how ansible makes automation easy
DESCRIPTION
Talk for Gluecon 2014 - DevOps track.TRANSCRIPT
@pas256 @Answers4AWS
How Ansible Makes Automation Easy
Gluecon: May 2014 !!
Peter Sankauskas Founder, Answers for AWS
@pas256 @Answers4AWS
ā¢ Engineer
ā¢ Founder of Answers for AWS
ā¢ Wrote the EC2 inventory plugin for Ansible
ā¢ Run the Advanced AWS meetup in SF
ā¢ Won a NetflixOSS Cloud Prize for my Ansible playbooks
About Me
@pas256 @Answers4AWS
!
!
Beautiful, flexible shell scripts
What is Ansible?
@pas256 @Answers4AWS
ā¢ Installation and configuration of services
ā¢ Code deployment
ā¢ Provisioning
ā¢ Image creation
What can you automate?
@pas256 @Answers4AWS
ā¢ Easy to read, write and share playbooks
ā¢ Thousands of modules *
ā¢ Great documentation
ā¢ Support
Why is it easy?
* 2015 projection
@pas256 @Answers4AWS
@pas256 @Answers4AWS
!!!- name: Install Apache web server apt: pkg=apache2 state=latest
What does this do?
@pas256 @Answers4AWS
!!!- name: Install Apache web server apt: pkg=apache2 state=latest
What does this do?Documentation
ArgumentsModule
@pas256 @Answers4AWS
- name: Install Apache web server with PHP apt: pkg={{ item }} state=latest with_items: - apache2 - php5 - libapache2-mod-php5 - php-apc
!
@pas256 @Answers4AWS
- name: Install Apache web server with PHP (apt version) apt: pkg={{ item }} state=latest with_items: - apache2 - php5 - libapache2-mod-php5 - php-apc when: ansible_distribution == āUbuntu'"!!- name: Install Apache web server with PHP (yum version) yum: pkg={{ item }} state=latest with_items: - httpd24 - php55 - php55-pecl-apc when: ansible_distribution == 'Amazon'
@pas256 @Answers4AWS
- name: Copy website configuration copy: src=site.conf dest=/etc/apache2/sites-available/site.conf owner=root group=root mode=0755 notify: restart apache tags: config
A little more complex
@pas256 @Answers4AWS
ā¢ Contains one or more āplaysā
ā¢ Written in YAML
ā¢ Declare configuration
ā¢ YAML is not code
ā¢ Executed in the order it is written
ā¢ No dependency graph
Playbooks
@pas256 @Answers4AWS
ā¢ apt/yum/pip
ā¢ Add/Remove packages
ā¢ command/shell
ā¢ Execute any shell command (with or without environment)
ā¢ copy
ā¢ Copy a file from source to destination on host
ā¢ file
ā¢ Create directories, symlinks, change permissions
ā¢ service
ā¢ Start/Stop/Enable services
ā¢ template
ā¢ Same as copy, but with variable substitutions in file
Modules
@pas256 @Answers4AWS
accelerate
acl
add_host
airbrake_deployment
alternatives
apache2_module
apt
apt_key
apt_repository
apt_rpm
arista_interface
arista_l2interface
arista_lag
arista_vlan
assemble
assert
async_status
async_wrapper
at
authorized_key
bigip_facts
bigip_monitor_http
bigip_monitor_tcp
bigip_node
bigip_pool
bigip_pool_member
boundary_meter
bzr
campfire
capabilities
cloudformation
command
composer
copy
cpanm
cron
datadog_event
debconf
debug
digital_ocean
digital_ocean_domain
digital_ocean_sshkey
django_manage
dnsimple
dnsmadeeasy
docker
docker_image
easy_install
ec2
ec2_ami
ec2_ami_search
ec2_asg
ec2_eip
ec2_elb
ec2_elb_lb
ec2_facts
ec2_group
ec2_key
ec2_lc
ec2_metric_alarm
ec2_scaling_policy
ec2_snapshot
ec2_tag
ec2_vol
ec2_vpc
ejabberd_user
elasticache
facter
fail
fetch
file
filesystem
fireball
firewalld
flowdock
gc_storage
gce
gce_lb
gce_net
gce_pd
gem
get_url
git
github_hooks
glance_image
group
group_by
grove
hg
hipchat
homebrew
homebrew_cask
homebrew_tap
hostname
htpasswd
include_vars
ini_file
irc
jabber
jboss
jira
kernel_blacklist
keystone_user
layman
librato_annotation
lineinfile
linode
lldp
locale_gen
logentries
lvg
lvol
macports
modprobe
mongodb_user
monit
mount
mqtt
mysql_db
@pas256 @Answers4AWS
mysql_replication
mysql_user
mysql_variables
nagios
netscaler
newrelic_deployment
nexmo
nova_compute
nova_keypair
npm
ohai
open_iscsi
openbsd_pkg
openvswitch_bridge
openvswitch_port
opkg
osx_say
ovirt
pacman
pagerduty
pause
ping
pingdom
pip
pkgin
pkgng
pkgutil
portage
portinstall
postgresql_db
postgresql_privs
postgresql_user
quantum_floating_ip
quantum_floating_ip_associate
quantum_network
quantum_router
quantum_router_gateway
quantum_router_interface
quantum_subnet
rabbitmq_parameter
rabbitmq_plugin
rabbitmq_policy
rabbitmq_user
rabbitmq_vhost
raw
rax
rax_cbs
rax_cbs_attachments
rax_clb
rax_clb_nodes
rax_dns
rax_dns_record
rax_facts
rax_files
rax_files_objects
rax_identity
rax_keypair
rax_network
rax_queue
rds
rds_param_group
rds_subnet_group
redhat_subscription
redis
replace
rhn_channel
rhn_register
riak
rollbar_deployment
route53
rpm_key
s3
script
seboolean
selinux
service
set_fact
setup
shell
slack
slurp
sns
stackdriver
stat
subversion
supervisorctl
svr4pkg
swdepot
synchronize
sysctl
template
twilio
typetalk
ufw
unarchive
uri
urpmi
user
virt
vsphere_guest
wait_for
xattr
yum
zfs
zypper
zypper_repository
@pas256 @Answers4AWS
ā¢ Reuse a set of tasks, files, variables and templates
ā¢ Ansible Galaxy for being social
ā¢ Web
ā¢ Database
ā¢ System
ā¢ moreā¦
Roles
@pas256 @Answers4AWS
Documentation
http://docs.ansible.com/
Slides
http://www.slideshare.net/pas256/code-mash
Video
http://answersforaws.com/episodes/2-ansible-and-aws/
Introduction to Ansible
@pas256 @Answers4AWS
ā Installation and configuration of services
ā¢ Code deployment
ā¢ Provisioning
ā¢ Image creation
What can you automate?
@pas256 @Answers4AWS
- name: Get code from GitHub for branch {{ branch }} git: [email protected]:company/website.git dest=/var/www/website version={{ branch }} accept_hostkey=yes" " - name: Copy database.yml from S3 to rails s3: bucket=company-devops object=database.yml dest=/var/www/website/config/database.yml mode=get"! - name: Bundle install shell: chdir=/var/www/website bundle install --without development test"! - name: Precompile assets with rake shell: chdir=/var/www/website RAILS_ENV={{ env }} bundle exec rake assets:precompile
Code deployment
@pas256 @Answers4AWS
ā¢ Create security group
ā¢ Launch instance
ā¢ Create load balancer
ā¢ Register instance with load balancer
Provisioning
@pas256 @Answers4AWS
Donāt do this
@pas256 @Answers4AWS
ā¢ Use CloudFormation
ā¢ Dependency management
ā¢ Delete for free
ā¢ Ultimate combination
ā¢ python + boto + troposphere
Donāt do this on AWS
@pas256 @Answers4AWS
- local_action: module: gce name: test-instance zone: us-central1-a machine_type: n1-standard-1 image: debian-7
Provisioning on GCE is fine
@pas256 @Answers4AWS
ā Installation and configuration of services
ā Code deployment
ā Provisioning
ā¢ Image creation
What can you automate?
@pas256 @Answers4AWS
ā¢ Run in local mode
ā¢ Do not start services
ā¢ Use Ansible provisioner for
ā¢ aminator
ā¢ packer
ā¢ Use Bakery4AWS (apply for beta access)
Image creation
@pas256 @Answers4AWS
Flexible playbooks
@pas256 @Answers4AWS
Same playbook can:
ā¢ Run on a single instance
Flexible playbooks
Ansible Playbook
Laptop
@pas256 @Answers4AWS
Same playbook can:
ā¢ Run on a single instance
ā¢ Run on multiple instances
Flexible playbooks
Ansible Playbook
Laptop
@pas256 @Answers4AWS
Same playbook can:
ā¢ Run on a single instance
ā¢ Run on multiple instances
ā¢ Run against multiple OSes
Flexible playbooks
Ansible Playbook
Laptop
@pas256 @Answers4AWS
Same playbook can:
ā¢ Run on a single instance
ā¢ Run on multiple instances
ā¢ Run against multiple OSes
ā¢ Run in local mode to create image
Flexible playbooks
Ansible Playbook
Laptop
Packer/Aminator
@pas256 @Answers4AWS
Four things to consider to write highly flexible playbooks
ā¢ Header
ā¢ Common variables
ā¢ Services
ā¢ Handlers
How?
@pas256 @Answers4AWS
--- - name: My Playbook hosts: all sudo: True roles: - role1 - role2 vars_files: - vars/common.yml - vars/{{ ansible_distribution }}.yml
Playbook header
@pas256 @Answers4AWS
--- ami_build: ami is defined and ami not_ami_build: ami is not defined or not ami
Common Variables File
@pas256 @Answers4AWS
- name: Enable Apache HTTP Web Server service service: name=httpd enabled=yes"!- name: Starting Apache HTTP Web Server service service: name=httpd state=started when: not_ami_build"!- name: Stopping Apache HTTP Web Server service service: name=httpd state=stopped when: ami_build
Services
@pas256 @Answers4AWS
--- - name: restart apache service: name=httpd state=restarted when: not_ami_build
Handlers
@pas256 @Answers4AWS
ā¢ Against Ubuntu web servers
ansible-playbook myplaybook.yml -u ubuntu -l web"
ā¢ Against Amazon Linux web servers
ansible-playbook myplaybook.yml -u ec2-user -l web"
ā¢ Build an AMI
ansible-playbook myplaybook.yml -u ubuntu -e āami=Trueā -c local -i ā127.0.0.1,ā
Execution
@pas256 @Answers4AWS
!
Questions? Play Stump the Presenter
!
Slides available online:
ā¢ http://bit.ly/gluecon-ansible
Thank you