SlideShare a Scribd company logo

Ansible roles done right

Dan Vaida
Dan Vaida

'Ansible Roles done right' is a talk about "Applying TDD while writing roles. Automatic tests powered by Continuous Integration + containers. Quick demo of the new ansible-container." Funny title: "When your applications don't have tests, at least your infrastructure does..."

Technology
1 of 26
Download to read offline
Ansible Roles done right Ansible Berlin Meetup
Fetching and installing roles • requirements.yml • ansible-galaxy install -r requirements.yml • depending on how you access the repo, you might need a valid key in your ssh agent for grabbing the role • it's a good idea to specify the path of the roles in your ansible.cfg file. that will also tell Galaxy where to unpack the roles Ansible Berlin Meetup
$ cat requirements.yml --- - name: ec2 src: ‘git@bitbucket.org:dan_vaida/ansible-roles-ec2.git’ scm: git - name: rds src: ‘git@bitbucket.org:dan_vaida/ansible-roles-rds.git’ scm: git - name: nginx src: ‘git@bitbucket.org:dan_vaida/ansible-roles-nginx.git’ scm: git - { name: ntp, src: ‘git@bitbucket.org:dan_vaida/ansible-roles-ntp.git’, scm: git } - name: postfix src: ‘https://github.com/danvaida/ansible-roles-postfix.git’ Ansible Berlin Meetup
$ cat ansible.cfg [defaults] roles_path = ./roles retry_files_enabled = False $ ansible-galaxy install -r requirements.yml - extracting ec2 to /Users/dvaida/work/ansible_berlin/ansible-pim/roles/ec2 - ec2 was installed successfully - extracting rds to /Users/dvaida/work/ansible_berlin/ansible-pim/roles/rds - rds was installed successfully - nginx is already installed, skipping. $ cat .gitignore roles/ec2 roles/rds roles/nginx Ansible Berlin Meetup
Docker containers FROM debian:wheezy RUN apt-get -y update RUN apt-get -y install python-pip=1.1-3 python-dev=2.7.3-4+deb7u1 libffi-dev=3.0.10-3 RUN pip install ansible==2.1 ADD run-tests.sh run-tests.sh CMD ["./run-tests.sh"] Ansible Berlin Meetup
$ cd /path/to/the/role $ docker build -t ansible-roles-test tests/support $ docker run -v $PWD:/role ansible-roles-test Ansible Berlin Meetup Docker containers
Docker containers • docker containers powered by images that describe immutable packages and configs • Dockerfile with specific versions because doing apt get update && apt-get install ansible -y defeats more than half of the purpose of containers • rarely needed to run containers with --privileged (i.e. when faking a file system for formatting, mounting, etc.) • --no-cache is generally a good idea but it's also a performance killer, so an intermediary container that acts like an APT repo is advisable (remember the vagrant plugin cachier?) • install role prerequisites using the Dockerfile Ansible Berlin Meetup
Wrapper bash script $ cat ./ansible-roles-packages/tests/support/run-tests.sh #!/bin/bash set -e cd /role/tests ansible-playbook test_installation.yml # running a second time to verify playbook's idempotence set +e ansible-playbook test_installation.yml > /tmp/ second_run.log { cat /tmp/second_run.log | tail -n 5 | grep 'changed=0' && echo 'Playbook is idempotent' } || { cat /tmp/second_run.log echo 'Playbook is **NOT** idempotent' Ansible Berlin Meetup exit 1 } set -e ansible-playbook test_removal.yml # running a second time to verify playbook's idempotence set +e ansible-playbook test_removal.yml > /tmp/second_run.log { cat /tmp/second_run.log | tail -n 5 | grep 'changed=0' && echo 'Playbook is idempotent' } || { cat /tmp/second_run.log echo 'Playbook is **NOT** idempotent' exit 1 }
Wrapper bash script • very rudimentary • it relies heavily on alternatively changing the exit behaviour when a certain return code is seen • we use it for invoking each playbook twice and looking at the returned information to evaluate idempotence • it definitely needs refactoring, possibly ported to a playbook; don't write ruby for this kind of stuff. please. Ansible Berlin Meetup
changed=0 unreachable=0 failed=0 • Idempotence means f(x)=f(f(x)) • The tests that ship with the roles are like unit- tests in the big picture • You must write integration tests, too. They will prove that your roles’ interconnection actually works by testing your application's health. Ansible Berlin Meetup
Custom modules, plugins • sometimes a role uses an unpublished, custom role you wrote • simply place it in the library directory located in the root of the role. the tests will be able to use it, too • same goes for some plugins like callbacks • don't forget to include tests for your modules Ansible Berlin Meetup
$ tree ansible-roles-elasticache/ ├── README.md ├── defaults │   └── main.yml ├── library │   └── elasticache.py ├── meta │   └── main.yml ├── tasks │   └── main.yml └── tests ├── ansible.cfg ├── inventory ├── support │   ├── Dockerfile │   └── run-tests.sh ├── test_addition.yml ├── test_defaults.yml └── test_removal.yml 6 directories, 12 files Ansible Berlin Meetup custom ElastiCache Ansible module
Standards • Readability, easiness of editing, VCS-friendliness, deprecation warnings • Example: • only have True and False not yes, No, TRUE, etc. • stick with your chosen way of writing tasks (foldable scalars (>), shorthand/ one-line (=) or structured map/list (:) • use single-quotes for vars containing non-alphanumerical chars and doube-quotes for dynamic vars • prefix variables used within a role with the role’s name • use tags with confidence • … Ansible Berlin Meetup
README.md • Ansible is already runnable documentation, but a clear explanation about what the role does, what vars are exposed to the user (sort of like API endpoints in other software) must be offered. • Not all used vars need to be exposed. • Dependencies, requirements, etc. It's basically an enriched Galaxy meta/main.yml file. Ansible Berlin Meetup
TDD • tests driven development because first and foremost it is Code as Infrastructure • strict standards and rules must be defined and respected, responsibly. • tests for vars defaults and CRUD-like operations • we're not in the business of testing Ansible itself (i.e. modules) nor the user's input (i.e. config templates) • mocks play a crucial role (APIs, fake block/object storage devices, inventories, etc.) Ansible Berlin Meetup
Example TDD cycle/steps to write a role 1. Write a test that is meant to run the role with the default vars (i.e. test_defaults.yml) 2. Write your first task in the tasks/main.yml file. It can be something like - debug: msg='This is here just to pass the imdepotence test.’ 3. Run test_defaults.yml and make sure it is idempotent. 4. Write your first assertion in a new file called test_addition.yml. This would be for your first "real" task of your role (i.e. you’re create a DNS record so make sure the zone is propagated) 5. Remove the dummy task from tasks/main.yml and add the first "real" task of your role to make your test pass. 6. Run both test_defaults.yml & test_addition.yml and make sure they are idempotent. Ansible Berlin Meetup
Example TDD cycle/steps to write a role 7. Write your next assertion. 8. Add the task(s) for your respective assertion that will make the test pass. 9. Repeat steps 5 and 6 until you got all your tasks responsible for adding/updating things on the targets. 10. For the tasks responsible with removing things on the targets, write another test file (i.e. test_removal.yml) 11. Principally repeat steps 5 and 6. Tip: You might run into situations where instead of having the fairly standard test files: test_defaults.yml, test_addition.yml and test_removal.yml, you will see that you only need the test_defaults.yml file. Ansible Berlin Meetup
CI via Jenkins • the complete flow includes automatic runs of the docker containers which implicitly execute the role tests • this is typically happening when a PR is made, a branch is merged into the master branch. • a working solution is to have two Jenkins jobs. Example: • ansible-roles-logrotate-dev-qa (runs against PRs) • ansible-roles-logrotate-master (runs against master) Ansible Berlin Meetup
CI via Jenkins • Jenkins plugins used to integrate with BitBucket: • Bitbucket Approve Plugin • Bitbucket Plugin • Bitbucket Pullrequest Builder Plugin • embeddable-build-status • ChuckNorris Plugin Ansible Berlin Meetup
Ansible Berlin Meetup
"It works on my machine" always holds true for Chuck Norris. Ansible Berlin Meetup
ansible-container • Ansible’s new stab at Docker containers • Builds and orchestrates containers in Docker Compose style • It’s well under heavy development • Comes with init|build|run|push|shipit params • Install and try it: pip install ansible-container Ansible Berlin Meetup
$ tree ansible-roles-postfix/ ├── README.md ├── ansible │   ├── ansible.cfg │   ├── container.yml │   ├── inventory │   ├── main.yml │   ├── requirements.txt │   ├── run-tests.sh │   ├── templates │   │   ├── dummy.cf.j2 │   │   └── virtual.j2 │   ├── test.yml │   └── test_defaults.yml ├── defaults │   └── main.yml ├── handlers │   └── main.yml ├── meta │   └── main.yml ├── tasks │   └── main.yml ├── templates │   └── mailname.j2 └── tests └── ansible -> ../ansible 9 directories, 16 files Ansible Berlin Meetup $ tree ansible-roles-postfix/ ├── README.md ├── defaults │   └── main.yml ├── handlers │   └── main.yml ├── meta │   └── main.yml ├── tasks │   └── main.yml ├── templates │   └── mailname.j2 └── tests ├── ansible.cfg ├── inventory ├── support │   ├── Dockerfile │   └── run-tests.sh ├── templates │   ├── dummy.cf.j2 │   └── virtual.j2 ├── test.yml └── test_defaults.yml 8 directories, 14 files structure leveraging ansible-container “simple” structure
ansible-container $ git diff ansible-container master -- README.md diff --git a/README.md b/README.md index f8935b4..f104728 100644 --- a/README.md +++ b/README.md @@ -44,6 +44,6 @@ None. If you want to run the tests on the provided docker environment, run the following commands: - $ ansible-container build - $ ansible-container run + $ docker build -t ansible-roles-test tests/support + $ docker run -it -v $PWD:/role ansible-roles-test Ansible Berlin Meetup
Questions? Ansible Berlin Meetup
Thanks. @ansible_berlin meetup.com/Ansible-Berlin Ansible Berlin Meetup

Recommended

Ansible presentation
Ansible presentationAnsible presentation
Ansible presentationKumar Y
 
Best practices for ansible
Best practices for ansibleBest practices for ansible
Best practices for ansibleGeorge Shuklin
 
Ansible, best practices
Ansible, best practicesAnsible, best practices
Ansible, best practicesBas Meijer
 
DevOps Meetup ansible
DevOps Meetup ansibleDevOps Meetup ansible
DevOps Meetup ansiblesriram_rajan
 
Introduction to ansible
Introduction to ansibleIntroduction to ansible
Introduction to ansibleOmid Vahdaty
 
Ansible Introduction
Ansible Introduction Ansible Introduction
Ansible Introduction Robert Reiz
 
Introduction to Ansible
Introduction to AnsibleIntroduction to Ansible
Introduction to AnsibleCoreStack
 
Getting started with Ansible
Getting started with AnsibleGetting started with Ansible
Getting started with AnsibleIvan Serdyuk
 

Recommended

Ansible presentation
Ansible presentationAnsible presentation
Ansible presentationKumar Y
 
Best practices for ansible
Best practices for ansibleBest practices for ansible
Best practices for ansibleGeorge Shuklin
 
Ansible, best practices
Ansible, best practicesAnsible, best practices
Ansible, best practicesBas Meijer
 
DevOps Meetup ansible
DevOps Meetup ansibleDevOps Meetup ansible
DevOps Meetup ansiblesriram_rajan
 
Introduction to ansible
Introduction to ansibleIntroduction to ansible
Introduction to ansibleOmid Vahdaty
 
Ansible Introduction
Ansible Introduction Ansible Introduction
Ansible Introduction Robert Reiz
 
Introduction to Ansible
Introduction to AnsibleIntroduction to Ansible
Introduction to AnsibleCoreStack
 
Getting started with Ansible
Getting started with AnsibleGetting started with Ansible
Getting started with AnsibleIvan Serdyuk
 
Ansible
AnsibleAnsible
AnsibleRahul Bajaj
 
Automating with Ansible
Automating with AnsibleAutomating with Ansible
Automating with AnsibleRicardo Schmidt
 
IT Automation with Ansible
IT Automation with AnsibleIT Automation with Ansible
IT Automation with AnsibleRayed Alrashed
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentationJohn Lynch
 
Ansible - Introduction
Ansible - IntroductionAnsible - Introduction
Ansible - IntroductionStephane Manciot
 
Docker Swarm for Beginner
Docker Swarm for BeginnerDocker Swarm for Beginner
Docker Swarm for BeginnerShahzad Masud
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentationSuresh Kumar
 
Automation with ansible
Automation with ansibleAutomation with ansible
Automation with ansibleKhizer Naeem
 
NGINX: Basics & Best Practices - EMEA Broadcast
NGINX: Basics & Best Practices - EMEA BroadcastNGINX: Basics & Best Practices - EMEA Broadcast
NGINX: Basics & Best Practices - EMEA BroadcastNGINX, Inc.
 
Ansible
AnsibleAnsible
AnsibleKnoldus Inc.
 
Ansible - Hands on Training
Ansible - Hands on TrainingAnsible - Hands on Training
Ansible - Hands on TrainingMehmet Ali Aydın
 
K8s in 3h - Kubernetes Fundamentals Training
K8s in 3h - Kubernetes Fundamentals TrainingK8s in 3h - Kubernetes Fundamentals Training
K8s in 3h - Kubernetes Fundamentals TrainingPiotr Perzyna
 
Ansible
AnsibleAnsible
AnsibleKamil Lelonek
 
Kubernetes Architecture and Introduction
Kubernetes Architecture and IntroductionKubernetes Architecture and Introduction
Kubernetes Architecture and IntroductionStefan Schimanski
 
Ansible intro
Ansible introAnsible intro
Ansible introMarcelo Quintiliano da Silva
 
Hands on ansible
Hands on ansibleHands on ansible
Hands on ansiblesumit23kumar
 
[1A7]Ansible의이해와활용
[1A7]Ansible의이해와활용[1A7]Ansible의이해와활용
[1A7]Ansible의이해와활용NAVER D2
 
Extending kubernetes with CustomResourceDefinitions
Extending kubernetes with CustomResourceDefinitionsExtending kubernetes with CustomResourceDefinitions
Extending kubernetes with CustomResourceDefinitionsStefan Schimanski
 
02.실전! 시스템 관리자를 위한 Ansible
02.실전! 시스템 관리자를 위한 Ansible02.실전! 시스템 관리자를 위한 Ansible
02.실전! 시스템 관리자를 위한 AnsibleOpennaru, inc.
 
[오픈소스컨설팅] EFK Stack 소개와 설치 방법
[오픈소스컨설팅] EFK Stack 소개와 설치 방법[오픈소스컨설팅] EFK Stack 소개와 설치 방법
[오픈소스컨설팅] EFK Stack 소개와 설치 방법Open Source Consulting
 
Ansible 101 - Presentation at Ansible STL Meetup
Ansible 101 - Presentation at Ansible STL MeetupAnsible 101 - Presentation at Ansible STL Meetup
Ansible 101 - Presentation at Ansible STL MeetupJeff Geerling
 
Unit Testing Lots of Perl
Unit Testing Lots of PerlUnit Testing Lots of Perl
Unit Testing Lots of PerlWorkhorse Computing
 

More Related Content

What's hot

IT Automation with Ansible
IT Automation with AnsibleIT Automation with Ansible
IT Automation with AnsibleRayed Alrashed
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentationJohn Lynch
 
Docker Swarm for Beginner
Docker Swarm for BeginnerDocker Swarm for Beginner
Docker Swarm for BeginnerShahzad Masud
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentationSuresh Kumar
 
Automation with ansible
Automation with ansibleAutomation with ansible
Automation with ansibleKhizer Naeem
 
NGINX: Basics & Best Practices - EMEA Broadcast
NGINX: Basics & Best Practices - EMEA BroadcastNGINX: Basics & Best Practices - EMEA Broadcast
NGINX: Basics & Best Practices - EMEA BroadcastNGINX, Inc.
 
K8s in 3h - Kubernetes Fundamentals Training
K8s in 3h - Kubernetes Fundamentals TrainingK8s in 3h - Kubernetes Fundamentals Training
K8s in 3h - Kubernetes Fundamentals TrainingPiotr Perzyna
 
Kubernetes Architecture and Introduction
Kubernetes Architecture and IntroductionKubernetes Architecture and Introduction
Kubernetes Architecture and IntroductionStefan Schimanski
 
[1A7]Ansible의이해와활용
[1A7]Ansible의이해와활용[1A7]Ansible의이해와활용
[1A7]Ansible의이해와활용NAVER D2
 
Extending kubernetes with CustomResourceDefinitions
Extending kubernetes with CustomResourceDefinitionsExtending kubernetes with CustomResourceDefinitions
Extending kubernetes with CustomResourceDefinitionsStefan Schimanski
 
02.실전! 시스템 관리자를 위한 Ansible
02.실전! 시스템 관리자를 위한 Ansible02.실전! 시스템 관리자를 위한 Ansible
02.실전! 시스템 관리자를 위한 AnsibleOpennaru, inc.
 
[오픈소스컨설팅] EFK Stack 소개와 설치 방법
[오픈소스컨설팅] EFK Stack 소개와 설치 방법[오픈소스컨설팅] EFK Stack 소개와 설치 방법
[오픈소스컨설팅] EFK Stack 소개와 설치 방법Open Source Consulting
 

What's hot (20)

Ansible
AnsibleAnsible
Ansible
 
Automating with Ansible
Automating with AnsibleAutomating with Ansible
Automating with Ansible
 
IT Automation with Ansible
IT Automation with AnsibleIT Automation with Ansible
IT Automation with Ansible
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentation
 
Ansible - Introduction
Ansible - IntroductionAnsible - Introduction
Ansible - Introduction
 
Docker Swarm for Beginner
Docker Swarm for BeginnerDocker Swarm for Beginner
Docker Swarm for Beginner
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentation
 
Automation with ansible
Automation with ansibleAutomation with ansible
Automation with ansible
 
NGINX: Basics & Best Practices - EMEA Broadcast
NGINX: Basics & Best Practices - EMEA BroadcastNGINX: Basics & Best Practices - EMEA Broadcast
NGINX: Basics & Best Practices - EMEA Broadcast
 
Ansible
AnsibleAnsible
Ansible
 
Ansible - Hands on Training
Ansible - Hands on TrainingAnsible - Hands on Training
Ansible - Hands on Training
 
K8s in 3h - Kubernetes Fundamentals Training
K8s in 3h - Kubernetes Fundamentals TrainingK8s in 3h - Kubernetes Fundamentals Training
K8s in 3h - Kubernetes Fundamentals Training
 
Ansible
AnsibleAnsible
Ansible
 
Kubernetes Architecture and Introduction
Kubernetes Architecture and IntroductionKubernetes Architecture and Introduction
Kubernetes Architecture and Introduction
 
Ansible intro
Ansible introAnsible intro
Ansible intro
 
Hands on ansible
Hands on ansibleHands on ansible
Hands on ansible
 
[1A7]Ansible의이해와활용
[1A7]Ansible의이해와활용[1A7]Ansible의이해와활용
[1A7]Ansible의이해와활용
 
Extending kubernetes with CustomResourceDefinitions
Extending kubernetes with CustomResourceDefinitionsExtending kubernetes with CustomResourceDefinitions
Extending kubernetes with CustomResourceDefinitions
 
02.실전! 시스템 관리자를 위한 Ansible
02.실전! 시스템 관리자를 위한 Ansible02.실전! 시스템 관리자를 위한 Ansible
02.실전! 시스템 관리자를 위한 Ansible
 
[오픈소스컨설팅] EFK Stack 소개와 설치 방법
[오픈소스컨설팅] EFK Stack 소개와 설치 방법[오픈소스컨설팅] EFK Stack 소개와 설치 방법
[오픈소스컨설팅] EFK Stack 소개와 설치 방법
 

Similar to Ansible roles done right

Ansible 101 - Presentation at Ansible STL Meetup
Ansible 101 - Presentation at Ansible STL MeetupAnsible 101 - Presentation at Ansible STL Meetup
Ansible 101 - Presentation at Ansible STL MeetupJeff Geerling
 
Ansible not only for Dummies
Ansible not only for DummiesAnsible not only for Dummies
Ansible not only for DummiesŁukasz Proszek
 
OSCamp 2019 | #3 Ansible: Automated Tests of Ansible code with GitLab, Vagran...
OSCamp 2019 | #3 Ansible: Automated Tests of Ansible code with GitLab, Vagran...OSCamp 2019 | #3 Ansible: Automated Tests of Ansible code with GitLab, Vagran...
OSCamp 2019 | #3 Ansible: Automated Tests of Ansible code with GitLab, Vagran...NETWAYS
 
DevOps for Humans - Ansible for Drupal Deployment Victory!
DevOps for Humans - Ansible for Drupal Deployment Victory!DevOps for Humans - Ansible for Drupal Deployment Victory!
DevOps for Humans - Ansible for Drupal Deployment Victory!Jeff Geerling
 
Learn basic ansible using docker
Learn basic ansible using dockerLearn basic ansible using docker
Learn basic ansible using dockerLarry Cai
 
Ansible at work
Ansible at workAnsible at work
Ansible at workBas Meijer
 
Introduction to Ansible - Peter Halligan
Introduction to Ansible - Peter HalliganIntroduction to Ansible - Peter Halligan
Introduction to Ansible - Peter HalliganCorkOpenTech
 
Jenkins Job Builder: our experience
Jenkins Job Builder: our experienceJenkins Job Builder: our experience
Jenkins Job Builder: our experienceTimofey Turenko
 
A to Z of a Multi-platform Docker Swarm: Building, Shipping, and Running Mult...
A to Z of a Multi-platform Docker Swarm: Building, Shipping, and Running Mult...A to Z of a Multi-platform Docker Swarm: Building, Shipping, and Running Mult...
A to Z of a Multi-platform Docker Swarm: Building, Shipping, and Running Mult...Christy Norman
 
From Arm to Z: Building, Shipping, and Running a Multi-platform Docker Swarm ...
From Arm to Z: Building, Shipping, and Running a Multi-platform Docker Swarm ...From Arm to Z: Building, Shipping, and Running a Multi-platform Docker Swarm ...
From Arm to Z: Building, Shipping, and Running a Multi-platform Docker Swarm ...Docker, Inc.
 
Ansible & Salt - Vincent Boon
Ansible & Salt - Vincent BoonAnsible & Salt - Vincent Boon
Ansible & Salt - Vincent BoonMyNOG
 
A tour of Ansible
A tour of AnsibleA tour of Ansible
A tour of AnsibleDevOps Ltd.
 
Automation with Ansible and Containers
Automation with Ansible and ContainersAutomation with Ansible and Containers
Automation with Ansible and ContainersRodolfo Carvalho
 
[HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes]
[HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes][HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes]
[HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes]Wong Hoi Sing Edison
 

Similar to Ansible roles done right (20)

Ansible 101 - Presentation at Ansible STL Meetup
Ansible 101 - Presentation at Ansible STL MeetupAnsible 101 - Presentation at Ansible STL Meetup
Ansible 101 - Presentation at Ansible STL Meetup
 
Unit Testing Lots of Perl
Unit Testing Lots of PerlUnit Testing Lots of Perl
Unit Testing Lots of Perl
 
Docker perl build
Docker perl buildDocker perl build
Docker perl build
 
Ansible container
Ansible containerAnsible container
Ansible container
 
Ansible not only for Dummies
Ansible not only for DummiesAnsible not only for Dummies
Ansible not only for Dummies
 
OSCamp 2019 | #3 Ansible: Automated Tests of Ansible code with GitLab, Vagran...
OSCamp 2019 | #3 Ansible: Automated Tests of Ansible code with GitLab, Vagran...OSCamp 2019 | #3 Ansible: Automated Tests of Ansible code with GitLab, Vagran...
OSCamp 2019 | #3 Ansible: Automated Tests of Ansible code with GitLab, Vagran...
 
DevOps for Humans - Ansible for Drupal Deployment Victory!
DevOps for Humans - Ansible for Drupal Deployment Victory!DevOps for Humans - Ansible for Drupal Deployment Victory!
DevOps for Humans - Ansible for Drupal Deployment Victory!
 
Learn basic ansible using docker
Learn basic ansible using dockerLearn basic ansible using docker
Learn basic ansible using docker
 
Ansible at work
Ansible at workAnsible at work
Ansible at work
 
Introduction to Ansible - Peter Halligan
Introduction to Ansible - Peter HalliganIntroduction to Ansible - Peter Halligan
Introduction to Ansible - Peter Halligan
 
Testing Ansible
Testing AnsibleTesting Ansible
Testing Ansible
 
Introducing Ansible
Introducing AnsibleIntroducing Ansible
Introducing Ansible
 
Jenkins Job Builder: our experience
Jenkins Job Builder: our experienceJenkins Job Builder: our experience
Jenkins Job Builder: our experience
 
A to Z of a Multi-platform Docker Swarm: Building, Shipping, and Running Mult...
A to Z of a Multi-platform Docker Swarm: Building, Shipping, and Running Mult...A to Z of a Multi-platform Docker Swarm: Building, Shipping, and Running Mult...
A to Z of a Multi-platform Docker Swarm: Building, Shipping, and Running Mult...
 
From Arm to Z: Building, Shipping, and Running a Multi-platform Docker Swarm ...
From Arm to Z: Building, Shipping, and Running a Multi-platform Docker Swarm ...From Arm to Z: Building, Shipping, and Running a Multi-platform Docker Swarm ...
From Arm to Z: Building, Shipping, and Running a Multi-platform Docker Swarm ...
 
Ansible & Salt - Vincent Boon
Ansible & Salt - Vincent BoonAnsible & Salt - Vincent Boon
Ansible & Salt - Vincent Boon
 
Ansible 202 - sysarmy
Ansible 202 - sysarmyAnsible 202 - sysarmy
Ansible 202 - sysarmy
 
A tour of Ansible
A tour of AnsibleA tour of Ansible
A tour of Ansible
 
Automation with Ansible and Containers
Automation with Ansible and ContainersAutomation with Ansible and Containers
Automation with Ansible and Containers
 
[HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes]
[HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes][HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes]
[HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes]
 

Recently uploaded

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfOverkill Security
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 

Recently uploaded (20)

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 

Ansible roles done right

  • 1. Ansible Roles done right Ansible Berlin Meetup
  • 2. Fetching and installing roles • requirements.yml • ansible-galaxy install -r requirements.yml • depending on how you access the repo, you might need a valid key in your ssh agent for grabbing the role • it's a good idea to specify the path of the roles in your ansible.cfg file. that will also tell Galaxy where to unpack the roles Ansible Berlin Meetup
  • 3. $ cat requirements.yml --- - name: ec2 src: ‘git@bitbucket.org:dan_vaida/ansible-roles-ec2.git’ scm: git - name: rds src: ‘git@bitbucket.org:dan_vaida/ansible-roles-rds.git’ scm: git - name: nginx src: ‘git@bitbucket.org:dan_vaida/ansible-roles-nginx.git’ scm: git - { name: ntp, src: ‘git@bitbucket.org:dan_vaida/ansible-roles-ntp.git’, scm: git } - name: postfix src: ‘https://github.com/danvaida/ansible-roles-postfix.git’ Ansible Berlin Meetup
  • 4. $ cat ansible.cfg [defaults] roles_path = ./roles retry_files_enabled = False $ ansible-galaxy install -r requirements.yml - extracting ec2 to /Users/dvaida/work/ansible_berlin/ansible-pim/roles/ec2 - ec2 was installed successfully - extracting rds to /Users/dvaida/work/ansible_berlin/ansible-pim/roles/rds - rds was installed successfully - nginx is already installed, skipping. $ cat .gitignore roles/ec2 roles/rds roles/nginx Ansible Berlin Meetup
  • 5. Docker containers FROM debian:wheezy RUN apt-get -y update RUN apt-get -y install python-pip=1.1-3 python-dev=2.7.3-4+deb7u1 libffi-dev=3.0.10-3 RUN pip install ansible==2.1 ADD run-tests.sh run-tests.sh CMD ["./run-tests.sh"] Ansible Berlin Meetup
  • 6. $ cd /path/to/the/role $ docker build -t ansible-roles-test tests/support $ docker run -v $PWD:/role ansible-roles-test Ansible Berlin Meetup Docker containers
  • 7. Docker containers • docker containers powered by images that describe immutable packages and configs • Dockerfile with specific versions because doing apt get update && apt-get install ansible -y defeats more than half of the purpose of containers • rarely needed to run containers with --privileged (i.e. when faking a file system for formatting, mounting, etc.) • --no-cache is generally a good idea but it's also a performance killer, so an intermediary container that acts like an APT repo is advisable (remember the vagrant plugin cachier?) • install role prerequisites using the Dockerfile Ansible Berlin Meetup
  • 8. Wrapper bash script $ cat ./ansible-roles-packages/tests/support/run-tests.sh #!/bin/bash set -e cd /role/tests ansible-playbook test_installation.yml # running a second time to verify playbook's idempotence set +e ansible-playbook test_installation.yml > /tmp/ second_run.log { cat /tmp/second_run.log | tail -n 5 | grep 'changed=0' && echo 'Playbook is idempotent' } || { cat /tmp/second_run.log echo 'Playbook is **NOT** idempotent' Ansible Berlin Meetup exit 1 } set -e ansible-playbook test_removal.yml # running a second time to verify playbook's idempotence set +e ansible-playbook test_removal.yml > /tmp/second_run.log { cat /tmp/second_run.log | tail -n 5 | grep 'changed=0' && echo 'Playbook is idempotent' } || { cat /tmp/second_run.log echo 'Playbook is **NOT** idempotent' exit 1 }
  • 9. Wrapper bash script • very rudimentary • it relies heavily on alternatively changing the exit behaviour when a certain return code is seen • we use it for invoking each playbook twice and looking at the returned information to evaluate idempotence • it definitely needs refactoring, possibly ported to a playbook; don't write ruby for this kind of stuff. please. Ansible Berlin Meetup
  • 10. changed=0 unreachable=0 failed=0 • Idempotence means f(x)=f(f(x)) • The tests that ship with the roles are like unit- tests in the big picture • You must write integration tests, too. They will prove that your roles’ interconnection actually works by testing your application's health. Ansible Berlin Meetup
  • 11. Custom modules, plugins • sometimes a role uses an unpublished, custom role you wrote • simply place it in the library directory located in the root of the role. the tests will be able to use it, too • same goes for some plugins like callbacks • don't forget to include tests for your modules Ansible Berlin Meetup
  • 12. $ tree ansible-roles-elasticache/ ├── README.md ├── defaults │   └── main.yml ├── library │   └── elasticache.py ├── meta │   └── main.yml ├── tasks │   └── main.yml └── tests ├── ansible.cfg ├── inventory ├── support │   ├── Dockerfile │   └── run-tests.sh ├── test_addition.yml ├── test_defaults.yml └── test_removal.yml 6 directories, 12 files Ansible Berlin Meetup custom ElastiCache Ansible module
  • 13. Standards • Readability, easiness of editing, VCS-friendliness, deprecation warnings • Example: • only have True and False not yes, No, TRUE, etc. • stick with your chosen way of writing tasks (foldable scalars (>), shorthand/ one-line (=) or structured map/list (:) • use single-quotes for vars containing non-alphanumerical chars and doube-quotes for dynamic vars • prefix variables used within a role with the role’s name • use tags with confidence • … Ansible Berlin Meetup
  • 14. README.md • Ansible is already runnable documentation, but a clear explanation about what the role does, what vars are exposed to the user (sort of like API endpoints in other software) must be offered. • Not all used vars need to be exposed. • Dependencies, requirements, etc. It's basically an enriched Galaxy meta/main.yml file. Ansible Berlin Meetup
  • 15. TDD • tests driven development because first and foremost it is Code as Infrastructure • strict standards and rules must be defined and respected, responsibly. • tests for vars defaults and CRUD-like operations • we're not in the business of testing Ansible itself (i.e. modules) nor the user's input (i.e. config templates) • mocks play a crucial role (APIs, fake block/object storage devices, inventories, etc.) Ansible Berlin Meetup
  • 16. Example TDD cycle/steps to write a role 1. Write a test that is meant to run the role with the default vars (i.e. test_defaults.yml) 2. Write your first task in the tasks/main.yml file. It can be something like - debug: msg='This is here just to pass the imdepotence test.’ 3. Run test_defaults.yml and make sure it is idempotent. 4. Write your first assertion in a new file called test_addition.yml. This would be for your first "real" task of your role (i.e. you’re create a DNS record so make sure the zone is propagated) 5. Remove the dummy task from tasks/main.yml and add the first "real" task of your role to make your test pass. 6. Run both test_defaults.yml & test_addition.yml and make sure they are idempotent. Ansible Berlin Meetup
  • 17. Example TDD cycle/steps to write a role 7. Write your next assertion. 8. Add the task(s) for your respective assertion that will make the test pass. 9. Repeat steps 5 and 6 until you got all your tasks responsible for adding/updating things on the targets. 10. For the tasks responsible with removing things on the targets, write another test file (i.e. test_removal.yml) 11. Principally repeat steps 5 and 6. Tip: You might run into situations where instead of having the fairly standard test files: test_defaults.yml, test_addition.yml and test_removal.yml, you will see that you only need the test_defaults.yml file. Ansible Berlin Meetup
  • 18. CI via Jenkins • the complete flow includes automatic runs of the docker containers which implicitly execute the role tests • this is typically happening when a PR is made, a branch is merged into the master branch. • a working solution is to have two Jenkins jobs. Example: • ansible-roles-logrotate-dev-qa (runs against PRs) • ansible-roles-logrotate-master (runs against master) Ansible Berlin Meetup
  • 19. CI via Jenkins • Jenkins plugins used to integrate with BitBucket: • Bitbucket Approve Plugin • Bitbucket Plugin • Bitbucket Pullrequest Builder Plugin • embeddable-build-status • ChuckNorris Plugin Ansible Berlin Meetup
  • 21. "It works on my machine" always holds true for Chuck Norris. Ansible Berlin Meetup
  • 22. ansible-container • Ansible’s new stab at Docker containers • Builds and orchestrates containers in Docker Compose style • It’s well under heavy development • Comes with init|build|run|push|shipit params • Install and try it: pip install ansible-container Ansible Berlin Meetup
  • 23. $ tree ansible-roles-postfix/ ├── README.md ├── ansible │   ├── ansible.cfg │   ├── container.yml │   ├── inventory │   ├── main.yml │   ├── requirements.txt │   ├── run-tests.sh │   ├── templates │   │   ├── dummy.cf.j2 │   │   └── virtual.j2 │   ├── test.yml │   └── test_defaults.yml ├── defaults │   └── main.yml ├── handlers │   └── main.yml ├── meta │   └── main.yml ├── tasks │   └── main.yml ├── templates │   └── mailname.j2 └── tests └── ansible -> ../ansible 9 directories, 16 files Ansible Berlin Meetup $ tree ansible-roles-postfix/ ├── README.md ├── defaults │   └── main.yml ├── handlers │   └── main.yml ├── meta │   └── main.yml ├── tasks │   └── main.yml ├── templates │   └── mailname.j2 └── tests ├── ansible.cfg ├── inventory ├── support │   ├── Dockerfile │   └── run-tests.sh ├── templates │   ├── dummy.cf.j2 │   └── virtual.j2 ├── test.yml └── test_defaults.yml 8 directories, 14 files structure leveraging ansible-container “simple” structure
  • 24. ansible-container $ git diff ansible-container master -- README.md diff --git a/README.md b/README.md index f8935b4..f104728 100644 --- a/README.md +++ b/README.md @@ -44,6 +44,6 @@ None. If you want to run the tests on the provided docker environment, run the following commands: - $ ansible-container build - $ ansible-container run + $ docker build -t ansible-roles-test tests/support + $ docker run -it -v $PWD:/role ansible-roles-test Ansible Berlin Meetup