[Script Info]
Title: 
[Events]
Format: Layer, Start, End, Style, Name, MarginL, MarginR, MarginV, Effect, Text
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Thank you everyone for coming.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,If you were expecting the Postgres talk,\Nthat was the one before, so
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,you might need to watch the video stream.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,So, Ansible best practices,
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,I thought about calling it "Ansible,\Nmy best practices",
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,so, just warning ahead, this is things\NI stumbled on using Ansible
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,for the last 2-3 years and
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,those are very specific things I found\Nthat worked very well for me.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,About me, I do also freelance work,\Ndo a lot of Ansible in there,
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,I'm also the Debian maintainer for\NAnsible with Harlan Lieberman-Berg
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,If there are any bugs in the package,\Njust report them.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,The talk will be roughly divided into\N4 parts.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,The first part will be about why you\Nactually want to use config management
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,and why you specifically want to use\NAnsible.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,So, if you're still SSHing into machines\Nand editing config files,
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,you're probably a good candidate\Nfor using Ansible.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Then, the second part will be about good\Nrole and playbook patterns
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,that I have found that work really well\Nfor me.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,The third chapter will be about typical\Nantipatterns I've stumbled upon,
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,either in my work with other people\Nusing Ansible,
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,or the IRC support channel, for example.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,The fourth part will be like advanced\Ntips and tricks you can use
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,like fun things you can do with Ansible.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Quick elevator pitch, what makes config\Nmanagement good?
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,It actually also serves as a documentation\Nof changes on your servers over time
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,so if you just put the whole config\Nmanagement in a git repo
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,and just regularly commit,
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,you will actually be able to say
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,"Why doesn't this work? It used to work\Na year ago"
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,You can actually check why.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Also, most config management tools have\Na lot better error reporting than
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,your self-written bash scripts that do\Nwhatever.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,And usually, you have a very good\Nreproducibility with config management
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,and also idempotency, meaning that if you\Nrun, for example, a playbook several times
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,you will always get the same result.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Also, it's great if you work in small team\Nor you admin ??? in the company
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,and you have some people working\Non a few things too.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,It makes team work a lot easier and\Nyou will save a lot of time actually
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,debugging things when things break.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,What makes Ansible good?
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Comparing it to Chef or Puppet for example\Nit's really easy to set up,
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,you start with two config files, you have\Nit installed and you're ready to go.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,It's also agentless, so whatever machines\Nyou actually want to control,
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,the only thing you they really need to have\Nis an SSH daemon and Python 2.6+
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,so that's virtually any Debian machine\Nyou have installed and
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,that ???
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Ansible also supports configuration\Nof many things like
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,networking equipment or even Windows\Nmachines,
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,they don't need SSH but they use the\NWinRM
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,but Ansible came a bit late to the game\Nso Ansible's still not as good
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,in coverage like for example Puppet,
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,which literally, you can configure any\Nmachine on the planet with that,
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,as long as it has a CPU.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Next step, I will talk about good\Nrole patterns.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,If you've never worked with Ansible\Nbefore,
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,this is the point when you watch\Nthe video stream,
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,that you pause it and start working\Na few weeks with it
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,and then unpause the actual video.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,A good role should ideally have\Nthe following layout.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,So, in the "roles" directory, you have\Nthe name of the role and task/main.yml
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,You have the following rough layout.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,At the beginning of the role, you check\Nfor various conditions,
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,for example using the "assert" task to\Nfor example check that
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,certain variables are defined, things\Nare set,
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,that it's maybe part of a group, things\Nlike that you actually want to check.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Then, usually, you install packages, you\Ncan use apt on CentOS machines,
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,yum, or you can do a git checkout or\Nwhatever,
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,then usually you do some templating of\Nfiles where you have certain abstraction
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,and the variables are actually put into\Nthe template and
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,make the actual config file.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,There's also good to point out that\Nthe template module actually has
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,a "validate" parameter,
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,that means you can actually use a command\Nto check your config files for syntax errors
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,and if that fails, your playbook will fail\Nbefore actually deploying that config file
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,so you can for example use Apache with\Nthe right parameters to actually do
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,a check on the syntax of the file.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,That way, you never end up with a state\Nwhere there's a broken config.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,In the end, you usually…
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,When you change things, you trigger\Nhandlers to restart any ???
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,If you use variables, I recommend putting\Nsensible defaults in
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,defaults/main.yml
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,and then you only have to override\Nthose variables on specific cases.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Ideally, you should have sensible defaults\Nyou want to have to get whatever things
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,you want to have running.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,When you start working with it and do that\Na bit more,
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,you notice a few things and that is
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,your role should ideally run in "check mode".
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,"ansible-playbook" has --check that\Nbasically is just a dry run of
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,your complete playbook
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,and with --diff, it will actually show you\Nfor example file changes,
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,or file mode changes, stuff like that
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,and won't actually change anything.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,So if you end up editing a lot of stuff,\Nyou can use that as a check.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,I'll later get to some antipatterns that\Nactually break that thing.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,And, ideally, the way you change files\Nand configs and states,
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,you should make sure that when the actual\Nchanges are deployed,
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,and you run it a second time,
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,that Ansible doesn't report any changes
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,because if you end up writing your roles\Nfairly sloppy, you end up having
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,a lot of changes and then,
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,in the end of the report, you have like\N20 changes reported and
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,you kind of then know those 18,\Nthey're always there
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,and you kind of miss the 2 that are\Nimportant, that actually broke your system
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,If you want to do it really well, you make\Nsure that it doesn't report any changes
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,when you run it twice in a row.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Also, a thing to consider is you can define\Nvariables in the "defaults" folder
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,and also in the "vars" folder,
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,but if you look up how variables get\Ninherited, you'll notice that
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,the "vars" folder is really hard to\Nactually override,
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,so you want to avoid that as much as\Npossible.