RE-ENTER SAS
Voyez le cloud autrement

Introduction to Ansible

by Vina Rakotondrainibe | Oracle Commerce Expert and Cloud Deployment Specialist
Paris area,

How I met Ansible

Ansible is a command line tool to manage configuration files on your servers. It talks to your server through the basic SSH port. You need to exchange SSH keys between the managed node(s) and the control machine (your machine basically).

I used it it to configure a few servers on a project were we were running out of time. I was quite impressed by the ease of installation and use of the tool. It is perfect if your configuration is simple.

Let me give you an example of a complex configuration here. Suppose you have a cluster of application servers with variable number of instances on several nodes. You need to generate your load balancing configuration files automatically by listing the server/port for each running instance and restart your web server. There, you need a tool like Chef with a daemonized client, I can't see Ansible doing the job easily and dynamically.

Installation

Ansible is really easy to install, it is packaged as a .deb package for Debian based machines or in .rpm for RedHat ones. The installation on Ubuntu took a few lines only for me:

sudo apt-get install software-properties-common
sudo apt-get apt-add-repository ppa:ansible/ansible
sudo apt-get update
sudo apt-get install ansible

Setting up your project

Create a folder for your project and go into that new directory.

mkdir myproject && cd myproject

Ansible gets its configuration from a file (by default called ansible.cfg) which can be located in several locations and will be taken in account in the following order:

  • A file path from the ANSIBLE_CONFIG environment variable
  • An ansible.cfg file in the current directory
  • An .ansible.cfg file in the home directory
  • From the /etc/ansible/ansible.cfg file

In my case, I did not have to change anything to the default values. You can find all configurable properties in this file here.

Your host Inventory

An important step is to specify your host list in the /etc/ansible/hosts file. This is the default file but you can override it by adding the following line in your ansible.cfg file:

[defaults]
hostfile = < the path to your host file here >

Hosts are standalone or grouped in the hostfile. In the example below, we have a single server called server1.example.com and two groups of servers called web and appservers:

server1.example.com
 
[web]
web1.example.com
web2.example.com
 
[appservers]
app1.example.com
app2.example.com

The group name can be used in Playbooks to specify the servers on which the Playbook actions should be performed.

For Ansible to be able to manage your hosts, you need to exchange SHH keys between your control machine and your servers:

ssh-keygen -t rsa
ssh-copy root@server1.example.com

Now you can try to ping your hosts using the following command:

ansible all -m ping -u root

the -u switch tells Ansible to use the root user to connect to the hosts. There are more options available and you can find out with the official Getting started guide.

The complete getting started guide from the official documentation can be found here. You can use several options to tell ansible to use a specific user or to sudo as a specific user etc... By default, it connects as root.

The first Playbook

Playbooks are where you define all the actions to perform. If you are familiar with Chef, it is the equivalent of recipes. The basic structure of a Playbook is:

  • Specify to which servers or group of servers the actions will apply
  • The variables which are going to be used during the run
  • The tasks which will be performed

Playbooks are in YAML format, this is an example of a Playbook for web servers running under CentOs:

---
- hosts: web-servers
 vars:
   sites:
     - my-sitedomain1
     - my-sitedomain2
 
 tasks:
 
 - name: Install Apache
   yum: name=httpd state=latest
 
 - name: Transfer main conf
   copy:
     src=./web/config/etc/httpd/conf/httpd.conf
     dest=/etc/httpd/conf/httpd.conf
 
 - name: Transfer virtual host configuration files
   template: 
     src=./web/config/etc/httpd/conf.d/{{item}}.conf.j2
     dest=/etc/httpd/conf.d/{{item}}.conf
   with_items: "{{ sites }}"
 
 - name: Create log folders
   file:
     path=/var/log/httpd/{{item}}
     state=directory
   with_items: "{{ sites }}"
 
 - name: Create docroot folders
   file:
     path=/srv/httpd
     state=directory
     owner=apache
     group=apache
     recurse=yes
 
 - name: Create docroot folders
   file:
     path=/srv/httpd/{{item}}
     state=directory
   with_items: "{{ sites }}"

This Playbook applies to the web-servers group of servers and installs Apache RPM package. It also configures the necessary folders and virtual host configuration files for two domains.

A few more notes on the above Playbook:

  • The task name is an arbitrary name for you to be able to follow the Playbook run
  • For some of the tasks, you notice that you can use array variables and loop on them using the with_items keyword.

Running the Playbook

To run the playbook, you issue the following command:

ansible-playbook config_web.yml -f 10

 The -f argument enables you to specify how many parallel threads are going to be executed to apply the Playbook on your servers.

Conclusion

I needed a quick way to configure my servers for this job and Ansible met that requirement high hands because:

  • I just needed to install the tool on my laptop instead of configuring a server with daemons and a complex architecture to be able to execute my tasks.
  • The SSH key exchange is straightforward for anyone who is used to managing servers.
  • YAML notation simplifies greatly the syntax of what you need to perform

Ansible was great to perform my basic configuration requirements but I think if you need to make complex calculations on what should be deployed per server based on your cluster topology etc..., it will not do the job easily. For that, I believe you will need a more versatile tool like Chef.

I am also wondering how it behaves when you have hundreds or thousands of servers to maintain. Ansible tower might be the answer but it is not free and open source.

Top