book

Ansible: Up and Running, 2nd Edition

by Lorin Hochstein, Rene Moser

August 2017

Intermediate to advanced

427 pages

9h 12m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Foreword
Preface to the Second Edition
A Note About LanguageAcknowledgmentsFrom LorinFrom René
Preface to the First Edition
Why I Wrote This BookWho Should Read This BookNavigating This BookConventions Used in This BookOnline ResourcesSafari® Books OnlineHow to Contact Us
1. Introduction
A Note About VersionsAnsible: What Is It Good For?How Ansible WorksWhat’s So Great About Ansible?Easy-to-Read SyntaxNothing to Install on the Remote HostsPush BasedAnsible Scales DownBuilt-in ModulesVery Thin Layer of AbstractionIs Ansible Too Simple?What Do I Need to Know?What Isn’t CoveredInstalling AnsibleSetting Up a Server for TestingUsing Vagrant to Set Up a Test ServerTelling Ansible About Your Test ServerSimplifying with the ansible.cfg FileMoving Forward
2. Playbooks: A Beginning
Some PreliminariesA Very Simple PlaybookSpecifying an Nginx Config FileCreating a Custom Home PageCreating a Webservers GroupRunning the PlaybookPlaybooks Are YAMLStart of FileCommentsStringsBooleansListsDictionariesLine FoldingAnatomy of a PlaybookPlaysTasksModulesPutting It All TogetherDid Anything Change? Tracking Host StateGetting Fancier: TLS SupportGenerating a TLS CertificateVariablesGenerating the Nginx Configuration TemplateHandlersRunning the Playbook
3. Inventory: Describing Your Servers
The Inventory FilePreliminaries: Multiple Vagrant MachinesBehavioral Inventory Parametersansible_connectionansible_shell_typeansible_python_interpreteransible_*_interpreterChanging Behavioral Parameter DefaultsGroups and Groups and GroupsExample: Deploying a Django AppAliases and PortsGroups of GroupsNumbered Hosts (Pets versus Cattle)Hosts and Group Variables: Inside the InventoryHost and Group Variables: In Their Own FilesDynamic InventoryThe Interface for a Dynamic Inventory ScriptWriting a Dynamic Inventory ScriptPreexisting Inventory ScriptsBreaking the Inventory into Multiple FilesAdding Entries at Runtime with add_host and group_byadd_hostgroup_by
4. Variables and Facts
Defining Variables in PlaybooksViewing the Values of VariablesRegistering VariablesFactsViewing All Facts Associated with a ServerViewing a Subset of FactsAny Module Can Return FactsLocal FactsUsing set_fact to Define a New VariableBuilt-in Variableshostvarsinventory_hostnameGroupsSetting Variables on the Command LinePrecedence
5. Introducing Mezzanine: Our Test Application
Why Deploying to Production Is ComplicatedPostgreSQL: The DatabaseGunicorn: The Application ServerNginx: The Web ServerSupervisor: The Process Manager
6. Deploying Mezzanine with Ansible
Listing Tasks in a PlaybookOrganization of Deployed FilesVariables and Secret VariablesUsing Iteration (with_items) to Install Multiple PackagesAdding the Become Clause to a TaskUpdating the Apt CacheChecking Out the Project by Using GitInstalling Mezzanine and Other Packages into a virtualenvComplex Arguments in Tasks: A Brief DigressionConfiguring the DatabaseGenerating the local_settings.py File from a TemplateRunning django-manage CommandsRunning Custom Python Scripts in the Context of the ApplicationSetting Service Configuration FilesEnabling the Nginx ConfigurationInstalling TLS CertificatesInstalling Twitter Cron JobThe Full PlaybookRunning the Playbook Against a Vagrant MachineTroubleshootingCannot Check Out Git RepositoryCannot Reach 192.168.33.10.xip.ioBad Request (400)Deploying Mezzanine on Multiple Machines
7. Roles: Scaling Up Your Playbooks
Basic Structure of a RoleExample: Database and Mezzanine RolesUsing Roles in Your PlaybooksPre-Tasks and Post-TasksA database Role for Deploying the DatabaseA mezzanine Role for Deploying MezzanineCreating Role Files and Directories with ansible-galaxyDependent RolesAnsible GalaxyWeb InterfaceCommand-Line InterfaceContributing Your Own Role

8. Complex Playbooks
Dealing with Badly Behaved Commands: changed_when and failed_whenFiltersThe Default FilterFilters for Registered VariablesFilters That Apply to File PathsWriting Your Own FilterLookupsfilepipeenvpasswordtemplatecsvfilednstxtredis_kvetcdWriting Your Own Lookup PluginMore Complicated Loopswith_lineswith_fileglobwith_dictLooping Constructs as Lookup PluginsLoop ControlsSetting the Variable NameLabeling the OutputIncludesDynamic IncludesRole IncludesBlocksError Handling with BlocksEncrypting Sensitive Data with Vault
9. Customizing Hosts, Runs, and Handlers
Patterns for Specifying HostsLimiting Which Hosts RunRunning a Task on the Control MachineRunning a Task on a Machine Other Than the HostRunning on One Host at a TimeRunning on a Batch of Hosts at a TimeRunning Only OnceRunning StrategiesLinearFreeAdvanced HandlersHandlers in Pre and Post TasksFlush HandlersHandlers ListenManually Gathering FactsRetrieving the IP Address from the Host
10. Callback Plugins
Stdout PluginsactionabledebugdensejsonminimalonelineselectiveskippyOther Pluginsforemanhipchatjabberjunitlog_playslogentrieslogstashmailosx_sayprofile_tasksslacktimer
11. Making Ansible Go Even Faster
SSH Multiplexing and ControlPersistManually Enabling SSH MultiplexingSSH Multiplexing Options in AnsiblePipeliningEnabling PipeliningConfiguring Hosts for PipeliningFact CachingJSON File Fact-Caching BackendRedis Fact-Caching BackendMemcached Fact-Caching BackendParallelismConcurrent Tasks with Async
12. Custom Modules
Example: Checking That We Can Reach a Remote ServerUsing the Script Module Instead of Writing Your Owncan_reach as a ModuleWhere to Put Custom ModulesHow Ansible Invokes ModulesGenerate a Standalone Python Script with the Arguments (Python Only)Copy the Module to the HostCreate an Arguments File on the Host (Non-Python Only)Invoke the ModuleExpected OutputsOutput Variables that Ansible ExpectsImplementing Modules in PythonParsing ArgumentsAccessing ParametersImporting the AnsibleModule Helper ClassArgument OptionsAnsibleModule Initializer ParametersReturning Success or FailureInvoking External CommandsCheck Mode (Dry Run)Documenting Your ModuleDebugging Your ModuleImplementing the Module in BashSpecifying an Alternative Location for BashExample Modules
13. Vagrant
Convenient Vagrant Configuration OptionsPort Forwarding and Private IP AddressesEnabling Agent ForwardingThe Ansible ProvisionerWhen the Provisioner RunsInventory Generated by VagrantProvisioning in ParallelSpecifying GroupsAnsible Local Provisioner
14. Amazon EC2
TerminologyInstanceAmazon Machine ImageTagsSpecifying CredentialsEnvironment VariablesConfiguration FilesPrerequisite: Boto Python LibraryDynamic InventoryInventory CachingOther Configuration OptionsAutogenerated GroupsDefining Dynamic Groups with TagsApplying Tags to Existing ResourcesNicer Group NamesEC2 Virtual Private Cloud and EC2 ClassicConfiguring ansible.cfg for Use with ec2Launching New InstancesEC2 Key PairsCreating a New KeyUploading an Existing KeySecurity GroupsPermitted IP AddressesSecurity Group PortsGetting the Latest AMIAdding a New Instance to a GroupWaiting for the Server to Come UpCreating Instances the Idempotent WayPutting It All TogetherSpecifying a Virtual Private CloudDynamic Inventory and VPCBuilding AMIsWith the ec2_ami ModuleWith PackerOther Modules
15. Docker
The Case for Pairing Docker with AnsibleDocker Application Life CycleExample Application: GhostConnecting to the Docker DaemonRunning a Container on Our Local MachineBuilding an Image from a DockerfileOrchestrating Multiple Containers on Our Local MachinePushing Our Image to the Docker RegistryQuerying Local ImagesDeploying the Dockerized ApplicationBackend: PostgresFrontendFrontend: GhostFrontend: NginxCleaning Out ContainersConnecting Directly to ContainersAnsible ContainerThe ConductorCreating Docker ImagesRunning LocallyPublishing Images to RegistriesDeploying Containers to Production
16. Debugging Ansible Playbooks
Humane Error MessagesDebugging SSH IssuesThe Debug ModulePlaybook DebuggerThe Assert ModuleChecking Your Playbook Before ExecutionSyntax CheckList HostsList TasksCheck ModeDiff (Show File Changes)Limiting Which Tasks RunStepStart-at-TaskTags
17. Managing Windows Hosts
Connection to WindowsPowerShellWindows ModulesOur First PlaybookUpdating WindowsAdding Local UsersConclusion
18. Ansible for Network Devices
Status of Network ModulesList of Network Vendors SupportedPreparing Our Network DeviceEnable SSH AuthenticationHow the Modules WorkOur First PlaybookInventory and Variables for Network ModulesLocal ConnectionHost ConnectionAuthentication VariablesSave the ConfigUse Configs from a FileTemplates, Templates, TemplatesGathering FactsConclusion
19. Ansible Tower: Ansible for the Enterprise
Subscription ModelsTry Ansible TowerWhat Ansible Tower SolvesAccess ControlProjectsInventory ManagementRun Jobs by Job TemplatesRESTful APIAnsible Tower CLIInstallationCreate a UserLaunch a JobOnward
A. SSH
Native SSHSSH AgentStarting Up ssh-agentmacOSLinuxAgent ForwardingSudo and Agent ForwardingHost Keys
B. Using IAM Roles for EC2 Credentials
AWS Management ConsoleCommand-Line
Glossary
Bibliography
Index

Content preview from Ansible: Up and Running, 2nd Edition

Appendix A. SSH

Because Ansible uses SSH as its transport mechanism, you’ll need to understand some of SSH’s features to take advantage of them with Ansible.

Native SSH

By default, Ansible uses the native SSH client installed on your operating system. Ansible can take advantage of all the typical SSH features, including Kerberos and jump hosts. If you have an ~/.ssh/config file with custom configurations for your SSH setup, Ansible will respect these settings.

SSH Agent

A handy program called ssh-agent simplifies working with SSH private keys.

When ssh-agent is running on your machine, you can add private keys to it by using the ssh-add command:

$ ssh-add /path/to/keyfile.pem

Note

The SSH_AUTH_SOCK environment variable must be set, or the ssh-add command will not be able to communicate with ssh-agent. See “Starting Up ssh-agent”.

You can use the -l or L flag with the ssh_add program to see which keys have been added to your agent, as shown in Example A-1. This example shows that there are two keys in the agent.

Example A-1. Listing the keys in the agent

$ ssh-add -l 2048 SHA256:o7H/I9rRZupXHJ7JnDi10RhSzeAKYiRVrlH9L/JFtfA /Users/lorin/.ssh/id_rsa 2048 SHA256:xLTmHqvHHDIdcrHiHdtoOXxq5sm9DOEVi+/jnObkKKM insecure_private_key $ ssh-add -L ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWAfog5tz4W9bPVbPDlNC8HWMfhjTgKOhpSZYI+clc e3/pz5viqsHDQIjzSImoVzIOTV0tOIfE8qMkqEYk7igESccCy0zN9VnD6EfYVkEx1C+xqkCtZTEVuQn d+4qyo222EAVkHm6bAhgyoA9nt9Um9WFO0045yHZL2Do9Z7KXTS4xOqeGF5vv7SiuKcsLjORPcWcYqC fYdrdUdRD9dFq7zFKmpCPJqNwDQDrXbgaTOe+H6cu2f4RrJLp88WY8voB3zJ7avv68eOgah82dovSgw ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781491979792Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills