Ansible


About

* Ansible needs Python, OpenSSH and few libraries. 

* Ansible cannot be installed on Windows as control machine. Ansible runs only on Unix like system. It can control / configure Windows machines also using many modules that start with win_*

* Ansible is agent less

* Ansible uses JSON protocol

* Ansible uses (1) YAML and (2) Jinja templates

Mode of operations

1. Linear
2. rolling deployments
3. Serial
4. Free: Run as Fast as You Can

Inventory = A set of target hosts. It is describe with file format INI or YAML, located at /etc/ansible/hosts 

A Custom dynamic script can pull data from different systems. https://github.com/ansible/ansible/tree/devel/contrib/inventory A custom script can be developed using https://docs.ansible.com/ansible/latest/dev_guide/developing_inventory.html Each cloud provider has its own dynamic inventory script. packet.net is also a cloud provider. 

The inventory It is not tied with set of Ansible instructions. It is a grouped set of hosts in [group] and [group:subgroup]. This group can be based on location, purpose (e.g. Web, DB) , OS. The host can be access within playbook with array index. E.g. first host in group named "group" is "{{ groups['group'][0] }}" 

Operator : ! We can use group:!subgroup to exclude subgroup. 
Operator : & for intersection
: is must after each group name, regardless of operator


Inventory variables are key-value pair. The same name can be at multiple levels : Host, group, group of groups, all groups. 

Keyword : ansible_ssh_host, ansible_connection, ansible_user, ansible_password

No need to define local_host

Template

One can generate text file as per template and use the variable value defined for that host in the text file. 

One can have for loop inside Jinja 2 template using

{% for package in packages %}{{package}}{% if not loop.last %}, {% endif %}{% endfor %}

to get complete value struct inside nested dictionary, we can use : "dict name".iteritems()

Task

Descriptive desired state expressed in YAML. 
Task Data
Task Control : Looping, Conditional, Privilege Escalation (-b option)
keyword = start_at_task

Modules 

A code, that task uses to perform work. It is written in any language : Python, Ruby, Perl, Bash etc. 
Modules are placed at /usr/share/ansible path

Playbook 

YAML formatted file contains plays. 
commands : 

ansible-playbook "yaml file"
ansible-playbook "yaml file" -i "inventory file"

It maps a group of hosts to a set of roles. The role is set of Ansible tasks. 

We can have group of python modules installed with pip command in a given virtual environment using Ansible script. 

We can use handler and notify. 

Options
--vv option make verbose for ansible-playbook command. 
-e for environment variable, to pass variable. Variable can be defined at inventory file and YML file. For each variable value pass -e option. 
--check option is like compiling
--ask-vault-pass to enter vault password
--syntax-check
--C is for dry run
--step

Some useful keywords
changed_when
with_sequence
with_items
with_dict
when
wait_for
ansible_os_family
gather_facts : If Python missing then set this to False

All Keywords are here : https://docs.ansible.com/ansible/latest/reference_appendices/playbooks_keywords.html

Loops:
1. variable sets
2. Sequences
3. Retries on failures

Playbook are placed at  /usr/share/ansible/library path

Playbook format

---
- hosts: all
  connection: local
  task:
    - name: Do Something
      module:
        parameter: value
        parameter: '{{variable}}'

tags can be associated with hosts or task
can be passed as --tags "tag name" OR --skip-tags "tags name"

Variables can be inside inventory file OR outside in folders like host_vars, group_vars, 

Alternative to playbook for ad-hoc task is "ansible" executable with -m for module name and -a for argument. 

ansible-doc copy
ansible -m copy

ansible-doc command
ansible -m command

Fork : Maximum number of concurrent host

Role

Role is grouping of (1) tasks, (2) handler and (3) variables. For each "role" folder, we should have :

- defaults
--- main.yaml
- files
- handlers
--- main.yaml
-meta
--- main.yaml
- README.md
- tasks
--- main.yaml
- templates
- tests
--- inventory.yaml
--- test.yaml
- vars
--- main.yaml


Galaxy

Galaxy is also public repository of role by RedHat. https://galaxy.ansible.com/

ansible-galaxy login
ansible-galaxy import "user name" "role name" 
ansible-galaxy search "name"
ansible-galaxy install "user name.role name" -p "path"


Vault

ansible-vault encrypt vault
ansible-vault edit vault

Network Management

use of ipaddr filer
modules: set_fact

Plugins

Popular ones: 

1. callbacks: for hooking into logging or displaying Ansible actions.
2. connection: for communication methods 
3. filter: for manipulating data within templates.

Task Automation
1. Ansible Tower (AWX project) : Commercial product by RadHat. REST API web service
2. Semaphore : Open Source. Written in Go. 


Reference

0 comments:

Post a Comment