Ansible
About
* Ansible needs Python, OpenSSH and few libraries.
* Ansible cannot be installed on Windows as control machine. Ansible runs only on Unix like system. It can control / configure Windows machines also using many modules that start with win_*
* Ansible is agent less
* Ansible uses JSON protocol
* Ansible uses (1) YAML and (2) Jinja templates
Mode of operations
1. Linear
2. rolling deployments
3. Serial
4. Free: Run as Fast as You Can
Inventory = A set of target hosts. It is describe with file format INI or YAML, located at /etc/ansible/hosts
A Custom dynamic script can pull data from different systems. https://github.com/ansible/ansible/tree/devel/contrib/inventory A custom script can be developed using https://docs.ansible.com/ansible/latest/dev_guide/developing_inventory.html Each cloud provider has its own dynamic inventory script. packet.net is also a cloud provider.
The inventory It is not tied with set of Ansible instructions. It is a grouped set of hosts in [group] and [group:subgroup]. This group can be based on location, purpose (e.g. Web, DB) , OS. The host can be access within playbook with array index. E.g. first host in group named "group" is "{{ groups['group'][0] }}"
Operator : ! We can use group:!subgroup to exclude subgroup.
Operator : & for intersection
: is must after each group name, regardless of operator
Inventory variables are key-value pair. The same name can be at multiple levels : Host, group, group of groups, all groups.
Keyword : ansible_ssh_host, ansible_connection, ansible_user, ansible_password
No need to define local_host
Template
One can generate text file as per template and use the variable value defined for that host in the text file.
One can have for loop inside Jinja 2 template using
{% for package in packages %}{{package}}{% if not loop.last %}, {% endif %}{% endfor %}
to get complete value struct inside nested dictionary, we can use : "dict name".iteritems()
Task
Descriptive desired state expressed in YAML.
Task Data
Task Control : Looping, Conditional, Privilege Escalation (-b option)
keyword = start_at_task
Modules
A code, that task uses to perform work. It is written in any language : Python, Ruby, Perl, Bash etc.
Modules are placed at /usr/share/ansible path
Playbook
YAML formatted file contains plays.
commands :
ansible-playbook "yaml file"
ansible-playbook "yaml file" -i "inventory file"
It maps a group of hosts to a set of roles. The role is set of Ansible tasks.
We can have group of python modules installed with pip command in a given virtual environment using Ansible script.
We can use handler and notify.
Options
--vv option make verbose for ansible-playbook command.
-e for environment variable, to pass variable. Variable can be defined at inventory file and YML file. For each variable value pass -e option.
--check option is like compiling
--ask-vault-pass to enter vault password
--syntax-check
--C is for dry run
--step
Some useful keywords
changed_when
with_sequence
with_items
with_dict
when
wait_for
ansible_os_family
gather_facts : If Python missing then set this to False
All Keywords are here : https://docs.ansible.com/ansible/latest/reference_appendices/playbooks_keywords.html
Loops:
1. variable sets
2. Sequences
3. Retries on failures
Playbook are placed at /usr/share/ansible/library path
Variables can be inside inventory file OR outside in folders like host_vars, group_vars,
Alternative to playbook for ad-hoc task is "ansible" executable with -m for module name and -a for argument.
ansible-doc copy
ansible -m copy
ansible-doc command
ansible -m command
Fork : Maximum number of concurrent host
ansible-galaxy login
ansible-galaxy import "user name" "role name"
ansible-galaxy search "name"
ansible-galaxy install "user name.role name" -p "path"
Vault
ansible-vault encrypt vault
ansible-vault edit vault
Network Management
use of ipaddr filer
modules: set_fact
Plugins
Popular ones:
1. callbacks: for hooking into logging or displaying Ansible actions.
2. connection: for communication methods
3. filter: for manipulating data within templates.
Task Automation
1. Ansible Tower (AWX project) : Commercial product by RadHat. REST API web service
2. Semaphore : Open Source. Written in Go.
* Ansible needs Python, OpenSSH and few libraries.
* Ansible cannot be installed on Windows as control machine. Ansible runs only on Unix like system. It can control / configure Windows machines also using many modules that start with win_*
* Ansible is agent less
* Ansible uses JSON protocol
* Ansible uses (1) YAML and (2) Jinja templates
Mode of operations
1. Linear
2. rolling deployments
3. Serial
4. Free: Run as Fast as You Can
A Custom dynamic script can pull data from different systems. https://github.com/ansible/ansible/tree/devel/contrib/inventory A custom script can be developed using https://docs.ansible.com/ansible/latest/dev_guide/developing_inventory.html Each cloud provider has its own dynamic inventory script. packet.net is also a cloud provider.
The inventory It is not tied with set of Ansible instructions. It is a grouped set of hosts in [group] and [group:subgroup]. This group can be based on location, purpose (e.g. Web, DB) , OS. The host can be access within playbook with array index. E.g. first host in group named "group" is "{{ groups['group'][0] }}"
Operator : ! We can use group:!subgroup to exclude subgroup.
Operator : & for intersection
: is must after each group name, regardless of operator
Inventory variables are key-value pair. The same name can be at multiple levels : Host, group, group of groups, all groups.
Keyword : ansible_ssh_host, ansible_connection, ansible_user, ansible_password
No need to define local_host
Template
One can generate text file as per template and use the variable value defined for that host in the text file.
One can have for loop inside Jinja 2 template using
{% for package in packages %}{{package}}{% if not loop.last %}, {% endif %}{% endfor %}
to get complete value struct inside nested dictionary, we can use : "dict name".iteritems()
Task
Descriptive desired state expressed in YAML.
Task Data
Task Control : Looping, Conditional, Privilege Escalation (-b option)
keyword = start_at_task
Modules
A code, that task uses to perform work. It is written in any language : Python, Ruby, Perl, Bash etc.
Modules are placed at /usr/share/ansible path
Playbook
YAML formatted file contains plays.
commands :
ansible-playbook "yaml file"
ansible-playbook "yaml file" -i "inventory file"
It maps a group of hosts to a set of roles. The role is set of Ansible tasks.
We can have group of python modules installed with pip command in a given virtual environment using Ansible script.
We can use handler and notify.
Options
--vv option make verbose for ansible-playbook command.
-e for environment variable, to pass variable. Variable can be defined at inventory file and YML file. For each variable value pass -e option.
--check option is like compiling
--ask-vault-pass to enter vault password
--syntax-check
--C is for dry run
--step
Some useful keywords
changed_when
with_sequence
with_items
with_dict
when
wait_for
ansible_os_family
gather_facts : If Python missing then set this to False
All Keywords are here : https://docs.ansible.com/ansible/latest/reference_appendices/playbooks_keywords.html
Loops:
1. variable sets
2. Sequences
3. Retries on failures
Playbook are placed at /usr/share/ansible/library path
Playbook format
---
- hosts: all
connection: local
task:
- name: Do Something
module:
parameter: value
parameter: '{{variable}}'
tags can be associated with hosts or task
can be passed as --tags "tag name" OR --skip-tags "tags name"
Variables can be inside inventory file OR outside in folders like host_vars, group_vars,
Alternative to playbook for ad-hoc task is "ansible" executable with -m for module name and -a for argument.
ansible-doc copy
ansible -m copy
ansible-doc command
ansible -m command
Fork : Maximum number of concurrent host
Role
Role is grouping of (1) tasks, (2) handler and (3) variables. For each "role" folder, we should have :
- defaults
--- main.yaml
- files
- handlers
--- main.yaml
-meta
--- main.yaml
- README.md
- tasks
--- main.yaml
- templates
- tests
--- inventory.yaml
--- test.yaml
- vars
--- main.yaml
Galaxy
Galaxy is also public repository of role by RedHat. https://galaxy.ansible.com/
Role is grouping of (1) tasks, (2) handler and (3) variables. For each "role" folder, we should have :
- defaults
--- main.yaml
- files
- handlers
--- main.yaml
-meta
--- main.yaml
- README.md
- tasks
--- main.yaml
- templates
- tests
--- inventory.yaml
--- test.yaml
- vars
--- main.yaml
Galaxy
ansible-galaxy login
ansible-galaxy import "user name" "role name"
ansible-galaxy search "name"
ansible-galaxy install "user name.role name" -p "path"
Vault
ansible-vault encrypt vault
ansible-vault edit vault
use of ipaddr filer
modules: set_fact
Plugins
Popular ones:
1. callbacks: for hooking into logging or displaying Ansible actions.
2. connection: for communication methods
3. filter: for manipulating data within templates.
Task Automation
1. Ansible Tower (AWX project) : Commercial product by RadHat. REST API web service
2. Semaphore : Open Source. Written in Go.
Reference
0 comments:
Post a Comment