SlideShare a Scribd company logo

Ansible at work

Bas Meijer
Bas Meijer

Why work with Ansible to deliver software in a secure and reliable way? Gain insight quickly, this deck shows the strenghts of the IT automation tool that does it all. Bas Meijer is an Ansible Ambassador co-hosting the Ansible Benelux Meetup since 2014. He introduced the tool to major corporate clients for use in mission critical infrastructure provisioning, application construction, container orchestration, security operations, and more.

Software
1 of 37
Download to read offline
All-in-one IT automation tool Bas Meijer: Ansible Ambassador
Open Source Puppet Chef Salt Ansible Ini2al release 2005 2009 2011 2012 Configura2on Language DSL Ruby/DSL YAML YAML Template Language ERB ERB Jinja2 Jinja2 Agentless V Ad-hoc task execu2on V V GitHub stars 5095 5482 9276 33018 GitHub contributors 502 563 2159 3847 Github forks 2044 2259 4325 13044 Releases 337 1709 170 237 PRs 51 36 69 1706 Nov 2018 Puppet Chef Salt Ansible Docker Initial release 2005 2009 2011 2012 2013 Configuration Language DSL Ruby/DSL YAML YAML Dockerfile Template Language ERB ERB Jinja2 Jinja2 docker- compose Agentless Y Ad-hoc task execution Y Y GitHub stars 5095 5482 9276 33018 50664 GitHub contributors 502 564 2159 3847 1787 Github forks 2044 2259 4325 13044 14746 Releases 337 1709 170 237 198 PRs 51 36 69 1706 152 Issues -- 525 2428 3818 3269
WHERE DOES IT FIT?
- Human readable text - System abstraction - Top to bottom tasks - Minimal requirements - Easy to audit - Easy to share SIMPLE - API equal to CLI - Batteries included - Parallel execution - Multi-tier orchestration - Pluggable and embeddable - Works with lots of stuff - Really scalable POWERFUL - Codified knowledge - Reproducable systems - Equivalent environments - Encrypted variables - Secure transport - Idempotency - No daemons SECURE Advantages
HOW ANSIBLE WORKS
Ansible AWX
•https://github.com/ansible/lightbulb •https://github.com/ansible/ansible-examples •http://galaxy.ansible.com •https://ansible.com/community •@ansible •ansible-project@googlegroups.com Resources
Tools ansible-doc built-in documentation ansible-vault encryption Ansible-lint validation against ruleset (customizable) Molecule testing suite for roles Ansible Galaxy repository for roles ARA Ansible run analysis & logging AWX/Tower visual dashboard, encryption, role-based access control, job scheduling, integrated notifications and graphical inventory management Jenkins CI/CD visual dashboard, role-based access control, job scheduling
• Have a dead simple setup process and a minimal learning curve • Manage machines very quickly and in parallel • Avoid custom-agents and additional open ports, be agentless by leveraging the existing SSH daemon • Describe infrastructure in a language that is both machine and human friendly • Focus on security and easy auditability/review/rewriting of content • Manage new remote machines instantly, without bootstrapping any software • Allow module development in any dynamic language, not just Python • Be usable as non-root • Be the easiest IT automation system to use, ever. !10 Design principles
• Python • Secure Shell or WinRM • (Other connectivity & execution possible) !11 Minimal requirements
Cloud Files Monitoring Source Control Clustering Identity Net Tools Storage Commands Infrastructure Network System Crypto Inventory Notification Utilities Database Messaging Packaging Windows Batteries included
• Ansible is written in Python (2.6-3.x) • Dependencies only on control host • RedHat Linux relies on Python • Docker API is in Python • Many other API's have Python libraries • mitogen library adds speed !13 Python
• SSH for an interactive terminal connection • SSH can transport files to a server • SSH can execute commands on a server • Ansible sends and executes molules with parameters to many machines in parallel as the ansible_user !14 2/3 Secure shell features
meetup.com/Ansible-Benelux/
$ ansible all -a 'df -h /data'
 www.example.com | CHANGED | rc=0 >> Filesystem 1K-blocks Used Available Use% Mounted on /dev/mapper/rootvg-VarLV 6281216 1044244 5236972 17% /var api.example.com | CHANGED | rc=0 >> Filesystem 1K-blocks Used Available Use% Mounted on /dev/mapper/rootvg-VarLV 6281216 1046540 5234676 17% /var db.example.com | CHANGED | rc=0 >> Filesystem 1K-blocks Used Available Use% Mounted on /dev/mapper/rootvg-VarLV 4184064 2642860 1541204 64% /var logs.example.com | CHANGED | rc=0 >> Filesystem 1K-blocks Used Available Use% Mounted on /dev/mapper/rootvg-VarLV 4184064 1034356 3149708 25% /var jump.example.com | CHANGED | rc=0 >> Filesystem 1K-blocks Used Available Use% Mounted on /dev/mapper/rootvg-VarLV 4184064 1036208 3147856 25% /var $ Ad-hoc commands
• layout for distributed systems • classification of servers in groups • clusters, datacenters, regions • environment segregation !17 Ansible inventories
• Don't ever login as the root user • Settle on become_method: sudo/su/doas • Don't use service accounts interactively
 echo logout > ~/.bash_profile • Separate privileged & non-privileged playbooks • Consider to use signed ssh keys TrustedUserCAKeys /etc/ssh/ca_key.pub
 AuthorizedKeysFile /dev/null ansible_user
[test:children] docker frontend backend [test:vars] ENV=test ansible_user=ansible [docker] www-t.example.com db-t.example.com api-t.example.com [frontend] www-t.example.com [backend] db-t.example.com api-t.example.com Inventory of 'test'
!20 Idempotency What is idempotence? Idempotence is the property of certain operations in mathematics and computer science, that can be applied multiple times without changing the result beyond the initial application
• Config Management that lacks idempotency introduces doubt! • Ensure no changes unless things actually change • Some idempotency issues can be big issues (> versus >>) • Hides the real changes in a cloud of doubt • Reduction in speed if changes are consistently made • Testing becomes increasingly difficult !21 Importance of idempotency
$ ansible-playbook motd.yml PLAY [server] ****************************************************************************** TASK [motd : create /etc/motd] ****************************************************************************** changed: [server] PLAY RECAP ****************************************************************************** server : ok=1 changed=1 unreachable=0 failed=0 Idempotency
$ ansible-playbook motd.yml PLAY [server] ****************************************************************************** TASK [motd : create /etc/motd] ****************************************************************************** ok: [server] PLAY RECAP ****************************************************************************** server : ok=1 changed=0 unreachable=0 failed=0 Idempotency
ansible.cfg # parameters that affect running ansible inventory/ # an inventory defines an environment hosts # defines the hosts in an inventory group_vars/ # here we assign variables to particular groups all # global variables for all groups dbservers/ # directory for dbservers group secrets # -- encrypted variables for dbservers group vars # -- plaintext variables for dbservers group group2 # plaintext variables for group2 host_vars/ # here we assign variables to particular hosts hostname1 # if systems need specific variables, put them here hostname2 # “” site.yml # master playbook webservers.yml # playbook for webserver tier dbservers.yml # playbooke for database tier galaxy_roles/ # roles imported from galaxy roles/ # in-house roles common/ # this hierarchy represents a “role" tasks/ # 'tasks' contains the actions that implement role main.yml # -- main.yml could include other files if warranted handlers/ # 'handlers' can be notified by tasks on change main.yml # -- handlers file often defines service actions templates/ # files for use with the template module hosts # templates edit better with own extension, or j2 files/ # 'files' is the start for relative paths Directory layout
#!/usr/bin/env ansible-playbook - name: 'install.yml' # quote names for syntax highlighting hosts: localhost # scope the play appropriately connection: local # gather_facts: False # booleans: /^(y|yes|n|no|true|false|on|off)$/i tags: # use tags for plays, and actions - preparation vars: # use group_vars for environment specifics - url: "https://galaxy.ansible.com" # quote when value has ':' tasks: # list tasks, but consider using a role - name: 'check network' # format parameters for small terminal size uri: # the best way is to use 'Native YML' format url: "{{ url }}" method: HEAD return_content: no status_code: 200 timeout: 60 follow_redirects: all - name: 're-import roles from Galaxy' command: ansible-galaxy install --force -r roles/requirements.yml Playbook.yml
• Tags help organize execution of playbooks.
 roles: - { role: motd, tags: 'motd' } • You can even run or skip parts of playbooks: --tags=only,run,these,tags --skip-tags=tags,to,skip • Tags can help in testing/debugging Tags
frontend_containers: - www-redislive - www backend_containers: - www-postgresql - www-backoffice - www-redis - www-projections - www-transmitter - www-producer - www-nop-alerts stateful_containers: - www-eventstore stateful_deploy: false eventstore_reset_db: false vars, group_vars & host_vars
- name: set deploy line for all applications in newrelic when: lookup('ENV','HOST_ENV') == 'deployment' uri: url: "https://api.newrelic.com/v2/applications/{{item}}/deployments.json" method: POST headers: X-Api-Key: "{{ newrelic_api_key }}" body_format: json body: deployment: revision: "{{ release }}" description: "{{ deploy_env }}" status_code: 201 with_items: - "{{ appids }}" REST calls with uri:
!29 Docker modules docker_container manage docker containers docker_image Manage docker images. docker_image_facts Inspect docker images docker_login Log into a Docker registry. docker_network Manage Docker networks docker_secret Manage docker secrets. docker_service Manage docker services and containers docker_swarm Manage Swarm cluster docker_swarm_service docker swarm service docker_volume Manage Docker volumes k8s Manage Kubernetes resources azure_rm_containerinstance Manage an Azure Container Instance azure_rm_containerregistry Manage an Azure Container Registry azure_rm_containerregistry_facts Get Azure Container Registry facts
$ touch group_vars/database/secrets $ ansible-vault encrypt group_vars/database/secrets Vault password: Confirm Vault password: Encryption successful $ ansible-vault edit group_vars/database/secrets Vault password: $ cat group_vars/database/secrets $ANSIBLE_VAULT;1.1;AES256 30623164636337303064313565393361656437343739396235643861336265373138653965303861 3933306333636164353330393137633061653230366664310a313734323363306261353339306434 31623732373933333666656665646135656637356366646231336161323838313661636232613365 6431636132373036300a666633336135376361326163633961626231396433393533663064306336 65306365323836633838306639336230383039353035343239306432313535326633 Encryption of vars
Jinja2Jinja2 – An Introduction • Python templating language • Many filters available (to_nice_json, to_nice_yaml, sort) • Conditional evaluation on task result (success, changed, failed, skipped) Additional Information: http://docs.ansible.com/playbooks_variables.html#using-variables-about-jinja2 http://jinja.pocoo.org/docs/templates/#builtin-filters
Jinja2More with Jinja2 • Simple file templating with loops • Simple file templating with if/else • Even use variables for file names! • Iterate through items, globs, and hashes
BUILD_DIR=../build SRC_DIR=../src declare -A APP_DEPENDENCIES= ([“SRC"]=vendor ["DEST"]=vendor) (["SRC"]=node_modules/app.js ["DEST"]=js) # Clean old build(s) clean: rm -rf $(BUILD_DIR) # Copy all app files copy-app: cp -R $(SRC_DIR) $(BUILD_DIR) # Create local.xml symlink symlink-localxml: ln -fs /path/to/local.xml $(BUILD_DIR)/local.xml # Copy app dependencies (PHP & JS) copy-dependencies: for item in "$${!APP_DEPENDENCIES[@]}" ; do cp -rT --preserve=mode,timestamp,links ”./$${item['SRC']}" “${BUILD_DIR}/$${item['DEST']}" ; done vars: - build_dir: ../build - src_dir: ../src - app_dependencies: - { src: vendor, dest: vendor } - { src: node_modules/app.js, dest: js } tasks: - name: Clean old build(s) file: path: "{{ build_dir }}" state: absent - name: Copy all app files copy: src: "{{ src_dir }}" dest: "{{ build_dir }}" - name: Create local.xml symlink file: src: /path/to/local.xml dest: "{{ build_dir }}/local.xml” state: link - name: Copy app dependencies (PHP & JS) copy: src: "./{{ item.src }}" dest: "{{ build_dir }}{{ item.dest }}" follow: yes with_items: app_dependencies Makefile Ansible Application Construction
FROM centos:centos7 MAINTAINER Bas Meijer <bas.meijer@me.com> LABEL running="docker run -d -p 8080:8080 dockpack/tomcat:7" ADD ansible /tmp/ansible RUN yum update -y && yum install -y epel-release && yum install -y ansible tar && yum clean all && cd /tmp/ansible && ansible-galaxy install --force -r requirements.yml && ansible-playbook playbook.yml ADD app /var/app ENV DATABASE postgres ENV PATH $APP_HOME/bin:$PATH WORKDIR $APP_HOME EXPOSE 8080 ENTRYPOINT ["/opt/apache-tomcat/bin/catalina.sh","run"] Dockerfile?

 
 - name: Build an image and push it to a docker registry docker_image: path: ./transmitter name: nexus-repo.example.com:5000/www-transmitter tag: v1 push: yes buildargs: log_volume: /var/log/myapp listen_port: 8080 docker_image
- name: deploy docker-compose.yml template: src: docker-compose.yml.j2 dest: "{{ postgres_home }}/docker-compose.yml" notify: restart database - name: pull image for database environment: POSTGRES_PASSWORD: "{{postgresql_password}}" POSTGRES_USER: "{{postgresql_user}}" POSTGRES_DB: "{{postgresql_database }}" docker_service: project_src: "{{ postgres_home }}" state: present pull: yes recreate: never deploy docker-compose file
Secure Software Delivery TEST ACCOpenShift Application
 Code Infra as
 Code Versioning Continuous
 Integration DMZ Storage Inspections 6 Eyes Code Review Code Quality Library Scan Equivalent Environments Pentest
 Dynamic Scans Automatic Tests SwarmLocal PROD Re-architecting Environments CloudVM

Recommended

Testing with Ansible
Testing with AnsibleTesting with Ansible
Testing with AnsibleBas Meijer
 
Getting started with Ansible
Getting started with AnsibleGetting started with Ansible
Getting started with AnsibleIvan Serdyuk
 
Managing Your Cisco Datacenter Network with Ansible
Managing Your Cisco Datacenter Network with AnsibleManaging Your Cisco Datacenter Network with Ansible
Managing Your Cisco Datacenter Network with Ansiblefmaccioni
 
Fake IT, until you make IT
Fake IT, until you make ITFake IT, until you make IT
Fake IT, until you make ITBas Meijer
 
Automation with Ansible and Containers
Automation with Ansible and ContainersAutomation with Ansible and Containers
Automation with Ansible and ContainersRodolfo Carvalho
 
Vagrant, Ansible, and OpenStack on your laptop
Vagrant, Ansible, and OpenStack on your laptopVagrant, Ansible, and OpenStack on your laptop
Vagrant, Ansible, and OpenStack on your laptopLorin Hochstein
 
Ansible not only for Dummies
Ansible not only for DummiesAnsible not only for Dummies
Ansible not only for DummiesŁukasz Proszek
 
Test-Driven Infrastructure with Ansible, Test Kitchen, Serverspec and RSpec
Test-Driven Infrastructure with Ansible, Test Kitchen, Serverspec and RSpecTest-Driven Infrastructure with Ansible, Test Kitchen, Serverspec and RSpec
Test-Driven Infrastructure with Ansible, Test Kitchen, Serverspec and RSpecMartin Etmajer
 

Recommended

Testing with Ansible
Testing with AnsibleTesting with Ansible
Testing with AnsibleBas Meijer
 
Getting started with Ansible
Getting started with AnsibleGetting started with Ansible
Getting started with AnsibleIvan Serdyuk
 
Managing Your Cisco Datacenter Network with Ansible
Managing Your Cisco Datacenter Network with AnsibleManaging Your Cisco Datacenter Network with Ansible
Managing Your Cisco Datacenter Network with Ansiblefmaccioni
 
Fake IT, until you make IT
Fake IT, until you make ITFake IT, until you make IT
Fake IT, until you make ITBas Meijer
 
Automation with Ansible and Containers
Automation with Ansible and ContainersAutomation with Ansible and Containers
Automation with Ansible and ContainersRodolfo Carvalho
 
Vagrant, Ansible, and OpenStack on your laptop
Vagrant, Ansible, and OpenStack on your laptopVagrant, Ansible, and OpenStack on your laptop
Vagrant, Ansible, and OpenStack on your laptopLorin Hochstein
 
Ansible not only for Dummies
Ansible not only for DummiesAnsible not only for Dummies
Ansible not only for DummiesŁukasz Proszek
 
Test-Driven Infrastructure with Ansible, Test Kitchen, Serverspec and RSpec
Test-Driven Infrastructure with Ansible, Test Kitchen, Serverspec and RSpecTest-Driven Infrastructure with Ansible, Test Kitchen, Serverspec and RSpec
Test-Driven Infrastructure with Ansible, Test Kitchen, Serverspec and RSpecMartin Etmajer
 
Learn basic ansible using docker
Learn basic ansible using dockerLearn basic ansible using docker
Learn basic ansible using dockerLarry Cai
 
Kubernetes Boston — Custom High Availability of Kubernetes
Kubernetes Boston — Custom High Availability of KubernetesKubernetes Boston — Custom High Availability of Kubernetes
Kubernetes Boston — Custom High Availability of KubernetesMike Splain
 
Running High Performance and Fault Tolerant Elasticsearch Clusters on Docker
Running High Performance and Fault Tolerant Elasticsearch Clusters on DockerRunning High Performance and Fault Tolerant Elasticsearch Clusters on Docker
Running High Performance and Fault Tolerant Elasticsearch Clusters on DockerSematext Group, Inc.
 
Supercharging Content Delivery with Varnish
Supercharging Content Delivery with VarnishSupercharging Content Delivery with Varnish
Supercharging Content Delivery with VarnishSamantha Quiñones
 
Go Faster with Ansible (PHP meetup)
Go Faster with Ansible (PHP meetup)Go Faster with Ansible (PHP meetup)
Go Faster with Ansible (PHP meetup)Richard Donkin
 
Ansible new paradigms for orchestration
Ansible new paradigms for orchestrationAnsible new paradigms for orchestration
Ansible new paradigms for orchestrationPaolo Tonin
 
Python Deployment with Fabric
Python Deployment with FabricPython Deployment with Fabric
Python Deployment with Fabricandymccurdy
 
Docker for PHP Developers - ZendCon 2016
Docker for PHP Developers - ZendCon 2016Docker for PHP Developers - ZendCon 2016
Docker for PHP Developers - ZendCon 2016Chris Tankersley
 
10 Million hits a day with WordPress using a $15 VPS
10 Million hits a day with WordPress using a $15 VPS10 Million hits a day with WordPress using a $15 VPS
10 Million hits a day with WordPress using a $15 VPSPaolo Tonin
 
Clocker - The Docker Cloud Maker
Clocker - The Docker Cloud MakerClocker - The Docker Cloud Maker
Clocker - The Docker Cloud MakerAndrew Kennedy
 
Continuous Integration: SaaS vs Jenkins in Cloud
Continuous Integration: SaaS vs Jenkins in CloudContinuous Integration: SaaS vs Jenkins in Cloud
Continuous Integration: SaaS vs Jenkins in CloudIdeato
 
Scaling Development Environments with Docker
Scaling Development Environments with DockerScaling Development Environments with Docker
Scaling Development Environments with DockerDocker, Inc.
 
Ansible v2 and Beyond (Ansible Hawai'i Meetup)
Ansible v2 and Beyond (Ansible Hawai'i Meetup)Ansible v2 and Beyond (Ansible Hawai'i Meetup)
Ansible v2 and Beyond (Ansible Hawai'i Meetup)Timothy Appnel
 
Tips for a Faster Website
Tips for a Faster WebsiteTips for a Faster Website
Tips for a Faster WebsiteRayed Alrashed
 
Herd your chickens: Ansible for DB2 configuration management
Herd your chickens: Ansible for DB2 configuration managementHerd your chickens: Ansible for DB2 configuration management
Herd your chickens: Ansible for DB2 configuration managementFrederik Engelen
 
Amazon EC2 Container Service in Action
Amazon EC2 Container Service in ActionAmazon EC2 Container Service in Action
Amazon EC2 Container Service in ActionRemotty
 
An intro to Docker, Terraform, and Amazon ECS
An intro to Docker, Terraform, and Amazon ECSAn intro to Docker, Terraform, and Amazon ECS
An intro to Docker, Terraform, and Amazon ECSYevgeniy Brikman
 
Docker at Shopify: From This-Looks-Fun to Production by Simon Eskildsen (Shop...
Docker at Shopify: From This-Looks-Fun to Production by Simon Eskildsen (Shop...Docker at Shopify: From This-Looks-Fun to Production by Simon Eskildsen (Shop...
Docker at Shopify: From This-Looks-Fun to Production by Simon Eskildsen (Shop...Docker, Inc.
 
Scaling Your App With Docker Swarm using Terraform, Packer on Openstack
Scaling Your App With Docker Swarm using Terraform, Packer on OpenstackScaling Your App With Docker Swarm using Terraform, Packer on Openstack
Scaling Your App With Docker Swarm using Terraform, Packer on OpenstackBobby DeVeaux, DevOps Consultant
 
Ansible fest Presentation slides
Ansible fest Presentation slidesAnsible fest Presentation slides
Ansible fest Presentation slidesAaron Carey
 
Docker 102 - Immutable Infrastructure
Docker 102 - Immutable InfrastructureDocker 102 - Immutable Infrastructure
Docker 102 - Immutable InfrastructureAdrian Otto
 
Automation day red hat ansible
Automation day red hat ansible Automation day red hat ansible
Automation day red hat ansible Rodrigo Missiaggia
 

More Related Content

What's hot

Learn basic ansible using docker
Learn basic ansible using dockerLearn basic ansible using docker
Learn basic ansible using dockerLarry Cai
 
Kubernetes Boston — Custom High Availability of Kubernetes
Kubernetes Boston — Custom High Availability of KubernetesKubernetes Boston — Custom High Availability of Kubernetes
Kubernetes Boston — Custom High Availability of KubernetesMike Splain
 
Running High Performance and Fault Tolerant Elasticsearch Clusters on Docker
Running High Performance and Fault Tolerant Elasticsearch Clusters on DockerRunning High Performance and Fault Tolerant Elasticsearch Clusters on Docker
Running High Performance and Fault Tolerant Elasticsearch Clusters on DockerSematext Group, Inc.
 
Supercharging Content Delivery with Varnish
Supercharging Content Delivery with VarnishSupercharging Content Delivery with Varnish
Supercharging Content Delivery with VarnishSamantha Quiñones
 
Go Faster with Ansible (PHP meetup)
Go Faster with Ansible (PHP meetup)Go Faster with Ansible (PHP meetup)
Go Faster with Ansible (PHP meetup)Richard Donkin
 
Ansible new paradigms for orchestration
Ansible new paradigms for orchestrationAnsible new paradigms for orchestration
Ansible new paradigms for orchestrationPaolo Tonin
 
Python Deployment with Fabric
Python Deployment with FabricPython Deployment with Fabric
Python Deployment with Fabricandymccurdy
 
Docker for PHP Developers - ZendCon 2016
Docker for PHP Developers - ZendCon 2016Docker for PHP Developers - ZendCon 2016
Docker for PHP Developers - ZendCon 2016Chris Tankersley
 
10 Million hits a day with WordPress using a $15 VPS
10 Million hits a day with WordPress using a $15 VPS10 Million hits a day with WordPress using a $15 VPS
10 Million hits a day with WordPress using a $15 VPSPaolo Tonin
 
Clocker - The Docker Cloud Maker
Clocker - The Docker Cloud MakerClocker - The Docker Cloud Maker
Clocker - The Docker Cloud MakerAndrew Kennedy
 
Continuous Integration: SaaS vs Jenkins in Cloud
Continuous Integration: SaaS vs Jenkins in CloudContinuous Integration: SaaS vs Jenkins in Cloud
Continuous Integration: SaaS vs Jenkins in CloudIdeato
 
Scaling Development Environments with Docker
Scaling Development Environments with DockerScaling Development Environments with Docker
Scaling Development Environments with DockerDocker, Inc.
 
Ansible v2 and Beyond (Ansible Hawai'i Meetup)
Ansible v2 and Beyond (Ansible Hawai'i Meetup)Ansible v2 and Beyond (Ansible Hawai'i Meetup)
Ansible v2 and Beyond (Ansible Hawai'i Meetup)Timothy Appnel
 
Tips for a Faster Website
Tips for a Faster WebsiteTips for a Faster Website
Tips for a Faster WebsiteRayed Alrashed
 
Herd your chickens: Ansible for DB2 configuration management
Herd your chickens: Ansible for DB2 configuration managementHerd your chickens: Ansible for DB2 configuration management
Herd your chickens: Ansible for DB2 configuration managementFrederik Engelen
 
Amazon EC2 Container Service in Action
Amazon EC2 Container Service in ActionAmazon EC2 Container Service in Action
Amazon EC2 Container Service in ActionRemotty
 
An intro to Docker, Terraform, and Amazon ECS
An intro to Docker, Terraform, and Amazon ECSAn intro to Docker, Terraform, and Amazon ECS
An intro to Docker, Terraform, and Amazon ECSYevgeniy Brikman
 
Docker at Shopify: From This-Looks-Fun to Production by Simon Eskildsen (Shop...
Docker at Shopify: From This-Looks-Fun to Production by Simon Eskildsen (Shop...Docker at Shopify: From This-Looks-Fun to Production by Simon Eskildsen (Shop...
Docker at Shopify: From This-Looks-Fun to Production by Simon Eskildsen (Shop...Docker, Inc.
 
Scaling Your App With Docker Swarm using Terraform, Packer on Openstack
Scaling Your App With Docker Swarm using Terraform, Packer on OpenstackScaling Your App With Docker Swarm using Terraform, Packer on Openstack
Scaling Your App With Docker Swarm using Terraform, Packer on OpenstackBobby DeVeaux, DevOps Consultant
 
Ansible fest Presentation slides
Ansible fest Presentation slidesAnsible fest Presentation slides
Ansible fest Presentation slidesAaron Carey
 

What's hot (20)

Learn basic ansible using docker
Learn basic ansible using dockerLearn basic ansible using docker
Learn basic ansible using docker
 
Kubernetes Boston — Custom High Availability of Kubernetes
Kubernetes Boston — Custom High Availability of KubernetesKubernetes Boston — Custom High Availability of Kubernetes
Kubernetes Boston — Custom High Availability of Kubernetes
 
Running High Performance and Fault Tolerant Elasticsearch Clusters on Docker
Running High Performance and Fault Tolerant Elasticsearch Clusters on DockerRunning High Performance and Fault Tolerant Elasticsearch Clusters on Docker
Running High Performance and Fault Tolerant Elasticsearch Clusters on Docker
 
Supercharging Content Delivery with Varnish
Supercharging Content Delivery with VarnishSupercharging Content Delivery with Varnish
Supercharging Content Delivery with Varnish
 
Go Faster with Ansible (PHP meetup)
Go Faster with Ansible (PHP meetup)Go Faster with Ansible (PHP meetup)
Go Faster with Ansible (PHP meetup)
 
Ansible new paradigms for orchestration
Ansible new paradigms for orchestrationAnsible new paradigms for orchestration
Ansible new paradigms for orchestration
 
Python Deployment with Fabric
Python Deployment with FabricPython Deployment with Fabric
Python Deployment with Fabric
 
Docker for PHP Developers - ZendCon 2016
Docker for PHP Developers - ZendCon 2016Docker for PHP Developers - ZendCon 2016
Docker for PHP Developers - ZendCon 2016
 
10 Million hits a day with WordPress using a $15 VPS
10 Million hits a day with WordPress using a $15 VPS10 Million hits a day with WordPress using a $15 VPS
10 Million hits a day with WordPress using a $15 VPS
 
Clocker - The Docker Cloud Maker
Clocker - The Docker Cloud MakerClocker - The Docker Cloud Maker
Clocker - The Docker Cloud Maker
 
Continuous Integration: SaaS vs Jenkins in Cloud
Continuous Integration: SaaS vs Jenkins in CloudContinuous Integration: SaaS vs Jenkins in Cloud
Continuous Integration: SaaS vs Jenkins in Cloud
 
Scaling Development Environments with Docker
Scaling Development Environments with DockerScaling Development Environments with Docker
Scaling Development Environments with Docker
 
Ansible v2 and Beyond (Ansible Hawai'i Meetup)
Ansible v2 and Beyond (Ansible Hawai'i Meetup)Ansible v2 and Beyond (Ansible Hawai'i Meetup)
Ansible v2 and Beyond (Ansible Hawai'i Meetup)
 
Tips for a Faster Website
Tips for a Faster WebsiteTips for a Faster Website
Tips for a Faster Website
 
Herd your chickens: Ansible for DB2 configuration management
Herd your chickens: Ansible for DB2 configuration managementHerd your chickens: Ansible for DB2 configuration management
Herd your chickens: Ansible for DB2 configuration management
 
Amazon EC2 Container Service in Action
Amazon EC2 Container Service in ActionAmazon EC2 Container Service in Action
Amazon EC2 Container Service in Action
 
An intro to Docker, Terraform, and Amazon ECS
An intro to Docker, Terraform, and Amazon ECSAn intro to Docker, Terraform, and Amazon ECS
An intro to Docker, Terraform, and Amazon ECS
 
Docker at Shopify: From This-Looks-Fun to Production by Simon Eskildsen (Shop...
Docker at Shopify: From This-Looks-Fun to Production by Simon Eskildsen (Shop...Docker at Shopify: From This-Looks-Fun to Production by Simon Eskildsen (Shop...
Docker at Shopify: From This-Looks-Fun to Production by Simon Eskildsen (Shop...
 
Scaling Your App With Docker Swarm using Terraform, Packer on Openstack
Scaling Your App With Docker Swarm using Terraform, Packer on OpenstackScaling Your App With Docker Swarm using Terraform, Packer on Openstack
Scaling Your App With Docker Swarm using Terraform, Packer on Openstack
 
Ansible fest Presentation slides
Ansible fest Presentation slidesAnsible fest Presentation slides
Ansible fest Presentation slides
 

Similar to Ansible at work

Docker 102 - Immutable Infrastructure
Docker 102 - Immutable InfrastructureDocker 102 - Immutable Infrastructure
Docker 102 - Immutable InfrastructureAdrian Otto
 
Docker 0.11 at MaxCDN meetup in Los Angeles
Docker 0.11 at MaxCDN meetup in Los AngelesDocker 0.11 at MaxCDN meetup in Los Angeles
Docker 0.11 at MaxCDN meetup in Los AngelesJérôme Petazzoni
 
The Docker "Gauntlet" - Introduction, Ecosystem, Deployment, Orchestration
The Docker "Gauntlet" - Introduction, Ecosystem, Deployment, OrchestrationThe Docker "Gauntlet" - Introduction, Ecosystem, Deployment, Orchestration
The Docker "Gauntlet" - Introduction, Ecosystem, Deployment, OrchestrationErica Windisch
 
A tour of Ansible
A tour of AnsibleA tour of Ansible
A tour of AnsibleDevOps Ltd.
 
A Fabric/Puppet Build/Deploy System
A Fabric/Puppet Build/Deploy SystemA Fabric/Puppet Build/Deploy System
A Fabric/Puppet Build/Deploy Systemadrian_nye
 
Docker - Dicas ninjas - MolaTech Talks
Docker - Dicas ninjas - MolaTech TalksDocker - Dicas ninjas - MolaTech Talks
Docker - Dicas ninjas - MolaTech Talksmatheuscmpm
 
DCEU 18: Building Your Development Pipeline
DCEU 18: Building Your Development PipelineDCEU 18: Building Your Development Pipeline
DCEU 18: Building Your Development PipelineDocker, Inc.
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentationSuresh Kumar
 
Building Docker Containers @ Scale
Building Docker Containers @ ScaleBuilding Docker Containers @ Scale
Building Docker Containers @ Scalelxfontes
 
Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...
Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...
Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...Nagios
 
Infrastructure as code
Infrastructure as codeInfrastructure as code
Infrastructure as codedaisuke awaji
 
AWSインフラのコード化にトライしてみて
AWSインフラのコード化にトライしてみてAWSインフラのコード化にトライしてみて
AWSインフラのコード化にトライしてみてdaisuke awaji
 
Kubernetes: training micro-dragons for a serious battle
Kubernetes: training micro-dragons for a serious battleKubernetes: training micro-dragons for a serious battle
Kubernetes: training micro-dragons for a serious battleAmir Moghimi
 
Go Faster with Ansible (AWS meetup)
Go Faster with Ansible (AWS meetup)Go Faster with Ansible (AWS meetup)
Go Faster with Ansible (AWS meetup)Richard Donkin
 
Docker for developers on mac and windows
Docker for developers on mac and windowsDocker for developers on mac and windows
Docker for developers on mac and windowsDocker, Inc.
 

Similar to Ansible at work (20)

Docker 102 - Immutable Infrastructure
Docker 102 - Immutable InfrastructureDocker 102 - Immutable Infrastructure
Docker 102 - Immutable Infrastructure
 
Automation day red hat ansible
Automation day red hat ansible Automation day red hat ansible
Automation day red hat ansible
 
Docker 0.11 at MaxCDN meetup in Los Angeles
Docker 0.11 at MaxCDN meetup in Los AngelesDocker 0.11 at MaxCDN meetup in Los Angeles
Docker 0.11 at MaxCDN meetup in Los Angeles
 
The Docker "Gauntlet" - Introduction, Ecosystem, Deployment, Orchestration
The Docker "Gauntlet" - Introduction, Ecosystem, Deployment, OrchestrationThe Docker "Gauntlet" - Introduction, Ecosystem, Deployment, Orchestration
The Docker "Gauntlet" - Introduction, Ecosystem, Deployment, Orchestration
 
A tour of Ansible
A tour of AnsibleA tour of Ansible
A tour of Ansible
 
Network automation (NetDevOps) with Ansible
Network automation (NetDevOps) with AnsibleNetwork automation (NetDevOps) with Ansible
Network automation (NetDevOps) with Ansible
 
A Fabric/Puppet Build/Deploy System
A Fabric/Puppet Build/Deploy SystemA Fabric/Puppet Build/Deploy System
A Fabric/Puppet Build/Deploy System
 
Docker - Dicas ninjas - MolaTech Talks
Docker - Dicas ninjas - MolaTech TalksDocker - Dicas ninjas - MolaTech Talks
Docker - Dicas ninjas - MolaTech Talks
 
DCEU 18: Building Your Development Pipeline
DCEU 18: Building Your Development PipelineDCEU 18: Building Your Development Pipeline
DCEU 18: Building Your Development Pipeline
 
Ansible
AnsibleAnsible
Ansible
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentation
 
Building Docker Containers @ Scale
Building Docker Containers @ ScaleBuilding Docker Containers @ Scale
Building Docker Containers @ Scale
 
Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...
Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...
Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...
 
Before & After Docker Init
Before & After Docker InitBefore & After Docker Init
Before & After Docker Init
 
Infrastructure as code
Infrastructure as codeInfrastructure as code
Infrastructure as code
 
AWSインフラのコード化にトライしてみて
AWSインフラのコード化にトライしてみてAWSインフラのコード化にトライしてみて
AWSインフラのコード化にトライしてみて
 
Kubernetes @ meetic
Kubernetes @ meeticKubernetes @ meetic
Kubernetes @ meetic
 
Kubernetes: training micro-dragons for a serious battle
Kubernetes: training micro-dragons for a serious battleKubernetes: training micro-dragons for a serious battle
Kubernetes: training micro-dragons for a serious battle
 
Go Faster with Ansible (AWS meetup)
Go Faster with Ansible (AWS meetup)Go Faster with Ansible (AWS meetup)
Go Faster with Ansible (AWS meetup)
 
Docker for developers on mac and windows
Docker for developers on mac and windowsDocker for developers on mac and windows
Docker for developers on mac and windows
 

More from Bas Meijer

Keybase Vault Auto-Unseal HashiTalks2020
Keybase Vault Auto-Unseal HashiTalks2020Keybase Vault Auto-Unseal HashiTalks2020
Keybase Vault Auto-Unseal HashiTalks2020Bas Meijer
 
Azure VM base images with Packer, Ansble and Vagrant
Azure VM base images with Packer, Ansble and VagrantAzure VM base images with Packer, Ansble and Vagrant
Azure VM base images with Packer, Ansble and VagrantBas Meijer
 
Help! My app is being featured.
Help! My app is being featured.Help! My app is being featured.
Help! My app is being featured.Bas Meijer
 
Ansible, best practices
Ansible, best practicesAnsible, best practices
Ansible, best practicesBas Meijer
 
docker build with Ansible
docker build with Ansibledocker build with Ansible
docker build with AnsibleBas Meijer
 

More from Bas Meijer (6)

Keybase Vault Auto-Unseal HashiTalks2020
Keybase Vault Auto-Unseal HashiTalks2020Keybase Vault Auto-Unseal HashiTalks2020
Keybase Vault Auto-Unseal HashiTalks2020
 
Packer demo
Packer demoPacker demo
Packer demo
 
Azure VM base images with Packer, Ansble and Vagrant
Azure VM base images with Packer, Ansble and VagrantAzure VM base images with Packer, Ansble and Vagrant
Azure VM base images with Packer, Ansble and Vagrant
 
Help! My app is being featured.
Help! My app is being featured.Help! My app is being featured.
Help! My app is being featured.
 
Ansible, best practices
Ansible, best practicesAnsible, best practices
Ansible, best practices
 
docker build with Ansible
docker build with Ansibledocker build with Ansible
docker build with Ansible
 

Recently uploaded

ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based projectAnoyGreter
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
software engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptxsoftware engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptxnada99848
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024StefanoLambiase
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 

Recently uploaded (20)

ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based project
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
software engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptxsoftware engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptx
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort ServiceHot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 

Ansible at work

  • 1. All-in-one IT automation tool Bas Meijer: Ansible Ambassador
  • 2. Open Source Puppet Chef Salt Ansible Ini2al release 2005 2009 2011 2012 Configura2on Language DSL Ruby/DSL YAML YAML Template Language ERB ERB Jinja2 Jinja2 Agentless V Ad-hoc task execu2on V V GitHub stars 5095 5482 9276 33018 GitHub contributors 502 563 2159 3847 Github forks 2044 2259 4325 13044 Releases 337 1709 170 237 PRs 51 36 69 1706 Nov 2018 Puppet Chef Salt Ansible Docker Initial release 2005 2009 2011 2012 2013 Configuration Language DSL Ruby/DSL YAML YAML Dockerfile Template Language ERB ERB Jinja2 Jinja2 docker- compose Agentless Y Ad-hoc task execution Y Y GitHub stars 5095 5482 9276 33018 50664 GitHub contributors 502 564 2159 3847 1787 Github forks 2044 2259 4325 13044 14746 Releases 337 1709 170 237 198 PRs 51 36 69 1706 152 Issues -- 525 2428 3818 3269
  • 4. - Human readable text - System abstraction - Top to bottom tasks - Minimal requirements - Easy to audit - Easy to share SIMPLE - API equal to CLI - Batteries included - Parallel execution - Multi-tier orchestration - Pluggable and embeddable - Works with lots of stuff - Really scalable POWERFUL - Codified knowledge - Reproducable systems - Equivalent environments - Encrypted variables - Secure transport - Idempotency - No daemons SECURE Advantages
  • 7.
  • 9. Tools ansible-doc built-in documentation ansible-vault encryption Ansible-lint validation against ruleset (customizable) Molecule testing suite for roles Ansible Galaxy repository for roles ARA Ansible run analysis & logging AWX/Tower visual dashboard, encryption, role-based access control, job scheduling, integrated notifications and graphical inventory management Jenkins CI/CD visual dashboard, role-based access control, job scheduling
  • 10. • Have a dead simple setup process and a minimal learning curve • Manage machines very quickly and in parallel • Avoid custom-agents and additional open ports, be agentless by leveraging the existing SSH daemon • Describe infrastructure in a language that is both machine and human friendly • Focus on security and easy auditability/review/rewriting of content • Manage new remote machines instantly, without bootstrapping any software • Allow module development in any dynamic language, not just Python • Be usable as non-root • Be the easiest IT automation system to use, ever. !10 Design principles
  • 11. • Python • Secure Shell or WinRM • (Other connectivity & execution possible) !11 Minimal requirements
  • 12. Cloud Files Monitoring Source Control Clustering Identity Net Tools Storage Commands Infrastructure Network System Crypto Inventory Notification Utilities Database Messaging Packaging Windows Batteries included
  • 13. • Ansible is written in Python (2.6-3.x) • Dependencies only on control host • RedHat Linux relies on Python • Docker API is in Python • Many other API's have Python libraries • mitogen library adds speed !13 Python
  • 14. • SSH for an interactive terminal connection • SSH can transport files to a server • SSH can execute commands on a server • Ansible sends and executes molules with parameters to many machines in parallel as the ansible_user !14 2/3 Secure shell features
  • 16. $ ansible all -a 'df -h /data'
 www.example.com | CHANGED | rc=0 >> Filesystem 1K-blocks Used Available Use% Mounted on /dev/mapper/rootvg-VarLV 6281216 1044244 5236972 17% /var api.example.com | CHANGED | rc=0 >> Filesystem 1K-blocks Used Available Use% Mounted on /dev/mapper/rootvg-VarLV 6281216 1046540 5234676 17% /var db.example.com | CHANGED | rc=0 >> Filesystem 1K-blocks Used Available Use% Mounted on /dev/mapper/rootvg-VarLV 4184064 2642860 1541204 64% /var logs.example.com | CHANGED | rc=0 >> Filesystem 1K-blocks Used Available Use% Mounted on /dev/mapper/rootvg-VarLV 4184064 1034356 3149708 25% /var jump.example.com | CHANGED | rc=0 >> Filesystem 1K-blocks Used Available Use% Mounted on /dev/mapper/rootvg-VarLV 4184064 1036208 3147856 25% /var $ Ad-hoc commands
  • 17. • layout for distributed systems • classification of servers in groups • clusters, datacenters, regions • environment segregation !17 Ansible inventories
  • 18. • Don't ever login as the root user • Settle on become_method: sudo/su/doas • Don't use service accounts interactively
 echo logout > ~/.bash_profile • Separate privileged & non-privileged playbooks • Consider to use signed ssh keys TrustedUserCAKeys /etc/ssh/ca_key.pub
 AuthorizedKeysFile /dev/null ansible_user
  • 20. !20 Idempotency What is idempotence? Idempotence is the property of certain operations in mathematics and computer science, that can be applied multiple times without changing the result beyond the initial application
  • 21. • Config Management that lacks idempotency introduces doubt! • Ensure no changes unless things actually change • Some idempotency issues can be big issues (> versus >>) • Hides the real changes in a cloud of doubt • Reduction in speed if changes are consistently made • Testing becomes increasingly difficult !21 Importance of idempotency
  • 22. $ ansible-playbook motd.yml PLAY [server] ****************************************************************************** TASK [motd : create /etc/motd] ****************************************************************************** changed: [server] PLAY RECAP ****************************************************************************** server : ok=1 changed=1 unreachable=0 failed=0 Idempotency
  • 23. $ ansible-playbook motd.yml PLAY [server] ****************************************************************************** TASK [motd : create /etc/motd] ****************************************************************************** ok: [server] PLAY RECAP ****************************************************************************** server : ok=1 changed=0 unreachable=0 failed=0 Idempotency
  • 24. ansible.cfg # parameters that affect running ansible inventory/ # an inventory defines an environment hosts # defines the hosts in an inventory group_vars/ # here we assign variables to particular groups all # global variables for all groups dbservers/ # directory for dbservers group secrets # -- encrypted variables for dbservers group vars # -- plaintext variables for dbservers group group2 # plaintext variables for group2 host_vars/ # here we assign variables to particular hosts hostname1 # if systems need specific variables, put them here hostname2 # “” site.yml # master playbook webservers.yml # playbook for webserver tier dbservers.yml # playbooke for database tier galaxy_roles/ # roles imported from galaxy roles/ # in-house roles common/ # this hierarchy represents a “role" tasks/ # 'tasks' contains the actions that implement role main.yml # -- main.yml could include other files if warranted handlers/ # 'handlers' can be notified by tasks on change main.yml # -- handlers file often defines service actions templates/ # files for use with the template module hosts # templates edit better with own extension, or j2 files/ # 'files' is the start for relative paths Directory layout
  • 25. #!/usr/bin/env ansible-playbook - name: 'install.yml' # quote names for syntax highlighting hosts: localhost # scope the play appropriately connection: local # gather_facts: False # booleans: /^(y|yes|n|no|true|false|on|off)$/i tags: # use tags for plays, and actions - preparation vars: # use group_vars for environment specifics - url: "https://galaxy.ansible.com" # quote when value has ':' tasks: # list tasks, but consider using a role - name: 'check network' # format parameters for small terminal size uri: # the best way is to use 'Native YML' format url: "{{ url }}" method: HEAD return_content: no status_code: 200 timeout: 60 follow_redirects: all - name: 're-import roles from Galaxy' command: ansible-galaxy install --force -r roles/requirements.yml Playbook.yml
  • 26. • Tags help organize execution of playbooks.
 roles: - { role: motd, tags: 'motd' } • You can even run or skip parts of playbooks: --tags=only,run,these,tags --skip-tags=tags,to,skip • Tags can help in testing/debugging Tags
  • 27. frontend_containers: - www-redislive - www backend_containers: - www-postgresql - www-backoffice - www-redis - www-projections - www-transmitter - www-producer - www-nop-alerts stateful_containers: - www-eventstore stateful_deploy: false eventstore_reset_db: false vars, group_vars & host_vars
  • 28. - name: set deploy line for all applications in newrelic when: lookup('ENV','HOST_ENV') == 'deployment' uri: url: "https://api.newrelic.com/v2/applications/{{item}}/deployments.json" method: POST headers: X-Api-Key: "{{ newrelic_api_key }}" body_format: json body: deployment: revision: "{{ release }}" description: "{{ deploy_env }}" status_code: 201 with_items: - "{{ appids }}" REST calls with uri:
  • 29. !29 Docker modules docker_container manage docker containers docker_image Manage docker images. docker_image_facts Inspect docker images docker_login Log into a Docker registry. docker_network Manage Docker networks docker_secret Manage docker secrets. docker_service Manage docker services and containers docker_swarm Manage Swarm cluster docker_swarm_service docker swarm service docker_volume Manage Docker volumes k8s Manage Kubernetes resources azure_rm_containerinstance Manage an Azure Container Instance azure_rm_containerregistry Manage an Azure Container Registry azure_rm_containerregistry_facts Get Azure Container Registry facts
  • 30. $ touch group_vars/database/secrets $ ansible-vault encrypt group_vars/database/secrets Vault password: Confirm Vault password: Encryption successful $ ansible-vault edit group_vars/database/secrets Vault password: $ cat group_vars/database/secrets $ANSIBLE_VAULT;1.1;AES256 30623164636337303064313565393361656437343739396235643861336265373138653965303861 3933306333636164353330393137633061653230366664310a313734323363306261353339306434 31623732373933333666656665646135656637356366646231336161323838313661636232613365 6431636132373036300a666633336135376361326163633961626231396433393533663064306336 65306365323836633838306639336230383039353035343239306432313535326633 Encryption of vars
  • 31. Jinja2Jinja2 – An Introduction • Python templating language • Many filters available (to_nice_json, to_nice_yaml, sort) • Conditional evaluation on task result (success, changed, failed, skipped) Additional Information: http://docs.ansible.com/playbooks_variables.html#using-variables-about-jinja2 http://jinja.pocoo.org/docs/templates/#builtin-filters
  • 32. Jinja2More with Jinja2 • Simple file templating with loops • Simple file templating with if/else • Even use variables for file names! • Iterate through items, globs, and hashes
  • 33. BUILD_DIR=../build SRC_DIR=../src declare -A APP_DEPENDENCIES= ([“SRC"]=vendor ["DEST"]=vendor) (["SRC"]=node_modules/app.js ["DEST"]=js) # Clean old build(s) clean: rm -rf $(BUILD_DIR) # Copy all app files copy-app: cp -R $(SRC_DIR) $(BUILD_DIR) # Create local.xml symlink symlink-localxml: ln -fs /path/to/local.xml $(BUILD_DIR)/local.xml # Copy app dependencies (PHP & JS) copy-dependencies: for item in "$${!APP_DEPENDENCIES[@]}" ; do cp -rT --preserve=mode,timestamp,links ”./$${item['SRC']}" “${BUILD_DIR}/$${item['DEST']}" ; done vars: - build_dir: ../build - src_dir: ../src - app_dependencies: - { src: vendor, dest: vendor } - { src: node_modules/app.js, dest: js } tasks: - name: Clean old build(s) file: path: "{{ build_dir }}" state: absent - name: Copy all app files copy: src: "{{ src_dir }}" dest: "{{ build_dir }}" - name: Create local.xml symlink file: src: /path/to/local.xml dest: "{{ build_dir }}/local.xml” state: link - name: Copy app dependencies (PHP & JS) copy: src: "./{{ item.src }}" dest: "{{ build_dir }}{{ item.dest }}" follow: yes with_items: app_dependencies Makefile Ansible Application Construction
  • 34. FROM centos:centos7 MAINTAINER Bas Meijer <bas.meijer@me.com> LABEL running="docker run -d -p 8080:8080 dockpack/tomcat:7" ADD ansible /tmp/ansible RUN yum update -y && yum install -y epel-release && yum install -y ansible tar && yum clean all && cd /tmp/ansible && ansible-galaxy install --force -r requirements.yml && ansible-playbook playbook.yml ADD app /var/app ENV DATABASE postgres ENV PATH $APP_HOME/bin:$PATH WORKDIR $APP_HOME EXPOSE 8080 ENTRYPOINT ["/opt/apache-tomcat/bin/catalina.sh","run"] Dockerfile?
  • 35. 
 
 - name: Build an image and push it to a docker registry docker_image: path: ./transmitter name: nexus-repo.example.com:5000/www-transmitter tag: v1 push: yes buildargs: log_volume: /var/log/myapp listen_port: 8080 docker_image
  • 36. - name: deploy docker-compose.yml template: src: docker-compose.yml.j2 dest: "{{ postgres_home }}/docker-compose.yml" notify: restart database - name: pull image for database environment: POSTGRES_PASSWORD: "{{postgresql_password}}" POSTGRES_USER: "{{postgresql_user}}" POSTGRES_DB: "{{postgresql_database }}" docker_service: project_src: "{{ postgres_home }}" state: present pull: yes recreate: never deploy docker-compose file
  • 37. Secure Software Delivery TEST ACCOpenShift Application
 Code Infra as
 Code Versioning Continuous
 Integration DMZ Storage Inspections 6 Eyes Code Review Code Quality Library Scan Equivalent Environments Pentest
 Dynamic Scans Automatic Tests SwarmLocal PROD Re-architecting Environments CloudVM