuesday, March 10, 15

Playbooksbalancer.yml

- name: Load Balancers hosts: webserver gather_facts: true sudo: false user: deploy vars: rbenv_root: /home/{{ansible_env.USER}}/.rbenv version: 2.1.2

roles: - { role: common, deploy_user: deploy, deploy_group: deploy } - app - web

Tuesday, March 10, 15

Playbooksbalancer.yml

- name: Load Balancers hosts: webserver gather_facts: true sudo: false user: deploy vars: rbenv_root: /home/{{ansible_env.USER}}/.rbenv version: 2.1.2

roles: - { role: common, deploy_user: deploy, deploy_group: deploy } - app - web

Tuesday, March 10, 15

Now what?

brew install ansibleansible-playbook -i servers.inv balancer.ymlansible-playbook -i servers.inv appserver.ymlansible-playbook -i servers.inv fullstack.yml

Tuesday, March 10, 15

Sensitive Information?

• Ansible Vault

• ansible-vault edit hosts/production/db.yml

• ansible-playbook -i servers.inv app.yml --ask-vault-pass

Tuesday, March 10, 15

Thanks!

Tuesday, March 10, 15