Here are the notes that I used in my talk at Infrastructure Coders. Each section was also put on the screen as a ‘slide’. The configuration that I used in the demo is available at GitHub. A full video of the meetup is available on the Infrastructure Coders Youtube Channel, my talk starts at 25:05.
0. There is nothing in the hat - Start a RHEL install - Cmd line: console=ttyS0 ks=http://admin01/ns3.cfg - If you want to follow the demos grab the ansible config from my github - You will need to substitute hostnames in the ansible hosts file - You should copy the firewall config from ns2 (remove port 647 if paranoid) 1. The problem - Ansible is the combination of several functions - There was a plan to build config management on func - However func is a pain to setup - Puppet and Chef have a steep learning curve - Ansible was also built to simplfy complexrelease procedures - You need to know ruby to extend Puppet/Chef 2. Ansible - Designed so you can figure out how to use it in 15 minutes - Designed to be easy to setup - Doesn't require much to be installed on the managed host - Designed to do config management/deployment/ad hoc - Other people do security better, just use SSH - You can extend ansible in any language that can output JSON
3. Simple Ansible Demo - Ansible hosts file - Ansible can be run directly on the command line - Run cat /etc/redhat-release - Get info using the setup module - It can prompt for auth, or use key based auth - On the new machine show it prompting - Run the rhelsetup script on the new machine - Install vim-enhanced 4. Playbooks - This is the method of scripting Ansible - Done in YAML - Executed in order *gee thanks puppet* - Designed to be as easy as possible
5. Example playbook - Playbook for the name servers - https://github.com/smarthall/tildaslash.com/blob/master/playbooks/zones.play - Can have multiple plays in a book - Can serialise if you dont want all to be down at once - Template config for the name servers - https://github.com/smarthall/tildaslash.com/blob/master/playbooks/zones/named.conf.j2 - Firewall install script - https://github.com/smarthall/tildaslash.com/blob/master/playbooks/firewall.play 6. My thoughts - Config management has been around a while, its going from art to science - Ansible covers more ground than puppet and chef do - Ansible doesn't compromise on simplicity to do that - I don't have to focus on the nodes, I can focus on services - There is something missing - Disk config is done in kickstarts - Network config can't be done by Ansible - Need to find a way to cover both with one
The playlist of all the videos is available at Youtube.