Transcription

Getting Started with Ansible

What is the Red Hat Ansible Automation Platform?The Ansible project is an open source community sponsored byRed Hat. It’s also a simple automation language that perfectlydescribes IT application environments in Ansible Playbooks.Ansible Engine is a supported product built from the Ansiblecommunity project.Ansible Tower is an enterprise framework for controlling, securing,managing and extending your Ansible automation (community orengine) with a UI and RESTful API.

Why Ansible?SimplePowerfulAgentlessHuman readable automationApp deploymentAgentless architectureNo special coding skills neededConfiguration managementUses OpenSSH & WinRMTasks executed in orderWorkflow orchestrationNo agents to exploit or updateUsable by every teamNetwork automationGet started immediatelyGet productive quicklyOrchestrate the app lifecycleMore efficient & more secure

With Ansible you can automate:CROSS PLATFORM – Linux, Windows, UNIXAgentless support for all major OS variants, physical, virtual, cloud and networkHUMAN READABLE – YAMLPerfectly describe and document every aspect of your application environmentPERFECT DESCRIPTION OF APPLICATIONEvery change can be made by playbooks, ensuring everyone is on the same pageVERSION CONTROLLEDPlaybooks are plain-text. Treat them like code in your existing version control.DYNAMIC INVENTORIESCapture all the servers 100% of the time, regardless of infrastructure, location, etc.ORCHESTRATION THAT PLAYS WELL WITH OTHERS – HP SA, Puppet, Jenkins, RHNSS, etc.Homogenize existing environments by leveraging current toolsets and update mechanisms.

PUBLIC / PRIVATECLOUDPUBLIC / PRIVATECLOUDCMDBANSIBLE AUTOMATION NSHOSTSNETWORKDEVICES

PUBLIC / PRIVATECLOUDPUBLIC / PRIVATECLOUDCMDBANSIBLE AUTOMATION ENGINEUSERSANSIBLEPLAYBOOKPLAYBOOKS ARE WRITTEN IN YAMLTasks are executed sequentiallyInvoke Ansible ES

PUBLIC / PRIVATECLOUDPUBLIC / PRIVATECLOUDCMDBANSIBLE AUTOMATIONMODULESENGINEARE “TOOLS IN THE TOOLKIT”USERSANSIBLEPLAYBOOKPython, Powershell, or any languageExtend Ansible simplicity to the entire - name: latest index.html file is presenttemplate:src: files/index.htmldest: /var/www/html/

PUBLIC / PRIVATECLOUDPUBLIC / PRIVATECLOUDCMDBPLUGINS ARE “GEARS IN THE ENGINE”Code that plugs into the core engineANSIBLEAUTOMATIONAdaptabilityfor ENGINEvarious uses & UGINSHOSTSNETWORKDEVICES{{ some variable to nice yaml }}

PUBLIC / er2.example.comPUBLIC / PRIVATECLOUDINVENTORYList of systems in your infrastructure thatautomation is executed againstANSIBLE AUTOMATION ES

PUBLIC / PRIVATECLOUDPUBLIC / PRIVATECLOUDCMDBANSIBLE AUTOMATION ENGINEUSERSCLOUDRed Hat Openstack, Red Hat Satellite, VMware,INVENTORYCLIEngine, AzureAWS EC2, Rackspace,Google VICES

PUBLIC / PRIVATECLOUDPUBLIC / PRIVATECLOUDCMDBANSIBLE AUTOMATION iceNow, Cobbler, BMC,Custom cmdbHOSTSCLIPLUGINSNETWORKDEVICES

PUBLIC / PRIVATECLOUDPUBLIC / PRIVATECLOUDCMDBANSIBLE AUTOMATION ENGINEUSERSINVENTORYCLIMODULESPLUGINSAUTOMATE EVERYTHINGANSIBLERed Hat Enterprise Linux, Cisco routers, AristaPLAYBOOKswitches, Juniper routers, Windows hosts,Checkpoint firewalls, NetApp storage, F5 loadbalancers and moreHOSTSNETWORKDEVICES

Using Ansible13

Ad-hoc commands# check all my inventory hosts are ready to be# managed by Ansible ansible all -m ping# run the uptime command on all hosts in the# web group ansible web -m command -a “uptime”# collect and display the discovered for the# localhost ansible localhost -m setup

Ad-hoc example15

InventoryAn inventory is a file containing: HostsGroupsInventory-specific data (variables)Static or dynamic sources

Ansible Playbooks17

--- name: install and start apachehosts: webvars:http port: 80max clients: 200remote user: roottasks:- name: install httpdyum: pkg httpd state latest- name: write the apache config filetemplate: src /srv/httpd.j2 dest /etc/httpd.conf- name: start httpdservice: name httpd state started

--- name: install and start apachehosts: webvars:http port: 80max clients: 200remote user: roottasks:- name: install httpdyum: pkg httpd state latest- name: write the apache config filetemplate: src /srv/httpd.j2 dest /etc/httpd.conf- name: start httpdservice: name httpd state started

--- name: install and start apachehosts: webvars:http port: 80max clients: 200remote user: roottasks:- name: install httpdyum: pkg httpd state latest- name: write the apache config filetemplate: src /srv/httpd.j2 dest /etc/httpd.conf- name: start httpdservice: name httpd state started

--- name: install and start apachehosts: webvars:http port: 80max clients: 200remote user: roottasks:- name: install httpdyum: pkg httpd state latest- name: write the apache config filetemplate: src /srv/httpd.j2 dest /etc/httpd.conf- name: start httpdservice: name httpd state started

--- name: install and start apachehosts: webvars:http port: 80max clients: 200remote user: roottasks:- name: install httpdyum: pkg httpd state latest- name: write the apache config filetemplate: src /srv/httpd.j2 dest /etc/httpd.conf- name: start httpdservice: name httpd state started

--- name: install and start apachehosts: webvars:http port: 80max clients: 200remote user: roottasks:- name: install httpdyum: pkg httpd state latest- name: write the apache config filetemplate: src /srv/httpd.j2 dest /etc/httpd.conf- name: start httpdservice: name httpd state started

tasks:- name: add cache dirfile:path: /opt/cachestate: directory- name: install nginxyum:name: nginxstate: latestnotify: restart nginxhandlers:- name: restart nginxservice:name: nginxstate: restarted

VariablesAnsible can work with metadata from varioussources and manage their context in the form ofvariables. Command line parametersPlays and tasksFilesInventoryDiscovered factsRoles

Tips/Best Practices26

Simplicity27

Simplicity- hosts: webtasks:- yum:name: httpdstate: latest- service:name: httpdstate: startedenabled: yes

Simplicity- hosts: webname: install and start apachetasks:- name: install apache packagesyum:name: httpdstate: latest- name: start apache serviceservice:name: httpdstate: startedenabled: yes

Naming example30

9304.example.com

Inventorydb1db2db3db4ansible host 10.1.2.75ansible host 10.1.5.45ansible host 10.1.4.5ansible host 10.1.0.40web1web2web3web4ansible host w14301.example.comansible host w17802.example.comansible host w19203.example.comansible host w19203.example.com

Dynamic Inventories Stay in sync automaticallyReduce human errorCMDBPUBLIC / PRIVATECLOUD

YAML Syntax34

YAML and Syntax- name: install telegrafyum: name telegraf-{{ telegraf version }} state present update cache yesdisable gpg check yes enablerepo telegrafnotify: restart telegraf- name: configure telegraftemplate: src telegraf.conf.j2 dest /etc/telegraf/telegraf.conf- name: start telegrafservice: name telegraf state started enabled yes

YAML and Syntax- name: install telegrafyum: name telegraf-{{ telegraf version }}state presentupdate cache yesdisable gpg check yesenablerepo telegrafnotify: restart telegraf- name: configure telegraftemplate: src telegraf.conf.j2 dest /etc/telegraf/telegraf.conf- name: start telegrafservice: name telegraf state started enabled yes

YAML and Syntax- name: install telegrafyum:name: telegraf-{{ telegraf version }}state: presentupdate cache: yesdisable gpg check: yesenablerepo: telegrafnotify: restart telegraf- name: configure telegraftemplate:src: telegraf.conf.j2dest: /etc/telegraf/telegraf.confnotify: restart telegraf- name: start telegrafservice:name: telegrafstate: startedenabled: yes

ansible-playbook playbook.yml --syntax-check

Roles39

Roles Think about the full life-cycle of a service, microservice orcontainer — not a whole stack or environmentKeep provisioning separate from configuration and appdeploymentRoles are not classes or object or libraries – those areprogramming constructsKeep roles loosely-coupled — limit hard dependencies onother roles or external variables

VariablePrecedence41

The order in which the same variable fromdifferent sources will override each other.

Variable Precedence1.2.3.4.5.6.7.8.9.10.11.12.Extra varsInclude paramsRole (and include role) paramsSet facts / registered varsInclude varsTask vars (only for the task)Block vars (only for tasks in the block)Role varsPlay vars filesPlay vars promptPlay varsHost facts / Cached set facts13. Playbook host vars14. Inventory host vars15. Inventory file/script host vars16. Playbook group vars17. Inventory group vars18. Playbook group vars/all19. Inventory group vars/all20. Inventory file or script group vars21. Role defaults22. Command line values (e.g., -u user)

Things to Avoid44

Things to Avoid Using command modules Things like shell, raw, command etc. Complex tasks.at first Start small Not using source control But no really.

Ansible ContentCollections46

Collections Q and AWhat are they? Collections are a distribution format for Ansible content that can include playbooks,roles, modules, and plugins. You can install and use collections through AnsibleGalaxy and Automation HubHow do I get them? ansible-galaxy collection install namespace.collection -p /pathWhere can I get them? Today Galaxy Automation Hub

Collection Directory Structure docs/: local documentation for the collection galaxy.yml: source data for the MANIFEST.json that will be part of the collection package playbooks/: playbook snippets tasks/: holds 'task list files' for include tasks/import tasks usage plugins/: all ansible plugins and modules go here, each in its own subdir modules/: ansible modules lookups/: lookup plugins filters/: Jinja2 filter plugins connection/: connection plugins required if not using default roles/: directory for ansible roles tests/: tests for the collection's content

Collections: Let’s Go!1. Init collection: ansible-galaxy collection init foo.bar2. Sanity testing: ansible-test sanity3. Unit tests: ansible-test units4. Integration tests: ansible-test integration5. Build the collection: ansible-galaxy collection build6. Publish the collection: ansible-galaxy collection publish7. Install the collection: ansible-galaxy collection installfoo.bar

Thank com/RedHat50

Resource Link Indexhttps://docs.ansible.com/ansible/latest/user guide/playbooks est/user guide/playbooks .com/ansible/latest/user guide/playbooks installation guide/intro latest/user guide/intro getting om/ansible/latest/user guide/intro user guide/intro est/user guide/playbooks reuse user guide/intro dynamic cs.ansible.com/ansible/latest/user guide/collections dev guide/developing collections.html

The Ansible project is an open source community sponsored by Red Hat. It’s also a simple automation language that perfectly describes IT application environments in Ansible Playbooks. Ansible Engine is a supported product built from the Ansible community project. Ansible To