henry stamerjohann - macsysadmindocs.macsysadmin.se › 2015 › pdf › day4session1.pdf ·...
TRANSCRIPT
![Page 1: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/1.jpg)
![Page 2: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/2.jpg)
Henry StamerjohannApfelwerk GmbH & Co. KG
@head_min#macadmins
![Page 3: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/3.jpg)
Configuration Management
![Page 4: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/4.jpg)
how do you manage systems ?how do you manage systems ?how do you manage systems ?how do you manage systems ?how do you manage systems ?how do you manage systems ?how do you manage systems ?how do you manage systems ?how do you manage systems ?how do you manage systems ?how do you manage systems ?how do you manage systems ?how do you manage systems ?how do you manage systems ?how do you manage systems ?how do you manage systems ?how do you manage systems ?
how do you manage systems ?
![Page 5: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/5.jpg)
Infrastructure as Code Documented Progress Deterministic Process
Idempotency
Why do cfgmgmt ?
Bla,bla,..
![Page 6: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/6.jpg)
Infrastructure as Code Documented Progress Deterministic Process
Idempotency
Why do cfgmgmt ?
![Page 7: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/7.jpg)
Ansible
![Page 8: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/8.jpg)
What is Ansible ?
![Page 9: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/9.jpg)
Radically simple IT automation systemWorks via SSH communication
No extra software on servers required Configure systems without
a daemon or central database
What is Ansible ?
![Page 10: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/10.jpg)
Configuration managementApplication deployment Multi-node orchestration
Ad-hoc task-executionSupport cloud provisioning
Will it Blend ?
![Page 11: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/11.jpg)
Foundation
![Page 12: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/12.jpg)
Open Source Based on Python 2.7 Strong community
Highly modular Extendable
Foundation
![Page 13: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/13.jpg)
The Goals
![Page 14: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/14.jpg)
Simplicity Maximum ease of use
Security Reliability
Auditability by humans
The Goals
![Page 15: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/15.jpg)
Use simple YAML based syntax Simple execution order top to bottom
Agent-less - no client to install and maintain supports powerful Jinja2 template
large library of builtin modules
More Facts
![Page 16: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/16.jpg)
cfe15e0
1e1b6b5
0f668f1
ssh
Operation
![Page 17: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/17.jpg)
Install Ansible
![Page 18: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/18.jpg)
Python on admin machine Python on nodes to be managed
ssh-keys on nodes (recommended) Module dependencies (Python)
Requirements
![Page 19: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/19.jpg)
sudo easy_install pip sudo pip install ansible
module requirements: pip install <py-module_name>
Install Ansible
pip AnsibleOS X easy installPython
![Page 20: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/20.jpg)
Ansible binary
ansible ansible-galaxyansible-playbook ansible-pullansible-doc ansible-vault
![Page 21: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/21.jpg)
Ansible run options
debug with -vvvv dry run mode with --check check playbooks with --syntax-check
![Page 23: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/23.jpg)
Get closer with Ansible
![Page 24: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/24.jpg)
Inventory Playbook Task Module
Terminology
Hosts file to work with Masterfile to execute Call a module, execute command Call for specific functionality
![Page 25: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/25.jpg)
--- hosts: vars:tasks: - name: shell: - include:
YAML, start of a playbook machine(s) you want to perform operations variables for that play / include separate vars filetasks you want to perform on the hostdisplay description for executed task/commandrun a module that allows to perform shell commands "run" external YAML file containing tasks, variables
Playbook dissect
![Page 26: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/26.jpg)
1 2 3 4 5 6 7 8 9
--- - hosts: localhostvars:- message: "Hello MacSysAdmin 2015!"# we use the 'shell' module to call '/usr/bin/say'tasks:- name: we use 'shell' module to call OS X 'say' binary shell: say "{{ message }}" --voice=Zarvox
Playbook / shell module
![Page 27: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/27.jpg)
#1
#2
#0
![Page 28: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/28.jpg)
Playbook / osx_say module
1 2 3 4 5 6 7 8 9
--- - hosts: localhostvars:- message: "Hello MacSysAdmin 2015!"# we use the 'osx_say' module to call '/usr/bin/say'tasks:- name: we use 'osx_say' module to call OS X 'say' binary osx_say: msg="{{ message }}" voice=Zarvox
![Page 29: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/29.jpg)
#1
#2
#0
use specific modules for idempotency
![Page 30: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/30.jpg)
--- hosts: vars:tasks:name:osx_say: include:
{{ parameter }} Inventory file:
Playbook dissectYAML, start of a playbook machine(s) you want to perform operations variables for that play / include vars filetasks you want to perform on the hostdisplay description for executed task/commanda specific module that allows you to call 'say' on OS X"run" external YAML file containing tasks, variables
in braces we reference parameters from vars/inventory referred in ansible.cfg, similar to a /etc/hosts file
![Page 31: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/31.jpg)
Inventory
hosts file
![Page 32: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/32.jpg)
Hosts file are simple Text files Describes your servers
IP Addresses or DNS Names Grouped by Name
Vars for Groups
Inventory
![Page 33: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/33.jpg)
Inventory
![Page 34: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/34.jpg)
1 2 3 4 5 6 7 8 9 10 11 12
# simplest inventory entry is just an IP / hostname [munki_host] 10.0.0.20
# hostname or FQDN with attach vars [dockerhost] dockerhost.macadmin.me ansible_ssh_host=192.168.191.167 ansible_ssh_user=root
# reference your local admin machine [localhost] localhost ansible_connection=local
Inventory
![Page 35: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/35.jpg)
Syntax reference
# comments [name] server / ip [multi:children][name:vars]
comments begin with the '#' characterSpace and blank lines are ignored Groups of hosts delimited by [header] elements Use hostname, FQDN or IP addressesDefine a Groups of groups with child groupsDefine common vars for a group
Inventory
![Page 36: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/36.jpg)
Ad hoc calls
![Page 37: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/37.jpg)
Ad hoc Ansible
# command pattern ansible <group> -i <hosts> —m <module_name> -a <arguments> -s <optional:sudo>
# Run ad-hoc install and start of NTP/ntpd service ansible munki_host -i hosts -m apt -a "pkg=ntp state=installed" ansible munki_host -i hosts -m service -a "name=ntpd state=started enabled=yes"
![Page 38: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/38.jpg)
Ad hoc Ansible
# restart jss tomcat server on linux ansible jss-host -i hosts -m shell -a "/etc/init.d/jamf.tomcat7 restart"
# create munki repo folder structure ansible munki_host -i hosts -m shell -a "mkdir -p /var/www/html/\ munki_repo/{catalogs,manifests,pkgs,pkgsinfo}"
![Page 39: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/39.jpg)
ssh-key bootstrap
# install ssh keys on remote host ansible fedora -i hosts -m authorized_key -a "user=root \ key='{{ lookup('file', '/Users/macadmin/.ssh/id_rsa.pub') }}' \ path=/root/.ssh/authorized_keys" --ask-pass -c paramiko
** Note: here we do a local lookup for read in the id_dsa.pub ssh-key and copy to remote host machine named "fedora"
![Page 40: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/40.jpg)
#1
#2
#3
![Page 41: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/41.jpg)
Ansible modules & tasks
![Page 42: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/42.jpg)
Ansible v1.9.2 has about 390 Modules
![Page 43: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/43.jpg)
Executes a low-down and dirty SSH command
tasks: - name: Enable ARD Screen Sharing through SSH.raw: /System/Library/CoreServices/RemoteManagement/\ ARDAgent.app/Contents/Resources/kickstart \
-activate -configure -access -on -users admin \ -privs -all -restart -agent -menu
raw
1 2 3 4 5 6
![Page 44: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/44.jpg)
#1
#2
#3
#0
![Page 45: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/45.jpg)
Executes a command on remote node(s)
tasks: - name: Set Repo and Help URLs for Munki / Managed Software Center.command: defaults write /Library/Preferences/ManagedInstalls {{ item }}with_items:- SoftwareRepoURL -string "http://munki.macadmin.me/munki_repo"- HelpURL -string "http://macsysadmin.se/2015/Friday.html"
** Note: here we loop over the 'with_items:’ list, inserted at {{item}} position
command
![Page 46: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/46.jpg)
#1
#0
#2
![Page 47: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/47.jpg)
Package managers for individual linux distributions
tasks: - name: Install with apt for on Debian based OSapt: name=apache2 state=latestwhen: ansible_os_family == 'Debian'
- name: Install with yum on CentOS distributionyum: name=httpd state=latestwhen: ansible_distribution == "CentOS"
- name: Install with dnf package manager for Fedora 22dnf: name=httpd state=latestwhen: ansible_distribution == "Fedora"
apt / yum /dnf
![Page 48: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/48.jpg)
pipManages Python library dependencies
tasks: - name: Install requests 2.7 HTTP library pip: name=requests version=2.7 virtualenv=/my_app/venv
![Page 49: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/49.jpg)
mysql_db + mysql_userAdd or remove MySQL databases + users
tasks: - name: Create a database for JSS mysql_db: name="jamfsoftware" state=present
- name: Create a user for our databases mysql_user: name="jamfsoftware" password=jamfsw03 \ priv=*.*:ALL state=present
** here we create a database and set user access
![Page 50: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/50.jpg)
mysql_dbRestore a MySQL database
tasks: - name: Copy over the JSS dump file copy: src=jss_dump.sql.bz2 dest=/tmp - name: Restore jss dump back into mysql_db mysql_db: name="jamfsoftware" state=import \ target=/tmp/jss_dump.sql.bz2
** here we load a DB dump back into mysql
![Page 51: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/51.jpg)
OS X defaults command module
tasks: - name: Enable Safari Debug Menu in OS X.osx_defaults: domain=com.apple.Safari key=IncludeInternalDebugMenu \ type=bool state=present
** Note: Apple OS X caches defaults. You may need to logout and login to apply the changes.
defaults
NewAnsible 2.0
![Page 52: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/52.jpg)
mac_pkgExecutes installer or copy the bare .app from DMG or zip archive
vars: - osquery_vers: 1.5.2 tasks: - name: install osquerymac_pkg: pkg_name=osquery-{{osquery_vers}} url=https://osquery-packages.s3.amazonaws.com/darwin/osquery-\ {{osquery_vers}}.pkg archive_path='osquery-{{osquery_vers}}.pkg' state=present
** Note: this is a custom written Module ** http://spencer.gibb.us/blog/2014/02/03/introducing-battleschool/ Custom
module
![Page 53: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/53.jpg)
#1
#2
#3
#4
#5
#6
#0
![Page 54: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/54.jpg)
Docker
![Page 55: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/55.jpg)
Keep your Docker setup minimal Automate everything possible
Consider complexity
Check if you really need to run Kubernertes, etcd2….
Thoughts on Docker
![Page 56: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/56.jpg)
three main scenarios:
Use docker & docker_image modules * Build & run Docker with the shell module
Running a playbook inside a container
Ansible and Docker
![Page 57: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/57.jpg)
Ansible dockerManage docker containers - with shell module
tasks: - shell: docker pull grahamgilbert/postgres- name: run postgres-sal in docker container shell: > docker run -d --name="postgres-sal" \ -v /db:/var/lib/postgresql/data \ -e DB_NAME=sal \ -e DB_USER=admin \ -e DB_PASS=password \ --restart="always" \ grahamgilbert/postgres
![Page 58: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/58.jpg)
Ansible dockerManage docker containers - with shell module
# tasks: continued…- name: run sal 2.0.1 in docker container shell: > docker run -d --name="sal" \ -p 80:8000 \ --link postgres-sal:db \ -e ADMIN_PASS=pass \ -e DB_NAME=sal \ -e DB_USER=admin \ -e DB_PASS=password \ --restart="always" \ macadmins/sal:2.0.1
![Page 59: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/59.jpg)
Demo
![Page 60: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/60.jpg)
Documentation
![Page 61: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/61.jpg)
ansible-doc
/usr/local/bin/ansible-doc <module_name>
![Page 63: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/63.jpg)
Roles & Galaxy
![Page 64: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/64.jpg)
Roles
![Page 65: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/65.jpg)
Organize tasks into groups Call them by name
Run related tasks as a package Apply variations of Roles to single
machine or group of servers
Roles
![Page 66: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/66.jpg)
# Second run - deploy app- setup & harden the server- install web server - install smb sharing - setup munki_repo
1 2 3 4 5 6 7 8 9 10 11 12 13 14
--- - hosts: munki_serverroles:- init
--- - hosts: munki_servervars: - htpasswd_var=passW0rd
- roles:- common- nginx- samba- munkihost
# First run - init / prepare- create a user- enable ssh-key login
Playbook + Roles
![Page 67: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/67.jpg)
# Second run - deploy app - setup & harden the server - update web server - install smb sharing- setup munki_repo
1 2 3 4 5 6 7 8 9 10 11 12 13 14
--- - hosts: munki_serverroles:- init
--- - hosts: munki_servervars: - htpasswd_var=NEwPASS%H3Re
- roles:- common- nginx- samba- munkihost
# First run - init / prepare -create a user - enable ssh-key login
Playbook + Roles
idempotency applies here
![Page 68: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/68.jpg)
1 2 3 4 5 6 7 8 9 10 11 12 13
├── group_vars │ └── all ├── host_vars │ └── munki.macadmin.me ├── Playbook.yml ├── roles ├── init ├── common ├── nginx ├── samba ├── munkihost └── tasks └── main.yml
Playbook + Roles + Vars
# Group variable file for all hosts
# FQDN specific variable file
![Page 69: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/69.jpg)
Group variable files for all hosts (all, debian, redhat) Hostname/FQDN specific variable files for specific hosts
# First run - init / prepare a system machine(s) you want to perform operations variables for that play / include vars filecall the roles you want to perform on the host(s)# Second run - deploy an applicationmachine(s) you want to perform operationsvariables for that play / include vars file call the roles you want to perform on the host(s)
group_vars:host_vars: --- hosts: vars:roles:--- hosts: vars:roles:
Playbook & Roles
![Page 70: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/70.jpg)
Repository of existing Roles install common roles, reuse and learn
share your own roles with the community
Ansible Galaxyhttps://galaxy.ansible.com
![Page 71: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/71.jpg)
Repository of existing Roles Install common roles, reuse and learn
Share your own roles with the community
Ansible Galaxyhttps://galaxy.ansible.com
![Page 72: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/72.jpg)
Ansible 2.0
expecte
d
late 2015
![Page 73: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/73.jpg)
Refactored code base Improved vars handling
Dynamic includes during execution Blocks on execution
Improved exception handling
What’s new in 2.0?
![Page 74: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/74.jpg)
Blocks1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
tasks: - block: - name: Shell script to connect the app to a monitoring service. docker: name: postgres-sal image: grahamgilbert/postgres state: restarted rescue: - shell: docker pull grahamgilbert/postgres - name: run postgres-sal in docker container shell: docker run -d --name="postgres-sal" \ (continued..) always: - docker: name: sal image: macadmins/sal:2.0.1 state: absent - name: run sal 2.0.1 in docker container shell: docker run -d --name="sal" -p 80:8000 \ (continued..)
![Page 75: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/75.jpg)
Wrap up
![Page 76: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/76.jpg)
Know-how to use Terminal Basic knowledge in scripting Know-how to handle ssh-keys
Capability to read a book and/or the great written Ansible documentation
What you’ll need to start
![Page 77: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/77.jpg)
BASH based: http://waffles.terrarum.net Python based: http://saltstack.com
Ruby based: https://www.chef.io/chef/ https://puppetlabs.com
Alternative CfgMgmt Tools
![Page 78: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/78.jpg)
Install Ansible, try out a tutorial:http://docs.ansible.com
http://www.ansible.com/get-started
Handout for this talk:github.com/apfelwerk/macsysadmin2015
How to learn Ansible
![Page 79: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/79.jpg)
Books
![Page 80: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/80.jpg)
Recommended eBook
Ansible for DevOps by Jeff Geerling @geerlingguy
http://goo.gl/A2mubA
![Page 81: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/81.jpg)
thank you!
![Page 82: Henry Stamerjohann - MacSysAdmindocs.macsysadmin.se › 2015 › pdf › Day4Session1.pdf · ansible -i —m -a -s](https://reader033.vdocuments.net/reader033/viewer/2022060407/5f0fb7337e708231d44587cd/html5/thumbnails/82.jpg)
Feature image: “Hamburg Harbor” by Jasmin Bauomy is licensed under CC BY-SA 2.0.
sources
https://cdn1.iconfinder.com/data/icons/database-3/96/Big-Data-512.png
http://www.orangefreesounds.com/old-clock-ringing-short/