Latest revision as of 02:25, 29 March 2019

https://charlesreid1-docker.github.io/charlesreid1-ansible/

Ansible can be thought of as a for-loop over SSH scripts, but it's also much more than that. Ansible is all about taking care of the heavy lifting involved in infrastructure automation.

Basic Features

Main article: Ansible/Basics

Summary:

Ansible is Python-based
Ansible uses playbooks, which are YAMl files, to configure remote machines
Ansible is push-based, which means your workflow involves making changes to the playbook and pushing those changes to the server
Ansible is idempotent, which means you can run the playbook multiple times and it will only carry out new tasks (it will not repeat tasks)
Ansible allows executing arbitrary shell commands
Ansible uses Jinja templates, in addition to YAML, to deploy files to machines

Directory Structure

The basic directory structure we'll use with Ansible is to create a playbooks directory to hold everything:

playbooks/
    hosts       <-- ansible inventory file
    .vagrant/   <-- directory used by vagrant for keys/machines (if using vagrant)
    playbook.yml

See Ansible/Directory Layout for a much more detailed discussion.

Using Ansible

Using Ansible Locally with Vagrant

Main article: Ansible/Vagrant

Vagrant allows you to set up virtual machine(s) using VirtualBox, which can give you a way of testing Ansible scripts locally (without using the AWS or Google Cloud platforms).

Ansible uses the hosts file to connect to Vagrant. You can either manage the hosts file by hand (for a small number of machines), or you can use a dynamic inventory script (for an arbitrary number of machines).

See Ansible/Vagrant for coverage of both methods when using Vagrant.

See Ansible/Vagrant/Dynamic_Inventory for a dynamic inventory script with Vagrant.

Using Ansible with EC2

Main article: Ansible/EC2

When using Ansible with Amazon AWS EC2, AWS manages the compute nodes.

Like with Vagrant, Ansible uses the hosts file to connect to the EC2 nodes. The hosts file can either be maintained by hand using the information from AWS, or a dynamic inventory script can be used to call the AWS API and get information about computational resources to give to Ansible.

See Ansible/EC2 for coverage of both methods (the static inventory script and the dynamic inventory script) when using Amazon EC2.

See Ansible/EC2/Dynamic Inventory for an example EC2 dynamic inventory script.

Ansible Features

Playbooks

Playbooks are the central feature of Ansible, and are where you tell Ansible what to do on what machines.

Ansible/Playbooks - this is where Ansible becomes really powerful

Ansible/Variables - defining and using variables to remove complexity

Hosts

Ansible host files tell Ansible how to work with host machines. Ansible can also interact programmatically with hosts.

Ansible/Hosts - configuring machines to work with Ansible

Roles

Roles can provide multiple "routes" through a playbook for different types of machines

Ansible/Roles - defining and using roles to make playbooks more powerful

Vaults and Secrets

Ansible uses vaults to encrypt and store keys and secrets. You can include a vault in playbooks/group_vars and have ansible ask for a password on the command line:

ansible-playbook site.yml --ask-vault-pass

Ansible/Vaults - mechanism for encrypting and decrypting secrets

Flags

@@ Line 1: / Line 1: @@
-=Notes=
+https://charlesreid1-docker.github.io/charlesreid1-ansible/
-Ansible can be thought of as a for-loop over SSH scripts, but it's also much more than that.
+Ansible can be thought of as a for-loop over SSH scripts, but it's also much more than that. Ansible is all about taking care of the heavy lifting involved in infrastructure automation.
 ==Basic Features==
-Ansible config management scripts (playbooks) are in YAML. This is like executable documentation - kind of like a readme containing all the commands you would otherwise be running, all typed out, except instructions won't go out of date because they're actually being executed.
+{{Main|Ansible/Basics}}
-Ansible servers require SSH and Python.
+Summary:
-===Push Based===
+* Ansible is Python-based
+* Ansible uses playbooks, which are YAMl files, to configure remote machines
+* Ansible is push-based, which means your workflow involves making changes to the playbook and pushing those changes to the server
+* Ansible is idempotent, which means you can run the playbook multiple times and it will only carry out new tasks (it will not repeat tasks)
+* Ansible allows executing arbitrary shell commands
+* Ansible uses Jinja templates, in addition to YAML, to deploy files to machines
-Ansible is push-based, which means the workflow looks like this:
+==Directory Structure==
-* You make a change to the playbook
+The basic directory structure we'll use with Ansible is to create a <code>playbooks</code> directory to hold everything:
-* You run the new playbook
-* Ansible connects to servers and executes modules, changing the server state
-The <code>ansible-playbook</code> command is the gateway to connecting to the remote server.
-The push-based approach means you control when things happen to the server, making scaling easier.
-===Scaling Down, Too===
-Ansible obeys Alan Kay’s maxim: “Simple things should be simple; complex things should be possible.”
-===Modules===
-Ansible allows you to execute arbitrary shell commands.
-Ansible also offers more powerful feature: modules, which perform tasks like installing packages restarting services, or copying config files.
-Modules are declarative: describe/declare the state you want the server to be in. Example: invoke the user module to ensure there is an account named "deploy" that is in the group "web"
 <pre>
-user: name=deploy group=web
+playbooks/
+    hosts       <-- ansible inventory file
+    .vagrant/   <-- directory used by vagrant for keys/machines (if using vagrant)
+    playbook.yml
 </pre>
-Ansible is idempotent - meaning, if the user already exists, it will do nothing. This makes it safe to run the Ansible script multiple times.
+See [[Ansible/Directory Layout]] for a much more detailed discussion.
-===What You Should Know===
+==Using Ansible==
-List of things you should know how to do before getting started:
+===Using Ansible Locally with Vagrant===
-* connect to remote machine via SSH
+{{Main|Ansible/Vagrant}}
-* interact with bash command line shell (pipes and redirects)
-* install packages
-* use sudo command
-* check and set file permissions
-* start/stop services
-* set env vars
-* write scripts (any language)
-Ansible also uses uses YAML and Jinja and is Python-based.
+[[Vagrant]] allows you to set up virtual machine(s) using VirtualBox, which can give you a way of testing Ansible scripts locally (without using the AWS or Google Cloud platforms).
+Ansible uses the hosts file to connect to Vagrant. You can either manage the hosts file by hand (for a small number of machines), or you can use a dynamic inventory script (for an arbitrary number of machines).
-==Directory Structure==
+See [[Ansible/Vagrant]] for coverage of both methods when using Vagrant.
-The basic directory structure we'll use with Ansible is to create a <code>playbooks</code> directory to hold everything:
+See [[Ansible/Vagrant/Dynamic_Inventory]] for a dynamic inventory script with Vagrant.
-<pre>
+===Using Ansible with EC2===
-playbooks/
-    .vagrant/   <-- directory used by vagrant for keys/machines
-    hosts       <-- ansible inventory file
-</pre>
-==Using Ansible Locally with Vagrant==
+{{Main|Ansible/EC2}}
-[[Vagrant]] allows you to set up virtual machine(s) using VirtualBox, which can give you a way of testing Ansible scripts locally (without using the AWS or Google Cloud platforms). You can then connect Ansible with vagrant to manage and set up compute nodes using Ansible.
+When using Ansible with Amazon AWS EC2, AWS manages the compute nodes.
-===Before you begin: set up vagrant box===
+Like with Vagrant, Ansible uses the hosts file to connect to the EC2 nodes. The hosts file can either be maintained by hand using the information from AWS, or a dynamic inventory script can be used to call the AWS API and get information about computational resources to give to Ansible.
-See the [https://charlesreid1.com/wiki/Vagrant#Basic_Startup_Shutdown_Procedure Basic Startup and Shutdown Procedure] section of the [[Vagrant]] page for steps to set up a Vagrant box, connect to it via SSH, and (when we're done) shut down the box.
+See [[Ansible/EC2]] for coverage of both methods (the static inventory script and the dynamic inventory script) when using Amazon EC2.
-===Connect Ansible to Vagrant===
+See [[Ansible/EC2/Dynamic Inventory]] for an example EC2 dynamic inventory script.
-Once we start up a Vagrant box, we can get Ansible working with the Vagrant boxes by telling Ansible about how to connect to the machines that Vagrant created.
+==Ansible Features==
-To do this, we create an inventory file in <code>playbooks/hosts</code>. Recall from the [[Vagrant]] page that Vagrant started a Ubuntu server, which was available via IP address 127.0.0.1 on port 2222 (see output of <code>vagrant ssh-config</code> from [https://charlesreid1.com/wiki/Vagrant#Connect_to_Vagrant_Machine Connect to Vagrant Machine] section). We were able to SSH to the machine both using the <code>vagrant ssh</code> command, and a plain <code>ssh</code> command that used the private key in the .vagrant directory.
+===Playbooks===
-These details should all be passed to Ansible via the inventory file:
+Playbooks are the central feature of Ansible, and are where you tell Ansible what to do on what machines.
-<pre>
+[[Ansible/Playbooks]] - this is where Ansible becomes really powerful
-$ cat playbooks/hosts
-myvagrantbox ansible_host=127.0.0.1 ansible_port=2222 ansible_user=vagrant ansible_private_key_file=.vagrant/machines/default/virtualbox/private_key
+[[Ansible/Variables]] - defining and using variables to remove complexity
-</pre>
-(Note that the private key file is shown when you run <code>vagrant ssh-config</code> with the vagrant box running.)
+===Hosts===
-'''Side note:''' once you are ready to run with an AWS EC2 node, you would specify the hostname of the EC2 node and the AWS .pem private key, like so:
+Ansible host files tell Ansible how to work with host machines. Ansible can also interact programmatically with hosts.
-<pre>
+[[Ansible/Hosts]] - configuring machines to work with Ansible
-$ cat playbooks/hosts
-myamazonbox ansible_host=ec2-203-0-113-120.compute-1.amazonaws.com ansible_user=ubuntu ansible_private_key_file=/path/to/keyfile.pem
+===Roles===
-</pre>
-Your vagrant boxes should be up and running with the <code>vagrant up</code> command.
+Roles can provide multiple "routes" through a playbook for different types of machines
-Now connect:
+[[Ansible/Roles]] - defining and using roles to make playbooks more powerful
-<pre>
+===Vaults and Secrets===
-$ ansible myvagrantbox -i hosts -m ping
-</pre>
-You should see
+Ansible uses vaults to encrypt and store keys and secrets. You can include a vault in <code>playbooks/group_vars</code> and have ansible ask for a password on the command line:
 <pre>
-myvagrantbox | success >> {
+ansible-playbook site.yml --ask-vault-pass
-    "changed": false,
-    "ping": "pong"
-}
 </pre>
-If it did not succeed, re-run with the <code>-vvvv</code> flag for max verbosity to help debug the issue.
+[[Ansible/Vaults]] - mechanism for encrypting and decrypting secrets
-This is a basic vagrant script (module) that just runs a ping test; if the server on the other end responds, it results in a pong. The "'changed': false" indicates that Ansible is not changing the state of the machine.
 =Flags=
-[[Category:Data Engineering]]
+{{AnsibleFlag}}
-[[Category:DevOps]]
-[[Category:Ansible]]
-[[Category:Infrastructure]]
-[[Category:AWS]]

Ansible: Difference between revisions

From charlesreid1