INTRODUCING ANSIBLEWhat is it? What do we do with it? How?!

Tyler Turk

Uh… What are we talking about?

• Configuration Management Utility

• Automation Utility

• Easily extensible and pluggable framework

• Michael DeHaan, 2012 (developer of cobbler)

Please sir, may I have some

more?

• Written in Python

• Used for server config management

• Used for auditing of environment

Server-CM: Ansible 1.7.3

Masterchief: Ansible 0.9

THE DYNAMIC INVENTORY

What are inventories? What do

they contain?

• List of groups

• List of hosts in groups

• Potentially some

variables

What’s our inventory?

• Dynamic inventory interface based off server-

meta

• inventory/server_meta.py

• Groups generated by:

• server-meta-ranges

• Datacenter values

• ansible_groups property

Currently Extant Groups

• 64b-pod

• hapod

• 4g

• 8g-legacy

• development

• staging

• production

• protostaging

• vendor_group

• cloud

• dedicated

• clusters

Managing Disparate

Environments

• Primary API services production

• Dev API services development

• Corporate servers are handled with a flat file

Why is the inventory important?

• Groups are managed by dynamic inventory

• Skipping dynamic inventory means no groups

• No groups means incorrect variables set

• Systems will be configured incorrectly

Why do we need a custom

inventory?

• Multi-vendor strategy

• Custom data

requirements

• Assurance of

environment isolation

INVENTORY PATTERN

MATCHING

Access The Servers You Want!

• ‘pod-*’ # All pods

• ‘utility-*’ # All servers

with utility in the name

• ‘cluster-*:!dbmaster*’ #

All servers in each

cluster excluding

dbmaster

• ‘vendor:&pod-*’ # All

pods that exist in vendor

A simple example

Another example with explicit inclusion

IMPORTANCE OF

IDEMPOTENCE

What is idempotence?

f(x) = f(f(x)) = f(f(f(f(f(f(x))))))

• property of certain

operations in

mathematics and

computer science, that

can be applied multiple

times without changing

the result beyond the

initial application

• f(x) = f(f(x))

Okay… why do we care?

• Less accident prone

• We don’t break things

• Playbook is repeatable

• Helps to ensure same state, each time

Examples

• Idempotent Task:

lineinfile: dest=/etc/hosts line=“127.0.01 localhost” state=present

• Non-Idempotent Task:

shell: echo “127.0.01 localhost” >> /etc/hosts

AD-HOC USAGE

Ansible RunnerWelcome to Ad-Hoc

Usage

Useful Modules

• Apt

• Command

• Copy

• Fetch

• File

• Service

• Shell

• Stat

• Template

• User

• Zabbix Maintenance

Issues with Bash-isms

• Complex audits can

require mixed quotations

• Susceptible to shell

limitations

• Use python wrapper to

avoid bash-isms

Command Examples

ansible -i inventory/server_meta.py -m shell -a ‘ls /nas/local/ssl’ vendor

ansible -f 50 -m shell -a 'grep mysql.heartbeat

/etc/zabbix/zabbix_agentd.conf | wc -l' -i inventory/server_meta.py 'cluster*'

&>heart.out

ansible -f 50 -m copy -a "src=/root/ssl_sucks/cloudflare.conf

dest=/etc/wpengine/nginx/ssl.d/cloudflare.conf owner=root group=root

mode=0644" -i inventory/server_meta.py 'pod-*:hapod-*:web-*'

WHAT IS THIS PLAYBOOK

SORCERY?

What are playbooks?

• List of tasks

• Run against subset of

hosts

• Hopefully idempotent

What’s in a playbook?

• Conditional task execution

• Hosts

• Notifiable handlers

• Roles

• Variables

Example Playbook

Server Provisioning Playbooks

• Remote Playbook:

• Executed remotely

• Handles partitioning

• Initial Configuration

• Copies files out

• Platform Playbook:

• Executed locally

• Facts from remote

• Ensures packages

• Completes Config

Platform Deployment Playbook

• phased-deploy:

• git prefetch

• git checkout

• ensures consistent

phases

One-Off Playbooks

• build-server.yml

• Handles build server provisioning

• fire_and_forget_pull.yml

• Similar to nas2-prefetch.yml

• prepare-loadtest.yml

• Stages the droid install on a server

• remove_user.yml

• Removes user from our infrastructure

VARIABLE PRECEDENCE &

TROUBLESHOOTING

Introduction to Ansible Variables

• Regular variables:

Variables that are

explicitly defined either

via register or various

files / CLI options

• Magic variables:

Variables that are

defined automatically

Some Magic Variables

• hostvars

• ansible_distribution

• ansible_INTERFACE

• ansible_fqdn

• ansible_pkg_mgr

• group_names

• inventory_hostname

Variable Precedence

• Defined on the CLI (-e, --extra-vars)

• Connection variables

• “Most everything else”

• Inventory variables

• Discovered facts

• Role defaults

Wait… “most everything else…?”

• Included variables

• Host variables

• Group Variables

• Child group

• Parent group

• “All” variables, the super parent

• Define a variable as few times as possible

Using Lookup Plugins for

Variables

• with_items - Iterate through a list of items

• with_dict - Iterate through a dictionary

• with_fileglob - Iterate through a glob of files

• with_first_found - Iterate through files until one

is found

• Create your own!

JINJA2 TEMPLATING

FRAMEWORK

Introduction to Templating

group_vars/all:

is_vagrant: false

roles/common/templates/etc/hosts:

{% if is_vagrant %}

192.168.1.1 api.wpengine.com

{% endif %}

How to Loop in Templates

roles/common/templates/etc/hosts:

{% for ip in ansible_all_ipv4_addresses | sort %}

{{ ip }} {{ ansible_fqdn }}

{% endfor %}

roles/common/templates/etc/ansible_groups:

{% for name in group_names | sort %}

{{ name }}

{% endfor %}

Conditionals and Extensions

roles/apache/templates/var/www/index.jn2:

<html><head>

{% if maintenance_mode | default('', false) | bool %}

{% include "maintenance_header.html" %}

{% else %}

<title>Production - Ansible

Example</title></head><body>

<h3>Production mode FTW!</h3>

{% endif %}

</body></html>

Simple Demo Time!

ansible-playbook sample.yml

ansible-playbook sample.yml -e "maintenance_mode=false"

ansible-playbook sample.yml -e “maintenance_mode=true"

file:///Users/tylerturk/meetup/output/index.html

I WANT MORE OUT OF IT

Possible to Extend Upon

• Additional plugins can easily be dropped in

• Researching sample plugins goes a long way

• Several different plugin types currently

available

• Return results in JSON or hook however you

choose

Got questions? Ask!

Examples Available At:

https://github.com/tylerturk/ansible-examples-

jan28

Twitter: tylerjturk