SlideShare una empresa de Scribd logo

More tips n tricks

B
bcoca

A new set of tricks and tips with Ansible

Tecnología
1 de 33
Descargar para leer sin conexión
More Tips and Tricks Some “Non Bad” Practices
#>whoami? - Ansible core maintainer - bcoca @ IRC and github and mailing lists - worn hats as SA/QA/Programmer/DBA/etc - tech janitor 2
Why not ‘best practice’? - No such thing - Many ‘good practices’ - Environments are different: Florist e-commerce != VR mobile app - Companies and compliance are different - Rules and standards are great … until they get in the way - Context is important - Similarities exist but things are rarely identical (siblings not twins) - “One size fits all” solutions are limited and limiting - Adaptability is key, provides choice - Decide on a workflow, use tools to achieve it - Pain appears when systems and workflows are in opposition TIP: non bad practices 3
PEP8 A style guide is about consistency. Consistency with this style guide is important. Consistency within a project is more important. Consistency within one module or function is the most important. However, know when to be inconsistent -- sometimes style guide recommendations just aren't applicable. When in doubt, use your best judgment. Look at other examples and decide what looks best. And don't hesitate to ask! 4
What is wrong? - hosts: webservers handlers: - service: name: nginx state: restarted name: restart_nginx tasks: - template: src: templates/nginx.conf dest: /etc/nginx.conf notify: restart_nginx name: Set nginx config pre_tasks: - stat: path=/etc/nginx.conf Bad Practice 5 - hosts: wx01 tasks: - template: src: templates/xl183.conf dest: /etc/apache2.conf notify: service handlers: - service: name=httpd state=restarted
How can it be better? TIPS: Better Practices 6 - hosts: webserver01 pre_tasks: - stat: path=/etc/nginx.conf tasks: - name: Configure app02 webserver template: src: templates/webapp02.conf dest: /etc/apache2.conf notify: restart_httpd handlers: - name: restart_httpd service: name=httpd state=restarted - Nothing syntactically wrong - Dictionary order does not matter to Ansible, but it matters to humans - List order matters to all (- stuff) - name: is your documentation - Good host, group and task names make things evident. - Relying on explicit behaviour over implicit keeps things clear - Nothing I say is mandatory
Basic Layout TIPS: Inventory 7 ansible/ inventory group_vars/ all.yml appservers.yml databases.yml loadbalancers.yml network.yml webservers/ secrets.yml service_vars.yml host_vars/ webserver01.yml webserver02.yml PROS - Simple setup - Quick to get started - Works for your average app - Naming by function (not actual names) CONS - All or nothing access - Grouped only on one criteria
Complicating layout TIPS: Inventory 8 ansible/inventory/ production (groups: dc1,dc2) development(idf) staging (dc1) group_vars/ all.yml appservers.yml databases.yml loadbalancers.yml network.yml webservers/ secrets.yml service_vars.yml dc1.yml dc2.yml idf.yml host_vars/ PROS - I can target environments by file - File permissions for access (also ACLs) - inventory_file or groups for ‘location’ and ‘environment’ variables, avoids overlap. - Avoids relying on --limit CONS - More things to keep track of - Requires more knowledge to setup - Geared towards central mgmt host - Overlaps with --limit
Unix tools use Unix permissions TIPS: Inventory 9 jumphost#>ls -l /etc/ansible/inventory drwxr-xr-x 2 root ops 4096 Aug 19 00:55 group_vars drwxr-xr-x 2 root ops 4096 Aug 12 11:10 host_vars -rw-r----- 1 root ops 1825 Aug 18 03:07 production -rw-r----- 1 root qa 251 Aug 18 03:07 staging -rw-r----- 1 root devel 789 Aug 18 03:07 devel jumphost#> getfacl production # file: production # owner: root # group: ops user:bcoca:rw- user::rw- group::r-- other::--- visible permissions my ‘back door’
Designing your inventory TIPS: Inventory 10 - Inventory is the expression of your environment - Hostnames, groups, vars are for YOUR use, they have to make sense to YOU - Ansible cares about hosts and tasks, everything else is in support of that - Select a single source of truth .. or try to minimize duplication of data - Normally, there is a simpler way to do it - Ansible makes it easy to switch approaches, don’t be afraid to test and try - Mistakes are not failures
Generate YAML Inventory Tricks 11 - hosts: localhost gather_facts: false tasks: - template: src: dump_hosts_yaml.j2 dest: /tmp/hosts.yml {% set builtins = ['hostvars', 'vars', … ]%} {% set dumped_vars = [] %} {% for group in groups if group != 'all'%} {{group}}: {% for host in groups[group] %} {{ host }}: {% for myhostvar in hostvars[host] if myhostvar not in builtins %} {{ myhostvar}}: {{hostvars[host][myhostvar]|to_json}} {% if loop.last %}{% do dumped_vars.append(host) %}{%endif %} {% endfor %} {% endfor %} {% endfor %} migrate_yaml_inventory.yml dump_hosts_yaml.j2
12 ungrouped: ubuntu15test: testvar: default from all test2: {"key3": "valueall3", "key1": "valueall1"} ansible_python_interpreter: /usr/bin/python2.7 ansible_ssh_host: 192.168.1.7 ubuntu: ubuntu12test: ubuntu14test: testvar: default from all test2: {"key3": "valueall3", "key1": "valueall1"} tests: ubuntu12test: ubuntu15test: centos7test: testvar: inv groupvar test2: {"key3": "valueall3", "key1": "valueall1"} cron_service: crond ansible_ssh_host: 192.168.0.24 test_prio: tests aptdistros: ubuntu12test: ubuntu14test: /tmp/hosts.yml
Generate INI Inventory Tricks 13 {% set builtins = ['hostvars', 'vars', 'groups', 'group_names', … '] %}{% set dumped_vars = [] %} {% for group in groups if group != 'all'%} [{{group}}] {% for host in groups[group] %} {{ host }} {% for myhostvar in hostvars[host] if myhostvar not in builtins and host not in dumped_vars %} {{ myhostvar}}={{hostvars[host][myhostvar]|to_json}} {% if loop.last %}{% do dum ped_vars.append(host) %}{% endif %} {% endfor %} {% endfor %} {% endfor %} dump_hosts_ini.j2
14 [ungrouped] ubuntu15test testvar=”default from all” test= {"key3": "valueall3", "key1": "valueall1"} [ubuntu] ubuntu12test ubuntu14test testvar=”default from all” test2= {"key3": "valueall3", "key1": "valueall1"} [tests] ubuntu12test ubuntu15test centos7test testvar=”inv groupvar” ansible_ssh_host="192.168.0.24" test2={"key3": ... [aptdistros] ubuntu12test /tmp/hosts.ini
Variable Sources TIPS: vars can go in many places 15 PRECEDENCE (low to high): role defaults inventory file vars inventory group_vars, host_vars playbook group_vars, host_vars host facts play vars, vars_prompt, vars_files registered vars set_facts role parameters and include vars block(only for tasks in block), task vars extra vars (CLI, global, precedence) ● Many choices, flexible! ● Many choices, confusing! ● Where do I define my var? ○ Locality (host, group, play, role, task) ○ Use only what you need, ignore rest ○ Inheritance and scope (play, host) ● group/host_vars are always loaded ● variables are flattened per host
Variable Sources TIPS: vars can go in many places 16 inventory/ ... playbooks/ webconfig/ ... certificates/ load_balancer_main.yml load_balancer_internal.yml ldap.yml vars/ vaulted_certificates.yml - Avoid vault errors - Allows ‘need to know’ - group/host_vars are still autoloaded - explicit: vars_files, include_vars from vars/ - vault files require passwords - ansible cannot know if vault is needed, must run play and open vault to find out. - no tardis plugin (yet)
vars_prompt TIPS: vars can go in many places 17 - Interactive vars - Per play - Available only at start - Smart prompting: - only if tty is present - skip if already provided (extra vars) - Unconditional vars_prompt: - name: "myvar" prompt: "Question?"
Pause TIPS: vars can go in many places 18 - Interactive vars - It is a task: - Can appear at any point a task can - Tasks are conditional (when, tags) - host scope, persists across plays - No validation - Only if tty is present - result var structure (myvar.user_input) - pause: prompt=”Question?” register: myvar
Single deployment script Tricks 19 #!/usr/bin/ansible-playbook - hosts: localhost vars_prompt: - name: app_name prompt: “Which app do you want to deploy?” default: mainapp - name: app_version prompt: “Choose version/tag (default HEAD)” default: ‘HEAD’ tasks: - git: repo=git@myreposerver/{{app_version}} version={{app_version}} ... bin/deploy Normal Interactive command When using cron: - pass in extra vars - let it use defaults
3 plays that can run in parallel Tricks: parallel playbook execution 20 - name: play1 hosts: all gather_facts: false tasks: - debug: msg=starting1 - wait_for: timeout=10 - debug: msg=ending1 - name: play2 hosts: all gather_facts: false tasks: - debug: msg=starting2 - wait_for: timeout=14 - debug: msg=ending2 - name: play3 hosts: all gather_facts: false tasks: - debug: msg=starting3 - wait_for: timeout=16 - debug: msg=ending3 play1.yml play3.ymlplay2.yml Sometimes you don’t want to run stuff serially .. if only ansible-playbook ran in parallel!
From the command line Tricks: parallel playbook execution 21 #> time ansible-playbook play?.yml real 0m40.691s user 0m1.371s sys 0m0.353s #>time parallel ansible-playbook {} ::: play?.yml real 0m16.816s user 0m3.928s sys 0m0.848s #> time $(ls play?.yml|xargs -n1 -P3 ansible-playbook) real 0m16.788s user 0m3.963s sys 0m0.842s - Ansible is unix tool, many other tools do parallel - Several options to run in parallel - Easy to redirect output - manage resources with nice and ionice - use with inotify, tcpserver, cron, at … even with procmail filters
ansible-meta? Tricks: parallel playbook execution 22 - name: really trying hard to avoid shell scripts hosts: localhost gather_facts: False tasks: - shell: ansible-playbook play1.yml async: 10000 poll: 0 - shell: ansible-playbook play2.yml async: 10000 poll: 0 - shell: ansible-playbook play3.yml async: 10000 poll: 0 #>time ansible-playbook async.yml real 0m3.572s user 0m0.497s sys 0m0.105s
Less typing! Tricks: parallel playbook execution 23 - name: really trying hard to avoid shell scripts v2 hosts: localhost gather_facts: False tasks: - shell: ansible-playbook play{{item}}.yml async: 10000 poll: 0 with_items: [1,2,3] #>time ansible-playbook async2.yml real 0m3.531s user 0m0.463s sys 0m0.107s
ansible-meta … with results! Tricks: parallel playbook execution 24 - name: really trying hard to avoid shell scripts v3 hosts: localhost gather_facts: False tasks: - shell: ansible-playbook play{{item}}.yml async: 10000 poll: 0 with_items: [1,2,3] register: runplays - async_status: jid={{runplays.results[item.index].ansible_job_id}} resgister: jobs until: jobs.finished with_indexed_items: [1,2,3] retries: 100 #>time ansible-playbook async3.yml real 0m24.140s user 0m1.239s sys 0m0.265s
Static vs Dynamic TIPS: includes 25 - Beginning in 2.0 includes can be dynamic, loops, conditionals! - Static includes are not real tasks, dynamic includes … almost are - Only task includes can be dynamic, play includes are always static - Dynamic includes do not show included tasks in --list-tasks/tags - Handler includes are static by default (both types have config setting) - Task includes have dynamic include detection, use static: yes|no (>=2.1) directive to control - Task behaviour can change in each case
dynamic include loops TIPS: includes 26 - hosts: localhost gather_facts: False tasks: - include: test.yml with_items: [1,2] static: yes - set_fact: outer={{item}} - debug: msg="{{outer}} and {{item}}" with_items: ['a','b'] TASK [debug] ******************************************************** ok: [localhost] => (item=a) => { "item": "a", "msg": "1 and a" } ok: [localhost] => (item=b) => { "item": "b", "msg": "1 and b" } TASK [debug] ******************************************************** ok: [localhost] => (item=a) => { "item": "a", "msg": "2 and a" } ok: [localhost] => (item=b) => { "item": "b", "msg": "2 and b" } play.yml test.yml Since 2.1 you can use loop_control instead of set_fact
New in 2.2 Tricks: include_role 27 - hosts: localhost tasks: - package: name={{httpd}} state=latest - include_role: name: webapp tasks_from: install.yml - service: name={{httpd}} state=started - include_role: name: webapp tasks_from: configure.yml vars_from: “{{ansible_os}}.yml” with_items: “{{ applications }}”
Multiple notification TIPS: fun with handlers 28 - hosts: all tasks: - name: configure nginx template: src=nginx.j2 dest=/etc/nginx.conf notify: - restart_uwcgi - restart_nginx handlers: - name: restart_uwcgi service: name=uwcgi state=restarted - name: restart_nginx service: name=nginx state=restarted - Most flexible - Can get repetitive - List can be a variable
Chaining handlers TIPS: fun with handlers 29 - hosts: all tasks: - name: configure nginx template: src=nginx.j2 dest=/etc/nginx.conf notify: restart_nginx_cluster handlers: - name: restart_nginx_cluster service: name=uwcgi state=restarted notify: restart_nginx - name: restart_nginx service: name=nginx state=restarted - Call observes definition order - Cannot call previous - Less flexible - Can call middle of chain
Grouping handlers TIPS: fun with handlers 30 - hosts: all tasks: - name: configure nginx template: src=nginx.j2 dest=/etc/nginx.conf notify: restart_nginx_cluster handlers: - name: restart_nginx_cluster wait_for: seconds=1 changed_when: true notify: [‘restart_uwcgi’, ‘nginx’] - name: restart_uwcgi service: name=uwcgi state=restarted - name: restart_nginx service: name=nginx state=restarted - Still flexible - Less repetition - Needs dummy task - Also relies on chain - List can be a variable
listen! new in 2.2 TIPS: fun with handlers 31 - hosts: all tasks: - name: configure nginx template: src=nginx.j2 dest=/etc/nginx.conf notify: restart_nginx_cluster handlers: - name: restart_uwcgi service: name=uwcgi state=restarted listen: restart_nginx_cluster - name: restart_nginx service: name=nginx state=restarted listen: restart_nginx_cluster - Still flexible - Less repetition - listen is not unique - Does not rely on chain - List can be a variable
include as handler TIPS: fun with handlers 32 - hosts: all tasks: - name: configure nginx template: src=nginx.j2 dest=/etc/nginx.conf notify: restart_nginx_cluster handlers: - name: restart_nginx_cluster include: nginx_cluster_restart.yml static: no - Only dynamic includes - Include itself is handler - File can be variable - Also toggleable from config
#>exit - Ansible is flexible, many ways to do things - Choice can be daunting - Easy to make mistakes, easy to correct them - “Best” is relative, depends on context, test it! 33

Recomendados

Best practices for ansible
Best practices for ansibleBest practices for ansible
Best practices for ansibleGeorge Shuklin
 
IT Automation with Ansible
IT Automation with AnsibleIT Automation with Ansible
IT Automation with AnsibleRayed Alrashed
 
Ansible, best practices
Ansible, best practicesAnsible, best practices
Ansible, best practicesBas Meijer
 
Ansible Introduction
Ansible Introduction Ansible Introduction
Ansible Introduction Robert Reiz
 
Openstack Instance Resize
Openstack Instance ResizeOpenstack Instance Resize
Openstack Instance Resizeymtech
 
Ansible tips & tricks
Ansible tips & tricksAnsible tips & tricks
Ansible tips & tricksbcoca
 
Introduction to Git(BitBucket) , Continuous Integration (Bamboo) & Confluence
Introduction to Git(BitBucket) , Continuous Integration (Bamboo) & Confluence Introduction to Git(BitBucket) , Continuous Integration (Bamboo) & Confluence
Introduction to Git(BitBucket) , Continuous Integration (Bamboo) & Confluence Parag Gajbhiye
 
Introduction to Ansible
Introduction to AnsibleIntroduction to Ansible
Introduction to AnsibleCoreStack
 

Recomendados

Best practices for ansible
Best practices for ansibleBest practices for ansible
Best practices for ansibleGeorge Shuklin
 
IT Automation with Ansible
IT Automation with AnsibleIT Automation with Ansible
IT Automation with AnsibleRayed Alrashed
 
Ansible, best practices
Ansible, best practicesAnsible, best practices
Ansible, best practicesBas Meijer
 
Ansible Introduction
Ansible Introduction Ansible Introduction
Ansible Introduction Robert Reiz
 
Openstack Instance Resize
Openstack Instance ResizeOpenstack Instance Resize
Openstack Instance Resizeymtech
 
Ansible tips & tricks
Ansible tips & tricksAnsible tips & tricks
Ansible tips & tricksbcoca
 
Introduction to Git(BitBucket) , Continuous Integration (Bamboo) & Confluence
Introduction to Git(BitBucket) , Continuous Integration (Bamboo) & Confluence Introduction to Git(BitBucket) , Continuous Integration (Bamboo) & Confluence
Introduction to Git(BitBucket) , Continuous Integration (Bamboo) & Confluence Parag Gajbhiye
 
Introduction to Ansible
Introduction to AnsibleIntroduction to Ansible
Introduction to AnsibleCoreStack
 
Automating with Ansible
Automating with AnsibleAutomating with Ansible
Automating with AnsibleRicardo Schmidt
 
Load Balancing and Scaling with NGINX
Load Balancing and Scaling with NGINXLoad Balancing and Scaling with NGINX
Load Balancing and Scaling with NGINXNGINX, Inc.
 
PostgreSQL Replication Tutorial
PostgreSQL Replication TutorialPostgreSQL Replication Tutorial
PostgreSQL Replication TutorialHans-Jürgen Schönig
 
Intro to MySQL Master Slave Replication
Intro to MySQL Master Slave ReplicationIntro to MySQL Master Slave Replication
Intro to MySQL Master Slave Replicationsatejsahu
 
Применяем Ansible
Применяем AnsibleПрименяем Ansible
Применяем AnsibleAlexander Svetkin
 
High Availability PostgreSQL with Zalando Patroni
High Availability PostgreSQL with Zalando PatroniHigh Availability PostgreSQL with Zalando Patroni
High Availability PostgreSQL with Zalando PatroniZalando Technology
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentationSuresh Kumar
 
ProxySQL for MySQL
ProxySQL for MySQLProxySQL for MySQL
ProxySQL for MySQLMydbops
 
Cours javascript v1
Cours javascript v1Cours javascript v1
Cours javascript v1TheBest Icanbe
 
Getting started with Ansible
Getting started with AnsibleGetting started with Ansible
Getting started with AnsibleIvan Serdyuk
 
PostgreSQL Query Cache - "pqc"
PostgreSQL Query Cache - "pqc"PostgreSQL Query Cache - "pqc"
PostgreSQL Query Cache - "pqc"Uptime Technologies LLC
 
Automate DBA Tasks With Ansible
Automate DBA Tasks With AnsibleAutomate DBA Tasks With Ansible
Automate DBA Tasks With AnsibleIvica Arsov
 
Linux Initialization Process (1)
Linux Initialization Process (1)Linux Initialization Process (1)
Linux Initialization Process (1)shimosawa
 
Ansible with oci
Ansible with ociAnsible with oci
Ansible with ociDonghuKIM2
 
PostgreSQL Streaming Replication Cheatsheet
PostgreSQL Streaming Replication CheatsheetPostgreSQL Streaming Replication Cheatsheet
PostgreSQL Streaming Replication CheatsheetAlexey Lesovsky
 
Automation with ansible
Automation with ansibleAutomation with ansible
Automation with ansibleKhizer Naeem
 
NGINX: Basics and Best Practices
NGINX: Basics and Best PracticesNGINX: Basics and Best Practices
NGINX: Basics and Best PracticesNGINX, Inc.
 
Postgresql database administration volume 1
Postgresql database administration volume 1Postgresql database administration volume 1
Postgresql database administration volume 1Federico Campoli
 
Process Scheduler and Balancer in Linux Kernel
Process Scheduler and Balancer in Linux KernelProcess Scheduler and Balancer in Linux Kernel
Process Scheduler and Balancer in Linux KernelHaifeng Li
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentationJohn Lynch
 
Ansible leveraging 2.0
Ansible leveraging 2.0Ansible leveraging 2.0
Ansible leveraging 2.0bcoca
 
What's New in v2 - AnsibleFest London 2015
What's New in v2 - AnsibleFest London 2015What's New in v2 - AnsibleFest London 2015
What's New in v2 - AnsibleFest London 2015jimi-c
 

Más contenido relacionado

La actualidad más candente

Load Balancing and Scaling with NGINX
Load Balancing and Scaling with NGINXLoad Balancing and Scaling with NGINX
Load Balancing and Scaling with NGINXNGINX, Inc.
 
Intro to MySQL Master Slave Replication
Intro to MySQL Master Slave ReplicationIntro to MySQL Master Slave Replication
Intro to MySQL Master Slave Replicationsatejsahu
 
High Availability PostgreSQL with Zalando Patroni
High Availability PostgreSQL with Zalando PatroniHigh Availability PostgreSQL with Zalando Patroni
High Availability PostgreSQL with Zalando PatroniZalando Technology
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentationSuresh Kumar
 
ProxySQL for MySQL
ProxySQL for MySQLProxySQL for MySQL
ProxySQL for MySQLMydbops
 
Getting started with Ansible
Getting started with AnsibleGetting started with Ansible
Getting started with AnsibleIvan Serdyuk
 
Automate DBA Tasks With Ansible
Automate DBA Tasks With AnsibleAutomate DBA Tasks With Ansible
Automate DBA Tasks With AnsibleIvica Arsov
 
Linux Initialization Process (1)
Linux Initialization Process (1)Linux Initialization Process (1)
Linux Initialization Process (1)shimosawa
 
Ansible with oci
Ansible with ociAnsible with oci
Ansible with ociDonghuKIM2
 
PostgreSQL Streaming Replication Cheatsheet
PostgreSQL Streaming Replication CheatsheetPostgreSQL Streaming Replication Cheatsheet
PostgreSQL Streaming Replication CheatsheetAlexey Lesovsky
 
Automation with ansible
Automation with ansibleAutomation with ansible
Automation with ansibleKhizer Naeem
 
NGINX: Basics and Best Practices
NGINX: Basics and Best PracticesNGINX: Basics and Best Practices
NGINX: Basics and Best PracticesNGINX, Inc.
 
Postgresql database administration volume 1
Postgresql database administration volume 1Postgresql database administration volume 1
Postgresql database administration volume 1Federico Campoli
 
Process Scheduler and Balancer in Linux Kernel
Process Scheduler and Balancer in Linux KernelProcess Scheduler and Balancer in Linux Kernel
Process Scheduler and Balancer in Linux KernelHaifeng Li
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentationJohn Lynch
 

La actualidad más candente (20)

Automating with Ansible
Automating with AnsibleAutomating with Ansible
Automating with Ansible
 
Load Balancing and Scaling with NGINX
Load Balancing and Scaling with NGINXLoad Balancing and Scaling with NGINX
Load Balancing and Scaling with NGINX
 
PostgreSQL Replication Tutorial
PostgreSQL Replication TutorialPostgreSQL Replication Tutorial
PostgreSQL Replication Tutorial
 
Intro to MySQL Master Slave Replication
Intro to MySQL Master Slave ReplicationIntro to MySQL Master Slave Replication
Intro to MySQL Master Slave Replication
 
Применяем Ansible
Применяем AnsibleПрименяем Ansible
Применяем Ansible
 
High Availability PostgreSQL with Zalando Patroni
High Availability PostgreSQL with Zalando PatroniHigh Availability PostgreSQL with Zalando Patroni
High Availability PostgreSQL with Zalando Patroni
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentation
 
ProxySQL for MySQL
ProxySQL for MySQLProxySQL for MySQL
ProxySQL for MySQL
 
Cours javascript v1
Cours javascript v1Cours javascript v1
Cours javascript v1
 
Getting started with Ansible
Getting started with AnsibleGetting started with Ansible
Getting started with Ansible
 
PostgreSQL Query Cache - "pqc"
PostgreSQL Query Cache - "pqc"PostgreSQL Query Cache - "pqc"
PostgreSQL Query Cache - "pqc"
 
Automate DBA Tasks With Ansible
Automate DBA Tasks With AnsibleAutomate DBA Tasks With Ansible
Automate DBA Tasks With Ansible
 
Linux Initialization Process (1)
Linux Initialization Process (1)Linux Initialization Process (1)
Linux Initialization Process (1)
 
Ansible with oci
Ansible with ociAnsible with oci
Ansible with oci
 
PostgreSQL Streaming Replication Cheatsheet
PostgreSQL Streaming Replication CheatsheetPostgreSQL Streaming Replication Cheatsheet
PostgreSQL Streaming Replication Cheatsheet
 
Automation with ansible
Automation with ansibleAutomation with ansible
Automation with ansible
 
NGINX: Basics and Best Practices
NGINX: Basics and Best PracticesNGINX: Basics and Best Practices
NGINX: Basics and Best Practices
 
Postgresql database administration volume 1
Postgresql database administration volume 1Postgresql database administration volume 1
Postgresql database administration volume 1
 
Process Scheduler and Balancer in Linux Kernel
Process Scheduler and Balancer in Linux KernelProcess Scheduler and Balancer in Linux Kernel
Process Scheduler and Balancer in Linux Kernel
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentation
 

Destacado

Ansible leveraging 2.0
Ansible leveraging 2.0Ansible leveraging 2.0
Ansible leveraging 2.0bcoca
 
What's New in v2 - AnsibleFest London 2015
What's New in v2 - AnsibleFest London 2015What's New in v2 - AnsibleFest London 2015
What's New in v2 - AnsibleFest London 2015jimi-c
 
Hacking ansible
Hacking ansibleHacking ansible
Hacking ansiblebcoca
 
Automated Security Hardening with OpenStack-Ansible
Automated Security Hardening with OpenStack-AnsibleAutomated Security Hardening with OpenStack-Ansible
Automated Security Hardening with OpenStack-AnsibleMajor Hayden
 
Foreman in your datacenter
Foreman in your datacenterForeman in your datacenter
Foreman in your datacenterlzap
 
Automated Deployments with Ansible
Automated Deployments with AnsibleAutomated Deployments with Ansible
Automated Deployments with AnsibleMartin Etmajer
 
Ansible - Swiss Army Knife Orchestration
Ansible - Swiss Army Knife OrchestrationAnsible - Swiss Army Knife Orchestration
Ansible - Swiss Army Knife Orchestrationbcoca
 
Test-Driven Infrastructure with Ansible, Test Kitchen, Serverspec and RSpec
Test-Driven Infrastructure with Ansible, Test Kitchen, Serverspec and RSpecTest-Driven Infrastructure with Ansible, Test Kitchen, Serverspec and RSpec
Test-Driven Infrastructure with Ansible, Test Kitchen, Serverspec and RSpecMartin Etmajer
 

Destacado (8)

Ansible leveraging 2.0
Ansible leveraging 2.0Ansible leveraging 2.0
Ansible leveraging 2.0
 
What's New in v2 - AnsibleFest London 2015
What's New in v2 - AnsibleFest London 2015What's New in v2 - AnsibleFest London 2015
What's New in v2 - AnsibleFest London 2015
 
Hacking ansible
Hacking ansibleHacking ansible
Hacking ansible
 
Automated Security Hardening with OpenStack-Ansible
Automated Security Hardening with OpenStack-AnsibleAutomated Security Hardening with OpenStack-Ansible
Automated Security Hardening with OpenStack-Ansible
 
Foreman in your datacenter
Foreman in your datacenterForeman in your datacenter
Foreman in your datacenter
 
Automated Deployments with Ansible
Automated Deployments with AnsibleAutomated Deployments with Ansible
Automated Deployments with Ansible
 
Ansible - Swiss Army Knife Orchestration
Ansible - Swiss Army Knife OrchestrationAnsible - Swiss Army Knife Orchestration
Ansible - Swiss Army Knife Orchestration
 
Test-Driven Infrastructure with Ansible, Test Kitchen, Serverspec and RSpec
Test-Driven Infrastructure with Ansible, Test Kitchen, Serverspec and RSpecTest-Driven Infrastructure with Ansible, Test Kitchen, Serverspec and RSpec
Test-Driven Infrastructure with Ansible, Test Kitchen, Serverspec and RSpec
 

Similar a More tips n tricks

Introduction to ansible
Introduction to ansibleIntroduction to ansible
Introduction to ansibleOmid Vahdaty
 
Ansible not only for Dummies
Ansible not only for DummiesAnsible not only for Dummies
Ansible not only for DummiesŁukasz Proszek
 
Getting Started with Ansible
Getting Started with AnsibleGetting Started with Ansible
Getting Started with Ansibleahamilton55
 
Ansible Devops North East - slides
Ansible Devops North East - slides Ansible Devops North East - slides
Ansible Devops North East - slides InfinityPP
 
Introduction to Ansible - (dev ops for people who hate devops)
Introduction to Ansible - (dev ops for people who hate devops)Introduction to Ansible - (dev ops for people who hate devops)
Introduction to Ansible - (dev ops for people who hate devops)Jude A. Goonawardena
 
MariaDB, MySQL and Ansible: automating database infrastructures
MariaDB, MySQL and Ansible: automating database infrastructuresMariaDB, MySQL and Ansible: automating database infrastructures
MariaDB, MySQL and Ansible: automating database infrastructuresFederico Razzoli
 
Puppet atbazaarvoice
Puppet atbazaarvoicePuppet atbazaarvoice
Puppet atbazaarvoiceDave Barcelo
 
Ansible is Our Wishbone(Automate DBA Tasks With Ansible)
Ansible is Our Wishbone(Automate DBA Tasks With Ansible)Ansible is Our Wishbone(Automate DBA Tasks With Ansible)
Ansible is Our Wishbone(Automate DBA Tasks With Ansible)M Malai
 
Ansible is Our Wishbone
Ansible is Our WishboneAnsible is Our Wishbone
Ansible is Our WishboneMydbops
 
Getting Started with Ansible - Jake.pdf
Getting Started with Ansible - Jake.pdfGetting Started with Ansible - Jake.pdf
Getting Started with Ansible - Jake.pdfssuserd254491
 
Puppet for Sys Admins
Puppet for Sys AdminsPuppet for Sys Admins
Puppet for Sys AdminsPuppet
 
Variable precedence: Where should I put a variable?
Variable precedence: Where should I put a variable?Variable precedence: Where should I put a variable?
Variable precedence: Where should I put a variable?jtyr
 
Introduction to Ansible - Peter Halligan
Introduction to Ansible - Peter HalliganIntroduction to Ansible - Peter Halligan
Introduction to Ansible - Peter HalliganCorkOpenTech
 
Ansible new paradigms for orchestration
Ansible new paradigms for orchestrationAnsible new paradigms for orchestration
Ansible new paradigms for orchestrationPaolo Tonin
 
Puppet at Bazaarvoice
Puppet at BazaarvoicePuppet at Bazaarvoice
Puppet at BazaarvoicePuppet
 
#OktoCampus - Workshop : An introduction to Ansible
#OktoCampus - Workshop : An introduction to Ansible#OktoCampus - Workshop : An introduction to Ansible
#OktoCampus - Workshop : An introduction to AnsibleCédric Delgehier
 

Similar a More tips n tricks (20)

Introduction to ansible
Introduction to ansibleIntroduction to ansible
Introduction to ansible
 
Ansible not only for Dummies
Ansible not only for DummiesAnsible not only for Dummies
Ansible not only for Dummies
 
Getting Started with Ansible
Getting Started with AnsibleGetting Started with Ansible
Getting Started with Ansible
 
Ansible Devops North East - slides
Ansible Devops North East - slides Ansible Devops North East - slides
Ansible Devops North East - slides
 
Introduction to Ansible - (dev ops for people who hate devops)
Introduction to Ansible - (dev ops for people who hate devops)Introduction to Ansible - (dev ops for people who hate devops)
Introduction to Ansible - (dev ops for people who hate devops)
 
MariaDB, MySQL and Ansible: automating database infrastructures
MariaDB, MySQL and Ansible: automating database infrastructuresMariaDB, MySQL and Ansible: automating database infrastructures
MariaDB, MySQL and Ansible: automating database infrastructures
 
Metadata-driven Testing
Metadata-driven TestingMetadata-driven Testing
Metadata-driven Testing
 
Puppet atbazaarvoice
Puppet atbazaarvoicePuppet atbazaarvoice
Puppet atbazaarvoice
 
Ansible is Our Wishbone(Automate DBA Tasks With Ansible)
Ansible is Our Wishbone(Automate DBA Tasks With Ansible)Ansible is Our Wishbone(Automate DBA Tasks With Ansible)
Ansible is Our Wishbone(Automate DBA Tasks With Ansible)
 
Ansible is Our Wishbone
Ansible is Our WishboneAnsible is Our Wishbone
Ansible is Our Wishbone
 
Getting Started with Ansible - Jake.pdf
Getting Started with Ansible - Jake.pdfGetting Started with Ansible - Jake.pdf
Getting Started with Ansible - Jake.pdf
 
Configuration Management in Ansible
Configuration Management in Ansible Configuration Management in Ansible
Configuration Management in Ansible
 
Puppet for Sys Admins
Puppet for Sys AdminsPuppet for Sys Admins
Puppet for Sys Admins
 
Bash production guide
Bash production guideBash production guide
Bash production guide
 
Variable precedence: Where should I put a variable?
Variable precedence: Where should I put a variable?Variable precedence: Where should I put a variable?
Variable precedence: Where should I put a variable?
 
Introduction to Ansible - Peter Halligan
Introduction to Ansible - Peter HalliganIntroduction to Ansible - Peter Halligan
Introduction to Ansible - Peter Halligan
 
Ansible new paradigms for orchestration
Ansible new paradigms for orchestrationAnsible new paradigms for orchestration
Ansible new paradigms for orchestration
 
Puppet at Bazaarvoice
Puppet at BazaarvoicePuppet at Bazaarvoice
Puppet at Bazaarvoice
 
Introducing Ansible
Introducing AnsibleIntroducing Ansible
Introducing Ansible
 
#OktoCampus - Workshop : An introduction to Ansible
#OktoCampus - Workshop : An introduction to Ansible#OktoCampus - Workshop : An introduction to Ansible
#OktoCampus - Workshop : An introduction to Ansible
 

Último

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 

Último (20)

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 

More tips n tricks

  • 1. More Tips and Tricks Some “Non Bad” Practices
  • 2. #>whoami? - Ansible core maintainer - bcoca @ IRC and github and mailing lists - worn hats as SA/QA/Programmer/DBA/etc - tech janitor 2
  • 3. Why not ‘best practice’? - No such thing - Many ‘good practices’ - Environments are different: Florist e-commerce != VR mobile app - Companies and compliance are different - Rules and standards are great … until they get in the way - Context is important - Similarities exist but things are rarely identical (siblings not twins) - “One size fits all” solutions are limited and limiting - Adaptability is key, provides choice - Decide on a workflow, use tools to achieve it - Pain appears when systems and workflows are in opposition TIP: non bad practices 3
  • 4. PEP8 A style guide is about consistency. Consistency with this style guide is important. Consistency within a project is more important. Consistency within one module or function is the most important. However, know when to be inconsistent -- sometimes style guide recommendations just aren't applicable. When in doubt, use your best judgment. Look at other examples and decide what looks best. And don't hesitate to ask! 4
  • 5. What is wrong? - hosts: webservers handlers: - service: name: nginx state: restarted name: restart_nginx tasks: - template: src: templates/nginx.conf dest: /etc/nginx.conf notify: restart_nginx name: Set nginx config pre_tasks: - stat: path=/etc/nginx.conf Bad Practice 5 - hosts: wx01 tasks: - template: src: templates/xl183.conf dest: /etc/apache2.conf notify: service handlers: - service: name=httpd state=restarted
  • 6. How can it be better? TIPS: Better Practices 6 - hosts: webserver01 pre_tasks: - stat: path=/etc/nginx.conf tasks: - name: Configure app02 webserver template: src: templates/webapp02.conf dest: /etc/apache2.conf notify: restart_httpd handlers: - name: restart_httpd service: name=httpd state=restarted - Nothing syntactically wrong - Dictionary order does not matter to Ansible, but it matters to humans - List order matters to all (- stuff) - name: is your documentation - Good host, group and task names make things evident. - Relying on explicit behaviour over implicit keeps things clear - Nothing I say is mandatory
  • 7. Basic Layout TIPS: Inventory 7 ansible/ inventory group_vars/ all.yml appservers.yml databases.yml loadbalancers.yml network.yml webservers/ secrets.yml service_vars.yml host_vars/ webserver01.yml webserver02.yml PROS - Simple setup - Quick to get started - Works for your average app - Naming by function (not actual names) CONS - All or nothing access - Grouped only on one criteria
  • 8. Complicating layout TIPS: Inventory 8 ansible/inventory/ production (groups: dc1,dc2) development(idf) staging (dc1) group_vars/ all.yml appservers.yml databases.yml loadbalancers.yml network.yml webservers/ secrets.yml service_vars.yml dc1.yml dc2.yml idf.yml host_vars/ PROS - I can target environments by file - File permissions for access (also ACLs) - inventory_file or groups for ‘location’ and ‘environment’ variables, avoids overlap. - Avoids relying on --limit CONS - More things to keep track of - Requires more knowledge to setup - Geared towards central mgmt host - Overlaps with --limit
  • 9. Unix tools use Unix permissions TIPS: Inventory 9 jumphost#>ls -l /etc/ansible/inventory drwxr-xr-x 2 root ops 4096 Aug 19 00:55 group_vars drwxr-xr-x 2 root ops 4096 Aug 12 11:10 host_vars -rw-r----- 1 root ops 1825 Aug 18 03:07 production -rw-r----- 1 root qa 251 Aug 18 03:07 staging -rw-r----- 1 root devel 789 Aug 18 03:07 devel jumphost#> getfacl production # file: production # owner: root # group: ops user:bcoca:rw- user::rw- group::r-- other::--- visible permissions my ‘back door’
  • 10. Designing your inventory TIPS: Inventory 10 - Inventory is the expression of your environment - Hostnames, groups, vars are for YOUR use, they have to make sense to YOU - Ansible cares about hosts and tasks, everything else is in support of that - Select a single source of truth .. or try to minimize duplication of data - Normally, there is a simpler way to do it - Ansible makes it easy to switch approaches, don’t be afraid to test and try - Mistakes are not failures
  • 11. Generate YAML Inventory Tricks 11 - hosts: localhost gather_facts: false tasks: - template: src: dump_hosts_yaml.j2 dest: /tmp/hosts.yml {% set builtins = ['hostvars', 'vars', … ]%} {% set dumped_vars = [] %} {% for group in groups if group != 'all'%} {{group}}: {% for host in groups[group] %} {{ host }}: {% for myhostvar in hostvars[host] if myhostvar not in builtins %} {{ myhostvar}}: {{hostvars[host][myhostvar]|to_json}} {% if loop.last %}{% do dumped_vars.append(host) %}{%endif %} {% endfor %} {% endfor %} {% endfor %} migrate_yaml_inventory.yml dump_hosts_yaml.j2
  • 12. 12 ungrouped: ubuntu15test: testvar: default from all test2: {"key3": "valueall3", "key1": "valueall1"} ansible_python_interpreter: /usr/bin/python2.7 ansible_ssh_host: 192.168.1.7 ubuntu: ubuntu12test: ubuntu14test: testvar: default from all test2: {"key3": "valueall3", "key1": "valueall1"} tests: ubuntu12test: ubuntu15test: centos7test: testvar: inv groupvar test2: {"key3": "valueall3", "key1": "valueall1"} cron_service: crond ansible_ssh_host: 192.168.0.24 test_prio: tests aptdistros: ubuntu12test: ubuntu14test: /tmp/hosts.yml
  • 13. Generate INI Inventory Tricks 13 {% set builtins = ['hostvars', 'vars', 'groups', 'group_names', … '] %}{% set dumped_vars = [] %} {% for group in groups if group != 'all'%} [{{group}}] {% for host in groups[group] %} {{ host }} {% for myhostvar in hostvars[host] if myhostvar not in builtins and host not in dumped_vars %} {{ myhostvar}}={{hostvars[host][myhostvar]|to_json}} {% if loop.last %}{% do dum ped_vars.append(host) %}{% endif %} {% endfor %} {% endfor %} {% endfor %} dump_hosts_ini.j2
  • 14. 14 [ungrouped] ubuntu15test testvar=”default from all” test= {"key3": "valueall3", "key1": "valueall1"} [ubuntu] ubuntu12test ubuntu14test testvar=”default from all” test2= {"key3": "valueall3", "key1": "valueall1"} [tests] ubuntu12test ubuntu15test centos7test testvar=”inv groupvar” ansible_ssh_host="192.168.0.24" test2={"key3": ... [aptdistros] ubuntu12test /tmp/hosts.ini
  • 15. Variable Sources TIPS: vars can go in many places 15 PRECEDENCE (low to high): role defaults inventory file vars inventory group_vars, host_vars playbook group_vars, host_vars host facts play vars, vars_prompt, vars_files registered vars set_facts role parameters and include vars block(only for tasks in block), task vars extra vars (CLI, global, precedence) ● Many choices, flexible! ● Many choices, confusing! ● Where do I define my var? ○ Locality (host, group, play, role, task) ○ Use only what you need, ignore rest ○ Inheritance and scope (play, host) ● group/host_vars are always loaded ● variables are flattened per host
  • 16. Variable Sources TIPS: vars can go in many places 16 inventory/ ... playbooks/ webconfig/ ... certificates/ load_balancer_main.yml load_balancer_internal.yml ldap.yml vars/ vaulted_certificates.yml - Avoid vault errors - Allows ‘need to know’ - group/host_vars are still autoloaded - explicit: vars_files, include_vars from vars/ - vault files require passwords - ansible cannot know if vault is needed, must run play and open vault to find out. - no tardis plugin (yet)
  • 17. vars_prompt TIPS: vars can go in many places 17 - Interactive vars - Per play - Available only at start - Smart prompting: - only if tty is present - skip if already provided (extra vars) - Unconditional vars_prompt: - name: "myvar" prompt: "Question?"
  • 18. Pause TIPS: vars can go in many places 18 - Interactive vars - It is a task: - Can appear at any point a task can - Tasks are conditional (when, tags) - host scope, persists across plays - No validation - Only if tty is present - result var structure (myvar.user_input) - pause: prompt=”Question?” register: myvar
  • 19. Single deployment script Tricks 19 #!/usr/bin/ansible-playbook - hosts: localhost vars_prompt: - name: app_name prompt: “Which app do you want to deploy?” default: mainapp - name: app_version prompt: “Choose version/tag (default HEAD)” default: ‘HEAD’ tasks: - git: repo=git@myreposerver/{{app_version}} version={{app_version}} ... bin/deploy Normal Interactive command When using cron: - pass in extra vars - let it use defaults
  • 20. 3 plays that can run in parallel Tricks: parallel playbook execution 20 - name: play1 hosts: all gather_facts: false tasks: - debug: msg=starting1 - wait_for: timeout=10 - debug: msg=ending1 - name: play2 hosts: all gather_facts: false tasks: - debug: msg=starting2 - wait_for: timeout=14 - debug: msg=ending2 - name: play3 hosts: all gather_facts: false tasks: - debug: msg=starting3 - wait_for: timeout=16 - debug: msg=ending3 play1.yml play3.ymlplay2.yml Sometimes you don’t want to run stuff serially .. if only ansible-playbook ran in parallel!
  • 21. From the command line Tricks: parallel playbook execution 21 #> time ansible-playbook play?.yml real 0m40.691s user 0m1.371s sys 0m0.353s #>time parallel ansible-playbook {} ::: play?.yml real 0m16.816s user 0m3.928s sys 0m0.848s #> time $(ls play?.yml|xargs -n1 -P3 ansible-playbook) real 0m16.788s user 0m3.963s sys 0m0.842s - Ansible is unix tool, many other tools do parallel - Several options to run in parallel - Easy to redirect output - manage resources with nice and ionice - use with inotify, tcpserver, cron, at … even with procmail filters
  • 22. ansible-meta? Tricks: parallel playbook execution 22 - name: really trying hard to avoid shell scripts hosts: localhost gather_facts: False tasks: - shell: ansible-playbook play1.yml async: 10000 poll: 0 - shell: ansible-playbook play2.yml async: 10000 poll: 0 - shell: ansible-playbook play3.yml async: 10000 poll: 0 #>time ansible-playbook async.yml real 0m3.572s user 0m0.497s sys 0m0.105s
  • 23. Less typing! Tricks: parallel playbook execution 23 - name: really trying hard to avoid shell scripts v2 hosts: localhost gather_facts: False tasks: - shell: ansible-playbook play{{item}}.yml async: 10000 poll: 0 with_items: [1,2,3] #>time ansible-playbook async2.yml real 0m3.531s user 0m0.463s sys 0m0.107s
  • 24. ansible-meta … with results! Tricks: parallel playbook execution 24 - name: really trying hard to avoid shell scripts v3 hosts: localhost gather_facts: False tasks: - shell: ansible-playbook play{{item}}.yml async: 10000 poll: 0 with_items: [1,2,3] register: runplays - async_status: jid={{runplays.results[item.index].ansible_job_id}} resgister: jobs until: jobs.finished with_indexed_items: [1,2,3] retries: 100 #>time ansible-playbook async3.yml real 0m24.140s user 0m1.239s sys 0m0.265s
  • 25. Static vs Dynamic TIPS: includes 25 - Beginning in 2.0 includes can be dynamic, loops, conditionals! - Static includes are not real tasks, dynamic includes … almost are - Only task includes can be dynamic, play includes are always static - Dynamic includes do not show included tasks in --list-tasks/tags - Handler includes are static by default (both types have config setting) - Task includes have dynamic include detection, use static: yes|no (>=2.1) directive to control - Task behaviour can change in each case
  • 26. dynamic include loops TIPS: includes 26 - hosts: localhost gather_facts: False tasks: - include: test.yml with_items: [1,2] static: yes - set_fact: outer={{item}} - debug: msg="{{outer}} and {{item}}" with_items: ['a','b'] TASK [debug] ******************************************************** ok: [localhost] => (item=a) => { "item": "a", "msg": "1 and a" } ok: [localhost] => (item=b) => { "item": "b", "msg": "1 and b" } TASK [debug] ******************************************************** ok: [localhost] => (item=a) => { "item": "a", "msg": "2 and a" } ok: [localhost] => (item=b) => { "item": "b", "msg": "2 and b" } play.yml test.yml Since 2.1 you can use loop_control instead of set_fact
  • 27. New in 2.2 Tricks: include_role 27 - hosts: localhost tasks: - package: name={{httpd}} state=latest - include_role: name: webapp tasks_from: install.yml - service: name={{httpd}} state=started - include_role: name: webapp tasks_from: configure.yml vars_from: “{{ansible_os}}.yml” with_items: “{{ applications }}”
  • 28. Multiple notification TIPS: fun with handlers 28 - hosts: all tasks: - name: configure nginx template: src=nginx.j2 dest=/etc/nginx.conf notify: - restart_uwcgi - restart_nginx handlers: - name: restart_uwcgi service: name=uwcgi state=restarted - name: restart_nginx service: name=nginx state=restarted - Most flexible - Can get repetitive - List can be a variable
  • 29. Chaining handlers TIPS: fun with handlers 29 - hosts: all tasks: - name: configure nginx template: src=nginx.j2 dest=/etc/nginx.conf notify: restart_nginx_cluster handlers: - name: restart_nginx_cluster service: name=uwcgi state=restarted notify: restart_nginx - name: restart_nginx service: name=nginx state=restarted - Call observes definition order - Cannot call previous - Less flexible - Can call middle of chain
  • 30. Grouping handlers TIPS: fun with handlers 30 - hosts: all tasks: - name: configure nginx template: src=nginx.j2 dest=/etc/nginx.conf notify: restart_nginx_cluster handlers: - name: restart_nginx_cluster wait_for: seconds=1 changed_when: true notify: [‘restart_uwcgi’, ‘nginx’] - name: restart_uwcgi service: name=uwcgi state=restarted - name: restart_nginx service: name=nginx state=restarted - Still flexible - Less repetition - Needs dummy task - Also relies on chain - List can be a variable
  • 31. listen! new in 2.2 TIPS: fun with handlers 31 - hosts: all tasks: - name: configure nginx template: src=nginx.j2 dest=/etc/nginx.conf notify: restart_nginx_cluster handlers: - name: restart_uwcgi service: name=uwcgi state=restarted listen: restart_nginx_cluster - name: restart_nginx service: name=nginx state=restarted listen: restart_nginx_cluster - Still flexible - Less repetition - listen is not unique - Does not rely on chain - List can be a variable
  • 32. include as handler TIPS: fun with handlers 32 - hosts: all tasks: - name: configure nginx template: src=nginx.j2 dest=/etc/nginx.conf notify: restart_nginx_cluster handlers: - name: restart_nginx_cluster include: nginx_cluster_restart.yml static: no - Only dynamic includes - Include itself is handler - File can be variable - Also toggleable from config
  • 33. #>exit - Ansible is flexible, many ways to do things - Choice can be daunting - Easy to make mistakes, easy to correct them - “Best” is relative, depends on context, test it! 33