Skip to content

Instantly share code, notes, and snippets.

@kakerukaeru
Created July 6, 2015 08:41
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save kakerukaeru/e6347a3418e9022e6513 to your computer and use it in GitHub Desktop.

Ansible is nani


agenda

  • how to learn ansible
  • what is ansible
  • let's use ansible command
  • let's create simple playbook
  • advanced for playbook
  • let's create large playbook
  • oreore best practice


how to learn ansible

read http://docs.ansible.com/


what is ansible

  • IT automation tool
    • made python
    • latest version 1.9.1
  • sequential execution
  • parallel processing


Features

  • module → task
  • task → Playbooks.yml
  • Inventory / hosts
  • roles / component
    • handler
  • Jinja2 /template


let's use ansible command


how to install

$ yum install ansible
$ ansible --version
ansible 1.9.1

it's easy :)


how to write Inventory

The format for Inventory file is an INI-like format and looks like this:

kakeru@PC-kakeru:$ cat ansible/inventory/vagrant/kakeru_vagrant.yml
[test]
kakeru_vagrant1
kakeru_vagrant2
kakeru_vagrant3

ex) kakeru_vagrant[1:3]

[stg:children]
test


example module

how to use
Usage: ansible <host-pattern> [options]
  -m MODULE_NAME, --module-name=MODULE_NAME
                        module name to execute (default=command)
  • ping module
kakeru@PC-kakeru:$ ansible test -i ansible/inventory/vagrant/kakeru_vagrant.yml -m ping -f 2
kakeru_vagrant1 | success >> {
    "changed": false, 
    "ping": "pong"
}

kakeru_vagrant2 | success >> {
    "changed": false, 
    "ping": "pong"
}


example module

  • bash module
kakeru@PC-kakeru:$ ansible test -i ansible/inventory/vagrant/kakeru_vagrant1.yml -a "uptime"
kakeru_vagrant1 | success | rc=0 >>
 14:55:46 up 51 min,  1 user,  load average: 0.00, 0.01, 0.02
  • apt module
kakeru@PC-kakeru:$ ansible test -i ansible/inventory/vagrant/kakeru_vagrant1.yml -m apt -s -a name=varnish
kakeru_vagrant1 | success >> {
    "changed": true, 
    "stderr": "", 
    "stdout": "Reading package lists...\nBuilding dependency tree...\n hogehoge"
}


let's create simple playbook


write simple playbook

Playbooks are expressed in YAML format and looks like this:

kakeru@PC-kakeru:$ cat ansible/vagrant.yml
# vi: set ft=yaml :
- hosts: test
  user: vagrant
  sudo: yes
  tasks:
    - name: set kernel parameter
      action: >
        template src=roles/common/templates/etc/sysctl.conf.j2
        dest=/etc/sysctl.conf
        owner=root
        group=root
        mode=0644
      notify:
        - sysctl_p
  handlers:
    - name: sysctl_p
      command: /sbin/sysctl -q -e -p
  vars:
    net_ipv4_ip_forward : 0
    net_ipv4_conf_default_rp_filter : 1
    net_ipv4_conf_default_accept_source_route : 0
    kernel_sysrq : 1
    kernel_core_uses_pid : 1
    net_ipv4_tcp_syncookies : 1
    net_bridge_bridge_nf_call_ip6tables : 0


prepare the template

template are expressed in Jinja2 format

kakeru@PC-kakeru:$ cat ansible/roles/common/templates/etc/sysctl.conf.j2
# Kernel sysctl configuration file for Red Hat Linux
# 
# For binary values, 0 is disabled, 1 is enabled.  See sysctl(8) and
# sysctl.conf(5) for more details.

# Controls IP packet forwarding
net.ipv4.ip_forward = {{ net_ipv4_ip_forward }}

# Controls source route verification
net.ipv4.conf.default.rp_filter = {{net_ipv4_conf_default_rp_filter}}

# Do not accept source routing
net.ipv4.conf.default.accept_source_route = {{ net_ipv4_conf_default_accept_source_route }}

# Controls the System Request debugging functionality of the kernel
kernel.sysrq = {{ kernel_sysrq }}

# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = {{ kernel_core_uses_pid }}

# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = {{ net_ipv4_tcp_syncookies }}

# Disable netfilter on bridges.
net.bridge.bridge-nf-call-ip6tables = {{ net_bridge_bridge_nf_call_ip6tables }}


To start up ansible-playbook

kakeru@PC-kakeru:$ ansible-playbook -i ansible/inventory/vagrant/kakeru_vagrant1.yml ansible/vagrant.yml 

PLAY [test] ******************************************************************* 

GATHERING FACTS *************************************************************** 
ok: [kakeru_vagrant1]

TASK: [set kernel parameter] ************************************************** 
ok: [kakeru_vagrant1]

PLAY RECAP ******************************************************************** 
kakeru_vagrant1            : ok=2    changed=0    unreachable=0    failed=0

So Simple :)


advanced for playbook


--with_items

- name: add script for lb_check6
  action: >
    template src=usr/local/sbin/{{ item }}.j2
    dest=/usr/local/sbin/{{ item }}
    owner=root
    group=root
    mode=0755
  with_items:
    - lb_check6.sh
    - lb_check6_var


--with_items 2

  tasks:
    - name: install base_packages
    apt: name={{ item }} state=present
    with_items:
      - "{{ base.packages }}"
  vars:
    base:
      packages:
        - figlet
        - telnet
        - jq
        - wget
        - heirloom-mailx
        - zsh
        - screen
        - nmap
        - netcat-openbsd
        - tmux
        - lsof
        ...


--register & --ignore_errors & --when

- name: check jq's src
  action: >
    command [ -e /usr/local/src/jq_1.4-1~bpo70+1_amd64.deb ]
  register: result
  ignore_errors: True

- name: downloadi&install jq
  action: >
    get_url url="http://ftp.jp.debian.org/debian/pool/main/j/jq/jq_1.4-1~bpo70+1_amd64.deb"
    dest=/usr/local/src
    mode=0644
  notify:
    - install_jq
  when: result|failed


--register & --when 2

- template: >
    src=etc/apt/sources.list
    dest=/etc/apt/sources.list
    owner=root
    group=root
    mode=0644
  register: apt_sources_list
- apt: update_cache=yes
  when: apt_sources_list|changed
- apt: update_cache=yes cache_valid_time=3600
  when: apt_sources_list|skipped


other option

  • pleybook option
    • --connection=local
    • --until
    • --vars_prompt
  • command option
    • --check
    • --diff


let's create large playbook


--include

kakeru@PC-kakeru:$ cat ansible/roles/common/tasks/main.yml 
---
# roles/comon/tasks/main.yml
# update source_list
- include: source_list.yml

# add system_users
- include: system_user.yml


--roles

Example project structure:

site.yml
webservers.yml
fooservers.yml
roles/
   common/
     files/
     templates/
     tasks/
       main.yml
       nginx.yml
     handlers/
     vars/
     defaults/
     meta/
   webservers/
     files/
     templates/


--roles

Example playbook:

---
- hosts: webservers
  roles:
     - common
     - webservers


oreore best practice

  • define enviroment variables
    • create group_vars
    • set xxx:children to inventory
  • must use role & set playbook to inventory
    • role → playbook
    • playbook + env → inventory


view sample tree

├── group_vars
│   ├── dev.yml
│   ├── prd.yml
│   ├── stg.yml
│   ├── test.yml
│   └── vagrant.yml
├── inventory
│   ├── cassandra
│   ├── elasticsearch
│   ├── logger
│   ├── sensu
│   ├── uchiwa
│   ├── vagrant
│   └── web
├── web.yml
├── logger.yml
├── README.md
├── roles
│   ├── cassandra
│   ├── common
│   ├── elasticsearch


Tips


Select the host and then execute.

$ cat inventory/vagrant/kakeru_vagrant.yml
[test]
kakeru_vagrant[1:3]
$ ansible-playbook vagrant.yml 
-i inventory/vagrant/kakeru_vagrant.yml -l kakeru_vagrant1

PLAY [test] ******************************************************************* 
.
GATHERING FACTS *************************************************************** 
ok: [kakeru_vagrant1]
.
TASK: [set kernel parameter] ************************************************** 
ok: [kakeru_vagrant1]
.
PLAY RECAP ******************************************************************** 
kakeru_vagrant1            : ok=2    changed=0    unreachable=0    failed=0  


Check the target host.

$ ansible-playbook vagrant.yml 
-i inventory/vagrant/kakeru_vagrant.yml -l kakeru_vagrant1  --list-host

playbook: vagrant.yml

  play #1 (test): host count=1
    kakeru_vagrant1          : ok=2    changed=0    unreachable=0    failed=0  


enjoy ansible :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment