I realized this proof of concept to understand Ansible in a real scenario and to present this solution in order to not suffer any more pain executing repetitive and manual tasks. The PoC at the moment implements a Linux Apache MySQL PHP (LAMP) infrastructure, I do not exclude more features or components in the future ;-)
Topics covered:
- Provision of the infrastructure
- Setup a workstation VM with Ansible plus DNS Server installed
- Provision Vagrant testing and production environments
- Install and configure the web servers with Apache 2.4 and PHP 7.1
- Install and configure the database server MySQL 5.7
- Configure the virtual host, create the database and the db user
- Deploy the website and test it
The PoC can be run on any platform
Windows / Linux:
- Virtual Box
- Vagrant
- CentOS 7
Installation of the infrastructure:
- The default host-only virtual network is perfect (eg. 192.168.56.0/24)
- Create a Virtual Machine in Virtualbox with CentOS 7
- Assign the static ip 192.168.56.100 on the host-only interface
- Execute as root or sudo "yum install ansible"
- Copy the id_rsa.txt in the $HOME/.ssh/id_rsa
- Copy the id_rsa.pub.txt in the $HOME/.ssh/id_rsa.pub
- Change directory into the Vagrant
- vagrant up will start only the Testing environment, in case the computer has enough RAM, you can start already the Production environment by using:
- vagrant up ws_prod_1
- vagrant up db_prod_1
The preparation of the infrastructure is finally complete, and we are ready to automate! Change the working directory to the ansible/ directory of the cloned repository
Let's give a look what kind of properties the infrastructure has:
ansible all -m setup
This command will return all facts for the whole infrastructure. It is possible to limit the scope by inventory
ansible -i inventories/production all -m setup
ansible -i inventories/testing all -m setup
#####Bind DNS Setup BIND DNS is going to be setup on the Virtual Machine Workstation to resolve the names. A forward and reverse lookup zones are going to be setup.
ansible-playbook -i inventories/workstation workstation-pb.yml
You can now try to login with ssh to the target Vagrant VM ssh -l vagrant -i $HOME/.ssh/id_rsa webserver-test-1.mypoc.io
This phase consists to configure the testing environment
ansible-playbook -i inventories/testing/ webservers-pb.yml --vault-password-file vault_pass_testing.txt
It configures the repositories (REMI, Oracle MySQL, EPEL, ...) and it installs the Apache Httpd web server.
ansible-playbook -i inventories/testing/ dbservers-pb.yml --vault-password-file vault_pass_testing.txt
It configures the repositories (REMI, Oracle MySQL, EPEL, ...) and it installs the Oracle MySQL 5.7 db server.
ansible-playbook -i inventories/testing/ www.website-pb.yml --vault-password-file vault_pass_testing.txt
It configures a technical user on the database and a virtual host in the httpd, it deploys the php page which open a database connection and it displays some information.
Open a browser and navigate to these two links
http://www.test.mypoc.io/server-status
http://www.test.mypoc.io/test_db.php
This environment is pretty similar as testing environment, after all it is production. There are some differences though, the passwords are different but the playbook is the same, repetitive actions across environments.
In case you did not start the Vagrant production for memory limits, you can do it now, first by stopping the test instances
vagrant halt
vagrant up ws_prod_1
vagrant up db_prod_1
ansible-playbook -i inventories/production/ webservers-pb.yml --vault-password-file vault_pass_production.txt
ansible-playbook -i inventories/production/ dbservers-pb.yml --vault-password-file vault_pass_production.txt
ansible-playbook -i inventories/production/ www.website-pb.yml --vault-password-file vault_pass_production.txt
Open a browser and navigate to these two links
http://www.mypoc.io/server-status
http://www.mypoc.io/test_db.php
In just few minutes, the testing and production environment are complete in a repeatable process.
I have structured in two different ways:
- Playbooks with roles for the configuration of the infrastructure
- Plain playbook for the application deployment
I am personally very much against application deployments with tools like Ansible/Puppet, as Jenkins offers much more features. Nothing impedes though to use Jenkins with Ansible ;-)
You can think roles as a category which is applied to infrastructure assets. Roles may be shared to different asset categories. The role common is shared between the db and web server of testing and production environment