2. About me
➔ Infrastructure Engineer/ SysAdmin
➔ Former Software Developer
➔ GNOME Outreach Intern (2016) - OpenStack
➔ RGSoC Intern (2014)
3. Agenda
➔ Challenges in managing server configurations before Configuration Management
tools.
➔ Benefits of Configuration Management tool.
➔ Where does Ansible fit in the suite of IaaC tools?
➔ What are the features of IaaC tools?
➔ Why learn Ansible?
➔ Understanding an Ansible Setup.
➔ Basics concepts of Ansible.
➔ Writing your own Playbook.
➔ Security Best Practices.
4. Before Configuration Management Tools
Setup a Webserver (nginx) & an application stack (php)
➔ Step-1: Login to the server
➔ Step-2: Install the nginx package
➔ Step-3: Configure nginx configuration
➔ Step-4: Ensure required users, groups are present
➔ Step-5: Ensure correct permissions, user roles are assigned to conf files.
➔ Step-6: Install php packages
➔ Step-7: Configure the application
➔ Step-8: Configure web server to redirect to application
5. Before Configuration Management Tools -2
➔ Doable
➔ Couple of servers
➔ The only form of automation
available: Bash Scripts
➔ Inconsistent environments
Problem: Large groups of servers that need to be managed in a flexible way.
6. Configuration Management Tools - Today
Goal: Install, manage software and configuration at scale with ease.
➔ Helps automate Infrastructure
➔ Centralized management
➔ Helps manage Infrastructure at large scale
➔ Consistent environments
8. What are the features of IaaC Tools?
➔ Declarative Syntax
(describes the state of the infrastructure)
➔ Code form
(revision control)
➔ Idempotence
( current state == desired state )? -> take actions accordingly.
9. Why Ansible?
➔ Learning curve is less, easy to pick it up.
➔ Agentless, only requires Python to be installed on the managed
servers.
➔ Modules are written in Python, easily accessible.
➔ Modules that integrate with Cloud Providers like AWS, OpenStack.
➔ Modules for Docker, Ovirt, etc.
➔ Modules for network devices, windows, etc.
15. Security Best Practices
➔ Control Node needs to be secure/hardened.
➔ Don’t use passwords, use Key based Authentication.
➔ Use Ansible Vault for secrets.
➔ Don’t expose sensitive data in Ansible Output.
➔ Verify before using Roles from Ansible Galaxy.