book

Ansible: Up and Running, 3rd Edition

by Bas Meijer, Lorin Hochstein, René Moser

July 2022

Intermediate to advanced

472 pages

10h 21m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Preface to the Third Edition
Conventions Used in This BookUsing Code ExamplesO’Reilly Online LearningHow to Contact UsAcknowledgmentsFrom LorinFrom RenéFrom Bas
1. Introduction
A Note About VersionsAnsible: What Is It Good For?How Ansible WorksWhat’s So Great About Ansible?SimplePowerfulSecureIs Ansible Too Simple?What Do I Need to Know?What Isn’t CoveredMoving Forward
2. Installation and Setup
Installing AnsibleLoose DependenciesRunning Ansible in ContainersAnsible DevelopmentSetting Up a Server for TestingUsing Vagrant to Set Up a Test ServerTelling Ansible About Your ServersSimplifying with the ansible.cfg FileKill Your DarlingsConvenient Vagrant Configuration OptionsPort Forwarding and Private IP AddressesEnabling Agent ForwardingThe Docker ProvisionerThe Ansible Local ProvisionerWhen the Provisioner RunsVagrant Plug-insHostmanagerVBGuestVirtualBox CustomizationVagrantfile Is RubyProduction SetupConclusion
3. Playbooks: A Beginning
PreliminariesA Very Simple PlaybookSpecifying an NGINX Config FileCreating a Web PageCreating a GroupRunning the PlaybookPlaybooks Are YAMLStart of DocumentEnd of FileCommentsIndentation and WhitespaceStringsBooleansListsDictionariesMultiline StringsPure YAML Instead of String ArgumentsAnatomy of a PlaybookPlaysTasksModulesViewing Ansible Module DocumentationPutting It All TogetherDid Anything Change? Tracking Host StateGetting Fancier: TLS SupportGenerating a TLS CertificateVariablesQuoting in Ansible StringsGenerating the NGINX Configuration TemplateLoopHandlersA Few Things to Keep in Mind About HandlersTestingValidationThe PlaybookRunning the PlaybookConclusion
4. Inventory: Describing Your Servers
Inventory/Hosts FilesPreliminaries: Multiple Vagrant MachinesBehavioral Inventory ParametersChanging Behavioral Parameter DefaultsGroups and Groups and GroupsExample: Deploying a Django AppAliases and PortsGroups of GroupsNumbered Hosts (Pets Versus Cattle)Hosts and Group Variables: Inside the InventoryHost and Group Variables: In Their Own FilesDynamic InventoryInventory Plug-insAmazon EC2Azure Resource ManagerThe Interface for a Dynamic Inventory ScriptWriting a Dynamic Inventory ScriptBreaking the Inventory into Multiple FilesAdding Entries at Runtime with add_host and group_byadd_hostgroup_byConclusion
5. Variables and Facts
Defining Variables in PlaybooksDefining Variables in Separate FilesDirectory LayoutViewing the Values of VariablesVariable InterpolationRegistering VariablesFactsViewing All Facts Associated with a ServerViewing a Subset of FactsAny Module Can Return Facts or InfoLocal FactsUsing set_fact to Define a New VariableBuilt-In Variableshostvarsinventory_hostnamegroupsExtra Variables on the Command LinePrecedenceConclusion
6. Introducing Mezzanine: Our Test Application
Why Is Deploying to Production Complicated?Postgres: The DatabaseGunicorn: The Application ServerNGINX: The Web ServerSupervisor: The Process ManagerConclusion
7. Deploying Mezzanine with Ansible
Listing Tasks in a PlaybookOrganization of Deployed FilesVariables and Secret VariablesInstalling Multiple PackagesAdding the Become Clause to a TaskUpdating the apt CacheChecking Out the Project Using GitInstalling Mezzanine and Other Packages into a Virtual EnvironmentComplex Arguments in Tasks: A Brief DigressionConfiguring the DatabaseGenerating the local_settings.py File from a TemplateRunning django-manage CommandsRunning Custom Python Scripts in the Context of the ApplicationSetting Service Configuration FilesEnabling the NGINX ConfigurationInstalling TLS CertificatesInstalling Twitter Cron JobThe Full PlaybookRunning the Playbook Against a Vagrant MachineTroubleshootingCannot Check Out Git RepositoryCannot Reach 192.168.33.10.nip.ioBad Request (400)Conclusion
8. Debugging Ansible Playbooks
Humane Error MessagesDebugging SSH IssuesCommon SSH ChallengesPasswordAuthentication noSSH as a Different UserHost Key Verification FailedPrivate NetworksThe debug ModulePlaybook DebuggerThe assert ModuleChecking Your Playbook Before ExecutionSyntax CheckList HostsList TasksCheck ModeDiff (Show File Changes)TagsLimitsConclusion
9. Roles: Scaling Up Your Playbooks
Basic Structure of a RoleExample: Deploying Mezzanine with RolesUsing Roles in Your PlaybooksPre-Tasks and Post-TasksA database Role for Deploying the DatabaseA mezzanine Role for Deploying MezzanineCreating Role Files and Directories with ansible-galaxyDependent RolesAnsible GalaxyWeb InterfaceCommand-Line InterfaceRole Requirements in PracticeContributing Your Own RoleConclusion

10. Complex Playbooks
Dealing with Badly Behaved CommandsFiltersThe default FilterFilters for Registered VariablesFilters That Apply to FilepathsWriting Your Own FilterLookupsfilepipeenvpasswordtemplatecsvfiledigredisWriting Your Own Lookup Plug-inMore Complicated LoopsWith Lookup Plug-inwith_lineswith_fileglobwith_dictLooping Constructs as Lookup Plug-insLoop ControlsSetting the Variable NameLabeling the OutputImports and IncludesDynamic IncludesRole IncludesRole Flow ControlBlocksError Handling with BlocksEncrypting Sensitive Data with ansible-vaultMultiple Vaults with Different PasswordsConclusion
11. Customizing Hosts, Runs, and Handlers
Patterns for Specifying HostsLimiting Which Hosts RunRunning a Task on the Control MachineManually Gathering FactsRetrieving an IP Address from the HostRunning on One Host at a TimeRunning on a Batch of Hosts at a TimeRunning Only OnceLimiting Which Tasks Runstepstart-at-taskRunning TagsSkipping TagsRunning StrategiesLinearFreeAdvanced HandlersHandlers in Pre- and Post-TasksFlush HandlersMeta CommandsHandlers Notifying HandlersHandlers ListenThe SSL Case for the listen FeatureConclusion
12. Managing Windows Hosts
Connection to WindowsPowerShellWindows ModulesOur Java Development MachineAdding a Local UserWindows FeaturesInstalling Software with ChocolateyConfiguration of JavaUpdating WindowsConclusion
13. Ansible and Containers
KubernetesDocker Application Life CycleRegistriesAnsible and DockerConnecting to the Docker DaemonExample Application: GhostRunning a Docker Container on Our Local MachineBuilding an Image from a DockerfilePushing Our Image to the Docker RegistryOrchestrating Multiple Containers on Our Local MachineQuerying Local ImagesDeploying the Dockerized ApplicationProvisioning MySQLDeploying the Ghost DatabaseFrontendFrontend: GhostFrontend: NGINXCleaning Out ContainersConclusion
14. Quality Assurance with Molecule
Installation and SetupConfiguring Molecule DriversCreating an Ansible RoleScenariosDesired StateConfiguring Scenarios in MoleculeManaging Virtual MachinesManaging ContainersMolecule CommandsLintingYAMLlintansible-lintansible-laterVerifiersAnsibleGossTestInfraConclusion
15. Collections
Installing CollectionsListing CollectionsUsing Collections in a PlaybookDeveloping a CollectionConclusion
16. Creating Images
Creating Images with PackerVagrant VirtualBox VMCombining Packer and VagrantCloud ImagesGoogle Cloud PlatformAzureAmazon EC2The PlaybookDocker Image: GCC 11Conclusion
17. Cloud Infrastructure
TerminologyInstanceAmazon Machine ImageTagsSpecifying CredentialsEnvironment VariablesConfiguration FilesPrerequisite: Boto3 Python LibraryDynamic InventoryInventory CachingOther Configuration OptionsDefining Dynamic Groups with TagsApplying Tags to Existing ResourcesNicer Group NamesVirtual Private CloudsConfiguring ansible.cfg for Use with ec2Launching New InstancesEC2 Key PairsCreating a New KeyUploading Your Public KeySecurity GroupsPermitted IP AddressesSecurity Group PortsGetting the Latest AMICreate a New Instance and Add It to a GroupWaiting for the Server to Come UpPutting It All TogetherSpecifying a Virtual Private CloudDynamic Inventory and VPCConclusion
18. Callback Plug-ins
Stdout Plug-insARAdebugdefaultdensejsonminimalnullonelineNotification and Aggregate Plug-insPython Requirementsforemanjabberjunitlog_playslogentrieslogstashmailprofile_rolesprofile_taskssayslacksplunktimerConclusion
19. Custom Modules
Example: Checking That You Can Reach a Remote ServerUsing the Script Module Instead of Writing Your Owncan_reach as a ModuleShould You Develop a Module?Where to Put Your Custom ModulesHow Ansible Invokes ModulesGenerate a Standalone Python Script with the Arguments (Python Only)Copy the Module to the HostCreate an Arguments File on the Host (Non-Python Only)Invoke the ModuleExpected OutputsOutput Variables That Ansible ExpectsImplementing Modules in PythonParsing ArgumentsAccessing ParametersImporting the AnsibleModule Helper ClassArgument OptionsAnsibleModule Initializer ParametersReturning Success or FailureInvoking External CommandsCheck Mode (Dry Run)Documenting Your ModuleDebugging Your ModuleImplementing the Module in BashSpecifying an Alternative Location for BashConclusion
20. Making Ansible Go Even Faster
SSH Multiplexing and ControlPersistManually Enabling SSH MultiplexingSSH Multiplexing Options in AnsibleMore SSH TuningAlgorithm RecommendationsPipeliningEnabling PipeliningConfiguring Hosts for PipeliningMitogen for AnsibleFact CachingJSON File Fact-Caching BackendRedis Fact-Caching BackendMemcached Fact-Caching BackendParallelismConcurrent Tasks with AsyncConclusion
21. Networking and Security
Network ManagementSupported VendorsAnsible Connection for Network AutomationPrivileged ModeNetwork InventoryNetwork Automation Use CasesSecurityComply with Compliance?Secured, but Not SecureShadow ITSunshine ITZero TrustConclusion
22. CI/CD and Ansible
Continuous IntegrationElements in a CI SystemJenkins and AnsibleRunning CI for Ansible RolesStagingAnsible Plug-inAnsible Tower Plug-inConclusion
23. Ansible Automation Platform
Subscription ModelsAnsible Automation Platform TrialWhat Ansible Automation Platform SolvesAccess ControlProjectsInventory ManagementRun Jobs by Job TemplatesRESTful APIAWX.AWXInstallationCreate an OrganizationCreate an InventoryRunning a Playbook with a Job TemplateUsing Containers to Run AnsibleCreating Execution EnvironmentsConclusion
24. Best Practices
Simplicity, Modularity, and ComposabilityOrganize ContentDecouple Inventories from ProjectsDecouple Roles and CollectionsPlaybooksCode StyleTag and Test All the ThingsDesired StateDeliver ContinuouslySecurityDeploymentPerformance IndicatorsBenchmark EvidenceFinal Words
Bibliography
Index
About the Authors

Content preview from Ansible: Up and Running, 3rd Edition

Chapter 21. Networking and Security

Network Management

Managing and configuring network devices always makes us feel nostalgic. Log in to a console by telnet, type some commands, save the configuration to startup config, and you’re done. For a long time, we had two types of management strategies for network devices:

Buy an expensive proprietary software that configures your devices.
Develop minimal tooling around your configuration files: back up your configs locally, make some changes by editing them, and copy the result back onto the devices through the console.

We have seen some movement in this space. The first thing we noticed was that network device vendors started to create or open their APIs for everyone. The second thing is that the Ansible community did not stop going lower down the stack, to the core: hardware servers, load-balancer appliances, firewall appliances, network devices, and even routers and specialized appliances. Red Hat coordinated Ansible for Network Automation in release 2.5 of Ansible. Between the 2.5 and 2.9 versions of Ansible, the focus was on network modules. For maintainability reasons, this idea has since been abandoned in favor of collections, and networking is maybe the best evidence that it was a good decision to follow up on JP Mens’s blog post by focusing on ansible-core with the Ansible team, as well as to delegate certified content creation to Red Hat partners and the rest to the community. Network vendors jumped on the bandwagon, ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781098109141Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Ansible: Up and Running, 3rd Edition

by Bas Meijer, Lorin Hochstein, René Moser

Chapter 21. Networking and Security

Network Management

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.