Getting Started with Ansible

Brendon Thiede

Development Manager @ Vertafore

Infrastructure as Code

Version control
Enforcement of desired state
Automatic changes

Ansible Features

No node agent installation (works over SSH)
Based on Python
YAML for configuration
Jinja2 templating
Custom modules can be any language; just need to produce JSON
WebUI (AnsibleWorks AWX ) is separate and lacking

Concepts

Configuration

---
# group_vars/all

mysqlservice: mysqld
mysql_port: 3306

sites
    - nginx_hostname: www.mama-bear-naturals.com
      wp_db_password: "{{ vault_wp_db_password_live }}"
    - nginx_hostname: beta.mama-bear-naturals.com
      wp_db_password: "{{ vault_wp_db_password_beta }}"

Use ansible-vault to encrypt/decrypt

Roles: tasks

---
# This playbook will install MariaDB and create db

- name: Install MariaDB package
  yum: name={{ item }} state=installed
  with_items:
   - mariadb-server
   - MySQL-python
   - libselinux-python
   - libsemanage-python

- name: Create Mysql configuration file
  template: src=my.cnf.j2 dest=/etc/my.cnf
  notify:
  - restart mariadb

Roles: templates

[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
user=mysql
symbolic-links=0
port={{ mysql_port }}

[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mariadb/mysqld.pid

Roles: handlers

---
- name: restart nginx
  service: name=nginx state=restarted enabled=yes

Inventory

[wordpress-server]
troyvm ansible_user=root ansible_port=9922 ansible_host=208.64.37.13

Playbook

---
- name: Install WordPress, MariaDB, Nginx, and PHP-FPM
  hosts: wordpress-server
  remote_user: root

  roles:
    - common
    - mariadb
    - nginx
    - php-fpm
    - wordpress

Ship it!

ansible-playbook site.yml -e@group_vars/vault \
--vault-password-file=~/.vault_pass.txt