Automation 101 with Ansible

Kevin Howell

2020-06-13 - Southeast Linux Fest

Who Am I?

khowell@redhat.com (or kevin@kahowell.net)

https://github.com/kahowell

https://kahowell.net

Red Hat Certified Architect

Principal Software Engineer

Subscription Management

In This Talk

What is automation, in the general sense?

What kinds of things can you automate?

Ansible Lingo

Be Inspired!

What Is Automation?

"The act or process of converting the controlling of a machine or device to a more automatic system, such as computer or electronic controls." - Wiktionary

What Is Automation?

"Moving pieces, or all, of a process to a machine" - me

Programming == Automation?

Is computer programming automation?

Programming == Automation?

Yes!

Programming == Automation?

... No!

Programming == Automation?

Well, it depends...

Programming is one kind of automation

Not all programming is automation and not all automation is programming

Game Programming

Not automation*. But a lot of fun!

Trivia: Jerry Lawson is credited with inventing the first cartridge based gaming system in 1976!

Fairchild-Channel-F
Evan-Amos / CC BY-SA (https://creativecommons.org/licenses/by-sa/3.0)
By Source (WP:NFCC#4), Fair use, Link

The Assembly Line

Automation Predates the Term

From 1790, the automated mill:

What Can Be Automated?

Any Repeatable Process...

Modern Automation

Computers are super accessible in modern society.

Save the Trees!

Ashraful Islam Shimul / CC BY-SA (https://creativecommons.org/licenses/by-sa/4.0)

Ansible Lingo

Learn How To Speak Ansible

Ansible Lingo - Playbook

A set of tasks to be performed against a set of systems.

Example filenames:

  • provision_vm.yml
  • enter_outage.yml

Ansible Lingo - Task

Something for a system to do.

Examples task names:

  • Configure httpd
  • Generate the TPS report

Ansible Lingo - Inventory

Record of systems for Ansible to orchestrate. The most basic form is an ini-file. Default path is /etc/ansible/hosts

Example:

[databases]
database01.example.com
database02.example.com

[webservers]
web.example.com

Ansible documentation prefers "nodes" to "systems"... Inventory can contain abstract resources such as containers or network equipment.

Inventories include:

  • connection information (SSH or WinRM)
  • arbitrary data for a given system

Ansible Inventory - With Variables

[databases]
database01.example.com postgresql_version=12.3
database02.example.com postgresql_version=10.13

[webservers]
web.example.com ansible_user=admin

Ansible Lingo - Module

Re-usage piece of Ansible logic

Has a set of arguments

A module with a set of arguments forms a task

Most modules are idempotent

Ansible Lingo - YAML

Ansible uses YAML (Yet Another Markup Language) to define tasks and playbooks.

I think of YAML as an alternative syntax to JSON

Strings, Numbers, Arrays, Objects.

Example:

# task list
- walk the dog
- mow the lawn

# talk description - nested objects
talks:
  automation_101:
    id: 101
    title: "Automation 101 w/ Ansible"
    keywords:
      - ansible
      - automation

Ansible Module - Template

example:

- name: Configure hosts files
  template:
    src: /home/user/ansible/templates/hosts.j2
    dest: /etc/hosts

/home/user/ansible/templates/hosts.j2:

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
127.0.0.1   {{ development_hostname }}

development_hostname could be, for example: www.example.com

Ansible Module - command

example:

- name: Backup my stuff
  command: /opt/backup.sh

Ansible - Example Playbook

example:

- hosts: databases
  tasks:
    - name: Configure postgres database
      template:
        src: /home/user/ansible/templates/pg_hba.j2
        dest: /var/lib/pgsql/pg_hba.conf
    - name: Upgrade postgres via pg_upgrade
      command: pg_upgrade -b /dbbackup -B /var/lib/pgsql/data -d /dbconfig -D /var/lib/pgsql

If in a file named update_postgres.yml, can be invoked as ansible-playbook update_postgres.yml

Things I've done with Ansible

Ansible - Some Random Ideas

nightly reboot of flaky service, followed by sanity checks

interact with APIs

full system configuration - bare metal to running machine

Ansible - Other Things You Can Do With Ansible

Manage public cloud provider resources (e.g. AWS, Azure, Google)

Manage databases and users

Sync directories/files via rsync, git, http, ftp

Interact with alerting/monitoring systems

Send messages to IRC, Slack, etc.

Ansible - But Wait There's More

Manage users, groups, firewall, etc.

Manage Windows machines

and more...

For more details see https://docs.ansible.com/ansible/latest/modules/modules_by_category.html

Ansible - Ideas for Further Study

Ansible Vault

Ansible Privilege Escalation

Ansible Jinja2 Filters

Ansible Roles

Dynamic Inventory

Ansible Galaxy

Ansible - Resources

https://docs.ansible.com

https://galaxy.ansible.com/ - See how others automate with Ansible, reuse existing work

Consider Red Hat training for Ansible

Consider Ansible Automation Platform

  • includes Ansible Tower - Web UI w/ Enterprise Features

Ansible - More Resources

https://github.com/sovereign/sovereign - DIY cloud via Ansible

https://github.com/kahowell/ansible-kahowell - my personal Ansible automation

https://github.com/jdauphant/awesome-ansible - curated list of Ansible resources (unmaintained)

Q&A & Feedback

Thank you for attending!

Feedback form https://forms.gle/9E8pdkJ9jR9ybfSk7.

Presentation link https://kahowell.net/presentations/2020-06-13_automation_101_ansible/automation_101_ansible.slides.html.