ansible berlin meetup intro talk by @danvaida

Ansible Berlin Meetup, @danvaida

Welcome to Ansible Berlin Meetup

Kickoff Event 2015.02.11


Where does the name ‘Ansible’ come from?

“The word ansible was coined by Ursula K. Le Guin in her 1966 novel Rocannon's World. Le Guin states that she derived the name from "answerable," as the device would allow its users to receive answers to their messages in a reasonable amount of time, even over interstellar distances.”

—Wikipedia


still from “Ender’s Game” movie


How can Ansible help?

It can:

• do configuration management

• deploy applications

• do continuous delivery and continuous integration

• be used for provisioning of cloud-based systems


What I like about it• YAML - everyone can read YAML (mind that whitespace!)

• Jinja2 templates (blazing fast compilation to Python code, easy to debug, easy to use filter system)

• Ad-hoc, reusable one-liners

• Works over SSH (w/ sudo or root keys)

• Easy to install (homebrew/rpm/deb/pip/pkg) or simply checkout and fire away

• Idempotence (it gives the same result as if it were applied once; i.e., ƒ(ƒ(x)) ≡ ƒ(x))


What I’m glad it doesn’t have

• DSLs (domain specific languages)

• Agents to configure, manage, scale

• worrying about time synchronization with the Master

• overhead by dealing with certificates between Master & Slaves

• ports to manage in the firewall


Who uses Ansible?


3 years old

current stable release: 1.8.2

dev release 1.9

v2 is also available (big refactoring, fully backwards compatible)


Configuring Ansible• ANSIBLE_CONFIG (an environment variable)

• ./ansible.cfg (in the current directory)

• ~/.ansible.cfg (in the home directory)

• /etc/ansible/ansible.cfg


General nomenclature• Task - calls a module with specific parameters

• Handler - a special type of task, normally triggered by a task

• Play - list of tasks applied to a list of hosts

• Playbook - collection of plays, executed sequentially

• Role - group related, set of tasks

• Module - actual code that makes Tasks happen

• Inventory - list of hosts, groups and variables

• Fact - information collected from targeted hosts

• Plugin - can be a callback, action or other hooks


Inventory• Static - it’s a simple way to get things started and works great for

simple architectures

• Dynamic

• comes in handy for more complex architectures

• can write your own script in any language as long as it returns JSON

• recursively descends in all sub-folders and uses all contained files

• built-in scripts for AWS, DigitalOcean, GCE, Vagrant, Docker, SoftLayer, Spacewalk, Azure, etc.

• A combination of both


Static Inventory


Dynamic Inventory


Folder Structure


Playbook example: patching the ‘GHOST’ vulnerability


Modules


Roles


Variables


Sensitive Data, meet Ansible Vault


Some exampleshttp://goo.gl/MlA7mE


Facts• Grabs information from the hosts

• On by default

• Can use ohai (Chef) / facter (Puppet) or other custom facts modules (i.e. to gather information from network devices, etc.)

• Help write resources-specific templates (i.e. nginx worker_processes, elasticsearch ES_HEAP_SIZE)


Hosts targeting

• You can apply AND, OR, NOT

• ansible -m ping webservers:databases

• ansible -m ping webservers:!databases

• ansible -m ping webservers:&databases

• ansible -m ping webservers:&databases:!loadbalancers


Ansible Binaries• ansible-doc

• ansible-vault

• ansible-playbook

• ansible

• ansible-galaxy

• ansible-pull


My pain with Ansible

• rds_param_group, elasticache, ec2_eip, etc.

• Can simply use Ansible as a wrapper around aws cli to use templates and create custom logic


Tips/Gotchas• Don’t forget: every task creates a new SSH connection (new

ENV, etc.)

• Tag all the things

• Set a default for every variable

• Every task copies the script to execute on the destination machine. Removes it after the script runs (or times out). Fire and forget.

• Don’t always trust the output: it might not reflect the reality (real object), especially when dealing with the from_json filter. One fix is to use callbacks.


Ansible Tower• The commercial product from Ansible Inc.

• Free Trial (30 days, up to 100 nodes)

• Free version supporting up to 10 hosts

• REST API (extremely useful for more complex setups like AWS CloudFormation)

• Integrates with LDAP

• Excellent for auditing

• Has a CLI


Community & Resources• IRC (#ansible on Freenode)

• Mailing lists on Google Groups

• GitHub

• Ansible Galaxy (the best Ansible content, shared and re-used)

• Docs (nice examples of use cases)

• Books

• Free, live Webinars (everything from intro to complex scenarios)


Ansible Book (work in progress)

http://www.ansible.com/ansible-book

http://www.ansible.com/ansible-book

ansible berlin meetup intro talk by @danvaida

Software

ansible ansible

word ansible

ansible help

danvaida variables

danvaida welcome

danvaida modules

danvaida roles

danvaida sensit