aws meetup - sydney - march
TRANSCRIPT
A journey with Ansible & AWSSteven Ringo
CochlearSharing of patient-related data
among clinics and servicecentres.
Challenges
Regulatory & Compliance
Security
Sovereignty
Privacy
Geographic
Cultural
Organisational
Legal
Manage
Scale
Secure
Maintain
Infrastructure as codeSource control
Audit trail
Self documenting
Shared knowledge base
Desired resultsAgility
Convenience
Automation
Sandboxes, throwaway & testenvironments
bash
Let's create anew user
StackOverflow to the rescue!
sudo useradd myusersudo useradd -m myusersudo passwd myusersudo usermod -s /bin/bash myuser
Oh f*#&. User exists!
How to change home folder?
sudo?
useradd or adduser?
Ubuntu vs RedHat.
# Add the user 'borat' with a bash shell, # appending the group 'admins'# and 'developers' to the user's groups
- user: name: borat shell: /bin/bash groups: kazakhs append: yes
Idempotence
The ability to run an operationthat produces the same resultregardless of how many times
it is run.
SSH
No agents
Open source
Reads like prose
Declarative
YAML
Instant start.
Install locally and go!Small learning curve to get started
RHEL, CentOS, Fedora
Debian, Ubuntu
OS X
Windows*
“I wrote Ansible because noneof the existing tools fit mybrain. I wanted a tool that Icould not use for 6 months,come back later, and still
remember how it worked”— Michael De Haan. Ansible project founder
Cloud - Commands - Database - Files - Inventory
Messaging - Monitoring - Network - Notification
Packaging - Source - Control - System - Utilities
Web Infrastructure - Windows
AWS Modulesec2 Create, terminate, start or stop an instance in ec2ec2_ami Create or destroy an image in ec2ec2_ami_search Retrieve AWS AMI information for a given operating system.ec2_asg Create or delete AWS Autoscaling Groupsec2_eip Associate an EC2 elastic IP with an instance.ec2_elb Deregisters or registers instances from EC2 ELBsec2_elb_lb Creates or destroys Amazon ELB.ec2_facts Gathers facts about remote hosts within ec2 (aws)ec2_group Maintain an ec2 VPC security group.ec2_key Maintain an ec2 key pair.ec2_lc Create or delete AWS Autoscaling Launch Configurationsec2_metric_alarm Create/update or delete AWS Cloudwatch ‘metric alarms’ec2_scaling_policy Create or delete AWS scaling policies for Autoscaling groupsec2_snapshot Creates a snapshot from an existing volumeec2_tag Create and remove tag(s) to ec2 resources.ec2_vol Create and attach a volume, return volume id and device mapec2_vpc Configure AWS virtual private clouds
AWS Modulescloudformation Create a AWS CloudFormation stackelasticache Manage cache clusters in Amazon Elasticache.rds Create, delete, or modify an Amazon rds instancerds_param_group Manage RDS parameter groupsrds_subnet_group Manage RDS database subnet groupsroute53 Add or delete entries in Amazons Route53 DNS services3 S3 module putting a file into S3.
AnsibleConcepts
ModuleAbstraction of a thing that does stuff
TaskUse a module with desired parameters
# Remove the user 'johnd'- user: name=johnd state=absent remove=yes
PlayA list of tasks
for a list of hosts
---
- name: install The Thing™
hosts: webserver
remote_user: deploy
sudo: yes
tasks:
- name: create log file in /var/log
file: path="/var/log/csds" state=directory owner={{ deploy_user }} group={{ deploy_user }} mode=0755
- name: write nginx config file
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf mode=0755
notify: restart nginx
- name: check if database exists using result of create database task
postgresql_db: name={{ postgresql_db }} encoding='UTF-8'
register: create_database_result
- name: create postgresql user
postgresql_user: name={{ postgresql_user }} db={{ postgresql_db }} role_attr_flags=CREATEDB,NOSUPERUSER
PlaybookCollections of plays
PlaybookDeploy a Rails app
With Postgres
From the demo/demo GitHub repo
To an AWS instance in Sydney
On Ubuntu 14.04
As the Deploy user
TemplatesFiles copied to hosts
Written in Jinja
Similar to erb, handlebars etc.
Templatevariable substitution from calling playbookconditionals and loopstext transform filters
InventoryList of managed hosts and metadata for
where you want to deploy.
Static list
Dynamically generated list (e.g. EC2)
mail.example.com
[webservers]foo.example.com http_port=8080 data_dir=/var/www/data/foobar.example.com
[dbservers]one.example.comtwo.example.comthree.example.com
HandlersTake an action upon a change of state
e.g. restart a service
PluginsCallback, action and other hooks
“Chatops”Send a Slack message
at playbook start or end
FactsData gathered
from target hostsIP addressHardwareOperating SystemEnvironment variables, etc.
RolesPlays as reusable 'components'
RolesBased on convention based on filename and directory structureGrouping of related tasks, files, handlers etcrole_name/tasks/main.ymlhandlers/main.ymlvars/main.ymlfiles/{file1.conf,file2.txt}templates/{file3.conf.j2,otherfile.j2}
Installhttp://docs.ansible.com/intro_installation.html
Documentationhttp://docs.ansible.com/