 Kto zatím jichal? Těchal klid, což jel by to superal v tomto připřížení? Jeho. 10, 12, 14 je takový rodlý chvíl a po roky a to jsem se děl. No, tady by to bylo to nejlepší. A bylo to tam už. V dnesky můžete řešit... OK. Pěknávam všechno, když jen na řešit. Příšit, když jen chvíš, když jen chvíš, nebo můžete k nejlepší, možete, nebo můžete svědutit, když jen chvíš, když můžete sům, když můžete sům, můžete, můžete sům, že čekajte jen takový rodlý chvíl? No, si to mám. To je všechno, tak se z nejlepší sápad, že jsme proč je to. Mohlej, můžete, nebo můžete, Můžu bychom dělávat dělávat zvukovat. Myslím, že jsme vždyčí 10 minuty, protože můžeme dělávat hodně, že VGA nebo vždyčí. Vždyčí komputerů. Vždyčí. Vždyčí. Vždyčí 10 minuty. Ještě máte nějaký... Vrčitě, vrčitě. Co to máte za sesté? V toru setmička. Jo, nejaký vynus, nejaký vynus. Vemi to. O, tak. Kto se? Ještě vynus. Tak to dáme na to ve děláčku. A to dnes to dělá jiní, který vynus. Jo, právě. Tak jestli bude potřeba přetáhnout ten... Ještě bude přetáhnout tu... Ještě bude přetáhnout tu... Tak. Je to nějaký, který můžete vzítiť magického? Je to nekteré, protože než se vám vytvíjeme. Jsou to vždy, taky vytvíjeme. Taky vysvědeme, které vysvědeme. A zvukujeme, které vysvědeme. A které vysvědeme. A které vysvědeme. Vysvědeme. Vysvědeme. Vysvědeme, které vysvědeme. Vysvědeme? Vysvědeme. Huh? To je to, co se to závodit. Takže proč můžu mít David Carbone, jenka z prví, a se určitým, aby je velmi díl na doubě tady, se monděl, jak to určitý, aby určitým ty doubě s tím výzutě a jak se to určitý, aby se to určitý. Díky, díky, je to svý. První, co to děláme. Zdělám, jak se to vám závodit, co to tady vyspěle, a jak to vědět. Ale v segundo pětě se vám pročnout. Tady můžu dělat, když se to vlastně vlastně vlastně. Vždy, jak se to vlastně vlastně vlastně vlastně. Když nech Tady jsem vždyžil a vždyžil velmi o čefi, než v tom tady, ale jsem se zvuknil a vzládnout agent, aby začnout vzládnit. A to se to se nezavědělo. A teď jsem zvěděl, že je to veliké SSH-stále, který je veliký. Když jste přijednout s SSH-stále, který je veliký, když jste přijednout s SSH-stále, který je veliký. Když jsem zvěděl, že je komputer, jestli je veliký. Když jste přijednout s SSH-stále, který je veliký, který je veliký. Zvěděl by se povážet na sávroj sávroj sávroj sávroj sávroj sávroj sávroj sávroj sávroj sávroj sávroj sávroj sávroj sávroj sávroj sávroj sávroj sávroj. takže je to nejvědětné, takže nezvědětné. A to můžete provízenit a děpoužit. Můžete jít jednou tůle, které se zvukávává machine, konfigurává výstek, který můžete dát. A to můžete dát, který můžete dát, který můžete dát, které můžete dát, které můžete dát, které můžete dát. A to můžete dát, dát se z rolobou, dát se to, dát se to, dát to nejvědětné. Takéto zvukávává výstek, které můžete dát, konfigurává výstek, které můžete dát, ale nezvukává výstek. Je to mohl, že jde nějaké výstek, ale to se zvukává, že je to nějaké výstek. To je tady jen, které jde. Je to výstek, které jde. Můžete dát? Můžete dát? Oto to, které můžete dát. A to můžete dát, dát se to, zvukává výstek, které můžete dát. A to můžete dát, dát se to, které můžete dát. A je o zgromdy, který s theatrical ...me se se nejlepšími svůj litočky... ...Mě se nekdy se prožívsem se nějaké zeměství od 10 lýnsky... ...a to bychom. ...ač mi nezamysla jsi, protože to je asi podobná pro dální výměstvě. ...Unsymo je tak, že ono padí... ...jáme, jaké výny Repeat, které je svá vý occupied... ...dovědějí se na výmině. if you first start the answer provisioning system that sense of inclusion. It will set up a bunch of things. But if you start it again, it will not do anything. It will not change any files because the system is in desired state. and if you change the perception for inter interrupted, Což nebo vždyť kurčá hodinou. Vždyť v úžaslověme povedla hodinávou, což hodinou, kde musí to nějak se obžijá, kde musí to budu, akumulovat, akumulovat a taky, nebo se to hodiná. Je to jo sprát! Což nebo ho? Je to najsi neví na to, že to je začnout. Je to prostě hodinává. Nebo ne. Nebo takto ne. Jak nyná, každá na objadně. který se vyštímvat infrastruktury. Je to static inventory. Unciplejí se poslednout s dynámickým inventory který je technikáto skrip, že postačné na database a na Amazon a na Rex Space a někdo dělávala až dveří dvě informace o hostového, když nechce vytvozit v hostové věci možná zvědělať a máte to všechno na výzvy. A vždyť je to vždyť, jak tenhle výzvy a je tam vždyť, který se to vytvoře. Ale na to, který se všetí, všetí. Máte modu. Modu je nějaké, co... To je jedna z těžkého závodního těch. To je... t.ex. copy of file, user template, setup user on the remote server, create new amazon instance, or modify host files. Every action that you want to do remotely is done by module. There are even two not-so-good modules that command and shell, which just run shell commands. If you really, really need it, you can run arbitrary commands with Ansible. It's usually, if you don't have a module specifically for your need, it's somehow better to write one than use shell, because so with module it's easier to be at that word. I didn't put them, or well, I would just spell it randomly every time I would tell you it, and you know what I mean. There are hundreds of modules. If you want, you can go on the documentation, and well, I can show you. Actually, it's just huge. See, that's almost everything. Modules for installation of software on servers, some big IP, whatever it is, bundler for Ruby people, things like setting up cron or copy files. Oh, what is float stack? Oh, I don't know if this exists really. Modules for digital ocean, quite a bunch of modules for Amazon. It's like, you need something on Amazon, not a problem. And well, you are more likely to find a module for the work you need than don't. It's a RBM for ZFS for open stack, and that can just scroll down. And you have the idea. So we have the inventory, we know about our servers, and we can do something there. One more thing we need, it's variables. Usually you need to have some good abstraction. You need some variable like anything you need to describe. There are several groups of variables in several places when you can set up them. On several levels, as we have seen in the inventory file, there can be definitions of groups, and you have some named group vars. There you can define the variables for the web server group, like the port where Apache is waiting for. Or you can have defined variables for the server, except one server you need. And you can define the inventory, too. It was probably somewhere in that template inventory we looked at. There are special, another type of variables that are facts that are taken from the remote server. If you have ansible installed, you can now try this line. And this will run the setup module that fixes all the type of your computer. And you can see ansible is talking to Jason. And there's quite a plenty of things. I hope there's no password. I think no password there. Afraid of scrolling down a little now. Oh, IPv6 addresses. Oh, sorry. You can see there's quite a bunch of information. And about my IP address, don't address me now. Device, oh, so hard drives. Oh, everything you may need. Yes, I'm running on typion. Maybe interesting. And just so you'll see that I have stable distribution. Oh, oh, oh, oh. That was not nice. Some environmental variable. I will have to change some keys, I guess. And you can see there's really many, many types of processor disk sizes, disk usage and the hostname of computer, internet devices and almost everything. You won't know about the computer. And host on KVM? No. OK. And it's not 100% precise because, yeah, host, not guest. OK. It's OK. The KVM is there, actually. I can, with the setup module, I can get a bunch of information about the computer I'm on. I'm provisioning. The thing is, even if you have a puppet or chef installed, Ansible will detect their factor and add their facts to Ansible facts. So if you want it even longer, just install a puppet and you will see. Now, we've been speaking about modules and inventory and variables. Now, task. Task is one little part that will use module and do the thing you need from it. Play is set of tasks. So it's like, if you need provision approach, you need more than only one task, only install it. You need to upload configuration, restart it and things like that. And a playbook is a set of plays. You can provision in one run. You can provision web servers and MySQL servers without a problem. Just one play will be web servers. Second play will be MySQL servers. And the third one will be local answer. Why not? We have one additional thing. It's a role. Role is something like function in, or maybe an object in C++. I hope it's object-oriented programming is still a thing. And I learned about it on school ten years ago. Maybe, I don't know if I hear it. So it's a way how to abstract, for example, approach installation completely into role. Very short difference between playbook and role in the second part. Now, another thing. Tool set. We tried Ansible command. This is for ad hoc commands. If you need, for example, shutdown every web server you have in your web server, just Ansible, Minus and command and service approach stop. All go. But don't blame me if somebody will complain about it. And the same thing, you can use any module available with one shot and send it on any group or any server you need. So one time upload of file, installation of any package, or, for example, I used it for removal of the not-so-well-provisioned VHOST file that shut down my approach servers on several computers. So I just quickly write down Ansible command and removed the VHOST file. It was done. Ansible playbook takes the playbook, which is the YAML file, and goes through it. Playbook typically has set of tasks and do something. You will see it in the second part. Now, there exists a hub for Ansible roles. It's Ansible Galaxy, and there's quite a lot of roles from whoever will upload them. It's a great place for, well, it's like you can download a role if you need something like a web server, MySQL server, any load balancer or something. Well, almost everything. You can look at the Galaxy and it will be there. I would not say take it and use it. I would say look at it, maybe modify it, to fit it into your environment and use it. But it's a perfect place to look. And Ansible Galaxy is the command line program that fetched the roles from Galaxy. We will show it, we will use it. Ansible world, if you need some credentials hidden in your configuration files, the Ansible world can encrypt it. And we can try to cover it later. When I've been thinking, what can we actually do, try to learn it, I thought about some load balanc, high available lamp stack, we've replicated MySQL, and it would take four hours maybe more. It was tempting. I thought maybe I will be able to stand here for 50 minutes before they will take me away. That's the thing, I got an email that I will have only 40 minutes. So I thought, OK, maybe 50 minutes. I was pretty sure that after hour they will take two gorillas, will go here and take me out. So I thought we will have to start with something slightly more easy, which we will be able to do in half an hour. So, unfortunately, in an hour and a half it would be better, but never mind. So now we will try to use Ansible to install NTP server. It should be easy, and NTP server is quite easy to install and configure. And I will show you how to do it through Playbook and how to create a role that will have everything and we will see the differences between it. So, the first. And I have prepared it because I don't like to write if I'm on some workshop I don't like to write a code just to write it. So you may now download the repository. So, my slides will be on... If you will go here I can upload it on USB without a problem. I believe everyone has told it now. So, this is the Playbook. And at the same time it's a Play. Play always starts with the host. Here I tell to Ansible that I provision only local host. That's a single host. There should be web server. As we have seen in host files the web server group can be web server. Can be even all, which means every computer in the inventory. There's some Play white settings. Become means use sudo to switch to root user. Well, it actually can use the su. It can maybe use the windows run as if you configure it. It's configurable in a config file. But by default it use the sudo and the root user. You can override it if you need it. Like write it there. You can see it's in Ansible reads the YAML file. So, what it actually can, I think it can read in JSON file as input, but I have never seen the Playbook in JSON style. You can see I have defined some variables here. It's NTP state and servers. And NTP state, it's variables I'm using to look further down, I will show now. Here, there are the tasks that are doing the actual works. There's several sections. It's variables for tasks and there's handlers, which I will explain a little further. Now, I was thinking my work is to provision NTP server. So, I try to use it to do it as many architecture as possible. For this demo, it's on Red Hat and Debian type of computers, which is majority of what is running on Linux Word, I believe. So, I will go through every task and say what it's doing. I have some variable definitions here, but I need some variables dependent on type of server because NTP can be NTP on one architecture and can be NTPD on another one. So, I have to choose somehow. And I'm using this little trick. I tell Ansible to include variables in a variables directory. And I'm using the fact that if we go back to fact Ansible then you can see that one of it is Ansible Operation System Family, which is Debian Ubuntu and Red Hat on Centos and Red Hat, of course. And well, Jintu or Jintu, whatever. So, I'm here using a little trick to get the variables for the specific use case because name of service can change. Configuration directories can be different, especially Debian tends to have for MySQL, it's ATC MySQL, MySQL Conv for Red Hat, it's like ATC MyConv and so on. So, every service, same service where several architectures can have different paths, names of configuration and these are all things I read from files Red Hat, Jammel or Debian, Jammel here. Pretty easily, it's not true anymore but you will see it probably quite in many examples. There has been the specific package modules different for YOM, for apt. That's why it's twice there. Both tasks install the NTP. Now Ansible can work with Package. Has a package module that choose the package manager you need on the architecture you are. So, it's a new thing in Ansible 2.0 so it will be easier to write things like that. But it's also a good thing, good place to show you the variables to loops and conditionals. The name is just the name. It is what it's shown when you write. You can see tags. Every task can have one or more tags. Oh, OK. Five minutes. I missed ten minutes. Can you show me ten minutes again? OK. You can tag every tasks by many tags. And you can play only the tagged tasks. So you don't have to run provisioning of everything. You can narrow it down on NTP or configuration of something like you know the problem at all. YOM is the name of the module and its parameters. You can see it's not YAML. If you are familiar with YAML it should be written more like this way. It will be possible and it will work too. Ansible prefers to the shorter more compact way when you write it on one line. I usually use it because I just don't like too big tasks. But if there is far too much parameters which is technically on cloud modules almost everywhere. Because it's more you can see go through it better I think. And there are two things. You see I'm using NTP state variable that is defined here which is present. And this means actually install it if it's not there leave it be if it's there. You can override it to absent we will show you. I will show you. It's present so install NTP. And here you see item which is somehow magic variable because it's working with items and NTP packages. In NTP packages they are defined there. It's an array of files I want to install or programs. And well it's NTP only because NTP is so simple. And if you would install PHP for example you wouldn't spoil PHP and PHP JSON PHP PDO and things like that. And with items cycle through the array and add it here. So this way you can do a loop you don't have to do task install one program install second one third one you do it in array this is the way how Ansible is doing loop loops on the task level. In the second release which is month old that it's possible to define blocks and I think you can do loop through the whole block but I haven't tried it yet. This is sometimes this is bad because you can do loop task. So if you need two actions it's really hard to do. But it should be OK with blocks now. Now here is actually and the when only if Ansible family is redhead. Which is because you is only redhead. Does anyone has Fedora here with the new package manager? Perfect. I don't know if it will work actually. I'm not sure if we don't need something like Fedora here. We will see. Perfect. Here it's basically the same thing there's one thing more it's environment. I'm overloading the default environment. Yeah. I think I mentioned it that there's package model already but I'm thinking in old way still it's like two years you are using it like this. So there I redefined the local environment for run and it's one thing I don't like one thing on Debian really much. If you install the server package it will start it up automatically sometimes. So this little trick to force it to not start it because hey Debian thinks it's installed in run level one which is known at foreground level and it will not start the package and I will start it later when I want. I like the centers because well if you install package it's in start not start different things. Next thing I use the template model with NTP configuration you can see that again I have the different configuration for different architecture and I upload it whenever that architecture has its config file directory and whichever it's name is then I use notify which is another thing that only if this task is changed 5 more minutes maximum because it's the two last tasks and after the 5 minutes we will have break. Actually if you run a task it can be failed if something go bad it can be okay which means nothing changed and it can be in changed state that something changed and if it's in changed state then I will run a handler which is defined here in second part as you see this is not task but it's normal task but it's file of only if the configuration file has changed so you don't have to restart any service when it's when actually nothing happens or you can for example if you install the MySQL service then you can notify and upload the test and it will not be it will not happen again because you install it only once and it's installed next time and the last thing is start ntp server if it's installed and there's a when here module is service, name of service and what to do and it will state when we don't want to try to start it if we remove it in a previous step and this playbook can install or remove the ntp I will show you how we will try to start it but after the break ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... Vůbec se to vyskáváme. Můžeme základat tím, že se vzájíte o něco, co by je představila. Vzájíte základ těch, co by je skvělává. To je svět, co je základ v základu k výkorek. To je něco, co by je základ byvá základ. Některá základ je základ, co by nezáklad. Takže se základnit kdo nejlepší vám. It's a good place order for anyone. If you see, oh, it's done by Manceble, don't edit it by your hand, because it will be lost sooner or later. You can see that the variable starts with double... Well, a parent says this. And actually, if you know Jinja, it's just Jinja. There's the example for loop. You can have the conditionals, there's filters. You can find more on Ansible documentation about Jinja True. You can use here. We have NTP servers variable defined, which is array of servers that should be used. And I just loop through it and generate four lines server variable. And a burst. The Red Hat and Debian configurations are quite different, even if I try to show you differences. Then you can see they're actually quite different. But I think it's more like if you have time and want that you really can do one NTP conflict without a problem. So another one, another directory is variables. You see that the first task in the playbook is to load these variables. And you see for Debian, it will load a set of packages and config files and default servers. Thus for Red Hat NTP is same in this, but the name of service is different. And configuration is same in here and different servers. And they are then used in the tasks run. So let's try to run it. Now, if you will use it as I will on localhost now, you will need to provide a pseudo password. If you don't, if you are not able to switch to ruled, well, I cannot imagine you are not. So let's try it. I see, sorry. And here. That will not work. Is it better? Ansible playbook is the command line that runs a play and it's NTP dot yaml is the file where the play is. So I try to run it and I will need to enter the pseudo password because I cannot switch to pseudo without password, which is the minus key. Now I run it and I have cows enabled. So, that's a great feature in Ansible tool. You can have a random cow at every task, but, well, and there's nice cows. It's like, there's a big dragon, actually. I didn't know about cow say before I start using Ansible. OK, you can see the cow does that there's a play and it starts a setup by default. If you start the play on a computer on any computer, it first automatically call setup module get the variables from the computer, which is what happens here. And here you see, there's actually the name I have put into the YAML file, just to know in which stage it is. You see, I'm on Debian, so it's skipping the Red Hat package installation. And it tells me that I do have NTP already installed because it's OK, it's not installing anything. And here I had a different configuration, so it changed. And here it's OK again, because NTP is running. Now I need to restart it because the configuration has changed. And I think I will try thinking how to disable the cows and cows. Oh, that would be better. So that's more, I think. It's not so much fun anymore. But you see, I have run it a second time and changed our zero. It's a zero because nothing new happened. Now let's say that I would damage somehow my NTP configuration. Like, oh no, no, no, somebody is deleting that. And now I can run it again, but I will run it in check mode. And I want to see the differences. And you can see, there would be two changes, nothing happened. If I run it again in check mode, it will again show me two changes, because it's not doing it. And I can see, OK, somebody deleted these parts of file. So Ansible will put it back and restart NTP, so we will know it's working again. That's a thing. OK, we have 10 minutes left, so I will fast forward it, because that was a playbook. One file where you have everything on one place. So now I need it here. We've been talking that Ansible Galaxy is a tool that installs Galaxy role for you. And the David Carbon is my GitHub account and Defcon for 2016 NTP role is in the role. That do the same thing as our playbook, but it's in the role itself. So you can see the differences and you can install it by Galaxy tool. And if only 10 minutes left, I guess it will be your homework to look at that, I fear. You will see mostly that the role has several directories for tasks, for variables, for handlers. So what is in one place in playbook, it's in several directories by a logical thing. You will see the exactly same task there, but it's more structured and it's reusable, because this playbook, the thing is this playbook was specifically for host localhost. If you want to share it with someone, he would probably want to change the groups. But if you have role, you can do a minimal playbook like host, localhost use role NTP. And the other person will download the role and use host my all servers role NTP. And it will use the NTP setup on everything. The role itself cannot be run, but it's easy to run it. All you need is like this. This is the equivalent for the playbook, it's a little shorter, but it's because the NTP role is in another place. And you can use it on any bunch of host you need. This is playbook, so you can run it with Ansible playbook and this NTP. And it will do the same. Playbooks can be more complicated. If I need, I can do some debug message. You can combine the tasks and roles. One important thing in Ansible, in Puppet, you define something that should be applied on server and Puppet define when it will apply it, in which ordering. In Ansible, it's much easier from top to down. So if you define your playbook and the appache will be first, you know the appache is the first thing that is provisioned. And I personally find it, again, easier. It's more easy for me because I know if it fails, if the playbook run fails, it's usually because I've made a mistake. Sometimes the Puppet, it is said that if Puppet fails, it means you have not defined the dependence as well. But somehow I found myself unable to define them well. But that's maybe, as I said, the Puppet is really not my thing. It may be a problem in me. But if you have the same problem, Ansible may work better for you. So this is it, and this is me. I thought about including a photo, but you know, their life is better. Let's hope. But the photo is photoshopped. Maybe it would be better than me now. Never mind. And if you want to ask anything, we have about 5 minutes left. Never mind. My voice is beginning to... We are using Chef in our company. Chef is working with a patient similar to you. So my question would be, what is the preferred way to manage all this? We have a bunch of hosts, all the keys for SSH. If we need different keys, what's the preferred way of using the password? We have some central keys. Usually I define the variables for something like SSH keys, and I am going in from top down. I have group all, and I define that group all has this SSH keys. And then the group web server needs these keys for these users. And the hosts, some hosts have different needs, so I create a variable for SSH keys there. So I define... I just define which keys I need on which service. And I have Ansible, that will take the variable, SSH keys, and apply the visa. I need one key to get that at the beginning, to be able to provision. But when I have 200 servers, I need 20 different keys for those 200 servers, to apply and to be able those servers. How... I am not sure if it's... I will look into the inventory, if there is a possibility to define the key to use with my server. We can look at that afterwards with it. I have a cherub, because I have the one key. So I want to look at that actually. I think if it's possible, I know what to look for. It might take some time. I don't know who it was. No, no, no. Is there a way to get standard out, standard error in a clear way? I don't know if you have the dash b, dash b b. It gives you more information on your output. But is there a way to execute a play or a command? You mean it's just to get broad text without all of the decorations? And you mean if you want only informations, if it's OK, and not sure I have follow-up? Well, sometimes there's standard out that will come out. If you do the dash b b or dash b b b, it starts giving more of a less integration. So I was wondering if there's a way to just get that output that's not wrapped in the ansible? Not directly with ansible label, but you can create the... Go back, thank you. Go back plugin that will send informations to you. Go back plugin works anyway, task is done, and information about task is pushed to go back plugin, and it's going to another task. So you will have your plugin that will take information, for example, log the way you want. OK. Can you use it for... Sorry? Can you use it for provision? I mean, can you use ansible for the work of service? Yeah. For example, this week I've been creating architecture for one of my customers. And it's like... I run ansible now, and it creates an ansible. VPC, low balancer, FDS instance, load the database, create the image for web server and before the web server. Do you use like a start file or do you use the web support? Well, it's... I provisioned the web server by ansible, not to... That doesn't have the... something... the temporary tool. I use ansible for... for creating a temporal instance, instance of apparture, configure it, phd, and all the environment for client, and then track it into an image. And then I deploy it. It's like... If I need another web server, I just provision it again and create another image. It's an interesting thing, actually, because that way you may have the image mostly written and if there's another deploy, you just create another one. It looks like many works, but it looks like it's a work, but actually I just run one JavaScript and it creates an image. Provision it, create, and to change it to deploy it to production. That's the work. What about individual servers? What about individual servers? Oh, well, you don't have API that Amazon provides you, but you can have local server, for example, h8roxpe, and apparture behind it, and it can work the same way. Well, not the image part. You will provision the physical server and create the whole date. You just need to... ...for example, for physical servers to start deploying, and then you start provisioning and asking the server. Well, it's possible to do it, too. It's the same, actually. You have the first server with SSH and that's what you need to do anything on that basis. And it doesn't matter if it's a physical server or a petrol server, or container or anything. To ask, do you have any experiences with web interface or Ansible? I think that officially it's Ansible Tower. Ansible Tower? No. I have seen that billing is somehow an issue for me. It's like $5,000. Yeah, yeah, but there is no open source version of it. I never needed it, really. I heard that now my colleague was on the config management camp and mainly the tower will be open sourced in the future. It's like maybe in the future. Well, let's go. Because Ansible Tower is an enterprise solution that really can do... Well, it's nice graphs for management. It can do much more than that. For example, it automatically takes the state of every package the computer, so you can go to a story, see what changed, see what packages were updated when and have fun and stuff. Like somebody can run display move and not the other and it's good, but it's really not. Is there any mobile management system? Is it on a librarian or R&K? Well, all modules are in Ansible. Well, in the library you can say they are on a fresh machine and they install like MTP version, MTP module version and they have modules and version of the modules so you can build your basic environment for the Ansible. I think I do for this. What is the module in package? What do you mean by module? Module is a collection of classes with some purpose. That's the role in Ansible. Or a collection of roles in Ansible. For example, for installing and setting up a MTP there's a module which can download. That's the role, what you can probably do. There's Ansible. And there's a bunch of roles and it's like there's a role in it. I have said it before, download it, look at it and then run it. It's like everyone can upload the role there. My roles, I have quite a lot of roles on Ansible in proxy and I hope you will not look at them. It's there because I need customers, so it's easier for me to download it. I'm improving there, but it's not like everybody can download that. I have quite a big feeling that most of the roles are there of this quality. But it can be downloaded and you can look at it and modify it to environment and it's working with Ansible. Just wanted to ask about the Ansible pool possibility because I have some server behind the firewall. So what was the preferred solution or if you cannot if you don't have because in Ansible you need master server and you must have SSH to the provision there. You can have Ansible pool. There's even a binary Ansible pool and I missed it when I prepared this session. Sorry. And what it does basically it downloads the git repository and you enter to it and run it. In the git repository you have a playbook usually and so it do a git clone or checkout or something and run Ansible playbook. So it's possible if you have access to that git repository whatever it is on the computer you can use the Ansible pool. I think it's not used much often because Ansible is mostly a push line but it's possibility. You can have Chrome job Ansible pool and it will download the actual provision YAML configuration and run it. And it's done. But you have to install Ansible on every computer you are managing by that. You are managing by that. But sometimes it's just necessary. And it's not a good solution it might slow the git by two. And you like the Ansible from two users? No. It's better to have only one person. But if you just checkout you can install it. If you install it by fit or YAML or anything particular and if you install it you can do some and to set the output it's on the page and then it will switch to that directory and then if you check out another branch and you install it you can choose whatever you want. So It's for you. You will be We are doing it together so he also needs it. We have his boss, he's careful. You can give three cards away the prize for the questions, ok? Ok. By the way, that was a full package of water. And this is normal? Yeah, ok. Are you? Ok. Ok. Vždyš? Ne. No, to je nejlepší. No, to je nejlepší. Ne, to je nejlepší. Ne, to je nejlepší. To je nejlepší.