2012-02-23 20:17:24 +01:00
Ansible
=======
2012-02-24 07:13:21 +01:00
Ansible is a extra-simple tool/API for doing 'parallel remote things' over SSH -- whether
2012-02-27 05:03:06 +01:00
executing commands, running "modules", or executing larger 'playbooks' that
2012-02-24 07:13:21 +01:00
can serve as a configuration management or deployment system.
2012-02-23 20:17:24 +01:00
2012-02-24 03:47:31 +01:00
While [Func ](http://fedorahosted.org/func ), which I co-wrote,
aspired to avoid using SSH and have it's own daemon infrastructure,
Ansible aspires to be quite different and more minimal, but still able
to grow more modularly over time. This is based on talking to a lot of
users of various tools and wishing to eliminate problems with connectivity
and long running daemons, or not picking tool X because they preferred to
2012-02-27 05:03:06 +01:00
code in Y. Further, playbooks take things a whole step further, building the config
and deployment system I always wanted to build.
2012-02-24 03:47:31 +01:00
Why use Ansible versus something else? (Fabric, Capistrano, mCollective,
Func, SaltStack, etc?) It will have far less code, it will be more correct,
and it will be the easiest thing to hack on and use you'll ever see --
regardless of your favorite language of choice. Want to only code plugins
in bash or clojure? Ansible doesn't care. The docs will fit on one page
and the source will be blindingly obvious.
Design Principles
=================
2012-02-23 20:17:24 +01:00
2012-02-28 03:26:23 +01:00
* Dead simple setup
* Super fast & parallel by default
* No server or client daemons; use existing SSHd
* No additional software required on client boxes
* Modules can be written in ANY language
* Awesome API for creating very powerful distributed scripts
* Be usable as non-root
* Create the easiest config management system to use, ever.
2012-02-23 20:17:24 +01:00
Requirements
============
2012-03-03 03:08:48 +01:00
Requirements are extremely minimal.
If you are running python 2.6 on the 'overlord' machine, you will need:
2012-02-23 20:28:39 +01:00
2012-02-28 03:26:23 +01:00
* paramiko
2012-03-03 03:08:48 +01:00
* PyYAML (if using playbooks)
If you are running less than Python 2.6, you will also need
* the Python 2.4 or 2.5 backport of the multiprocessing module
* simplejson
2012-02-23 20:17:24 +01:00
2012-03-03 03:08:48 +01:00
On the managed nodes, to use templating, you will need:
2012-02-24 10:35:51 +01:00
2012-03-03 03:08:48 +01:00
* python-jinja2 (you can install this with ansible)
2012-02-24 10:35:51 +01:00
2012-03-02 03:18:32 +01:00
Patterns and Groups
===================
2012-02-23 20:17:24 +01:00
2012-03-02 03:18:32 +01:00
Ansible works off an inventory file (/etc/ansible/hosts or overrideable with -i). Hosts can
2012-03-03 05:02:17 +01:00
be listed by IP or hostname, and groups are denoted with square brackets:
2012-02-23 20:17:24 +01:00
2012-02-23 22:07:10 +01:00
Example:
abc.example.com
def.example.com
2012-03-02 03:18:32 +01:00
[atlanta]
2012-02-23 22:07:10 +01:00
192.168.10.50
192.168.10.51
2012-03-02 03:18:32 +01:00
[raleigh]
192.168.10.52
2012-03-03 05:02:17 +01:00
When running ansible commands, hosts are addressed by name, wildcard, or group name.
This specifier is used in all ansible commands. 'all' is a built-in group name that matches all
hosts. Group names and host wildcards can be mixed as needed:
2012-02-23 22:07:10 +01:00
2012-03-03 05:02:17 +01:00
all
'web*.example.com'
'appservers;dbservers'
2012-03-02 04:10:47 +01:00
'atlanta;raleigh'
2012-03-03 05:02:17 +01:00
'192.168.10.50'
2012-02-23 22:32:58 +01:00
2012-03-02 03:18:32 +01:00
Example: Massive Parallelism and Running Shell Commands
=======================================================
2012-02-23 20:17:24 +01:00
2012-02-27 04:51:23 +01:00
Reboot all web servers in Atlanta, 10 at a time:
2012-02-23 20:40:17 +01:00
2012-03-02 04:10:47 +01:00
> ssh-agent bash
> ssh-add ~/.ssh/id_rsa.pub
2012-03-02 03:18:32 +01:00
2012-03-02 04:10:47 +01:00
> ansible atlanta -a "/sbin/reboot" -f 10
2012-02-23 20:17:24 +01:00
2012-03-02 03:18:32 +01:00
The -f 10 specifies the usage of 10 simultaneous processes.
2012-02-27 05:03:06 +01:00
2012-03-02 03:18:32 +01:00
Note that other than the command module, ansible modules do not work like simple scripts. They make
the remote system look like you state, and run the commands neccessary to get it there.
2012-02-28 05:36:22 +01:00
2012-03-03 20:06:15 +01:00
Example: Time-limited Background Operations
===========================================
Long running operations can be backgrounded, and their status can be checked on later. The same
job ID is given to the same task on all hosts, so you won't lose track. Polling support
is pending in the command line.
2012-03-03 20:20:58 +01:00
> ansible all -B 3600 -a "/usr/bin/long_running_operation --do-stuff"
> ansible all -n job_status -a jid=123456789
2012-03-03 20:06:15 +01:00
Any module other than 'copy' or 'template' can be backgrounded.
2012-03-02 03:18:32 +01:00
Example: File Transfer and Templating
=====================================
2012-02-25 07:00:37 +01:00
2012-03-02 03:18:32 +01:00
Ansible can SCP lots of files to multiple machines in parallel, and optionally use
them as template sources.
2012-02-23 20:17:24 +01:00
2012-03-02 03:18:32 +01:00
To just transfer a file directly to many different servers:
2012-02-23 20:17:24 +01:00
2012-03-02 04:10:47 +01:00
> ansible atlanta copy -a "/etc/hosts /tmp/hosts"
2012-02-24 04:47:03 +01:00
2012-03-02 03:18:32 +01:00
To use templating, first run the setup module to put the template variables you would
like to use on the remote host. Then use the template module to write the
files using the templates. Templates are written in Jinja2 format.
2012-02-23 20:17:24 +01:00
2012-03-02 04:10:47 +01:00
> ansible webservers -m setup -a "favcolor=red ntp_server=192.168.1.1"
> ansible webservers -m template -a "src=/srv/motd.j2 dest=/etc/motd"
> ansible webservers -m template -a "src=/srv/ntp.j2 dest=/etc/ntp.conf"
2012-02-23 22:07:10 +01:00
2012-02-28 05:16:46 +01:00
Need something like the fqdn in a template? If facter or ohai are installed, data from these projects
2012-03-02 03:18:32 +01:00
will also be made available to the template engine, using 'facter_' and 'ohai_' prefixes for each.
2012-02-27 05:03:06 +01:00
2012-03-02 03:18:32 +01:00
Example: Software Deployment From Source Control
================================================
2012-02-23 22:07:10 +01:00
2012-02-27 04:51:23 +01:00
Deploy your webapp straight from git
2012-02-23 22:07:10 +01:00
2012-03-02 04:10:47 +01:00
> ansible webservers -m git -a "repo=git://foo dest=/srv/myapp version=HEAD"
2012-02-23 20:28:39 +01:00
2012-03-03 20:06:15 +01:00
Since ansible modules can notify change handlers (see 'Playbooks') it is possible
to tell ansible to run specific tasks when the code is updated, such as deploying
Perl/Python/PHP/Ruby directly from git and then restarting apache.
2012-02-27 04:51:23 +01:00
Other Modules
2012-02-23 22:07:10 +01:00
=============
2012-03-03 20:06:15 +01:00
Ansible has lots of other modules and they are growing.
2012-03-02 03:18:32 +01:00
2012-03-03 20:06:15 +01:00
See the library directory in the source checkout or the manpage:
[ansible-modules(5) ](https://github.com/mpdehaan/ansible/blob/master/docs/man/man5/ansible-modules.5.asciidoc ) that covers what's there and all the options they take.
2012-02-23 22:32:58 +01:00
2012-02-24 05:26:16 +01:00
Playbooks
=========
2012-03-02 03:18:32 +01:00
Playbooks are a completely different way to use ansible and are particularly awesome.
2012-02-25 23:31:23 +01:00
2012-02-28 05:54:56 +01:00
They are the basis for a really simple configuration management system, unlike
any that already exist, and one that is very well suited to deploying complex
multi-machine applications.
2012-03-02 03:18:32 +01:00
An example showing a small playbook:
2012-02-28 05:54:56 +01:00
---
2012-03-03 20:06:15 +01:00
- hosts: all
user: root
2012-02-28 05:54:56 +01:00
tasks:
2012-03-03 20:06:15 +01:00
- include: base.yml
2012-02-28 05:54:56 +01:00
- name: configure template & module variables for future template calls
action: setup http_port=80 max_clients=200
- name: write the apache config file
2012-03-03 20:06:15 +01:00
action: template src=/srv/httpd.j2 dest=/etc/httpd.conf
2012-02-28 05:54:56 +01:00
notify:
- restart apache
- name: ensure apache is running
action: service name=httpd state=started
handlers:
2012-03-03 20:06:15 +01:00
- include: handlers.yml
Some key concepts here include:
* Everything is expressed in simple YAML
* Steps can be run as non-root
* Modules can notify 'handlers' when changes occur.
* Tasks and handlers can be 'included' to faciliate sharing and 'class' like behavior
2012-02-28 05:54:56 +01:00
2012-02-25 23:31:23 +01:00
To run a playbook:
2012-02-28 08:51:19 +01:00
ansible-playbook playbook.yml
2012-02-25 23:31:23 +01:00
2012-03-02 03:18:32 +01:00
See the playbook format manpage -- [ansible-playbook(5) ](https://github.com/mpdehaan/ansible/blob/master/docs/man/man5/ansible-playbook.5.asciidoc ) for more details.
2012-02-28 06:10:49 +01:00
API
===
2012-03-03 20:06:15 +01:00
The Python API is very powerful, and is how the ansible CLI and ansible-playbook
are implemented.
2012-02-28 06:10:49 +01:00
import ansible.runner
runner = ansible.runner.Runner(
module_name='ping',
module_args='',
pattern='web*',
forks=10
)
datastructure = runner.run()
2012-03-02 03:18:32 +01:00
The run method returns results per host, grouped by whether they
could be contacted or not. Return types are module specific, as
expressed in the 'ansible-modules' manpage.
2012-02-28 06:10:49 +01:00
{
"dark" : {
"web1.example.com" : "failure message"
}
"contacted" : {
"web2.example.com" : 1
}
}
2012-03-03 20:06:15 +01:00
A module can return any type of JSON data it wants, so Ansible can
2012-03-02 03:18:32 +01:00
be used as a framework to rapidly build powerful applications and scripts.
2012-02-23 22:32:58 +01:00
License
=======
2012-02-29 01:08:09 +01:00
GPLv3
2012-02-23 20:17:24 +01:00
2012-03-02 03:18:32 +01:00
Communicate
===========
2012-02-29 19:58:46 +01:00
2012-03-02 03:18:32 +01:00
* [ansible-project mailing list ](http://groups.google.com/group/ansible-project )
* irc.freenode.net: #ansible
2012-02-29 19:58:46 +01:00
2012-02-23 20:17:24 +01:00
Author
======
2012-02-24 03:47:31 +01:00
Michael DeHaan -- michael.dehaan@gmail.com
2012-02-23 20:28:39 +01:00
2012-02-24 03:47:31 +01:00
[http://michaeldehaan.net ](http://michaeldehaan.net/ )
2012-02-23 20:28:39 +01:00