Infrastructure as Code

Describe your infrastructure in textual format and configure them using that description

Never perform system and software configurations manually
Use templates / scripts describing how to install / configure systems /devices /software / users
Configuration Management Systems make this possible

Convergence

Rather than describing the steps needed to make a change, the language describes the final state in which one wants to end up
The agent then ensures that the necessary steps are taken to end up in this "policy compliant state"
Thus, configuration can be run again and again, whatever the initial state of a system, and it will end up with a predictable result

Agent vs Agent-less

Advantages of Agent based

Rich client can do more and run on a schedule
Low volume of network traffic

Advantages of Agent-less based

Small memory footprint and support of rare systems
No need to run an agent all the time on each server

Ansible

Ansible Design Principles

Have a dead simple setup process and a minimal learning curve
Manage machines very quickly and in parallel
Avoid custom-agents and additional open ports, be agentless by leveraging the existing SSH daemon
Describe infrastructure in a language that is both machine and human friendly
Focus on security and easy auditability/review/rewriting of content
Manage new remote machines instantly, without bootstrapping any software
Allow module development in any dynamic language, not just Python
Be usable as non-root
Be the easiest IT automation system to use, ever

Ansible Terminology

The following list contains a quick overview of the most relevant terms used by Ansible:

Control Node: the machine where Ansible is installed, responsible for running the provisioning on the servers you are managing.
Inventory: an INI file that contains information about the servers you are managing.
Playbook: a YAML file containing a series of procedures that should be automated.
Task: a block that defines a single procedure to be executed, e.g.: install a package.
Module: a module typically abstracts a system task, like dealing with packages or creating and changing files.
Role: a set of related playbooks, templates and other files, organized in a pre-defined way to facilitate reuse and share.
Play: a provisioning executed from start to finish is called a play.
Facts: global variables containing information about the system, like network interfaces or operating system.
Handlers: used to trigger service status changes, like restarting or reloading a service.

Ansible Components

Inventory: The list of servers and optionally variables to operate on

Playbook: The collection of "plays" in YAML format to operate on the servers

Plays: A list of tasks and handlers to execute on each targeted server

Tasks: Instructions to cary out the configuration

Inventory File

The inventory files tells Ansible what servers to act on
Ansible allow you to place servers into groups (e.g., webservers, dbservers) and then make changes on entire groups of servers at the same time instead of changing them one-by-one
Groups allow you to specify servers of the same type

web1 ansible_ssh_host=192.168.56.20
db1 ansible_ssh_host=192.168.56.30

[webservers]
web1

[dbservers]
db1

[datacenter:children]
webservers
dbservers

Hierarchy of Groups

Playbooks

Ansible stores it’s instructions in files called "Playbooks"
Expressed in YAML language
Composed of one or more "plays" in a list
Allows for multi-machine deployment orchestration

Playbook — Tasks

Are executed in the order they are specified against all machines that match the host pattern
May be included from other files
If a task fails, the remaining playbook are not executed for that host
Each task executes a module with specific options
Modules are idempotent in order to bring the system to a desired state

Playbook — Handlers

Notifications may be triggered at the end of each block of tasks that modify the remote system
Handlers are referred to by name and can perform operations like restarting services that have had their configuration changed

tasks:
  - name: Create template configuration file
    template: src=template.j2 dest=/etc/httpd/httpd.conf
    notify:
      - restart apache

handlers:
  - name: restart apache
    service: name=apache state=restarted

Example Playbook

python.yaml:

---
- name: Performing Package Maintenance on All nodes
  hosts: all
  become: yes
  tasks:
    - name: Update and upgrade local packages
      apt: upgrade=full update_cache=yes
- name: Installing Python development environment
  hosts: all
  become: yes
  tasks:
    - name: install required packages for Python using the apt module
      apt: package={{ item }} update_cache=yes
      with_items:
        - git
        - python-pip
        - python-dev
        - build-essential

Roles

Based on a know file structure

site.yaml
webservers.yaml
roles/
  webservers/
    files/
    templates/
    tasks/
    handlers/
    vars/
    defaults/

webservers.yaml:

---
- hosts: webservers
  roles:
    - webservers

Vagrant Integration

Ansible is supported by Vagrant so that you can use the same Ansible Playbooks to configure your local VM and remote servers

  #
  # Run Ansible using the guest plugin
  #
  config.vm.provision :guest_ansible do |guest_ansible|
    guest_ansible.playbook = "python.yaml"
    guest_ansible.extra_vars = { user: "vagrant" }
    guest_ansible.sudo = true
  end

Example 1: LAMP STACK

This will install Apache, MySQL, & PHP on Linux (LAMP)

######################################################################
# LAMP Stack Example #1
######################################################################
---
- hosts: webserver
  become: yes
  tasks:
    - name: Install MySQL server
      apt: name=mysql-server state=latest
    - name: Install Apache module for MySQL authentication
      apt: name=libapache2-mod-auth-mysql state=latest
    - name: Install MySQL module for PHP
      apt: name=php5-mysql state=latest

Example 2: Same LAMP STACK but better

A better way would be to use the iteration of with_items

######################################################################
# LAMP Stack Example #2
######################################################################
---
- hosts: webservers
  become: yes
  tasks:
    - name: install packages
  apt: name={{item}} state=latest update_cache=yes
  with_items:
    - mysql-server
    - libapache2-mod-auth-mysql
    - php5-mysql

PreviousKubernetes

Last updated 4 years ago