book

Ansible: Up and Running, 2nd Edition

by Lorin Hochstein, Rene Moser

August 2017

Intermediate to advanced

427 pages

9h 12m

English

O'Reilly Media, Inc.

Read now

Unlock full access

A Note About LanguageAcknowledgmentsFrom LorinFrom René
Why I Wrote This BookWho Should Read This BookNavigating This BookConventions Used in This BookOnline ResourcesSafari® Books OnlineHow to Contact Us
A Note About VersionsAnsible: What Is It Good For?How Ansible WorksWhat’s So Great About Ansible?Easy-to-Read SyntaxNothing to Install on the Remote HostsPush BasedAnsible Scales DownBuilt-in ModulesVery Thin Layer of AbstractionIs Ansible Too Simple?What Do I Need to Know?What Isn’t CoveredInstalling AnsibleSetting Up a Server for TestingUsing Vagrant to Set Up a Test ServerTelling Ansible About Your Test ServerSimplifying with the ansible.cfg FileMoving Forward
Some PreliminariesA Very Simple PlaybookSpecifying an Nginx Config FileCreating a Custom Home PageCreating a Webservers GroupRunning the PlaybookPlaybooks Are YAMLStart of FileCommentsStringsBooleansListsDictionariesLine FoldingAnatomy of a PlaybookPlaysTasksModulesPutting It All TogetherDid Anything Change? Tracking Host StateGetting Fancier: TLS SupportGenerating a TLS CertificateVariablesGenerating the Nginx Configuration TemplateHandlersRunning the Playbook
The Inventory FilePreliminaries: Multiple Vagrant MachinesBehavioral Inventory Parametersansible_connectionansible_shell_typeansible_python_interpreteransible_*_interpreterChanging Behavioral Parameter DefaultsGroups and Groups and GroupsExample: Deploying a Django AppAliases and PortsGroups of GroupsNumbered Hosts (Pets versus Cattle)Hosts and Group Variables: Inside the InventoryHost and Group Variables: In Their Own FilesDynamic InventoryThe Interface for a Dynamic Inventory ScriptWriting a Dynamic Inventory ScriptPreexisting Inventory ScriptsBreaking the Inventory into Multiple FilesAdding Entries at Runtime with add_host and group_byadd_hostgroup_by
Defining Variables in PlaybooksViewing the Values of VariablesRegistering VariablesFactsViewing All Facts Associated with a ServerViewing a Subset of FactsAny Module Can Return FactsLocal FactsUsing set_fact to Define a New VariableBuilt-in Variableshostvarsinventory_hostnameGroupsSetting Variables on the Command LinePrecedence
Why Deploying to Production Is ComplicatedPostgreSQL: The DatabaseGunicorn: The Application ServerNginx: The Web ServerSupervisor: The Process Manager
Listing Tasks in a PlaybookOrganization of Deployed FilesVariables and Secret VariablesUsing Iteration (with_items) to Install Multiple PackagesAdding the Become Clause to a TaskUpdating the Apt CacheChecking Out the Project by Using GitInstalling Mezzanine and Other Packages into a virtualenvComplex Arguments in Tasks: A Brief DigressionConfiguring the DatabaseGenerating the local_settings.py File from a TemplateRunning django-manage CommandsRunning Custom Python Scripts in the Context of the ApplicationSetting Service Configuration FilesEnabling the Nginx ConfigurationInstalling TLS CertificatesInstalling Twitter Cron JobThe Full PlaybookRunning the Playbook Against a Vagrant MachineTroubleshootingCannot Check Out Git RepositoryCannot Reach 192.168.33.10.xip.ioBad Request (400)Deploying Mezzanine on Multiple Machines
Basic Structure of a RoleExample: Database and Mezzanine RolesUsing Roles in Your PlaybooksPre-Tasks and Post-TasksA database Role for Deploying the DatabaseA mezzanine Role for Deploying MezzanineCreating Role Files and Directories with ansible-galaxyDependent RolesAnsible GalaxyWeb InterfaceCommand-Line InterfaceContributing Your Own Role

Dealing with Badly Behaved Commands: changed_when and failed_whenFiltersThe Default FilterFilters for Registered VariablesFilters That Apply to File PathsWriting Your Own FilterLookupsfilepipeenvpasswordtemplatecsvfilednstxtredis_kvetcdWriting Your Own Lookup PluginMore Complicated Loopswith_lineswith_fileglobwith_dictLooping Constructs as Lookup PluginsLoop ControlsSetting the Variable NameLabeling the OutputIncludesDynamic IncludesRole IncludesBlocksError Handling with BlocksEncrypting Sensitive Data with Vault
Patterns for Specifying HostsLimiting Which Hosts RunRunning a Task on the Control MachineRunning a Task on a Machine Other Than the HostRunning on One Host at a TimeRunning on a Batch of Hosts at a TimeRunning Only OnceRunning StrategiesLinearFreeAdvanced HandlersHandlers in Pre and Post TasksFlush HandlersHandlers ListenManually Gathering FactsRetrieving the IP Address from the Host
Stdout PluginsactionabledebugdensejsonminimalonelineselectiveskippyOther Pluginsforemanhipchatjabberjunitlog_playslogentrieslogstashmailosx_sayprofile_tasksslacktimer
SSH Multiplexing and ControlPersistManually Enabling SSH MultiplexingSSH Multiplexing Options in AnsiblePipeliningEnabling PipeliningConfiguring Hosts for PipeliningFact CachingJSON File Fact-Caching BackendRedis Fact-Caching BackendMemcached Fact-Caching BackendParallelismConcurrent Tasks with Async
Example: Checking That We Can Reach a Remote ServerUsing the Script Module Instead of Writing Your Owncan_reach as a ModuleWhere to Put Custom ModulesHow Ansible Invokes ModulesGenerate a Standalone Python Script with the Arguments (Python Only)Copy the Module to the HostCreate an Arguments File on the Host (Non-Python Only)Invoke the ModuleExpected OutputsOutput Variables that Ansible ExpectsImplementing Modules in PythonParsing ArgumentsAccessing ParametersImporting the AnsibleModule Helper ClassArgument OptionsAnsibleModule Initializer ParametersReturning Success or FailureInvoking External CommandsCheck Mode (Dry Run)Documenting Your ModuleDebugging Your ModuleImplementing the Module in BashSpecifying an Alternative Location for BashExample Modules
Convenient Vagrant Configuration OptionsPort Forwarding and Private IP AddressesEnabling Agent ForwardingThe Ansible ProvisionerWhen the Provisioner RunsInventory Generated by VagrantProvisioning in ParallelSpecifying GroupsAnsible Local Provisioner
TerminologyInstanceAmazon Machine ImageTagsSpecifying CredentialsEnvironment VariablesConfiguration FilesPrerequisite: Boto Python LibraryDynamic InventoryInventory CachingOther Configuration OptionsAutogenerated GroupsDefining Dynamic Groups with TagsApplying Tags to Existing ResourcesNicer Group NamesEC2 Virtual Private Cloud and EC2 ClassicConfiguring ansible.cfg for Use with ec2Launching New InstancesEC2 Key PairsCreating a New KeyUploading an Existing KeySecurity GroupsPermitted IP AddressesSecurity Group PortsGetting the Latest AMIAdding a New Instance to a GroupWaiting for the Server to Come UpCreating Instances the Idempotent WayPutting It All TogetherSpecifying a Virtual Private CloudDynamic Inventory and VPCBuilding AMIsWith the ec2_ami ModuleWith PackerOther Modules
The Case for Pairing Docker with AnsibleDocker Application Life CycleExample Application: GhostConnecting to the Docker DaemonRunning a Container on Our Local MachineBuilding an Image from a DockerfileOrchestrating Multiple Containers on Our Local MachinePushing Our Image to the Docker RegistryQuerying Local ImagesDeploying the Dockerized ApplicationBackend: PostgresFrontendFrontend: GhostFrontend: NginxCleaning Out ContainersConnecting Directly to ContainersAnsible ContainerThe ConductorCreating Docker ImagesRunning LocallyPublishing Images to RegistriesDeploying Containers to Production
Humane Error MessagesDebugging SSH IssuesThe Debug ModulePlaybook DebuggerThe Assert ModuleChecking Your Playbook Before ExecutionSyntax CheckList HostsList TasksCheck ModeDiff (Show File Changes)Limiting Which Tasks RunStepStart-at-TaskTags
Connection to WindowsPowerShellWindows ModulesOur First PlaybookUpdating WindowsAdding Local UsersConclusion
Status of Network ModulesList of Network Vendors SupportedPreparing Our Network DeviceEnable SSH AuthenticationHow the Modules WorkOur First PlaybookInventory and Variables for Network ModulesLocal ConnectionHost ConnectionAuthentication VariablesSave the ConfigUse Configs from a FileTemplates, Templates, TemplatesGathering FactsConclusion
Subscription ModelsTry Ansible TowerWhat Ansible Tower SolvesAccess ControlProjectsInventory ManagementRun Jobs by Job TemplatesRESTful APIAnsible Tower CLIInstallationCreate a UserLaunch a JobOnward
Native SSHSSH AgentStarting Up ssh-agentmacOSLinuxAgent ForwardingSudo and Agent ForwardingHost Keys
AWS Management ConsoleCommand-Line

Overview

Among the many configuration management tools available, Ansible has some distinct advantages—it’s minimal in nature, you don’t need to install anything on your nodes, and it has an easy learning curve. With this updated second edition, you’ll learn how to be productive with this tool quickly, whether you’re a developer deploying code to production or a system administrator looking for a better automation solution.

Authors Lorin Hochstein and René Moser show you how to write playbooks (Ansible’s configuration management scripts), manage remote servers, and explore the tool’s real power: built-in declarative modules. You’ll discover that Ansible has the functionality you need—and the simplicity you desire.

Manage Windows machines, and automate network device configuration
Manage your fleet from your web browser with Ansible Tower
Understand how Ansible differs from other configuration management systems
Use the YAML file format to write your own playbooks
Work with a complete example to deploy a non-trivial application
Deploy applications to Amazon EC2 and other cloud platforms
Create Docker images and deploy Docker containers with Ansible

This book is best read start to finish, with later chapters building on earlier ones. Because it’s written in a tutorial style, you can follow along on your own machine. Most examples focus on web applications.