1. Dependency packages
Ansible depends on python, which is installed by default at least for Red Hat alike distributions
Puppet depends on ruby, which is not installed by default.
2. Agent
Ansible is agentless, it rely on SSH
Puppet need agent running in target server as a daemon.
3. Security
Ansible use SSH as transport method, so Username and password are required for each connection.(Ansible is smart enough to cache the SSH and sudo password, so it will be only prompted once for the first server)
Puppet: agent is controlled by master server, if master server is compromised, all hosts can be brought down easily
4. Setup
Ansible is easy to setup, as there is no agent. Ansible server is easy to setup too, there are just python scripts. You can even run it without installing it.
Puppet need packages installed in agent host or server, the agent certificate need to be signed before server can talk agent.
Ansible use SSH TCP port 22, which is standard firewall port already opened in most infrastructure.
Puppet use customized TCP port , typically 8139
5. Command line mode
Ansible supports command line mode for ad-hoc tasks, so you don’t need to write tasks definitions, just pass the command to ansbile such as return date for a number servers.
ansbile myservers –k –K –u admin –m raw –a “date”
The following example show a typical server deployment
[root@centos1 post]# cat setup.yml
--- #ansible playbook use YAML syntax http://en.wikipedia.org/wiki/YAML
- hosts: server1 #It is a server or server group as defined in /etc/ansbile/hosts
user: admin
sudo: yes
vars_files:
- vars/settings.yml #global variables
- vars/{{ ansible_hostname }}.yml #server specific variable . ansible_hostname is variable, it is server1.yml for server1
tasks:
- name: yum
action: yum name=${item} state=present #install yum packages
with_items:
- kernel-devel-{{ ansible_kernel }}
- ed
- ksh
- ntp
- script: ./scripts/sshd.sh #- The script will insert 'UseDNS no' , - script is shorthand for - name: XX ,action: YY
- name: users | Delete users #delete users delusers is list if users defined in setting.yml
action: user name=$item state=absent
with_items: delusers
- name: ifcfg-eth0 | Configuration file #ansible template engine is Jinja2 http://jinja.pocoo.org/docs/
action: template src=./templates/ifcfg-eth0.j2 dest=/etc/sysconfig/network-scripts/ifcfg-eth0 owner=root group=root
- name: route-eth0 | Configuration file, /etc/sysconfig/network-scripts/route-eth0
action: template src=templates/route-eth0.j2 dest=/etc/sysconfig/network-scripts/route-eth0
- name: resolv.conf | Configuration file, /etc/resolv.conf
action: template src=templates/resolv.conf.j2 dest=/etc/resolv.conf
- name: ntpd | Configuration file, /etc/ntp.conf
action: template src=templates/ntp.conf.j2 dest=/etc/ntp.conf
notify:
- restart ntpd
- name: snmpd | Configuration file, /etc/snmp/snmpd.conf
action: copy src=files/snmpd.conf dest=/etc/snmp/snmpd.conf owner=root group=root mode=0644
notify:
- restart snmpd
- copy: src=files/clock dest=/etc/sysconfig/clock owner=root group=root mode=0644
- command: ln -fs /usr/share/zoneinfo/Australia/Sydney /etc/localtime
handlers:
- name: restart sshd
action: service name=sshd enabled=yes state=restarted
- name: restart ntpd
action: service name=ntpd enabled=yes state=restarted
- name: restart snmpd
action: service name=snmpd enabled=yes state=restarted
####----Global variables
[root@centos1 post]# cat vars/settings.yml
#
# ntp.conf
ntpservers: [10.1.1.1, 10.1.1.2]
#users to delete
delusers: [user1, user2]
#resolv.conf
domainname: .example.com
searchdomain: [example.com]
nameservers: [10.1.1.1, 10.1.1.2]
####----Server specific variable
[root@centos1 post]# cat vars/server1.yml
eth1:
device: eth1
ipaddr: 172.16.1.2
netmask: 255.255.255.0
routes: ['192.168.1.0/24 via 172.16.1.254', '192.168.2.0/24 via 172.16.1.254']
####----How the tempalate reference the variable
[root@centos1 post]# cat templates/resolv.conf.j2
#
# resolver configuration file...
#
options timeout:1 attempts:8 rotate
domain {{domainname}}
search {{domainname}} {{ searchdomain | join (' ') }}
{% for host in nameservers %}
nameserver {{host}}
{% endfor %}
[root@centos1 post]# cat templates/ifcfg-eth1.j2
DEVICE={{eth1.device}}
BOOTPROTO=static
ONBOOT=yes
USERCTL=no
IPADDR={{eth1.ipaddr}}
NETMASK={{eth1.netmask}}
{% if eth1.gateway is defined %}
GATEWAY={{eth1.gateway}}
{%endif%}
####----a separate playbook to create LVM and file system
[root@centos1 post]# cat setup-lvm.yml
---
- hosts: server1
user: admin
sudo: yes
gather_facts: no
vars:
mntp: /opt
vgname: vg01
pvname: /dev/sdb1
lv1: opt
tasks:
- script: ./scripts/disks.sh $pvname #a script to create LVM partion and create physical volume
- name: filesystem | Create pv,vg,lv and file systems
action: lvg vg=$vgname pvs=$pvname
#- name: filesystem | create lv
- lvol: vg=$vgname lv=$lv1 size=51196
# - name: filesystem | create fs
- filesystem: fstype=ext4 dev=/dev/${vgname}/${lv1}
#- name: filesytem | mount dir
- mount: name=${mntp} src=/dev/${vgname}/${lv1} dump=1 passno=2 fstype=ext4 state=mounted
How to run the playbook?[root@centos1 post]# ansible-playbook -k -K setup.yml -k, --ask-pass ask for SSH password -K, --ask-sudo-pass ask for sudo passwordDownload all the files
https://drive.google.com/file/d/0B-RHmV4ubtk8Y2wyazhZRS1pSVk/edit?usp=sharing
Posts
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.