Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Upcoming SlideShare
What to Upload to SlideShare
What to Upload to SlideShare
Loading in …3
×
1 of 67

February OpenNTF Webinar: Introduction to Ansible for Newbies

1

Share

Download to read offline

This talk is for Domino admins and developers who would like to learn Ansible basics. Ansible is an automation engine to automate deployments. HCL provides a set of Ansible playbooks and roles to deploy a complete HCL Connections 7 environment. Come learn what Ansible is and why you should use it in this webinar.

The speaker will be:
Christoph Stoettener, HCL Ambassador

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

February OpenNTF Webinar: Introduction to Ansible for Newbies

  1. 1. OPENNTF WEBINARS February OpenNTF Webinar: Introduction to Ansible for Newbies
  2. 2. AGENDA • Welcome – Howard Greenberg and Graham Acres • Christoph Stoettener, HCL Ambassador • Q and A - All
  3. 3. ASKING QUESTIONS • First Question – Will this be recorded? • Yes, view on YouTube!!! • https://www.youtube.com/user/OpenNTF • Use the Questions Pane in GoToWebinar • We will get to your questions at the end of the webinar • The speakers will respond to your questions verbally • (not in the Questions pane) • Please keep all questions related to the topics that our speakers are discussing!!! • Unrelated Question => post at: • http://openntf.slack.com/
  4. 4. THANKS TO THE OPENNTF SPONSORS • HCL made a significant contribution to help our organization • Funds these webinars! • Contests like Hackathons • Running the organization • Prominic donates all IT related services • Cloud Hosting for OpenNTF • Infrastructure management for HCL Domino and Atlassian Servers • System Administration for day-to-day operation
  5. 5. THIS IS OUR COMMUNITY • Join us and get involved! • We are all volunteers • No effort is too small • If your idea is bigger than you can do on your own, we can connect you to a team to work on it • Test or help or modify an existing project • Write guides or documentation • Add reviews on projects / stars on Snippets
  6. 6. NEXT WEBINAR • March OpenNTF Webinar: Nomad Mobile - Tips and Tricks • For Domino developers who would like to optimize their apps for Nomad. • Thomas Hampel, HCL • Maxx Sutton, HCL • Theo Heselmans, HCL Lifetime Ambassador • Tom Van Aken, HCL Ambassador • Thursday, March 18, 2021 at 11:00 AM (New York time) • www.openntf.org/webinars
  7. 7. INTRODUCTION TO ANSIBLE FOR NEWBIES Christoph Stoettner <stoeps@vegardit.com> OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 1 / 60
  8. 8. WHO AM I? Christoph Stoettner Senior Consultant @Vegard IT Focusing on HCL Connections deployments and migrations Ansible since 2017 — Social Connections 12 [1]  Example code on 1. github.com/stoeps13/ansible-examples share.stoeps.de/2017-10-16-ansible4connections.pdf OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 2 / 60
  9. 9. HANDCRAFTED SERVERS Hard to maintain Setups are not reproducible Complicated vendor documentation Inhouse documentation outdated OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 3 / 60
  10. 10. IMMUTABLE VERSUS MUTABLE SERVER Mutable infrastructure just gets updates Software 6.0 → + I x 1 + I x 2 + I x 3 In production 6.0 → i x 3 Result will be different Immutable creates a new environment with 6.0.x Migrates data after testing OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 4 / 60
  11. 11. SNOWFLAKE SERVERS Special tweaks or versions needed for proper function Exception of your standards Dif cult to reproduce Fragile if they need a change OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 5 / 60
  12. 12. TEST ENVIRONMENTS twitter.com/stahnma/status/634849376343429120 OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 6 / 60
  13. 13. WHY ARE DEDICATED TESTENVIRONMENTS IMPORTANT? Reliable testing can give you con dence during live migration Applying Fix 3 over Fix 2 over Fix 1 often different from Fix3 over Fix1 Use the same scripts to build development, test or production systems Handcrafted is always different from production OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 7 / 60
  14. 14. ADVANTAGES Developer Build a development environment which is compareable to production Adminstrator Build a test environment to go through a migration OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 8 / 60
  15. 15. BE AS PRECISE AS POSSIBLE Avoid different hostnames Production: example.com Test: test.example.com Better: example.com example-test.com OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 9 / 60
  16. 16. HOW CAN WE SOLVE THIS? Deployment and Application development should follow a fully automated approach Avoid Snow akes Easier to have a full clone of production as test environment Reducing production bugs caused by con guration differences OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 10 / 60
  17. 17. AUTOMATE DEPLOYMENTS AND CONFIGURATION CHANGES Large ecosystem of tools to do automatic deployments Puppet Chef Saltstack Ansible Wikipedia OSS Con guration Management puppet.com www.chef.io saltstack.com ansible.com OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 11 / 60
  18. 18. ANSIBLE Written in Python Encryption and Security built in Easy to read (Everything is YAML) Easy to use (Extensible via modules) Uses SSH YAML Tool Kit OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 12 / 60
  19. 19. ANSIBLE HISTORY Created by AnsibleWorks Inc, acquired by Red Hat in 2015 Initial release: 20. February 2012 Stable release: 2.10.6 3.0.0 announced for the 16th of February (two days ago) OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 13 / 60
  20. 20. A VERY IMPORTANT TERM: IDEMPOTENCY  Mathematics denoting an element of a set which is unchanged in value when multiplied or otherwise operated on by itself OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 14 / 60
  21. 21. IDEMPOTENCY — EXAMPLE Add entry to hosts Don’t add when present Change if different Restart services only when changes were made Not idempotent Idempotent echo "192.168.1.1 cnx-websphere.example.com" >> /etc/hosts grep -qxF '192.168.1.1 cnx-websphere.example.com' /etc/hosts || echo "192.168.1.1 cnx-websphere.example.com" >> /etc/hosts OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 15 / 60
  22. 22. WHAT IS ANSIBLE? Helps automating tasks during installation and migration Secure (SSH) Open (tons of free playbooks) Well documented OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 16 / 60
  23. 23. WHAT IS ANSIBLE NOT? A GUI Tool (Get used to console!)[1] A one click installer 1. Ansible Tower and AWX are browser tools OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 17 / 60
  24. 24. ANSIBLE INSTALLATION pip install ansible on the machine you want to run it Newer version than distribution package Needs internet connection targets need at least ssh and python installed OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 18 / 60
  25. 25. WINDOWS AND ANSIBLE Ansible "server" needs Linux (but works with WSL) Windows support through Windows Remote Shell (WinRM) SSH OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 19 / 60
  26. 26. INVENTORY INI OR YAML FORMAT [leafs] leaf01.example.com leaf02.example.com [spines] spine01.example.com spine02.example.com [network:children] leafs spines --- leafs: hosts: leaf01.example.com: leaf02.example.com: spines: hosts: spine01.example.com: spine02.example.com: network: children: leafs: spines: OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 20 / 60
  27. 27. VARIABLES IN INVENTORIES [leafs] leaf01.example.com leaf02.example.com [leafs:vars] username=abc --- leafs: hosts: leaf01: leaf02: vars: username: abc OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 21 / 60
  28. 28. VARIABLES Lots of places to de ne Presedence important for large environments  no hyphens in variable names! Allowed variable Not allowed variable ldap_user: abc ldap-user: abc docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 22 / 60
  29. 29. PLAYBOOK Run commands (so called tasks) on your inventory servers Select servers or server groups Roles Tasks Handlers OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 23 / 60
  30. 30. TASKS Lots of modules built-in Package install Copy and Edit les Create les and folders (directly and with templates) Manage services Command Shell Sudo aware Become: true Become_user: xyz OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 24 / 60
  31. 31. TASKS FOR DIFFERENT OS 1 or use yum 2 valid terms are Redhat | Darwin | Debian | Windows 3 or use apt 4 check OS family (Debian) or distribution ... tasks: - name: Install mkpasswd package: name: whois state: present when: ansible_os_family == "Redhat" - name: Install mkpasswd package: name: expect state: present when: ansible_distribution == "Ubuntu" 1 2 3 4 OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 25 / 60
  32. 32. EXAMPLE (BUILD AN ANSIBLE ROLE) Most products of IBM or HCL need disabled SELinux during installation So let’s disable SELinux on a host Additional steps will be Con gure limits.conf Reboot after changes Create a user Install packages with yum All example les can be found at Branches named for the steps github.com/stoeps13/ansible-examples OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 26 / 60
  33. 33. DISABLE SELINUX (INVENTORY) inventory 1 if hostname is resolvable that is enough Sometimes you need to add IP or SSH Port! For example [websphere_servers] cnx-was.stoeps.internal 1 [websphere_servers] cnx-was.stoeps.internal ansible_host=10.0.11.101 ansible_port=2222 OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 27 / 60
  34. 34. SET SELINUX TO permissive playbook.yml 1 Run this tasks on this server group 2 Use sudo to execute command 3 sudo to user root 4 tasks (one or multiple tasks) 5 use module selinux 6 policy and state are arguments / parameters for module selinux --- - hosts: websphere_servers become: yes become_user: root tasks: - name: ensure selinux is set to permissive selinux: policy: targeted state: permissive 1 2 3 4 5 6 OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 28 / 60
  35. 35. Ansible Workshop - step1 Ansible Workshop - step1 Watch later Watch later Share Share 0:00 0:00 / / 0:35 0:35 youtu.be/g8OvWIcmNgU OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 29 / 60
  36. 36. DISPLAY A MESSAGE playbook.yml 1 register a variable to keep the status of this task 2 run only when the task had status changed --- - hosts: websphere_servers become: yes become_user: root tasks: - name: ensure selinux is set to permissive selinux: policy: targeted state: permissive register: selinux_status - debug: msg: "SELinux changed. Please reboot the server to apply changes" when: selinux_status.changed == true 1 2 OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 30 / 60
  37. 37. Ansible Workshop - step2 Ansible Workshop - step2 Watch later Watch later Share Share 0:00 0:00 / / 0:12 0:12 youtu.be/HPFuliVmtBE OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 31 / 60
  38. 38. RUN REBOOT AS A TASK playbook.yml 1 imagine multiple tasks, you’ll end up with tons of variables and complicated when clauses --- - hosts: websphere_servers become: yes become_user: root tasks: - name: ensure selinux is set to permissive selinux: policy: targeted state: permissive register: selinux_status - name: reboot reboot: msg: "Reboot initiated from Ansible" connect_timeout: 30 reboot_timeout: 120 test_command: whoami when: selinux_status.changed == true 1 OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 32 / 60
  39. 39. Ansible Workshop - step3 Ansible Workshop - step3 Watch later Watch later Share Share 0:00 0:00 / / 0:25 0:25 youtu.be/JeeZMPitUs4 OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 33 / 60
  40. 40. HANDLER No need to register a variable Just notify the handler (runs only when task status has changed) 1 Notify the handler that status has changed hosts: websphere_servers become: yes become_user: root tasks: - name: ensure selinux is set to permissive selinux: policy: targeted state: permissive notify: reboot handlers: - name: reboot reboot: msg: "Reboot initiated from Ansible" connect_timeout: 30 reboot_timeout: 120 test_command: whoami 1 OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 34 / 60
  41. 41. Ansible Workshop - step4 Ansible Workshop - step4 Watch later Watch later Share Share 0:00 0:00 / / 0:29 0:29 youtu.be/OLmGwdNncUM OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 35 / 60
  42. 42. ADD MORE TASKS 1 Reuse the same handler as before (one task must be status changed for a reboot) --- - hosts: websphere_servers become: yes become_user: root tasks: - name: ensure selinux is set to permissive selinux: policy: targeted state: permissive notify: reboot - name: set number of open files in limits.conf pam_limits: domain: root limit_type: '-' limit_item: nofile value: "65535" notify: reboot handlers: - name: reboot reboot: msg: "Reboot initiated from Ansible" connect_timeout: 30 reboot_timeout: 120 test_command: whoami 1 OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 36 / 60
  43. 43. Ansible Workshop - step5 Ansible Workshop - step5 Watch later Watch later Share Share 0:00 0:00 / / 0:53 0:53 youtu.be/ya5TXDRSsHk OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 37 / 60
  44. 44. INSTALL A PACKAGE 1 flush_handler initiates the handler to run if needed, normally it runs on the end of the role/playbook --- - hosts: websphere_servers become: yes become_user: root tasks: - name: ensure selinux is set to permissive selinux: policy: targeted state: permissive notify: reboot - name: Reboot if necessary meta: flush_handlers - name: install compatibility package for installation manager package: name: compat-libstdc++-33.x86_64 state: present handlers: - name: reboot reboot: msg: "Reboot initiated from Ansible" connect_timeout: 30 reboot_timeout: 120 test_command: whoami 1 OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 38 / 60
  45. 45. Ansible Workshop - step6a Ansible Workshop - step6a Watch later Watch later Share Share 0:00 0:00 / / 0:29 0:29 youtu.be/HO1dkKlzQd0 OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 39 / 60
  46. 46. REMOVED flush_handlers Ansible Workshop - step6c Ansible Workshop - step6c Watch later Watch later Share Share 0:00 0:00 / / 0:24 0:24 youtu.be/B4b0LZAhl9c OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 40 / 60
  47. 47. INSTALL MULTIPLE PACKAGES 1 placeholder variable 2 all items will be installed - name: install compatibility packages for installation manager package: name: "{{ item }}" state: present with_items: - compat-libstdc++-33.x86_64 - compat-libstdc++-33.i686 - libstdc++.x86_64 1 2 OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 41 / 60
  48. 48. Ansible Workshop - step7 Ansible Workshop - step7 Watch later Watch later Share Share 0:00 0:00 / / 2:06 2:06 youtu.be/DhGghnYgG0k OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 42 / 60
  49. 49. ADD ADDITIONAL SERVERS 1 Add a second server group 2 Add children of the servergroups to installationmanager [websphere_servers] cnx-was.stoeps.internal ansible_host=10.0.11.100 [web_servers] cnx-web.stoeps.internal ansible_host=10.0.11.101 [installationmanager:children] web_servers websphere_servers 1 2 OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 43 / 60
  50. 50. ADD SECOND HOSTGROUP 1 tasks for the new hostgroup (will install package to both server groups --- - hosts: websphere_servers tasks: - name: ensure selinux is set to permissive selinux: [...] handlers: - name: reboot [...] - hosts: installationmanager tasks: - name: install compatibility package for installation manager package: name: "{{ item }}" state: present with_items: - compat-libstdc++-33.x86_64 - compat-libstdc++-33.i686 - libstdc++.x86_64 1 OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 44 / 60
  51. 51. Ansible Workshop - step8 Ansible Workshop - step8 Watch later Watch later Share Share 0:00 0:00 / / 2:22 2:22 youtu.be/P55Dp5EwpBY OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 45 / 60
  52. 52. ADD A GROUP AND A USER 1 Module needs hash, calculate with python -c "import crypt; print crypt.crypt('password')" - name: add group for WebSphere users group: name: was state: present - name: add user for im and websphere (non_root) user: name: wassys comment: WebSphere user uid: 2000 group: was shell: /bin/bash state: present password: "$6$40GE6/6h6A4UhpBT$kPtpBLe3Komc2bmadagr6S.v0/VRPJoJunEaMl5PBhAb4F5FTWsZff/6CYtTQlVm8Qa2wya4HV 1 OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 46 / 60
  53. 53. Ansible Workshop - step9 Ansible Workshop - step9 Watch later Watch later Share Share 0:00 0:00 / / 0:29 0:29 youtu.be/z06fB5WRLyE OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 47 / 60
  54. 54. USE VARIABLES Add to inventory 1 Calculate the password hash 2 register variable 3 Use stdout (output of hash command) for password hash ... [installationmanager:vars] was_user=wassys was_user_password=password - name: hash user password shell: "python -c "import crypt; print crypt.crypt('{{ was_user_password }}')"" register: was_user_password_hash changed_when: false - name: add user for im and websphere (non_root) user: name: "{{ was_user }}" comment: WebSphere user uid: 2000 state: present update_password: on_create password: "{{ was_user_password_hash.stdout }}" 1 2 3 OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 48 / 60
  55. 55. Ansible Workshop - step10 Ansible Workshop - step10 Watch later Watch later Share Share 0:00 0:00 / / 0:27 0:27 youtu.be/GPxHlQuU7N8 OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 49 / 60
  56. 56. CREATE SEPARATE ROLES playbook.yml 1 put into roles/ansible-demo2/tasks/main.yml 2 put into roles/ansible-demo2/handlers/main.yml - hosts: websphere_servers become: yes become_user: root tasks: - name: ensure selinux is set to permissive selinux: policy: targeted state: permissive notify: reboot ... handlers: - name: reboot reboot: msg: "Reboot initiated from Ansible" connect_timeout: 30 reboot_timeout: 120 test_command: whoami 1 2 OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 50 / 60
  57. 57. VARIABLES DEFAULTS Add a folder defaults to the role Add used variables and their defaults So even when you forget to de ne the variable, the role will run ansible_demo2/defaults/main.yaml 1 add a variable and read the value from variable was_user, if not present use default wassys 2 default password __websphere_user: "{{ was_user | default('wassys') }}" __websphere_user_password: "{{ was_user_password | default('password') }}" 1 2 OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 51 / 60
  58. 58. Ansible Workshop - step11 Ansible Workshop - step11 Watch later Watch later Share Share 0:00 0:00 / / 0:21 0:21 youtu.be/Yca0gHKOkxI OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 52 / 60
  59. 59. USE ANSIBLE VAULT TO SECURE THE PASSWORD move the variables to group_vars/installationmanager.yml passwords to group_vars/all.yaml encrypt all.yml ansible-vault encrypt group_vars/all.yml ansible-playbook -i inventory playbook.yml --ask-vault-pass OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 53 / 60
  60. 60. Ansible Workshop - step12 Ansible Workshop - step12 Watch later Watch later Share Share 0:00 0:00 / / 0:34 0:34 youtu.be/Ktyy3MKeoRQ OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 54 / 60
  61. 61. RUN ANSIBLE PLAYBOOK Manually through your shell Ansible Tower (enterprise server, $$$) On Windows use Windows Subsystem for Linux (WSL) Ansible AWX Jenkins (Pipeline) Directly during provisioning of Vagrant and Terraform github.com/ansible/awx OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 55 / 60
  62. 62. WHERE TO FIND ROLES? Simple said: Download or write them Check Download role ansible-playbook install … roles and collections make Ansible modular Download complete repositories like connections-automation galaxy.ansible.com OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 56 / 60
  63. 63. SECURITY How do we store passwords or deployment keys Ansible Vault AES265 encrypted Encrypted during ansible-playbook run Ansible AWX Allow users to run tasks and playbooks against hosts without having a root or user account on it OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 57 / 60
  64. 64. WHERE TO START (LINKS) Documentation Books Jeff Geerling: Ansible for Devops Youtube docs.ansible.com/intro_getting_started.html github.com/orgs/ansible/people Ansible 101 with Jeff Geerling Build and deploy container images and containers OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 58 / 60
  65. 65. ADMINISTRATOR OR DEVELOPER Have a look at Ansible Saves you a ton of time Easy to deploy Easy to deploy different environments Dev QA Test Production KISS OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 59 / 60
  66. 66. CONNECTIONS CUSTOMERS Have a look at github.com/HCL-TECH-SOFTWARE/connections-automation OpenNTF Webinar This work is licensed under a Christoph Stoettner · @stoeps Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 60 / 60
  67. 67. QUESTIONS? Use the GoToWebinar Questions Pane Please keep all questions related to the topics that our speakers are discussing!!! Unrelated Question => post at: http://openntf.slack.com/

×