Presented at All Things Open, Raleigh NC, October 2014. Why do people love Ansible for automation? Good question! We walked through several Ansible use cases.
14. About BinckBank
Based in Amsterdam, NL
Largest Dutch online discount broker
590 employees
760,000+ accounts
600 UNIX servers
Mark Maas, UNIX/Linux System Administrator
16. We have 600 UNIX servers in house. We have a lot of specialty
environments that we need to create while at the same time
managing our production environment.
17. Our problem was complexity in the datacenter. We wanted
automation but we also wanted simplicity and to not have to send
people to training in order to use the product.
21. Ansible is quite fun to use right away-—as soon as you write five
lines of code it works.
22. With SSH and Ansible I can send commands to 500 servers
without having even used the servers before.
23. We are completely focused on automating as much as possible in
our datacenter and going beyond Unix to create more stuff for
more people to do be able to do more.
25. Recently I purchased a license for Ansible Tower. I would like to
give non-technical users access to it and open up the technical
side to people who have no idea what I am talking about. With
Tower, my Linux guys can access our templates without having to
do any coding. Tower opens up Ansible to the rest of company.
27. About HootSuite
Based in Vancouver, BC, Canada
Social media management
~400 employees
Over 8 million users
75% of Fortune 500 uses HootSuite
Beier Cai, Director of Technology
31. Lack of repeatability makes automating our infrastructure and
application deployment difficult.
32. There was one time we had to spend over a month of an
engineer’s time to rebuild a server that had lived for 2 years with
random config changes by ops engineers along the way, with
limited documentation.
34. We had limited experience with Puppet, but didn’t quite like it
because 1) it needs agents, and we don’t like agents; and 2) we
favor immutability over snowflake factory for infrastructure
management.
36. Ops and devs both feel safer, literally. Before they were always
worried about ‘what if the server dies’. They aren’t worried about
this anymore after all servers are properly ‘Ansiblized’.
37. With the help of Vagrant we can test server builds locally as
many times as we want until it works, instead of testing it on EC2
cloud which is remote and always slow.
38. Increase our bus factor from 1 to infinite! Before, only 1 or 2
people know how a server was built from the beginning. With
Ansible, storing playbooks in source control gives everyone the
ability to rebuild the server at any time.
40. We want to build out "Devops" into HootSuite, and our vision is
"Software Engineers are engaged in the entire cycle of designing,
implementing, deploying and maintaining their software across
all environments".
43. About NASA WESTprime
WESTPrime == Web Enterprise Service Technologies prime
Blanket purchase agreement funded by NASA
Contracted to InfoZen Inc., a cloud broker and integrator
based in Rockville, MD
InfoZen responsible for entire cloud migration for all NASA
web assets
Jonathan Davila, Senior DevOps Lead, InfoZen
47. WESTPrime’s initial focus was to move roughly 65 applications
off the old data center as quickly as possible in a seemingly
impossible timeline.
48. All of a sudden we had an environment spanning multiple VPCs
and AWS accounts with no way of centrally managing it.
49. We were faced with a very ugly scenario where even simple
things like ensuring every SysAdmin had access to every server,
or simple patching were extremely burdensome.
51. Previously, NASA WESTPrime was using a lot of shell scripts.
There was a lot of "manually ssh-in-and-do-x" type of work being
done.
52. We then created a demo day in which we invited the automation
players to demonstrate the enterprise flavors of their product.
53. After quite a long day of deep level demos and Q&A, and a week
of analysis with the technical team we decided unanimously that
Ansible was the best fit for us.
54. Why?
No agents
Very small learning curve (a day or less!)
Non-technical staff can read a play and know what's happening
Native use of SSH
The most active open source community among its
competitors
56. NASA web app servers are being patched routinely and
automatically through Tower with a very simple 10-line Ansible
playbook.
57. Every single week www.nasa.gov is updated via Ansible,
generally only taking about 5 minutes to do, including the mobile
version of nasa.gov.
58. Because of Ansible we are able to organize our inventory of AWS
resources in a very granular way that was not at all possible
before.
59. One time we faced some strict deadlines for monitoring and we
didn’t have time to deploy Nagios agents (due to lengthy approval
workflows in place) to monitor RAM and CPU. So what did we
do? We did a very simple hack to be able to monitor CPU and
RAM with Ansible in near real-time (no agent required!).
60. Ansible was leveraged to remediate both OpenSSL issues this
year in ridiculous time (leadership was blown away).
61. It is also used to ensure our environment is compliant with
necessary Federal security standards as outlined by FedRAMP
and other regulatory requirements.
62. There is a level of comfort and confidence that Ansible has been
able to provide that simply was not there before.
64. We are working on moving many applications into cycles of
Continuous Integration and Deployment, which will be
leveraging Ansible as the conductor of these architectures.
65. The moment 1.7 is released, Ansible will be used to manage our
stack of Windows servers and do the same magic we've been
doing with Linux.
66. The end goal will be for our sysadmins to only need to
SSH/WINRM into servers manually for troubleshooting. All
server changes will eventually happen exclusively through
Ansible (and the occasional CloudFormation tempate).
68. Adam Werewolf (@adamwwolf)
I use @ansible to do just about everything. If you say "I don't have
time to set it up" you're who it's for--you don't have time *not* to.
11:20 AM - 21 Oct 2014
https://twitter.com/adamwwolf/status/524626206470053889