References and materials for GCB Informatics Ansible Hackday
GCB Informatics is running a hack day on May 7, 2015. This event will focus on automated provisioning of servers, specifically using Ansible.
Please feel free to append to this file before the hackday, especially to include use cases or other references. We do not plan to make playbooks public, but methods/resources and tasks for the the hackday should be tracked in this repo.
To have a productive hackday, everyone should familiarize themselves with:
- How ansible works
- Installing Ansible aka Ansible Core - the command-line application. Ansible's main website makes it hard to discover that there is a FOSS python command-line application called
ansible
, which is what we're primarily interested in. The docs are great though, and ansible can be installed with your package manager of choice (yum/apt/brew), with python'spip
, or from source. - The infrastructure pieces - how ansible runs, and how this compares to other provisioning/config systems:
- a "control machine" where ansible itself executes (typically on-demand)
- one or more managed nodes that are configured by the control machine.
- The functional pieces - how to configure ansible to do your bidding:
- Inventories - Lists of hosts (managed nodes) and their groupings (e.g. web servers, database servers)
- Playbooks - recipes that the control machine executes on a managed node. Best Practices
- Modules - the steps in the recipe, tailored to specific software packages (e.g. the yum module will install packages via yum declaratively.
- ansible-examples Ansible's own examples for playbooks demonstrating best practices
- Playbooks special topics - advanced or clever tricks for playbooks - step debugging, dry-run, lookups, tags, vault
- GCB's ansible playbooks on gitorious - Limited use for now - focused on a few web applications, but shows a concrete example of what can be done
- Ansible Galaxy - Community repository of playbooks for reuse. Like GitHub for ansible playbooks.
- ansible-role-firewall Firewall Role example
Take a new VM from installed OS and having been registered for IP address in Proteus to being fully configured for provisioning to requester and/or purpose.
- Starting point (pre-condiition): OS installed, IP address registered, networking enabled via DHCP, ansible user account with sudo privileges created, ssh key installed.
- Ansible playbook steps:
- Register with RHN
- yum update
- reboot
- Firewall configured
- Account authentication bound to Kerberos and LDAP
- Repositories set for rpms
- Compiling and deploying cookieDaemon securely (with passwords, ssh keys, etc stored in vault)
- Building/updating/deploying docker images on local resources (local registry, no docker hub)
- Deploying an rpm to all HARDAC nodes, or only to those in a partition.
- Standing up a Globus Online endpoint for a data volume
- Deploying a Galaxy server (Hilmar)
- Standing up a local NCBI BLAST search machine complete with BLAST databases loaded
- A user ran a rogue Docker container on
gemscompute01
and the VM is damaged beyond repair. Recreate the VM in a fully (or at least mostly) automated fashion.