Quick-Start

Your Instructor:

Tim Gerla
tim@ansibleworks.com
Twitter: @Tybstar
Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 Questions during the
presentation?

Join the #ansible IRC channel on FreeNode:

http://webchat.freenode.net/

Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 What is Ansible?

• Orchestration
• Software Deployment
• Configuration Management

Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 How is it different?
• No custom PKI–SSH-based
• Agentless architecture
• Configuration as data, not code
• Batteries-included
• Full configuration management,
orchestration, and deployment

Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 Quick-Start Outline
• Ansible Basics
• Host Inventory
• Playbooks
• Modules
• Variables
• Full Example Walkthrough
Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 An Example
---
- name: install and start apache
hosts: all
user: root

tasks:

- name: install httpd

yum: name=httpd state=present

- name: start httpd

service: name=httpd state=running

Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 Ansible Architecture

Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 Install and Configure
• Your choice:
• From Git (recommended for the
examples in this presentation)
• From Packages
• From PIP
http://ansible.cc/docs/gettingstarted.html

Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 Demo

• Ad-Hoc command example

• Basic playbook example

Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 Host Inventory: Basics
[web]
webserver-1.example.com
webserver-2.example.com

[db]
dbserver-1.example.com

Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 Host Inventory: Ranges
[web]
webserver-[01:25].example.com

[db]
dbserver-[a:f].example.com

Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 Host Inventory: More
• Non-standard SSH ports:
webserver.example.com:2222

• SSH tunnel:
myhost ansible_ssh_port=5555
ansible_ssh_host=192.168.0.1

Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 Inventory: child groups
[east]
host1
host2

[west]
host3
host4

[us:children]
east
west

Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 Connection Types

• paramiko (Python SSH module)

• ssh
• local
• chroot

Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 Ansible Concepts

• Playbooks
• Plays
• Tasks and handlers
• Modules
• Variables
Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 Playbooks
• Playbooks contain Plays
• Plays contain Tasks
• Tasks call Modules
• Everything is sequentially ordered–strict
dependency ordering. Handlers can be
triggered by tasks, and will run at the end,
once.

Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 Tasks
• A task calls a module and may have
parameters. Ansible has a lot of modules
included, and you can write your own.
tasks:
- name: ensure apache is at the latest version
yum: name=httpd state=latest

- name: write the apache config file

template: src=templates/httpd.j2 dest=/etc/httpd.conf

- name: ensure apache is running

service: name=httpd state=started

Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 Modules
• Ansible is “batteries included”:
add_host fail mysql_user s3
apt fetch nagios script
apt_key file netscaler seboolean
apt_repository fireball ohai selinux
assemble gem openbsd_pkg service
async_status get_url opkg setup
async_wrapper git pacman shell
authorized_key group pause slurp
bzr group_by ping subversion
cloudformation hg pip supervisorctl
command homebrew pkgin svr4pkg
copy ini_file postgresql_db sysctl
cron lineinfile postgresql_user template
debug lvg rabbitmq_parame uri
django_manage lvol ter user
easy_install macports rabbitmq_plugin vagrant
ec2 mail rabbitmq_user virt
ec2_facts mongodb_user rabbitmq_vhost wait_for
ec2_vol mount raw yum
facter mysql_db rhn_channel zfs

Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 Modules, Continued

• Package management: yum, apt

• Remote execution: command, shell
• Service management: service
• File handling: copy, template
• SCM: git, subversion
Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 command and shell
• Execute arbitrary commands on remote
hosts.
- name: turn off selinux
command: /sbin/setenforce 0

- name: ignore return code

shell: /usr/bin/somecommand && /bin/true

• Long lines can wrap:

- name: Copy ansible inventory file to client
copy: src=/etc/ansible/hosts
dest=/etc/ansible/hosts
owner=root group=root mode=0644

Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 copy and template
• Copy a file from Ansible host to managed
host:
- name: copy a file
copy: src=files/ntp.conf dest=/etc/ntp/ntp.conf
owner=root group=root mode=0644

• Evaluate a Jinja2 template:

- name: Copy ansible inventory file to client
template: src=templates/motd
dest=/etc/motd
owner=root group=root mode=0644

Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 apt and yum
• Package management:
- name: install httpd
yum: name=httpd state=present

- name: install httpd

apt: name=httpd=2.0 state=present

• Install a set of packages in one transaction:

- name: install a set of packages
yum: name={{ item }} state=present
with_items:
- httpd
- php
- git
- mysql-client

Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 A Playbook
---
- name: install and start apache
hosts: all
user: root

tasks:

- name: install httpd

yum: name=httpd state=latest

- name: start httpd

service: name=httpd state=running

Playbook Play Tasks

Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 ---
- name: webserver configuration play
hosts: webservers

vars:
http_port: 80
max_clients: 200

tasks:
- name: ensure that apache is installed
yum: name=httpd state=present

- name: write the apache config file

template: src=httpd.j2 dest=/etc/httpd.conf
notify:
- restart apache

- name: ensure apache is running

service: name=httpd state=started

handlers:
- name: restart apache
service: name=httpd state=restarted

Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 ---
- name: webserver configuration play
hosts: webservers
hosts to
target in vars:
this play http_port: 80
max_clients: 200

tasks:
- name: ensure that apache is installed
yum: name=httpd state=present

- name: write the apache config file

template: src=httpd.j2 dest=/etc/httpd.conf
notify:
- restart apache

- name: ensure apache is running

service: name=httpd state=started

handlers:
- name: restart apache
service: name=httpd state=restarted

Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 ---
- name: webserver configuration play
hosts: webservers

vars:
http_port: 80
variables max_clients: 200

tasks:
- name: ensure that apache is installed
yum: name=httpd state=present

- name: write the apache config file

template: src=httpd.j2 dest=/etc/httpd.conf
notify:
- restart apache

- name: ensure apache is running

service: name=httpd state=started

handlers:
- name: restart apache
service: name=httpd state=restarted

Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 ---
- name: webserver configuration play
hosts: webservers

vars:
http_port: 80
max_clients: 200

tasks:
tasks in - name: ensure that apache is installed
this play yum: name=httpd state=present

- name: write the apache config file

template: src=httpd.j2 dest=/etc/httpd.conf
notify:
- restart apache

- name: ensure apache is running

service: name=httpd state=started

handlers:
- name: restart apache
service: name=httpd state=restarted

Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 ---
- name: webserver configuration play
hosts: webservers

vars:
http_port: 80
max_clients: 200

tasks:
- name: ensure that apache is installed
yum: name=httpd state=present
the name
of an
- name: write the apache config file
individual
template: src=httpd.j2 dest=/etc/httpd.conf
task notify:
- restart apache

- name: ensure apache is running

service: name=httpd state=started

handlers:
- name: restart apache
service: name=httpd state=restarted

Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 ---
- name: webserver configuration play
hosts: webservers

vars:
http_port: 80
max_clients: 200

tasks:
- name: ensure that apache is installed
yum: name=httpd state=present
the task’s
action - name: write the apache config file
template: src=httpd.j2 dest=/etc/httpd.conf
notify:
- restart apache

- name: ensure apache is running

service: name=httpd state=started

handlers:
- name: restart apache
service: name=httpd state=restarted

Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 ---
- name: webserver configuration play
hosts: webservers

vars:
http_port: 80
max_clients: 200

tasks:
- name: ensure that apache is installed
yum: name=httpd state=present

- name: write the apache config file

template: src=httpd.j2 dest=/etc/httpd.conf
another
notify:
task
- restart apache

- name: ensure apache is running

service: name=httpd state=started

handlers:
- name: restart apache
service: name=httpd state=restarted

Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 ---
- name: webserver configuration play
hosts: webservers

vars:
http_port: 80
max_clients: 200

tasks:
- name: ensure that apache is installed
yum: name=httpd state=present

- name: write the apache config file

template: src=httpd.j2 dest=/etc/httpd.conf
we call
notify:
the
- restart apache
handler
here - name: ensure apache is running
service: name=httpd state=started

the handlers:
handler - name: restart apache
itself service: name=httpd state=restarted

Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 Playbook Demo

Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 Playbooks Continued

• Variables
• Roles

Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 Variables

• There are several sources for variables:

• Playbooks
• Inventory (group vars, host vars)
• Command line
• Discovered variables (facts)
Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 Variables
• You can use variables in action lines:
---
- hosts: webservers
vars:
vhost: myhost.com

tasks:
- name: create a virtual host file for {{ vhost }}
template: src=vhost.j2 dest=/etc/httpd/conf.d/{{ vhost }}

- name: do something against {{ inventory_hostname }}

command: echo “I’m on {{ inventory_hostname }}”

Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 Facts
• Discovered variables about systems
• Some examples:
"ansible_os_family": "RedHat",
"ansible_distribution": "CentOS",
"ansible_hostname": "webserver1",
"ansible_default_ipv4": {
"address": "172.16.183.141",
"alias": "eth0",
...
}

ansible -m setup hostname

Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 Using Variables
• In a playbook:
tasks:
- name: report this machine’s IP
command: echo “My IP is {{ ansible_default_ipv4.address }}”

• In a template:
This is a template file, evaluated and then sent to the target machine.

This machine’s IP address is {{ ansible_default_ipv4.address }}

Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 ---
# Variables for the HAproxy configuration

# HAProxy supports "http" and "tcp".

mode: http

# Port on which HAProxy should listen

listenport: 8888

# A name for the proxy daemon, this will be the

# suffix in the logs.
daemonname: myapplb

# Balancing algorithm:
balance: roundrobin

# Ethernet interface for haproxy

iface: '{{ ansible_default_ipv4.interface }}'

Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 Playbook Demo

Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 Roles

• Project organizational tool

• Reusable components
• Defined filesystem structure

Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 Roles
webserver/
!"" files
# !"" epel.repo.j2
# %"" RPM-GPG-KEY-EPEL-6
!"" handlers
# %"" main.yml
!"" tasks
# %"" main.yml
%"" templates
%"" httpd.conf.j2

Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 Playbook Demo

• Roles

Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 Rolling Updates

• Serial Keyword

Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 Orchestration Example

The user executes an Ansible

playbook which contains step-by-
step instructions on how to
perform the update.

Playbooks are simple, human-

readable descriptions of IT
workflows.

Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 Orchestration Example

This step updates the app server

tier. The servers are going to be
updated ten at a time, in a rolling
update.

Ansible will talk to the load

balancers to coordinate each
batch. A maintenance window is
also set on the monitoring
system.

Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 Orchestration Example

Now the same thing happens for

the web server tier.

Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 Orchestration Example

Finally, Ansible returns a

summary of tasks performed.

Ansible can be configured to

store data in a wide variety of
data sources, send email reports,
and more. If any errors occurred
during any of the steps, the
administrator will be notified.

Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 A Full Example

• Orchestration of a multi-tier web

application

Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 AnsibleFest!
• Inaugural Ansible users and developers
conference
• Thursday, June 13, Boston, Mass.
• Save 20% off a ticket with code
QUICKSTARTER

http://www.ansibleworks.com/fest/

Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 AnsibleWorks

• Consulting/Training services available

• Beta of AnsibleWorks Suite coming soon!

Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 Next Steps
• Documentation
• Example Playbooks
• IRC
• Mailing List and Newsletter
http://www.ansibleworks.com/

http://ansible.cc/

Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13

 Q&A

Copyright (C) 2013 AnsibleWorks, Inc.

Friday, May 24, 13