This is a hands-on tutorial on infrastructure management for a VFX pipeline meetup in Vancouver.
This tutorial is using Ansible! You should be able to do the same with any other configuration management tool such as Puppet, Salt, Chef and etc.
https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html
We're using version 2.9.4!
This tutorial is using digital ocean, you should be able to use Virtualbox / VMware or any other cloud provider.
My referral link if you want to use is https://m.do.co/c/73d2e2dcd335
-
Register at digital ocean, create an account, set two factor authentication, set a budget limit to alert you once you're getting close to it (for example 20 dollars per month).
-
Create an ssh key at https://cloud.digitalocean.com/account/security so that you do not need to type your password to connect to VMs!
-
Create a new API Access Token (https://www.digitalocean.com/docs/apis-clis/api/create-personal-access-token/)
-
Create a .env file and export the access token to be used by Ansible, it is in
.gitignoreso you have no risk of commiting it by mistake!
Be careful! This is the equivalent to your digital ocean account/password.
export DO_API_TOKEN=cbf9930d45928499d0139f493378...
export SSH_KEY_ID=280...source .env
curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer $DO_API_TOKEN" "https://api.digitalocean.com/v2/account/keys"We have to start with a VM! In this case we will be using the create_vm.yml playbook which uses the ansible module for digital ocean. There are ansible modules for most cloud providers.
https://docs.ansible.com/ansible/latest/modules/digital_ocean_droplet_module.html
This is a important step in the journey of creating our studio! We will be using CentOS8.
Look at their API for the available images: https://developers.digitalocean.com/documentation/v2/#images.
Our ansible playbook creates the VM and inserts our ssh key so that we can ssh in! It is important to note that ansible is idempotent, that means you can re-run this playbook as many times as you want and Ansible will simply no-op if it is in the desired state already.
source .env
ansible-playbook 01_create_vm.ymlVoila! If you go to https://cloud.digitalocean.com/droplets/ you should be able to see your VM! 2 GB Ram / 40 GB of disk / 2 cores with your ssh key.
It will print back the droplet id and the IP. You will need those. Ansible does allow for dynamic inventories and there were better ways to do it but we will skip for this tutorial.
You can also ssh to it with
ssh-add /Users/$USER/.ssh/digitalocean_rsa
ssh root@XXX.XXX.XXX.XXX # Your IPIt is worth noting that in a real life scenario we would'nt necessairly do things with the root ssh key.
Users would be managed via something like LDAP and a sudoers list would be maintained allowing users (or more commonly groups) to execute sudo only for what they absolutely need to.
Usually your IT department will have a blessed linux image that has some software baked into it.
We can do that using Ansible! In this example we will install python3, python3-flask, htop and redis.
A hosts file in Ansible has your hosts! You can organize it in many ways and use either ini or yml format.
Create a hosts.ini file with IP of your VM under the group pipedev.
[pipedev]
XXX.XXX.XXX.XXX # Your IP
Centos8 replaced yum with dnf!
source .env
ansible-playbook -i hosts.ini 02_install_software.ymlOf course this list is much bigger for your typical VFX studio with many many dependencies!
We won't do it here but you can export your Linux image as a new Custom Linux Image so that you don't need to re-install the base level software every time you create a new machine in your studio.
You can also run ansible as a cron job doing the equivalent of git pull a specific tag and then running ansible-playbook to ensure that the machine is always up-to-date.
Our app architecture is quite simple! It is the hello world service.
Flask app -> Redis DB
- Each request to
/returns hello world and keeps a request count in redis. - Each request to
/countreturns the count.
We're using systemd to manage the flask app and redis!
Create the folders, copy the files, start the servers!
source .env
ansible-playbook -i hosts.ini 03_install_app.ymlIf we have one or 10 servers all we need to do to horizontally scale the app is add more hosts to hosts.ini! (Of course we do not have a load balancer set up or service discovery)
Just as an example let's see how to use a galaxy role to install docker!
Ansible roles are way of sharing common logic to manage infrastructure, it usually exposes variables to configure the infrastructure (for example, which port to start apache on).
You can author your own roles or use ansible galaxy (https://galaxy.ansible.com/) to find open source ones.
We added in ansible.cfg our roles_path to install the galaxy roles in our project folder and then we can easily:
ansible-galaxy install geerlingguy.docker
And now we can install docker:
source .env
ansible-playbook 04_docker_installation_vm.ymlJust like python packages you can have a requirements.yml to declare your dependencies and pin them down!
It is common to have a single playbook that imports every playbook so that you do not need to run every single step individually!
source .env
ansible-playbook 05_site.yml -i hostsWe don't want to be billed for this prototype too much! Let's destroy it by passing the droplet_id as a variable.
source .env
ansible-playbook 06_destroy_vm.yml -e"droplet_id=202731550"This is by no means a production ready setup! Please use only as a simple application reference.
We barely scratched the surface of what Ansible is capable of. I recommend having a close look on ansible roles and the vars system next! Host groups are a powerful way of having different templates for production vs dev or a site vs another.
tags are also awesome to customize playbooks.