 Hello, my name is John Holly. I'm an open source developer at VMware and today I'm going to be talking to you about Ansible I'm trying to do a tutorial over the internet and to kind of give you an overview of What Ansible is what it does how it can help you build out better infrastructure and more consistent infrastructure, so If for whatever reason you want to reach out to me My email jholly at work or jholly at view more comm or warthog nine at eagles crag net Both work go ahead and drop me an email IRC Warthog nine. I'm on a bunch of the the different networks free node being the obvious one Twitter at wordy nine and get up at Warthog nine if for any reason you can't seem to track me down There are a number of people who you know who I am that who should be able to help point you in the right direction But feel free to reach out to me either Through any of these means so Let's talk about Ansible Ansible is one of the many configuration and management systems that are out there Ansible being very specifically targeted at large-scale infrastructure So there's a lot of different players in this space um if you're familiar with you know chef for puppet or Any of these kinds of pieces they exist specifically to help you manage Your infrastructure, so if we if we kind of take a step back and we go back to the you know The the bad old days, you know back into the 1990s Or even potentially before that the number of machines that a sys admin or that a Company would have could basically be counted on you know one or two hands Maybe one or two, you know the number of racks that they have filled with machines could be counted on one or two hands This isn't a lot of machines for for a variety of reasons. They were very expensive and It was much easier for somebody to be able to just directly log in make the changes that they needed to make and then Move on with life. Well Unsurprisingly fast-forwarding to today The world is a very different place. We no longer Measure machines in terms of even numbers if you look at the the large Data centers that are out there, they're not measured in number of servers or you know number of CPUs or whatnot They're measured in megawatts of power use. So we have gone so far beyond the scale of a single individual being able to trivially manage the number of machines that they have to to being into the tens or even hundreds of thousands of machines category where consistency and Reproducibility it becomes much much stronger a need than it used to be So things like chefs things like puppet things like ansible have all come about to try and solve this problem Ansible specifically Comes at this problem in a very different way than a lot of the other options that are out there Which I personally think actually makes it a lot more powerful a tool and the biggest reason for that is that it uses SSH directly as its mechanism of communicating with all the servers as well as being able to talk to other APIs more directly so What does this actually mean in the case of a lot of other options that are out there? The way they communicate is that you actually bring up a service daemon on the machine You want to configure that the machine that you want to control and that stays resident And that stays persistent for the entire lifespan of that machine that you want Assuming you want to control it. This has the advantage that it is a dedicated Channel for doing this communication for doing this command and control However, it also means that now you have an additional process that's running You have an additional authentication mechanism that you have to worry about There's a number of different pieces here that add to the complexity without necessarily actually making it better Now that being said Ansible Actually uses just SSH. So all of the Linux boxes that we can basically think of all Run SSH even you know Windows machines or you know small I or T devices all run SSH And this makes it a really common really easy way To at least start the process of getting into the device that you can actually start interacting with it And so what Ansible does is instead of you know having this piece there It just SSH is in and then passes over the pieces that it needs to run and then actually runs them This is really really awesome It makes use of a lot of the the system tools that are already there and on top of that the authentication mechanism is a very well understood Because we already you know if you're running SSH you already have to deal with how do you authenticate SSH? well now it now you just have an additional user that can make use of that machine and While you know SSH works really really great For you know your Servers and whatnot. Well, what about your switches? Well again a lot of the switches out there particularly the high-end ones, you know things from Cisco or Arista or Dell They all actually run SSH as well So you can actually SSH in and issue commands directly into an SSH session there So this actually still gives you a mechanism for not only controlling your servers, but your switch infrastructure You know your your NAS infrastructure a lot of other things start becoming available that you can use Now what do you do when you run into situations where you can't SSH into something? Let's take, you know, oh, I don't know VMware From the the ESX or the vSphere perspective they Those particular systems they don't want you SSHing into them They actually have a rich API for being able to control them either through a REST API or there's an older SOPE API that can actually go and control most aspects of your entire vCenter or ESX experience Now in the normal case Ansible will SSH out and run commands either On whatever you're doing. Well You can also Run things against a local host So if you actually have all the pieces that you need to be able to communicate With something like VMware Through it a an additional channel. You can actually just run those effectively against the local host that would then connect back out to the remote Endpoint and be able to configure it So that this is why Ansible gets very very interesting when you look at some of the other options They have a tendency to not really be able to you know, and I'm going to pick on switches because this is a really easy low-hanging fruit to pick on but they It's much harder to be able to configure or Deal with those if you need some sort of a resident process on them The fact that you can just SSH out to them even just normally like a normal, you know admin would An issue commands means that you can actually script all of this into an Ansible playbook and The other really nice thing about how Ansible works is that it works kind of the way Assist admin would approach Scripting this up themselves. So if you look at some of the other options, they tried to make this a very Perscriptive or very You give the the program the end goal that you want and you just blindly accept that it will be able to figure out How to get there Now this has some advantages because it means that you don't have to think too hard about how you get there But that's not the way a lot of us think that's not the way a lot of these things actually get set up So the way Ansible actually works is it's declarative in nature So it you do one thing then you do another then you do another then you do another and Really what this is is it's basically like a shell script that's running on the remote machine Although you don't actually write this in shell you write it in YAML And this is this gets passed off to the machine the remote machine to actually run And so you know things kind of happen in a specific order checks can be done You know comparisons and verification can also be done. So there's a lot of really nice pieces that can happen there So this is What Ansible is now Ansible is not bare metal provisioning The really big Reason for this is that bare metal provisioning is actually really really hard because there's no good way There's no common API. There's no simple way to to bring up a machine and just start spewing Stuff at it, you know set up hard drives and do all these kinds of things. There's some other products that try to do this They're they're much more complicated They're much more bizarre and that you actually have to really control the entire stack to be able to use them You know be able to net run your own DHCP run your own, you know DNS and you know a number of other pieces there So this can this mostly cannot deal with bare metal There is some movement to to be able to use some IPMI and some other pieces there Doesn't really quite work out the way you expect So more or less you're still going to need somebody to go in and get a basic operating system on there A really minimal install doesn't take that long. It's really easy to be prescriptive And it and it just you just need to get it up to the point where it has network and you can Log into it with SSH after that everything else can be be handled from Ansible It's also technically not configuration management Exactly sort of so really what this is is that Ansible is a piece of orchestration of a piece of Infrastructure to go and rebuild Servers or services and whatnot. It is not necessarily configuration management However, because in the course of trying to set things up you do need to copy configuration configurations out to machines set up make sure things are in place it basically acts as configuration management if you kind of think about it in a slightly askew way if You're going to use this for configuration management You are almost certainly going to need to make sure that you actually keep track of what those configurations all do Something like hmm source control which Ansible is also not source control So if you're going to do this use something like get SVN per force It doesn't all it almost doesn't matter what version control system you use But if you're going to do configuration management You almost certainly need to keep something like get around just so that you can keep track of what's going on and When things fail you can roll them back Now there is some caveats with with configuration management and source configuration Going on here Ansible is not a set or Ansible by itself is not centralized Anybody who has access to that machine with the appropriate permissions it can run Ansible against it So if you have a large system you could run the entire configuration and deployment From a laptop and then the next day to run it from a different server or Somewhere else. There's no specific central point here that necessarily is the source of truth Another reason why that that you may or may not want to use this for configuration management or source control Keep it keep that in mind again centralized It's not centralized unless you really really wanted to be this would require basically keeping all of the authentication Tokens in a central location instead of necessarily keeping them in more distributed fashion There's person cons to both sides of this That is outside of the the scope of this discussion, but it's something to be aware of it's not capable of making eggs and bacon at least not with external hardware and It's Yemo processing is not kind if anybody has actually dealt with Yemo before and in fact in in some of the examples I give further on um The yamble that the the the yamble does actually screw up. It's kind of a mess It's in some respects it's white space matters to an even further extent than you would expect even in Python So Unfortunately, this is the the configuration tool. It's both powerful But it's also slightly obnoxious And if you're going to be looking at the slides later on for things there's going to be yamble examples in there You the almost certainly you will not be able to tell the correct indentation There's not much I can do about it just because of the way Variable with fonts work Sorry, but please if you take a look at the the slides after the fact or you just open them up They should be available if they're not Yellow me on Twitter or something and I'll make sure to get those up somewhere where you should be able to find them there's also a couple of Virtual machines that are intended to go with this They're based on central seven at least at the time of this recording So that you can actually follow along and do exactly what? the the examples that I give later or all of or any of the code in here they were actually basically generated from Their own Ansible files themselves so that they're actually reproducible in a useful way They have been updated at least up to the point where That this video was shot and those should be available They won't necessarily be immediately available along with this Recording but they I will make sure that there is some sort of a note somewhere on where you should be able to get Your hands on those so they're about two gigs in size When you need to go grab them and I'll talk about the rest of that later, but Moving on and of course you can't really talk about ansible without also talking about ansible tower because it's going to come up so Ansible tower is basically Ansible itself is completely open source. You can you know use it In for your own infrastructure or anything you want, but the but it's not It doesn't have a gooey and it doesn't have a number of other pieces that are sometimes really really useful Those are all encapsulated into red hats Commercial offering which is ansible tower. It's basically ansible Everything you know and love about ansible except that it also has a gooey It does centralize everything, but it centralizes that so that you have job scheduling access control And a few other nice pieces. It's also where the commercial support for ansible has a tendency to go again, I work for VMware not not Ansible or red hat so If you really want to talk about ansible tower go talk to them. I'm Not going to spend too much more time about that from here so This is where things get a little exciting So let's talk about the VMs that we're going to work on I've already just kind of mentioned them There's two of them. There's a client and there's a target The client is arguably misnamed, but that is the machine that we're going to be working from So this is the machine that you know We would be typing things into so we can communicate with the the target machine Which is where we're going to be configuring that that machine specifically Um, I've already pre-canned the ssh keys So if anybody ever find these ssh keys, please consider these absolutely burned because They're basically publicly available on the internet with no password on their key in the whole line yards Obviously that I said like I said before the the the virtual machines are sent to us seven And everything should be installed for these to work. So all of the the examples that I'm going to give here Were run Exclusively on the virtual machines just to make sure they all worked and that's how how they were done They they will boot up and unfortunately my my video here is obscuring it a little bit But this will come up a little bit later in a video But once they boot up they should Show you what the you the username and the password are as well as any ipv4 ipv6 interface address that is associated with that bm This is so that You can actually figure out what's going on on that machine You know where where it's virtual a virtual machine address is and those kinds of things So, um, I would also like to point out that these were created and mostly tested with VMware workstation They have been shown to work with both aw directly in aws and With virtual locks. I haven't really tested them anywhere else. So your mileage may vary But they're relatively straightforward. They're not super complicated. There's not a lot Really weird going on there other than I've pre-installed a few things Or I have a couple of extra specific files for the purposes of showing folks everything So You know if you can't get this to work on whatever your your favorite virtual machine platform is Give me a ping. I may be able to help you I'm trying to make the these as easy to use as possible. So Um And uh, obviously like I said these work on Uh, these were tested on VMware workstation. They should work fine on fusion Um, obviously esx would work if you have it. That's although that seems kind of like overkill Um virtual box and aws have been confirmed to work Um, everything else is you're kind of on your own. So Let's talk about Some something really really basic Um, when you start when you start using ansible you need to tell ansible where The machines that you want to to interact with are This typically gets put into etsy ansible hosts There are ways of passing in this hosts file From a more from a more localized directory. So if you wanted to keep everything in get directly, that's possible Um, it just means that you have to pass some slightly different configuration options or switches into ansible when you run it Um, but the typical location is into etsy ansible hosts Um, I've already dealt with the ssh keys that we're going to deal with for the virtual machine And the simplest thing we can do is as it's written here ansible all so all of the machines that ansible knows to talk to um Run the module ping This literally just Verifies that it can access and talk to the remote system. And if you run that this is what you should get now You know, I show you the output, but let's actually take a look at what this actually looks like So this is the virtual machine booting up Um takes a little bit. It is an actual virtual machine. Um, I I didn't want to Delude the experience and I wanted everybody to kind of see what this looks like during its boot up process It realistically just looks like every linux box that ever boots in the universe. Um, so if you you've Never had to to boot a linux box. This is probably a new experience um But uh, yeah, so it boots up And in the off chance that it boots up And it shows you the login screen, but it doesn't actually show you The um ip information login Um, which in in this case is root and uh, uh tutorial underscore base And then just exit And that should refresh correctly It's usually a problem of the ip or the interface hasn't quite gotten a dhcp response in time So that is what it ultimately should look like. Um Once this is actually done. So again the username and the uh, uh, uh the password for the machine are written right there And the ip addresses should also be there if you want go ahead and log in Obviously, I can't type the um uh the password And you should be uh, um If for any other reason you need to look up what the ip address is without just exiting ip space adder Great way to get get back at that so Now that we've actually proven that we can um talk to the the the the local machine because all we've done Um from ping so far is the only thing in edsie. Uh, uh, uh hosts um Should have been this one machine now You are going to have to actually boot up both machine or both bm's to get both ip addresses um, and what you're going to put into edsie ansible host is actually exactly The um the 192 168 in the video example. It's 21 Dot 129 and on the the the slides here. It's 192 168 2 dot 131 Um, that's what that's all you need to put in there Um, there should be an entry in there probably the the 2 dot 131 entry You can just delete that and fill in the rest of the ip address that you need there. So Let's have ansible actually do something Because you know pinging everything making sure that it can actually do stuff Isn't all that exciting In some respects, but let's actually have it run something on the remote machine So if we run ansible all again, you know on all of the ansible nodes, it knows how to talk to um minus a And then give it a command it will run that on all of the machines Uh that ansible knows how to talk to so Obviously, we've already gotten to the point where we've got the machine up. It's running and if we just type in ansible all Apparently make sure that the uh, the host file is Correctly up to date which this one obviously is not and secretly here. I am updating the The ip or i'm looking at the ip address from the other machine And then if we do an ansible all Um Minus m ping this is what you should get Or in the in the specific case of this ansible all minus m ping obviously you get Uh it attempts to ssh out Obviously in this case, I haven't updated the the known hosts So accepting the fingerprint if anybody's curious that fingerprint should be the same across all of them This is what you get when ping actually completes correctly so um Ansible has actually done something at this point Now Let's have it go and do something a little bit different Let's actually write a playbook now playbooks are typically what Uh ansible runs it is a collection or a set of tasks for ansible to go and run Sometimes these include much more complicated roles Um in the simplest example I can give you it's literally hello world because everybody likes to run hello world when you write things um and It's a yaml file. So basically on your um On the client you create a directory called playbooks. Um, you create a file called hello world.yaml You write in what you wanted to do which is almost exactly what we just Did with ping and then We go ahead and run it So Let's see what that looks like. So in this specific instance, um, we're only going to hello world against the local machine Um, this is to show that you can actually run things Against the machine you're actually running ansible from Not necessarily, but not necessarily having to go all the way out and talk directly to a machine And I'm going to note one thing that's really nice In ansible if you add a name to something that name is what is displayed Um when ansible goes to run things So it's mostly just a nice way of defining what the task that it's going to do is So you'll see that um, there's a top level name for the hello world for the the entire playbook Um, and then the task itself has a name of hello world Um, they're free form text. You can kind of put anything you want in there And obviously we're using the the shell command to just echo Hi So once you've got that all written in And saved if you do ansible playbook and then the name of the playbook It will just run this obviously connected to the local machine It's actually going to build up a bunch of facts about the local machine Which we don't necessarily need for this But in a lot of instances you do want it and then it's just going to echo Hi now The interesting thing here is that We didn't actually have any output that we could visibly see Because the the output stream that's going on the the remote machine i.e local host in this case Isn't actually visible to us Okay, that's fair now Let's take a look at what this looks like if we go ahead and do this remotely And obviously the the output if anybody else is curious what this should look like Without actually just watching the the video that was embedded here. So um Now if we want to go and do this remotely the only thing we realistically need to change is the host's line there Now i'm also going to go down a little bit further here and we're going to add a copy So the copy module is basically how you get Um, you you copy files either that are locally or you end up creating files on the remote machine So we um, if you look at this, we basically pick the remote machine Um, we echo high Doesn't really we don't really see anything other than it should complete assuming that echo does exist And then we copy of um into a file Hello world now we specifically define what that content is instead of giving it a local file to copy over It's kind of like if you were to to echo um some content directly into and pipe it into a file This is basically the same thing So and the destination file on the roadside that we want to use is a slash temp slash test file dot text So, um I've got this correct Um, more or less we do the same thing Um, i'm just going to modify the existing. Um, hello world Um change the hosts in my example. It's 192 168 21 dot 129 I'm having to look this up because I didn't that scribble this down beforehand And then I go ahead and add an additional task for copy And if you're paying eagle-eyed attention to how this looks in the terminal window Um copy and um, and the name of the task above it. Those are both indented identically In a sec, um in this specific case. I'm also putting content and desk on the On at the same indentation level And this is going to come back to bite me in a second because content and desk are not the same those are Arguments to copy not arguments in and of themselves So the way this ends up getting processed Actually, um is wrong and unsurprisingly Ansel actually gives me an error um so mea culpa Um, if you're you're trying to read this off of the slides directly This is what what I specifically meant. I actually did end up reading this directly off the the slides And I missed that extra indentation even though I do this often enough that I should have known better So I add some extra indentation The amount of indentation doesn't actually matter, but the consistency of that indentation does so Fix that indentation issue for content desk and then rerun it obviously it's going to ssh out to the remote host again Um, it's going to gather those facts. It's going to run The echo high and then it's actually going to create slash temp slash test file dot text Just to confirm that this did what I was expecting. I'm going to ssh out to that machine As the root user and I'm going to cat that file and as you can see In the video there hello world Is in that file on the remote machine So yay, we have now actually configured a remote machine and um and done something to it Yay So um and again if you um didn't or didn't watch the video or something This is the expect roughly the expected output of what um, the that playbook should run so And um, obviously I've gone ahead and already shown That what is in the test on the remote machine is what I'm expecting it to be which is hello world So now that we've kind of talked about copying files Let's actually copy an actual file instead of just creating content into that file In this particular case, um, we're just going to use the copy mechanism I've already basically discussed it except that what we're using for source is actually a little bit different So in this specific case, I've already downloaded 20 000 leads under the sea um into the virtual machine um, and we're just going to to copy that copy of 20 000 leads under the sea into the remote machine So Nothing too exciting there um, again, I'm just going to end up um Creating this file, but I wanted to prove to you that 20 000 leads under the sea already exists on the virtual machine It was there It's Got a few kilobytes of data associated to it And then I'm literally, you know, just copying or rewriting the the entire yaml file here As I have to go look up the ip address yet again um This is kind of the the really wonderful thing for groups or host names When you start dealing with systems, um, it makes it So much easier But uh for this example just having the the actual IP address is what we're going to do because I don't want everyone to have to figure out how to do dns And all this other kind of stuff just to test this so and then We copy in the source we copy in the destination obviously src and dest are um Basically arguments that are being passed into the copy command Once we've got those all in there save it And we're going to go ahead and Run that as a playbook So Again, the the process that this is going to undergo it's going to go. It's going to Get a bunch of facts about the remote host. This is what it does By default at the beginning of every any time it runs there are ways to turn this off There are reasons why you may want to do this um And then um after it's gotten the facts and it's gotten kind of all set up so that it can run the next command Which is literally just copy 20 000 leagues under the sea to the remote machine under slash temp And um at this point as you can see in the video it should have completed And then at this point, um, I'm going to shaw 256 some the local copy Which gives you a nice giant Check some and then on the remote machine I'm going to actually run ansible on all of the remote machines And run the exact same shaw 256 except against the the path i'm expecting it to be And this will run and we'll get a response back on this one So um depending on what's going on and how you're running things you do actually get information back And as you can see from the video, um, we did end up Having the same Hatch so the file was copied over For anybody who didn't watch the video. This is what the roughly was seen okay Copying files is all well and good, but let's kind of move on to something a bit more interesting package management Everybody loves package management. We all need packages where you know the the generally the idea with a an ansible box um that you're going to admin is What you're going to do is are going to do the most basic minimal install You can just enough to get you up to ssh and have a network configuration Once you've gotten there you can process everything else But usually what this means is that you're missing anything else useful that you would want So in this particular example, um, we're going to make sure that core utils is installed We're then also going to make sure that ansible Is absent on the remote machine So we want to make sure that ansible isn't present on the target Because we don't actually need ansible present on the target when ansible wants to do something It actually bundles it all up and copies the entire thing that it wants to execute out to the remote host For execution including the um the predominance of it's the libraries. It needs to run it This is really really awesome Because your remote machine doesn't necessarily need to know anything about ansible to be able to take advantage of it Again the same reason that things like Switches and whatnot can take advantage of this when you usually can't install random packages for the most part And then we're going to install cow say because if you've never played with cow say, it's a fun stupid little utility that's worth playing with so Let's go ahead and do that so new playbook Quickly fill in um all of the intermediate pieces. This is this kind of ends up becoming Second hat for most people and in fact you're going you'll notice from the slides. I actually used the yum module um, which has technically been deprecated for the dnaf module, although it's just a Basically a search and replace for yum for dnaf But i'm um but in the video you're going to notice that i'm actually using package So package is a slightly more Higher level version of yum or dnaf and package what package can do is it actually takes a look at the system that you're running on And uses the native package management system instead of just assuming that you're on a red hat type system um, or sentos or fedora and using rpm or yum and actually gives you the option of using um apt or apt get or I believe even emerge and a few other things are supported But this basically makes it a more generic way of doing package management the For the most part like the state command and whatnot are all the same across things like yum or package um, but package unsurprisingly because it is It can be used across a much more or many more or distros It is slightly more limited in what it can do So if there there there can definitely be situations where you may need to actually fall all the way back to you know A distro specific situation If you're particularly if you're writing common rules across, you know different distros debian or bento of red hats and dos fedora And uh, but if you're just doing basic things package should work And once we've written the Uh, um the playbook itself we run the playbook and then this is going to chug for a little bit. Um in this specific case again it's going to fetch all of the the um The information about the remote system and more or less what this is doing is it's just filling in a Large variable set about what's going on on the remote machine. So, you know, what kernel it's running What version of the operating system it's running whether it's debian or fedora or sent off or whatnot And just basic information like that that you would then be able to reference in your own rules or playbooks And then um, again once that's done it's going to run through and it's going to make sure that core utils is present So if um, it went through and it figured out all of the packages that are available During that first step. It's going to know that core utils is already present and it's not going to need to do anything It's also going to notice that ansible is already absent because it's not installed in the remote machine And then it's actually going to install cow say Which was not actually installed on the machine Uh, well, I believe it wasn't installed because it took a little bit longer than I was expecting And then if you run cow say and moo against the remote machine Congratulations, you get a cow that says moo so And um for anyone else who's interested This is what the output of the playbook itself runs um But um Before we kind of wrap this up I want to give run into a couple of um additional things That ansible can do because right now If you followed everything in this particularly if you've used the virtual machines You've actually gotten to the point where you have done the most basic hello world tutorial for ansible And this should give you a jumping point to actually being able to go out and do additional things But I want to give you an idea of some of the additional pieces that you can do so um what you've got here on the top um is a Uh an example of groups so in etsy uh ansible hosts, you can actually define groups of hosts in this case um pi three dash hosts and a Um a host itself can actually be a member of multiple groups So instead uh, you know, when uh, when an ansible playbook asks for what hosts to run against you can actually give it a group So in my case, this would be a pi three dash hosts group um And as you can see I even specifically say that the ansible port to communicate on is four five six And i.e in this situation, I've changed what the ssh port is on my remote system Ansible should talk to port about four five six on the remote system and just pre defines all of them But I can also um Define for all of those hosts a variable And in this specific instance, I can redefine what the python interpreter is to python three So um for anybody who is um having to interact with more recent systems python two is dead Well, um yay And python three is now the de facto standard for python Except then on a lot of systems, uh, you're still going to run into right now Python two and python three are installed And there are situations where You may want to explicitly define that you wish to interact with python three ansible is um at this point all python three So if it if you can use python three on the remote system, that's probably the way you want to go um, and this basically Instead of just using slash user bin python this explicitly tells ansible that it should go ahead and use user bin python three um to run python commands on the remote system I also want to call out conditionals. So there's ways of creating variables inside of ansible and you can um Use those variables to define um Additional behavior. So things like um in this particular example Copied out of my own role role set. Um, I wanted to make sure that ntp with d was installed But um, I wanted to also make sure that when That it only did this for debium because unsurprisingly um different Uh distros call certain things slightly differently. So if you want to take a look at a patchy on uh fedora red hat or sentos It's httpd If you look at it from the debium perspective, it's a patchy too Well at some point, you know, if you want to be able to run this module on multiple different systems Sometimes you just have to define well if this is debium. This is what it is if this is fedora This is what it is and there are ways of taking entire, you know default variable sets and whatnot Um and making this a lot easier for yourself, but I want to point out that there are conditionals Um that can be used and they can actually be really really complicated and very interesting um, so That's worth looking at as well and because it um, I would be a terrible person to Leave you without Giving you some places to go and find additional documentation docs dot ansible.com is really awesome It covers a huge amount of really useful things In the entire ansible ecosystem. Um, and the the the documentation has attended cd very very good Um, so yay, this is it's not very often I legitimately get to to complement a project on their documentation, but ansible does actually Get a solid kudo here Um, and when you go to try and start doing things when you want to start doing more complicated things Let's say you want to set up ntp um For whatever reason or you want to play with crony Um, there's actually pre-built roles that have baked that people have baked together to do really complicated Very powerful things already for you. So you don't necessarily have to reinvent all of these wheels and sometimes these can be Um, incredibly useful particularly for being for standardizing things across your entire infrastructure Um, and you wanted to go and take a look for those in the galaxy. It's like package management Um to a certain extent for ansible roles But beware, you know, basically anybody can upload things So this is a bit more of a free-for-all a la npm versus, you know, something like a A distro level package management system. So keep that in mind. Um, and obviously places like ansible on freenode Are great ways to go and ask questions sometimes and unfortunately my my Large head is is covering up my own contact information Um, again my email jholly at vmware.com Or warthog9 at eaglescrag.net. I'm on irc warthog9 At the very least on freenode If you want to try and track me down on twitter, I'm at warty9 and on github. I'm warthog9 I would like to thank you for trying to go for taking the time to get through this. I hope it was useful Obviously, I look forward to doing this again In in person where I can actually help people more Going forward, but hopefully the fact that this has been recorded people will find this useful and We can actually Disperse we can disperse this particular tutorial a bit further. So Thank you very much I'm glad you guys got to watch a past me Speak at the micro or speak at a a webcam for About about 50 minutes. Um, I know the questions have been coming in I do want to highlight a couple of the ones that I've already answered that have already come in. Um In particular the first one, which I think most everybody has probably seen Um, where can you get the virtual machines that I was using in the demo? So there is a link to a dropbox. Please by all means go get it. Um, there's a directory and a zip file Uh, the zip file you just it's literally just the directory zipped up so that there's only one download blob Um, so if you download that be prepared, you're going to need a couple of extra gigs to uncompress it Um, otherwise just grab the directory. You should be fine. Um, there Let's see. What what other questions here? Um, yes, the presentation will be available for download on sketch Um, I will probably do that the next 10 20 minutes Um, because otherwise I'm going to forget and um, I know that people are going to want to be able to go and look at those examples, um More directly if anybody really wants them in a different format ping me on twitter or something And maybe I'll start a github or something like that and throw the throw those all up there in there um Let's see Uh, there was a question, um from eric adams about Um, are there any linux distributions where ansible is problematic or does it work about the same across all of the distributions? um, for the most part ansible is going to work Basically the same across the distributions. It's it's really where the distributions have differences is where you're going to end up having to Decode around problems. Um A package management is kind of where you're going to see this a lot just because um Various distributions call packages slightly different things They split certain packages up in slightly different ways and you're probably going to end up having to to have a bunch of You know, you know if debian if sentos if you know something um to make this all work so, um But otherwise, I mean like you log into a linux box. It's going to act more or less the same as any other linux box There's not a whole lot you have to do there Um, there was a related question about asking about raspberry pies The only thing you really need to pay attention to with raspberry pies and ansible being slightly different is that the raspberry Pie runs on arm most of the systems that um You you would necessarily interact with the ansible are all going to be x86 based There's not really a whole lot of difference other than the fact you just can't copy a binary from one system to the other or back and forth So that that's just something to keep in mind That you know, just don't literally copy binaries around um try and trust your package manager more Or you know building the appropriate checks, you know, if you're on an arm cpu You know only a copy arm binaries kind of stuff um Let's see Is ansible uh declarative or procedural Ansible of all of the these things has a tendency to be one of the the ones that's very hybrid between the the model You you if you think about like I said in the the actual presentation if you think about Um the configuration files the playbooks that you're passing to ansible They're they're you know, they're just literally, you know, do this do this do this do this um But what when you build up these big recipes these these big, you know lists of rules um You can actually turn these into to roles and the roles can be a lot more Complicated can end up being a lot more complicated and they can do a lot more pieces But you as the end user all you do is say I want ntp And then it wanders off magically and ntp is set up Um, or you know, like I've got uh an ssh module or ssh configuration module that I've got out on on my github Where it goes and it properly sets up additional or different ssh ports and it does a bunch of different pieces But all I have to do from my My playbook perspective is I just say include this and I'm done And then a bunch of magic happens and I I'm generally content So, you know, it's it's one of the systems that has a much more hybrid approach to to how that all works And again, a lot of the these pre-baked pieces you can find out on galaxy um, galaxy is going to be a really good, um repository for these things but keep in mind the galaxy is Literally the wild west anybody can upload stuff. So it's um The things that are up there are going to be a bit more like npm or or or whatnot Take them with a grain of salt look them over and make sure they're doing what you think they're doing um, this is not to say that um, things are malicious out there, but when you've got anybody can upload stuff and particularly when you're running a lot of these things potentially as root or with elevated permissions Or in places that you don't want bad things to happen Do your due diligence double check things. I mean, it's You know, uh, most of most everything that's out on galaxy is but has been really awesome from what I've played with Um, there was a question specific to the virtual machine. So obviously some people have gotten them downloaded and tried getting them up Um, the ethernet device, uh, again, like I said, I I've tested this I did most of my own testing on vmware Um, if you're running virtual box, I do know that Um, the interfaces changed in just enough and I don't remember how we fixed I want to say if you use like an e 1000 compatible interface this should work but if um, you're having problems with this and You're you're begging your head and you can't get it to work again ping me on twitter or find me on irc or or find me on slack um Just john holly, um There should be a warthog nine in my name on the os s uh, elc Uh slack, um, and I'll see what I can do to to give you a hand getting that up and running Um We've got new questions. Let me pump down here Uh, does man include ansible help? I want to say that the the manual page will have um Like the this uh, the command line switches and whatnot, but it's not going to give you the whole documentation So you're way better off going and looking at docs dot ansible dot com Um to look for the the the more interesting bits you can do Um, but if you're having problems like running ansible dash playbook or something like that The man page will will give you all of the command line switches to help you figure out what's going on there um Are there any ansible books, um, I have not gone looking for books because honestly the docs page is so good I mean It really is very rare For me to deploy something and have such good documentation available um If you haven't done a lot of sys admin or dev ops or you know just Old school systems work having this much documentation. That's this good. It's very rare And my hat really does go off to the the ansible crew for having such good documentation um My uh twitter account is at wardy. W. A. R. T. Y. Whiskey alpha. Romeo tango. Yankee nine Um, that's my public side if for whatever reason you forget that one. Um, since I go by warthog nine everywhere else I also have warthog nine I won't respond to you on that one because for legacy reasons that one's Um, a locked account and I'm not going to unlock it anytime soon. Um, but I uh, but uh, you should be able to find me there um Uh, let's see Uh, yes, my ssh config module is out on github. So if you go find my my github it was the last update to it Um, should have been this last week. Um, I think I finally cleaned up the git tree and finally pushed it out. Um, it's based on some work that um, um, uh, uh developer at red hat originally did Uh, to flip ssh ports around and I just kind of extended it. It's not complete. It's got some Issues if you're going to generally deploy it. I'm not opposed to fixing them. Um, particularly since I deal with uh, some fire Specifically setting up firewall rules and se linux permissions For those new ports and since I'm only using nf tables everywhere I've only done things for nf tables, but I'm not opposed to getting like firewall d properly bolted in there and all that kind of stuff um Or, you know, if you want to give me patches I I I will happily take patches. Um, uh, what is the best way Best way to organize big ansible projects. So this gets really Some of this is just going to get off into How you want to logically think about your own infrastructure? Um, the way I've been doing it, um for my own infrastructure is I actually cloned the roles directly into my own, um Copy so that I can actually track what version of the the roles I'm using So if you're um galaxy a lot of the time they'll tell you to to use the galaxy install command I'm actually just pulling those down directly into my own Reposit or into my own file tree into a roles directory and then I reference them directly from there Just for my own tracking purposes After that it's a lot of what you're going to end up finding is just how do you organize your own machines? How do you logically think about them? How do you group them? and You know, that's going to be very specific to everybody else's deployment. Um, and it's all going to depend on how many machines you've got and what you're doing and Just try you know, I think you know the only thing I can really recommend there is think about how you look at your own infrastructure And think about how you you want to parcel it out how you want to break it up You know, what are the common pieces? Um, and if you can write roles for that, you know, if you if you've got machines that are just um Uh, just web servers, you know your entire playbook for your your group of machines that are just web servers may just be You know include this role and then in your role you have all of the specific steps to to to recreate Um, you know the web server piece and that's not to say that you know, maybe you've got some you know some Very hyper converged kind of setups where you've got, you know a web server and a virtual machine setup or something If you kind of bundled these things together in in a way that you can include both of them as a role then there's There's nothing really wrong with with including them and kind of mixing matching and and putting things together To a certain extent ansible is going to be a bit like lego pieces Where you can kind of put them together in different ways and you know, I would love to give you some really good Recommendations on how to you know, how do I handle deploying 10,000 machines from ansible? I unfortunately do not have 10,000 machines To to to test us with test this with um, so I can't give you too many good answers on that front But I I can give you some generally Good ideas and good practices Just you know, think about how you actually want things to To be broken up and and be prepared to to refactor things You know, don't be scared to to redo things when you realize that whatever process, you know, whatever Breakup whatever organization you've currently got Doesn't quite work or you know, you think of something better You know that you know change is kind of inevitable and the more you and you know The more you recognize your own system and how it needs to grow The more you're going to realize how how this probably should all get put together um Is ansible overkill for setting up personal machines? No Shockingly enough. Um, if you really like, um, certain pieces of setup Uh, sticking this all into an ansible playbook and then just running it like, you know Say you've got a new laptop and you really like, you know, how certain pieces of bash are set up how certain commands are Are are, you know set up how, you know, what's installed those kinds of things? Um, all totally doable. In fact, I did a blog post on the VMware open source blog. Um Uh, where I actually, you know took the the It it's not technically deprecated, but it still works fine. Um, VMware workstation module and actually showed you exactly how to Get ansible to install the whole thing and set it up for you including the the, um Uh, the serial number, um for for VMware workstation. So this is so, you know, it's not overkill Um, but and and it can make, you know, like redeploying your system actually really straightforward for, um You know, I just want my system back to the way I You know, I like it. In fact, a lot of the the things I'm using my Uh, my ansible setup for is, you know on my servers or the virtual machines Just getting them to a level state where, you know, like, you know, debian right now if you have, um, FIM no x installed and you, you know, highlight something with a mouse The mouse actually does something completely different than what it or how it works on every other distro And so I have specific rules for like, you know, how to undo that problem Um, uh Just because I I really hate the mouse being as uh active in them as as it is in default in debian And so, you know, the it's not overkill So Let's see. Yeah, there is a couple more A couple other questions a little bit for the back that I glossed over um Someone asked all of the computers behind me Let's see if I can find There we go. Uh, that's just a screen. It's hooked up to a miniboard It's off I think. Um, that's That Laptop is actually the machine I did most of the recording on Um, which is uh, uh an old Think pad. Um, there are actually a lot of think pads on my desk. Um And that's probably and you know, there's a printer behind my head. So Um Anyway, um, I'm gonna take one more quick glance at the Questions and see if there's anything else that looks like it needs to be answered Um, if not, and that's kind of the way it looks right now. Um, thank you for uh, for all attending. Um Thank you for making it all the way through to the end and if you have questions, obviously Um, track me down on twitter track me down on slack. Um during the conference Um, I'm around I I I would rather answer your questions and help you, you know get through even, you know getting this far Um, so that you can start uh, taking a look at more things going forward. So Again, thank you for coming and have a good day