5. A TOOL FOR ALL OF US
ANSIBLE
• Automate machine
provisioning and
deployments
• Agentless
• Configuration
management
• Idempotent
6. (TELL ME THE MAGIC)
HOW DOES ANSIBLE FIT IN?
• An orchestration machine with a usable shell prompt (*NIX)
• Server(s) accessible by SSH to orchestrate changes
SSH
9. THE THING YOU DO
TASK AND HANDLER
• A task is the most granular
“thing” you do. For example:
• Copy a file
• Start a process
• Create a file using Jinja2 syntax
• Tasks are linear, whereas handlers
are invoked by task completion
(similar to WordPress hooks)
• Tasks can loop, and may contain
conditional evaluation
10. A CONTAINER FOR TASKS AND HANDLERS
ROLES
• Roles are sets of tasks and
handlers that Ansible
executes
• Think shell script, but
better organized and
easier to read
• Roles can have default
variables, and be
overridden by a play
11. HOW ANSIBLE STITCHES IT TOGETHER
PLAYBOOK
• A playbook is a
collection of plays
• A play is a
collection of roles
• One can assign plays
to a host or host
group
http://docs.ansible.com/ansible/playbooks.html
12. CONFIGURATION MANAGEMENT’S BEST FRIEND
VARIABLES
• Variables can be specified at 3
levels
• Global (config / env /
command line)
• Play
• Host
• Don’t hard code configuration,
leverage variables and set
defaults for overriding
{x}http://docs.ansible.com/ansible/playbooks_variables.html
13. DEFINING WHO WE ARE
HOSTS
• A play can target a host or a
group of hosts
• Inventory may be static or
dynamic (eg. AWS)
• Specific host-related
information to access server
• User must have sudo
privileges to perform
system tasks
15. CONFIGURE A HOST
1.Make a SSH key pair
ssh-keygen -t ecdsa -f deploy
2.Copy your key file to the host (deploy.pub) and
append the file contents to ~/.ssh/authorized_keys
3.Ansible user needs sudo access (or “become” won’t work)
4.Install python modules python-httplib2 and
libselinux-python
17. YOU DON’T HAVE TO WRITE EVERY ROLE
DOWNLOAD SOME ROLES
ansible-galaxy install sbaerlocher.wp-cli
ansible-galaxy install linuxhq.ius
ansible-galaxy install geerlingguy.apache
ansible-galaxy install geerlingguy.php
ansible-galaxy install geerlingguy.mysql
ansible-galaxy install geerlingguy.php-mysql
ansible-galaxy install geerlingguy.firewall
18. BECAUSE NOT ALL ROLES WORK OUT OF THE BOX
MODIFING GALAXY ROLES
• Let’s check out 2 roles I modified
https://github.com/alanlok/ansible-role-wordpress.git
https://github.com/alanlok/ansible-role-wordpress-apache.git
• Modified from ansible-galaxy author darthwade’s roles
• Made more variables available for customization
• Made roles RedHat Linux friendly
• You can write your own roles too!
19. FILES IN YOUR STRUCTURE
CREATING YOUR OWN PLAYBOOK
•vault
•wordpress-simple.yml
•group_vars
•wordpress
•config
•roles
•ansible-role-wordpress
•ansible-role-wordpress-apache
•hosts
•wordpress-simple.yml
YAML file containing your
host group’s variables
Your custom roles
in the roles directory
Which hosts should Ansible act on
Your playbook
Where I like to keep my secrets
20. SECRET SAUCE TO MAKE IT UNIQUE
THE GROUP VARIABLES
---
apache_user: "apache"
apache_group: "apache"
wp_version: 4.5
wp_site_name: 'site1'
wp_install_dir: '/var/www/html/{{ wp_site_name }}'
wp_db_name: '{{ wp_site_name }}'
wp_db_user: '{{ wp_site_name }}_user'
wp_db_host: 'localhost'
wp_apache_hostname: '{{ wp_site_name }}.vm'
Yup, how else can I give a demo!
21. SECURE YOUR SECRETS
ANSIBLE-VAULT
• Create your own password variables by running
ansible-vault create vault/wordpress-simple.yml
• This ansible file is encrypted once you save:
---
wp_db_password: 'password'
admin_db_password: 'root'