Ansible – And why it works for me – Charles L. Yost
Ansible – And why it works for me – Charles L. Yost
0 1
talks-ansible
On Github yoshi325 / talks-ansible
Ansible
And why it works for me
Charles L. Yost
2016-01
Description
A 45 minute overview of the what, where, how, and why of using Ansible. Covers alternatives, what Ansible is, what Ansible's dependencies are, jargon pertaining to Ansible, and what it can do to make your life easier. Also includes some tips and tricks for everyday use.
Speaker Bio
Charles Yost is currently a Security Developer at Binary Defense Systems. He has worked in the IT industry for over 10 years in a wide variety of roles including: Printer Technician, VoIP Systems Administrator, .Net Developer, and Web Developer. Throughout life his number one passion has been learning new skills. He can often be found researching a topic, attempting to keep up with the quickly evolving field of technology. Charles enjoys teaching and talking to others about technology. He is a member of NEOISF, and attends as many InfoSec conferences as he can justify with his wife.
Binary Defense
You can find our booth right outside the door after this talk. As well as our sister company: TrustedSec.
Contact
Twitter: @CHARLESLYOST
GitHub & YouTube: Yoshi325
Polls
Who already knows about Ansible?
Who has done development in python before?
Showtime
Some Alternatives
Here are some alternatives:
- Chef
- Puppet
- Salt (a.k.a. SaltStack)
- and Many Others
Many differences exist between these alternatives and Ansible. We will review those differences later.
What is Ansible?
DevOps made simple. Deploy apps. Manage systems. Crush complexity. Ansible is a powerful automation tool that you can learn quickly.
Ansible is a free software platform for configuring and managing computers. It combines multi-node software deployment, ad hoc task execution, and configuration management.
A way to maintain sanity in the complex and ever-changing world of system configuration.
What's In A Name
It was named "Ansible" after the fictional instantaneous hyperspace communication system featured in Orson Scott Card's Ender's Game, and originally invented by Ursula K. Le Guin for her 1966 novel Rocannon's World."
Ansible (software) | Wikipedia
And this will make some sense, later ...
Also, Releases are named after Van Halen songs.
Server
(Control Machine)
Linux or Mac
SSH
Python (2.6 or later)
Client
(Managed Node)
Linux, Mac, or Windows
SSH or PowerShell
Python (2.4 or later)
Does Windows Require Python?
Thats it.
And that really is it. Ansible is a very slim setup.
Learn The Lingo
- ini format
- list of hostnames or ips
- can also contain some variables
- can be grouped, and have grouped groups
- Ansible's documentation calls them it's orchestration language, and I feel it's pretty apt.
- Roles allow a smaller, reusable orgizational unit for T, H, & V.
- Tasks are a combo of a thing to do, a name for it, if it should be done, and what should be done after it.
- Handlers are special post-playbook tasks, which are de-duped before they are ran.
- Variables provide flexibility for a role to be configured.
Modules (also referred to as “task plugins” or “library plugins”) The tools you call on within a Task. Encapsulates an action, and the desired result.
Bonus Lingo
Galaxy
Tower (Optional!)
Other Details
Ansible Is:
- Agentless
- Configuration is done in YAML
- Extendable (via Modules written in Python)
- Primarilly Push Based (with an option for Pull)
And It:
- Communicates via a JSON protocol
- Uses a idempotent resource model
- Has Cloud Integration
Rackspace Cloud Servers, OpenStack, DigitalOcean Droplets, CloudStack, Eucalyptus Cloud, AWS, VMware, and KVM
Putting it all Together
- Create your inventory
- Create your playbook
- Create tasks for your playbook or role; utilizing modules
- Use variables in your tasks
- Use handlers to chain dependent actions
Tips, Tricks, & Pitfalls
How-To iterate over a list from a shell command:
shell: /command/which/generates/lines register: output ... when: item not in output.stdout_lines
Tips, Tricks, & Pitfalls
Store host specific variables in a host_vars folder.
Tips, Tricks, & Pitfalls
To only run a task when a list is NOT empty.
when: list|length > 0
Tips, Tricks, & Pitfalls
If your task hangs forever and is using sudo, confirm that you passed the:
--ask-sudo-pass
comand line option when you ran ansible.
Tips, Tricks, & Pitfalls
There are two ways to structure variables:
1. Dictionary:networking.interface.ip
2. Scalar:networking_interface_ip
The drawback to dictionaries is:when you set a value somewhere else, it will replace the entire dictionary. It does not merge it.
Back to Those Alternatives
Chef
- Differences
- Ruby/Erlang
- Uses an agent by default
- Only free up to 25 nodes
- Split between Hosted and On Premise
- Similarities
- Cloud Support
Puppet
- Differences
- Ruby
- Requires an agent
- Split between Enterprise and Open Source
- Enterprise is the Paid Tier
- Largely GUI Driven
- Similarities
- Cloud Support
Salt/SaltStack
- Differences
- ZeroMQ (or RAET) instead of SSH
- Similarities
- Python
The End
Resources and Credits
Insanely complete Ansible playbook, showing off all the options
Insanely complete Ansible playbook, showing off all the options | marktheunissen's fork
Install Ansible, Create Your Inventory File, and Run an Ansible Playbook and Some Ansible Commands
Ansible (Real Life) Good Practices