Deploy/Ansible
Aller à la navigation
Aller à la recherche
Introduction
Ansible est une plate-forme logicielle libre pour la configuration et la gestion des ordinateurs. Elle combine le déploiement de logiciels multi-nœuds, l'exécution des tâches ad-hoc, et la gestion de configuration. Elle gère les différents nœuds par dessus SSH et ne nécessite l'installation d'aucun logiciel supplémentaire à distance sur eux. Les modules fonctionnent grâce à JSON et à la sortie standard et peuvent être écrits dans n'importe quel langage de programmation. Le système utilise YAML pour exprimer des descriptions réutilisables de systèmes.
La plate-forme a été créée par Michael DeHaan, l'auteur de l'application serveur de provisioning Cobbler et coauteur du cadre de développement Func pour l'administration à distance. Les utilisateurs de Ansible comprennent le Fedora Project, Hewlett-Packard Allemagne, Basho Technologies et l'Université Aristote de Thessalonique. Il est inclus dans le cadre de la distribution Linux Fedora, propriété de Red Hat inc., et est également disponible pour Red Hat Enterprise Linux, CentOS et Scientific Linux via les paquets supplémentaires "Extra Packages for Enterprise Linux" (EPEL).
Installation
L'installation est très triviale et se résume, sur le serveur, à un simple:
yum install ansible
Les clients n'ont rien à installer, hormis bien sur <package>openssh-clients</package>.
Configuration SSH
Pour la suite du tutorial, on part du principe que l'accès SSH du serveur sur chaque client est sans mot de passe (par clé)
Pour la suite du tutorial, on part du principe que l'accès SSH du serveur sur chaque client est sans mot de passe (par clé)
- On copie le contenu du fichier /root/.ssh/id_rsa.pub du serveur sur chaque client dans le fichier /root/.ssh/authorized_keys
- On accepte l'authenticité de l'empreinte de la clé publique du client sur le serveur en se connectant en SSH.
Utilisation
Le fichier hosts
C'est dans le fichier <path>/etc/ansible/hosts</path> que l'on va déclarer tous nos clients.
Ceux-ci peuvent être déclarés en stand-alone ou faire partie d'un groupe. On peut aussi créer des groupe de groupe.
# Declaration d'un client via son hostname
client1.b2pweb.com
# ou par son adresse IP
192.168.122.100
# On peut déclarer les clients comme faisant partie d'un groupe: webservers
[webservers]
wsr1.b2pweb.com ansible_connection=ssh
wsr2.b2pweb.com ansible_connection=ssh
# On peut aussi assigner une ou plusieurs variables à un client afin de s'en servir dans les playbooks.
# Ansible en possède déjà certaines comme ansible_connection, mais on peut tout à fait ajouter nos propres
# variables
localhost ansible_connection=local
192.168.122.101 ansible_connection=ssh node_id=1 omsa_port=61311
# On peut enfin assigner une ou plusieurs variables à un groupe
[webservers:vars]
http_port=80
https_port=443
Toutefois, si beaucoup de clients vont être servi par Ansible, on peut éclater la configuration dans des fichiers au format YAML:
- la déclaration des variables des hôtes dans le répertoire <path>/etc/ansible/host_vars</path>
- la déclaration des variables des groupes dans le répertoire <path>/etc/ansible/group_vars</path>
Ce qui donnerait un fichier <path>/etc/ansible/hosts</path> épuré
[webservers]
wsr1.b2pweb.com
wsr2.b2pweb.com
Un fichier <path>/etc/ansible/group_vars/webservers</path>
---
http_port: 80
https_port: 443
Et deux fichiers var pour les hôtes: <path>/etc/ansible/host_vars/wsr1.b2pweb.com</path> et <path>/etc/ansible/host_vars/wsr2.b2pweb.com</path>.
Les deux fichiers sont ici identiques.
---
ansible_connection=ssh
Les modules
L'aide sur les modules
ansible-doc yum
> YUM
Will install, upgrade, remove, and list packages with the `yum'
package manager.
Options (= is mandatory):
- conf_file
The remote yum configuration file to use for the transaction.
- disable_gpg_check
Whether to disable the GPG checking of signatures of packages
being installed. Has an effect only if state is `present' or
`latest'. (Choices: yes, no)
- disablerepo
`repoid' of repositories to disable for the install/update
operation These repos will not persist beyond the transaction
Multiple repos separated with a ','
- enablerepo
Repoid of repositories to enable for the install/update
operation. These repos will not persist beyond the transaction
multiple repos separated with a ','
- list
Various non-idempotent commands for usage with
`/usr/bin/ansible' and `not' playbooks. See examples.
= name
Package name, or package specifier with version, like
`name-1.0'. When using state=latest, this can be '*' which
means run: yum -y update. You can also pass a url or a local
path to a rpm file.
- state
Whether to install (`present', `latest'), or remove (`absent')
a package. (Choices: present, latest, absent)
Requirements: yum, rpm
- yum: name=httpd state=latest
- yum: name=httpd state=removed
- yum: name=httpd enablerepo=testing state=installed
- yum: name=* state=latest
- yum: name=http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm state=present
- yum: name=/usr/local/src/nginx-release-centos-6-0.el6.ngx.noarch.rpm state=present
- yum: name="@Development tools" state=present
| Module | Commentaires |
|---|---|
| accelerate | Enable accelerated mode on remote node |
| acl | Sets and retrieves file ACL information. |
| add_host | add a host (and alternatively a group) to the ansible-playbook in-memory inventory |
| airbrake_deployment | Notify airbrake about app deployments |
| apt | Manages apt-packages |
| apt_key | Add or remove an apt key |
| apt_repository | Add and remove APT repositores |
| arista_interface | Manage physical Ethernet interfaces |
| arista_l2interface | Manage layer 2 interfaces |
| arista_lag | Manage port channel (lag) interfaces |
| arista_vlan | Manage VLAN resources |
| assemble | Assembles a configuration file from fragments |
| assert | Fail with custom message |
| async_status | Obtain status of asynchronous task |
| at | Schedule the execution of a command or scripts via the at command. |
| authorized_key | Adds or removes an SSH authorized key |
| bigip_monitor_http | Manages F5 BIG-IP LTM http monitors |
| bigip_monitor_tcp | Manages F5 BIG-IP LTM tcp monitors |
| bigip_node | Manages F5 BIG-IP LTM nodes |
| bigip_pool | Manages F5 BIG-IP LTM pools |
| bigip_pool_member | Manages F5 BIG-IP LTM pool members |
| boundary_meter | Manage boundary meters |
| bzr | Deploy software (or files) from bzr branches |
| campfire | Send a message to Campfire |
| cloudformation | create a AWS CloudFormation stack |
| command | Executes a command on a remote node |
| copy | Copies files to remote locations. |
| cron | Manage cron.d and crontab entries. |
| datadog_event | Posts events to DataDog service |
| debug | Print statements during execution |
| digital_ocean | Create/delete a droplet/SSH_key in DigitalOcean |
| django_manage | Manages a Django application. |
| dnsmadeeasy | Interface with dnsmadeeasy.com (a DNS hosting service). |
| docker | manage docker containers |
| docker_image | manage docker images |
| easy_install | Installs Python libraries |
| ec2 | create, terminate, start or stop an instance in ec2, return instanceid |
| ec2_ami | create or destroy an image in ec2, return imageid |
| ec2_eip | associate an EC2 elastic IP with an instance. |
| ec2_elb | De-registers or registers instances from EC2 ELBs |
| ec2_elb_lb | Creates or destroys Amazon ELB. Returns information about the load balancer. Will be marked changed when called only if state is changed. |
| ec2_facts | Gathers facts about remote hosts within ec2 (aws) |
| ec2_group | maintain an ec2 VPC security group. |
| ec2_key | maintain an ec2 key pair. |
| ec2_tag | create and remove tag(s) to ec2 resources. |
| ec2_vol | create and attach a volume, return volume id and device map |
| ec2_vpc | configure AWS virtual private clouds |
| ejabberd_user | Manages users for ejabberd servers |
| elasticache | Manage cache clusters in Amazon Elasticache. |
| facter | Runs the discovery program facter on the remote system |
| fail | Fail with custom message |
| fetch | Fetches a file from remote nodes |
| file | Sets attributes of files |
| filesystem | Makes file system on block device |
| fireball | Enable fireball mode on remote node |
| firewalld | Manage arbitrary ports/services with firewalld |
| flowdock | Send a message to a flowdock |
| gc_storage | This module manages objects/buckets in Google Cloud Storage. |
| gce | create or terminate GCE instances |
| gce_lb | create/destroy GCE load-balancer resources |
| gce_net | create/destroy GCE networks and firewall rules |
| gce_pd | utilize GCE persistent disk resources |
| gem | Manage Ruby gems |
| get_url | Downloads files from HTTP, HTTPS, or FTP to node |
| git | Deploy software (or files) from git checkouts |
| github_hooks | Manages github service hooks. |
| glance_image | Add/Delete images from glance |
| group | Add or remove groups |
| group_by | Create Ansible groups based on facts |
| grove | Sends a notification to a grove.io channel |
| hg | Manages Mercurial (hg) repositories. |
| hipchat | Send a message to hipchat |
| homebrew | Package manager for Homebrew |
| hostname | Manage hostname |
| htpasswd | manage user files for basic authentication |
| include_vars | Load variables from files, dynamically within a task. |
| ini_file | Tweak settings in INI files |
| irc | Send a message to an IRC channel |
| jabber | Send a message to jabber user or chat room |
| jboss | deploy applications to JBoss |
| kernel_blacklist | Blacklist kernel modules |
| keystone_user | Manage OpenStack Identity (keystone) users, tenants and roles |
| lineinfile | Ensure a particular line is in a file, or replace an existing line using a back-referenced regular expression. |
| linode | create / delete / stop / restart an instance in Linode Public Cloud |
| lvg | Configure LVM volume groups |
| lvol | Configure LVM logical volumes |
| macports | Package manager for MacPorts |
| Send an email | |
| modprobe | Add or remove kernel modules |
| mongodb_user | Adds or removes a user from a MongoDB database. |
| monit | Manage the state of a program monitored via Monit |
| mount | Control active and configured mount points |
| mqtt | Publish a message on an MQTT topic for the IoT |
| mysql_db | Add or remove MySQL databases from a remote host. |
| mysql_replication | Manage MySQL replication |
| mysql_user | Adds or removes a user from a MySQL database. |
| mysql_variables | Manage MySQL global variables |
| nagios | Perform common tasks in Nagios related to downtime and notifications. |
| netscaler | Manages Citrix NetScaler entities |
| newrelic_deployment | Notify newrelic about app deployments |
| nova_compute | Create/Delete VMs from OpenStack |
| nova_keypair | Add/Delete key pair from nova |
| npm | Manage node.js packages with npm |
| ohai | Returns inventory data from Ohai |
| open_iscsi | Manage iscsi targets with open-iscsi |
| openbsd_pkg | Manage packages on OpenBSD. |
| openvswitch_bridge | Manage Open vSwitch bridges |
| openvswitch_port | Manage Open vSwitch ports |
| opkg | Package manager for OpenWrt |
| osx_say | Makes an OSX computer to speak. |
| ovirt | oVirt/RHEV platform management |
| pacman | Package manager for Archlinux |
| pagerduty | Create PagerDuty maintenance windows |
| pause | Pause playbook execution |
| ping | Try to connect to host and return pong on success. |
| pingdom | Pause/unpause Pingdom alerts |
| pip | Manages Python library dependencies. |
| pkgin | Package manager for SmartOS |
| pkgng | Package manager for FreeBSD >= 9.0 |
| pkgutil | Manage CSW-Packages on Solaris |
| portinstall | Installing packages from FreeBSD’s ports system |
| postgresql_db | Add or remove PostgreSQL databases from a remote host. |
| postgresql_privs | Grant or revoke privileges on PostgreSQL database objects. |
| postgresql_user | Adds or removes a users (roles) from a PostgreSQL database. |
| quantum_floating_ip | Add/Remove floating IP from an instance |
| quantum_floating_ip_associate | Associate or disassociate a particular floating IP with an instance |
| quantum_network | Creates/Removes networks from OpenStack |
| quantum_router | Create or Remove router from openstack |
| quantum_router_gateway | set/unset a gateway interface for the router with the specified external network |
| quantum_router_interface | Attach/Dettach a subnet’s interface to a router |
| quantum_subnet | Add/Remove floating IP from an instance |
| rabbitmq_parameter | Adds or removes parameters to RabbitMQ |
| rabbitmq_plugin | Adds or removes users to RabbitMQ |
| rabbitmq_policy | Manage the state of policies in RabbitMQ. |
| rabbitmq_user | Adds or removes users to RabbitMQ |
| rabbitmq_vhost | Manage the state of a virtual host in RabbitMQ |
| raw | Executes a low-down and dirty SSH command |
| rax | create / delete an instance in Rackspace Public Cloud |
| rax_clb | create / delete a load balancer in Rackspace Public Cloud |
| rax_clb_nodes | add, modify and remove nodes from a Rackspace Cloud Load Balancer |
| rax_dns | Manage domains on Rackspace Cloud DNS |
| rax_dns_record | Manage DNS records on Rackspace Cloud DNS |
| rax_facts | Gather facts for Rackspace Cloud Servers |
| rax_files | Manipulate Rackspace Cloud Files Containers |
| rax_files_objects | Upload, download, and delete objects in Rackspace Cloud Files |
| rax_keypair | Create a keypair for use with Rackspace Cloud Servers |
| rax_network | create / delete an isolated network in Rackspace Public Cloud |
| rax_queue | create / delete a queue in Rackspace Public Cloud |
| rds | create, delete, or modify an Amazon rds instance |
| redhat_subscription | Manage Red Hat Network registration and subscriptions using the subscription-manager command |
| redis | Various redis commands, slave and flush |
| rhn_channel | Adds or removes Red Hat software channels |
| rhn_register | Manage Red Hat Network registration using the rhnreg_ks command |
| riak | This module handles some common Riak operations |
| route53 | add or delete entries in Amazons Route53 DNS service |
| rpm_key | Adds or removes a gpg key from the rpm db |
| s3 | idempotent S3 module putting a file into S3. |
| script | Runs a local script on a remote node after transferring it |
| seboolean | Toggles SELinux booleans. |
| selinux | Change policy and state of SELinux |
| service | Manage services. |
| set_fact | Set host facts from a task |
| setup | Gathers facts about remote hosts |
| shell | Execute commands in nodes. |
| slurp | Slurps a file from remote nodes |
| stat | retrieve file or file system status |
| subversion | Deploys a subversion repository. |
| supervisorctl | Manage the state of a program or group of programs running via Supervisord |
| svr4pkg | Manage Solaris SVR4 packages |
| swdepot | Manage packages with swdepot package manager (HP-UX) |
| synchronize | Uses rsync to make synchronizing file paths in your playbooks quick and easy. |
| sysctl | Manage entries in sysctl.conf. |
| template | Templates a file out to a remote server. |
| unarchive | Copies an archive to a remote location and unpack it |
| uri | Interacts with webservices |
| urpmi | Urpmi manager |
| user | Manage user accounts |
| virt | Manages virtual machines supported by libvirt |
| wait_for | Waits for a condition before continuing. |
| xattr | set/retrieve extended attributes |
| yum | Manages packages with the yum package manager |
| zfs | Manage zfs |
| zypper | Manage packages on SuSE and openSuSE |
| zypper_repository | Add and remove Zypper repositories |
Lancer des commandes directes
Commandes
ansible all -a "rpm -Uvh http://koji.b2pweb.com/packages/b2pweb-release/1.3.0/1.el6/noarch/b2pweb-release-1.3.0-1.el6.noarch.rpm"
Installation de paquets
ansible all -m yum -a 'name=mysql-conf state=installed'
Les playbooks
Les playbooks sont une succession d'action à effectuer sur le(s) client(s)
Exemple de mise en place d'un vhost sur tous les clients du groupe webservers:
- On s'assure qu'Apache est bien installé et à jour
- On demande le vhost à configurer (peut être mis en dur dans le playbook)
- On déploie notre site qui se trouve actuellement dans <path>/var/www/<vhost></path>
- On déploie notre fichier de configuration
- On redémarre apache que si le fichier de conf a été modifié
---
- hosts: webservers
vars_prompt:
- name: vhost
prompt: "VHost to define: "
private: no
vars:
http_port: 80
tasks:
- name: ensure apache is at the latest version
yum: pkg=httpd state=latest
- name: rsync website files
synchronize: src=/var/www/{{ vhost }} dest=/var/www/ recursive=yes delete=yes
- name: write the apache config file
template: src=/etc/ansible/playbooks/vhost/vhost.tpl dest=/etc/httpd/conf.d/{{ vhost }}.conf
notify:
- restart apache
- name: ensure apache is running
service: name=httpd state=started
handlers:
- name: restart apache
service: name=httpd state=restarted
et notre fichier template correspondant: <path>/etc/ansible/playbooks/vhost/vhost.tpl</path>
<VirtualHost *:{{ http_port | default(80) }}>
ServerAdmin webmaster@{{ vhost }}
DocumentRoot "/var/www/{{ vhost }}"
ServerName {{ vhost }}
ErrorLog "logs/{{ vhost }}-error_log"
CustomLog "logs/{{ vhost }}-access_log" common
</VirtualHost>
Utilisation des variables
Comme on peut le voir, les variables peuvent être utilisées aussi bien dans le fichier template que dans le playbook et être définies dans le fichier hosts ou dans le playbook.
Comme on peut le voir, les variables peuvent être utilisées aussi bien dans le fichier template que dans le playbook et être définies dans le fichier hosts ou dans le playbook.
Voir la documentation officielle pour plus d'informations sur les variables: http://docs.ansible.com/playbooks_variables.html
Les variables déjà définies par Ansible pour un client ou un groupe de clients peuvent être visualisées avec la commande:
ansible -m setup <client>On peut même utiliser des boucles dans le playbook: http://docs.ansible.com/playbooks_loops.html