 So my name is Abhijit Pasoda, I am working as a senior software engineer in Red Hat. I work mostly on Ansible core team. So there I work on VMware related modules. So as you know, we actually provide you the modularity kind of architecture. And we have different modules for different cloud technology, networking technology. So in that thing I work on VMware technology. So about me, I am a free and open source software into a evangelist. I am a part of a core Ansible core team. You can follow me on Twitter on this hashtag. You can find my GitHub ID as this. Currently I am managing VMware community under the Ansible name spaces. So whatever is related to VMware, guest, hypervisors and all that kind of stuff, I am working on that. So today I am talking about how you can use Ansible and take it to the next level of the things of Ansible. Not limiting yourself to the just playbooks and rules. So I will be telling you about pluggable architecture given by the Ansible which are called as plugins. I will explain what are plugins and how, what are the different types. I will show you two existing plugins. One is like printer and second is action plugin. Then I will walk you through the demo of couple of plugins and I will tell you how you can write your own plugin. So just stop me if you have any question. I can answer that question and if it is a big question we can take it offline. So just to give you a brief idea, what is Ansible? Ansible is an open source IT automation engine which can be used as a configuration development tool or application deployment tool or a task automation tool. When you have certain kinds of tasks which are repetitive in nature, like deploying an application, configuring the application, then uninstalling it, cleaning up the part and all that kind of stuff, which are very repetitive. People try to use shell script, they try to use Python or any other scripting language in order to automate this stuff. So Ansible take this task to the next level. You can use Ansible for different types of tasks that I have mentioned. So what is the advantage of Ansible over other configuration tools like Chef, Puppet? So the first advantage of Ansible is agent-based. Agent-based in the sense you have a control node and you have a management node. Control node is the one where Ansible is installed and the managed node is where you are managing those nodes. So the software like Puppet, Chef needs to have agents installed on the managed nodes. But here Ansible gives you a cutting edge by not relying on the agent itself. So it is agent-based. Ansible directly talks to the managed nodes using SSH and get the real-time data or the facts related to that managed node and performs action on top of it. So that gives you an additional advantage that you don't need to store the data into any data list. So it avoids the bottleneck to the data list. It's like you are talking to the machine in a real-time gathering the information and returning back and performing some action depending upon that facts. So it gives you the additional advantage of not storing that data anyway. So it also removes the problem of steel data. Steel data means if the agent is providing some old data of a particular machine, the performance or the operations can go wrong. Means like if I am having an agent on top of any managed node and it is saying that I have this dead time in this thing and that is not matching with the operator or controller node. You have a drift in time and so you can go wrong in that operations. But when you have a real-time data like you are asking a managed node that what is the time? It is written in the time and you are performing operation on that time itself or that fact itself you cannot go wrong in that thing. So it helps a lot when you have a bunch of operations deploying in this thing. The second advantage that I am going to talk about is idempotent. idempotent is a phenomena. So I will give you one example like let's assume that you have one file located in some 10 directory. So the operation is like if you want to create this file, just create it and come back. And if that file is not created or it is previously created, don't do anything. So the atomicity of the operation is called as idempotent. Means like either the file is created, don't do anything and if it is not created then create it. So it maintains the stability of the system. It's like maintaining the atomicity of the system. That is why idempotent means like to give you one another example is like if you want to install any package on a particular machine you first go and check like rpm-qw that package name. If that package is available, you don't do anything. But if that is not available, you just do here install and install everything. So these operations help a lot. Like to give you one example like if you are deploying on 1000 nodes some package management thing and network goes down and you don't know how many systems are installed with the package and how many systems are without the package. But here Ansible will give you the additional advantage that it will detect from like I said it will gather the real-time facts from the machine and it will start from the place where it took off. Means like it will start from the place where it filled and it will start on the use. So you don't have to maintain the state of the machines which are in that operation. That is called as idempotency which helps in stability, consistency, reliability of your id environment. So another additional advantage of Ansible is that it is very simple to setup. It is just like pip install Ansible and it will install Ansible with its dependencies like Paramiko and other cryptographic libraries and all that. And even if it is a simple tool, it is very powerful. If you are using Ansible, you will know that it is very powerful because it comes with a bunch of models and a lot of libraries and all that kind of stuff. So any question till this point? So this is just an introduction how Ansible is working and how it is helpful. So we will come to the topics, talks topic that is what is plugins. Plugins are nothing but so Ansible is very flexible in extensibility. It provides you a facility to create plugins and attach into the existing system or work on top of the existing facilities. So it is very extensible and a lot of, so all the architectures of things are pluggable. So you can write your own plugin even if it is not available in the upstream report. So I will talk about a bunch of plugins. Before that I will show you, I will show you the repo of Ansible and how it is helpful and where are the... So this is my Ansible repo. I have just checked out of this thing. If I do ls minus other. So here is the cloned repo of Ansible. Over here if you see inside lib directory there is a directory called as plugins. So there are different types of plugins available. Plugins are nothing but additional libraries you can say which can be used by Ansible to perform certain actions. To give you one example like if you are trying to filter something. So I will give you one example so you will get to know how it is useful. So this is a plain Ansible repo. Here I am doing what it is running on a local host. I am not gathering any facts. I am using variables and I am performing two tasks. So the first task is just debug. Means like it is a print statement of Ansible. Just printing whatever the variables are available. The second task is I am using a full filter. So plugin filter is a special type of plugin which can be used to modify the certain behavior of the things. So if I run this playbook. So if you see I am using Ansible 2.8 and I am using the developed modules. And here if I run this module Ansible playbook. So you will notice that it printed that variable over here. And if you notice that there is some change in the second print. That this change is due to this shuffle. Shuffle is nothing but a filter which is used by Ansible to perform some action. So if you go in the source itself. So if I go in live Ansible plugins filters. You will notice that there are core functionalities available. The problem is coming from icon library random directly. So it is just shuffling the things which has provided to that thing. So I will just give you one more example. So these are all kind of filters available. So to give you idea like plugins are nothing but a specific type of modules. Which can be worked in order to handle the situation. So here you will see there is another filter called as 2yaml. So if I use this thing. If I want to use this filter. I will do what? I will just use debug. Debug is nothing but print statement of Ansible. And I will say just yaml. And if I run it again. You will notice the difference. So it took the variables from the Ansible. And it converted that into a yaml things. And if you check the source of that thing over here. It is doing nothing. Just importing yaml and doing yaml down. And using the things and returning the text from it. So it is doing some additional stuff on top of your stuff. So that is the advantage of using plugins. So there are different types of plugins available. Like there are action plugins. Cache plugins. Callback plugins. Connection plugins. Shell plugins. Strategy plugins. Lookup plugins. Wars plugins. Invented plugins. And filter plugins. So I will give you one more example of these things. So you will get to know how they are used. So action plugin is nothing but plugins which are used on a control node. Or a master node. In order to change the behavior on a master side. So let's assume that you want to add a host to a inventory. So that can be an action plugin. Because the things which are happening are happening on the master node. That is the sensible control node. So if I click on this. Action plugin. So it says that you can use these plugins with the conjunction with the modules. And do the task on top of master. Or an sensible controller. Okay. Then the second type of plugin is like cache plugin. So many a times you collect facts from the various environments and all that. So you don't want to consume time in gathering those facts. And want to cache that thing. So here the cache plugin will help you. So cache plugin will do what? Whatever the cache facts are gathered from the machine. It will store using the cache plugin. So there are different types of cache plugins. Like JSON file, memory cache, memory cache. So by default as it uses memory cache. Which is a RAM backed thingy. Then MongoDB as a fact cache database. Means like whatever the facts are gathered from the managed node. It will store them in a MongoDB database. Or JSON file. Or in a Redis database. Or it will store these facts in a YAML database. Something like that. Okay. So any question in this point? Like why cache plugin or action plugins are used? No? Next is like callback plugins. Callback plugins are nothing but plugins which can be used in order to change the behavior of a play. Means like you are starting a playbook. And then you want to modify the behavior of the play. Means like you don't want the output to be seen. Or if you have some secrets in your playbook. Which you don't want to show to the user. Something like that. So you can use callback plugins. Or to give you a good example. Like if you want to run multiple playbooks. And want to send the report directly to the mail. Or any system that means mail box. You can use this callback plugin. So you just have to whitelist the callback plugin. And use it. So these are different types of plugins available. So like I said. You have mail plugin. Which sends the failure or everything to a mail. Specified email. Then there are different types of other plugins. Like OSX say. OSX say is a plugin which if you enable that thing. And if you are running ansible from a macbook. So macbook will start speaking using say command. So it will say like playbook one running. Playbook one finished or something like that. So that is like a callback plugin. And you have different plugins available. In a scenario like when you have things. If you want to store your logs to a certain database or logstash. You can use logstash callback plugin. Which will gather all the logs. And put it into the logstash server directly. So these are different types of callback plugins available. Then there is a connection plugin as well available. Which is used for host connection management. So what is host connection management? So you have different type of connection. From the controller node to the management. Like SSH. Then in case of networking devices. They have their own proprietary protocol. Which ansible talks to the proprietary devices. So you can use these kind of things. Like to give you one example. Is like you have a docker container. Docker D1 running on a machine. And you don't have IP address. You cannot communicate to the docker container using IP. Then there is a way with which you can directly talk to docker D1. And with docker container D1 will talk to the container itself. So that is the flow. So ansible uses that and using this connection plugin. Docker connection plugin you can directly talk to the container itself. Without having the network connectivity. So that is the one use case we can see. Then there are different type of other plugins as well. So there is a winRM connection plugin available. With which you can directly talk to the windows machines. So you have ansible installed on Linux. And you want to control the windows machine. Then you can use this winRM connection plugin. And you can directly talk to the windows machine. Then for Solaris zones you can use zone plugin. So with which you can directly talk to the Solaris zones. Any question tell this point. So that there is a shell plugin. So shell plugin we have different type of shell. Power shell then SS shell then fish or CSH. Then you can configure this in order to use this shell. If you are not using bash or something like that. So this is very interesting plugin. So let's assume that you have written a playbook. And you are running it for 6 months and so on. It is working fine. One fine day it is not fairly. So how do I get to know why it is fairly. So there is a very interesting plugin called as debug plugin. So if you enable debug plugin. So it will put you into a 3db kind of thing. Python 3db kind of thing. And you can debug all the what is happening. And what kind of data structures are there available in the memory or something like that. And you can go to the pinpointer issue directly. Okay. Actually by default it uses linear strategy plugin. Okay. Then there are two available as well. Free strategy and host page. You can go through the documentation. And if you want to check out how they work and how they can be used. Then you can go through the source code. Okay. Then there are lookup plugins as well. So if you want example. They are like. So let's assume that you store your passwords in a centralized repo. So something like red slash or some free IPA kind of environment. And you just retrieve those passwords from that environment. So if you want to retrieve those passwords. You will need something on the fly over there itself. So you can use lookup plugins over there. So lookup plugins are nothing but modules which will talk to your credential management system. Take out the credentials from their thing. And put it into the playbook itself. So that is one of the use case of lookup plugin. You can use lookup plugin for different reasons as well. Let's assume that you want to read file into the memory. So you can use file lookup plugin. And you just specify the name of the file. And symbol will do what? It will open up the file and put it into the memory. And it will make it available to the playbook. And you can start working on that file contents. So that is how you use plugin. Lookup plugin. You can also query those things. Like if you have a dictionary. And you want to take out some variables out of it. You can use dict lookup plugin for that. So these are the few of the examples with which you can use lookup plugin. So like I said one password. Then query slash. Release query. Then release. These are different types of lookup plugins with which you can actually different actions. Then there is a worse connection plugin. So many a times you wanted to inject your own variables into the Ansible workflow. Then worse plugins can be used. So worse plugins inject additional variables into the environment. So there is only one good example. That is host group wars. If you want to put host group wars into your animal. You can use this variable and get the variables into the Ansible workflow. Inventory plugins. So this is very interesting type of plugin. So previous 2.5 release we had scripts which uses to gather the dynamic inventory. Inventory is nothing but a list of managed nodes. And to gather the list of managed nodes on the flag. Means dynamically creating the list of the managed nodes we use dynamic inventory. So previous 2.5 version we had scripts which can be used to gather the information from the inventory. So let's assume that you have an open stack environment. You spin up some VMs over there. And you don't know, so the IPs are very dynamic. You don't know anything about that. So you write a dynamic inventory script and you gather the information from there. And put that information in Ansible Playbook. And Ansible Playbook will work on those machines. So now inventory plugin will do what? So previous 2.5 release we need to run the Ansible dynamic inventory script on its own. With inventory plugin, dynamic inventory gathering part is part of Ansible core engine itself. So Ansible core knows about the inventory on the flag directly. So you don't need to rely on 3rd party scripts or something like that. You just use inventory plugins and the inventory details are available with the core engine itself. So there are different types of plugins available. To notice, let me tell you about this thing. So there is AWS EC2 inventory. So if you are running EC2 instances, then AWS EC2 will gather information from EC2 and put the information in YAML format and provide it to the core engine and tell you that these are the inventories available. These are the host wars and group wars and all that kind of stuff. And you can work on that dynamic inventory itself. Same case goes with Azure RM. So it will go to the Azure resource manager and pull out the virtual machine's information and put it into the Ansible's inventory directory. And it will work on that thing. So these are the inventory things available with the thing. Okay. After this thing, there is a last thing like I talked about. It's a filter plug-ins. I'm not sure what happened to this thing. Last many things. It's okay. So filter plug-ins are nothing but like I said, if you want to massage the data which is coming from or going to somewhere, if you want to do some manipulation, data manipulation, then you can use the filter. So it will do what? It is nothing but a ginger filter which will take the data, massage the data and output it in a certain way. So like in the previous case, we had a normal YAML data and we wanted to convert it into some other YAML. Or we had some JSON data and we wanted to convert it into YAML. Then we can use the two YAML filter and do the modification. Okay. So these are the different types of plug-ins available. We have seen the filter plug-ins previously. So we'll see one action plug-in over here. So all the plug-ins are available over here. In Ansible Laboratory, they are live over here. Ansible Live Ansible Plug-ins. So whatever I have talked about, those plug-ins are mentioned over here. So if you want to know more about them, how they work and all that kind of stuff, you can go through this directory and you can find their individual working functionalities. Okay. So I'll give you one example of action plug-in. So many of you must be knowing that there is a module called as command which executes command on the given machine. So here I am doing what? I am running a kind of command called as command and providing the parameter called as ls and normal ls command and running it on the local host user. So command is a module. Command is a module. I am providing the arguments with hyphen a, that is ls, and running it on a local host. If I run it, it will print out the list of the files which are available in this directory. And so how action plug-in comes into the picture. So if I go into the source of command plug-in. So here it is doing some additional stuff. So let's assume that... So here you will see that there is a line called as self-execute module. So this is the API which runs the module. So here it is doing what? It is taking additional parameters from the users and executing the module itself and returning the result over here. So I'll just understand this for right now and show you the real working module over here. So you'll get to know how they are working. I'll show you the example itself so you'll get to know how it is working. So I have written a small action plug-in. Okay, this is a bare minimum action plug-in. Action module is the class and it is inherited from the action base. And it has the built-in methods and we have to overwrite that method in order to make it happen whatever we want to happen. So here we are doing what? We are just calling the super of this thing and then we are displaying and here and then I am just changing the result of this thing to true and I am returning the result. So I'll just show you one playbook which uses this action plug-in. So here I am just specifying that sample is that action plug-in over here and I am storing that result of that thing in register in a variable called as setup output and I am just printing it out here. And if I run this playbook you'll notice that the task I would have any modules which is called as sample. It says that module sample not on. That means in that part there is no module called as sample. But we are using action plug-in. We have created one directory called as action plug-in beside your playbook play or playbooks and which contains a file called as sample.py. So it is picking up that sample.py as an action plug-in or a special kind of a module and running it and doing a lot of stuff. So if I run it again, providing hyphen vv you'll notice that there is a message coming. I am here. How that message is coming? If you go here, I have written display.vv. I am here. So vv specifies that I have specified hyphen v two times. So that is why it is coming from that. And why the status of play is changed to true because in this action plug-in I am explicitly changing the state of this thing. So while returning the result I am changing the status changed to true. You can imagine various scenarios like you can take an example like you want to remove some explicit data from your playbooks or modules or something like that. Like you have a Windows registration key or VMware ESXi license key or something like that. And you don't want to show that license key or any explicit protected data. Then you can just delete it from this result directory and it will print out to the result. And that is how you can leverage the plug-in itself. I will give you one more example of action plug-in so that you will understand it more. Let's assume that there are two machines like an Ansible Controller machine and a Managed Machine. And these two machines are not in sync. There are time differences very much. And you want to calculate that time difference. So how do you do that? Either you can write your own module or you can write a shell script that goes and checks the time from the managed node and comes back and calculates the time difference and report it to the user. But here I have done what? I have created one plug-in which does what? Here first it goes on the managed node runs the setup module on that machine takes the output checks whether the output is failed or not means setup whether the setup module failed on the other machine or not. If it is not, it will take out the date time from that machine means whatever the facts are available. I will show you one thing first. So if I run Ansible-M setup module setup module on the local host you will notice that this is a different type of facts available from the machine itself and there is a date and time available. So you will notice that it is reporting me some kind of data about the date and time and I want to use that data. So assume that I am going onto the managed node taking out the date time and calculating the difference in between the controller node and the managed node. So that is how I am doing over here. So I am checking whether the task is failed or not taking out the date and if the date is available from the remote machine then I am calculating the date of this controller node doing some data over here and creating a resultant data structure called as RET and RET contains data in second, data in time and data in microsecond and I am just returning that data into a new dictionary and returning back to the Ansible. So if I run it again using