Ansible in Operatjon Bruce Becker: Coordinator, SAGrid | - PowerPoint PPT Presentation

Ansible in Operatjon Bruce Becker: Coordinator, SAGrid | bbecker@csir.co.za | http://www.sagrid.ac.za

Learning Goals ● Manage inventory ● Ansible ad-hoc commands ● Write & run Playbooks ● Understanding of variables ● Loops and conditjons Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 2

Inventories ● A list of hosts, groups and aspects of hosts ● Can be dynamic or statjc ● Groups defjned by brackets [ and by name ] ● Describe systems ● Decide what systems you are controlling at what tjmes and for what purpose (roles) ● Groups can be nested with : c h i l d r e n ● Hosts can be in more than one group ● server could be both a webserver and a dbserver. ● variables will come from all of the groups they are a member of Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 3

Statjc Inventories ● Statjc inventory : simplest, most common form l o c a l h o s t ● Add a group l o c a l h o s t [ C e n t O S ] l o c a l h o s t ● Add host variables L o c a l h o s t a n s i b l e _ s s h _ h o s t = 1 2 7 . 0 . 0 . 1 [ C e n t O S ] l o c a l h o s t Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 4

Dynamic Inventories ● Statjc inventories negate the environment of the cloud ● Can use almost data source to generate dynamic inventories Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 5

Lesson 1: Run an empty play 1. g i t i n i t 2. Confjgure an inventory fjle 3. Create at least one group (by OS) 4. Start a playbook 5. Run the empty playbook against all hosts Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 6

Host selectjon ● Host selectjon can be done by incuding or excluding groups and single hosts ● Selectjon can be done by passing : / * ● a l l ● Groups names ● Exclusion ( a ) l l : ! C e n t O S ● Intersectjon ( w ) e b s e r v e r s : & s t a g i n g ● Regex Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 7

Executjng - Tasks ● Ad-Hoc: commands which execute single tasks ● Tasks: leverage an Ansible module, which is executed on the target host ● Modules: ● (Mostly) writuen in Python ● Shipped via SSH to the target host ● Return JSON, interpreted by Ansible for outcome ● Removed once executed Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 8

Executjng - Modules ● Modules are the ”Batueries included” of Ansible ● Core modules provided by Ansible and ”extras” by the community ● Well-documented ● Web : htup:/ /docs.ansible.com/ansible/modules_by_category .html ● CLI : a n s i b l e - d o c - l Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 9

Hands-on session Ansible ad-hoc commands Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 10

Ad-hoc actjons 1. Check facts on all hosts 1 . A n s i b l e a l l - i i n v e n t o r y - m s e t u p 2. Copy a fjle 3. Install nginx and add a user 4. Clone a git repo to a path 5. Ensure that htupd is present and started 6. Background operatjons, with polling Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 11

Orchestratjon ● The true power of ansible comes from abstractjon and orchestratjon, using playbooks ● Playbook is a set of ordered tasks, combined with selected targets ● Playbooks provide ready-made strategies for bringing (groups of) hosts to a desired state Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 12

Roles ● Roles provide a way to encapsulate and re-use code ● Instead of writjng lots of tasks, your playbook can be more readable and understandable to someone else : - h o s t s : d i r a c u s e r : a n s i b l e s u d o : t r u e r o l e s : - b o o t s t r a p - c o m m o n Roles are applied in order - c e r t i f i c a t e s - d i r a c Roles may have dependencies Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 13

Roles and fjlesystem structure ● Roles are usually s i t e . y m l placed in a ”library” in r o l e s / a sub-directory. r o l e 1 / ● Each role has a f i l e s / t e m p l a t e s / standard structure t a s k s / ● Roles can be h a n d l e r s / scafgolded using v a r s / a n s i b l e - g a l a x y m e t a / Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 14

Creatjng new roles with Galaxy ● A new role can be created using a n s i b l e - g a l a x y i n i t < r o l e n a m e > ● Ensure that you create the role in the ”roles” directory, or you won't be able to simply call them by name in the playbooks. ● Ansible Galaxy creates all the fjles you need to get started, including a README and a meta fjle ● Roles can be shared and discovered via htup:/ /galaxy.ansible.com Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 15

Variables ● While automatjon exists to make it easier to make things repeatable , all of your systems are likely not exactly alike . ● The behaviour or state of confjgured machines may change and impact the desired state of other services, dynamically ● Certain confjguratjon fjles may exist as templates, which need instantjatjon, based on their context ● Variables in Ansible are how we deal with difgerences between systems and states ● Variables allow you to ”program” with conditj tjons and loops Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 16

Settjng Variables ● Variables in Ansible help you to contextualise and abstract roles. ● Variables can be defjned in several areas ● Inventory ● Playbook ● Files and Roles ● Command Line ● Facts Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 17

Variable Hierarchy 1) Command line variables have the highest precedence. - e 2) 'most everything else' come next. 1)Role vars 2)Task and play variables 3) Variables defjned in inventory. 1)Host and group vars 4) Next comes facts discovered about a system. 5) Default vars defjned in roles have the lowest priority Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 18

Host Variables http://docs.ansible.com/ansible/intro_inventory.html#host-variables ● Host variables are assigned in the inventory ● Arbitrary variables can be assigned to individual hosts ● There are also variables which change the way Ansible behaves when managing hosts e.g 9 0 . 1 4 7 . 1 5 6 . 1 7 5 \ a n s i b l e _ s s h _ p r i v a t e _ k e y _ f i l e = ~ / . s s h / a n s i b l e - d e f a u l t . k e y \ a n s i b l e _ s s h _ u s e r = c e n t o s Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 19

Group Variables ● Hosts are grouped according to aspects, or any desired grouping ● Ansible allows you to defjne group variables which are available for any host in a group ● Group variables can be defjned in the inventory: [ w e b s e r v e r s : v a r s ] h t t p _ p o r t = 8 0 ● Or in separate fjles under group_vars → g r o u p _ v a r s / w e b s e r v e r s - - - h t t p _ p o r t = 8 0 Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 20

Facts ● Facts are discovered about the play hosts at the start of each play ● Unless turned ofg with g a t h e r _ f a c t s = f a l s e ● Facts can be cached ● Facts uses the setup module, which uses various tools such as f and o to obtain facts about hosts a c t e r h a i ● Facts are useful in determining the state of the machines in the play Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 21

Registering and using variables ● Variables can be statjcly set in the inventory, roles or plays, but can also be picked up based on the events of the play ● Use register to set transient variables r e g i s t e r : n e w v a r ● Call variables using { { n e w v a r } } Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 22

Example – Ensure that EPEL is available only on RedHat machines ● Vars set in role/x/vars: - - - e p e l _ p a c k a g e : ' 6 ' : h t t p : / / f t p . f a u . d e / e p e l / 6 / x 8 6 _ 6 4 / e p e l - r e l e a s e - 6 - 8 . n o a r c h . r p m ' 7 ' : h t t p s : / / f t p . f a u . d e / e p e l / 7 / x 8 6 _ 6 4 / e / e p e l - r e l e a s e - 7 - 5 . n o a r c h . r p m b a s e _ p a c k a g e s : - h t t p d Bruce Becker: Coordinator, Africa-Arabia ROC | bbecker@csir.co.za 23