WIXLIB

ANSIBLE ALL THE THINGSFrom traditional to unorthodox, Ansible forEverythingAdam MillerPrincipal Software EngineerRed Hat Summit 2017Nicolas FANJEAUAirbus Infrastructure

AGENDA

AGENDAWHAT WE’RE GOING TO TALK ABOUT TODAY Quick intro to Ansible (just in case)Why on earth would I want to do all thethings with Ansible?Automation ToolConfiguration ManagementProvisioning and SystemsManagementDeploymentApplication Lifecycle ManagementOrchestration Command Line ToolingEvent Based ExecutionWorkflow AutomationCI/CDAnsible ContainerAnsible TowerCase Study: Airbus

WHAT IS ANSIBLE?

QUICK INTRODUCTIONWAIT, YOU DON’T KNOW WHAT ANSIBLE IS?Ansible is an automation tool Ansible is a simple agentless idempotent task automation tool Tasks are performed via modulesTasks are grouped together via plays By default, tasks are executed in-order but we can change that if we want.Also via roles, but more on that laterA play operates on a set of hostsPlaybooks can contain one or many plays Can be used with "traditional" configuration management systems There's even a puppet module!

QUICK INTRODUCTIONBEST THING SINCE SLICED BREAD Example of an ad-hoc ansible orchestration task Module: yumArguments: pkg bash state installed ansible localhost -m yum -a "pkg bash state installed"localhost SUCCESS {"changed": false,"msg": "Nothing to do"} What if I wanted to do more than one thing? Playbooks!

BUT FIRST INVENTORY

INVENTORYKEEPING TRACK OF YOUR MARBLES ERR SYSTEMSInventory to defines hosts and groups of hosts Special "all" group that is implicitly defined as the sum of all hosts in your inventory.Also, “localhost” is a built-in and does not need to be definedExample: Below we have a simple inventory with two groups, appservers and example.com

PLAYBOOKS AND ROLES

PLAYBOOKSDOING STUFF AND THINGSPlaybooks are a way to combine many tasks, written in YAML, to be carried out against oneor many hosts.--- name: common things to run on all hosts- name: webserver-only taskshosts: allhosts: webserverstasks:tasks:- name: make sure bash is installedyum:- name: start and enable httpd serviceservice:pkg: bashname: httpdstate: installedstate: startedenabled: yes

INCLUDESDON’T JUST COPY/PASTE COWSAY IS WATCHINGInclude file defines a set of tasks that can be included by a playbook, this allows sharingsets of tasks without copy/pasting - name: start and enable httpd- name: Webserver Playbookservice:name: httpdstate: enabledPlaybooks can also include other playbooks!hosts: webserverstasks:- include: enablewebservice.yml Don't copy/paste, include! ---------------------------\ \ (oo)\( )\)\/\ ----w

ROLESYOUR MOM WAS RIGHT, IT’S BETTER TO SHARERoles are reusable logical groupings of tasks that (normally) definea service Role-level subdirs for namespaced variable defaults, files,templates, and handlersCan pass variables to roles to modify behavior per-useSearched for and/or shared via Ansible Galaxy https://galaxy.ansible.com/--- name: using myrole- hosts: webservers- roles:- myroleTypical Role Layoutmyrole/ defaults main.yml files handlers main.yml tasks main.yml templates vars main.yml

WHAT IS ANSIBLE?

USING ANSIBLE FOR EVERYTHINGWHY WOULD I WANT TO DO THAT?Ansible is a simple automation tool that can: Execute tasks on one or many hostsOrchestrate an otherwise complex order of operations, even conditionally based onsystem facts or variables provided at runtime.Custom modules can be written in any programming language with JSON supportQuestion of the day:What are you trying to accomplish that could be automated?

USING ANSIBLE FOR EVERYTHINGANSIBLE ALL THE THINGS!!!!What are you trying to do? Configuration Management?Provision Virtual Machines or IaaS instances?Test software?Automate workflows?Continuous Integration / Continuous Deployment?Configure hardware switches, routers, and load balancers?Replace terrible shell scripts that have survived too long already?Other?ANSIBLE CAN DO ALL OF THAT! (AND MUCH MORE)

ANSIBLE DOES THAT

CONFIGURATION MANAGEMENTKEEPING THE TRAIN ON THE TRACKSWhat is configuration management?Systems engineering process for establishing and maintaining consistency of a product'sperformance, functional, and physical attributes with its requirements, design, and operationalinformation throughout its life.Generally boils down to: Managing file contentConfiguration TemplatingSystem and Service statePackage ManagementLifecycle Management

ANSIBLE DOES THATOMG, NO WAY?!?!?! Service state: service moduleFiles and configuration modules: aclarchive assemble blockinfile copy fetch file findini file iso extract lineinfile patch replace stat synchronize tempfile template unarchive xattr System state modules: aix inittabalternatives at authorized key beadm capabilities croncronvar crypttab debconf facter filesystem firewalld gconftool2 getent gluster volume group hostnameiptables java cert kernel blacklist known hosts locale gen lvg lvol make modprobe mount ohaiopen iscsi openwrt init osx defaults pam limits pamd parted ping puppet runit seboolean sefcontextselinux selinux permissive seport service setup solaris zone svc sysctl systemd timezone ufw user Package Management modules: bowerbundler composer cpanm easy install gem maven artifactnpm pear pip apk apt apt key apt repository apt rpm dnf dpkg selections homebrew homebrew caskhomebrew tap layman macports openbsd pkg opkg package pacman pkg5 pkg5 publisher pkgin pkgng pkgutilportage portinstall pulp repo redhat subscription rhn channel rhn register rpm key slackpkg sorcerysvr4pkg swdepot swupd urpmi xbps yum yum repository zypper zypper repositoryMore modules being added all the time.

ADVANCED CONFIGURATIONMANAGEMENTTHAT LITTLE EXTRAThe following categories of Infrastructure Needs are covered extensively by Ansiblemodules: Clustering Network Commands Notification Crypto Packaging Database Remote Management Files Source Control Identity Storage Inventory System Messaging Utilities Monitoring Web Infrastructure

PROVISIONINGMAKING SOMETHING FROM NOTHINGWhat do you want to accomplish? Create IaaS compute instances, object stores, or ephemeral resources?Provision virtual machines?Create storage allocations?Set firewall rules?Configure highly available load balancers?Create VLANs?Deploy container orchestration resources?Create databases?Other?

ANSIBLE CAN DO THATWHAT? AGAIN? NO WAY!!Provisioning support for many IaaS providers: Amazon Web ServicesApache CloudStackCenturylink CloudDigital OceanDimensionDataGoogle CloudLinodeMicrosoft AzureOpenStackRackspace Public CloudSoftlayer WebfactionDatacenter and Virtualization: oVirt / RHVlibvirt resource managementJoyent SmartOS VirtVMWare (VSphere/ESXi)Storage: AIX LVMGluster VolumeInfinidatLVM2NetAppZFS

PROVISIONING - CONTINUEDOMG, THIS LIST JUST KEEPS GOING Networking A10 NetworksApstra AOSArista EOSAvi NetworksBigSwitchCisco (ASA, IOS/IOS-XR, and NX-OS)Cumulus Networks (Cumulus Linux)Dell EMC (OS6, OS9, and OS10)F5 BigIPFortios FirewallJunOSLenovo CNOS NetvisorOpen vSwitchPalo Alto Networks PAN-OSNokia SR OSVyOSDatabases InfluxDBRedisRiakMS-SQLMySQLPostgresqlVertica

PROVISIONING - CONTINUEDSERIOUSLY? MORE STUFF?Web Infrastructure and Clustering Apache HTTPD (module and mod proxy management)ConsulDjango ManagementeJabberdhtpasswdJBossJenkins (Jobs, Plugin, and Jenkinsfile visord ZooKeeper

DOING THINGS WITH ANSIBLE

DEPLOYMENTI JUST GIT PUSH TO THE CLOUD, RIGHT?Software Deployment is the act of making software available on systems; most often, this isa sequence of steps that must be performed in-order. (In-order task execution anyone?)Example: Sync some dataDatabase schema migrationRemove systems from load balancerPush new codePut systems back in load balancer Rinse/Repeat on previously not upgraded setVerify services are functionalStatus updateRemember what a Playbook does?

APPLICATION LIFECYCLE MANAGEMENTDO IT LIVE!Managing application lifecycle across one or many hosts Ansible can orchestrate both simple and complex lifecycle managementLifecycle “order of operations” defined in Playbooks Plays can execute on different sets of hosts Multiple plays per playbookPlays can use varying execution strategies for various requirements Whatever your requirements areCluster node managementDatabase schema updatesetcSky is the limit (something something cloud)

ORCHESTRATION AND WORKFLOWAUTOMATION WITH FEELINGFlow controlled automation by data from the environment allowing the automation tasks tomake “intelligent” decisions.

COMMAND LINE TOOLINGBUT WHAT ABOUT MY PERL ONE-LINERS?Make Ansible your new command line tooling API, stop re-inventing the wheel Ansible provides a very capable Python API for modulesModules can be written in any programming language that understands JSONProvides a consistent “UX” for all tasksGives you and your ops team an “on ramp” to scaling your tasks across theinfrastructure ansible localhost -m my task -a “arg1 foo arg2 bar”

EVENT BASED EXECUTIONCOWSAY WHAT?Ansible can easily integrate with existing infrastructure to performactions based on events. ----------------- --------------- Events ------ Looper (plugin) ----------------- --------------- ------------------- Loopabull --- (Event Loop) --------- --------- V ---------- ----------- ansible-playbook ---------------------- Example: loopabull Events in the infrastructure spawn messages on the bus loopabull listens on the bus, waiting for a “routing key”that it cares about (message topic) Message payload is injected into Ansible playbooks asvariables, allowing for decisions to be made based onmessage contents

CONTINUOUS INTEGRATIONTHERE IS ONLY ZUUL (BUT ALSO OTHER STUFF)Brief story of OpenStack Zuul and Jenkins Job Builder OpenStack CI System (Zuul) - http://status.openstack.org/zuul/ 2,000 jobs-per-hour 1731 git repositories to perform gating onSpread across 7 public OpenStack clouds and 4 private OpenStack clouds single-use OpenStack VMs - create and destroy 2K VMs per hourHybrid cloud anyone?OpenStack wanted to not fiddle with XML for Jenkins JobsJenkins Job Builder (YAML) was createdJenkins Performance issues ran into No more Jenkins, automatically convert JJB YAML into Ansible PlaybooksFuture: Migrate entirely away from JJB, make it all Ansible!

MORE CONTINUOUS INTEGRATIONTHE OTHER STUFFFedora Taskotron - https://taskotron.fedoraproject.org/ CI for the entire Fedora Linux Distribution“Tasks” definitions originally in YAMLTasks for every RPM, ISO, VM Image, Container, etc in the distroAutomated reporting to the Fedora Updates System (Bodhi)Migration from Taskotron YAML to Ansible Playbooks

ANSIBLE CONTAINEREND THE DOCKERFILE MADNESSUsing Ansible playbooks to build you container images Stop chaining together shell commands in DockerfilesCreate containers the same way you deploy to serversroles services, build your containers using roles Making single-purpose (microservice) containers easyDeploy to Container Orchestration Platforms Currently Supports OpenShift and Kubernetes

ANSIBLE TOWERPRETTY GRAPHS!The definitive Ansible Centralized Management Portal Role Based Access ControlCentralized Logging, History VisualizationsMulti-Playbook Workflow OrchestrationPlaybook and System Auditing (System Tracking)Self-Service Automation Sanitized form-based playbook runsIntegrated Notifications (ChatOps, etc)REST API and much much more!

ANSIBLE @ AirbusAutomation from End2EndNicolas FANJEAUAirbus InfrastructureRed Hat Summit 2017

AirbusPassion-Our global workforce is55,000Employees 45,8billion 10yrsAnnual revenue*Backlog400Operatorsunited by a passion foraviation and restlessdesire to create betterways to fly

Information & Communication TechnologyCentral &Operational elStade HamburgFiltonBroughton Bremen BuxtehudeSt. Nazaire NantesBlagnacBarajasSt. MartinGetafeMoscowBeijingAbu DhabiTianjinDubaiBangalore1300 Information System professionals located around theworld wherever Airbus operates.Data to end 2015