This document provides best practices for using Ansible effectively and efficiently. It discusses organizing Ansible code through roles and playbooks with proper structure and naming. It emphasizes using Ansible modules over shell/command modules whenever possible. Other tips include separating configuration from provisioning, optimizing templates, and using variables and groups to simplify automation. The overall message is to strive for readability, reusability and maintainability in Ansible workflows.
This document summarizes the new features and changes in Ansible 2.2. Key points include:
1. Performance improvements including restored 1.9 performance levels.
2. New features like include_role allowing roles to be included as tasks, serial batches as lists, and end_play to skip plays.
3. Many new modules added across networking, cloud, and other domains. Deprecated modules include eos_template and others to be replaced with *_config modules.
4. Initial support for Python 3 with core features and essential modules now compatible.
Ansible Automation Best Practices From Startups to Enterprises - Minnebar 12Keith Resar
This document provides an introduction to Ansible, describing it as an automation tool capable of handling many powerful automation tasks. It discusses how Ansible works using Playbooks written in YAML to execute tasks sequentially on managed nodes. Playbooks allow describing an entire infrastructure and orchestrating application deployment, configuration management, and workflow tasks in an agentless manner using OpenSSH and WinRM.
A revamped version of the Ansible intro talk from February 2015, brought up-to-date for the January Ansible meetup in Berlin.
Join our group: https://www.meetup.com/Ansible-Berlin
This Presentation is an introducing to the IT automation environment, starting from a sys admin point of view.
The purpose of these tools is to help in troubleshooting and handling an heterogeneous it environment to ensure availability and reliability.
This document provides an overview of Ansible, an IT automation tool. It discusses Ansible's features such as being agentless, using SSH, and being idempotent. It also covers installing Ansible, using Ansible modules, writing playbooks in YAML format, managing inventory, and using ad-hoc commands and roles for automation.
Ansible : what's ansible & use case by REXSaewoong Lee
The document discusses using Ansible to upgrade MySQL from version 3.10 to 3.12 across 1000 servers. It provides steps to create backups and run upgrade scripts on each server using Ansible playbooks and bash scripts in a loop. It also asks how to make the deployment easier, safer and more comfortable. Later sections explain Ansible concepts like installation, modules, playbooks, tags, inventory, variables and demonstrate usage through examples.
This document provides an overview of Ansible including why it is useful, how it compares to other configuration management tools, basic knowledge required, and steps for getting started with Ansible such as setting up the control node, configuring Ansible, using ad-hoc commands, and creating a playbook. Ansible is an agentless automation tool that uses YAML files and modules to configure systems. It has a simple syntax and supports both Linux and Windows systems.
Meetup talk on my experiments with ansible-container.
Use ansible-container to provision docker containers using ansible, then ship them to kubernetes or OpenShift
This document summarizes the new features and changes in Ansible 2.2. Key points include:
1. Performance improvements including restored 1.9 performance levels.
2. New features like include_role allowing roles to be included as tasks, serial batches as lists, and end_play to skip plays.
3. Many new modules added across networking, cloud, and other domains. Deprecated modules include eos_template and others to be replaced with *_config modules.
4. Initial support for Python 3 with core features and essential modules now compatible.
Ansible Automation Best Practices From Startups to Enterprises - Minnebar 12Keith Resar
This document provides an introduction to Ansible, describing it as an automation tool capable of handling many powerful automation tasks. It discusses how Ansible works using Playbooks written in YAML to execute tasks sequentially on managed nodes. Playbooks allow describing an entire infrastructure and orchestrating application deployment, configuration management, and workflow tasks in an agentless manner using OpenSSH and WinRM.
A revamped version of the Ansible intro talk from February 2015, brought up-to-date for the January Ansible meetup in Berlin.
Join our group: https://www.meetup.com/Ansible-Berlin
This Presentation is an introducing to the IT automation environment, starting from a sys admin point of view.
The purpose of these tools is to help in troubleshooting and handling an heterogeneous it environment to ensure availability and reliability.
This document provides an overview of Ansible, an IT automation tool. It discusses Ansible's features such as being agentless, using SSH, and being idempotent. It also covers installing Ansible, using Ansible modules, writing playbooks in YAML format, managing inventory, and using ad-hoc commands and roles for automation.
Ansible : what's ansible & use case by REXSaewoong Lee
The document discusses using Ansible to upgrade MySQL from version 3.10 to 3.12 across 1000 servers. It provides steps to create backups and run upgrade scripts on each server using Ansible playbooks and bash scripts in a loop. It also asks how to make the deployment easier, safer and more comfortable. Later sections explain Ansible concepts like installation, modules, playbooks, tags, inventory, variables and demonstrate usage through examples.
This document provides an overview of Ansible including why it is useful, how it compares to other configuration management tools, basic knowledge required, and steps for getting started with Ansible such as setting up the control node, configuring Ansible, using ad-hoc commands, and creating a playbook. Ansible is an agentless automation tool that uses YAML files and modules to configure systems. It has a simple syntax and supports both Linux and Windows systems.
Meetup talk on my experiments with ansible-container.
Use ansible-container to provision docker containers using ansible, then ship them to kubernetes or OpenShift
Ansible is an automation tool that can provision, configure, and deploy applications. It uses human-readable YAML files called playbooks to define automation tasks. Playbooks contain modules that specify steps like installing packages, copying files, and starting services. Ansible Tower provides a GUI and API for securely managing Ansible automation at scale. Ansible supports both Linux and Windows environments through its agentless design and built-in modules.
Infrastructure as code is an approach to managing servers where their configuration is defined using code and version control rather than manual shell commands. Ansible is a tool that allows defining servers' desired state in YAML files checked into version control. It can automatically install software, configure systems, and ensure consistency across multiple servers using SSH without requiring an agent. Playbooks declare tasks to run that are idempotent, allowing Ansible to safely deploy changes. This approach improves on manual configuration by enabling testing, collaboration, and rolling back changes if needed.
Anas Tarsha presented on using Ansible for network automation. Ansible is an open source automation tool that is agentless and uses simple YAML files called playbooks to execute tasks sequentially. It can be used to generate device configurations, push configurations, collect running configs, upgrade devices, and more. Ansible modules run Python code directly on network devices to perform tasks. The demo showed using Ansible modules like ping, ios_command, and junos_command to execute show commands and change the hostname on both IOS and Junos devices. Additional resources were provided to learn more about using Ansible for network automation.
This document discusses Ansible, an open-source automation tool. It provides an overview of Ansible's capabilities including configuration management, orchestration, deployment and more. It also summarizes Ansible Tower which adds centralized control, RBAC, and other features to Ansible. Examples are given of using Ansible playbooks to automate tasks like installing and configuring Apache on Linux hosts and using Ansible modules to configure network devices.
This document provides an overview of Ansible, an open source tool for configuration management and application deployment. It discusses how Ansible works using simple YAML playbooks to define configurations and execute tasks across nodes in an automated and agentless manner. The document also covers key Ansible concepts like modules, inventory, roles, conditionals and loops. It provides instructions on installing Ansible via pip, yum or apt and highlights many of Ansible's core modules.
Vagrant, Ansible, and OpenStack on your laptopLorin Hochstein
The document discusses using Ansible and Vagrant together to easily test and deploy OpenStack. Ansible allows writing idempotent infrastructure scripts, while Vagrant allows testing them by booting reproducible virtual machines. The document provides an example of using Ansible plays to install NTP and using Vagrant to define VMs for an OpenStack controller and compute node.
Application construction is great with Ansible, using it for docker helps fight complexity, improves maintainability. And playbooks are portable from docker to cloud.
->Introduction
->>What is Ansible?
->>Ansible history
->Basic concepts
->>Inventory
->>Playbook
->>Role
->>Module
->>Plugin
->Diving into Ansible roles
->>Getting started
->>Create a role
->>Roles under the hood
->>How to use roles?
The document outlines an 90 minute introduction to Ansible using Docker. It discusses setting up the environment with Docker, using ad-hoc commands and playbooks to automate tasks like installing Apache and configuring variables. Exercises demonstrate inventory management, templating configurations with Jinja2, and other core Ansible concepts. The document provides an overview but does not cover more advanced topics like dynamic inventory, roles, writing custom modules, or Ansible Tower.
Fun with containers: Use Ansible to build Docker imagesabadger1999
Docker allows deploying applications in isolated containers. Ansible is useful for building Docker images because it provides consistency and portability for configuring containers in the same way as configuring hosts. Ansible roles from Galaxy can be used to try applications before deploying them by building Docker images configured with Ansible plays that include the roles.
This document provides an overview of Ansible, an open source automation tool. It discusses Ansible's core components like playbooks, roles, variables and modules. It also covers how to use Ansible for tasks like configuration management, deployment, security and continuous delivery. Finally, it mentions ways to get started with Ansible including using command line tools, the galaxy module to share roles and vault to protect sensitive data.
DevOps for Humans - Ansible for Drupal Deployment Victory!Jeff Geerling
Everyone knows it's a Good Idea™ to use a configuration management system (e.g. Puppet, Chef) to manage your Drupal infrastructure. But many people (myself included) have run into a wall of #wtfmoments when trying to learn the vagaries of traditional CM systems and their vendor-specific syntaxes.
In 2012, Ansible was released, enabling normal human beings to manage their servers with an easy, but powerful, CM system that uses YAML (just like Drupal 8!) to define configuration and Jinja2 (very much like Twig!) for templates. Not only that, but Ansible is also an incredibly simple and very flexible Drupal deployment and continuous delivery tool.
Learn how you can use Ansible to manage your infrastructure—including local development environments—and stop letting servers and deployments get in the way of development.
Ansible can be used for testing infrastructure, applications, and functionality. It provides modules like assert and wait_for that allow validating conditions and waiting for resources. Ansible roles, loops, and tags can structure test cases. Rolling deployments can integrate testing by deploying, validating, and adding instances behind a load balancer. While Ansible configures declaratively, additional steps like assertions allow verifying functionality before continuing.
This document provides an introduction to using Ansible in a top-down approach. It discusses using Ansible to provision infrastructure including load balancers, application servers, and databases. It covers using ad-hoc commands and playbooks to configure systems. Playbooks can target groups of hosts, apply roles to automate common tasks, and allow variables to customize configurations. Selective execution allows running only certain parts of a playbook. Overall the document demonstrates how Ansible can be used to deploy and manage infrastructure and applications in a centralized, automated way.
Ansible is an IT automation tool that can provision and configure servers. It works by defining playbooks that contain tasks to be run on target servers. Playbooks use YAML format and modules to automate configuration changes. Vagrant and Ansible can be integrated so that Ansible playbooks are run as part of the Vagrant provisioning process to automate server setup. The document provides an introduction and examples of using Ansible playbooks with Vagrant virtual machines to install and configure the Apache HTTP server.
Presentation of my TechTalk at eSapce (Every Thursday one of the departments make a session about something recently begun to use or a new technology, this was my session from SysOps team.) This is an introduction to Ansible, and how to get started with it ... and since then we moved to Ansible :-)
Ansible is a great tool for many purposes like: configuration management, contentious deployment, and multi-tier orchestration ... and more!
- http://tech.aabouzaid.com/
- http://espace.com.eg/
- http://ansible.com/
This document discusses automating network configuration and operations using DevOps principles and tools like Puppet. It describes using Zero Touch Provisioning (ZTP) to automatically install and configure Puppet on new network devices. Puppet is then used to configure and manage interfaces, routing protocols, users, and other network settings through an infrastructure-as-code approach.
This document summarizes Andrew Denner's presentation about migrating his blog from a WordPress/LAMP stack hosted on a VM to a static site generated with Jekyll and hosted on GitLab Pages. It discusses the pros and cons of each approach, including how the new static site will have a smaller attack surface and be easier to version control but lose dynamic features. It also provides demonstrations of using Markdown, Liquid templates, and Podman to build and serve the static site locally before deployment.
This document provides an overview of Ansible, an IT automation tool. It discusses key Ansible concepts like configuration management, infrastructure evolution, deployment flows, host inventory, playbooks, modules, variables, templates, conditionals, loops, roles, and more. The document also covers how to install Ansible, run ad-hoc commands and playbooks, and provides examples of playbooks, templates, and roles.
My talk from DevOpsCon Berlin 2016.
Ansible is a radically simple and lightweight provisioning framework which makes your servers and applications easier to provision and deploy. By orchestrating your application deployments you gain benefits such as documentation as code, testability, continuous integration, version control, refactoring, automation and autonomy of your deployment routines, server and application configuration. Ansible uses a language that approaches plain English, uses SSH and has no agents to install on remote systems. It is the simplest way to automate and orchestrate application deployment, configuration management and continuous delivery.
In this tutorial you will be given an introduction to Ansible and learn how to provision Linux servers with a web-proxy, a database and some other packages. Furthermore we will automate zero downtime deployment of a Java application to a load balanced environment.
Getting Started with Ansible - Jake.pdfssuserd254491
The document provides an introduction and overview of Ansible automation. It discusses what Ansible is, how it works, and how to get started using it. The key points are:
- Ansible is an open source automation tool that allows users to automate application deployments, configuration management, and workflow orchestration across multiple machines.
- It uses YAML files called playbooks to define automation tasks. Playbooks are executed across machines defined in an inventory file using SSH or WinRM with no agents required.
- Getting started involves using ad-hoc commands to run simple tasks, then moving to playbooks to define reusable automation. Playbooks use a simple YAML syntax and can leverage variables, conditionals, and roles.
Ansible is an automation tool that can provision, configure, and deploy applications. It uses human-readable YAML files called playbooks to define automation tasks. Playbooks contain modules that specify steps like installing packages, copying files, and starting services. Ansible Tower provides a GUI and API for securely managing Ansible automation at scale. Ansible supports both Linux and Windows environments through its agentless design and built-in modules.
Infrastructure as code is an approach to managing servers where their configuration is defined using code and version control rather than manual shell commands. Ansible is a tool that allows defining servers' desired state in YAML files checked into version control. It can automatically install software, configure systems, and ensure consistency across multiple servers using SSH without requiring an agent. Playbooks declare tasks to run that are idempotent, allowing Ansible to safely deploy changes. This approach improves on manual configuration by enabling testing, collaboration, and rolling back changes if needed.
Anas Tarsha presented on using Ansible for network automation. Ansible is an open source automation tool that is agentless and uses simple YAML files called playbooks to execute tasks sequentially. It can be used to generate device configurations, push configurations, collect running configs, upgrade devices, and more. Ansible modules run Python code directly on network devices to perform tasks. The demo showed using Ansible modules like ping, ios_command, and junos_command to execute show commands and change the hostname on both IOS and Junos devices. Additional resources were provided to learn more about using Ansible for network automation.
This document discusses Ansible, an open-source automation tool. It provides an overview of Ansible's capabilities including configuration management, orchestration, deployment and more. It also summarizes Ansible Tower which adds centralized control, RBAC, and other features to Ansible. Examples are given of using Ansible playbooks to automate tasks like installing and configuring Apache on Linux hosts and using Ansible modules to configure network devices.
This document provides an overview of Ansible, an open source tool for configuration management and application deployment. It discusses how Ansible works using simple YAML playbooks to define configurations and execute tasks across nodes in an automated and agentless manner. The document also covers key Ansible concepts like modules, inventory, roles, conditionals and loops. It provides instructions on installing Ansible via pip, yum or apt and highlights many of Ansible's core modules.
Vagrant, Ansible, and OpenStack on your laptopLorin Hochstein
The document discusses using Ansible and Vagrant together to easily test and deploy OpenStack. Ansible allows writing idempotent infrastructure scripts, while Vagrant allows testing them by booting reproducible virtual machines. The document provides an example of using Ansible plays to install NTP and using Vagrant to define VMs for an OpenStack controller and compute node.
Application construction is great with Ansible, using it for docker helps fight complexity, improves maintainability. And playbooks are portable from docker to cloud.
->Introduction
->>What is Ansible?
->>Ansible history
->Basic concepts
->>Inventory
->>Playbook
->>Role
->>Module
->>Plugin
->Diving into Ansible roles
->>Getting started
->>Create a role
->>Roles under the hood
->>How to use roles?
The document outlines an 90 minute introduction to Ansible using Docker. It discusses setting up the environment with Docker, using ad-hoc commands and playbooks to automate tasks like installing Apache and configuring variables. Exercises demonstrate inventory management, templating configurations with Jinja2, and other core Ansible concepts. The document provides an overview but does not cover more advanced topics like dynamic inventory, roles, writing custom modules, or Ansible Tower.
Fun with containers: Use Ansible to build Docker imagesabadger1999
Docker allows deploying applications in isolated containers. Ansible is useful for building Docker images because it provides consistency and portability for configuring containers in the same way as configuring hosts. Ansible roles from Galaxy can be used to try applications before deploying them by building Docker images configured with Ansible plays that include the roles.
This document provides an overview of Ansible, an open source automation tool. It discusses Ansible's core components like playbooks, roles, variables and modules. It also covers how to use Ansible for tasks like configuration management, deployment, security and continuous delivery. Finally, it mentions ways to get started with Ansible including using command line tools, the galaxy module to share roles and vault to protect sensitive data.
DevOps for Humans - Ansible for Drupal Deployment Victory!Jeff Geerling
Everyone knows it's a Good Idea™ to use a configuration management system (e.g. Puppet, Chef) to manage your Drupal infrastructure. But many people (myself included) have run into a wall of #wtfmoments when trying to learn the vagaries of traditional CM systems and their vendor-specific syntaxes.
In 2012, Ansible was released, enabling normal human beings to manage their servers with an easy, but powerful, CM system that uses YAML (just like Drupal 8!) to define configuration and Jinja2 (very much like Twig!) for templates. Not only that, but Ansible is also an incredibly simple and very flexible Drupal deployment and continuous delivery tool.
Learn how you can use Ansible to manage your infrastructure—including local development environments—and stop letting servers and deployments get in the way of development.
Ansible can be used for testing infrastructure, applications, and functionality. It provides modules like assert and wait_for that allow validating conditions and waiting for resources. Ansible roles, loops, and tags can structure test cases. Rolling deployments can integrate testing by deploying, validating, and adding instances behind a load balancer. While Ansible configures declaratively, additional steps like assertions allow verifying functionality before continuing.
This document provides an introduction to using Ansible in a top-down approach. It discusses using Ansible to provision infrastructure including load balancers, application servers, and databases. It covers using ad-hoc commands and playbooks to configure systems. Playbooks can target groups of hosts, apply roles to automate common tasks, and allow variables to customize configurations. Selective execution allows running only certain parts of a playbook. Overall the document demonstrates how Ansible can be used to deploy and manage infrastructure and applications in a centralized, automated way.
Ansible is an IT automation tool that can provision and configure servers. It works by defining playbooks that contain tasks to be run on target servers. Playbooks use YAML format and modules to automate configuration changes. Vagrant and Ansible can be integrated so that Ansible playbooks are run as part of the Vagrant provisioning process to automate server setup. The document provides an introduction and examples of using Ansible playbooks with Vagrant virtual machines to install and configure the Apache HTTP server.
Presentation of my TechTalk at eSapce (Every Thursday one of the departments make a session about something recently begun to use or a new technology, this was my session from SysOps team.) This is an introduction to Ansible, and how to get started with it ... and since then we moved to Ansible :-)
Ansible is a great tool for many purposes like: configuration management, contentious deployment, and multi-tier orchestration ... and more!
- http://tech.aabouzaid.com/
- http://espace.com.eg/
- http://ansible.com/
This document discusses automating network configuration and operations using DevOps principles and tools like Puppet. It describes using Zero Touch Provisioning (ZTP) to automatically install and configure Puppet on new network devices. Puppet is then used to configure and manage interfaces, routing protocols, users, and other network settings through an infrastructure-as-code approach.
This document summarizes Andrew Denner's presentation about migrating his blog from a WordPress/LAMP stack hosted on a VM to a static site generated with Jekyll and hosted on GitLab Pages. It discusses the pros and cons of each approach, including how the new static site will have a smaller attack surface and be easier to version control but lose dynamic features. It also provides demonstrations of using Markdown, Liquid templates, and Podman to build and serve the static site locally before deployment.
This document provides an overview of Ansible, an IT automation tool. It discusses key Ansible concepts like configuration management, infrastructure evolution, deployment flows, host inventory, playbooks, modules, variables, templates, conditionals, loops, roles, and more. The document also covers how to install Ansible, run ad-hoc commands and playbooks, and provides examples of playbooks, templates, and roles.
My talk from DevOpsCon Berlin 2016.
Ansible is a radically simple and lightweight provisioning framework which makes your servers and applications easier to provision and deploy. By orchestrating your application deployments you gain benefits such as documentation as code, testability, continuous integration, version control, refactoring, automation and autonomy of your deployment routines, server and application configuration. Ansible uses a language that approaches plain English, uses SSH and has no agents to install on remote systems. It is the simplest way to automate and orchestrate application deployment, configuration management and continuous delivery.
In this tutorial you will be given an introduction to Ansible and learn how to provision Linux servers with a web-proxy, a database and some other packages. Furthermore we will automate zero downtime deployment of a Java application to a load balanced environment.
Getting Started with Ansible - Jake.pdfssuserd254491
The document provides an introduction and overview of Ansible automation. It discusses what Ansible is, how it works, and how to get started using it. The key points are:
- Ansible is an open source automation tool that allows users to automate application deployments, configuration management, and workflow orchestration across multiple machines.
- It uses YAML files called playbooks to define automation tasks. Playbooks are executed across machines defined in an inventory file using SSH or WinRM with no agents required.
- Getting started involves using ad-hoc commands to run simple tasks, then moving to playbooks to define reusable automation. Playbooks use a simple YAML syntax and can leverage variables, conditionals, and roles.
This document discusses using infrastructure as code to automate server setup and deployment using Ansible. It outlines benefits like reducing human error, allowing developers and operations teams to work seamlessly through continuous integration and testing. Specifics of the infrastructure as code stack used are covered, including Ansible for configuration management, Docker for containers, and Vagrant for local virtual machine provisioning. Challenges and lessons learned around testing, debugging, and migrating existing systems are also presented. The overall message is that infrastructure as code takes time to implement but results in major improvements to deployment speed, reliability, and ability to rapidly iterate.
Docker provides containerization capabilities while Ansible provides automation and configuration capabilities. Together they are useful DevOps tools. Docker allows building and sharing application environments while Ansible automates configuration and deployment. Key points covered include Docker concepts like images and containers, building images with Dockerfiles, and using Docker Compose to run multi-container apps. Ansible is described as a remote execution and configuration tool using YAML playbooks and roles to deploy applications. Their complementary nature makes them good DevOps partners.
This document provides an overview of Ansible including:
- What Ansible is and how it compares to other configuration management tools like Chef and Puppet
- How Ansible works in an agentless manner over SSH and ensures idempotency
- The basic components of Ansible like playbooks, tasks, modules, variables, and roles
- How to install and configure Ansible including installing on control and managed nodes and using Ansible inventory
- Examples of using Ansible playbooks including tasks, modules, handlers, templates, conditionals, and loops
- Common Ansible commands like ansible-playbook, ansible-inventory, ansible-galaxy and how to use them
Introduction to WP-CLI: Manage WordPress from the command lineBehzod Saidov
WP-CLI allows users to manage WordPress from the command line by issuing commands. It has commands to manage WordPress core, themes, plugins, data, and perform other tasks like search/replace, deployments, troubleshooting, and scaffolding themes and plugins. Complex tasks can be automated with scripts. WP-CLI provides help and documentation on its usage and commands can be extended through packages.
Get hands-on with security features and best practices to protect your containerized services. Learn to push and verify signed images with Docker Content Trust, and collaborate with delegation roles. Intermediate to advanced level Docker experience recommended, participants will be building and pushing with Docker during the workshop.
Led By Docker Security Experts:
Riyaz Faizullabhoy
David Lawrence
Viktor Stanchev
Experience Level: Intermediate to advanced level Docker experience recommended
Zero Downtime Deployment with Ansible - learn how to provision Linux servers with a web-proxy, a database and automate zero downtime deployment of a Java application to a load balanced environment.
These are the slides from a tutorial held at the Velocity Conference in Barcelona November 19th, 2014.
Git repo: https://github.com/steinim/zero-downtime-ansible
Introduction to Ansible - (dev ops for people who hate devops)Jude A. Goonawardena
This presentation covers the fundamentals of Ansible and it is useful for the people who are seeking information to start using Ansible, what it is capable of and how to use it right. I purposely made syntax errors in certain slides to demonstrate how to fix such errors and giving the idea of the importance to write syntax right. If you have any questions please don't hesitate to contact me over my mail address judeashan@gmail.com. All the best!!
The document discusses plugins, generators, and gems in Ruby on Rails. Plugins are used to extend Rails functionality and are installed into a Rails application. Generators are Rails commands that generate code or files within an application. Gems are packages for distributing and sharing libraries, and the document provides instructions for creating a gem using Bundler that includes a generator.
PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...Puppet
Here are the slides from David Lutterkort's PuppetConf 2016 presentation called The Challenges with Container Configuration. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
Introducing containers into your infrastructure brings new capabilities, but also new challenges, in particular around configuration. This talk will take a look under the hood at some of those operational challenges including:
* The difference between runtime and build-time configuration, and the importance of relating the two together.
* Configuration drift, immutable mental models and mutable container file systems.
* Who configures the orchestrators?
* Emergent vs. model driven configuration.
In the process we will identify some common problems and talk about potential solutions.
Talk from PuppetConf 2016
This document provides information about Linux commands and system administration. It begins with an overview of command syntax and usage. It then covers topics such as:
1. Commands for managing users and groups, processes, services, and networking. Specific commands discussed include w, id, ps, service, netstat, ifconfig.
2. Commands for working with files and directories, including cat, cp, mv, rm, find, locate, chmod.
3. Commands for viewing system information, such as uptime, free, df, du, uname.
4. Commands for managing the filesystem, permissions, and ownership of files using chown, chmod, umask, lsattr.
Like many others, WordPress has been my personal blogging tool for a long time. A powerful tool for easy publishing! That is what everyone wants.
Large sites like TechCrunch and TheNextWeb use it exactly for that reason. And more enterprises seem to discover it as good solution to their too-expensive publication tools. But keeping those WordPress instances running requires skills and knowledge.
Because of WordPress extendibility and its very active community, you can do this too. This tutorial will teach you how use Ansible, Composer, WP-CLI, WP REST API, and Elasticsearch can push WordPress from a personal blogging tool into an enterprise-worthy level application. Out with FTP based SCM ... in with automated deployment, dependency management, and utterly fast search.
The document discusses automating software deployment using Ansible. It provides an overview of Ansible's basic concepts like inventory files to define hosts, playbooks to execute tasks on hosts, and roles to bundle related tasks. It then discusses using Ansible roles to automate deployments, including the ansistrano roles which can deploy applications by copying files, managing releases, and supporting deployment hooks. Overall the document presents Ansible as a way to easily automate and standardize software deployment processes.
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...APNIC
Adli Wahid, Senior Internet Security Specialist at APNIC, delivered a presentation titled 'Honeypots Unveiled: Proactive Defense Tactics for Cyber Security' at the Phoenix Summit held in Dhaka, Bangladesh from 23 to 24 May 2024.
Securing BGP: Operational Strategies and Best Practices for Network Defenders...APNIC
Md. Zobair Khan,
Network Analyst and Technical Trainer at APNIC, presented 'Securing BGP: Operational Strategies and Best Practices for Network Defenders' at the Phoenix Summit held in Dhaka, Bangladesh from 23 to 24 May 2024.
HijackLoader Evolution: Interactive Process HollowingDonato Onofri
CrowdStrike researchers have identified a HijackLoader (aka IDAT Loader) sample that employs sophisticated evasion techniques to enhance the complexity of the threat. HijackLoader, an increasingly popular tool among adversaries for deploying additional payloads and tooling, continues to evolve as its developers experiment and enhance its capabilities.
In their analysis of a recent HijackLoader sample, CrowdStrike researchers discovered new techniques designed to increase the defense evasion capabilities of the loader. The malware developer used a standard process hollowing technique coupled with an additional trigger that was activated by the parent process writing to a pipe. This new approach, called "Interactive Process Hollowing", has the potential to make defense evasion stealthier.
3. 3
COMPLEXITY KILLS PRODUCTIVITY
That's not just a marketing slogan. We really mean it
and believe that. We strive to reduce complexity in
how we've designed Ansible tools and encourage you
to do the same. Strive for simplification in what you
automate.
5. 5
Principal 3
THINK DECLARATIVELY
Ansible is a desired state engine by design. If you're
trying to "write code" in your plays and roles, you're
setting yourself up for failure. Our YAML-based
playbooks were never meant to be for programming.
6. Treat your Ansible content like code
● Version control your Ansible content
● Start as simple as possible and iterate
○ Start with a basic playbook and static inventory
○ Refactor and modularize later
WORKFLOW
6
7. Do It with Style
● Create a style guide for developers
● Consistency in:
○ Tagging
○ Whitespace
○ Naming of Tasks, Plays, Variables, and Roles
○ Directory Layouts
● Enforce the style
WORKFLOW
7
12. Group hosts for easier inventory selection and less
conditional tasks -- the more groups the better.
WHAT
[db]
db[1:4]
[web]
web[1:4]
db1 = db, east, dev
INVENTORY
12
WHEN
[dev]
db1
web1
[test]
db3
web3
[prod]
db2
web2
db4
web4
WHERE
[east]
db1
web1
db3
web3
[west]
db2
web2
db4
web4
13. Use a single source of truth if you have it -- even if you have
multiple sources, Ansible can unify them.
● Stay in sync automatically
● Reduce human error
INVENTORY
13
PUBLIC / PRIVATE
CLOUD
CMDB
14. Proper variable naming can make plays more readable and
avoid variable name conflicts
● Use descriptive, unique human-meaningful variable names
● Prefix role variables with its “owner” such as a role name or
package
apache_max_keepalive: 25
apache_port: 80
tomcat_port: 8080
VARIABLES
14
15. Make the most of variables
● Find the appropriate place for your variables based on what,
where and when they are set or modified
● Separate logic (tasks) from variables to reduce repetitive
patterns and provided added flexibility.
VARIABLES
15
16. - name: Clone student lesson app for a user
host: nodes
tasks:
- name: Create ssh dir
file:
state: directory
path: /home/{{ username }}/.ssh
- name: Set Deployment Key
copy:
src: files/deploy_key
dest: /home/{{ username }}/.ssh/id_rsa
- name: Clone repo
git:
accept_hostkey: yes
clone: yes
dest: /home/{{ username }}/exampleapp
key_file: /home/{{ username }}/.ssh/id_rsa
repo: git@github.com:example/apprepo.git
SEPARATE LOGIC FROM VARIABLES
16
EXHIBIT A
● Embedded parameter
values and repetitive home
directory value pattern in
multiple places
● Works but could be more
clearer and setup to be
more flexible and
maintainable
17. - name: Clone student lesson app for a user
host: nodes
vars:
user_home_dir: /home/{{ username }}
user_ssh_dir: "{{ user_home_dir }}/.ssh"
deploy_key: "{{ user_ssh_dir }}/id_rsa"
app_dir: "{{ user_home_dir }}/exampleapp"
tasks:
- name: Create ssh dir
file:
state: directory
path: "{{ user_ssh_dir }}"
- name: Set Deployment Key
copy:
src: files/deploy_key
dest: "{{ deploy_key }}"
- name: Clone repo
git:
dest: "{{ app_dir }}"
key_file: "{{ deploy_key }}"
repo: git@github.com:example/exampleapp.git
accept_hostkey: yes
clone: yes
SEPARATE LOGIC FROM VARIABLES
17
EXHIBIT B
● Parameters values are set
thru values away from the
task and can be overridden.
● Human meaningful
variables “document” what’s
getting plugged into a task
parameter
● More easily refactored into
a role
18. Use native YAML syntax to maximize the readability of your
plays
● Vertical reading is easier
● Supports complex parameter values
● Works better with editor syntax highlighting in editors
PLAYS & TASKS
18
22. Names improve readability and user feedback
● Give all your playbooks, tasks and blocks brief, reasonably
unique and human-meaningful names
PLAYS & TASKS
22
23. - hosts: web
tasks:
- yum:
name: httpd
state: latest
- service:
name: httpd
state: started
enabled: yes
PLAYS & TASKS
23
PLAY [web]
********************************
TASK [setup]
********************************
ok: [web1]
TASK [yum]
********************************
ok: [web1]
TASK [service]
********************************
ok: [web1]
EXHIBIT A
24. - hosts: web
name: install and start apache
tasks:
- name: install apache packages
yum:
name: httpd
state: latest
- name: start apache service
service:
name: httpd
state: started
enabled: yes
PLAYS & TASKS
24
PLAY [install and start apache]
********************************
TASK [setup]
********************************
ok: [web1]
TASK [install apache packages]
********************************
ok: [web1]
TASK [start apache service]
********************************
ok: [web1]
EXHIBIT B
25. Focus avoids complexity
● Keep plays and playbooks focused. Multiple simple ones are
better than having a huge single playbook full of conditionals
● Follow Linux principle of do one thing, and one thing well
PLAYS & TASKS
25
26. Clean up your debugging tasks
● Make them optional with the verbosity parameter so they’re
only displayed when they are wanted.
- debug:
msg: "This always displays"
- debug:
msg: "This only displays with ansible-playbook -vv+"
verbosity: 2
PLAYS & TASKS
26
27. Don’t just start services -- use smoke tests
- name: check for proper response
uri:
url: http://localhost/myapp
return_content: yes
register: result
until: '"Hello World" in result.content'
retries: 10
delay: 1
PLAYS & TASKS
27
28. Use command modules sparingly
● Use the run command modules like shell and command as a
last resort
● The command module is generally safer
● The shell module should only be used for I/O redirect
PLAYS & TASKS
28
29. Always seek out a module first
- name: add user
command: useradd appuser
- name: install apache
command: yum install httpd
- name: start apache
shell: |
service httpd start && chkconfig httpd on
PLAYS & TASKS
29
- name: add user
user:
name: appuser
state: present
- name: install apache
yum:
name: httpd
state: latest
- name: start apache
service:
name: httpd
state: started
enabled: yes
31. Develop your own module
- hosts: all
vars:
cert_store: /etc/mycerts
cert_name: my cert
tasks:
- name: create and sign cert
certify:
state: present
sign: yes
user: chris
name: "{{ cert_name }}"
cert_store: "{{ cert_store }}"
PLAYS & TASKS
31
● Understandable by
non-technical people
● CRUD (Create, read, update
and delete)
32. Separate provisioning from deployment and configuration
tasks
acme_corp/
├── configure.yml
├── provision.yml
└── site.yml
$ cat site.yml
---
- import_playbook: provision.yml
- import_playbook: configure.yml
PLAYS & TASKS
32
33. Jinja2 is powerful but you needn't use all of it
● Templates should be simple:
○ Variable substitution
○ Conditionals
○ Simple control structures/iterations
○ Design your templates for your use case, not the world's
● Things to avoid:
○ Anything that can be done directly in Ansible
○ Managing variables in a template
○ Extensive and intricate conditionals
○ Conditional logic based on embedded hostnames
○ Complex nested iterations
TEMPLATES
33
34. Careful when mixing manual and automated configuration
● Label template output files as being generated by Ansible
{{ ansible_managed | comment }}
TEMPLATES
34
35. ● Like playbooks -- keep roles purpose and function focused
● Use a roles/ subdirectory for roles developed for
organizational clarity in a single project
● Follow the Ansible Galaxy pattern for roles that are to be
shared beyond a single project
● Limit role dependencies
ROLES
35
36. ● Use ansible-galaxy init to start your roles...
● ...then remove unneeded directories and stub files
● Use ansible-galaxy to install your roles -- even private ones
● Use a roles files (i.e. requirements.yml) to manifest any
external roles your project is using
● Always peg a role to a specific version such as a tag or commit
ROLES
36
37. ● Coordination across a distributed teams & organization…
● Controlling access to credentials...
● Track, audit and report automation and management activity...
● Provide self-service or delegation…
● Integrate automation with enterprise systems...
SCALING YOUR ANSIBLE WORKFLOW
37
Command line tools have their limitations