Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Ansible - A 'crowd' introduction

522 visualizaciones

Publicado el

From Ansible's website: "Ansible is a radically simple IT automation engine that automates cloud provisioning, configuration management, application deployment, intra-service orchestration, and many other IT needs."

This introduction is based on ansible official docs, capturing most important information to make it easy to understand Ansible main concepts.

Publicado en: Tecnología
  • Sé el primero en comentar

Ansible - A 'crowd' introduction

  1. 1. SOFTWARE CRAFTSMANSHIP TOLEDO A “crowd” introduction
  2. 2. SOFTWARE CRAFTSMANSHIP TOLEDO Software Craftsmanship Toledo • Pasión por la ingeniería software y el desarrollo de software en la comunidad de Castilla-La Mancha. • Clara vocación por aprender, fomentar y compartir las metodologías ágiles en la región. • Grupo totalmente abierto: http://www.meetup.com/es/ Software-Craftsmanship-Toledo-ES • Miembros profesionales y/o apasionados del desarrollo software. • Tenemos un canal de Slack… Apúntante!
  3. 3. SOFTWARE CRAFTSMANSHIP TOLEDO Meet me • Manuel de la Peña • @mdelapenya • Support > Engineering > Testing > IT … at Liferay, Inc. • DEVOPS?
  4. 4. Meet the team
  5. 5. Meet our server room
  6. 6. OK, THIS server room
  7. 7. SOFTWARE CRAFTSMANSHIP TOLEDO This was my first day at work…
  8. 8. moss@itcrowd1:~$ ssh root@server1 password: root@server1:~$ apt-get update root@server1:~$ apt-get install apache2 root@server1:~$ apt-get install htop root@server1:~$ vi /etc/fstab root@server1:~$ mount /mnt/devops root@server1:~$ exit moss@itcrowd1:~$ server2, server3, server4, server5 … server30 buzz, scar, ariel, mickey, mulan … goofie ares, odin, hera, atenea, loki … melkart logan, natasha, clark, peter, bruceW … bruceB And all these following servers too:
  9. 9. WTF
  10. 10. Every task, every day.
  11. 11. SOFTWARE CRAFTSMANSHIP TOLEDO Why don’t you automate THIS? Why don’t you automate THIS?
  12. 12. Automate server management???
  13. 13. SOFTWARE CRAFTSMANSHIP TOLEDO AUTOMATION FOR EVERYONE Deploy apps. Manage systems. Crush complexity. Ansible helps you build a strong foundation for DevOps.
  14. 14. SOFTWARE CRAFTSMANSHIP TOLEDO How it works • It uses a very simple language (YAML, in the form of Ansible Playbooks) • Plain English! • By default manages machines over the SSH protocol. • It uses no agents and no additional custom security infrastructure.
  15. 15. SOFTWARE CRAFTSMANSHIP TOLEDO SSH Keys • SSH keys with ssh-agent are recommended. • Root logins are not required, you can login as any user, and then su or sudo to any user.
  16. 16. SOFTWARE CRAFTSMANSHIP TOLEDO Installation • No database, and no running daemons! • Install it on only one machine (a laptop?) as central point. • It does not leave software installed or running on remote machines —> upgrades super easy :D
  17. 17. SOFTWARE CRAFTSMANSHIP TOLEDO Control Machine • “Any” machine with Python 2.6 or 2.7 installed. • This includes Red Hat, Debian, CentOS, OS X, any of the BSDs, and so on. • Windows isn’t supported for the control machine.
  18. 18. SOFTWARE CRAFTSMANSHIP TOLEDO Managed Nodes • You need a way to communicate, normally ssh. • SSH uses sftp. If not available, switch to scp. • Python 2.4 or later. (If Python < 2.5 also need python-simplejson)
  19. 19. SOFTWARE CRAFTSMANSHIP TOLEDO Remote connection • Native OpenSSH for remote communication when possible. • If OpenSSH is too old in control machine (Enterprise Linux 6 OS)—> Fallback to Paramiko: a Python implementation. • SSH keys are encouraged but password authentication can also be used (--ask-pass).
  20. 20. SOFTWARE CRAFTSMANSHIP TOLEDO sudo
  21. 21. Ansible Inventory
  22. 22. SOFTWARE CRAFTSMANSHIP TOLEDO Inventory • What machines/hosts you are managing using a very simple INI file. • Managed machines/hosts in groups of your own choosing. • Define variables by scope.
  23. 23. Groups
  24. 24. SOFTWARE CRAFTSMANSHIP TOLEDO Inventory variables • Host variables • Group variables • Advanced variables
  25. 25. SOFTWARE CRAFTSMANSHIP TOLEDO Inventory: Host vars
  26. 26. SOFTWARE CRAFTSMANSHIP TOLEDO Inventory: Group vars
  27. 27. SOFTWARE CRAFTSMANSHIP TOLEDO Inventory: Advanced vars Affects to groups Specific group of servers Arbitrary criterium
  28. 28. SOFTWARE CRAFTSMANSHIP TOLEDO Host matching: Patterns • all • * • 192.168.1.*, *.example.com • OR —> webservers:dbservers • AND —> webservers:&staging
  29. 29. SOFTWARE CRAFTSMANSHIP TOLEDO Host matching: Patterns • Exclusions —> webservers:!phoenix • Combinations —> webservers:dbservers:&staging:!phoenix • Host selection —> webservers[0], webservers[0:1], webservers[1:] • Regexp —> ~(web|db).*example.com
  30. 30. SOFTWARE CRAFTSMANSHIP TOLEDO Host matching: Limit
  31. 31. SOFTWARE CRAFTSMANSHIP TOLEDO Ansible Modules
  32. 32. SOFTWARE CRAFTSMANSHIP TOLEDO Ansible modules • copy • file • yum • user • service • git • apache • apt • azure • bower • cron • mysql_db • npm • puppet • django • ec2 And many more!
  33. 33. SOFTWARE CRAFTSMANSHIP TOLEDO Modules
  34. 34. SOFTWARE CRAFTSMANSHIP TOLEDO git module
  35. 35. SOFTWARE CRAFTSMANSHIP TOLEDO Ad-hoc commands Fork 10 parallel threads
  36. 36. SOFTWARE CRAFTSMANSHIP TOLEDO Ansible Variables
  37. 37. SOFTWARE CRAFTSMANSHIP TOLEDO Variables • Should be letters, numbers, and underscores. • Variables should always start with a letter. • YAML also supports dictionaries which map keys to values. • There are reserved Python-related keywords.
  38. 38. SOFTWARE CRAFTSMANSHIP TOLEDO Variables • Defined in Inventory. • Defined in Playbooks. • Defined in includes. • Defined in Roles.
  39. 39. SOFTWARE CRAFTSMANSHIP TOLEDO Variables: Jinja2 • Jinja2 —> Template system • How to use a variable? —> {{ variable_name }} • Safer —> “{{ variable_name }}”
  40. 40. SOFTWARE CRAFTSMANSHIP TOLEDO Variables: register • Run a command and save its result into a variable.
  41. 41. SOFTWARE CRAFTSMANSHIP TOLEDO Variables: external • Private information?? Hide them in variables! • In a task list —> vars_files: /opt/private/my_vars.yml
  42. 42. SOFTWARE CRAFTSMANSHIP TOLEDO Variables: command • Directly pass variables to command line: • --extra-vars “version=1.3 my_var=foo” • --extra-vars ‘{"pacman":"mrs","ghosts": ["inky","pinky","clyde","sue"]}' • --extra-vars "@some_file.json"
  43. 43. SOFTWARE CRAFTSMANSHIP TOLEDO Variables: precedence • role defaults < inventory vars < inventory group_vars < inventory host_vars < playbook group_vars < playbook host_vars < host facts < registered vars < set_facts < play vars < play vars_prompt < play vars_files < role and include vars < block vars (only for tasks in block) < task vars (only for the task) < extra vars
  44. 44. SOFTWARE CRAFTSMANSHIP TOLEDO Ansible Playbooks
  45. 45. SOFTWARE CRAFTSMANSHIP TOLEDO Playbooks • Orchestrate steps/tasks of any manual ordered process. • Executed a/synchronously. • YAML format. • Minimum syntax —> not a language but a model.
  46. 46. SOFTWARE CRAFTSMANSHIP TOLEDO Playbooks: Tasks • Should have a name: included in output and readable by humans. • Accept variables: template: src=somefile.j2 dest=/etc/ httpd/conf.d/{{ vhost }}
  47. 47. SOFTWARE CRAFTSMANSHIP TOLEDO Playbooks: Tasks lists • Each play contains a list of tasks. • Tasks are executed in order, one at a time, against all machines matched by the host pattern. • Important! Same task directives to all hosts. • Tasks goal? execute a module, with arguments. • Modules are idempotent.
  48. 48. SOFTWARE CRAFTSMANSHIP TOLEDO Playbooks:Hosts&Users • For each play, choose machines to target and remote user to complete the steps/tasks as. • Define remote users per task. • Use sudo on a particular task instead of the whole play.
  49. 49. SOFTWARE CRAFTSMANSHIP TOLEDO Playbooks: Handlers • Playbooks respond to change. • Can notify at the end of each block of tasks. • Triggered only once, even if notified by multiple tasks. • Best used to restart services and trigger reboots.
  50. 50. SOFTWARE CRAFTSMANSHIP TOLEDO ansible-playbook playbook.yml
  51. 51. SOFTWARE CRAFTSMANSHIP TOLEDO Ansible Roles
  52. 52. SOFTWARE CRAFTSMANSHIP TOLEDO Roles • Reuse playbooks. • Combine files to form clean, reusable abstractions. • Grouping allows easy sharing of roles with other users. • include directive —> Include files.
  53. 53. SOFTWARE CRAFTSMANSHIP TOLEDO Roles: structure • Automatically loads certain vars_files, tasks, and handlers based on a known file structure. • Where is the magic? Improvements to search paths for referenced files.
  54. 54. SOFTWARE CRAFTSMANSHIP TOLEDO ‘common’ role structure ‘webservers’ role structure
  55. 55. SOFTWARE CRAFTSMANSHIP TOLEDO Roles: main.yml • roles/x/tasks/main.yml —> Add tasks to the play. • roles/x/handlers/main.yml —> Add handlers to the play. • roles/x/vars/main.yml —> Add variables to the play. • roles/x/meta/main.yml —>, Add roles as dependency (1.3 and later).
  56. 56. SOFTWARE CRAFTSMANSHIP TOLEDO Roles: paths • Any copy, script, template or include tasks (in the role) can reference files in roles/x/{files,templates,tasks}/ without having to path them relatively or absolutely
  57. 57. SOFTWARE CRAFTSMANSHIP TOLEDO Roles:parameters
  58. 58. SOFTWARE CRAFTSMANSHIP TOLEDO Roles:defaults • Add a defaults/main.yml file in your role directory. • Set default variables for included or dependent roles. • Lowest priority of any variables available, so they are easily overridden, including inventory variables!
  59. 59. SOFTWARE CRAFTSMANSHIP TOLEDO Roles:dependencies • A list of roles and parameters to insert and execute before the specified role. • Automatically pull in other roles. • meta/main.yml within the role. • Executed recursively.
  60. 60. SOFTWARE CRAFTSMANSHIP TOLEDO Roles:dependencies
  61. 61. SOFTWARE CRAFTSMANSHIP TOLEDO https://galaxy.ansible.com Where can I find ready to use Roles? Ansible Galaxy
  62. 62. SOFTWARE CRAFTSMANSHIP TOLEDO https://github.com/ansible/ansible- examples/tree/master/lamp_haproxy Ansible Real Example (1)
  63. 63. SOFTWARE CRAFTSMANSHIP TOLEDO Ansible Real Example (2): LELK
  64. 64. SOFTWARE CRAFTSMANSHIP TOLEDO LELK • Liferay Portal • Elasticsearch • Logstash • Kibana • generate • index • process • display
  65. 65. SOFTWARE CRAFTSMANSHIP TOLEDO Liferay + Tomcat Liferay + Tomcat Liferay + Tomcat Liferay + Tomcat LELK
  66. 66. SOFTWARE CRAFTSMANSHIP TOLEDO
  67. 67. SOFTWARE CRAFTSMANSHIP TOLEDO LELK: Roles • Server —> ElasticSearch + Logstash + Kibana • Clients -> Liferay Deployment
  68. 68. SOFTWARE CRAFTSMANSHIP TOLEDO Role: liferay-deployment • Ansible Role: liferay-users (add liferay user with UID=1000) • Ansible Role: liferay-os-tools (vim, htop, curl, rsync, tree, zip) • Ansible Role: liferay-dev-tools (java) • Ansible Role: liferay-logstash-forwarder
  69. 69. SOFTWARE CRAFTSMANSHIP TOLEDO Role: logstash-forwarder • Copy SSL certificate • Copy init.d startup • Copy logstash-forwarder configuration logstash-forwarder.conf.j2
  70. 70. SOFTWARE CRAFTSMANSHIP TOLEDO Role: logstash-forwarder
  71. 71. SOFTWARE CRAFTSMANSHIP TOLEDO Role: elastic-search-server • Install Logstash • Install ElasticSearch • Install Kibana • Install Nginx
  72. 72. SOFTWARE CRAFTSMANSHIP TOLEDO Role: elastic-search-server logstash-input.conf.j2 logstash-output.conf.j2
  73. 73. SOFTWARE CRAFTSMANSHIP TOLEDO LELK Next?? • Applied logstash-forwarder role to more machines, setting log_paths and tags variable to the desired file. • Add more client types —> Apache Server, Firewall
  74. 74. SOFTWARE CRAFTSMANSHIP TOLEDO With tests!!!
  75. 75. SOFTWARE CRAFTSMANSHIP TOLEDO
  76. 76. SOFTWARE CRAFTSMANSHIP TOLEDO Recap • Server are hard to maintain up-to-date • Automation over infrastructure • Infrastructure as code • Ansible Inventory & Modules • Variables & template system • Playbooks & Roles & Galaxy
  77. 77. SOFTWARE CRAFTSMANSHIP TOLEDO What about using GIT to version Inventory and Roles??
  78. 78. Meet OUR server room
  79. 79. Thanks!

×