Ansible is the simplest way to automate. SymfonyCafe, 2015

Ansible is the simplest way to automate. Alexander Schedrov aka sanchiz Team Lead, FFW Symfony Cafe Kyiv, May 2015

Alexander Schedrov aka sanchiz Team Lead, FFW (ex ProPeople) I love Open Source I'm contributor to Open Source That’s why I’m here Ukraine, Kyiv

How it was earlier Developers wrote code SysAdmins deployed code and conﬁgure servers

until one day… DevOps and Ansible

What is Ansible Ansible is a radically simple IT automation engine.

Ansible • Clear - Ansible uses a simple syntax (YAML). • Fast - Fast to learn and fast to set up. • Complete - You have everything you need in one complete package. • Efﬁcient - No extra software on your servers. Extensible with modules on any programming language. • Secure - Ansible uses SSH and requires no extra open ports or daemons

1. Conﬁguration management and infrastructure orchestration

Dev Test ProdLocal developer's server

Our approach • Conﬁguration management as part of project • Deployments and builds should be automated • We should test each feature before merging into master • Everything that may be automated - should be automated

Simple and efﬁcient way ansible-playbook [ﬁlename]

How do we generate builds • GitHub Pull Requests to inject new features to master branch • Jenkins triggers ansible script within repo • Ansible playbook download database from production • Ansible playbook apply changes to database

PUPHPET One day our Vagrantbox is died

Provisioning. Vagrant. Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| config.vm.box = "ubuntu/trusty64" config.vm.network :private_network, ip: "192.168.60.77" config.vm.network :forwarded_port, host: 4567, guest: 80 config.vm.provision "ansible" do |ansible| ansible.playbook = "playbook.yml" end end Vagrantﬁle:

Meet the CIBox https://github.com/propeoplemd/cibox Kudos to @podarok,@ygerasimov, @m1r1k and other contributors

CIBox uses Ansible for: • Provisioning in CI server (Jenkins) • Provisioning in Vagrantbox • GitHub Pull Request builder

# Install the PGP key gpg --keyserver keyserver.ubuntu.com --recv-keys 561F9B9CAC40B2F7 gpg --armor --export 561F9B9CAC40B2F7 | apt-key add - # Install https support for apt apt-get install apt-transport-https -y # Add the passenger apt repository echo "deb https://oss-binaries.phusionpassenger.com/apt/passenger raring main" > /etc/apt/sources.list.d/passenger.list chown root: /etc/apt/sources.list.d/passenger.list chmod 600 /etc/apt/sources.list.d/passenger.list # Update the apt cache so we can use the new repo apt-get update # Install nginx apt-get install nginx-full passenger -y # Set up passenger in the nginx configuration sed -i "s/# passenger_root/passenger_root/" /etc/nginx/nginx.conf sed -i "s/# passenger_ruby/passenger_ruby/" /etc/nginx/nginx.conf # Start nginx service nginx restart Shell script

--- - hosts: all tasks: - name: Ensure the PGP key is installed apt_key: id=AC40B2F7 state=present url="http://keyserver.ubuntu.com/ pks/lookup?op=get&fingerprint=on&search=0x561F9B9CAC40B2F7" - name: Ensure https support for apt is installed apt: pkg=apt-transport-https state=present - name: Ensure the passenger apt repository is added apt_repository: state=present repo='deb https://oss- binaries.phusionpassenger.com/apt/passenger raring main' - name: Ensure nginx is installed apt: pkg=nginx-full state=present - name: Ensure passenger is installed apt: pkg=passenger state=present update_cache=yes - name: Ensure the nginx configuration file is set copy: src=/app/config/nginx.conf dest=/etc/nginx/nginx.conf - name: Ensure nginx is running service: name=nginx state=started Ansible script

Why do we love Ansible • It perfectly ﬁt into our infrastructure • It has a lot of modules and roles • Can easily be executed on multiple servers • Popular system • It supports simple templates

Installation sudo pip install ansible *nix Packages: python-pip and python-devel Windows • Cywgin • PyYAML • Jinja2 • … https://servercheck.in/blog/running-ansible-within-windows

3 main shell commands • ansible-doc [options] [module...] • ansible-playbook playbook.yml [options] • ansible <host-pattern> <command> [options]

Run playbook on remote machine Host Guest 192.168.1.1 192.168.1.2 Playbook on host 192.168.1.2

Run playbook on local machine Host 192.168.1.1 Playbook on host 192.168.1.1

--- - hosts: all # Get facts about hosts(OS, user and so on) gather_facts: no remote_user: root vars_prompt: # Variables that need should be entered vars: # List of variables var_files: # List of files with variables roles: # List of roles that should be included pre_tasks: # List of pre-tasks tasks: # List of main tasks post_tasks: # List of post-tasks handlers: # List of handlers

Ansible task - name: Install libraries apt: pkg={{ item }} state=installed with_items: - git - apache2 - php5 - php5-mysql Comment/Documentation Module Item Iterate through array

Inventory # Group name [localhost] # Hosts in group 127.0.0.1 # Group name [mysql_group] # Hosts in group mysqlserver.com 192.168.1.1 # Group vars [mysql_group:vars] ansible_ssh_user=root ansible_ssh_port=2222 /etc/ansible/hosts or ./hosts Requirements: connection by ssh without password.

“ansible” command. Ad-hoc. ansible mysql_group -a "free -m" ansible mysql_group -s -m apt -a "pkg=ntp state=installed" Command Group name Arguments ModuleSudo

Move your code to templates Jinja2.

--- - host: lamp_local vars: vhost_core_path: “/var/www/site.dev" domain: "site" tasks: - name: Add Apache virtualhost for development. template: src: "templates/vhost.dev.conf.j2" dest: "/etc/apache2/sites-available/{{ domain }}.dev.conf" owner: root group: root mode: 0644 vhost.dev.conf.j2 <VirtualHost *:80> ServerAdmin webmaster@localhost ServerName {{ domain }}.192.168.60.25.xip.io ServerAlias www.{{ domain }}.192.168.60.25.xip.io DocumentRoot {{ vhost_core_path }} <Directory "{{ vhost_core_path }}"> Options FollowSymLinks Indexes AllowOverride All </Directory> </VirtualHost>

Roles --- - hosts: webservers roles: - jenkins - webservers roles/jenkins

Use includes --- - hosts: mysql_group sudo: yes vars_files: - solr_vars.yml pre_tasks: - include: pre_tasks.yml tasks: - { include: deploy.yml, user: admin, ssh_keys: [ 'keys/ one.txt', 'keys/two.txt' ] } handlers: - include: handlers/handlers.yml

Just run shell scripts through Ansible - name: Deploy system module sudo: yes shell: /usr/bin/deploy -t -v --tags=system Start from small changes

Let’s contribute to OpenSource https://galaxy.ansible.com/

# Install role systemwide ansible-galaxy install sanchiz.jenkins # List all availabel roles systemwide ansible-galaxy list # Remove role systemwide ansible-galaxy remove sanchiz.jenkins # Init new ansible role in current dir ansible-galaxy init

Thank you! GitHub: https://github.com/Sanchiz Blog: http://sanchiz.net Email: alexander.schedrov@gmail.com Twitter: @alexschedrov Drupal.org: https://www.drupal.org/u/sanchiz

Ansible is the simplest way to automate. SymfonyCafe, 2015

More Related Content

What's hot

Viewers also liked

Similar to Ansible is the simplest way to automate. SymfonyCafe, 2015

Recently uploaded

Ansible is the simplest way to automate. SymfonyCafe, 2015