Ansible: Overview and Usage
What is'Ansible ? How to use it? Which competitors? A little trick to target a new product that has been making a strong impression for some time.
Ansible appeared in 2012. In October 2015, Red Hat announced the acquisition of Ansible, which then became a flagship product in its stack. This fits perfectly into the solutions of Red Hat and reinforces arguments about the ease of managing a server farm.
Ansible is a solution for performing deployments, task execution and configuration management on multiple machines at the same time. He is agent less and use SSH to implement the actions to be carried out, themselves written in YAML.
In Ansible, there are many products that can be disturbing when starting out. You might hear about Ansible Playbooks, Ansible Vault et Ansible Galaxy.
In this section:
Ansible and the modules
Two things to know:
- When you use Ansible, you use modules. There is a list of modules already written, but you can also write your own. You will need to write it in Python.
- You must give a domain/IP group or group where the action should be used.
Example:
We will check that our machine is good up with the module ping.
|
1
2
3
4
5
|
$ ansible localhost -m ping
localhost | SUCCESS => {
“changed”: false,
“ping”: "pong"
}
|
To use something other than localhost, such as a set of domains, you must complete the file /etc/ansible/hosts.
|
1
2
3
|
[baptiste-donaux.fr]
www.baptiste-donaux.fr
me.baptiste-donaux.fr
|
|
1
2
3
4
5
6
7
8
9
10
|
$ ansible -m ping baptiste-donaux.fr
me.baptiste-donaux.fr | success >> {
“changed”: false,
“ping”: "pong"
}
www.baptiste-donaux.fr | success >> {
“changed”: false,
“ping”: "pong"
}
|
And this is how we verify that a pool of servers in good up . Here is the list of the basic modules present.
Once you understand how a module works, you can use all the other modules in the same way. When using a module, you can give arguments (argument -a).
For example, how to run one command over many.
|
1
2
3
4
5
6
|
$ ansible -m shell -a “docker –version” baptiste-donaux.fr
me.baptiste-donaux.fr | successful | rc=0 >>
Docker version 1.12.1, build 23cf638
www.baptiste-donaux.fr | successful | rc=0 >>
Docker version 1.12.1, build 23cf638
|
But also make sure that a package is installed.
|
1
2
3
4
|
$ ansible -m apt -a “name=vim state=present” www.baptiste-donaux.fr
www.baptiste-donaux.fr | success >> {
“changed”: false
}
|
Or simply update one or more servers.
|
1
2
3
4
5
6
7
8
9
10
11
12
|
$ ansible -m apt -a “update_cache=yes” www.baptiste-donaux.fr
www.baptiste-donaux.fr | success >> {
“changed”: false
}
$ ansible -m apt -a “upgrade=dist” www.baptiste-donaux.fr
www.baptiste-donaux.fr | success >> {
“changed”: false,
“msg”: “Reading package lists…nBuilding dependency tree…nReading state information…n0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.n”,
“stderr”: "",
"stdout": “Reading package lists…nBuilding dependency tree…nReading state information…n0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.n”
}
|
Ansible and Playbooks (welcome to the true world)
Managing a fleet of machines with orders is already good, and it is above all the basis ofAnsible. Despite this, it is difficult to imagine playing a scenario by executing commands one after the other. Fortunately for us, ansible-playbook is there for that!
Scenarios are written in YAML. Here is a small example.
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
– hosts: baptiste-donaux.fr
tasks:
–name: Add APT key for Docker repository
apt_key:
keyserver: “hkp://p80.pool.sks-keyservers.net:80”
id: 58118E89F3A912897C070ADBF76221572C52609D
–name: Add APT Docker repository
apt_repository: repos='deb https://apt.dockerproject.org/repo debian-jessie main' state=present
–name: Update APT cache with new repository
apt: update_cache=Yes
–name: Install docker-engine package if it doesn't't exist
apt: name=docker-engine state=present
– name: Enable and start Docker service
systemd: enabled=yes state=started name=docker
– name: InstallPython
apt: name=python state=present
– name: Install PIP
apt: name=python-pip state=present
– name: docker-py dependency
pip: name=docker-py
– name: Pull Nginx image
docker_image: name=nginx pull=yes
– name: Create a Nginx container
docker_container:
name:proxy
image: nginx
published_ports:
– “80:80”
state:present
|
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
$ansible my_playbook.yml
PLAY [baptiste-donaux.fr] ***************************************** ************
TASK [setup] ********************************************** *********************
ok: [baptiste-donaux.fr]
TASK [Add APT key for Docker repository] ****************************************
ok: [baptiste-donaux.fr]
TASK [Add APT Docker repository] ******************************************* ****
ok: [baptiste-donaux.fr]
TASK [Update APT cache with new repository] ************************************
ok: [baptiste-donaux.fr]
TASK [Install docker-engine package if it doesn't't exist] ***********************
ok: [baptiste-donaux.fr]
TASK [Install Python] ********************************************* *************
ok: [baptiste-donaux.fr]
TASK [Install PIP] ********************************************* ****************
ok: [baptiste-donaux.fr]
TASK [docker-py dependency] ******************************************* *********
ok: [baptiste-donaux.fr]
TASK [Nginx Image Pull] ********************************************* ************
ok: [baptiste-donaux.fr]
TASK [Create a Nginx container] ******************************************* *****
ok: [baptiste-donaux.fr]
PLAY RECAP************************************************** *********************
baptiste-donaux.fr: ok=10 changed=0 unreachable=0 failed=0
|
And that's nothing simpler. In addition to running a complete scenario on a set of servers, if one of them is found in error, a file .retry will be created and by restarting the command, the scenario will resume where you left off.
Ansible Galaxy and Vault
Galaxy and where to store your mods
Ansible-Galaxy is a Hub to share your modules. It works a bit like Docker hub for Docker images.
Vault and how to protect sensitive information
In some cases, you will need to store sensitive information in your scenarios (password, etc.). Rather than storing this information in plain text, you can encode/decode its files.
A small example will not hurt.
|
1
2
3
4
|
# my_playbook.yml
– hosts: localhost
tasks:
– shell: sshpass -p “fooo” scp -r /bar baz@localhost:/qux
|
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
# Encode your file with Vault
$ansible-vault encrypt my_playbook.yml
New Vault password:
Confirm New Vault password:
Encryption successful
# Display the encoded playbook
$cat my_playbook.yml
$ANSIBLE_VAULT;1.1;AES256
34396264333338636331323838386331393664623065383463663661373436643764336536326662
6238626432373334356436613935306630376461633136650a316561316531323937633963643032
64643239616561653864346132356537656536313030656532373733316262663536396438383262
3463373265636232640a626364306666373665303633663630353132383764323530646438383737
31336163633631373162356339633739356461656130353533306137613436663333383137376366
62383533393262376362393565386133306432323266393034616331333932663266613739653538
36663666333938323961343231366266323430376234376363353662386366373061636434613763
35653139316465613562613834373434636238643661633434326661303438666233313732653338
3264
# Use the encoded playbook without decoding it first
$ ansible-playbook my_playbook.yml –ask-vault-pass
Vault password:
...
|
Conclusion
This article aims to present Ansible and show how it can simplify your tasks. Feel free to provide feedback, improve and/or correct this post.
