Sensible Ansible with UpGuard

Updated on March 31, 2017 by Paul McCarthy

Going from nothing to automation using one of the many tools available can be a daunting task. How can you automate systems when you’re not even 100% sure how they’ve been configured? The documentation is months out of date and the last guy to configure anything on that box has since left the company to ply his trade somewhere that will more fully appreciate his Ops cowboy routine.

UpGuard makes this transition a much smoother experience by helping to bring your environment under control first, so that when you’re happy that you’ve captured your current state you can then move on to automation. It will even help you to get started with several of the automation tools available out there so that you don’t have to worry about having your config stored in multiple places and learning multiple tools from scratch. To show you a basic example here I’ll be using it to set up Apache and MySQL using Ansible as part of automating a new LAMP server. The same example using Puppet is over here.

Request a Free Demo

1. Scan & Understand

I could manually create a package and service template in UpGuard but that’s unnecessary as I’ve already got Apache installed on an existing machine. Instead I’ll scan it using UpGuard which will pick up the correct versions and state of my working system. I can then filter down to Apache and MySQL related items:

GuardRail

2. Control

I want the apache2 package installed with the service running and my default page updated so I’ll add them to my UpGuard package. I also want the mysql-server package, mysql service and the mysql config file, so I’ll add them too. The package that is getting created is a test package that I can later use to validate the new server I’ll be building using Ansible, both post build and ongoing, to make sure nothing changes without my knowledge.

LAMP Package

3. Automate

From here I can create an Ansible playbook file:

Guardrail

Which will produce the following output:

<code>---
# Generated by UpGuard
# ---------------------------------
#
- hosts: # INSERT HOST NAMES HERE
  tasks:
  - name: The file /etc/apache2/sites-available/default should have the defined properties
    template: mode='0644' group='0' owner='0' src='## TODO: Path of a Jinja2 formatted template on the local server.' dest='/etc/apache2/sites-available/default' validate=yes
  - name: version 2.2.22-1ubuntu1.4 of Debian package apache2 should be installed
    apt: pkg='apache2=2.2.22-1ubuntu1.4' state=present
  - name: The service apache2 should be running.
    service: name='apache2' state=started
  - name: The file /etc/init/mysql.conf should have the defined properties
    template: mode='0644' group='0' owner='0' src='## TODO: Path of a Jinja2 formatted template on the local server.' dest='/etc/init/mysql.conf' validate=yes
  - name: version 5.5.31-0ubuntu0.12.04.2 of Debian package mysql-server should be installed
    apt: pkg='mysql-server=5.5.31-0ubuntu0.12.04.2' state=present
  - name: The service mysql should be running.
    service: name='mysql' state=started</code>

Request a Free Demo

I’ve still got some work to do to hook up the hosts and I could also add details about the source of the files. I’m well on my way though and I’m yet to open up a text editor. I can also feel confident in the fact that all my file paths and versions are correct, using the correct syntax.

Once I’ve updated those values and am happy with the playbook I’ll use Ansible to apply it to my new server:

<code>
$ ansible-playbook lamp.yml

PLAY [all] ******************************************************************** 

GATHERING FACTS ***************************************************************
ok: [node2]

TASK: [version 2.2.22-1ubuntu1.4 of Debian package apache2 should be installed] ***
changed: [node2]

TASK: [The file /etc/apache2/sites-available/default should have the defined properties] ***
changed: [node2]

TASK: [The service apache2 should be running.] ********************************
ok: [node2]

TASK: [version 5.5.31-0ubuntu0.12.04.2 of Debian package mysql-server should be installed] ***
changed: [node2]

TASK: [The file /etc/init/mysql.conf should have the defined properties] ******
changed: [node2]

TASK: [The service mysql should be running.] **********************************
ok: [node2]

PLAY RECAP ********************************************************************
node2                  : ok=2    changed=4    unreachable=0    failed=0
</code>

I’ll then return to UpGuard and execute my tests against the new node to make sure everything has worked as expected:

Success! - GuardRail

Almost all Enterprises today aspire to, or are using some form of, automation. By complementing your automation efforts with a UpGuard deployment you can:

  • Make the process of discovering your automation requirements a breeze
  • Turn those same requirements into pre-formatted automation files (ie: Ansible playbooks)
  • Validate your configuration, both post build to verify the automation, and ongoing to keep the configuration under control and prevent drift.

UpGuard Integrates Beautifully With Ansible