Created
October 14, 2014 23:19
-
-
Save chilcote/638c8417901bc00d5772 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AnsibleFest notes | |
============== | |
Keynote | |
------- | |
1.7.1 | |
- enable windows powershell remoting modules in PowerShell | |
- can push raw powershell scripts | |
- rather than force an agent or an install; | |
- usign the technology that MS has by default | |
- run_once | |
- simplifies tasks | |
- expanded inventory support | |
- Azure, VMware | |
- new provisioning modules for VMware too | |
1.8 | |
- fact caching | |
- uses Redis (memcached also available) | |
- store playbook variables/facts between executions | |
- no_log | |
- suppresses playbook output as well as suppressing syslog logging | |
- ansible-galaxy cli upgrades | |
- be able to install from multple-repos not just galaxy | |
- git, hg, tarballs, galaxy | |
- docker images | |
- base images for faster ansible playbook builds using Docker | |
- Ubuntu and CentOS | |
- refactorings (ongoing) | |
- reorganize after years of contributions | |
- focus on hybrid-OO/functional architecture | |
- enable features like blocks, try/except, future language | |
- enable line numbering reporting for errors | |
Telescope presentation | |
---------------------- | |
- who is telescope? | |
- they provide all the "voting" tech for reality shows like american idol, etc | |
- why did we move from bare metal to AWS? | |
- outgrew their data center | |
- only had two sysadmins for 60 servers | |
- responsible for network, arch, IT support, developer access, etc | |
- why did we choose ansible? | |
- has tight AWS integration | |
- EC2 modules are handy | |
Big Panda Presentation | |
---------------------- | |
- when did I know I needed ansible | |
- super bowl giveaway 2009 (previous gig) | |
- commercial pointed to a website | |
- millions of people went there to get a free ticket | |
- everything broke | |
- what is big panda | |
- use data science to automate and scale incident management | |
- using nagios, new relic, pingdom, ansible | |
- why ansible? | |
- no matter the complexity, everything boils down to running ansible module | |
- makes playbooks easy to write and review (version control) | |
- simplicity | |
- agentless | |
- idempotence | |
- enables ansible to be declarative and reliable | |
- can rum multiple times without changing the result beyond initial executtion | |
- reusable | |
- every script we write is used two times | |
- once, when deploying a new version | |
- again when provisioning a new server | |
- usings tags we run or skip tasks or plays as needed | |
- playbook.yml -i hosts --tags infra | |
- extensible | |
- can be extended with JSON | |
- correlating monitoring alerts with application deployments | |
- all the things | |
- no one ever touches servers; everything is through ansible | |
- server provisioning too | |
- steps to using ansible | |
- ansible workshop | |
- peer review, agile-in-ops | |
- went through ansible training | |
- documented at github.com/bigpandaio/ansible-workshop | |
- idea was to make sure that everyone had the same idea as to what ansible *is* | |
- playbook playbooks | |
- wrote a wrapper around playbooks to help reduce human error | |
- github.com/bigpandaio/ansible-exec | |
- make the scariest part the the build, the easiest | |
- when pushing stuff live | |
- `deploy bigpanda` | |
- goes through playbook wrapper (ansible-exec) | |
- has all the right commands | |
- repeatable | |
- beanbot | |
- bot in hipchat | |
- `beanbot deploy bigpanda` | |
- beanbot goes and deploys it (pulls from github, etc) | |
- based on hubot | |
- github.com/github/hubot | |
- github.com/hipchat/hubot-hipchat | |
- infrastructure confidence | |
- are able to redeploy all the things | |
- deleted everything they set up manually, and redeployed through ansible | |
- zero downtime | |
- now they know that everything is exactly the same and how it was deployed | |
Hacking Ansible (make it do more) | |
--------------------------------- | |
- what is ansible? | |
- config management? automation platform? orchestration? release management? | |
- any and all of these | |
- does one thing very well: runs a task on a host | |
- internal objects (for every invocation) | |
- inventory: define targets | |
- runner: actually does all the work | |
- connection: how to get to my targets | |
- playbook: all the plays in the current invocation | |
- host: where to do it | |
- task: what to do | |
- callback: show me what was done | |
- even when run at the cli, there is a "playbook" | |
- it has a) host and b) task | |
- plugin system | |
- sum of the parts is less than the whole | |
- lib/ansible/utils/plugins.py | |
- includes PluginLoader class | |
- overrides directory for custom vars | |
- Library: host tasks/actions/modules | |
- Action: master side tasks/actions/modules | |
- Cache: fact caching | |
- lib/ansible/cache/base.py | |
- creates a dictionary inside an object that can be read and written to | |
- exists in memory | |
- Callback: play output | |
- Connection: host connections | |
- Shell: what shell to use to execute tasks | |
- powershell added | |
- Lookup: master side info lookup | |
- you use these anytime you use: with_<lookup> | |
- executes on the maters | |
- a way to access external files and/or data | |
- normally returns a list | |
- Vars: variable imports | |
- Inventory: aside from inventory scripts | |
- Filter: jinja2 filters for data modification | |
- filters are a nice way to abstract features | |
- chainable pipes | |
- "not a programming language" but can bring programming concepts | |
- Doc Fragment: shared docs for library | |
- tests: | |
- assert: the test module | |
- destructive, non-destructive, integration | |
- `make tests` runs unit tests | |
- before you submit | |
- update documentation (it is also in the repo) | |
- create tests, assert | |
- prepare a clear usage/example to post in the PR | |
- it's a dialog be ready to make your use case | |
- patience... | |
- not everything belongs in core | |
Ansible and Google Cloud Platform | |
--------------------------------- | |
- What is google cloud platform? | |
- Compute | |
- app engine | |
- compute engine | |
- Storage | |
- cloud storage | |
- cloud sql | |
- cloud datastore (nosql) | |
- app services | |
- BigQuery | |
- Cloud Enpoints | |
- Cloud DNS | |
- What is google compute engine? | |
- virtual machines | |
- linux/win/custom | |
- very small <-> very large | |
- persistent disks | |
- ssd and "standard" | |
- up to 10TB per VM | |
- shared r/o across many VMs | |
- global snapshots | |
- advanced networking | |
- global private network (across geo sites) | |
- load-balancing (L3 and L7) | |
- custom routes / firewall rules | |
- (Enough with the sales pitch, dude...) | |
- ansible demo | |
- ansible playbook that defines: | |
- 4 compute engine instances (2 per zone) | |
- create a firewall rule and load balancer | |
- set up a dns record for the LB IP | |
- deploy "app" and manage software (in a non-typical way) | |
- `anslible-playbook gce-demo.yml` | |
- uses credentials from a var file | |
- sets up networking, allowing http traffic from specifically tagged GCE VMs | |
- sets up load balancer, healthcheck, and adds members | |
- create dns record for the IP | |
- continuous deployment | |
- PTC ("push to configure") Agent deployed via metadata during instance create | |
- "App" development with git hosted in google cloud repositories | |
- ansible configures the VM and "app" locally | |
- listens for code push events and instance tag change events | |
- on event, a 'start' script in top-level kicks off | |
- (internet flaked, no demo) | |
- $500 credit | |
- g.co/cloudstarterpack | |
- use promo code ansible-con | |
Ansible and Docker | |
------------------ | |
- Images | |
- made of layers | |
- base images basically OS installs | |
- immutable | |
- customize by creating a new layer on top | |
- What can you do with Docker? | |
- lightweight cloud | |
- lower runtime overhead | |
- layered filesystem | |
- very quick startup time | |
- tool for encapsulating applications | |
- low overhead | |
- run application on startup | |
- similar to init | |
- What can we do with Ansible and Docker? | |
- building an image (dockerfile) | |
- dockerfile is very shell-like | |
- instead of using just a dockerfile, have it reference a playbook | |
- what makes this better? | |
- power and consistency | |
- use the same methods to configure images as your hosts | |
- templates (jinja) and conditionals (i.e. ubuntu and centos) | |
- try out new things via Galaxy roles | |
- https://registry.hub.docker.com/u/ansible/centos7-ansible | |
- https://registry.hub.docker.com/u/ansible/ubuntu10.04-ansible | |
- http://ansible.github.com/ansible/ansible-docker-base | |
Ansible Roles | |
------------- | |
- Getting started with roles | |
- creating the initial role layout | |
- `ansible-galaxy init roles/myrole` | |
- creates ALL the directory structure for you | |
- role dependencies | |
- specify it in the metad/main.yml file | |
- tags and conditionals | |
- Cross-platform roles tips and tricks | |
include: redhat.yml | |
when: ansible_os_family == 'RedHat' | |
include: centos.yml | |
when: ansible_os_family == 'CentOS' | |
- alternative method for variables | |
- with_first_found | |
- iterates through a list, and returns the first match. | |
- galaxy best practices | |
- create accurate metadata (meta/main.yml) | |
- 90% of the issues are from typos in the metadata | |
- adding role to github | |
- `ansible-galaxy init foo` | |
Ansible Tower 2.0 | |
----------------- | |
- New in Tower 2 | |
- web based interface | |
- added more auto-refreshing info, rather than having buttons | |
- provides things that the cli tool can't provide | |
- added new inventory types | |
- Azure | |
- Google compute engine | |
- VMware vCenter | |
- shows real time jobs as well as a history of every job run, logging failures | |
- good for groups (multiple people using ansible) | |
- can synchronize with ldap | |
- job templates | |
- can allow a dev to run a job but not have to know or use ansible | |
- rest api | |
- anything you can do with point-and-click, you can do with the api | |
- most use it to integrate with jenkins (to launch playbooks) | |
- there is now a cli wrapper for continuous integration | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment