ANSIBLE BEST PRACTICES: THE ESSENTIALS Ansible Automates: DC. Jamie

Similar documents
ANSIBLE BEST PRACTICES: THE ESSENTIALS

Managing Infrastructure with Python, Fabric and Ansible. By Tim Henderson hackthology.com github.com/timtadh

Inventory. PlayBook. Python. Ansible Config. Modules SSH

Network Automation: Ansible 101

Automating All The Things. Sebastian Feldmann

Automate all the things. Sebastian Feldmann

Ansible Tower Quick Setup Guide

Automatically deploy Schema Changes with Ansible and Liquibase

INDIGO PAAS TUTORIAL. ! Marica Antonacci RIA INFN-Bari

Automatically deploy Schema Changes with Ansible and Liquibase

Ansible Cookbook 2014

Orchestrate JBoss Middleware with Ansible Tower Red Hat Summit San Francisco

Public Cloud - Azure workshop

CREATING A CLOUD STRONGHOLD: Strategies and Methods to Manage and Secure Your Cloud


This tutorial provides a basic understanding of the infrastructure and fundamental concepts of managing an infrastructure using Chef.

NetDevOps Style Configuration Management for the Network

We are ready to serve Latest Testing Trends, Are you ready to learn?? New Batches Info

DevOps Technologies. for Deployment

Important DevOps Technologies (3+2+3days) for Deployment

DevOps Course Content

Quick Prototyping+CI with LXC and Puppet

Version Control. Second level Third level Fourth level Fifth level. - Software Development Project. January 11, 2017

Developing Kubernetes Services

Ground Control Segment automated deployment and configuration with ANSIBLE and GIT

Software Revision Control for MASS. Git Installation / Configuration / Use

DC/OS on Google Compute Engine

Pulp Python Support Documentation

OpenShift Roadmap Enterprise Kubernetes for Developers. Clayton Coleman, Architect, OpenShift

Version control system (VCS)

nacelle Documentation

DevOps examples on NonStop Tools Overview. Cor Geboers, ATC Consultant

Tools. SWE 432, Fall Design and Implementation of Software for the Web

Con$nuous Deployment with Docker Andrew Aslinger. Oct

TangeloHub Documentation

The Road to Digital Transformation: Increase Agility Building and Managing Cloud Infrastructure. Albert Law Solution Architect Manager

UNDER THE HOOD. ROGER NUNN Principal Architect/EMEA Solution Manager 21/01/2015

Version Control. Software Carpentry Github s Hello World Git For Ages 4 And Up You need source code control now

CSE 332: Data Structures and Parallelism Winter 2019 Setting Up Your CSE 332 Environment

Network Automation at Oracle+Dyn NANOG on the Road Boston, 14 Sept 2017

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

git Version: 2.0b Merge combines trees, and checks out the result Pull does a fetch, then a merge If you only can remember one command:

Quipucords Documentation

Be smart. Think open source.

withenv Documentation

Planning & Managing Migrations

Version Control for PL/SQL

Project 3 Students Choice of Native Apps. each milestone s deadline is noon see cs164.net/expectations for each milestone s expectations

Adding Report Folders to Entuity

Tizen Project Guideline. SKKU Embedded Software Lab.

RDO container registry Documentation

Version Control for PL/SQL

Note: Currently (December 3, 2017), the new managed Kubernetes service on Azure (AKS) does not yet support Windows agents.

Software Development I

Outline The three W s Overview of gits structure Using git Final stuff. Git. A fast distributed revision control system

Administrator's Guide

DevOps Course Content

What is git? Distributed Version Control System (VCS); Created by Linus Torvalds, to help with Linux development;

NetDevOps Style Configuration Management for the Network

Overhauling Dev Arch with Ansible Tower and Docker

On-demand Authentication Infrastructure for Test and Development Andrew Leonard Dell EMC/Isilon

Git. A fast distributed revision control system. Nils Moschüring PhD Student (LMU)

projecto Documentation

Lab 08. Command Line and Git

Oracle Access Manager Integration Oracle FLEXCUBE Payments Release [Feb] [2018]

Red Hat Satellite 6.3

Using Ansible and Redfish to automate systems management. Jose Delarosa May 9, 2018

Hands-On Tutorial: Developing and Onboarding Services in CORD

Think Small to Scale Big

Introduction to distributed version control with git

EXITING VACUUM INTEGRATING CONFIGURATION MANAGEMENT

Adding Transparency and Automation into the Galaxy Tool Installation Process

Tanium IaaS Cloud Solution Deployment Guide for Microsoft Azure

Ansible for Incident Response

TM DevOps Use Case. 2017TechMinfy All Rights Reserved

Bitnami MEAN for Huawei Enterprise Cloud

Red Hat Satellite 6.3

Bitnami Apache Solr for Huawei Enterprise Cloud

CA GovernanceMinder. CA IdentityMinder Integration Guide

USING GIT WITH, AND AUTOMATING MUNKI. Adam Reed

Securing Amazon Web Services (AWS) EC2 Instances with Dome9. A Whitepaper by Dome9 Security, Ltd.

DEVOPSIFYING NETWORK SECURITY. An AlgoSec Technical Whitepaper

Deployability. of Python. web applications

[Software Development] Development Tools. Davide Balzarotti. Eurecom Sophia Antipolis, France

USING GIT FOR AUTOMATION AND COLLABORATION JUSTIN ELLIOTT - MATT HANSEN PENN STATE UNIVERSITY

Test environment configuration with Ansible.

DevOps Lifecycle Manager

Lab 01 How to Survive & Introduction to Git. Web Programming DataLab, CS, NTHU

OPENSHIFT FOR OPERATIONS. Jamie Cloud Guy - US Public Sector at Red Hat

Red Hat OpenStack Platform 14

Oracle Policy Automation The modern enterprise advice platform

SSH Deploy Key Documentation

Focus mainly on the technical part of things Foundation to manage Azure resources

Build Cloud like Rackspace with OpenStack Ansible

Rubix Documentation. Release Qubole

CS 390 Software Engineering Lecture 5 More Git

kayobe Documentation OpenStack Foundation

Snapshot Best Practices: Continuous Integration

SUG Breakout Session: OSC OnDemand App Development

AGENDA. 13:30-14:25 Gestion des patches, du provisionning et de la configuration de RHEL avec Satellite 6.1, par Michael Lessard, Red Hat

Transcription:

ANSIBLE BEST PRACTICES: THE ESSENTIALS Ansible Automates: DC Jamie Duncan @jamieeduncan cloudguy@redhat.com

about jduncan 6+ years with Red Hat Coming Soon #shamelessplug 2 My daughter Elizabeth #cutestthingever

THIS SESSION IS ABOUT NUTS AND BOLTS Roadmaps are great. This is not one of them. For this session, I m making the assumption that you re currently writing Ansible playbooks. My goal is to help you make those playbooks more effective. 3

AUTOMATION == DOCUMENTATION If done properly, the process of automating a process can become the documentation for the process. Everything in Ansible revolves around this core concept. 4

WORKFLOW Treat Ansible content like application code Version control is your best friend Start as simple as possible and iterate Start with a basic playbook and static inventory Refactor and modularize progressively as you and your environment mature 5

WORKFLOW Do It with Style Create a style guide for all contributors Consistency in: Tagging Whitespace Naming of Tasks, Plays, Variables, and Roles Directory Layouts Enforce the style 6

PROJECT LAYOUTS: BASIC basic-project/ inventory group_vars host_vars hosts site.yml 7

PROJECT LAYOUTS: ORGANIZATIONAL ROLES myapp/ roles myapp tasks main.yml etc.etc nginx etc.etc proxy etc.etc site.yml 8

PROJECT LAYOUTS: SHARED ROLES myapp/ config.yml provision.yml roles requirements.yml site.yml 9

INVENTORY Give inventory nodes human-meaningful names rather than IPs or DNS hostnames. 10.1.2.75 10.1.5.45 10.1.4.5 10.1.0.40 db1 ansible_host=10.1.2.75 db2 ansible_host=10.1.5.45 db3 ansible_host=10.1.4.5 db4 ansible_host=10.1.0.40 w14301.acme.com w17802.acme.com w19203.acme.com w19304.acme.com web1 ansible_host=w14301.acme.com web2 ansible_host=w17802.acme.com web3 ansible_host=w19203.acme.com web4 ansible_host=w19203.acme.com 10

INVENTORY Group hosts for easier inventory selection and less conditional tasks -- the more groups the better. WHAT WHERE WHEN 11 [db] db[1:4] [web] web[1:4] [east] db1 web1 db3 web3 [west] db2 web2 db4 web4 [dev] db1 web1 [test] db3 web3 [prod] db2 web2 db4 web4

INVENTORY Use a single source of truth if you have it -- even if you have multiple sources, Ansible can unify them. Stay in sync automatically Reduce human error Use your instance and provider metadata for more than pretty columns in your TPS reports 12

VARIABLES Proper variable naming can make plays more readable and avoid variable name conflicts Use descriptive, unique human-meaningful variable names Prefix variables with it s owner such as a role name, service, or package apache_max_keepalive: 25 apache_port: 80 tomcat_port: 8080 13

VARIABLES Make the most of variables Find the appropriate place for your variables based on what, where and when they are set or modified Separate logic (tasks) from variables to reduce repetitive patterns and provided added flexibility. 14

SEPARATE LOGIC FROM VARIABLES 15 - name: Clone student lesson app for a user host: nodes tasks: - name: Create ssh dir file: state: directory path: /home/{{ username }}/.ssh - name: Set Deployment Key copy: src: files/deploy_key dest: /home/{{ username }}/.ssh/id_rsa - name: Clone repo git: accept_hostkey: yes clone: yes dest: /home/{{ username }}/lightbulb key_file: /home/{{ username }}/.ssh/id_rsa repo: git@github.com:example/apprepo.git EXHIBIT A Embedded parameter values and repetitive home directory value pattern in multiple places Works but could be more clearer and setup to be more flexible and maintainable

SEPARATE LOGIC FROM VARIABLES - name: Clone student lesson app for a user host: nodes vars: user_home: /home/{{ username }} user_ssh: "{{ user_home }}/.ssh" deploy_key: "{{ user_ssh }}/id_rsa" app_dest: "{{ user_home }}/exampleapp" tasks: - name: Create ssh dir file: state: directory path: "{{ user_ssh }}" - name: Set Deployment Key copy: src: files/deploy_key dest: "{{ deploy_key }}" EXHIBIT B Parameters values are set thru values away from the task and can be overridden. Human meaningful variables document what s getting plugged into a task parameter 16 - name: Clone repo git: dest: "{{ app_dest }}" key_file: "{{ deploy_key }}" repo: git@github.com:example/exampleapp.git More easily refactored into a role

PLAYS & TASKS Use native YAML syntax to maximize the readability of your plays Vertical reading is easier Supports complex parameter values Works better with editor syntax highlighting in editors 17

USE NATIVE YAML SYNTAX NO! - name: install telegraf yum: name=telegraf-{{ telegraf_version }} state=present update_cache=yes disable_gpg_c notify: restart telegraf - name: configure telegraf template: src=telegraf.conf.j2 dest=/etc/telegraf/telegraf.conf - name: start telegraf service: name=telegraf state=started enabled=yes 18

USE NATIVE YAML SYNTAX Better, but not quite all the way there... - name: install telegraf yum: > name=telegraf-{{ telegraf_version }} state=present update_cache=yes disable_gpg_check=yes enablerepo=telegraf notify: restart telegraf - name: configure telegraf template: src=telegraf.conf.j2 dest=/etc/telegraf/telegraf.conf - name: start telegraf service: name=telegraf state=started enabled=yes 19

USE NATIVE YAML SYNTAX - name: install telegraf yum: name: telegraf-{{ telegraf_version }} state: present update_cache: yes disable_gpg_check: yes enablerepo: telegraf notify: restart telegraf - name: configure telegraf template: src: telegraf.conf.j2 dest: /etc/telegraf/telegraf.conf notify: restart telegraf 20 - name: start telegraf service: name: telegraf state: started enabled: yes

PLAYS & TASKS Names improve readability and user feedback Give all your playbooks, tasks and blocks brief, reasonably unique and human-meaningful names $myvar is never a good thing, and typing isn t that hard 21

PLAYS & TASKS EXHIBIT A - hosts: web tasks: - yum: name: httpd state: latest - service: name: httpd state: started enabled: yes PLAY [web] ******************************** TASK [setup] ******************************** ok: [web1] TASK [yum] ******************************** ok: [web1] TASK [service] ******************************** ok: [web1] 22

PLAYS & TASKS EXHIBIT B - hosts: web name: installs and start apache tasks: - name: install apache packages yum: name: httpd state: latest - name: start apache service service: name: httpd state: started enabled: yes PLAY [install and start apache] ******************************** TASK [setup] ******************************** ok: [web1] TASK [install apache packages] ******************************** ok: [web1] TASK [start apache service] ******************************** ok: [web1] 23

PLAYS & TASKS Focus avoids complexity Keep plays and playbooks focused. Multiple simple playbooks are better than having a single, overburdened playbook full of conditional logic. 24

PLAYS & TASKS Clean up your debugging tasks Make them optional with the verbosity parameter so they re only displayed when they are wanted. - debug: msg: "This always displays" - debug: msg: "This only displays with ansible-playbook -vv+" verbosity: 2 25

PLAYS & TASKS Don t just start services -- use smoke tests - name: check for proper response uri: url: http://localhost/myapp return_content: yes register: result until: '"Hello World" in result.content' retries: 10 delay: 1 26

PLAYS & TASKS Use command modules sparingly Use the run command modules like shell and command as a last resort Use the command module unless you really need I/O redirection that shell permits -- but be very careful. 27

PLAYS & TASKS Always seek out a module first - name: add user command: useradd appuser - name: install apache command: yum install httpd - name: start apache shell: service httpd start && chkconfig httpd on - name: add user user: name: appuser state: present - name: install apache yum: name: httpd state: latest - name: start apache service: name: httpd state: started enabled: yes 28

PLAYS & TASKS Still using command modules a lot? - hosts: all vars: cert_store: /etc/mycerts cert_name: my cert tasks: - name: check cert shell: certify --list --name={{ cert_name }} --cert_store={{ cert_store }} grep "{{ cert_name }}" register: output - name: create cert command: certify --create --user=chris --name={{ cert_name }} --cert_store={{ cert_store }} when: output.stdout.find(cert_name)"!= -1 register: output - name: sign cert command: certify --sign --name={{ cert_name }} --cert_store={{ cert_store }} when: output.stdout.find("created")"!= -1 29

PLAYS & TASKS Develop your own module! (seriously) 30 - hosts: all vars: cert_store: /etc/mycerts cert_name: my cert tasks: - name: create and sign cert certify: state: present sign: yes user: chris name: "{{ cert_name }}" cert_store: "{{ cert_store }}"

PLAYS & TASKS Separate provisioning from deployment and configuration tasks acme_corp/ configure.yml provision.yml site.yml $ cat site.yml --- - import_playbook: provision.yml - import_playbook: configure.yml 31

TEMPLATES Jinja2 is powerful but you needn't use all of it Templates should be simple: Variable substitution Conditionals Simple control structures/iterations Design your templates for your use case, not the world's Things to avoid: Managing variables in a template Extensive and intricate conditionals Conditional logic based on embedded hostnames Complex nested iterations 32

TEMPLATES Careful when mixing manual and automated configuration Label template output files as being generated by Ansible {{ ansible_managed comment }} 33

ROLES Roles are the shareable unit of work in Ansible Like playbooks -- keep roles purpose and function focused Use a roles/ subdirectory for roles developed for organizational clarity in a single project Follow the Ansible Galaxy pattern for roles that are to be shared beyond a single project Limit role dependencies 34

ROLES Sharing roles is paramount, and easy Use ansible-galaxy init to start your roles......then remove unneeded directories and stub files Use ansible-galaxy to install your roles -- even private ones Use a roles files (i.e. requirements.yml) to manifest any external roles your project is using Always specify a specific version such using a tag or commit for your roles 35

SCALING YOUR ANSIBLE WORKFLOW Command line tools have their limitations Coordination across a distributed teams & organization Controlling access to credentials... Track, audit and report automation and management activity... Provide self-service or delegation Integrate automation with enterprise systems... 36

Applications and Infrastructure are continuously evolving. Ansible is designed to do the same. Thanks! #AnsibleAutomates @jamieeduncan 37

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback