Exploring Ansible Patrick Ladd Technical Account Manager [email protected] 1 Why Ansible? 2 Why Ansible? Simple Powerful Secure Be productive Quickly Orchestrate Entire Lifecycle More Efficient & More Secure ● Human Readable ● Application Deplo%ment ● Agentless ● No Coding Skills ● Configuration Management ● *ses SSH & 'inRM ● In Order "#ecution ● 'ork(ow Orchestration ● Less to Update or E#ploit 3 Why Ansible? Use across all your environments 4 Why Ansible? Use across all your environments ● !perating s%stems- Red Hat Enterprise Linu#./ Windo)s/ Ubuntu/ and more. ● Servers- HP/ Dell/ Cisco/ and more. ● Cloud: Ama0on Web Services/ Microso1t Azure/ 2oogle Cloud Platform/ Digital!cean/ CloudStack/ OpenStack./ Rackspace/ Packet, and more. ● nfrastructure- Red Hat !penShift®/ VM)are/ NetApp/ Kubernetes/ Jenkins/ 56oss./ $ocker, and more. ● Networks- Arista, Cisco/ Juniper/ F8/ Palo Alto/ and more. ● 2,8 2 Core Modules ● 2!,"#$ Community Roles 5 Why Ansible? *se Throughout 9our Work(o) ● nfrastructure $eplo%ment. ● Code deplo%ment. ● 6uild automation. ● Artifact management. ● Certi&cate management. ● Service restarts. ● $ecommissioning resources. 6 Why Ansible? $C Case Study- Save Time – Operate E1&cientl% – Respond Faster ● $C mpact Study ● Managed service pro,ider ● 8 Datacenters ● ;<<<= emplo%ees ● Manages 15<<= s%stems 7 Source- https->>))).redhat.com>en>resources>total?economic?impact?ansible?spotlight Why Ansible? $C Case Study- ;@AB R!I – 3 month pa%back Lea !ime re uced 66% D;/CE;/CA@ savings o,er 3 years Avoi ed appliance purchase DCFG/H<H cost avoidance Au!oma!ed recon$%uration Reduced man hours by 9@B Au!oma!ed securi!y up ates Reduced man hours by 8<B 8 Source- https->>))).redhat.com>en>resources>total?economic?impact?ansible?spotlight Why Ansible? Ansible and Puppet ● Agent-less ● Push ,s Pull ● 9AML vs JSON ● Top to bottom orderingI & Source- https->>))).redhat.com>en>resources>total?economic?impact?ansible?spotlight Ansible Basics '( Ansible )asics 9AML – 9et Another Markup Language ● Simple/ Human Readable ● Ke%>3alue based # Me - me: ● Lists and Dictionaries name: Patrick Ladd employed: yes job: Technical Account Manager age: 49 ● Mandatory Indentation – 2 spaces interests: | backpacking ● ---- 7ile start lego ● 7ile end ... friends: - Joe ● Juoting- “” and ‘’ - Bob - Ralph '' Ansible )asics 9AML – Lists & Dictionaries ● Lists # List of favorite foods ● foods: Indented - bacon ● K-L delimiter - pizza - steak ● Short form: [ a, b ] drinks: [ ‘soda’, ‘water’, ‘cider’ ] ● $ictionaries # Dictionaries of book and movie book: ● Indented name: Ansible 101 author: Foo Bar ● Ke%- Value (space after ‘:L reNired!P brief: Getting started with Ansible ● Short form: { k1: v1, k2: v2 } Movie: { name: “The Matrix”, genre: “SciFi” } '2 Ansible )asics 9AML – Booleans and Special Characters ● 6oolean ,alues create_key: yes needs_root: no likes_vi: True dislikes_emacs: TRUE uses_cvs: false ● 'hen you donLt )ant the boolean ,alue non_boolean: "yes" other_string: "False" ● 'atch out 1or special characters! info: somebody said I should put a colon here: so I did info: "somebody said I should put a colon here: so I did" '3 Ansible )asics 9AML – Ne) Lines ● Spanning Lines )ith ne)lines include_newlines: | exactly as you see will appear these three lines of poetry ● Spanning Lines )ith no newlines ignore_newlines: > this is really a single line of text despite appearances '4 Ansible )asics 9AML – Getting Fancy # People ● Combine lists and dictionaries in an% - foo: name: Foo Bar combination job: Awesome Administrator ● "scaping languages: - perl ● Line folding / e#tending - python fun fact: | can see in the dark ● - learn: Handy References- name: Learn Moar ● https->>yaml.org/spec>;.E/spec.html job: Sr Awesome Administrator languages: ● https->>docs.ansible.com/ansible/latest>referenc - ansible e_appendices/YAMLS%nta#.html - ruby - awk ● https->>yaml.org/re1card.html fun fact: > runs with scissors 15 Ansible )asics 9AML – Check your work ● 7rom the command line- python -c 'import yaml, sys; yaml.safe_load(sys.stdin)' < my.yaml ● 9amlLint- https://pypi.org/proRect>yamllint> ● !1&cial checker 1or Ansible pla%books: ansible-playbook –-syntax-check ● 3 M trick- ● Add this to $HOME/.vimrc autocmd FileType yaml setlocal ai ts=2 sw=2 et '6 Ansible )asics Basic Architecture ● Control Node ● Managed Hosts ● Connection '7 Ansible )asics In,entor% - Where to runS ● $e&nes all hosts that Ansible manages ● Static ● Pro,ides basic lists and groupings for hosts ● $%namic in,entories ● Satellite ● Cloud Pro,iders (!penStack/ AWSP ● L$AP ● CM$6 ● http->>docs.ansible.com/ansible>intro_dynamic_in,entory.html ● Man% others (there are pluginsP ● List them: ansible-doc -t inventory -l 18 Ansible )asics Ansible Inventories : Static IN ● N ?like te#t &le [rhel] rhel1.mynet.com 192.168.122.156 192.168.122.168 [fedora] ● Sectioned to define groups o1 hosts fedora.mynet.com [windows] win1.mynet.com [linux:children] ● Groups o1 groups rhel fedora '& Ansible )asics Ansible Inventories : Static IN ● Common Options [master] localhost ansible_connection=local [rhel] rhel1.mynet.com:1234 ansible_connection=ssh ansible_user=foo 192.168.122.156 192.168.122.168 [moar-servers] ● Defining Ranges [start-endU web[1:7].moar.com db[01:07].moar.com 192.168.[4:7].[0:255] 20 Ansible )asics Authentication – Who are youS ● ssh used for most connections ● 6est practice – use ssh ke%s ● 6est practice – run with least pri,ilege ● *se ansible_become if root is needed 2' Ansible )asics Modules – What to doS ● 'hat allo)s us to perform actions on a host. The% do the hea,% li1ting ● Thousands of built in modules ● The basics- ● setup – reports 1acts ● ping – checks connection ● command – run a command ($onLt use this until you look 1or appropriate modulesOP ● *se ansible?doc to search for additional information such as details of a module $ ansible-doc copy > COPY (/usr/lib/python2.7/site-packages/ansible/modules/files/copy.py) The ‘copy’ module copies a file from the local or remote machine to a location on the remote machine… 22 Ansible )asics Ad-Hoc Commands ● 7or Nuick one?o11s and testing ● ansible -m module host ● 7or e#ample- ● ansible -m setup thathostoverthere 23 Ansible )asics Demo – Hosts & Ad-hoc commands ● Host/ P ● 2roup ● List ● Patterns 24 Ansible )asics Pla%books ● 'ritten in YAML composed of one or more “playsW ● "ach play contains a list of tasks ● "ach task is something to check/ modi1% or run ● !rder and spaces matter! 25 Ansible )asics Pla%books - components ● Pieces of a playbook – a playbook can contain 1 or more pla%s ● Name attribute- “name- a descripti,e label of the playW ● Hosts attribute- Vhosts- pattern.hosts.comW ● As described in the Referencing Hosts section ● *ser attributes- i.e. if the de1ault remoteQuser will not work we pro,ide a suitable one here ● Pri,ilege escalation attributes- if necessar% de&ning become/ becomeQmethod, become_user, etc ● Tasks attribute- → 26 Ansible )asics Pla%books - Tasks ● Tasks Attribute tasks: A list o1 dictionaries )ith ke%>,alue pairs - name: first task service: name=httpd enabled=true ● One or multiple tasks tasks: - name: first task service: name=httpd enabled=true - name: second task service: name=sshd enabled=true - name: third task service: name=bluetooth enabled=false 27 Ansible )asics Pla%books - Tasks ● This- tasks: - name: first task service: name=httpd enabled=true ● s equi,alent to this: tasks: - name: first task Mbut this is cleanerP service: name: httpd enabled: true 28 Ansible )asics Demo - Playbooks ● Checking for s%ntax ● $oing a dry run ● Step?by?step run ● Run a playbook 2& Getting Fancy 3( *e!!in% Fancy 3ariables ● 3ariable names must start with a letter and onl% contain letters/ numbers and underscores ● $e&ned in three scopes ● 2lobal- Variables set via the command line or Ansible con&guration file ● Pla%- De&ned in the play ● Host: De&ned on host groups and/or indi,idual hosts by the in,entor%/ 1act gathering or task ● 3ariables with the same name? Higher le,el wins ● CL > Playbook > In,entory 3' *e!!in% Fancy 3ariables in Pla%books ● At the start o1 a play in ,ars block - hosts: all vars: user: joe home: /home/joe ● - hosts: all n a ,ars &le in 9AML 1ormat vars_files: - vars/users.yml ● Called )ith %% var && synta# tasks: ● must be in quotes i1 it starts the line - name: Creates the user {{ user }} user: name: "{{ user }}" 32 *e!!in% Fancy 3ariables on Hosts and Groups ● ndi,idually 1rom in,entor% [webservers] localhost ansible_connection=local web1.foo.com web2.foo.com:1234 ansible_connection=ssh ansible_user=foo ● Defined 1or all hosts in a group [eng] sys1.foo.com sys2.foo.com [prod] prod1.foo.com prod2.foo.com [eng:vars] user=foo 33 *e!!in% Fancy 3ariables – CLI ● !,erride 1rom Command Line $ ansible-playbook user.yml -e "user=mike" ● users: Re1erencing Arrays joe: MDot notation can be a problem )ith first_name: Joe last_name: Jones modules) home_dir: /users/joe mike: first_name: Mike last_name: Cook home_dir: /users/mike # Returns 'Joe' users.joe.first_name # Returns 'Joe' 34 users['joe']['first_name'] *e!!in% Fancy Demo - Playbooks ● Simple variable usage and substitution ● Register to capture command output ● $ebug to dump a ,alue of a registered variable 35 *e!!in% Fancy 3ariables - Facts ● 7acts- 3ariables that are automaticall% disco,ered ● Pulled by the setup modules ● List all the facts for a s%stem (be warned this is a ton o1 data) $ ansible host -m setup ● Can be stored into variables for reuse or used directl% ● Custom facts can be created ● Sa,ed in >etc/ansible>facts.d ● Must