book

Ansible: Up and Running, 2nd Edition

by Lorin Hochstein, Rene Moser

August 2017

Intermediate to advanced

427 pages

9h 12m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Foreword
Preface to the Second Edition
A Note About LanguageAcknowledgmentsFrom LorinFrom René
Preface to the First Edition
Why I Wrote This BookWho Should Read This BookNavigating This BookConventions Used in This BookOnline ResourcesSafari® Books OnlineHow to Contact Us
1. Introduction
A Note About VersionsAnsible: What Is It Good For?How Ansible WorksWhat’s So Great About Ansible?Easy-to-Read SyntaxNothing to Install on the Remote HostsPush BasedAnsible Scales DownBuilt-in ModulesVery Thin Layer of AbstractionIs Ansible Too Simple?What Do I Need to Know?What Isn’t CoveredInstalling AnsibleSetting Up a Server for TestingUsing Vagrant to Set Up a Test ServerTelling Ansible About Your Test ServerSimplifying with the ansible.cfg FileMoving Forward
2. Playbooks: A Beginning
Some PreliminariesA Very Simple PlaybookSpecifying an Nginx Config FileCreating a Custom Home PageCreating a Webservers GroupRunning the PlaybookPlaybooks Are YAMLStart of FileCommentsStringsBooleansListsDictionariesLine FoldingAnatomy of a PlaybookPlaysTasksModulesPutting It All TogetherDid Anything Change? Tracking Host StateGetting Fancier: TLS SupportGenerating a TLS CertificateVariablesGenerating the Nginx Configuration TemplateHandlersRunning the Playbook
3. Inventory: Describing Your Servers
The Inventory FilePreliminaries: Multiple Vagrant MachinesBehavioral Inventory Parametersansible_connectionansible_shell_typeansible_python_interpreteransible_*_interpreterChanging Behavioral Parameter DefaultsGroups and Groups and GroupsExample: Deploying a Django AppAliases and PortsGroups of GroupsNumbered Hosts (Pets versus Cattle)Hosts and Group Variables: Inside the InventoryHost and Group Variables: In Their Own FilesDynamic InventoryThe Interface for a Dynamic Inventory ScriptWriting a Dynamic Inventory ScriptPreexisting Inventory ScriptsBreaking the Inventory into Multiple FilesAdding Entries at Runtime with add_host and group_byadd_hostgroup_by
4. Variables and Facts
Defining Variables in PlaybooksViewing the Values of VariablesRegistering VariablesFactsViewing All Facts Associated with a ServerViewing a Subset of FactsAny Module Can Return FactsLocal FactsUsing set_fact to Define a New VariableBuilt-in Variableshostvarsinventory_hostnameGroupsSetting Variables on the Command LinePrecedence
5. Introducing Mezzanine: Our Test Application
Why Deploying to Production Is ComplicatedPostgreSQL: The DatabaseGunicorn: The Application ServerNginx: The Web ServerSupervisor: The Process Manager
6. Deploying Mezzanine with Ansible
Listing Tasks in a PlaybookOrganization of Deployed FilesVariables and Secret VariablesUsing Iteration (with_items) to Install Multiple PackagesAdding the Become Clause to a TaskUpdating the Apt CacheChecking Out the Project by Using GitInstalling Mezzanine and Other Packages into a virtualenvComplex Arguments in Tasks: A Brief DigressionConfiguring the DatabaseGenerating the local_settings.py File from a TemplateRunning django-manage CommandsRunning Custom Python Scripts in the Context of the ApplicationSetting Service Configuration FilesEnabling the Nginx ConfigurationInstalling TLS CertificatesInstalling Twitter Cron JobThe Full PlaybookRunning the Playbook Against a Vagrant MachineTroubleshootingCannot Check Out Git RepositoryCannot Reach 192.168.33.10.xip.ioBad Request (400)Deploying Mezzanine on Multiple Machines
7. Roles: Scaling Up Your Playbooks
Basic Structure of a RoleExample: Database and Mezzanine RolesUsing Roles in Your PlaybooksPre-Tasks and Post-TasksA database Role for Deploying the DatabaseA mezzanine Role for Deploying MezzanineCreating Role Files and Directories with ansible-galaxyDependent RolesAnsible GalaxyWeb InterfaceCommand-Line InterfaceContributing Your Own Role

8. Complex Playbooks
Dealing with Badly Behaved Commands: changed_when and failed_whenFiltersThe Default FilterFilters for Registered VariablesFilters That Apply to File PathsWriting Your Own FilterLookupsfilepipeenvpasswordtemplatecsvfilednstxtredis_kvetcdWriting Your Own Lookup PluginMore Complicated Loopswith_lineswith_fileglobwith_dictLooping Constructs as Lookup PluginsLoop ControlsSetting the Variable NameLabeling the OutputIncludesDynamic IncludesRole IncludesBlocksError Handling with BlocksEncrypting Sensitive Data with Vault
9. Customizing Hosts, Runs, and Handlers
Patterns for Specifying HostsLimiting Which Hosts RunRunning a Task on the Control MachineRunning a Task on a Machine Other Than the HostRunning on One Host at a TimeRunning on a Batch of Hosts at a TimeRunning Only OnceRunning StrategiesLinearFreeAdvanced HandlersHandlers in Pre and Post TasksFlush HandlersHandlers ListenManually Gathering FactsRetrieving the IP Address from the Host
10. Callback Plugins
Stdout PluginsactionabledebugdensejsonminimalonelineselectiveskippyOther Pluginsforemanhipchatjabberjunitlog_playslogentrieslogstashmailosx_sayprofile_tasksslacktimer
11. Making Ansible Go Even Faster
SSH Multiplexing and ControlPersistManually Enabling SSH MultiplexingSSH Multiplexing Options in AnsiblePipeliningEnabling PipeliningConfiguring Hosts for PipeliningFact CachingJSON File Fact-Caching BackendRedis Fact-Caching BackendMemcached Fact-Caching BackendParallelismConcurrent Tasks with Async
12. Custom Modules
Example: Checking That We Can Reach a Remote ServerUsing the Script Module Instead of Writing Your Owncan_reach as a ModuleWhere to Put Custom ModulesHow Ansible Invokes ModulesGenerate a Standalone Python Script with the Arguments (Python Only)Copy the Module to the HostCreate an Arguments File on the Host (Non-Python Only)Invoke the ModuleExpected OutputsOutput Variables that Ansible ExpectsImplementing Modules in PythonParsing ArgumentsAccessing ParametersImporting the AnsibleModule Helper ClassArgument OptionsAnsibleModule Initializer ParametersReturning Success or FailureInvoking External CommandsCheck Mode (Dry Run)Documenting Your ModuleDebugging Your ModuleImplementing the Module in BashSpecifying an Alternative Location for BashExample Modules
13. Vagrant
Convenient Vagrant Configuration OptionsPort Forwarding and Private IP AddressesEnabling Agent ForwardingThe Ansible ProvisionerWhen the Provisioner RunsInventory Generated by VagrantProvisioning in ParallelSpecifying GroupsAnsible Local Provisioner
14. Amazon EC2
TerminologyInstanceAmazon Machine ImageTagsSpecifying CredentialsEnvironment VariablesConfiguration FilesPrerequisite: Boto Python LibraryDynamic InventoryInventory CachingOther Configuration OptionsAutogenerated GroupsDefining Dynamic Groups with TagsApplying Tags to Existing ResourcesNicer Group NamesEC2 Virtual Private Cloud and EC2 ClassicConfiguring ansible.cfg for Use with ec2Launching New InstancesEC2 Key PairsCreating a New KeyUploading an Existing KeySecurity GroupsPermitted IP AddressesSecurity Group PortsGetting the Latest AMIAdding a New Instance to a GroupWaiting for the Server to Come UpCreating Instances the Idempotent WayPutting It All TogetherSpecifying a Virtual Private CloudDynamic Inventory and VPCBuilding AMIsWith the ec2_ami ModuleWith PackerOther Modules
15. Docker
The Case for Pairing Docker with AnsibleDocker Application Life CycleExample Application: GhostConnecting to the Docker DaemonRunning a Container on Our Local MachineBuilding an Image from a DockerfileOrchestrating Multiple Containers on Our Local MachinePushing Our Image to the Docker RegistryQuerying Local ImagesDeploying the Dockerized ApplicationBackend: PostgresFrontendFrontend: GhostFrontend: NginxCleaning Out ContainersConnecting Directly to ContainersAnsible ContainerThe ConductorCreating Docker ImagesRunning LocallyPublishing Images to RegistriesDeploying Containers to Production
16. Debugging Ansible Playbooks
Humane Error MessagesDebugging SSH IssuesThe Debug ModulePlaybook DebuggerThe Assert ModuleChecking Your Playbook Before ExecutionSyntax CheckList HostsList TasksCheck ModeDiff (Show File Changes)Limiting Which Tasks RunStepStart-at-TaskTags
17. Managing Windows Hosts
Connection to WindowsPowerShellWindows ModulesOur First PlaybookUpdating WindowsAdding Local UsersConclusion
18. Ansible for Network Devices
Status of Network ModulesList of Network Vendors SupportedPreparing Our Network DeviceEnable SSH AuthenticationHow the Modules WorkOur First PlaybookInventory and Variables for Network ModulesLocal ConnectionHost ConnectionAuthentication VariablesSave the ConfigUse Configs from a FileTemplates, Templates, TemplatesGathering FactsConclusion
19. Ansible Tower: Ansible for the Enterprise
Subscription ModelsTry Ansible TowerWhat Ansible Tower SolvesAccess ControlProjectsInventory ManagementRun Jobs by Job TemplatesRESTful APIAnsible Tower CLIInstallationCreate a UserLaunch a JobOnward
A. SSH
Native SSHSSH AgentStarting Up ssh-agentmacOSLinuxAgent ForwardingSudo and Agent ForwardingHost Keys
B. Using IAM Roles for EC2 Credentials
AWS Management ConsoleCommand-Line
Glossary
Bibliography
Index

Content preview from Ansible: Up and Running, 2nd Edition

Appendix B. Using IAM Roles for EC2 Credentials

If you’re going to run Ansible inside a VPC, you can take advantage of Amazon’s Identity and Access Management (IAM) roles so that you do not even need to set environment variables to pass your EC2 credentials to the instance. Amazon’s IAM roles let you define users and groups and control what those users and groups are permitted to do with EC2 (e.g., get information about your running instances, create instances, create images). You can also assign IAM roles to running instances, so you can effectively say, “This instance is allowed to start other instances.”

When you make requests against EC2 by using a client program that supports IAM roles, and an instance is granted permissions by an IAM role, the client will fetch the credentials from the EC2 instance metadata service and use those to make requests against the EC2 service end point.

You can create an IAM role through the Amazon Web Services (AWS) Management Console, or at the command line by using the AWS Command-Line Interface tool (AWS CLI).

AWS Management Console

Here’s how to use the AWS Management Console to create an IAM role that has Power User Access, meaning that it is permitted to do pretty much anything with AWS except modify IAM users and groups:

Log in to the AWS Management Console.
Search for and then click IAM.
Click “Roles at the left.
Click the Create New Role button.
Give your role a name and then click Next Step. I like to use ansible as the name ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781491979792Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Ansible: Up and Running, 2nd Edition

by Lorin Hochstein, Rene Moser

Appendix B. Using IAM Roles for EC2 Credentials

AWS Management Console

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.