→ Slide 1

Muhammad Moinur Rahman <moin(at)bofh(dot)im>

→ Slide 2
  • Introduction
  • Installing & configuration
  • Playbooks
  • Variables
  • Roles
  • Ansible galaxy
  • Configuration management tool
  • Add hoc usage
→ Slide 3
  • Demos, Exercises
    • Demos, Exercises There is a lot time for demos & exercises
    • Based on CentOS 7
  • Questions
    • Are welcome during the lecture
→ Slide 4
  • A configuration management tool
    • Automatic deployment of system configurations
    • Maintain configuration during live cycle
    • Uses a dsl to specify the desired state
  • Comparable with
    • Puppet, Cfengine, chef, …
→ Slide 5
  • Uses “ssh” for connection
    • No client software needed
      • Sshd
      • Sudo
      • python
  • No master!
    • No default running components
      • Ssh
      • python
      • Crontab + authorized account
  • Dsl is in yaml
  • Written in python
→ Slide 6
NameLanguageLicenseAgent-lessFirst release
AnsiblePythonGPLYes2012-03-08
ChefRuby, ErlangApacheYes2009-01-15
CFEngineCGPL, COSLNo1993
PuppetRubyApacheNo2005-08-30
→ Slide 7
↓ Slide 8

Ansible “master” (CentOS 7)

  • Activate epel
wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
yum install epel-release-latest-7.noarch.rpm
  • Install ansible
yum install ansible
  • Version: 1.9.2
↓ Slide 9

Master configuration

  • Configuration files
    • /etc/ansible/ansible.cfg
      • Settings of ansible
        • Defaults work!
      • User version of the file
        • ~/.ansible.cfg
    • /etc/ansible/hosts
      • List of ansible clients
        • Group membership
        • Connection information
      • You need to configure your clients
↓ Slide 10

Ansible host file

  • List of groups
    • Ini format file
    • List of hosts in the group
      • Hosts can be member of more then one group
      • Extra information per hosts is possible
        • Ssh port
        • connection information
        • variables
    • Groups of groups is possible
↓ Slide 11

Host file example

localhost
misc.bofh.network

[db]
db-pri.bofh.network
db-sla.bofh.network

[web]
web*.bofh.network
↓ Slide 12

Client requirements

  • Software:
    • Ssh server
    • Sudo
    • python
  • Privileges:
    • Login with ssh
    • Any sudo command
↓ Slide 13

The client (CentOS 7)

  • Add the client to ansible host file
  • Login with ssh (with keys)
    • Ssh-copy-id
    • It's possible to use ansible with ssh passwords
  • Make sure that sudo works for all commands
    • <user> ALL=(ALL) ALL
    • Sudo without tty is preferred
    • Without passwords
      • Or supply sudo password through ansible
↓ Slide 14

Test the client

  • ansible <client> -m ping
    •  $ ansible pri -m ping
       pri | success >> {
       "changed": false,
       "ping": "pong
       }
  • ansible <client> -m raw -s -a “id” 
    • $ ansible pri -m raw -s -a id
      pri | success | rc=0 >>
      uid=0(root) gid=0(root) groups=0(root)
→ Slide 15
↓ Slide 16

Recipe to install and/or configure software

  • Written in yaml
  • Contains
    • options how to install
      • Host list
      • User for the installation
    • Program logic
      • Variables
      • Conditionals
      • Loops
    • Include statements
    • Calls to ansible modules
  • Description of the desired state
→ Slide 17
→ Slide 18
  • A format to serialize data
    • A yaml file start with “—”
      • One “os file” can contain multiple yaml files
    • Can contains hashes:
      • key: value
    • Can contain arrays
      • Each elemement start with a “-”
    • It's possible to nest data structures
      • Indention is used to specify nesting
↓ Slide 19

yaml example

  Person:
    Name: Bastard Operator from Hell
    Games:
     Renegade
     Tiberian Sun
    Name: ...
↓ Slide 20

yaml & ansible

hosts: localhost
become: no
tasks:
  name: Ansible hello world
  debug:
    msg=”Hello world”
↓ Slide 21

variables

- vars:
  name: BOFH
  comment: B Operator from Hell
- name: Create a user
  comment={{ comment }}
  name={{ name }}
  …
↓ Slide 22

Conditionals

- name: install apache on redhat
  yum:
    name: http
    state: installed
  when: ansible_os_family == 'RedHat'
- name: install apache on Debian
  apt:
    name: apache2
    state: installed
  when: ansible_os_family == 'Debian'
↓ Slide 23

Loops

↓ Slide 24

with_items

  • vars:
    • pkg:
      • httpd
      • php
  • name: Install package list
    yum: name=”{{ item }}” state=present
    with_items: “{{vars}}”
↓ Slide 25

with_dict (definitie)

vars:
  users:
    bofh:
      uid: 1000
      comment: “B Operator from Hell”
    darth:
      uid: 1001
      Comment: “Darth Vader"
↓ Slide 26

with_dict (code)

- name: Add users
user:
     name=item.key
     comment=item.value.comment
     uid=item.value.uid
with_dict: "{users}"
→ Slide 27
↓ Slide 28

sources

  • Source of variables
    • Facts
      • Running os
    • Registered variables
      • Values from earlier tasks
    • Host declaration
      • Inventory file
      • host_vars
      • group_vars
    • From code
      • Default values
      • Standard values from code
↓ Slide 29

facts (setup)

ansible pri -m setup
  • Gives a list of facts of the system
    • ansible_distribution
    • ansible_os_family
    • ansible_processor
  • These values can be used in playbooks
    • See “Playbooks conditionals”
↓ Slide 30

facts (setup)

pri | success >> {
  "ansible_facts": {
    "ansible_all_ipv4_addresses": [
    "192.168.104.193"
  ], 
...
  "ansible_architecture": "x86_64", 
  "ansible_bios_date": "04/01/2014", 
...
  "ansible_distribution": "CentOS", 
  "ansible_distribution_major_version": "7", 
...
↓ Slide 31

registered variables

  • register: <name>
    • Store results of command in a variable
      • This is a data structure!
      • <name>.rc: Return code
      • <name>.stdout: Standard out
    • Use this result in later tasks
      • Debug: var=<name>
↓ Slide 32

host_vars, group_vars

  • host_vars/<hostname>.yaml
    • Variables for a specific host
  • group_vars/<group name>.yaml
    • Variables for a specific group
  • Just a yaml file with a data structure:
  • var: value
→ Slide 33
↓ Slide 34

set of files to implement one function

  • Set of files to implement one function
    • Installing a apache server
    • Contains
      • Tasks to install en configure the server
      • Variables needed for the installation
        • Package names for RedHat or Debian
      • Default settings
        • Port 80
  • There is a library with roles!!
    • First search before writing.
↓ Slide 35

Layout

  • README.md: Documentation of the module
  • tasks: Task list for installation/configuration
  • handlers: Task list for events
  • defaults: Default values variables
  • vars: Variables needed for install
  • files: File store
  • templates: Template store
  • meta: Package information
↓ Slide 36

Template role

  • ansible-galaxy init <user>.<rolename>
    • Creates the default directory setup
    • Just fill in the details
↓ Slide 37

README.md

  • Documentation of the module
    • Standard github markup
    • Contains:
      • Requirements
      • Used variables
      • Dependencies
      • Example Playbook
      • License
↓ Slide 38

tasks

  • Contains:
    • main.yml
    • May include:
    • Contains tasks for install en configuration.
      • Notify command for handlers
      • Service reload
↓ Slide 39

defaults

  • main.yml
    • Contains default values for variables
    • Overrule with:
      • host_vars
      • group_vars
      • code
↓ Slide 40

vars

  • Defaults for various platforms
    • RedHat.yml
      • apache_pkg: httpd
      • apache_config_dir: /etc/httpd/conf.d
    • Debian.yml
      • apache_pkg: apache2
      • apache_config_dir: /etc/apache2
→ Slide 41
  • Distribute our content “index.html”
    • Uses vars for RedHat and Debian
      • In the correct directory
      • Under the correct user
  • Create the module
    • mkdir roles
    • cd roles
    • ansible-galaxy init mydemocontent
↓ Slide 42

democontent/tasks/main.yml

# tasks file for mydemocontent
- name: Include os dependend config
include_vars: "{{ ansible_os_family }}.yml"
- name: Copy our content
copy:
  src=index.html
  dest="{{ docroot }}"
  owner="{{ docowner }}"
↓ Slide 43

democontent/vars/RedHat.yml

docroot: /var/www/html
docowner: apache
↓ Slide 44

Roles Example

index.html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 
<html xmlns="http://www.w3.org/1999/xhtml">
 
<head>
  <meta name="generator" content="HTML Tidy for Linux, see www.w3.org" />
  <title>Demo</title>
</head>
 
<body>
  <h1>Demo</h1>
  <p>Demo file placed by ansible</p>
</body>
</html>
→ Slide 45
↓ Slide 46

library

↓ Slide 47

Installing a role

  • Search the website
    • bofh.firewalld
  • Install the role
    • Ansible-galaxy install bofh.firewalld
      • Default install in /etc/ansible/roles
      • Use the “-p <dir>” for other locations
↓ Slide 48

adding your role

  • Create the code
  • Add it to github
  • Login in galaxy with your github account
  • Register your git project on galaxy
→ Slide 49
↓ Slide 50

Putting everything together

  • site.yml: Includes all code for the site:
    • webservers.yml: Code for webservers
      • Include the correct roles
  • roles
  • host_vars
  • groups_vars
↓ Slide 51

site.yml

  • - include: web.yml
  • - include: centos7.yml
↓ Slide 52

web.yml

  hosts: web
  become: yes
  become_user: root
  roles:
    - geerlingguy.apache
    - bofh.firewalld
    - democontent
 
↓ Slide 53

Running the code

  • ansible-playbook site.yml
    • When users want
    • Through crontab by a dedicated user
→ Slide 54
↓ Slide 55

The Reality

  • Many different systems without central configuration management
    • Everything will be better after we rebuild everything
    • It's to cumbersome to implement central configuration management on old systems
  • You are just hired to do one project
  • But still we need more control now!!
↓ Slide 56

What if you just want to do one task

  • Just one task
    • Add the same users on 200 systems
    • Update security settings
    • Upgrade a application
  • It's possible
    • You don't need to set up anything on the client
    • Just one ansible server
      • And that could be your laptop!
    • A inventory
    • One small playbook
→ Slide 57

http://docs.ansible.com/

→ Slide 58
  • sanog30/track2agenda/ansible.txt
  • Last modified: 2017/07/16 21:39
  • by moin