38,39 €
Mehr erfahren.
- Herausgeber: Packt Publishing
- Kategorie: Wissenschaft und neue Technologien
- Sprache: Englisch
Learn everything you need to manage and handle your systems with ease with Ansible 2 using this comprehensive guide
About This Book
- Simplify the automation of applications and systems using the newest version of Ansible
- Get acquainted with fundamentals of Ansible such as playbooks, modules, and various testing strategies
- A comprehensive, learning guide that provides you with great skills to automate your organization's infrastructure using Ansible 2
Who This Book Is For
The book is for sys admins who want to automate their organization's infrastructure using Ansible 2. No prior knowledge of Ansible is required.
What You Will Learn
- Set up Ansible 2 and an Ansible 2 project in a future-proof way
- Perform basic operations with Ansible 2 such as creating, copying, moving, changing, and deleting files, and creating and deleting users
- Deploy complete cloud environments using Ansible 2 on AWS and DigitalOcean
- Explore complex operations with Ansible 2 (Ansible vault, e-mails, and Nagios)
- Develop and test Ansible playbooks
- Write a custom module and test it
In Detail
Ansible is an open source automation platform that assists organizations with tasks such as configuration management, application deployment, orchestration, and task automation. With Ansible, even complex tasks can be handled easier than before.
In this book, you will learn about the fundamentals and practical aspects of Ansible 2 by diving deeply into topics such as installation (Linux, BSD, and Windows Support), playbooks, modules, various testing strategies, provisioning, deployment, and orchestration. In this book, you will get accustomed with the new features of Ansible 2 such as cleaner architecture, task blocks, playbook parsing, new execution strategy plugins, and modules. You will also learn how to integrate Ansible with cloud platforms such as AWS. The book ends with the enterprise versions of Ansible, Ansible Tower and Ansible Galaxy, where you will learn to interact Ansible with different OSes to speed up your work to previously unseen levels
By the end of the book, you'll able to leverage the Ansible parameters to create expeditious tasks for your organization by implementing the Ansible 2 techniques and paradigms.
Style and approach
This book is a step-by-step learning guide on the all new Ansible 2, which is an ideal configuration management tool.
Sie lesen das E-Book in den Legimi-Apps auf:
Seitenzahl: 294
Veröffentlichungsjahr: 2016
Ähnliche
Table of Contents
Learning Ansible 2 Second Edition
Learning Ansible 2 Second Edition
Copyright © 2016 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: November 2014
Second edition: November 2016
Production reference: 1161116
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham
B3 2PB, UK.
ISBN 978-1-78646-423-1
www.packtpub.com
Credits
Authors
Fabio Alessandro Locati
Copy Editor
Madhusudan Uchil
Reviewers
Tim Rupp
Project Coordinator
Judie Jose
Commissioning Editor
Pratik Shah
Proofreader
Safis Editing
Acquisition Editor
Divya Poojari
Indexer
Pratik Shirodkar
Content Development Editor
Amedh Gemraram Pohad
Graphics
Kirk D'Penha
Technical Editor
Vishal Kamal Mewada
Production Coordinator
Shantanu N. Zagade
About the Author
Fabio Alessandro Locati is a senior consultant at Red Hat, public speaker, author, and open source contributor. His main areas of expertise are Linux, security, cloud technologies, and automation. With more than 10 years of working experience in the field, he has experience in different IT roles, technologies, and languages.
He has worked for many different companies, starting from a one-man company to huge companies such as Tech Data and Samsung. This has allowed him to consider various technologies from different points of view, helping him develop critical thinking and swiftly understand whether a particular technology is the right fit for a specific project.
Since he is always looking for better technologies, he also tries new technologies to understand their advantages over the old ones as well as their maturity status. One of the most important things he evaluates about a technology is its internal security and the possibility of adding security through configuration or interaction with other technologies.
In his work and to manage his own machines, he has used Ansible since 2013.
He often gives talks about his work, the projects he helps with in his spare time, and his vision of the IT and security worlds. He is the author of the book OpenStack Cloud Security, Packt Publishing.
In his spare time, he helps out on the Fedora Project as well as Wikimedia and Open Street Map.
You can find more about him on LinkedIn at https://www.linkedin.com/in/fabiolocati/en and at https://fale.io/.
I would like to thank my parents, who introduced me to computer science before I was even able to write, and my whole family, who has always been supportive. A special thanks goes to everyone I worked with at Packt Publishing for their hard work and to Tim Rupp for his great feedbacks. Since Ansible is an open source project, I thank all companies that decided to invest into it as well as all people that decided to volunteer their time to the project.
About the Reviewer
Tim Rupp has been working in various fields of computing for the last 10 years. He has held positions in computer security, software engineering, and, most recently, in the fields of cloud computing and DevOps.
He was first introduced to Ansible while at Rackspace. As part of the cloud engineering team, he made extensive use of the tool to deploy new capacity for the Rackspace public cloud. Since then, he has contributed patches, provided support for, and presented on Ansible topics at local meetups.
Tim is currently a senior software engineer at F5 Networks, where he works on data plane programmability. He is particularly interested in automation and orchestration surrounding F5 products and is the maintainer of the BIG-IP modules in Ansible.
www.PacktPub.com
For support files and downloads related to your book, please visit www.PacktPub.com.
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details.
At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.
https://www.packtpub.com/mapt
Get the most in-demand software skills with Mapt. Mapt gives you full access to all Packt books and video courses, as well as industry-leading tools to help you plan your personal development and advance your career.
Why subscribe?
Preface
The information technology sector is a fast-moving sector that always tries to accelerate. To keep up with this, companies need to be able to move quickly and iterate frequently. Until a few years back, this was mainly true for software, but now we start to see the necessity to change infrastructures at similar speed. Going forward, we will need to change the infrastructure we run our software on at the speed of the software itself.
In this scenario, many technologies, such as software-defined everything (storage, network, compute, what have you), will be key, but those technologies need to be managed in an equally scalable way, and that way will be using Ansible and similar products.
Ansible is highly relevant today since, differently from competing products, it is agentless, allowing faster deployments, more security, and better auditability.
What this book covers
Chapter 1, Getting Started with Ansible, explains how to install Ansible.
Chapter 2, Automating Simple Tasks, explains how to create simple playbooks that will allow you to automate some simple tasks that you already perform on a daily basis.
Chapter 3, Scaling to Multiple Hosts, explains how to handle multiple hosts in Ansible in an easy-to-scale way.
Chapter 4, Handling Complex Deployment, explains how to create deployments that have multiple phases as well as multiple machines.
Chapter 5, Going Cloud, explains how Ansible can integrate with various cloud offering and how it can simplify your life, managing the cloud for you.
Chapter 6, Getting Notifications from Ansible, explains how to set up Ansible to return valuable information to you and other stakeholders.
Chapter 7, Creating a Custom Module, explains how to create a custom module to leverage the freedom Ansible gives you.
Chapter 8, Debugging and Error Handling, explains how to debug and test Ansible to ensure that your playbooks will always work.
Chapter 9, Complex Environments, explains how to manage multiple tiers, multiple environments, and deployments with Ansible.
Chapter 10, Introducing Ansible for Enterprises, explains how to manage Windows nodes from Ansible as well as how to leverage Ansible Galaxy and Ansible Tower to maximize your productivity.
What you need for this book
This book is written to work with all Linux distributions. Since it’s not practical to always give the same information for all possible distributions, the example commands are for Fedora on the controller machine and CentOS on the controlled machines, if not stated. Experienced users with other distributions will have no problem in translating the commands for their own preferred distribution.
Who this book is for
The book is for developers and sysadmins who want to automate their organization’s infrastructure using Ansible 2. No prior knowledge of Ansible is required.
Conventions
In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning.
Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: "The ec2.py file will create multiple groups based on the region, availability zone, tags, and so on."
A block of code is set as follows:
--- - hosts: all remote_user: ansible vars: users: - alice - bob folders: - mail - public_htmlWhen we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:
--- - hosts: all remote_user: ansible vars: users: - alice - bob folders: - mail - public_htmlAny command-line input or output is written as follows:
$ ansible-playbook -i test01.fale.io, webserver.yamlNew terms and important words are shown in bold. Words that you see on the screen, for example, in menus or dialog boxes, appear in the text like this: "Clicking the Next button moves you to the next screen."
Note
Warnings or important notes appear in a box like this.
Tip
Tips and tricks appear like this.
Reader feedback
Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of.
To send us general feedback, simply e-mail [email protected], and mention the book's title in the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors.
Customer support
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
Downloading the example code
You can download the example code files for this book from your account at http://www.packtpub.com. If you purchased this book elsewhere, you can visit http://www.packtpub.com/support and register to have the files e-mailed directly to you.
You can download the code files by following these steps:
You can also download the code files by clicking on the Code Files button on the book's webpage at the Packt Publishing website. This page can be accessed by entering the book's name in the Search box. Please note that you need to be logged in to your Packt account.
Once the file is downloaded, please make sure that you unzip or extract the folder using the latest version of:
The code bundle for the book is also hosted on GitHub at https://github.com/PacktPublishing/Learning-Ansible-2-Second-Edition. We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!
Errata
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title.
To view the previously submitted errata, go to https://www.packtpub.com/books/content/support and enter the name of the book in the search field. The required information will appear under the Errata section.
Piracy
Piracy of copyrighted material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at [email protected] with a link to the suspected pirated material.
We appreciate your help in protecting our authors and our ability to bring you valuable content.
Questions
If you have a problem with any aspect of this book, you can contact us at [email protected], and we will do our best to address the problem.
Chapter 1. Getting Started with Ansible
ICT is often described as a fast-growing industry. I think the best quality of the ICT industry is not related to its ability to grow at a super high speed, but to its ability to revolutionize itself and the rest of the world at an astonishing speed.
Every 10 to 15 years there are major shifts in how this industry works and every shift solves problems that were very hard to manage up to that point, creating new challenges. Also, at every major shift, many best practices of the previous iteration are classified as anti-patterns and new best practices are created. Although it might appear that those changes are impossible to predict, this is not always true. Obviously, it is not possible to know exactly what changes will occur and when they will take place, but looking at companies with a large number of servers and many lines of code usually reveals what the next steps will be.
The current shift has already happened in big companies like Amazon Web Services, Facebook, and Google. It is the implementation of IT automation systems to create and manage servers.
In this chapter we will cover:
IT automation
IT automation is in its larger sense—the processes and software that help with the management of the IT infrastructure (servers, networking, and storage). In the current shift, we are assisting to a huge implementation of such processes and software.
The history of IT automation
At the beginning of IT history, there were very few servers and a lot of people were needed to make them work properly, usually more than one person for each machine. Over the years, servers became more reliable and easier to manage so it was possible to have multiple servers managed by a single system administrator. In that period, the administrators manually installed the software, upgraded the software manually, and changed the configuration files manually. This was obviously a very labor-intensive and error-prone process, so many administrators started to implement scripts and other means to make their life easier. Those scripts were (usually) pretty complex and they did not scale very well.
In the early years of this century, data centers started to grow a lot due to companies' needs. Virtualization helped in keeping prices low and the fact that many of these services were web services, meant that many servers were very similar to each other. At this point, new tools were needed to substitute the scripts that were used before, the configuration management tools.
CFEngine was one of the first tools to demonstrate configuration management capabilities way back in the 1990s; more recently, there has been Puppet, Chef, and Salt, besides Ansible.
Advantages of IT automation
People often wonder if IT automation really brings enough advantages considering that implementing it has some direct and indirect costs. The main advantages of IT automation are:
For these reasons, it's possible to reduce the cost of managing the IT infrastructure by reducing the repetitive operations often performed by system administrators.
Disadvantages of IT automation
As with any other technology, IT automation does come with some disadvantages. From my point of view these are the biggest disadvantages:
The consequence of the first is that new ways to train junior system administrators will need to be implemented.
Limiting the possible damages of an error propagation
The second one is trickier. There are a lot of ways to limit this kind of damage, but none of those will prevent it completely. The following mitigation options are available:
Types of IT automation
There are a lot of ways to classify IT automation systems, but by far the most important is related to how the configurations are propagated. Based on this, we can distinguish between agent-based systems and agent-less systems.
Agent-based systems
Agent-based systems have two different components: a server and a client called agent.
There is only one server and it contains all of the configuration for your whole environment, while the agents are as many as the machines in the environment.
Note
In some cases, more than one server could be present to ensure high availability, but treat it as if it's a single server, since they will all be configured in the same way.
Periodically, client will contact the server to see if a new configuration for its machine is present. If a new configuration is present, the client will download it and apply it.
Agent-less systems
In agent-less systems, no specific agent is present. Agent-less systems do not always respect the server/client paradigm, since it's possible to have multiple servers and even the same number of servers and clients . Communications are initialized by the server that will contact the client(s) using standard protocols (usually via SSH and PowerShell).
Agent-based versus Agent-less systems
Aside from the differences outlined above, there are other contrasting factors which arise because of those differences.
From a security standpoint, an agent-based system can be less secure. Since all machines have to be able to initiate a connection to the server machine, this machine could be attacked more easily than in an agent-less case where the machine is usually behind a firewall that will not accept any incoming connections.
From a performance point of view, agent-based systems run the risk of having the server saturated and therefore the roll-out could be slower. It also needs to be considered that, in a pure agent-based system, it is not possible to force-push an update immediately to a set of machines. It will have to wait until those machines check-in. For this reason, multiple agent-based systems have implemented out-of-bands wait to implement such feature. Tools such as Chef and Puppet are agent-based but can also run without a centralized server to scale a large number of machines, commonly called Serverless Chef and Masterless Puppet, respectively.
An agent-less system is easier to integrate in an infrastructure that is already present, since it will be seen by the clients as a normal SSH connection and therefore no additional configuration is needed.
What is Ansible?
Ansible is an agent-less IT automation tool developed in 2012 by Michael DeHaan, a former Red Hat associate. The Ansible design goals are for it to be: minimal, consistent, secure, highly reliable, and easy to learn. The Ansible company has recently been bought out by Red Hat and now operates as part of Red Hat, Inc.
Ansible primarily runs in push mode using SSH, but you can also run Ansible using ansible-pull, where you can install Ansible on each agent, download the playbooks locally, and run them on individual machines. If there is a large number of machines (large is a relative term; in our view, greater than 500 and requiring parallel updates), and you plan to deploy updates to the machines in parallel, this might be the right way to go about it.
Secure Shell (SSH)
Secure Shell (also known as SSH) is a network service that allows you to login and access a shell remotely in a fully encrypted connection. The SSH daemon is today, the standard for UNIX system administration, after having replaced the unencrypted telnet. The most frequently used implementation of the SSH protocol is OpenSSH.
In the last few months, Microsoft has shown an implementation (at the time of writing) of OpenSSH for Windows.
Since Ansible performs SSH connections and commands in the same way any other SSH client would do, no specific configuration has been applied to the OpenSSH server.
To speed up default SSH connections, you can always enable ControlPersist and the pipeline mode, which makes Ansible faster and secure.
Why Ansible?
We will try and compare Ansible with Puppet and Chef during the course of this book since many people have good experience with those tools. We will also point out specifically how Ansible would solve a problem compared to Chef or Puppet.
Ansible, as well as Puppet and Chef, are declarative in nature and are expected to move a machine to the desired state specified in the configuration. For example, in each of these tools, in order to start a service at a point in time and start it automatically on restart, you would need to write a declarative block or module; every time the tool runs on the machine, it will aspire to obtain the state defined in your playbook (Ansible), cookbook (Chef), or manifest (Puppet).
The difference in the toolset is minimal at a simple level but as more situations arise and the complexity increases, you will start finding differences between the different toolsets. In Puppet, you need to take care of the order, and the Puppet server will create the sequence of instructions to execute every time you run it on a different box. To exploit the power of Chef, you will need a good Ruby team. Your team needs to be good at the Ruby language to customize both Puppet and Chef, and there will be a bigger learning curve with both of the tools.
With Ansible, the case is different. It uses the simplicity of Chef when it comes to the order of execution, the top-to-bottom approach, and allows you to define the end state in YAML format, which makes the code extremely readable and easy for everyone, from development teams to operations teams, to pick up and make changes. In many cases, even without Ansible, operations teams are given playbook manuals to execute instructions from, whenever they face issues. Ansible mimics that behavior. Do not be surprised if you end up having your project manager change the code in Ansible and check it into Git because of its simplicity!
Installing Ansible
Installing Ansible is rather quick and simple. You can use the source code directly, by cloning it from the GitHub project (https://github.com/ansible/ansible), install it using your system's package manager, or use Python's package management tool (pip). You can use Ansible on any Windows, Mac, or UNIX-like system. Ansible doesn't require any databases and doesn't need any daemons running. This makes it easier to maintain Ansible versions and upgrade without any breaks.
We'd like to call the machine where we will install Ansible our Ansible workstation. Some people also refer to it as the command center.
Installing Ansible using the system's package manager
It is possible to install Ansible using the system's package manager and in my opinion this is the preferred option if your system's package manager ships at least Ansible 2.0. We will look into installing Ansible via Yum, Apt, Homebrew, and pip.
Installing via Yum
If you are running a Fedora system you can install Ansible directly, since from Fedora 22, Ansible 2.0+ is available in the official repositories. You can install it as follows:
$ sudo dnf install ansibleFor RHEL and RHEL-based (CentOS, Scientific Linux, Unbreakable Linux) systems, versions 6 and 7 have Ansible 2.0+ available in the EPEL repository, so you should ensure that you have the EPEL repository enabled before installing Ansible as follows:
$ sudo yum install ansibleNote
On Cent 6 or RHEL 6, you have to run the command rpm -Uvh. Refer to http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm for instructions on how to install EPEL.
Installing via Apt
Ansible is available for Ubuntu and Debian. To install Ansible on those operating systems, use the following command:
$ sudo apt-get install ansibleInstalling via Homebrew
You can install Ansible on Mac OS X using Homebrew, as follows:
$ brew update$ brew install ansible
