Date post: | 06-Aug-2015 |
Category: |
Technology |
Upload: | ahamilton55 |
View: | 88 times |
Download: | 1 times |
Ansible is an IT automation tool. It can configure systems, deploy software, and orchestrate more advanced IT tasks such as continuous deployments or zero downtime rolling updates.
http://docs.ansible.com/
ExtensibleLarge community
Lots of prebuilt modules (100s)
Easy to build custom modules
Modules are “Polygot”
Installation: Packages$ pip install ansible
# yum install ansible
# aptitude install ansible
$ brew install ansible
Installation: Source$ git clone \ > https://github.com/ansible/ansible
$ source ansible/hacking/env-setup
Inventory: Static[my_hosts]host1.example.comhost2.example.com
[webservers]www1.example.comwww2.example.com
[dbs]db1.example.comdb2.example.com
Inventory: DynamicBuilds a JSON inventory of hosts
Provided: AWS, GCE, Azure, OpenStack, VMWare, Rackspace, Linode, Digital Ocean, Cobbler, Vagrant, Fleet, Consul, ...
---- hosts: tag_service_web_server
vars:- local_dir: “/myapp”- dest_dir: “/var/www”
tasks:- name: Install nginx
yum: name=nginx.x86_64 state=present
- name: Start nginxservice: name=nginx state=started
- name: Copy over the appcopy: src={{ local_dir }} dest={{ dest_dir }}
recursive=yes owner=nginx mode=0644directory_mode=yes
---- hosts: tag_service_web_server
vars:- local_dir: “/myapp”- dest_dir: “/var/www”
tasks:- name: Install nginx
yum: name=nginx.x86_64 state=present
- name: Start nginxservice: name=nginx state=started
- name: Copy over the appcopy: src={{ local_dir }} dest={{ dest_dir }}
recursive=yes owner=nginx mode=0644directory_mode=yes
---- hosts: tag_service_web_server
vars:- local_dir: “/myapp”- dest_dir: “/var/www”
tasks:- name: Install nginx
yum: name=nginx.x86_64 state=present
- name: Start nginxservice: name=nginx state=started
- name: Copy over the appcopy: src={{ local_dir }} dest={{ dest_dir }}
recursive=yes owner=nginx mode=0644directory_mode=yes
VarsAllows you to dynamically change values
Can be used in playbooks and templates
Different types of variables for different workloads
Vars: RuntimeYou can add variables from the CLI at runtime
Runtime variables take precedence
$ ansible-playbook -i <inventory> \> -e key1=value1 playbook.yml
3 types of varsStandard:
my_str: “my string”my_num: 1my_float: 1.234923409my_bool: false*
* booleans also allow “yes” and “no”
3 types of varsHashes (Dictionaries):
a_hash: { “key”: “value”, }hashing_it_up: { “such”: “wow”,
“chosen”: 1, }
3 types of varsCombining them together
my_var: “Here”complex: [
{ “key”: “value”, },{ “key”: “blah”, },{ “key”: my_var },
]
Jinja templating for varsUse “{{ <var> }}” to access variables
{{ my_var }}{{ my_list[0] }}{{ my_hash[“key”] }}
---- hosts: tag_service_web_server
vars:- local_dir: “/myapp”- dest_dir: “/var/www”
tasks:- name: Install nginx
yum: name=nginx.x86_64 state=present
- name: Start nginxservice: name=nginx state=started
- name: Copy over the appcopy: src={{ local_dir }} dest={{ dest_dir }}
recursive=yes owner=nginx mode=0644directory_mode=yes
TasksUses modules to complete tasks
100s of prebuilt modules
Examples: template, copy, yum, apt, pip, ec2, elb, docker
Can use custom modules in tasks too
Loops- name: Install nginx
yum: name=nginx.x86_64 state=latest
- name: Install php5yum: name=php5.x86_64 state=latest
- name: Install Laravelyum: name=php5-laravel.x86_64 state=latest
Loops- name: Install packages
yum: name={{ item }} state=latestwith_items:- nginx.x86_64- php5.x86_64- php5-laravel.x86_64
Loops- name: Install packages
yum: name={{ item.name }} state={{ item.ver }}with_items:- { “name”: ”nginx.x86_64”, “ver”: ”latest” }- { “name”: ”php5.x86_64”, “ver”: ”5.4-1” }- { “name”: ”php5-laravel.x86_64”, ver”: ”5.4-123-1” }
Conditionals- name: Install nginx
yum: name=nginx.x86_64 state=latest
But what if we want to also use a Deb based distro?
Conditionals- name: Install nginx (RH)
yum: name=nginx.x86_64 state=latestwhen: ansible_os_family == “RedHat”
- name: Install nginx (Deb)apt: name=nginx state=latestwhen: ansible_os_family == “Debian”
Variables FilesJust files full of variables…
Makes using a large number of variables easier
Cleans up your playbooks
Variables FilesSite / Groups:
Best practice to place in a group_vars dir
group_vars/all for site varsgroup_vars/<group_name> for groups
Variables Files: webserverindex_page: index.htmldomains: [
‘example.com’,‘www.example.com’
]server_names: “{{ domains|join(‘ ‘) }}”vhost_root_dir: “/usr/local/www/{{ domains[0] }}/htdocs”
Variables Files- hosts: webservers
vars_files:- group_vars/all- group_vars/webserverstasks:- name: Install nginx
yum: name=nginx state=latest
Roles: webserver.ymlhosts: webserversvars_files:- group_vars/all- group_vars/webserversroles:- nginx
Roles: templates/nginx.confhttp { index {{ index_page }}; server { server_name {{ server_names }}; access_log logs/{{ main_domain }}.access.log main; root {{ vhost_root_dir }}; }}
Roles: tasks/redhat.yml---- name: Install nginx
yum: name=nginx state=latestnotify:- start nginx- enable nginx
Roles: tasks/debian.yml---- name: Install nginx
apt: name=nginx state=latestnotify:- start nginx- enable nginx
Roles: tasks/main.yml---- include: redhat.yml
when: ansible_os_family == “RedHat”
- include: debian.ymlwhen: ansible_os_family == “Debian"
- name: Copy over the nginx.conf templatetemplate: src=nginx.conf dest=/etc/nginx/nginx.confnotify: restart nginx
Roles: handlers/main.yml---- include: redhat.yml
when: ansible_os_family == “RedHat”
- include: debian.ymlwhen: ansible_os_family == “Debian”
- name: start nginxservice: name=nginx state=started
- name: restart nginxservice: name=nginx state=restarted
Secrets$ANSIBLE_VAULT;1.1;AES256343836626534373165643662656363373866626639396535393063336336333162643832353466386631366536656336353137363462643435376164363339360a303264343761336135386564653138393264613961656430666639383339653465303330613333366330366131383033353761643463623161373230353036640a6439613064666466393861633034613534613966653933353837316532663964646435343837323865613061313137346535343239653334376364323932316238386161303764343665346666333231333461636634353061313332613934313433343834366434623866636366313936656463363832343130643139636535363432333861313430343033376566613764623161616565376466383833306164386532656662306437333464343139376362613933653964643536343265623438346634616462313965643038366265646264636538636238306330306430343439633165323330323539616165333039356261613332393332376633636436656636613639613438663335316532643536326264646536636536623061383661656534633130663534316162646236636631323866336530393562636565636166646637616465313037396339633264643731366436623030326633393934346437636663636563333832303165633637303065343732323539643834643066613734363366643933613533343631303930623765616238323633393638333733663835616637306635666466636633323437343665646433383637623932316139363639323565663230656432363731623230
SecretsBuiltin support for using AES256 encrypted variables files
Files kept in group_vars files for easy access
Pass in password at execution