From Ansible's website: "Ansible is a radically simple IT automation engine that automates cloud provisioning, configuration management, application deployment, intra-service orchestration, and many other IT needs." This introduction is based on ansible official docs, capturing most important information to make it easy to understand Ansible main concepts.

1. SOFTWARE CRAFTSMANSHIP TOLEDO
A “crowd” introduction

2. SOFTWARE CRAFTSMANSHIP TOLEDO
Software Craftsmanship Toledo
• Pasión por la ingeniería software y el desarrollo de
software en la comunidad de Castilla-La Mancha.
• Clara vocación por aprender, fomentar y compartir las
metodologías ágiles en la región.
• Grupo totalmente abierto: http://www.meetup.com/es/
Software-Craftsmanship-Toledo-ES
• Miembros profesionales y/o apasionados del desarrollo
software.
• Tenemos un canal de Slack… Apúntante!

4. SOFTWARE CRAFTSMANSHIP TOLEDO
Meet me
• Manuel de la Peña
• @mdelapenya
• Support >
Engineering >
Testing > IT … at
Liferay, Inc.
• DEVOPS?

5. Meet the team

6. Meet our server room

7. OK, THIS server room

8. SOFTWARE CRAFTSMANSHIP TOLEDO
This was my first day
at work…

9. moss@itcrowd1:~$ ssh root@server1
password:
root@server1:~$ apt-get update
root@server1:~$ apt-get install apache2
root@server1:~$ apt-get install htop
root@server1:~$ vi /etc/fstab
root@server1:~$ mount /mnt/devops
root@server1:~$ exit
moss@itcrowd1:~$
server2, server3, server4, server5 … server30
buzz, scar, ariel, mickey, mulan … goofie
ares, odin, hera, atenea, loki … melkart
logan, natasha, clark, peter, bruceW … bruceB
And all these following servers too:

10. WTF

11. Every task,
every day.

12. SOFTWARE CRAFTSMANSHIP TOLEDO
Why don’t you
automate THIS?
Why don’t you
automate THIS?

13. Automate
server
management???

14. SOFTWARE CRAFTSMANSHIP TOLEDO
AUTOMATION FOR EVERYONE
Deploy apps. Manage systems. Crush complexity.
Ansible helps you build a strong foundation for DevOps.

15. SOFTWARE CRAFTSMANSHIP TOLEDO
How it works
• It uses a very simple language (YAML, in the form
of Ansible Playbooks)
• Plain English!
• By default manages machines over the SSH
protocol.
• It uses no agents and no additional custom
security infrastructure.

16. SOFTWARE CRAFTSMANSHIP TOLEDO
SSH Keys
• SSH keys with ssh-agent are
recommended.
• Root logins are not required, you can
login as any user, and then su or
sudo to any user.

17. SOFTWARE CRAFTSMANSHIP TOLEDO
Installation
• No database, and no running daemons!
• Install it on only one machine (a laptop?) as central
point.
• It does not leave software installed or running on
remote machines —> upgrades super easy :D

18. SOFTWARE CRAFTSMANSHIP TOLEDO
Control Machine
• “Any” machine with Python 2.6 or 2.7 installed.
• This includes Red Hat, Debian, CentOS, OS X, any
of the BSDs, and so on.
• Windows isn’t supported for the control machine.

19. SOFTWARE CRAFTSMANSHIP TOLEDO
Managed Nodes
• You need a way to communicate, normally ssh.
• SSH uses sftp. If not available, switch to scp.
• Python 2.4 or later. (If Python < 2.5 also need
python-simplejson)

20. SOFTWARE CRAFTSMANSHIP TOLEDO
Remote connection
• Native OpenSSH for remote communication when
possible.
• If OpenSSH is too old in control machine
(Enterprise Linux 6 OS)—> Fallback to Paramiko:
a Python implementation.
• SSH keys are encouraged but password
authentication can also be used (--ask-pass).

21. SOFTWARE CRAFTSMANSHIP TOLEDO
sudo

22. Ansible Inventory

23. SOFTWARE CRAFTSMANSHIP TOLEDO
Inventory
• What machines/hosts you are
managing using a very simple INI file.
• Managed machines/hosts in groups of
your own choosing.
• Define variables by scope.

24. Groups

25. SOFTWARE CRAFTSMANSHIP TOLEDO
Inventory variables
• Host variables
• Group variables
• Advanced variables

26. SOFTWARE CRAFTSMANSHIP TOLEDO
Inventory: Host vars

27. SOFTWARE CRAFTSMANSHIP TOLEDO
Inventory: Group vars

28. SOFTWARE CRAFTSMANSHIP TOLEDO
Inventory: Advanced vars
Affects to groups
Specific group of servers
Arbitrary criterium

29. SOFTWARE CRAFTSMANSHIP TOLEDO
Host matching: Patterns
• all
• *
• 192.168.1.*, *.example.com
• OR —> webservers:dbservers
• AND —> webservers:&staging

30. SOFTWARE CRAFTSMANSHIP TOLEDO
Host matching: Patterns
• Exclusions —> webservers:!phoenix
• Combinations —>
webservers:dbservers:&staging:!phoenix
• Host selection —> webservers[0],
webservers[0:1], webservers[1:]
• Regexp —> ~(web|db).*example.com

31. SOFTWARE CRAFTSMANSHIP TOLEDO
Host matching: Limit

32. SOFTWARE CRAFTSMANSHIP TOLEDO
Ansible Modules

33. SOFTWARE CRAFTSMANSHIP TOLEDO
Ansible modules
• copy
• file
• yum
• user
• service
• git
• apache
• apt
• azure
• bower
• cron
• mysql_db
• npm
• puppet
• django
• ec2
And many more!

34. SOFTWARE CRAFTSMANSHIP TOLEDO
Modules

35. SOFTWARE CRAFTSMANSHIP TOLEDO
git module

36. SOFTWARE CRAFTSMANSHIP TOLEDO
Ad-hoc commands
Fork 10 parallel threads

37. SOFTWARE CRAFTSMANSHIP TOLEDO
Ansible Variables

38. SOFTWARE CRAFTSMANSHIP TOLEDO
Variables
• Should be letters, numbers, and
underscores.
• Variables should always start with a letter.
• YAML also supports dictionaries which
map keys to values.
• There are reserved Python-related
keywords.

39. SOFTWARE CRAFTSMANSHIP TOLEDO
Variables
• Defined in Inventory.
• Defined in Playbooks.
• Defined in includes.
• Defined in Roles.

40. SOFTWARE CRAFTSMANSHIP TOLEDO
Variables: Jinja2
• Jinja2 —> Template system
• How to use a variable? —>
{{ variable_name }}
• Safer —> “{{ variable_name }}”

41. SOFTWARE CRAFTSMANSHIP TOLEDO
Variables: register
• Run a command and save its result into a
variable.

42. SOFTWARE CRAFTSMANSHIP TOLEDO
Variables: external
• Private information?? Hide them in
variables!
• In a task list —>
vars_files: /opt/private/my_vars.yml

43. SOFTWARE CRAFTSMANSHIP TOLEDO
Variables: command
• Directly pass variables to command line:
• --extra-vars “version=1.3 my_var=foo”
• --extra-vars
‘{"pacman":"mrs","ghosts":
["inky","pinky","clyde","sue"]}'
• --extra-vars "@some_file.json"

44. SOFTWARE CRAFTSMANSHIP TOLEDO
Variables: precedence
• role defaults < inventory vars < inventory
group_vars < inventory host_vars <
playbook group_vars < playbook host_vars
< host facts < registered vars < set_facts <
play vars < play vars_prompt < play
vars_files < role and include vars < block
vars (only for tasks in block) < task vars
(only for the task) < extra vars

45. SOFTWARE CRAFTSMANSHIP TOLEDO
Ansible Playbooks

46. SOFTWARE CRAFTSMANSHIP TOLEDO
Playbooks
• Orchestrate steps/tasks of any
manual ordered process.
• Executed a/synchronously.
• YAML format.
• Minimum syntax —> not a language
but a model.

47. SOFTWARE CRAFTSMANSHIP TOLEDO
Playbooks: Tasks
• Should have a name: included in
output and readable by humans.
• Accept variables:
template: src=somefile.j2 dest=/etc/
httpd/conf.d/{{ vhost }}

48. SOFTWARE CRAFTSMANSHIP TOLEDO
Playbooks: Tasks lists
• Each play contains a list of tasks.
• Tasks are executed in order, one at a time,
against all machines matched by the host
pattern.
• Important! Same task directives to all hosts.
• Tasks goal? execute a module, with arguments.
• Modules are idempotent.

49. SOFTWARE CRAFTSMANSHIP TOLEDO
Playbooks:Hosts&Users
• For each play, choose machines to
target and remote user to complete
the steps/tasks as.
• Define remote users per task.
• Use sudo on a particular task
instead of the whole play.

50. SOFTWARE CRAFTSMANSHIP TOLEDO
Playbooks: Handlers
• Playbooks respond to change.
• Can notify at the end of each block of
tasks.
• Triggered only once, even if notified by
multiple tasks.
• Best used to restart services and trigger
reboots.

52. SOFTWARE CRAFTSMANSHIP TOLEDO
ansible-playbook playbook.yml

53. SOFTWARE CRAFTSMANSHIP TOLEDO
Ansible Roles

54. SOFTWARE CRAFTSMANSHIP TOLEDO
Roles
• Reuse playbooks.
• Combine files to form clean,
reusable abstractions.
• Grouping allows easy sharing of
roles with other users.
• include directive —> Include files.

55. SOFTWARE CRAFTSMANSHIP TOLEDO
Roles: structure
• Automatically loads certain
vars_files, tasks, and handlers based
on a known file structure.
• Where is the magic? Improvements
to search paths for referenced files.

56. SOFTWARE CRAFTSMANSHIP TOLEDO
‘common’ role structure
‘webservers’ role structure

57. SOFTWARE CRAFTSMANSHIP TOLEDO
Roles: main.yml
• roles/x/tasks/main.yml —> Add tasks to the
play.
• roles/x/handlers/main.yml —> Add handlers
to the play.
• roles/x/vars/main.yml —> Add variables to
the play.
• roles/x/meta/main.yml —>, Add roles as
dependency (1.3 and later).

58. SOFTWARE CRAFTSMANSHIP TOLEDO
Roles: paths
• Any copy, script, template or include
tasks (in the role) can reference files
in roles/x/{files,templates,tasks}/
without having to path them
relatively or absolutely

59. SOFTWARE CRAFTSMANSHIP TOLEDO
Roles:parameters

60. SOFTWARE CRAFTSMANSHIP TOLEDO
Roles:defaults
• Add a defaults/main.yml file in your role
directory.
• Set default variables for included or
dependent roles.
• Lowest priority of any variables
available, so they are easily overridden,
including inventory variables!

61. SOFTWARE CRAFTSMANSHIP TOLEDO
Roles:dependencies
• A list of roles and parameters to
insert and execute before the
specified role.
• Automatically pull in other roles.
• meta/main.yml within the role.
• Executed recursively.

62. SOFTWARE CRAFTSMANSHIP TOLEDO
Roles:dependencies

63. SOFTWARE CRAFTSMANSHIP TOLEDO
https://galaxy.ansible.com
Where can I find
ready to use Roles?
Ansible Galaxy

64. SOFTWARE CRAFTSMANSHIP TOLEDO
https://github.com/ansible/ansible-
examples/tree/master/lamp_haproxy
Ansible Real Example (1)

65. SOFTWARE CRAFTSMANSHIP TOLEDO
Ansible Real Example (2):
LELK

66. SOFTWARE CRAFTSMANSHIP TOLEDO
LELK
• Liferay Portal
• Elasticsearch
• Logstash
• Kibana
• generate
• index
• process
• display

67. SOFTWARE CRAFTSMANSHIP TOLEDO
Liferay + Tomcat Liferay + Tomcat
Liferay + Tomcat Liferay + Tomcat
LELK

68. SOFTWARE CRAFTSMANSHIP TOLEDO

69. SOFTWARE CRAFTSMANSHIP TOLEDO
LELK: Roles
• Server —> ElasticSearch +
Logstash + Kibana
• Clients -> Liferay Deployment

70. SOFTWARE CRAFTSMANSHIP TOLEDO
Role: liferay-deployment
• Ansible Role: liferay-users (add liferay
user with UID=1000)
• Ansible Role: liferay-os-tools (vim, htop,
curl, rsync, tree, zip)
• Ansible Role: liferay-dev-tools (java)
• Ansible Role: liferay-logstash-forwarder

71. SOFTWARE CRAFTSMANSHIP TOLEDO
Role: logstash-forwarder
• Copy SSL certificate
• Copy init.d startup
• Copy logstash-forwarder configuration
logstash-forwarder.conf.j2

72. SOFTWARE CRAFTSMANSHIP TOLEDO
Role: logstash-forwarder

73. SOFTWARE CRAFTSMANSHIP TOLEDO
Role: elastic-search-server
• Install Logstash
• Install ElasticSearch
• Install Kibana
• Install Nginx

74. SOFTWARE CRAFTSMANSHIP TOLEDO
Role: elastic-search-server
logstash-input.conf.j2
logstash-output.conf.j2

75. SOFTWARE CRAFTSMANSHIP TOLEDO
LELK Next??
• Applied logstash-forwarder role to
more machines, setting log_paths
and tags variable to the desired file.
• Add more client types —> Apache
Server, Firewall

76. SOFTWARE CRAFTSMANSHIP TOLEDO
With tests!!!

77. SOFTWARE CRAFTSMANSHIP TOLEDO

78. SOFTWARE CRAFTSMANSHIP TOLEDO
Recap
• Server are hard to maintain up-to-date
• Automation over infrastructure
• Infrastructure as code
• Ansible Inventory & Modules
• Variables & template system
• Playbooks & Roles & Galaxy

79. SOFTWARE CRAFTSMANSHIP TOLEDO
What about using GIT
to version
Inventory and Roles??

80. Meet OUR server room

81. Thanks!