Ansible Best Practices: The Essentials
The Ansible Way
When I talk about how to develop automation solutions with Ansible, I begin by highlighting the philosophy behind its design. All Ansible best practices relate back to this thinking in one way or another.
Complexity kills
That’s not just a marketing slogan. We really mean it and believe it. We strive to reduce complexity in how we’ve designed Ansible tools and encourage you to do the same. Strive for simplification in what you automate.
Optimize your Ansible content for readability
If done properly, it can be the documentation of your workflow automation.
Think declaratively
Ansible is a desired state engine by design. If you’re trying to “write code” in your plays and roles, you’re setting yourself up for failure. Our YAML-based playbooks were never meant to be for programming.
Ansible is like the Swiss Army Knife of DevOps
Ansible is capable of handling many powerful automation tasks with the flexibility to adapt to many environments and workflows. Not all approaches are created equal though. Don’t let yours undermine the simplicity and power of Ansible.
Enough philosophy though. Let’s get down to brass tacks. Here I’ll cover some of the most important and impactful best Continue reading
A Shiny New Way to Manage VMware Guests
Way back in March of 2015, I wrote a post about managing VMware guests with the vsphere_guest module. A lot has changed since then with VMware support, including a whole bunch of new modules for managing the VMware infrastructure itself. We've also consolidated all VMware interaction around the pyvmomi Python library, replacing the aging and no longer maintained pysphere and psphere libraries. This support even extends to the VMware dynamic inventory, you will be pleased to know!
We took the opportunity to tidy up some of the parameters used in the old vsphere_guest module, and I think the new vmware_guest module is nicer to use. A couple of handy new additional parameters are validate_certs and wait_for_ip_address. I'm sure they don't need explaining, but for the sake of clarity they allow you to connect to vCentre servers that have a self signed SSL certificate, and for the module to wait for an IP address to become visible for the new VM.
This latter parameter is especially nice, because now you can have the single module wait for the IP address, instead of having to do something clunky with a block (as I did in my main demo).
So here is Continue reading
Automating the provisioning and configuration of Red Hat Mobile Application Platform
The Red Hat Services blog shared a demo on how to automate the provisioning and configuration of Red Hat Mobile Application Platform using Ansible and OpenShift Enterprise Container Platform.
The video contains great information on the creation of MBaaS on OSE3, Set up of RHMAP, and using a Jenkins Pipeline and a demonstration of deployed components.
To view the original Red Hat Services post and read related resources, click here.
No Sleep ‘Til (Ansible Contributor Summit) Brooklyn!
HELP SHAPE THE FUTURE OF ANSIBLE
Are you a contributor to Ansible, or interested in becoming a contributor to Ansible?
Ansible's third Contributor Summit is coming soon, offering contributors the opportunity to participate in and shape the future of Ansible. We'll be gathering October 10, 2016 in Brooklyn, the day before AnsibleFest Brooklyn 2016, to collaborate and plan around a variety of Ansible-related topics. Your feedback and presence are welcomed. Read on to find out how you can join us!
ANSIBLE CONTRIBUTOR SUMMIT, ROUND THREE!
Notes from the 2016 Ansible Community Survey
We recently ran the 2016 version of our Ansible Community Survey. This is a survey of Ansible users and community members, regarding how they're using Ansible in their environments. We thought it would be useful to share some of the aggregate results. (As we did not ask for permission to distribute individual responses, we cannot make the raw data public.)
We had over 1,600 survey respondents, up from 1,300 when we last ran the survey in March of 2015.
| How long have you been using Ansible? |
||
| Answer Options |
Response Percent |
|
| A month or less |
7.8% |
|
| 1-2 months |
7.3% |
|
| 2-6 months |
18.8% |
|
| 6-12 months |
18.6% |
|
| over a year |
47.4% |
|
| number of respondents |
1,625 |
|
Ansible continues to grow more veteran users - when surveyed in 2015, only 30% of respondents had used Ansible for more than a year.
| What version(s) of Ansible are you currently running? |
||
| Answer Options |
Response Percent |
|
| pre-1.9.x |
5.0% |
|
| 1.9.x |
27.8% |
|
| 2.0.x |
41.6% |
|
| 2.1.x |
51.4% |
|
| 2.2/development |
6.7% |
|
| number of respondents |
1,623 |
|
Note that respondents could pick multiple versions. All told, 80% of respondents have at least some usage of Ansible 2. Continue reading
Introducing Ansible Tower 3
The Best Way To Run Ansible In Your Organization Just Got Better
We’ve been hard at work since the last release of Tower, listening to community feedback and working to create the best possible experience for Tower users. We are pleased to introduce Ansible Tower 3, evolving from Ansible’s simple, powerful and agentless automation and extending that power to your team and organization.
Tower 3 boasts an entirely reworked UI that makes it simpler and easier to use Tower to automate your environments and share your automation. On top of that, we’ve equipped this newest edition of Tower with a host of new features to speed productivity and visibility within your Tower workflows, managing complex deployments and scaling the power of automation.
These features include:
Expanded and Simplified Permissions
In prior releases of Tower, we operated on an implicit permissions system. For a user to be able to see, and run, a job, they needed permissions on not only the project that housed the Playbook, but also the inventory, and the credential used.
Now, with Tower 3, we’ve made things much simpler… if you have a job that you want a user or team to run, just give them Continue reading
The Ansible At Red Hat Summit Recap
Red Hat Summit 2016 was the largest gathering of customers, partners and open source contributors yet with Ansible users and executives contributing in various sessions throughout Summit. These sessions covered topics on DevOps, Automation, Management, Best Practices and more.
Did you miss us at Summit in San Francisco? Well good news, we've compiled a list of all Ansible related sessions below. Also, AnsibleFest 2016 in San Francisco is also right around the corner on July 28th. But if you want to start digging deeper into Ansible now, see below:
DevOps Lessons Automating the Deployment of J.Crew's Website with Ansible (PDF)
Oscar Gonzalez
Ansible Best Practices For Startups to Enterprises (PDF)
Tim Appnel and James Martin
Red Hat Satellite and Ansible Tower by Red Hat: Doing More Together (Video)
Justin Nemmers and Chris Wells
When Flexibility Met Simplicity: The Friendship of OpenStack and Ansible (PDF)
Robyn Bergeron and Major Hayden
Reduce Complexity and Increase Optimization with Ansible Automation (PDF)
Jon Davila
Ansible Accelerates Deployment at Société Générale (Blog)
Fabrice Bernhard and Justin Nemmers
Using Ansible to Install Containers On Red Hat Enterprise Linux Atomic Host (Blog)
Matt Micene and Greg DeKoenigsberg
Ansible Essentials: Deploy Apps, Manage Systems, and Securely Continue reading
Three Things You Don’t Want To Miss At AnsibleFest San Francisco
AnsibleFest is returning to San Francisco on Thursday, July 28th, 2016 at the Westin St. Francis in Union Square. It's going to be a great opportunity to meet and connect with passionate Ansible users, developers and industry partners. Whether you're an experienced user or are just getting started, AnsibleFest is for you.
This year AnsibleFest will not be one to miss, featuring the latest and greatest updates on Ansible and Ansible Tower as well as use cases, technical deep dives and best practices.
As AnsibleFest continues to grow so does its offerings. For those who have never attended and for those wanting to know more, here are three things you won't want to miss:
1) Informative General Session
Kicking off AnsibleFest, this session will feature company updates, product roadmap and new directions as well as a featured customer presentation. Attendees can:
- Hear from Ansible leadership about company overivew and key areas of focus
- Discover more about the Ansible and Ansible Tower product roadmaps
- Learn about the latest advancements in using Ansible for networking
- Get up to speed on the Ansible Container project and see where it's heading in the future
- Learn from our customer and master software engineer, Chris Weaver Continue reading
Free Ansible ebooks
Need some summer reading for your trip to the beach? We are pleased to offer three free ebook previews from our friends at Packt Publishing featuring their most popular Ansible books.
Mastering Ansible by Jesse Keating
Design, develop, and solve real world automation and orchestration needs by unlocking the automation capabilities of Ansible
Excerpt includes:
Chapter 1 - System Architecture and Design of Ansible: A detailed in and out view of Ansible's task performance
Chapter 3 - Unlocking the Power of Jinja2 Templates: Usage of the Jinja2 templating engine within Ansible
Download Mastering Ansible by Jesse Keating
OpenStack Administration with Ansible by Walter Bentley
Design, build, and automate 10 real-world OpenStack administrative tasks with Ansible
Excerpt includes:
Chapter 1 - An Introduction to OpenStack: A level setter on OpenStack components, concepts, and verbiage
Chapter 8 - Deploying OpenStack Features: Adding Docker to OpenStack with Ansible
Download OpenStack Administration with Ansible by Walter Bentley
Extending Ansible by Rishabh Das
Discover how to efficiently deploy and customize Ansible in the way your platform demands
Excerpt includes:
Chapter 1 - Getting Started with Ansible: Introduction to Ansible as a tool
Chapter 4 - Exploring API: The Python API for Ansible
Download Extending Ansible by Rishabh Das
5 Reasons We Started the Ansible Container Project
Here at Ansible, we recently announced a new project called Ansible Container. Its purpose is to allow users to build, deploy, and orchestrate containers at scale, all from Ansible playbooks.
It’s still a young project, barely a month old at this point -- but we’re excited by it, and we think it has a great deal of potential. Here are five reasons why.
1. Because our community has been using Ansible to manage containers for quite a while now.
Ansible has been successful, in large part, by following where our community leads, and our community has been using Ansible to help manage containers for nearly as long as Ansible has been around. Our community wrote the original Docker module in October 2013, and that module and other container modules have been among the most frequently used Ansible modules ever since. There are hundreds of community-maintained Ansible container images in Dockerhub, and there are excellent blog posts in which Ansible community members describe their own best practices for building and deploying containers. The next logical step was to start a project to bring together some of these best practices into tools that anyone could use.
2. Because the new Docker Continue reading
Introducing Ansible 2.1: Networking, Windows, Azure, and Containers
I am pleased to announce the availability of Ansible version 2.1. Ansible 2.1 is Red Hat’s next major release since we pushed 2.0 in January. This new version adds a number of new features and fixes, and we’re excited to get it out into your hands. We’ve added key functionality in networking, took the beta tag off of our Microsoft Windows support, expanded our support for Microsoft Azure, enhanced our Docker containers support, and added a number of key internal features for ziploader and elsewhere.
On the networking front, we’ve included managing networking infrastructure as first-order feature set in Ansible--no separate download required. We previously released the Networking tech preview in February at AnsibleFest in London, and now it is fully integrated into Ansible as part of 2.1 Ansible’s agentless model works particularly well in the network management space, and with a lot of help and support from the vendors, we are very pleased to have our first major release with support for these features. Networking now includes support for:
- Cisco
- HP Enterprise
- Juniper
- Arista Networks
- Cumulus Networks
In the Microsoft world, we significantly upped our game for both Windows and Azure Cloud. We’re happy to Continue reading
Six Ways Ansible Makes Docker-Compose Better
Containers are popular for many reasons. One key reason: container images are easy to build and, once built, don't change. When Developer A says, "Hey, check out this new application, just download this container image and run it," Developer B doesn't have to ask the question, "How do I configure it?" Developer B can just download the image and run the container, and enjoy a high likelihood that it will run exactly as Developer A intended.
Until Developer A announces the need for a second, third and fourth container, that is. A microservices approach advocates for simple containers, sure -- but that also means more of them, all doing different things, and all connecting together... somehow. So now Developer A needs to tell Developer B "be sure to run all of these containers together, and make sure these two containers share a data volume, and make sure these other two containers have a network link between them, and make sure the REST API for this one is exposed on these ports. Oh, also! Make sure you've got your DNS set up right, because it's all a hilarious dumpster fire if you don't."
Complexity doesn't go away in the container world; it just moves to different Continue reading
Integrating Atlassian Bitbucket Pipelines with Ansible Tower
Customers everywhere are using Ansible and Ansible Tower to deliver the promise of DevOps. Atlassian Bitbucket can be coupled with Ansible and Ansible Tower to create an application workflow. In this example workflow, a developer makes an update to their application, checks the code into source control, a continuous integration test passes, and it is automatically deployed by an orchestration system to the applicable systems.
One of the most popular requests we hear for Tower is to integrate with the Atlassian tool suite. Atlassian provides tools that allow developers to build many components of a CI/CD pipeline. From Bitbucket for code review, to JIRA as a ticketing system, and finally Hipchat to bring all of the teams involved in the pipeline to collaborate.
And, with Atlassian’s recent announcement of Bitbucket Pipelines, we are excited to demonstrate how Tower can now integrate these tools into a complete CI/CD pipeline environment.
Using our example workflow from above, let’s look at what this process looks like today-- without this integration. First, a developer checks in some code to Bitbucket Cloud, and a Pipelines job can build and test an artifact. Next, the developer would need to find the correct build, download it, and Continue reading
How Flex Ciii Uses Ansible Tower for Benchmarking
We love stories about how Ansible Tower has solved problems and made work easier. Special thanks to Hugh Ma from Flex for sharing his story about Ansible Tower.
Here at Flex, our Ciii Rack Scale Platforms team regularly deploys Openstack and Ceph on large clusters with various SDN platforms. With repeated multi-rack deployment, validation, benchmarking and tear down, automation plays a crucial role in improving the agility of our operations. For a small automation team to support a large group of engineers working across 200+ servers, it is necessary to select the right tools to simplify deployment, test infrastructure installation, debugging, and results collection. This enables the team to focus on reference architecture designs, benchmark logic, and results analysis.
Background
We had originally developed a python-based automation framework for our testing. Some of its tasks included configuring operating system and OpenStack settings through their APIs, launching test workloads, and parsing output. However, with a small team, upkeep of such a large code base and an increasing complexity of test parameters became tedious We started looking at configuration management(CM) tools. We wanted a CM tool that was based on Python but easy for non-developers to use and straight-forward to troubleshoot. After building Continue reading
AnsibleFest Call For Speakers Now Open
AnsibleFest is heading back to San Francisco on Thursday, July 28. You can expect all the usual highlights, like product roadmaps and Ask an Expert sessions. Plus, this year we're planning distinct tracks to give you exactly the type of information you need for wherever you are in your Ansible journey. Track themes will include use cases, best practices, and technical deep-dives into trending topics.
Do you have a story to share about how you're using Ansible?
Submit your abstract during our Call for Speakers - open until June 1. We'll select speakers and notify all participants by June 13.
To see examples of talks that have been accepted in the past, check out the recordings from our last two AnsibleFest events in London and San Francisco.
Then buy your tickets now during Super Early Bird pricing. This exclusive $299 pricing ends on May 31 and you won't find a better deal. If you're selected as a speaker, we'll refund your ticket amount.
See you in San Francisco!
|
|
WANT A TASTE OF ANSIBLEFEST? Watch presentations from AnsibleFest London 2016. |
Ansible as Automation Glue
Throughout my time at Ansible, I have endeavoured to put together pertinent demos for customers - when I was 'on the other side of the fence' I always preferred it when a vendor asked about the challenges we faced and prepared the product to show how it would help me.
A few months back a customer told us about their challenge of getting code from development into production, and how it was taking almost a third of a year. They wanted to see how Ansible could help accelerate that workflow.
Since giving that demo I've not stopped asking customers about their challenges, but nine times out of ten they come back with the same answer these days - development to production workflow acceleration. That's when I show the same demo.
After running through this so many times, I thought it might be useful to record it as a screencast to share it publicly - along with all the Ansible playbooks used to put it together. The demo runs to 18 minutes in total, but covers many aspects of how powerful and flexible Ansible is as a tool - from machine provisioning to configuration management to code deployment to interacting with various Continue reading
Control with Ansible Tower, Part 2
This is the second in a series of posts about how Ansible and Ansible Tower enable you to manage your infrastructure simply, securely, and efficiently.
When we talk about Tower, we often talk in terms of Control, Knowledge, and Delegation. But what does that mean? In this series of blog posts, we'll describe some of the ways you can use Ansible and Ansible Tower to manage your infrastructure.
In our first blog post, we described how Ansible Tower makes it easy to control the way your infrastructure is configured via configuration definition and continuous remediation.
But controlling the configuration of your infrastructure is just one step. You also need control of the components of your infrastructure - your inventory. You need to do day-to-day management tasks on demand. And Ansible Tower makes those easy as well.
INVENTORY - THE BASICS
If you’ve used Ansible, you know about the basics of inventory. A static Ansible inventory is just an INI-style file that describes your hosts and groups, and optionally some variables that apply to your hosts and groups. Here's an example from the Ansible documentation.
{% raw %}[atlanta] host1 host2 [raleigh] host2 host3 [southeast:children] atlanta raleigh [southeast:vars] nameserver=dns.southeast.example. Continue reading
Patching BADLOCK with Ansible
If you've been following recent security news, you may have heard of the Badlock vulnerability in the protocols used by the Microsoft Windows Active Directory infrastructure. This vulnerability could lead to a man-in-the-middle attacker intercepting traffic between a client and the Active Directory server, and then impersonating the client, gaining unauthorized access to resources.
| |
More information can be found at http://badlock.org/ and the Red Hat Knowledgebase. |
Thanks to Ansible, however, patching your systems doesn't have to be complicated.
- hosts: all
gather_facts: true
become_method: sudo
become_user: root
vars:
service_name:
'Debian': 'smbd'
'RedHat': 'smb'
tasks:
- name: check samba version
shell: dpkg -l | grep -q samba
when: ansible_os_family == 'Debian'
register: samba_installed
ignore_errors: True
- name: update samba from apt if installed
apt:
name: samba
state: latest
update_cache: yes
when: ansible_os_family == 'Debian' and samba_installed.rc == 0
notify: restart_samba
- name: check samba version
shell: rpm -q samba
when: ansible_os_family == 'RedHat'
register: samba_installed
ignore_errors: True
- name: update samba from yum if installed
yum:
name: samba
state: latest
update_cache: yes
when: ansible_os_family == 'RedHat' and samba_installed.rc == 0
notify: restart_samba
handlers:
- name: restart_samba
service:
name: "{{ Continue reading
Empowering Windows Deployment Pipelines with Ansible Tower
We love stories about how Ansible Tower has solved problems and made work easier. When we heard that CareerBuilder was using Tower in a Windows environment, we had to know more. Special thanks to Cody Rucks from CareerBuilder for sharing his story about Ansible Tower.
---
At CareerBuilder we are focused on building out a full stack solution that will allow developers to continuously deploy their applications. Not only do we want them to be able to deploy quickly, but we want consistency and automation throughout the entire process. Ansible Tower has become a huge part of our final end solution. In this post we will discuss how we are using Ansible Tower to connect our various products and steps and truly be able to deploy applications in the cloud utilizing DevOps methodologies.
Why Ansible Tower?
In November 2015, our team set out to find the best solution for our needs. We tested several different products and vendors ranging from the most buzz-worthy to the most obscure and ended up selecting Ansible Tower at the end. Ansible Tower seemed to provide all the things that we needed it to do. They key takeaways we had that made us select Ansible Continue reading
Control with Ansible Tower, Part 1
This is the first in a series of posts about how Ansible and Ansible Tower enable you to manage your infrastructure simply, securely, and efficiently.
When we talk about Tower, we often talk in terms of Control, Knowledge, and Delegation. But what does that mean? In this series of blog posts, we'll describe some of the ways you can use Ansible and Ansible Tower to manage your infrastructure.
CONTROL - THE BASICS
The first step of controlling your infrastructure is to define what it is actually supposed to be. For example, you may want to apply available updates - here's a basic playbook that does that.
---
- hosts: all
gather_facts: true
become_method: sudo
become_user: root
tasks:
- name: Apply any available updates
yum:
name: "*"
state: latest
update_cache: yes
Or you may have more detailed configuration. Here's an example playbook for basic system configuration.This playbook:
-
Configures some users
-
Installs and configures chrony, sudo, and rsyslog remote logging
-
Sets some SELinux parameters
Normally, we’d organize our configuration into Ansible roles for reusability, but for the purpose of this exercise we're just going to use one long playbook.
We'd want to apply this as part of our standard system configuration.
Continue reading