Transcription
Ansible - Automation for Everyone!Introduction about Ansible CoreHideki SaitoSoftware Maintenance Engineer/Tower Support Team2017.06
Who am I Hideki Saito hsaito@redhat.com Software Maintenance Engineer / Red Hat Work for Ansible Tower Support Team I love Ansible, OpenStack and Beer :) Twitter: @saito hideki2 INSERT DESIGNATOR, IF NEEDED
Agenda Ansible Core IntroductionDemo’s Let’s play with Ansible Core Getting Started Ad-Hoc command PlaybooksAnsible Tower by Red Hat3 INSERT DESIGNATOR, IF NEEDED
Motivation and PropositionAutomate routine work to operate IT system. Let's start with where we can automate easily. Let's start automation using script language thatanyone can easily understand. Education and training for programming take a lot of time. The IT system includes various kinds of hardware / software.4 INSERT DESIGNATOR, IF NEEDED
AUTOMATION FOR EVERYONE Ansible is an IT automation toolGoals are simplicity and ease-of-useManaging target via SSH transportationManagement steps is written by YAMLNew release is provided approximatelyevery 2 months5 INSERT DESIGNATOR, IF NEEDED
Ansible CoreAnsible Core is command-line IT automation Tool and librariesIntroduce following components ofAnsible Core:1. Command Line Tools2. Playbooks3. Inventory4. Modules5. Plugins6 INSERT DESIGNATOR, IF NEEDED
COMMAND LINE TOOLSAnsible Core contains some command line tools. Following 2 commands areable to control your target hosts.1. ansible command[Usage][Usage] ansibleansible %Target%%Target% -i-i %Inventory%%Inventory% -m-m %Module%%Module% ansibleansible wwwwww -i-i inventoryinventory -m-m pingping[Usage][Usage] ansibleansible %Target%%Target% -i-i %Inventory%%Inventory% -a-a %Ad-Hoc%Ad-Hoc Command%Command% ansibleansible wwwwww -i-i inventoryinventory -a-a “/sbin/reboot”“/sbin/reboot”2. ansible-playbook command[Usage][Usage] ansible-playbookansible-playbook -i-i %Inventory% %Playbook% ansible-playbookansible-playbook -i inventoryinventory playbook.ymlplaybook.yml7 INSERT DESIGNATOR, IF NEEDED
COMMAND MECHANISMInventorymodule(1)(2)(4)ansibleTarget Host(5)ExecutablePython Code8 INSERT DESIGNATOR, IF NEEDED(3)(1)(2)(3)(4)(5)ExecutablePython CodeLookup Target HostRead ModuleGenerate executable code from ModuleCopy Executable python code to via SCPExecute python code on Target Host
PLAYBOOKSPlaybooks are Ansible’s configuration, deployment, and orchestrationlanguage. You can write Playbooks easily by YAML.01: --02: - hosts: www03:vars:04:new name: ansible-host105:tasks:06:- name: get hostname07:shell: hostname08:register: result09:- name: set hostname10:hostname:11:name: "{{ new name }}"12:notify: show hostname13:handlers:14:- name: show hostname15:debug:16:msg: "before {{ result.stdout }} after {{ new name }}"9 INSERT DESIGNATOR, IF NEEDED
INVENTORY (STATIC)Ansible is able to working against multiple system at the same time.You can select portions of systems listed in the inventory at running ible connection localansible connection local10 INSERT DESIGNATOR, IF NEEDED
INVENTORY (DYNAMIC)Ansible easily supports all of these options via an external inventory system.For example: OpenStack, AWS, GCE or something like that.You can look these dynamic inventories at https://goo.gl/knXn3cansible(4)JSON formattedInventory Infovia STDOUT11 INSERT DESIGNATOR, IF NEEDEDOpenStack(1)(3)ExecutableInventory Code(2)(1)(2)(3)(4)Execute Dynamic InventoryCollect Target informationOutput Inventory to STDOUTRead Inventory Information
MODULES (1)Ansible has a lot of modules that can be executed directly on remote hostsor through Playbooks. You can see module index at S, GCE, Azure,OpenStack etc.CloudFilefile,AWS,template,GCE, Azure,stat,OpenStackunarchive etc.etc.ClusteringK8S, Pacemaker etc.ClusteringIdentityFreeIPA, OpenDJCommandscommand, shell,expect etc.CommandsInventoryAdd group and host abaseMySQL, PostgreSQL,MSSQL etc .MonitoringDatabasedatadog, logstash,nagios etc.12 INSERT DESIGNATOR, IF NEEDED
MODULES (2)GroupTargetGroupTargetNet Toolshaproxy, nmcli, ldap,get url etc.StorageNetApp, zfs etc.NetworkBigswitch, Cumulus,Eos, IOS. Junos etc .Systemuser, group, service,puppet :) etc.Notificationhipcat, irc, slack etc.UtilitiesHelper, LogicPackagingrpm, yum, npm, aptetc.Web infrastructureapache, nginx, toweretc.Remote managementHP iLO, IPMI etc.WindowsIIS, acl, package etc.Source controlgit, github, gitlab, hg,subversion etc .13 INSERT DESIGNATOR, IF NEEDED
PLUGINSPlugins are pieces of code that augment Ansible’s core functionality.You can easily write your own. Please see: https://goo.gl/ZQ9hvbFor example: connection plugin https://goo.gl/rLha4L 14 INSERT DESIGNATOR, IF NEEDED
DEMO’S Getting Started InstallationAd-Hoc commandPlaybooks15 INSERT DESIGNATOR, IF NEEDED
Simple can be harder than complex. You have to work hardto get your thinking clean to make it simple.But it’s worth it in the end because once you get there, youcan move mountains. Steve Jobs 16 INSERT DESIGNATOR, IF NEEDED
Beyond the CoreWhat should we do the next-step?Building an IT automation process as simple as possible. But ANSIBLE Coredoes not provide enough functions to advance IT automation to the nextstep. It does not provide API based control mechanism.How do we link a lot of system with each other?API17 INSERT DESIGNATOR, IF NEEDEDCLI
Ansible Tower by Red HatAnsible Tower is a web-based solution that is It’s designed to be the hub forall of your automation tasks.Introduce following Tower functions:1. Overview2. Job Template / Work-flow /Callback3. Web based Dashboard4. RESTful API5. Isolation, Consolidation andCooperation18 INSERT DESIGNATOR, IF NEEDED
Ansible Tower - Architecture DesignWhat’s the Ansible TowerWeb BrowserTower#0Tower#1Tower#2Tower serviceTower serviceTower serviceAMQP brokerAMQP brokerAMQP brokerAMQP workerAMQP workerAMQP workerDatabase19 INSERT DESIGNATOR, IF NEEDED
Execute Job/Workflow/CallbackAnsible Tower runs a playbook as a Job. Job Template Workflow Jobs can be run periodically.Jobs can combine as a workflowCallback URL Jobs can launch from Target viacallback url20 INSERT DESIGNATOR, IF NEEDED
Web based DashboardVisualization of job execution result.21 INSERT DESIGNATOR, IF NEEDED
RESTful APIYou can manage Tower server via RESTful APIIf you want to manage Tower from other external IT system, you can use API! Access https://tower/api/v1/ Manage Tower settings Launch Job template etc.22 INSERT DESIGNATOR, IF NEEDED
Isolation, Consolidation and CooperationIsolation of authority, consolidation management, and using external systems. Role Based Access Control Organization, Project, User, Team Integrates with LDAP, AD, and other IAM Logging aggregation with other system Job isolation via namespace and chroots etc.23 INSERT DESIGNATOR, IF NEEDED
If you want to proceed to the next step,I believe Ansible Core and Tower will help you.24 INSERT DESIGNATOR, IF NEEDED
THANK YOUplus.google.com/ tVideos
OpenStack etc. K8S, Pacemaker etc. command, shell, expect etc. openssl MySQL, PostgreSQL, MSSQL etc . Group Target Cloud AWS, GCE, Azure, OpenStack etc. Clustering Commands Crypto Database File file, template, stat, unarchive etc. Identity FreeIPA, OpenDJ Inventory Add group and host to inventory Messaging RabbitMQ Monitoring datadog, logstash, nagios etc. 13
