Created
July 6, 2015 08:41
-
-
Save kakerukaeru/e6347a3418e9022e6513 to your computer and use it in GitHub Desktop.
Revisions
-
kakerukaeru created this gist
Jul 6, 2015 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,538 @@ # Ansible is nani  --- # agenda - how to learn ansible - what is ansible - let's use ansible command - let's create simple playbook - advanced for playbook - let's create large playbook - oreore best practice  --- # how to learn ansible read http://docs.ansible.com/  --- # what is ansible - IT automation tool - made python - latest version 1.9.1 - sequential execution - parallel processing  --- ## Features - module → task - task → Playbooks.yml - Inventory / hosts - roles / component - handler - Jinja2 /template  --- # let's use ansible command  --- ### how to install ```bash $ yum install ansible $ ansible --version ansible 1.9.1 ``` it's easy :)  --- ### how to write Inventory #### The format for Inventory file is an INI-like format and looks like this: ```bash kakeru@PC-kakeru:$ cat ansible/inventory/vagrant/kakeru_vagrant.yml [test] kakeru_vagrant1 kakeru_vagrant2 kakeru_vagrant3 ex) kakeru_vagrant[1:3] [stg:children] test ```  --- ### example module ##### how to use ``` Usage: ansible <host-pattern> [options] -m MODULE_NAME, --module-name=MODULE_NAME module name to execute (default=command) ``` - ping module ```bash kakeru@PC-kakeru:$ ansible test -i ansible/inventory/vagrant/kakeru_vagrant.yml -m ping -f 2 kakeru_vagrant1 | success >> { "changed": false, "ping": "pong" } kakeru_vagrant2 | success >> { "changed": false, "ping": "pong" } ```  --- ### example module - bash module ```bash kakeru@PC-kakeru:$ ansible test -i ansible/inventory/vagrant/kakeru_vagrant1.yml -a "uptime" kakeru_vagrant1 | success | rc=0 >> 14:55:46 up 51 min, 1 user, load average: 0.00, 0.01, 0.02 ``` - apt module ```bash kakeru@PC-kakeru:$ ansible test -i ansible/inventory/vagrant/kakeru_vagrant1.yml -m apt -s -a name=varnish kakeru_vagrant1 | success >> { "changed": true, "stderr": "", "stdout": "Reading package lists...\nBuilding dependency tree...\n hogehoge" } ```  --- # let's create simple playbook  --- ### write simple playbook #### Playbooks are expressed in YAML format and looks like this: ```bash kakeru@PC-kakeru:$ cat ansible/vagrant.yml ``` ```python # vi: set ft=yaml : - hosts: test user: vagrant sudo: yes tasks: - name: set kernel parameter action: > template src=roles/common/templates/etc/sysctl.conf.j2 dest=/etc/sysctl.conf owner=root group=root mode=0644 notify: - sysctl_p handlers: - name: sysctl_p command: /sbin/sysctl -q -e -p vars: net_ipv4_ip_forward : 0 net_ipv4_conf_default_rp_filter : 1 net_ipv4_conf_default_accept_source_route : 0 kernel_sysrq : 1 kernel_core_uses_pid : 1 net_ipv4_tcp_syncookies : 1 net_bridge_bridge_nf_call_ip6tables : 0 ```  --- ### prepare the template #### template are expressed in Jinja2 format ```bash kakeru@PC-kakeru:$ cat ansible/roles/common/templates/etc/sysctl.conf.j2 ``` ```bash # Kernel sysctl configuration file for Red Hat Linux # # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and # sysctl.conf(5) for more details. # Controls IP packet forwarding net.ipv4.ip_forward = {{ net_ipv4_ip_forward }} # Controls source route verification net.ipv4.conf.default.rp_filter = {{net_ipv4_conf_default_rp_filter}} # Do not accept source routing net.ipv4.conf.default.accept_source_route = {{ net_ipv4_conf_default_accept_source_route }} # Controls the System Request debugging functionality of the kernel kernel.sysrq = {{ kernel_sysrq }} # Controls whether core dumps will append the PID to the core filename. # Useful for debugging multi-threaded applications. kernel.core_uses_pid = {{ kernel_core_uses_pid }} # Controls the use of TCP syncookies net.ipv4.tcp_syncookies = {{ net_ipv4_tcp_syncookies }} # Disable netfilter on bridges. net.bridge.bridge-nf-call-ip6tables = {{ net_bridge_bridge_nf_call_ip6tables }} ```  --- ### To start up ansible-playbook ```bash kakeru@PC-kakeru:$ ansible-playbook -i ansible/inventory/vagrant/kakeru_vagrant1.yml ansible/vagrant.yml PLAY [test] ******************************************************************* GATHERING FACTS *************************************************************** ok: [kakeru_vagrant1] TASK: [set kernel parameter] ************************************************** ok: [kakeru_vagrant1] PLAY RECAP ******************************************************************** kakeru_vagrant1 : ok=2 changed=0 unreachable=0 failed=0 ``` So Simple :)  --- # advanced for playbook  --- ### --with_items ```python - name: add script for lb_check6 action: > template src=usr/local/sbin/{{ item }}.j2 dest=/usr/local/sbin/{{ item }} owner=root group=root mode=0755 with_items: - lb_check6.sh - lb_check6_var ```  --- ### --with_items 2 ```python tasks: - name: install base_packages apt: name={{ item }} state=present with_items: - "{{ base.packages }}" vars: base: packages: - figlet - telnet - jq - wget - heirloom-mailx - zsh - screen - nmap - netcat-openbsd - tmux - lsof ... ```  --- ### --register & --ignore_errors & --when ```python - name: check jq's src action: > command [ -e /usr/local/src/jq_1.4-1~bpo70+1_amd64.deb ] register: result ignore_errors: True - name: downloadi&install jq action: > get_url url="http://ftp.jp.debian.org/debian/pool/main/j/jq/jq_1.4-1~bpo70+1_amd64.deb" dest=/usr/local/src mode=0644 notify: - install_jq when: result|failed ```  --- ### --register & --when 2 ```python - template: > src=etc/apt/sources.list dest=/etc/apt/sources.list owner=root group=root mode=0644 register: apt_sources_list - apt: update_cache=yes when: apt_sources_list|changed - apt: update_cache=yes cache_valid_time=3600 when: apt_sources_list|skipped ```  --- ### other option - pleybook option - --connection=local - --until - --vars_prompt - command option - --check - --diff  --- # let's create large playbook  --- ### --include ```bash kakeru@PC-kakeru:$ cat ansible/roles/common/tasks/main.yml --- # roles/comon/tasks/main.yml # update source_list - include: source_list.yml # add system_users - include: system_user.yml ```  --- ### --roles #### Example project structure: ``` site.yml webservers.yml fooservers.yml roles/ common/ files/ templates/ tasks/ main.yml nginx.yml handlers/ vars/ defaults/ meta/ webservers/ files/ templates/ ```  --- ### --roles #### Example playbook: ```bash --- - hosts: webservers roles: - common - webservers ```  --- ### oreore best practice - define enviroment variables - create group_vars - set xxx:children to inventory - must use role & set playbook to inventory - role → playbook - playbook + env → inventory  --- ### view sample tree ```bash ├── group_vars │ ├── dev.yml │ ├── prd.yml │ ├── stg.yml │ ├── test.yml │ └── vagrant.yml ├── inventory │ ├── cassandra │ ├── elasticsearch │ ├── logger │ ├── sensu │ ├── uchiwa │ ├── vagrant │ └── web ├── web.yml ├── logger.yml ├── README.md ├── roles │ ├── cassandra │ ├── common │ ├── elasticsearch ```  --- # Tips  --- ## Select the host and then execute. ```bash $ cat inventory/vagrant/kakeru_vagrant.yml [test] kakeru_vagrant[1:3] ``` ```bash $ ansible-playbook vagrant.yml -i inventory/vagrant/kakeru_vagrant.yml -l kakeru_vagrant1 PLAY [test] ******************************************************************* . GATHERING FACTS *************************************************************** ok: [kakeru_vagrant1] . TASK: [set kernel parameter] ************************************************** ok: [kakeru_vagrant1] . PLAY RECAP ******************************************************************** kakeru_vagrant1 : ok=2 changed=0 unreachable=0 failed=0 ```  --- ## Check the target host. ```bash $ ansible-playbook vagrant.yml -i inventory/vagrant/kakeru_vagrant.yml -l kakeru_vagrant1 --list-host playbook: vagrant.yml play #1 (test): host count=1 kakeru_vagrant1 : ok=2 changed=0 unreachable=0 failed=0 ```  --- # enjoy ansible :) 