Centos-admin.ru: learn Ansible

This is not a finished instruction with a large amount of code, but rather a description of the algorithm and the results we have achieved.



So, not so long ago we have a new client. He had some atypical requirements for us: to use ansible for configuring servers, the content of the site is stored in git, each site is in its virtual machine. All this did not promise anything good, since it did not fit into the standard scheme “The customer is always right!”, And we began to develop a new scheme. But first things first.

')

Baseline data: there is a client who has more than 30 sites that need to be transferred to our site. Each site should be located in a separate container (we use OpenVZ containers). Only one external IP is used. To configure the server is used ansible. For each site there is an archive with configuration files. Site content is in git.



And we began to create ... What we did, you can see under the cut. Looking ahead, I will say, the reversal of the new site is reduced to several teams.



We have several templates for deploying new containers in the form of archives. To begin with, we made some changes to these templates, but rather added the user ansilble and keys. This allowed immediately after the turn, without additional actions to configure the container using ansible.



In ansible, we have created several roles, I will not describe them all, only about the most interesting ones:

• create_vm
• content_update

create_vm is the role that, in fact, creates VM and configures it.



A little more.



This role applies to the host machine on which the container will be installed. At once I will make a reservation, host_vars are actively used everywhere. The host machine in host_vars has only one vm_number variable. This variable contains the number of the last container +1, after the playbook is executed, this number will be increased by 1. Also in the playbook for this role, “vars_promt” is used. This is the first thing that seemed interesting to us and where the described mechanism was found. vars_promt allows you to interactively set variables when executing a playbook and in the future these variables can be accessed in templates, tasks and so on. We brought into these variables such unique data for each site as the site name, the git repository (where the site content is stored) and the address where the configuration files for the site are located.



It turned out like this:

<spoiler title="new_vm.yml"> - name: Create new vm hosts: ds remote_user: ansible sudo: true roles: - new_vm vars_prompt: conf_url: " url c      " area_fqdn: "  " git_repo: "  git " </spoiler> 

I will not give a description of the tasks themselves, as they are quite long. If it is interesting to someone we can send.



And then everything is very simple, ansible connects to the host, downloads the template archive, checks that there is no WM with this number and creates VM, sets the IP and name to it, and all the procedures on the host end there.



Further, the module was a ansible local_action, which allows you to perform actions on the host where the playbook is launched from. Asible downloads the configuration files for the site (nginx, apache, etc.), using the link we set in an interactive variable, creates a directory structure in ansible, adds a new container to roles in ansible, and lays out configs. It also creates a host_vars for the new container, in which the site name and the git repository are specified, this will be useful later, we will need it later. This completes the creation of the container.





As mentioned at the beginning, there is only one white ip for all sites. No problem, a container was created with proxy nginx. For new containers, add proxy rules. And here we came to the aid of templates and all the same interactive variables. Also locally, a proxy configuration file is created from the template for the new container.



Yeah, not bad already. By launching a playbook, we create a container with all the settings. But we do not stop at this. And they added another upload of content from the repository. This is exactly what the content_update role is responsible for.



Briefly about the content_update role. Ansible makes a git repository clone and then, using a script, decomposes the site content into the necessary directories with the necessary permissions. On this, in fact, the preparation of the container is almost complete, it remains to start the playbook to apply the configuration for the new container and everything, the container can be transferred to the customer.

Author: Magvai69 System Administrator