Ansible 202

(because i hate odd numbers)

$whoami

● DevOps Engineer @ Jampp

● Whisky enthusiast

● Amateur golfer

● Nardoz’s newbie

@sebamontini

What is Ansible?

Ansible is a very simple (yet powerful) automation engine.

● Simple: Ansible uses a clear (readable) YAML sintax.

● Fast: easy to learn, easy to setup.

● Efficient: No agent on you servers.

● Secure: No open ports on your firewalls (SSH).

@sebamontini

Glosary

Inventory: Lists of Hosts, Variables and Groups.

Modules: The units of work that Ansible ships out to remote hosts.

Facts: Things that are discovered about remote nodes.

Playbooks: List of plays (mapping of hosts and tasks).

Tasks: set of actions (module+args) to be executed.

@sebamontini

Tags

@sebamontini

---tasks: - yum: name={{ item }} state=installed with_items: - httpd - memcached tags: - packages

- template: src=templates/src.j2 dest=/etc/foo.conf tags: - config

- deploy

$ansible-playbook myapp.yml --tags config,deploy

Roles

@sebamontini

roles/

myRole/ # this hierarchy represents a "role"

tasks/ #

main.yml # <-- tasks file can include smaller files if warranted

handlers/ #

main.yml # <-- handlers file

templates/ # <-- files for use with the template resource

ntp.conf.j2 # <------- templates end in .j2

files/ #

bar.txt # <-- files for use with the copy resource

foo.sh # <-- script files for use with the script resource

vars/ #

main.yml # <-- variables associated with this role

defaults/ #

main.yml # <-- default lower priority variables for this role

meta/ #

main.yml # <-- role dependencies

Ansible Galaxy

@sebamontini

$ansible-galaxy install -r requirements.yml---- src: torian.python name: python path: roles-galaxy/ version: 1.0.0

- src: bennojoy.memcached name: memcached path: roles-galaxy

- src: https://github.com/torian/ansible-role-phantomjs name: phantomjs path: roles-galaxy/

ansible.cfg

[defaults]

inventory = inventory/ec2.py

roles_path = roles:roles-galaxy

retry_files_enabled = True

retry_files_save_path = .ansible-retry

$ansible-playbook <playbook.yml> -l @<playbook>.retry

@sebamontini

ansible-vault

Vault is a feature of ansible that allows keeping sensitive data such as passwords or keys in encrypted files.

roles/aliens

├── tasks

│ └── main.yml

└── vars

└── spoilers.yml

$ ansible-playbook playbooks/movies.yml --vault-password-file ~/.vault_pass.txt

@sebamontini

---

- include_vars: spoilers.yml

- name: Put the spoiler in the tmp directory.

copy:

content="{{spoiler_text}}"

dest=/tmp/spoiler_text.txt

$ ansible-vault encrypt roles/aliens/vars/spoilers.yml --vault-password-file ~/.vault_pass.txt

$cat playbooks/movies.yml

---- hosts: all roles: - { role: aliens }

We’re hiring !

http://jampp.com/jobs.php

@sebamontini

Thankssebastian@jampp.com

@sebamontini

github.com/sebamontini