Ansible
Ansible
Ansible
Jan-Piet Mens
April 2013
@jpmens
@jpmens: consultant,
author, architect, part-time
admin, small-scale ddler,
loves LDAP, DNS,
plain text, and things
that work.
then it got
complicated ...
this is what we
want:
No more daemons
No more agents
No more ports
No databases
comprhansible
welcome to
Ansible
push-based
pull possible
Python
2.6 + Paramiko, PyYAML, Jinja2 on manager
2.4 + simplejson on nodes
Can run in virtualenv and from git checkout
SSH
keys, Kerberos, passwords
Modus operandi
Install packages
yum, apt, and no, you don't want zypper do you?
Minimal cong
language
no XML, no Ruby, no ...
Inventory
$ cat ${ANSIBLE_HOSTS:-/etc/ansible/hosts}
[local]
127.0.0.1
[webservers]
www.example.com ntp=ntp1.pool.ntp.org
web[10-23].example.com
sushi ansible_ssh_host=127.0.0.1 ansible_ssh_port=222
[devservers]
a1.ww.mens.de
executable hosts
CMDB (LDAP, SQL, etc.)
Cobbler
EC2, OpenStack, etc.
make your own: JSON
Target selection
webservers
all
ldap.example.com
webservers:!web20.example.com
*.example.com
192.168.6.*
ad-hoc copy
$ ansible devservers -m copy -a 'src=resolv.conf dest=/etc/resolv.conf'
a1.ww.mens.de | success >> {
"changed": true,
"dest": "/etc/resolv.conf",
"group": "adm",
"md5sum": "c6fce6e28c46be0512eaf3b7cfdb66d7",
"mode": "0644",
"owner": "jpm",
"path": "resolv.conf",
"src": "/home/jpm/.ansible/tmp/ansible-322091977449/resolv.conf",
"state": "file"
}
facts
"ansible_architecture": "x86_64",
"ansible_default_ipv4": {
"address": "192.168.1.194",
"gateway": "192.168.1.1",
"interface": "eth0",
"macaddress": "22:54:00:02:8e:0f",
},
"ansible_distribution": "CentOS",
"ansible_distribution_version": "6.2",
"ansible_fqdn": "a1.ww.mens.de",
"ansible_hostname": "a1",
"ansible_processor_count": 1,
"ansible_product_name": "KVM",
"ansible_swapfree_mb": 989,
modules
apt, apt_repository, assemble, async_status, authorized_key,
command, copy, cron, debug, easy_install, facter, fail,
fetch, file, fireball, get_url, git, group, ini_file,
lineinfile, mail, mount, mysql_db, mysql_user, nagios,
ohai, pause, ping, pip, postgresql_db, postgresql_user,
raw, seboolean, selinux, service, setup, shell, slurp,
subversion, supervisorctl, template, user, virt, yum
Playbooks
YAML
OS conguration
APP deployment
collections of actions using modules
each group of actions is a play
notication handlers
variables
From inventory
In plays
From host_vars/ les
From group_vars/ les
From register
--editmode: emacs
admin: Jane Jolie
location: Bldg Z8/211
{{ templates }}
templates in Jinja2
# {{ ansible_managed }}
{# editmode is either "vi" or "emacs" #}
set -g prefix C-a
set -g status-utf8 on
setw -g mode-keys {{ editmode }}
generate /etc/hosts
{% for k,v in hostvars.iteritems() -%}
{{ v['ansible_eth0']['ipv4']['address']}} {{ k }} \
{{ v['ansible_hostname'] }}
{% endfor %}
192.168.1.218 k4.ww.mens.de k4
192.168.1.194 a1.ww.mens.de a1
...
$LOOKUP
les
pipe
Redis
DNS TXT
...
delegation
pull mode
reball operation
Extansible
Callbacks (Python)
Action plugins (Python)
Data sources (Python)
Inventory sources (any language)
ansible.cc
Join the party!