Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Make your Ansible playbooks maintainable, flexible, and scalable

1,167 views

Published on

Presentation given by Jeff Geerling (@geerlingguy) at AnsibleFest Austin 2018. The presentation describes how to make maintaining Ansible playbooks not only easier, but also more fun and interesting! Jeff Geerling is author of Ansible for DevOps and has been using Ansible to manage hundreds of services for many years. Learn from his experience!

Published in: Software
  • Be the first to comment

Make your Ansible playbooks maintainable, flexible, and scalable

  1. 1. Make your Ansible playbooks flexible / maintainable / scalable J E F F G E E R L I N G ( @ G E E R L I N G G U Y) # A N S I B L E FEST
  2. 2. D E V E L O P E R A U T H O R P H O T O G R A P H E R
  3. 3. H O S T E D A PA C H E S O L R
  4. 4. D R U PA L V M & M A C D E V P L AY B O O K
  5. 5. M E D I A E C O M M E R C E P L AT F O R M
  6. 6. L E S S O N S L E A R N E D 1. Stay organized 2. Test early and often 3. Simplify, optimize
  7. 7. S TAY O R G A N I Z E D
  8. 8. • Playbooks always run from build server
 
 
 
 
 
 
 

  9. 9. – J E F F G E E R L I N G “If it's important, it will be forgotten.”
  10. 10. R E A D M E 1. Purpose 2. Links (CI, docs, issue tracking) 3. Instructions for local testing
  11. 11. S M A L L F I L E S • < 100 lines per file • Start by splitting out related tasks with include_* • Progress to single-responsibility roles
  12. 12. R O L E S • Make roles generic • Share roles among projects • Contribute to / use from Galaxy?
  13. 13. T E S T E A R LY A N D O F T E N
  14. 14. The Ansible CI Spectrum
  15. 15. • yamllint • ansible-playbook --syntax-check • ansible-lint • molecule test (integration) • ansible-playbook --check (against prod) • Parallel infrastructure
  16. 16. • yamllint • ansible-playbook --syntax-check • ansible-lint • molecule test (integration) • ansible-playbook --check (against prod) • Parallel infrastructure increasing complexity
  17. 17. • Heed [DEPRECATION WARNING]s • Read through porting guides • Disable annoying WARN messages:
  18. 18. • Heed [DEPRECATION WARNING]s • Read through porting guides • Disable annoying WARN messages: - name: Check if firewalld is installed.
 command: yum list installed firewalld
 args:
 warn: no
 register: firewalld_installed
  19. 19. • Target latest Ansible release • Keep CI environment updated
  20. 20. S I M P L I F Y, O P T I M I Z E
  21. 21. S I M P L I F Y, O P T I M I Z E
  22. 22. – J E F F G E E R L I N G “YAML is not a programming language.”
  23. 23. • Prefer simple, flat variables over dicts
  24. 24. • Prefer simple, flat variables over dicts apache:
 startservers: 2
 maxclients: 2!
  25. 25. • Prefer simple, flat variables over dicts apache:
 startservers: 2
 maxclients: 2! apache_startservers: 2
 apache_maxclients: 250 ✅
  26. 26. • Prefer simple, flat variables over dicts apache:
 startservers: 2
 maxclients: 2! apache_startservers: 2
 apache_maxclients: 250 ✅
  27. 27. S P E E D
  28. 28. • CI is useless if slow S P E E D
  29. 29. • CI is useless if slow • Disable gather_facts if not needed • forks config - fully utilize resources S P E E D
  30. 30. M O D U L E S • package - pass list to name instead of a loop • copy - only for single files or small dirs • lineinfile - try to switch to template instead of looping on one file
  31. 31. [defaults]
 callback_whitelist = profile_roles, profile_tasks, timer
  32. 32. Monday 10 September 22:31:08 -0500 (0:00:00.851) 0:01:08.824 ****** =============================================================================== geerlingguy.docker ------------------------------------------------------ 9.65s geerlingguy.security ---------------------------------------------------- 9.33s geerlingguy.nginx ------------------------------------------------------- 6.65s geerlingguy.firewall ---------------------------------------------------- 5.39s geerlingguy.munin-node -------------------------------------------------- 4.51s copy -------------------------------------------------------------------- 4.34s geerlingguy.backup ------------------------------------------------------ 4.14s geerlingguy.htpasswd ---------------------------------------------------- 4.13s geerlingguy.ntp --------------------------------------------------------- 3.94s geerlingguy.swap -------------------------------------------------------- 2.71s template ---------------------------------------------------------------- 2.64s ... [defaults]
 callback_whitelist = profile_roles, profile_tasks, timer
  33. 33. Try other callback plugins! (my fave: yaml)
  34. 34. L E S S O N S L E A R N E D 1. Stay organized 2. Test early and often 3. Simplify, optimize
  35. 35. T H A N K Y O U ! # A N S I B L E FEST

×