ANSIBLE 2

Introduction to Ansible - workshop

Eric Beaudoin
Technical Account Manager
THIS IS A FREE INTRODUCTION TRAINING
PROVIDED BY RED RED HAT

IT’S NOT RELATED TO OUR GLS GROUP

THIS WORKSHOP WAS INITIATED BY SOME

HAPPY SOLUTIONS ARCHITECT IN CANADA
 AGENDA
Ansible Training

1 Introduction to Ansible
4 Ansible variables
+ LAB

2 Ansible commands
+ LAB 5 Ansible roles
+ LAB

3 Ansible playbooks
+ LAB 6 Ansible Tower

3 RHUG Ansible Workshop

INTRODUCTION TO ANSIBLE
 SIMPLE POWERFUL AGENTLESS

Human readable automation App deployment Agentless architecture

No special coding skills needed Configuration management Uses OpenSSH & WinRM
Tasks executed in order Workflow orchestration No agents to exploit or update
Usable by every team Network automation Get started immediately
Get productive quickly Orchestrate the app lifecycle More efficient & more secure

5
 Intro to Ansible

Michael DeHaan (creator cobbler and func) “ Ansible owes much of it's origins to
time I spent at Red Hat’s Emerging
Technologies group, which was an
https://www.ansible.com/blog/2013/12/08/the-origins-of-ansible
R&D unit under Red Hat's CTO ”
- Michael DeHaan

“...because Puppet was too

Simple declarative you couldn't use it to do
things like reboot servers or do all the

AUTOMATE ANYTHING "ad hoc" tasks in between… “

- Michael DeHaan

Can manage almost any *IX through SSH

requires Python 2.4
Windows (powershell, winrm python module)
Cloud, Virtualization, Container and Network components

6 RHUG Ansible Workshop

 28,000+ 1250+ 500,000+
Stars on GitHub Ansible modules Downloads a month

7 CONFIDENTIAL
 BENEFITS
Why is Ansible popular?

➔ Efficient : Agentless, minimal setup, desired state

(no unnecessary change), push-Based architecture,
Easy Targeting Based on Facts
➔ Fast : Easy to learn/to remember, simple
declarative language
➔ Scalable : Can managed thousands of nodes,
extensible and modular
➔ Secure : SSH transport
➔ Large community : thousands of roles on Ansible
Galaxy
8 RHUG Ansible Workshop
 ANSIBLE - THE LANGUAGE OF DEVOPS

9 RHUG Ansible Workshop

 LET’S START !

10 RHUG Ansible Workshop

 KEY COMPONENTS
Understanding Ansible terms

★ Playbook (Plan)
★ Plays
★ Tasks
★ Modules (Tools)
★ Inventory

11 RHUG Ansible Workshop

 INSTALLING ANSIBLE
How-to

# CENTOS
# ENABLE EPEL REPO
yum install epel-release

# RHEL
# ENABLE EXTRAS REPO
subscription-manager repos --enable rhel-7-server-extras-rpms
Ou
subscription-manager repos --enable=rhel-7-server-ansible-2-rpms

# INSTALL ANSIBLE
yum install ansible

Does Red Hat offer support for core Ansible?

https://access.redhat.com/articles/2271461

12 RHUG Ansible Workshop

 Ansible offering

13 RHUG Ansible Workshop

 MODULES
What is this?

Bits of code copied to the target system.

Executed to satisfy the task declaration.
Customizable.
The modules that ship with Ansible all are written in Python, but modules
can be written in any language.

14 RHUG Ansible Workshop

 MODULES
Lots of choice / Ansible secret power...

➔ Cloud Modules ➔ Network Modules

➔ Clustering Modules ➔ Notification Modules
➔ Commands Modules ➔ Packaging Modules
➔ Database Modules ➔ Source Control Modules
➔ Files Modules ➔ System Modules
➔ Inventory Modules ➔ Utilities Modules
➔ Messaging Modules ➔ Web Infrastructure Modules
➔ Monitoring Modules ➔ Windows Modules

15 RHUG Ansible Workshop

 MODULES
Documentation

# LIST ALL MODULES

ansible-doc -l

# VIEW MODULE DOCUMENTATION

ansible-doc <module_name>

16 RHUG Ansible Workshop

 MODULES
commonly used

17 RHUG Ansible Workshop

 IDEMPO-WHAT?

“Idempotence is the property of certain operations in mathematics and

computer science, that can be applied multiple times without changing the
result beyond the initial application.”

“When carefully written, an Ansible playbook can be idempotent, in order

to prevent unexpected side-effects on the managed systems.”

– Wikipedia

18 Ansible Workshop
ANSIBLE COMMANDS
 INVENTORY
Use the default one (/etc/ansible/hosts) or create an inventory file

[centos@centos1 ~]$ mkdir ansible ; cd ansible

[centos@centos1 ~]$ vim inventory

[all:vars]
ansible_ssh_user=centos

[web]
web1 ansible_ssh_host=centos2

[admin]
ansible ansible_ssh_host=centos1

[centos@centos1 ~]$ ansible all -i inventory -m command -a "uptime"

20 RHUG Ansible Workshop

 INVENTORY - ALTERNATIVE

[centos@centos1 ~]$ cd ansible

[centos@centos1 ansible]$ vim ansible.cfg

[defaults]
inventory=/home/centos/ansible/inventory

[centos@centos1 ~]$ ansible all -m command -a "uptime"

21 RHUG Ansible Workshop

 COMMANDS
Run your first Ansible command...

(which) (module) (arguments)

# ansible all -i inventory -m command -a "uptime"

192.168.250.13 | success | rc=0 >>

18:57:01 up 11:03, 1 user, load average: 0.00, 0.01, 0.05

192.168.250.11 | success | rc=0 >>

18:57:02 up 11:03, 1 user, load average: 0.00, 0.01, 0.05

22 RHUG Ansible Workshop

 COMMANDS
Other example

# INSTALL HTTPD PACKAGE

ansible web -s -i inventory -m yum -a "name=httpd state=present"

# START AND ENABLE HTTPD SERVICE

ansible web -s -i inventory -m service -a "name=httpd enabled=yes state=started"

23 RHUG Ansible Workshop

 LAB #1
Ansible commands

Objectives
Using Ansible commands, complete the following tasks:
1. Test Ansible connection to all your hosts using ping module
2. Install HTTPD only on your web hosts
3. Change SELINUX to permissive mode (all hosts)

Modules documentation:
http://docs.ansible.com/ansible/list_of_all_modules.html

24 RHUG Ansible Workshop

ANSIBLE PLAYBOOKS
 YAML
1. Designed primarily for the representation of data structures
2. Easy to write, human readable format
3. Design objective : abandoning traditional enclosure syntax

AVOID USING CUT AND PASTE !!!

YAML Validator : yamllint.com

26 RHUG Ansible Workshop

 PLAYBOOK EXAMPLE

---
- name: This is a Play
hosts: web
remote_user: centos
become: yes
gather_facts: no
vars:
state: present

tasks:
- name: Install Apache
yum: name=httpd state={{ state }}

27 RHUG Ansible Workshop

 PLAYS
Naming

- name: This is a Play

28 RHUG Ansible Workshop

 PLAYS
Host selection

- name: This is a Play

hosts: web

29 RHUG Ansible Workshop

 PLAYS
Arguments

- name: This is a Play

hosts: web
remote_user: centos
become: yes
gather_facts: no

30 RHUG Ansible Workshop

 FACTS
Gathers facts about remote host
➔ Ansible provides many facts about the system, automatically
➔ Provided by the setup module
➔ If facter (puppet) or ohai (chef) are installed, variables from these
programs will also be snapshotted into the JSON file for usage
in templating
◆ These variables are prefixed with facter_ and ohai_ so it’s easy to
tell their source.
➔ Using the ansible facts and choosing to not install facter and
ohai means you can avoid Ruby-dependencies on your remote
systems

http://docs.ansible.com/ansible/setup_module.html

31 RHUG Ansible Workshop

 PLAYS
Variables & tasks

- name: This is a Play

hosts: web
remote_user: centos
become: yes
gather_facts: no
vars:
state: present

tasks:
- name: Install Apache
yum: name=httpd state={{ state }}

**** When a variable is used as the first element to start a value, quotes are mandatory.

32 RHUG Ansible Workshop

 RUN AN ANSIBLE PLAYBOOK

[centos@centos7-1 ansible]$ ansible-playbook play.yml -i inventory

33 RHUG Ansible Workshop

 RUN AN ANSIBLE PLAYBOOK
Check mode “Dry run”

[centos@centos7-1 ansible]$ ansible-playbook play.yml -i inventory --check

34 RHUG Ansible Workshop

 PLAYS
Loops

- name: This is a Play

hosts: web
remote_user: centos
become: yes
gather_facts: no
vars:
state: present

tasks:
- name: Install Apache and PHP
yum: name={{ item }} state={{ state }}
with_items:
- httpd
- php

35 RHUG Ansible Workshop

 LOOPS
Many types of general and special purpose loops

➔ with_nested
➔ with_dict
➔ with_fileglob
➔ with_together
➔ with_sequence
➔ until
➔ with_random_choice
➔ with_first_found
➔ with_indexed_items
➔ with_lines
http://docs.ansible.com/ansible/playbooks_loops.html

36 RHUG Ansible Workshop

 HANDLERS
Only run if task has a “changed” status

- name: This is a Play

hosts: web

tasks:
- yum: name={{ item }} state=installed
with_items:
- httpd
- memcached
notify: Restart Apache

- template: src=templates/web.conf.j2
dest=/etc/httpd/conf.d/web.conf
notify: Restart Apache

handlers:
- name: Restart Apache
service: name=httpd state=restarted

37 RHUG Ansible Workshop

 TAGS
Example of tag usage

tasks:

- yum: name={{ item }} state=installed

with_items:
- httpd
- memcached
tags:
- packages

- template: src=templates/src.j2 dest=/etc/foo.conf

tags:
- configuration

38 RHUG Ansible Workshop

 TAGS
Running with tags

ansible-playbook example.yml --tags “configuration”

ansible-playbook example.yml --skip-tags "notification"

39 RHUG Ansible Workshop

 TAGS
Special tags

ansible-playbook example.yml --tags “tagged”

ansible-playbook example.yml --tags “untagged”

ansible-playbook example.yml --tags “all”

40 RHUG Ansible Workshop

 RESULTS
Registering task outputs for debugging or other purposes

# Example setting the Apache version

- shell: httpd -v|grep version|awk '{print $3}'|cut -f2 -d'/'
register: result

- debug: var=result (will display the result)

41 RHUG Ansible Workshop

 CONDITIONAL TASKS
Only run this on Red Hat OS

- name: This is a Play

hosts: web
remote_user: centos
become: sudo

tasks:
- name: install Apache
yum: name=httpd state=installed
when: ansible_os_family == "RedHat"

42 RHUG Ansible Workshop

 BLOCKS
Apply a condition to multiple tasks at once

tasks:

- block:
- yum: name={{ item }} state=installed
with_items:
- httpd
- memcached
- template: src=templates/web.conf.j2 dest=/etc/httpd/conf.d/web.conf
- service: name=bar state=started enabled=True
when: ansible_distribution == 'CentOS'

43 RHUG Ansible Workshop

 ERRORS
Ignoring errors

By default, Ansible stop on errors. Add the ingore_error parameter to skip potential errors.

- name: ping host

command: ping -c1 www.foobar.com
ignore_errors: yes

44 RHUG Ansible Workshop

 ERRORS
Managing errors using blocks

tasks:

- block:
- debug: msg='i execute normally'
- command: /bin/false
- debug: msg='i never execute, cause ERROR!'
rescue:
- debug: msg='I caught an error'
- command: /bin/false
- debug: msg='I also never execute :-('
always:
- debug: msg="this always executes"

45 RHUG Ansible Workshop

 LINEINFILE
Add, remove or update a particular line

- lineinfile: dest=/etc/selinux/config regexp=^SELINUX=

line=SELINUX=enforcing

- lineinfile: dest=/etc/httpd/conf/httpd.conf regexp="^Listen "

insertafter="^#Listen " line="Listen 8080"

Great example here :

https://relativkreativ.at/articles/how-to-use-ansibles-lineinfile-mod
ule-in-a-bulletproof-way

Note : Using template or a dedicated module is more powerful

46 RHUG Ansible Workshop

 LAB #2
Configure server groups using a playbook
Objectives
Using an Ansible playbook:
1. Change SELINUX to permissive mode on all your hosts
2. Install HTTPD on your web hosts only
3. Start and Enable HTTPD service on web hosts only if httpd package is
installed.
4. Copy an motd file saying “Welcome to my server!” to all your hosts
5. Copy an “hello world” index.html file to your web hosts in /var/www/html
6. Modify the sshd_conf to set PermitRootLogin at no, and restart ssh only if the
option is modified
7. EXTRA : as a firewall is activated by default on your servers, open the port 80

47 RHUG Ansible Workshop

 ANSIBLE VARIABLES
AND
CONFIGURATION MANAGEMENT
 VARIABLE PRECEDENCE
Ansible v2
1. role defaults
2. inventory file or script group vars
13. play vars_files
3. inventory group_vars/all
14. role vars (defined in role/vars/main.yml)
4. playbook group_vars/all
15. block vars (only for tasks in block)
5. inventory group_vars/*
16. task vars (only for the task)
6. playbook group_vars/*
17. role (and include_role) params
7. inventory file or script host vars
18. include params
8. inventory host_vars/*
19. include_vars
9. playbook host_vars/*
20. set_facts / registered vars
10. host facts
21. extra vars (always win precedence)
11. play vars
12. play vars_prompt

49 RHUG Ansible Workshop

 MAGIC VARIABLES
Ansible creates and maintains information about it’s current state and
other hosts through a series of “magic" variables.

★ hostvars[inventory_hostname]
Show all ansible facts
Specific variable for specific host
{{ hostvars['test.example.com']['ansible_distribution'] }}
★ group_names
is a list (array) of all the groups the current host is in

★ groups
is a list of all the groups (and hosts) in the inventory.

50 RHUG Ansible Workshop

 MAGIC VARIABLES
Using debug module to view content

- name: debug
hosts: all

tasks:
- name: Show hostvars[inventory_hostname]
debug: var=hostvars[inventory_hostname]

- name: Show ansible_ssh_host variable in hostvars

debug: var=hostvars[inventory_hostname].ansible_ssh_host

- name: Show group_names

debug: var=group_names

- name: Show groups

debug: var=groups

ansible-playbook -i ../hosts --limit <hostname> debug.yml

51 RHUG Ansible Workshop

 YAML VARIABLES USE
YAML values beginning with a variable must be quoted

vars:
var1: {{ foo }} <<< ERROR!
var2: “{{ bar }}”
var3: Echoing {{ foo }} here is fine

52 RHUG Ansible Workshop

 Template module
Using Jinja2

Templates allow you to create dynamic configuration files using variables.

- template: src=/https/www.scribd.com/mytemplates/foo.j2 dest=/etc/file.conf owner=bin group=wheel mode=0644

Documentation:
http://docs.ansible.com/ansible/template_module.html

53 RHUG Ansible Workshop

 JINJA2
Delimiters

Jinja2 is a modern and designer-friendly templating language for Python, modelled after
Django’s templates and used by Ansible.

Highly recommend reading about Jinja2 to understand how templates are built.

{{ variable }}

{% for server in groups.webservers %}

54 RHUG Ansible Workshop

 JINJA2
LOOPS

{% for server in groups.web %}

{{ server }} {{ hostvars[server].ansible_default_ipv4.address }}
{% endfor %}

web1 10.0.1.1
web2 10.0.1.2
web3 10.0.1.3

55 RHUG Ansible Workshop

 JINJA2
Conditional

{% if ansible_processor_cores >= 2 %}
-smp enable
{% else %}
-smp disable
{% endif %}

56 RHUG Ansible Workshop

 JINJA2
Variable filters

{% set my_var='this-is-a-test' %}
{{ my_var | replace('-', '_') }}

this_is_a_test

57 RHUG Ansible Workshop

 JINJA2
Variable filters

{% set servers = "server1,server2,server3" %}

{% for server in servers.split(",") %}
{{ server }}
{% endfor %}

server1
server2
server3

58 RHUG Ansible Workshop

 JINJA2, more filters
Lots of options...

# Combine two lists

{{ list1 | union(list2) }}

# Get a random number

{{ 59 | random }} * * * * root /script/from/cron

# md5sum of a filename
{{ filename | md5 }}

# Comparisons
{{ ansible_distribution_version | version_compare('12.04', '>=') }}

# Default if undefined
{{ user_input | default(‘Hello World') }}

59 RHUG Ansible Workshop

 JINJA2
Testing

{% if variable is defined %}

{% if variable is none %}

{% if variable is even %}

{% if variable is string %}

{% if variable is sequence %}

60 RHUG Ansible Workshop

 Jinja2
Template comments

{% for host in groups['app_servers'] %}

{# this is a comment and won’t display #}
{{ loop.index }} {{ host }}
{% endfor %}

61 RHUG Ansible Workshop

 Facts
Setting facts in a play

# Example setting the Apache version

- shell: httpd -v|grep version|awk '{print $3}'|cut -f2 -d'/'
register: result

- set_fact:
apache_version: ”{{ result.stdout }}"

62 RHUG Ansible Workshop

 LAB #3
Configuration management using variables

Objectives
Copy and modify you lab2 playbook to add the following:
1. Use the debug.yml (see next slide) file to explore all the ansible facts
2. Convert your MOTD file in a template saying : “Welcome to
<hostname>!”
3. Install facter on all your hosts then re-execute the debug.yml. You
should see a bunch of new variables (facter_)
4. Convert your index.html file into a Jinja2 template to output the
following information:
Web Servers
centos1 192.168.3.52 - free memory: 337.43 MB

63 RHUG Ansible Workshop

 LAB #3 - Help (debug file)

---
- name: debug
hosts: all

tasks:

- name: Show hostvars[inventory_hostname]

debug: var=hostvars[inventory_hostname]

- name: Show hostvars[inventory_hostname].ansible_ssh_host

debug: var=hostvars[inventory_hostname].ansible_ssh_host

- name: Show group_names

debug: var=group_names

- name: Show groups

debug: var=groups

[centos@centos1 ansible]$ ansible-playbook -i ./hosts debug.yaml

64 RHUG Ansible Workshop

ANSIBLE ROLES
 ROLES
A redistributable and reusable collection of:

❏ tasks
❏ files
❏ scripts
❏ templates
❏ variables

66 RHUG Ansible Workshop

 ROLES
Often used to setup and configure services

➔ install packages
➔ copying files
➔ starting deamons

Examples: Apache, MySQL, Nagios, etc.

67 RHUG Ansible Workshop

 ROLES
Directory Structure

roles
└── myapp
├── defaults
├── files
├── handlers
├── tasks
├── templates
└── vars

68 RHUG Ansible Workshop

 ROLES
Create folder structure automatically

ansible-galaxy init <role_name>

69 RHUG Ansible Workshop

 ROLES
Playbook examples

---
- hosts: webservers
roles:
- common
- webservers

70 RHUG Ansible Workshop

 ROLES
Playbook examples

---
- hosts: webservers
roles:
- common
- { role: myapp, dir: '/opt/a', port: 5000 }
- { role: myapp, dir: '/opt/b', port: 5001 }

71 RHUG Ansible Workshop

 ROLES
Playbook examples

---
- hosts: webservers
roles:
- { role: foo, when: "ansible_os_family == 'RedHat'" }

72 RHUG Ansible Workshop

 ROLES
Pre and Post - rolling upgrade example

---
- hosts: webservers
serial: 1
pre_tasks:
- command:lb_rm.sh {{ inventory_hostname }}
delegate_to: lb
- command: mon_rm.sh {{ inventory_hostname }}
delegate_to: nagios
roles:
- myapp
post_tasks:
- command: mon_add.sh {{ inventory_hostname }}
delegate_to: nagios
- command: lb_add.sh {{ inventory_hostname }}
delegate_to: lb

73 RHUG Ansible Workshop http://docs.ansible.com/ansible/playbooks_delegation.html

 http://galaxy.ansible.com

74 RHUG Ansible Workshop

 ANSIBLE GALAXY

75 Ansible Workshop
 ANSIBLE GALAXY

# ansible-galaxy search 'install git' --platforms el

Found 176 roles matching your search:
Name...

# ansible-galaxy install davidkarban.git -p roles

# ansible-galaxy list -p roles

# ansible-galaxy remove -p roles

76 RHUG Ansible Workshop

 LAB #4
Convert the lab3 playbook in two roles

Objectives
1. Create 2 roles: common and apache
2. Create a playbook to apply those roles.
a. “common” should be applied to all servers
b. “apache” should be applied to your “web” group
3. Put the jinja2 templates in the appropriate folder.

77 RHUG Ansible Workshop

 ANSIBLE TOWER
What are the added values ?

➔ Role based access control

➔ Satellite and Cloudforms integration
➔ Push button deployment
➔ Centralized logging & deployment
➔ Centralized notification to Slack, Twilio, Irc, webooks, ...
➔ System tracking
➔ API

78 RHUG Ansible Workshop

 ANSIBLE TOWER
demo :
https://www.ansible.com/tower
THANK YOU

plus.google.com/+RedHat facebook.com/redhatinc

linkedin.com/company/red-hat twitter.com/RedHatNews

youtube.com/user/RedHatVideos
EXTRA STUFF
 FIXING VIM FOR YAML EDITION

# yum install git (required for plug-vim)

$ cd
$ curl -fLo ~/.vim/autoload/plug.vim --create-dirs
https://raw.githubusercontent.com/junegunn/vim-plug/master/plug.vim
$ vim .vimrc
call plug#begin('~/.vim/plugged')
Plug 'pearofducks/ansible-vim'
call plug#end()

$ vim
:PlugInstall

When you edit a file type :

:set ft=ansible

82 RHUG Ansible Workshop

 Cisco Network Automation

https://www.youtube.com/watch?v=wbhdJE7DM-A
DEMO STARTS AT 10:24

83 RHUG Ansible Workshop

 Fact caching (Ansible 2.4)
Add to your ansible.cfg to speed up playbook execution

[defaults]
gathering = smart
fact_caching = jsonfile
fact_caching_connection = /path/to/cachedir
fact_caching_timeout = 86400

84 RHUG Ansible Workshop

 Format ansible output
Add to your ansible.cfg

[defaults]
stdout_callback = debug

85 RHUG Ansible Workshop