Ansible for DevOps: Server and configuration management for humans [2 ed.] 0986393436, 9780986393433
Ansible is a simple, but powerful, server and configuration management tool (with a few other tricks up its sleeve). Thi
241 142 9MB
English Pages 469 Year 2023
![Ansible for DevOps: Server and configuration management for humans [2 ed.]
0986393436, 9780986393433](https://dokumen.pub/img/200x200/ansible-for-devops-server-and-configuration-management-for-humans-2nbsped-0986393436-9780986393433.jpg)
- Author / Uploaded
- Jeff Geerling
- Commentary
- https://github.com/geerlingguy/ansible-for-devops-manuscript
Table of contents :
Table of Contents
Foreword
Preface
Second Edition
Who is this book for?
Typographic conventions
Please help improve this book!
Current Published Book Version Information
About the Author
Introduction
In the beginning, there were sysadmins
Modern infrastructure management
Ansible and Red Hat
Ansible Examples
Other resources
Chapter 1 - Getting Started with Ansible
Ansible and Infrastructure Management
On snowflakes and shell scripts
Configuration management
Installing Ansible
Creating a basic inventory file
Running your first Ad-Hoc Ansible command
Summary
Chapter 2 - Local Infrastructure Development: Ansible and Vagrant
Prototyping and testing with local virtual machines
Your first local server: Setting up Vagrant
Using Ansible with Vagrant
Your first Ansible playbook
Cleaning Up
Summary
Chapter 3 - Ad-Hoc Commands
Conducting an orchestra
Build infrastructure with Vagrant for testing
Inventory file for multiple servers
Your first ad-hoc commands
Discover Ansible's parallel nature
Learning about your environment
Make changes using Ansible modules
Configure groups of servers, or individual servers
Configure the Application servers
Configure the Database servers
Make changes to just one server
Manage users and groups
Manage packages
Manage files and directories
Get information about a file
Copy a file to the servers
Retrieve a file from the servers
Create directories and files
Delete directories and files
Run operations in the background
Update servers asynchronously with asynchronous jobs
Check log files
Manage cron jobs
Deploy a version-controlled application
Ansible's SSH connection history
Paramiko
OpenSSH (default)
Faster OpenSSH with Pipelining
Summary
Chapter 4 - Ansible Playbooks
Power plays
Running Playbooks with ansible-playbook
Limiting playbooks to particular hosts and groups
Setting user and sudo options with ansible-playbook
Other options for ansible-playbook
Real-world playbook: Rocky Linux Node.js app server
Add extra repositories
Deploy a Node.js app
Launch a Node.js app
Node.js app server summary
Real-world playbook: Ubuntu LAMP server with Drupal
Include a variables file, and discover pre_tasks and handlers
Basic LAMP server setup
Configure Apache
Configure PHP with lineinfile
Configure MySQL
Install Composer
Create a Drupal project with Composer
Install Drupal with Drush
Drupal LAMP server summary
Real-world playbook: Ubuntu server with Solr
Include a variables file, and more pre_tasks
Install Java
Install Apache Solr
Apache Solr server summary
Summary
Chapter 5 - Ansible Playbooks - Beyond the Basics
Handlers
Environment variables
Per-task environment variables
Variables
Playbook Variables
Inventory variables
Registered Variables
Accessing Variables
Host and Group variables
Automatically-loaded group_vars and host_vars
Magic variables with host and group variables and information
Facts (Variables derived from system information)
Local Facts (Facts.d)
Ansible Vault - Keeping secrets secret
Variable Precedence
If/then/when - Conditionals
Jinja Expressions, Python built-ins, and Logic
register
when
changed_when and failed_when
ignore_errors
Delegation, Local Actions, and Pauses
Pausing playbook execution with wait_for
Running an entire playbook locally
Prompts
Tags
Blocks
Summary
Chapter 6 - Playbook Organization - Roles, Includes, and Imports
Imports
Includes
Dynamic includes
Handler imports and includes
Playbook imports
Complete includes example
Roles
Role scaffolding
Building your first role
More flexibility with role vars and defaults
Other role parts: handlers, files, and templates
Handlers
Files and Templates
Organizing more complex and cross-platform roles
Ansible Galaxy
Getting roles from Galaxy
Using role requirements files to manage dependencies
A LAMP server in nine lines of YAML
A Solr server in seven lines of YAML
Helpful Galaxy commands
Contributing to Ansible Galaxy
Summary
Chapter 7 - Ansible Plugins and Content Collections
Creating our first Ansible Plugin — A Jinja Filter
The history of Ansible Content Collections
The Anatomy of a Collection
Putting our Plugin into a Collection
Going deeper developing collections
Collections on Automation Hub and Ansible Galaxy
Collection version constraints
Where are collections installed?
Summary
Chapter 8 - Inventories
A real-world web application server inventory
Non-prod environments, separate inventory files
Inventory variables
host_vars
group_vars
Ephemeral infrastructure: Dynamic inventory
Dynamic inventory with DigitalOcean
DigitalOcean account prerequisites
Connecting to your DigitalOcean account
Creating a droplet with Ansible
DigitalOcean dynamic inventory with digital_ocean.py
Dynamic inventory with AWS
Inventory on-the-fly: add_host and group_by
Multiple inventory sources - mixing static and dynamic inventories
Creating custom dynamic inventories
Building a Custom Dynamic Inventory in Python
Building a Custom Dynamic Inventory in PHP
Managing a PaaS with a Custom Dynamic Inventory
Summary
Chapter 9 - Ansible Cookbooks
Highly-Available Infrastructure with Ansible
Directory Structure
Individual Server Playbooks
Main Playbook for Configuring All Servers
Getting the required roles
Vagrantfile for Local Infrastructure via VirtualBox
Provisioner Configuration: DigitalOcean
Provisioner Configuration: Amazon Web Services (EC2)
AWS EC2 Dynamic inventory plugin
Summary
ELK Logging with Ansible
ELK Playbook
Forwarding Logs from Other Servers
Summary
GlusterFS Distributed File System Configuration with Ansible
Configuring Gluster - Basic Overview
Configuring Gluster with Ansible
Summary
Mac Provisioning with Ansible and Homebrew
Running Ansible playbooks locally
Automating Homebrew package and app management
Configuring macOS through dotfiles
Summary
Chapter 10 - Deployments with Ansible
Deployment strategies
Simple single-server deployments
Provisioning a Ruby on Rails server
Deploying a Rails app to the server
Provisioning and Deploying the Rails App
Deploying application updates
Zero-downtime multi-server deployments
Ensuring zero downtime with serial and integration tests
Deploying to app servers behind a load balancer
Capistrano-style and blue-green deployments
Additional Deployment Features
Summary
Chapter 11 - Server Security and Ansible
A brief history of SSH and remote access
Telnet
rlogin, rsh and rcp
SSH
The evolution of SSH and the future of remote access
Use secure and encrypted communication
Disable root login and use sudo
Remove unused software, open only required ports
Use the principle of least privilege
User account configuration
File permissions
Update the OS and installed software
Automating updates
Automating updates for RHEL systems
Automating updates for Debian-based systems
Use a properly-configured firewall
Configuring a firewall with ufw on Debian or Ubuntu
Configuring a firewall with firewalld on Fedora, RHEL and RHEL-derivatives
Make sure log files are populated and rotated
Monitor logins and block suspect IP addresses
Use SELinux (Security-Enhanced Linux) or AppArmor
Summary and further reading
Chapter 12 - Automating Your Automation with Ansible Tower and CI/CD
Installing Ansible AWX
Using AWX
Uninstalling AWX
Other Tower Features of Note
Tower Alternatives
Jenkins CI
Build a local Jenkins server with Ansible
Create an Ansible playbook on the Jenkins server
Create a Jenkins job to run an Ansible Playbook
Summary
Chapter 13 - Testing and CI for Ansible Content
Unit, Integration, and Functional Testing
Debugging and Asserting
The debug module
The fail and assert modules
Linting YAML with yamllint
Performing a –syntax-check
Linting Ansible content with ansible-lint
Automated testing and development with Molecule
Testing a role with Molecule
Testing a playbook with Molecule
Adjusting Molecule to use more flexible test containers
Verifying a playbook with Molecule
Adding lint configuration to Molecule
Molecule Summary
Running your playbook in check mode
Automated testing on GitHub using GitHub Actions
Automated testing in other CI environments
Real-world examples
Functional testing using serverspec or testinfra
Summary
Chapter 14 - Automating HTTPS and TLS Certificates
Generating Self-Signed Certificates with Ansible
Idempotent Nginx HTTPS playbook with a self-signed cert
Automating Let's Encrypt with Ansible for free Certs
Use Galaxy roles to get things done faster
Create the playbook
Create a server and configure DNS
Point the playbook inventory at the server
Access your server over HTTPS!
Configuring Nginx to proxy HTTP traffic and serve it over HTTPS
Modify the Nginx configuration to proxy traffic
Summary
Chapter 15 - Docker and Ansible
A brief introduction to Docker containers
Using Ansible to build and manage containers
Building a Flask app with Ansible and Docker
Data storage container
Flask container
MySQL container
Ship it!
Building containers with Ansible from the outside
Build a Hubot Slack bot container with ansible_connection: docker
Hubot and Slack
Building a Docker container with Ansible
Building the hubot-slack role
Building and running the Hubot Slack bot container
Summary
Summary
Afterword
Appendix A - Using Ansible on Windows workstations
Method 1 - Use the Windows Subsystem for Linux
Installing Ansible inside WSL
Method 2 - When WSL is not an option
Prerequisites
Set up an Ubuntu Linux Virtual Machine
Log into the Virtual Machine
Install Ansible
Summary
Appendix B - Ansible Best Practices and Conventions
Playbook Organization
Write comments and use name liberally
Include related variables and tasks
Use Roles to bundle logical groupings of configuration
Use role defaults and vars correctly
YAML Conventions and Best Practices
YAML for Ansible tasks
Three ways to format Ansible tasks
Shorthand/one-line (key=value)
Structured map/multi-line (key:value)
Folded scalars/multi-line (>)
Using | to format multiline variables
Using ansible-playbook
Use Ansible Tower
Install Galaxy dependencies local to your playbook
Discriminate wisely when choosing community dependencies
Specify –forks for playbooks running on > 5 servers
Use Ansible's Configuration file
Summary
![Ansible for DevOps: Server and configuration management for humans [2 ed.]
0986393436, 9780986393433](https://dokumen.pub/img/200x200/ansible-for-devops-server-and-configuration-management-for-humans-2nbsped-0986393436-9780986393433-d-7744548.jpg)
![Mastering Ansible. Effectively automate configuration management and deployment challenges with Ansible 2.7 [3 ed.]
978-1-78995-154-7](https://dokumen.pub/img/200x200/mastering-ansible-effectively-automate-configuration-management-and-deployment-challenges-with-ansible-27-3nbsped-978-1-78995-154-7.jpg)
![Practical Ansible: Configuration Management from Start to Finish [1st ed.]
9781484264843, 9781484264850](https://dokumen.pub/img/200x200/practical-ansible-configuration-management-from-start-to-finish-1st-ed-9781484264843-9781484264850.jpg)
