SlideShare ist ein Scribd-Unternehmen logo

Ansible tips & tricks

B
bcoca

Unusual ways to use and abuse Ansible

Technologie
1 von 26
Downloaden Sie, um offline zu lesen
Tips & Tricks Not your usual usage Ansible Fest NYC 2015
#>whoami ● currently: ansible core team member (bcoca) ● helpdesk/application support ● programmer/analyst/software engineer ● QA, systems & network administrator ● release manager, DBA, information security, ● “Tech Janitor”
#>apropos ansible ● Configuration management ● Release management ● Automation framework ● Orchestration system ● Distributed batch executor ____________________ / It runs a TASK * x on a HOST * x / -------------------- ^__^ (oo)_______ (__) )/ ||----w | || ||
#LIVE>multiply_shell ● allows you to reuse your shell magic ● must be non interactive ● plays well with traditional unix tools ● just multiply by ### hosts ● requires some work for nicer outputs ● -t == json file database per host
#LIVE>ansible_shell #>ansible webs -m shell -a "awk '{print $9}' /var/log/nginx/access.log|sort |uniq -c |sort -k1,1nr 2>/dev/null|column -t" web1 | success | rc=0 >> 204417 200 48108 304 8550 302 6541 301 1696 404 269 206 web2 | success | rc=0 >> 205807 200 43762 304 ...
#LIVE>procmail -- procmail :0 #send back http code live report * ^From.*@example.com * ^Subject:.*500 report |ansible-playbook ~/plays/report.yml --- #report.yml … - shell: "awk '{print $9}' … register: report - mail: to={{lookup(‘env’,’FROM’)}} body={{report}} … ______________ < you got mail > -------------- , , /( )` ___ / | /- _ `-/ ' (// / / / | ` O O ) / | `-^--'`< ' (_.) _ ) / `.___/` / `-----' / <----. __ / __ <----|====O)))==) ) /==== <----' `--' `.__,' | | / ______( (_ / ______ ,' ,-----' | `--{__________) /
#UTIL>small_scripts ● tries not to be a programming language ● but … sometimes its very useful as such ● plays can wrap existing roles/task lists ● vars_prompt/pause allow for interactivity ● -e “var=val” for completely batch ● -e @file.json: you can use json data files
#UTIL>/sbin/departed #!/usr/bin/ansible-playbook --- - name: Ensure only valid users hosts: all gather_facts: False sudo: True vars_files: #departed: [ alan, bcoca, isaac, mathew, willy ] - /etc/departed_users.yml tasks: - name: Delete departed user and all it’s files user: name={{item}} state=absent remove=yes with_items: “{{departed}}”
#UTIL>/bin/release_apps #!/usr/bin/ansible-playbook - hosts: localhost vars_prompt: - name: app_name prompt: “Which app do you want to deploy?” - name: app_version prompt: “Choose version/tag (default HEAD)” default: ‘HEAD’ tasks: - git: repo=git@myreposerver/{{app_version}} version={{app_version}} ... ... - hosts: app_servers serial: 1 tasks: - pause: "are you sure you want to stop all services?" - name: shush nagios nagios: action=silence host={{inventory_hostname}} delegate_to: {{monitor}} - name: nginx graceful stop service: name=nginx state=stopped - name: stop uwsgi service name=uwsgi state=stopped … ... ______________________ / for reusability, use includes and roles / ---------------------- __ UooU.'@@@@@@`. __/(@@@@@@@@@@) (@@@@@@@@) `YY~~~~YY' || ||
#QA>verify ● The same way I do things , I can check them ● Gentle learning curve for your test creator ● Checks don’t normally need root ● check_mode and diff_mode ● assert/fail, no need to read the output!
#QA>check_server - hosts: app_server tasks: - users: name=appuser state=present name: verify that app user is present - file: path=/to/app/dir owner=appuser mode=0700 name: check that app dir has proper permissions - service: name={{item}} state=started name: check that services are running with_items: [‘nginx’, ‘uwsgi’] - postgres_user: name=dbapp1 password=secretrole_attr_flags=NOSUPERUSER name: check app user is accessible via app server ____________________________________ / or if your playbook is idempotent, just run it again Sam! / ------------------------------------ / ( ) .( o ).
#QA>check_app - hosts: app_servers tasks: - stat: path=/var/run/tomcat/webapps/myapp.jar register: jar - assert: that: - jar.checksum == lookup(‘consul_kv’,‘myapp_csum’) - stat: path=/var/run/app2.pid - wait_for: port=8080 - uri: return_content=’app1 OK’
#AUDIT>verify --- qa? ● The same way I do, I can check ● Gentle learning curve for your auditor ● Checks don’t normally need root ● check_mode and diff_mode
#AUDIT>check_firewall # verify firewall after manual config - wait_for: port: “{{item}}” host: prod.example.com delegate_to: outside.host.com with_items: [‘80, ‘443’] - wait_for: port={{item}} host=prod.example.com delegate_to: outside.host.com failed_when: not left_door_open|failed register: left_door_open when: item not in [‘80’, ‘443’] with_sequence: start=1 end=1024 ______________ < or call nmap > -------------- ___ {~._.~} ( Y ) ()~*~() (_)-(_)
#AUDIT>check_file_changes # from vars today_file: checks/{{inventory_hostname}}/{{today}}.txt - find: paths=/etc recurse=Y size=1 age=1d registered: fchanged - assert: that: - fchanged|length == 0 - assert: that: - item.checksum == lookup(‘pipe’, ‘grep ‘ + item + ‘ /checks/latest| cut -f2’) with_items: “{{fchanged}}” - local_action: template src=checksums.j2 dest={{today_file}} - local_action: file src={{today_file}} path=/checks/latest state=link ______________________ / Just until you setup aide|osiris|tripwire / ---------------------- /_)o< | | O . O| _____/
#AUDIT>facts_drift ● set fact caching to use jsonfile ● make git repo or checkout in cache dir ● set incron to commit when file changes ● now git log shows facts change over time ● filter out time facts (or not) ● … so ... tower will do this for me?
#AUDIT>file_changes_xattr ● {{ansible_managed}} (changed or lack info) ● use xattr to keep metadata with the file ● requires user_xattr on mount ● great ETL, can keep correct file transforms ● does not affect copy/template ‘changed’
#HACK>expand_ansible ● roles: as shared libraries ● plugins: there are more than modules ● callbacks: send events ● notification modules: specific events ● dynamic modules: if you crave abstraction
#HACK>tidy # tidy_expected: [‘conf1.cfg’, conf2.cfg’] - find: paths={{tidy_path}} #/etc/myapp register: existing - file: path={{item.path}} state=absent when: item.path|basename not in tidy_expected with_items: “{{existing.files|default([ ])}}” register: removed - mail: body=“{{removed}}”
#HACK>ansible_events syslog_json callback plugin def __init__(self): self.logger = logging.getLogger('ansible logger') self.logger.setLevel(logging.DEBUG) self.handler = logging.handlers.SysLogHandler( address = (os.getenv('SYSLOG_SERVER','locahost'), os.getenv('SYSLOG_PORT',514)), facility=logging.handlers.SysLogHandler.LOG_USER ) self.logger.addHandler(handler) .... def runner_on_ok(self, host, res): self.logger.info('RUNNER_ON_OK ' + host + ' ' + json.dumps(res, sort_keys=True)) def runner_on_skipped(self, host, item=None): self.logger.info('RUNNER_ON_SKIPPED ' + host)
#HACK>ansible_events osx_say callback plugin def say(msg, voice): subprocess.call([SAY_CMD, msg, "--voice=%s" % (voice)]) def __init__(self): # plugin disable itself if say is not present if not os.path.exists(SAY_CMD): self.disabled = True print "%s does not exist, plugin %s disabled" % (SAY_CMD, os.path.basename(__file__)) … def runner_on_failed(self, host, res, ignore_errors=False): say("Failure on host %s" % host, FAILED_VOICE) def runner_on_ok(self, host, res): say("pew", LASER_VOICE) ________________________________________________ / https://github.com/mpdehaan/ansible-and-juliet / ------------------------------------------------ ,;;;;;;;, ;;;;;;;;;;;, ;;;;;'_____;' ;;;(/))))|(( _;;((((((|)))) / |_ .--~( ~)))))))))))) / `-((((((((((( | | ` ) | /|) | | `. _/ _____/ | | , `~ / | / | `. `| / | ~- ` / ____~._/~ -_, ( |-----| ';; | | :;;;' | / | | | | |
#HACK>executing tasks - action: module: <module name> - action: <module name> - <module name>: ● optionally ‘local_action’ instead of ‘action’ ● module name as a variable {{mymodule}}
#HACK>abstract package - include_vars: “{{ansible_os_distribution|default (‘default’)}}.yml” - name: install apache action: “{{ansible_pkg_mgr}} name={{item}} state=present” with_items: “{{apache_pkgs}}” - template: src: “{{apache_config}}.j2” dest: /etc/{{apache_config}} owner: “{{apache_user}}” group: “{{apache_group}}” notify: “apache_restart”
#HACK>abstract package Redhat.yml --- apache_user: httpd apache_group: httpd apache_config: /etc/httpd/conf/httpd.conf apache_pkgs: - httpd - mod_ssl - php-fpm apache_service: httpd
#HACK>abstract package Debian.yml --- apache_user: www-data apache_group: www-data apache_config: /etc/apache2/httpd.conf apache_pkgs: - apache2-mpm - libapache2-mod-ssl - php5-fpm apache_service: apache2 __________________ / can break apachectl utils / ------------------ .--. |o_o | |:_/ | // (| | ) /'_ _/` ___)=(___/
#THE END>wait 6 && exit ● Ansible was born to play well with Unix ● Roles allow for reuse and sharing ● Plugins are where you code ● Plugins are useful to non programmers. ● callbacks, lookups, filters, etc are also plugins ● Many ways to make Ansible work for you __________ < goodbye! > ---------- ^__^ (oo)_______ (__) )/ ||----w | || ||

Empfohlen

Automating with Ansible
Automating with AnsibleAutomating with Ansible
Automating with AnsibleRicardo Schmidt
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentationJohn Lynch
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentationSuresh Kumar
 
ansible why ?
ansible why ?ansible why ?
ansible why ?Yashar Esmaildokht
 
Ansible - Introduction
Ansible - IntroductionAnsible - Introduction
Ansible - IntroductionStephane Manciot
 
Ansible Introduction
Ansible Introduction Ansible Introduction
Ansible Introduction Robert Reiz
 
Best practices for ansible
Best practices for ansibleBest practices for ansible
Best practices for ansibleGeorge Shuklin
 
Introduction to Ansible
Introduction to AnsibleIntroduction to Ansible
Introduction to AnsibleCoreStack
 

Empfohlen

Automating with Ansible
Automating with AnsibleAutomating with Ansible
Automating with AnsibleRicardo Schmidt
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentationJohn Lynch
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentationSuresh Kumar
 
ansible why ?
ansible why ?ansible why ?
ansible why ?Yashar Esmaildokht
 
Ansible - Introduction
Ansible - IntroductionAnsible - Introduction
Ansible - IntroductionStephane Manciot
 
Ansible Introduction
Ansible Introduction Ansible Introduction
Ansible Introduction Robert Reiz
 
Best practices for ansible
Best practices for ansibleBest practices for ansible
Best practices for ansibleGeorge Shuklin
 
Introduction to Ansible
Introduction to AnsibleIntroduction to Ansible
Introduction to AnsibleCoreStack
 
IT Automation with Ansible
IT Automation with AnsibleIT Automation with Ansible
IT Automation with AnsibleRayed Alrashed
 
DevOps Meetup ansible
DevOps Meetup ansibleDevOps Meetup ansible
DevOps Meetup ansiblesriram_rajan
 
Ansible 101
Ansible 101Ansible 101
Ansible 101Gena Mykhailiuta
 
Ansible
AnsibleAnsible
AnsibleRahul Bajaj
 
Automation with ansible
Automation with ansibleAutomation with ansible
Automation with ansibleKhizer Naeem
 
Ansible
AnsibleAnsible
AnsibleKamil Lelonek
 
Getting started with Ansible
Getting started with AnsibleGetting started with Ansible
Getting started with AnsibleIvan Serdyuk
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentationKumar Y
 
Ansible
AnsibleAnsible
AnsibleKnoldus Inc.
 
Ansible
AnsibleAnsible
AnsibleRaul Leite
 
Introduction to ansible
Introduction to ansibleIntroduction to ansible
Introduction to ansibleOmid Vahdaty
 
Ansible, best practices
Ansible, best practicesAnsible, best practices
Ansible, best practicesBas Meijer
 
DevOps with Ansible
DevOps with AnsibleDevOps with Ansible
DevOps with AnsibleSwapnil Jain
 
Introduction to Ansible
Introduction to AnsibleIntroduction to Ansible
Introduction to AnsibleKnoldus Inc.
 
Ansible - Hands on Training
Ansible - Hands on TrainingAnsible - Hands on Training
Ansible - Hands on TrainingMehmet Ali Aydın
 
02.실전! 시스템 관리자를 위한 Ansible
02.실전! 시스템 관리자를 위한 Ansible02.실전! 시스템 관리자를 위한 Ansible
02.실전! 시스템 관리자를 위한 AnsibleOpennaru, inc.
 
Ansible
AnsibleAnsible
AnsibleVishal Yadav
 
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...Simplilearn
 
Packer by HashiCorp
Packer by HashiCorpPacker by HashiCorp
Packer by HashiCorpŁukasz Cieśluk
 
Introduction to Docker storage, volume and image
Introduction to Docker storage, volume and imageIntroduction to Docker storage, volume and image
Introduction to Docker storage, volume and imageejlp12
 
docker build with Ansible
docker build with Ansibledocker build with Ansible
docker build with AnsibleBas Meijer
 
V2 and beyond
V2 and beyondV2 and beyond
V2 and beyondjimi-c
 

Weitere ähnliche Inhalte

Was ist angesagt?

IT Automation with Ansible
IT Automation with AnsibleIT Automation with Ansible
IT Automation with AnsibleRayed Alrashed
 
DevOps Meetup ansible
DevOps Meetup ansibleDevOps Meetup ansible
DevOps Meetup ansiblesriram_rajan
 
Automation with ansible
Automation with ansibleAutomation with ansible
Automation with ansibleKhizer Naeem
 
Getting started with Ansible
Getting started with AnsibleGetting started with Ansible
Getting started with AnsibleIvan Serdyuk
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentationKumar Y
 
Introduction to ansible
Introduction to ansibleIntroduction to ansible
Introduction to ansibleOmid Vahdaty
 
Ansible, best practices
Ansible, best practicesAnsible, best practices
Ansible, best practicesBas Meijer
 
DevOps with Ansible
DevOps with AnsibleDevOps with Ansible
DevOps with AnsibleSwapnil Jain
 
Introduction to Ansible
Introduction to AnsibleIntroduction to Ansible
Introduction to AnsibleKnoldus Inc.
 
02.실전! 시스템 관리자를 위한 Ansible
02.실전! 시스템 관리자를 위한 Ansible02.실전! 시스템 관리자를 위한 Ansible
02.실전! 시스템 관리자를 위한 AnsibleOpennaru, inc.
 
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...Simplilearn
 
Introduction to Docker storage, volume and image
Introduction to Docker storage, volume and imageIntroduction to Docker storage, volume and image
Introduction to Docker storage, volume and imageejlp12
 

Was ist angesagt? (20)

IT Automation with Ansible
IT Automation with AnsibleIT Automation with Ansible
IT Automation with Ansible
 
DevOps Meetup ansible
DevOps Meetup ansibleDevOps Meetup ansible
DevOps Meetup ansible
 
Ansible 101
Ansible 101Ansible 101
Ansible 101
 
Ansible
AnsibleAnsible
Ansible
 
Automation with ansible
Automation with ansibleAutomation with ansible
Automation with ansible
 
Ansible
AnsibleAnsible
Ansible
 
Getting started with Ansible
Getting started with AnsibleGetting started with Ansible
Getting started with Ansible
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentation
 
Ansible
AnsibleAnsible
Ansible
 
Ansible
AnsibleAnsible
Ansible
 
Introduction to ansible
Introduction to ansibleIntroduction to ansible
Introduction to ansible
 
Ansible, best practices
Ansible, best practicesAnsible, best practices
Ansible, best practices
 
DevOps with Ansible
DevOps with AnsibleDevOps with Ansible
DevOps with Ansible
 
Introduction to Ansible
Introduction to AnsibleIntroduction to Ansible
Introduction to Ansible
 
Ansible - Hands on Training
Ansible - Hands on TrainingAnsible - Hands on Training
Ansible - Hands on Training
 
02.실전! 시스템 관리자를 위한 Ansible
02.실전! 시스템 관리자를 위한 Ansible02.실전! 시스템 관리자를 위한 Ansible
02.실전! 시스템 관리자를 위한 Ansible
 
Ansible
AnsibleAnsible
Ansible
 
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
 
Packer by HashiCorp
Packer by HashiCorpPacker by HashiCorp
Packer by HashiCorp
 
Introduction to Docker storage, volume and image
Introduction to Docker storage, volume and imageIntroduction to Docker storage, volume and image
Introduction to Docker storage, volume and image
 

Andere mochten auch

docker build with Ansible
docker build with Ansibledocker build with Ansible
docker build with AnsibleBas Meijer
 
V2 and beyond
V2 and beyondV2 and beyond
V2 and beyondjimi-c
 
AnsibleBuilding a Docker-ized Microservice In Node, Using Ansible - AnsibleF...
AnsibleBuilding a Docker-ized Microservice In Node, Using Ansible - AnsibleF...AnsibleBuilding a Docker-ized Microservice In Node, Using Ansible - AnsibleF...
AnsibleBuilding a Docker-ized Microservice In Node, Using Ansible - AnsibleF...Irakli Nadareishvili
 
Ansible roles done right
Ansible roles done rightAnsible roles done right
Ansible roles done rightDan Vaida
 
Compliance Automation Workshop
Compliance Automation WorkshopCompliance Automation Workshop
Compliance Automation WorkshopChef
 
Chef Fundamentals Training Series Module 6: Roles, Environments, Community Co...
Chef Fundamentals Training Series Module 6: Roles, Environments, Community Co...Chef Fundamentals Training Series Module 6: Roles, Environments, Community Co...
Chef Fundamentals Training Series Module 6: Roles, Environments, Community Co...Chef Software, Inc.
 
STIG Compliance and Remediation with Ansible
STIG Compliance and Remediation with AnsibleSTIG Compliance and Remediation with Ansible
STIG Compliance and Remediation with AnsibleAnsible
 
Survey: Frozen Yogurt Market in India (2013)
Survey: Frozen Yogurt Market in India (2013)Survey: Frozen Yogurt Market in India (2013)
Survey: Frozen Yogurt Market in India (2013)Chef at Large
 
Chef Delivery
Chef DeliveryChef Delivery
Chef DeliveryChef
 
Chef vs Puppet vs Ansible vs SaltStack | Configuration Management Tools Compa...
Chef vs Puppet vs Ansible vs SaltStack | Configuration Management Tools Compa...Chef vs Puppet vs Ansible vs SaltStack | Configuration Management Tools Compa...
Chef vs Puppet vs Ansible vs SaltStack | Configuration Management Tools Compa...Edureka!
 
Puppet overview
Puppet overviewPuppet overview
Puppet overviewjoshbeard
 
Infrastructure Automation with Chef
Infrastructure Automation with Chef Infrastructure Automation with Chef
Infrastructure Automation with Chef REAN Cloud
 
Introduction to Chef
Introduction to ChefIntroduction to Chef
Introduction to ChefKnoldus Inc.
 
Ansible is the simplest way to automate. MoldCamp, 2015
Ansible is the simplest way to automate. MoldCamp, 2015Ansible is the simplest way to automate. MoldCamp, 2015
Ansible is the simplest way to automate. MoldCamp, 2015Alex S
 
Introduction to puppet
Introduction to puppetIntroduction to puppet
Introduction to puppetHabeeb Rahman
 
3 Steps to Expand DevOps and Automation Throughout the Enterprise
3 Steps to Expand DevOps and Automation Throughout the Enterprise3 Steps to Expand DevOps and Automation Throughout the Enterprise
3 Steps to Expand DevOps and Automation Throughout the EnterprisePuppet
 

Andere mochten auch (19)

docker build with Ansible
docker build with Ansibledocker build with Ansible
docker build with Ansible
 
V2 and beyond
V2 and beyondV2 and beyond
V2 and beyond
 
AnsibleBuilding a Docker-ized Microservice In Node, Using Ansible - AnsibleF...
AnsibleBuilding a Docker-ized Microservice In Node, Using Ansible - AnsibleF...AnsibleBuilding a Docker-ized Microservice In Node, Using Ansible - AnsibleF...
AnsibleBuilding a Docker-ized Microservice In Node, Using Ansible - AnsibleF...
 
Ansible roles done right
Ansible roles done rightAnsible roles done right
Ansible roles done right
 
Cyansible
CyansibleCyansible
Cyansible
 
Compliance Automation Workshop
Compliance Automation WorkshopCompliance Automation Workshop
Compliance Automation Workshop
 
Chef Fundamentals Training Series Module 6: Roles, Environments, Community Co...
Chef Fundamentals Training Series Module 6: Roles, Environments, Community Co...Chef Fundamentals Training Series Module 6: Roles, Environments, Community Co...
Chef Fundamentals Training Series Module 6: Roles, Environments, Community Co...
 
STIG Compliance and Remediation with Ansible
STIG Compliance and Remediation with AnsibleSTIG Compliance and Remediation with Ansible
STIG Compliance and Remediation with Ansible
 
Survey: Frozen Yogurt Market in India (2013)
Survey: Frozen Yogurt Market in India (2013)Survey: Frozen Yogurt Market in India (2013)
Survey: Frozen Yogurt Market in India (2013)
 
Chef Delivery
Chef DeliveryChef Delivery
Chef Delivery
 
Chef vs Puppet vs Ansible vs SaltStack | Configuration Management Tools Compa...
Chef vs Puppet vs Ansible vs SaltStack | Configuration Management Tools Compa...Chef vs Puppet vs Ansible vs SaltStack | Configuration Management Tools Compa...
Chef vs Puppet vs Ansible vs SaltStack | Configuration Management Tools Compa...
 
Introduction to chef
Introduction to chefIntroduction to chef
Introduction to chef
 
Puppets
PuppetsPuppets
Puppets
 
Puppet overview
Puppet overviewPuppet overview
Puppet overview
 
Infrastructure Automation with Chef
Infrastructure Automation with Chef Infrastructure Automation with Chef
Infrastructure Automation with Chef
 
Introduction to Chef
Introduction to ChefIntroduction to Chef
Introduction to Chef
 
Ansible is the simplest way to automate. MoldCamp, 2015
Ansible is the simplest way to automate. MoldCamp, 2015Ansible is the simplest way to automate. MoldCamp, 2015
Ansible is the simplest way to automate. MoldCamp, 2015
 
Introduction to puppet
Introduction to puppetIntroduction to puppet
Introduction to puppet
 
3 Steps to Expand DevOps and Automation Throughout the Enterprise
3 Steps to Expand DevOps and Automation Throughout the Enterprise3 Steps to Expand DevOps and Automation Throughout the Enterprise
3 Steps to Expand DevOps and Automation Throughout the Enterprise
 

Ähnlich wie Ansible tips & tricks

Hacking ansible
Hacking ansibleHacking ansible
Hacking ansiblebcoca
 
Ansible - Swiss Army Knife Orchestration
Ansible - Swiss Army Knife OrchestrationAnsible - Swiss Army Knife Orchestration
Ansible - Swiss Army Knife Orchestrationbcoca
 
Burn down the silos! Helping dev and ops gel on high availability websites
Burn down the silos! Helping dev and ops gel on high availability websitesBurn down the silos! Helping dev and ops gel on high availability websites
Burn down the silos! Helping dev and ops gel on high availability websitesLindsay Holmwood
 
Automation with Ansible and Containers
Automation with Ansible and ContainersAutomation with Ansible and Containers
Automation with Ansible and ContainersRodolfo Carvalho
 
Lean Php Presentation
Lean Php PresentationLean Php Presentation
Lean Php PresentationAlan Pinstein
 
Practical Chef and Capistrano for Your Rails App
Practical Chef and Capistrano for Your Rails AppPractical Chef and Capistrano for Your Rails App
Practical Chef and Capistrano for Your Rails AppSmartLogic
 
Puppet atbazaarvoice
Puppet atbazaarvoicePuppet atbazaarvoice
Puppet atbazaarvoiceDave Barcelo
 
A General Purpose Docker Image for PHP
A General Purpose Docker Image for PHPA General Purpose Docker Image for PHP
A General Purpose Docker Image for PHPRobert Lemke
 
Modern tooling to assist with developing applications on FreeBSD
Modern tooling to assist with developing applications on FreeBSDModern tooling to assist with developing applications on FreeBSD
Modern tooling to assist with developing applications on FreeBSDSean Chittenden
 
Virtualization and automation of library software/machines + Puppet
Virtualization and automation of library software/machines + PuppetVirtualization and automation of library software/machines + Puppet
Virtualization and automation of library software/machines + PuppetOmar Reygaert
 
Javascript is your (Auto)mate
Javascript is your (Auto)mateJavascript is your (Auto)mate
Javascript is your (Auto)mateCodemotion
 
Vagrant for real
Vagrant for realVagrant for real
Vagrant for realCodemotion
 
Vagrant for real (codemotion rome 2016)
Vagrant for real (codemotion rome 2016)Vagrant for real (codemotion rome 2016)
Vagrant for real (codemotion rome 2016)Michele Orselli
 
More tips n tricks
More tips n tricksMore tips n tricks
More tips n tricksbcoca
 
Railsconf2011 deployment tips_for_slideshare
Railsconf2011 deployment tips_for_slideshareRailsconf2011 deployment tips_for_slideshare
Railsconf2011 deployment tips_for_slidesharetomcopeland
 

Ähnlich wie Ansible tips & tricks (20)

Hacking ansible
Hacking ansibleHacking ansible
Hacking ansible
 
Ansible - Swiss Army Knife Orchestration
Ansible - Swiss Army Knife OrchestrationAnsible - Swiss Army Knife Orchestration
Ansible - Swiss Army Knife Orchestration
 
Burn down the silos! Helping dev and ops gel on high availability websites
Burn down the silos! Helping dev and ops gel on high availability websitesBurn down the silos! Helping dev and ops gel on high availability websites
Burn down the silos! Helping dev and ops gel on high availability websites
 
Automation with Ansible and Containers
Automation with Ansible and ContainersAutomation with Ansible and Containers
Automation with Ansible and Containers
 
Lean Php Presentation
Lean Php PresentationLean Php Presentation
Lean Php Presentation
 
Vagrant for real
Vagrant for realVagrant for real
Vagrant for real
 
Practical Chef and Capistrano for Your Rails App
Practical Chef and Capistrano for Your Rails AppPractical Chef and Capistrano for Your Rails App
Practical Chef and Capistrano for Your Rails App
 
Puppet atbazaarvoice
Puppet atbazaarvoicePuppet atbazaarvoice
Puppet atbazaarvoice
 
Mojolicious
MojoliciousMojolicious
Mojolicious
 
A General Purpose Docker Image for PHP
A General Purpose Docker Image for PHPA General Purpose Docker Image for PHP
A General Purpose Docker Image for PHP
 
Modern tooling to assist with developing applications on FreeBSD
Modern tooling to assist with developing applications on FreeBSDModern tooling to assist with developing applications on FreeBSD
Modern tooling to assist with developing applications on FreeBSD
 
Virtualization and automation of library software/machines + Puppet
Virtualization and automation of library software/machines + PuppetVirtualization and automation of library software/machines + Puppet
Virtualization and automation of library software/machines + Puppet
 
infra-as-code
infra-as-codeinfra-as-code
infra-as-code
 
Javascript is your (Auto)mate
Javascript is your (Auto)mateJavascript is your (Auto)mate
Javascript is your (Auto)mate
 
Vagrant for real
Vagrant for realVagrant for real
Vagrant for real
 
Vagrant for real (codemotion rome 2016)
Vagrant for real (codemotion rome 2016)Vagrant for real (codemotion rome 2016)
Vagrant for real (codemotion rome 2016)
 
Ansible 2.0 spblug
Ansible 2.0 spblugAnsible 2.0 spblug
Ansible 2.0 spblug
 
More tips n tricks
More tips n tricksMore tips n tricks
More tips n tricks
 
Railsconf2011 deployment tips_for_slideshare
Railsconf2011 deployment tips_for_slideshareRailsconf2011 deployment tips_for_slideshare
Railsconf2011 deployment tips_for_slideshare
 
EC2
EC2EC2
EC2
 

Kürzlich hochgeladen

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 

Kürzlich hochgeladen (20)

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 

Ansible tips & tricks

  • 1. Tips & Tricks Not your usual usage Ansible Fest NYC 2015
  • 2. #>whoami ● currently: ansible core team member (bcoca) ● helpdesk/application support ● programmer/analyst/software engineer ● QA, systems & network administrator ● release manager, DBA, information security, ● “Tech Janitor”
  • 3. #>apropos ansible ● Configuration management ● Release management ● Automation framework ● Orchestration system ● Distributed batch executor ____________________ / It runs a TASK * x on a HOST * x / -------------------- ^__^ (oo)_______ (__) )/ ||----w | || ||
  • 4. #LIVE>multiply_shell ● allows you to reuse your shell magic ● must be non interactive ● plays well with traditional unix tools ● just multiply by ### hosts ● requires some work for nicer outputs ● -t == json file database per host
  • 5. #LIVE>ansible_shell #>ansible webs -m shell -a "awk '{print $9}' /var/log/nginx/access.log|sort |uniq -c |sort -k1,1nr 2>/dev/null|column -t" web1 | success | rc=0 >> 204417 200 48108 304 8550 302 6541 301 1696 404 269 206 web2 | success | rc=0 >> 205807 200 43762 304 ...
  • 6. #LIVE>procmail -- procmail :0 #send back http code live report * ^From.*@example.com * ^Subject:.*500 report |ansible-playbook ~/plays/report.yml --- #report.yml … - shell: "awk '{print $9}' … register: report - mail: to={{lookup(‘env’,’FROM’)}} body={{report}} … ______________ < you got mail > -------------- , , /( )` ___ / | /- _ `-/ ' (// / / / | ` O O ) / | `-^--'`< ' (_.) _ ) / `.___/` / `-----' / <----. __ / __ <----|====O)))==) ) /==== <----' `--' `.__,' | | / ______( (_ / ______ ,' ,-----' | `--{__________) /
  • 7. #UTIL>small_scripts ● tries not to be a programming language ● but … sometimes its very useful as such ● plays can wrap existing roles/task lists ● vars_prompt/pause allow for interactivity ● -e “var=val” for completely batch ● -e @file.json: you can use json data files
  • 8. #UTIL>/sbin/departed #!/usr/bin/ansible-playbook --- - name: Ensure only valid users hosts: all gather_facts: False sudo: True vars_files: #departed: [ alan, bcoca, isaac, mathew, willy ] - /etc/departed_users.yml tasks: - name: Delete departed user and all it’s files user: name={{item}} state=absent remove=yes with_items: “{{departed}}”
  • 9. #UTIL>/bin/release_apps #!/usr/bin/ansible-playbook - hosts: localhost vars_prompt: - name: app_name prompt: “Which app do you want to deploy?” - name: app_version prompt: “Choose version/tag (default HEAD)” default: ‘HEAD’ tasks: - git: repo=git@myreposerver/{{app_version}} version={{app_version}} ... ... - hosts: app_servers serial: 1 tasks: - pause: "are you sure you want to stop all services?" - name: shush nagios nagios: action=silence host={{inventory_hostname}} delegate_to: {{monitor}} - name: nginx graceful stop service: name=nginx state=stopped - name: stop uwsgi service name=uwsgi state=stopped … ... ______________________ / for reusability, use includes and roles / ---------------------- __ UooU.'@@@@@@`. __/(@@@@@@@@@@) (@@@@@@@@) `YY~~~~YY' || ||
  • 10. #QA>verify ● The same way I do things , I can check them ● Gentle learning curve for your test creator ● Checks don’t normally need root ● check_mode and diff_mode ● assert/fail, no need to read the output!
  • 11. #QA>check_server - hosts: app_server tasks: - users: name=appuser state=present name: verify that app user is present - file: path=/to/app/dir owner=appuser mode=0700 name: check that app dir has proper permissions - service: name={{item}} state=started name: check that services are running with_items: [‘nginx’, ‘uwsgi’] - postgres_user: name=dbapp1 password=secretrole_attr_flags=NOSUPERUSER name: check app user is accessible via app server ____________________________________ / or if your playbook is idempotent, just run it again Sam! / ------------------------------------ / ( ) .( o ).
  • 12. #QA>check_app - hosts: app_servers tasks: - stat: path=/var/run/tomcat/webapps/myapp.jar register: jar - assert: that: - jar.checksum == lookup(‘consul_kv’,‘myapp_csum’) - stat: path=/var/run/app2.pid - wait_for: port=8080 - uri: return_content=’app1 OK’
  • 13. #AUDIT>verify --- qa? ● The same way I do, I can check ● Gentle learning curve for your auditor ● Checks don’t normally need root ● check_mode and diff_mode
  • 14. #AUDIT>check_firewall # verify firewall after manual config - wait_for: port: “{{item}}” host: prod.example.com delegate_to: outside.host.com with_items: [‘80, ‘443’] - wait_for: port={{item}} host=prod.example.com delegate_to: outside.host.com failed_when: not left_door_open|failed register: left_door_open when: item not in [‘80’, ‘443’] with_sequence: start=1 end=1024 ______________ < or call nmap > -------------- ___ {~._.~} ( Y ) ()~*~() (_)-(_)
  • 15. #AUDIT>check_file_changes # from vars today_file: checks/{{inventory_hostname}}/{{today}}.txt - find: paths=/etc recurse=Y size=1 age=1d registered: fchanged - assert: that: - fchanged|length == 0 - assert: that: - item.checksum == lookup(‘pipe’, ‘grep ‘ + item + ‘ /checks/latest| cut -f2’) with_items: “{{fchanged}}” - local_action: template src=checksums.j2 dest={{today_file}} - local_action: file src={{today_file}} path=/checks/latest state=link ______________________ / Just until you setup aide|osiris|tripwire / ---------------------- /_)o< | | O . O| _____/
  • 16. #AUDIT>facts_drift ● set fact caching to use jsonfile ● make git repo or checkout in cache dir ● set incron to commit when file changes ● now git log shows facts change over time ● filter out time facts (or not) ● … so ... tower will do this for me?
  • 17. #AUDIT>file_changes_xattr ● {{ansible_managed}} (changed or lack info) ● use xattr to keep metadata with the file ● requires user_xattr on mount ● great ETL, can keep correct file transforms ● does not affect copy/template ‘changed’
  • 18. #HACK>expand_ansible ● roles: as shared libraries ● plugins: there are more than modules ● callbacks: send events ● notification modules: specific events ● dynamic modules: if you crave abstraction
  • 19. #HACK>tidy # tidy_expected: [‘conf1.cfg’, conf2.cfg’] - find: paths={{tidy_path}} #/etc/myapp register: existing - file: path={{item.path}} state=absent when: item.path|basename not in tidy_expected with_items: “{{existing.files|default([ ])}}” register: removed - mail: body=“{{removed}}”
  • 20. #HACK>ansible_events syslog_json callback plugin def __init__(self): self.logger = logging.getLogger('ansible logger') self.logger.setLevel(logging.DEBUG) self.handler = logging.handlers.SysLogHandler( address = (os.getenv('SYSLOG_SERVER','locahost'), os.getenv('SYSLOG_PORT',514)), facility=logging.handlers.SysLogHandler.LOG_USER ) self.logger.addHandler(handler) .... def runner_on_ok(self, host, res): self.logger.info('RUNNER_ON_OK ' + host + ' ' + json.dumps(res, sort_keys=True)) def runner_on_skipped(self, host, item=None): self.logger.info('RUNNER_ON_SKIPPED ' + host)
  • 21. #HACK>ansible_events osx_say callback plugin def say(msg, voice): subprocess.call([SAY_CMD, msg, "--voice=%s" % (voice)]) def __init__(self): # plugin disable itself if say is not present if not os.path.exists(SAY_CMD): self.disabled = True print "%s does not exist, plugin %s disabled" % (SAY_CMD, os.path.basename(__file__)) … def runner_on_failed(self, host, res, ignore_errors=False): say("Failure on host %s" % host, FAILED_VOICE) def runner_on_ok(self, host, res): say("pew", LASER_VOICE) ________________________________________________ / https://github.com/mpdehaan/ansible-and-juliet / ------------------------------------------------ ,;;;;;;;, ;;;;;;;;;;;, ;;;;;'_____;' ;;;(/))))|(( _;;((((((|)))) / |_ .--~( ~)))))))))))) / `-((((((((((( | | ` ) | /|) | | `. _/ _____/ | | , `~ / | / | `. `| / | ~- ` / ____~._/~ -_, ( |-----| ';; | | :;;;' | / | | | | |
  • 22. #HACK>executing tasks - action: module: <module name> - action: <module name> - <module name>: ● optionally ‘local_action’ instead of ‘action’ ● module name as a variable {{mymodule}}
  • 23. #HACK>abstract package - include_vars: “{{ansible_os_distribution|default (‘default’)}}.yml” - name: install apache action: “{{ansible_pkg_mgr}} name={{item}} state=present” with_items: “{{apache_pkgs}}” - template: src: “{{apache_config}}.j2” dest: /etc/{{apache_config}} owner: “{{apache_user}}” group: “{{apache_group}}” notify: “apache_restart”
  • 24. #HACK>abstract package Redhat.yml --- apache_user: httpd apache_group: httpd apache_config: /etc/httpd/conf/httpd.conf apache_pkgs: - httpd - mod_ssl - php-fpm apache_service: httpd
  • 25. #HACK>abstract package Debian.yml --- apache_user: www-data apache_group: www-data apache_config: /etc/apache2/httpd.conf apache_pkgs: - apache2-mpm - libapache2-mod-ssl - php5-fpm apache_service: apache2 __________________ / can break apachectl utils / ------------------ .--. |o_o | |:_/ | // (| | ) /'_ _/` ___)=(___/
  • 26. #THE END>wait 6 && exit ● Ansible was born to play well with Unix ● Roles allow for reuse and sharing ● Plugins are where you code ● Plugins are useful to non programmers. ● callbacks, lookups, filters, etc are also plugins ● Many ways to make Ansible work for you __________ < goodbye! > ---------- ^__^ (oo)_______ (__) )/ ||----w | || ||