2. Meetup The Fun and Pain with Ansible – Hamburg, 19.02.2015

View Github Repository Open presentation in a new window

dariusgm

See all presentation from dariusgm

2. Meetup The Fun and Pain with Ansible – Hamburg, 19.02.2015

0 1

ansible-meetup

On Github dariusgm / ansible-meetup

2. Meetup The Fun and Pain with Ansible

Hamburg, 19.02.2015

Luka Dornhecker, Darius Murawski

Topics:

  • Who we are
  • Where we work
  • The Pain with Puppet
  • Infrastructure
  • Software
  • The Fun (why we use it)
  • The Pain (with Ansible)
  • Best Practice
  • Vagrant

Darius Murawski

Luka Dornhecker

We work at Wer liefert was

The Pain with Puppet

  • Execution Order
  • DevOps write the stuff
  • Production Server
  • Change from monolith software to APIs

Infrastructure

Software

The Fun (why we use it)

  • We love yml files (rails!)
  • Requires only sshd and Python
  • Fast, Clear Execution Order
  • Modules for psql, rabbitmq and more

The Pain (with Ansible)

  • Keep servers in sync
  • QA the stuff! (CI integration?)
  • Handlers

Best Practice - Project Structure

  • Every rails app own playbook file
  • Every external application own roles file
  • same path on every environment

Project Structure - Example

.
├── handlers
│   └── main.yml
├── library
│   └── users
├── roles
│   ├── appdirs
│   ├── common
│   ├── elasticsearch
│   ├── kibana
│   ├── lock
│   ├── logstash
│   ├── mailcatcher
│   ├── monit
│   ├── nginx
│   ├── nodejs
│   ├── phantomjs
│   ├── postgresql
│   ├── public-keys
│   ├── rabbitmq
│   ├── rbenv
│   ├── redis
│   ├── (roles for our apps)
├── stages
│   ├── sandbox
│   └── vagrant
├── README.md
├── Vagrantfile
├── (many plays for our apps)
└── ansible.cfg
          
├── handlers
│   └── main.yml
├── tasks
│   ├── main.yml
│   ├── sandbox.yml
│   └── vagrant.yml
└── templates
    ├── etc
    │   ├── monit
    │   │   └── conf.d
    │   │       └── wlw_serp
    │   └── nginx
    │       ├── assets_locations
    │       │   └── wlw_serp_assets.conf
    │       ├── locations
    │       │   └── wlw_serp.conf
    │       └── upstreams
    │           └── wlw_serp.conf
    ├── home
    │   └── appsse
    │       └── wlw_serp
    │           └── shared
    │               └── bin
    │                   └── _unicorn
    ├── sandbox
    │   └── home
    │       └── appsse
    │           └── wlw_serp
    │               └── shared
    │                   └── config
    │                       └── unicorn.rb
    └── vagrant
        └── home
            └── appsse
                └── wlw_serp
                    └── shared
                        ├── database.yml
                        └── unicorn.rb
>

wlw_serp.yml

- hosts: app
  sudo: yes

  roles:
  - common
  - monit
  - nginx
  - appsse
  - rbenv
  - { role: appdirs, app: wlw_serp }
  - wlw_serp

  handlers:
  - include: handlers/main.yml

main.yml

---
- include: sandbox.yml
  when: inventory_hostname_short != "sandbox-dev"

- include: vagrant.yml
  when: inventory_hostname_short == "sandbox-dev"

- name: configure nginx
  template:
    src={{ item }}
    dest=/{{ item }}
  with_items:
    - etc/nginx/locations/wlw_serp.conf
    - etc/nginx/upstreams/wlw_serp.conf
  notify:
    - restart nginx

- name: copy bin/unicorn
  template:
    src="home/appsse/wlw_serp/shared/bin/_unicorn"
    dest="{{ users.appsse.home }}/wlw_serp/shared/bin/_unicorn"
    mode=0755
  sudo: yes
  sudo_user: appsse

- name: configure monit
  template:
    src=etc/monit/conf.d/wlw_serp
    dest=/etc/monit/conf.d/wlw_serp
  notify: restart monit

Best Practice - Key Management

  • Key Repository
  • CI get triggered by changes and publish all keys
  • Keys as git submodule in your ansible repository
---
- name: gather public keys to be installed for root
  local_action: shell cat roles/public-keys/files/keys/root/*.pub roles/public-keys/files/jenkins.pub
  changed_when: False
  sudo: False
  ignore_errors: yes
  register: keys_dev

- name: create .ssh directory for root
  file:
    path="{{ users.root.home }}/.ssh"
    state=directory
    owner=root
    group="{{ users.root.group }}"
    mode=0700

- name: install authorized_keys for root
  copy:
    content="{{ keys_dev.stdout }}"
    dest="{{ users.root.home }}/.ssh/authorized_keys"
    owner=appsse
    group="{{ users.root.group }}"
    mode=0600

Best Practice - Release Management

  • Test from blank!
  • Test by diff!

Best Practice - Work with DevOps

  • Huge task to transfer puppet to ansible scripts
  • Show them how both can benefit (Continous Delivery)
  • Use .env files for configuration

Vagrant

  • Testing ansible stuff
  • Clean state of development VM?!
  • Performance ?
  • Syncing
  • System Ruby needed on host :-(

Thank you!

Pictures:

  • http://upload.wikimedia.org/wikipedia/commons/7/73/Ruby_logo.svg
  • http://rubyonrails.org/images/rails.png
  • http://de.wikipedia.org/wiki/PostgreSQL#mediaviewer/File:Postgresql.svg
  • https://pbs.twimg.com/profile_images/631946075/realistic.png
  • http://sametmax.com/wp-content/uploads/2012/07/banner_redis-300dpi-0315a8013afee137cce47b474541d7f1.png
  • http://nginx.org/nginx.png
  • http://www.rabbitmq.com/img/rabbitmq_logo_strap.png
  • http://en.wikipedia.org/wiki/Monit#mediaviewer/File:Tildeslash_Monit_Logo.gif