[Script Info]
Title: 
[Events]
Format: Layer, Start, End, Style, Name, MarginL, MarginR, MarginV, Effect, Text
Dialogue: 0,0:00:05.69,0:00:07.19,Default,,0000,0000,0000,,Thank you everyone for coming.
Dialogue: 0,0:00:08.00,0:00:12.34,Default,,0000,0000,0000,,If you were expecting the Postgres talk,\Nthat was the one before, so
Dialogue: 0,0:00:12.34,0:00:14.84,Default,,0000,0000,0000,,you might need to watch the video stream.
Dialogue: 0,0:00:16.61,0:00:18.12,Default,,0000,0000,0000,,So, Ansible best practices,
Dialogue: 0,0:00:18.62,0:00:22.25,Default,,0000,0000,0000,,I thought about calling it "Ansible,\Nmy best practices",
Dialogue: 0,0:00:22.74,0:00:29.81,Default,,0000,0000,0000,,so, just warning ahead, this is things\NI stumbled on using Ansible
Dialogue: 0,0:00:29.81,0:00:32.12,Default,,0000,0000,0000,,for the last 2-3 years and
Dialogue: 0,0:00:32.12,0:00:37.24,Default,,0000,0000,0000,,those are very specific things I found\Nthat worked very well for me.
Dialogue: 0,0:00:39.08,0:00:45.72,Default,,0000,0000,0000,,About me, I do also freelance work,\Ndo a lot of Ansible in there,
Dialogue: 0,0:00:46.08,0:00:51.90,Default,,0000,0000,0000,,I'm also the Debian maintainer for\NAnsible with Harlan Lieberman-Berg
Dialogue: 0,0:00:54.06,0:00:57.79,Default,,0000,0000,0000,,If there are any bugs in the package,\Njust report them.
Dialogue: 0,0:01:06.48,0:01:10.22,Default,,0000,0000,0000,,The talk will be roughly divided into\N4 parts.
Dialogue: 0,0:01:14.52,0:01:19.93,Default,,0000,0000,0000,,The first part will be about why you\Nactually want to use config management
Dialogue: 0,0:01:19.93,0:01:23.48,Default,,0000,0000,0000,,and why you specifically want to use\NAnsible.
Dialogue: 0,0:01:24.00,0:01:30.34,Default,,0000,0000,0000,,So, if you're still SSHing into machines\Nand editing config files,
Dialogue: 0,0:01:30.34,0:01:33.55,Default,,0000,0000,0000,,you're probably a good candidate\Nfor using Ansible.
Dialogue: 0,0:01:35.63,0:01:41.27,Default,,0000,0000,0000,,Then, the second part will be about good\Nroles and playbook patterns
Dialogue: 0,0:01:41.80,0:01:43.91,Default,,0000,0000,0000,,that I have found that work really well\Nfor me.
Dialogue: 0,0:01:47.13,0:01:52.53,Default,,0000,0000,0000,,The third chapter will be about typical\Nantipatterns I've stumbled upon,
Dialogue: 0,0:01:52.53,0:01:57.70,Default,,0000,0000,0000,,either in my work with other people\Nusing Ansible,
Dialogue: 0,0:01:57.70,0:02:00.74,Default,,0000,0000,0000,,or the IRC support channel, for example.
Dialogue: 0,0:02:02.65,0:02:08.54,Default,,0000,0000,0000,,The fourth part will be like advanced\Ntips and tricks you can use
Dialogue: 0,0:02:08.54,0:02:11.48,Default,,0000,0000,0000,,like fun things you can do with Ansible.
Dialogue: 0,0:02:12.94,0:02:16.28,Default,,0000,0000,0000,,Quick elevator pitch, what makes config\Nmanagement good?
Dialogue: 0,0:02:18.26,0:02:25.49,Default,,0000,0000,0000,,It actually also serves as a documentation\Nof changes on your servers over time
Dialogue: 0,0:02:25.49,0:02:29.24,Default,,0000,0000,0000,,so if you just put the whole config\Nmanagement in a git repo
Dialogue: 0,0:02:29.24,0:02:30.99,Default,,0000,0000,0000,,and just regularly commit,
Dialogue: 0,0:02:30.99,0:02:32.58,Default,,0000,0000,0000,,you will actually be able to say
Dialogue: 0,0:02:32.58,0:02:35.51,Default,,0000,0000,0000,,"Why doesn't this work? It used to work\Na year ago"
Dialogue: 0,0:02:35.51,0:02:38.72,Default,,0000,0000,0000,,You can actually check why.
Dialogue: 0,0:02:41.40,0:02:49.76,Default,,0000,0000,0000,,Also, most config management tools have\Na lot better error reporting than
Dialogue: 0,0:02:49.76,0:02:53.30,Default,,0000,0000,0000,,your self-written bash scripts that do\Nwhatever.
Dialogue: 0,0:02:56.18,0:03:02.89,Default,,0000,0000,0000,,And usually, you have a very good\Nreproducibility with config management
Dialogue: 0,0:03:02.89,0:03:10.81,Default,,0000,0000,0000,,and also idempotency, meaning that if you\Nrun, for example, a playbook several times
Dialogue: 0,0:03:10.81,0:03:12.76,Default,,0000,0000,0000,,you will always get the same result.
Dialogue: 0,0:03:14.75,0:03:23.66,Default,,0000,0000,0000,,Also, it's great if you work in small team\Nor you admin ??? in the company
Dialogue: 0,0:03:23.66,0:03:26.83,Default,,0000,0000,0000,,and you have some people working\Non a few things too.
Dialogue: 0,0:03:29.38,0:03:33.37,Default,,0000,0000,0000,,It makes team work a lot easier and\Nyou will save a lot of time actually
Dialogue: 0,0:03:33.37,0:03:35.89,Default,,0000,0000,0000,,debugging things when things break.
Dialogue: 0,0:03:37.84,0:03:39.43,Default,,0000,0000,0000,,What makes Ansible good?
Dialogue: 0,0:03:40.27,0:03:45.61,Default,,0000,0000,0000,,Comparing it to Chef or Puppet for example\Nit's really easy to set up,
Dialogue: 0,0:03:45.61,0:03:50.37,Default,,0000,0000,0000,,you start with two config files, you have\Nit installed and you're ready to go.
Dialogue: 0,0:03:52.40,0:03:56.42,Default,,0000,0000,0000,,It's also agentless, so whatever machines\Nyou actually want to control,
Dialogue: 0,0:03:56.42,0:04:05.24,Default,,0000,0000,0000,,the only thing you they really need to have\Nis an SSH daemon and Python 2.6+
Dialogue: 0,0:04:05.48,0:04:10.68,Default,,0000,0000,0000,,so that's virtually any Debian machine\Nyou have installed and
Dialogue: 0,0:04:10.68,0:04:12.71,Default,,0000,0000,0000,,that is still supported in any way.
Dialogue: 0,0:04:15.08,0:04:21.67,Default,,0000,0000,0000,,Ansible also supports configuration\Nof many things like
Dialogue: 0,0:04:21.67,0:04:25.90,Default,,0000,0000,0000,,networking equipment or even Windows\Nmachines,
Dialogue: 0,0:04:25.90,0:04:30.74,Default,,0000,0000,0000,,they don't need SSH but they use the\NWinRM
Dialogue: 0,0:04:30.74,0:04:39.07,Default,,0000,0000,0000,,but Ansible came a bit late to the game\Nso Ansible's still not as good
Dialogue: 0,0:04:39.07,0:04:41.44,Default,,0000,0000,0000,,in coverage like for example Puppet,
Dialogue: 0,0:04:41.92,0:04:46.56,Default,,0000,0000,0000,,which literally, you can configure any\Nmachine on the planet with that,
Dialogue: 0,0:04:46.56,0:04:48.39,Default,,0000,0000,0000,,as long as it has a CPU.
Dialogue: 0,0:04:50.38,0:04:53.92,Default,,0000,0000,0000,,Next step, I will talk about good\Nrole patterns.
Dialogue: 0,0:04:57.01,0:04:58.84,Default,,0000,0000,0000,,If you've never worked with Ansible\Nbefore,
Dialogue: 0,0:04:58.84,0:05:01.84,Default,,0000,0000,0000,,this is the point when you watch\Nthe video stream,
Dialogue: 0,0:05:01.84,0:05:05.70,Default,,0000,0000,0000,,that you pause it and start working\Na few weeks with it
Dialogue: 0,0:05:05.70,0:05:08.38,Default,,0000,0000,0000,,and then unpause the actual video.
Dialogue: 0,0:05:13.34,0:05:17.53,Default,,0000,0000,0000,,A good role should ideally have\Nthe following layout.
Dialogue: 0,0:05:18.79,0:05:24.97,Default,,0000,0000,0000,,So, in the "roles" directory, you have\Nthe name of the role and task/main.yml
Dialogue: 0,0:05:25.94,0:05:29.20,Default,,0000,0000,0000,,You have the following rough layout.
Dialogue: 0,0:05:31.56,0:05:38.72,Default,,0000,0000,0000,,At the beginning of the role, you check\Nfor various conditions,
Dialogue: 0,0:05:38.72,0:05:44.08,Default,,0000,0000,0000,,for example using the "assert" task to\Nfor example check that
Dialogue: 0,0:05:44.08,0:05:48.19,Default,,0000,0000,0000,,certain variables are defined, things\Nare set,
Dialogue: 0,0:05:48.19,0:05:53.24,Default,,0000,0000,0000,,that it's maybe part of a group, things\Nlike that you actually want to check.
Dialogue: 0,0:05:54.66,0:06:03.12,Default,,0000,0000,0000,,Then, usually, you install packages, you\Ncan use apt, or on CentOS machines, yum
Dialogue: 0,0:06:03.50,0:06:05.46,Default,,0000,0000,0000,,or you can do a git checkout or\Nwhatever,
Dialogue: 0,0:06:07.09,0:06:14.11,Default,,0000,0000,0000,,then usually you do some templating of\Nfiles where you have certain abstraction
Dialogue: 0,0:06:14.11,0:06:18.58,Default,,0000,0000,0000,,and the variables are actually put into\Nthe template and
Dialogue: 0,0:06:18.58,0:06:21.03,Default,,0000,0000,0000,,make the actual config file.
Dialogue: 0,0:06:22.48,0:06:26.64,Default,,0000,0000,0000,,There's also good to point out that\Nthe template module actually has
Dialogue: 0,0:06:26.64,0:06:29.93,Default,,0000,0000,0000,,a "validate" parameter,
Dialogue: 0,0:06:30.34,0:06:35.95,Default,,0000,0000,0000,,that means you can actually use a command\Nto check your config files for syntax errors
Dialogue: 0,0:06:35.95,0:06:44.19,Default,,0000,0000,0000,,and if that fails, your playbook will fail\Nbefore actually deploying that config file
Dialogue: 0,0:06:44.19,0:06:53.18,Default,,0000,0000,0000,,so you can for example use Apache with\Nthe right parameters to actually do
Dialogue: 0,0:06:53.18,0:06:56.67,Default,,0000,0000,0000,,a check on the syntax of the file.
Dialogue: 0,0:06:57.24,0:07:01.83,Default,,0000,0000,0000,,That way, you never end up with a state\Nwhere there's a broken config.
Dialogue: 0,0:07:03.58,0:07:05.41,Default,,0000,0000,0000,,In the end, you usually…
Dialogue: 0,0:07:06.02,0:07:10.04,Default,,0000,0000,0000,,When you change things, you trigger\Nhandlers to restart any daemons.
Dialogue: 0,0:07:12.45,0:07:23.62,Default,,0000,0000,0000,,If you use variables, I recommend putting\Nsensible defaults in
Dialogue: 0,0:07:23.62,0:07:26.75,Default,,0000,0000,0000,,defaults/main.yml
Dialogue: 0,0:07:28.13,0:07:34.80,Default,,0000,0000,0000,,and then you only have to override\Nthose variables on specific cases.
Dialogue: 0,0:07:35.49,0:07:41.26,Default,,0000,0000,0000,,Ideally, you should have sensible defaults\Nyou want to have to get whatever things
Dialogue: 0,0:07:41.26,0:07:42.81,Default,,0000,0000,0000,,you want to have running.
Dialogue: 0,0:07:45.85,0:07:51.95,Default,,0000,0000,0000,,When you start working with it and do that\Na bit more,
Dialogue: 0,0:07:51.95,0:07:58.50,Default,,0000,0000,0000,,you notice a few things and that is
Dialogue: 0,0:07:58.50,0:08:01.95,Default,,0000,0000,0000,,your role should ideally run in "check mode".
Dialogue: 0,0:08:02.28,0:08:07.56,Default,,0000,0000,0000,,"ansible-playbook" has --check that\Nbasically is just a dry run of
Dialogue: 0,0:08:07.56,0:08:11.59,Default,,0000,0000,0000,,your complete playbook
Dialogue: 0,0:08:11.59,0:08:17.64,Default,,0000,0000,0000,,and with --diff, it will actually show you\Nfor example file changes,
Dialogue: 0,0:08:17.64,0:08:20.73,Default,,0000,0000,0000,,or file mode changes, stuff like that
Dialogue: 0,0:08:20.73,0:08:23.86,Default,,0000,0000,0000,,and won't actually change anything.
Dialogue: 0,0:08:24.18,0:08:31.58,Default,,0000,0000,0000,,So if you end up editing a lot of stuff,\Nyou can use that as a check.
Dialogue: 0,0:08:32.27,0:08:37.23,Default,,0000,0000,0000,,I'll later get to some antipatterns that\Nactually break that thing.
Dialogue: 0,0:08:40.08,0:08:47.15,Default,,0000,0000,0000,,And, ideally, the way you change files\Nand configs and states,
Dialogue: 0,0:08:47.15,0:08:50.72,Default,,0000,0000,0000,,you should make sure that when the actual\Nchanges are deployed,
Dialogue: 0,0:08:50.72,0:08:53.16,Default,,0000,0000,0000,,and you run it a second time,
Dialogue: 0,0:08:53.16,0:08:57.63,Default,,0000,0000,0000,,that Ansible doesn't report any changes
Dialogue: 0,0:08:57.63,0:09:02.94,Default,,0000,0000,0000,,because if you end up writing your roles\Nfairly sloppy, you end up having
Dialogue: 0,0:09:02.94,0:09:05.88,Default,,0000,0000,0000,,a lot of changes and then,
Dialogue: 0,0:09:05.88,0:09:10.72,Default,,0000,0000,0000,,in the end of the report, you have like\N20 changes reported and
Dialogue: 0,0:09:10.72,0:09:14.79,Default,,0000,0000,0000,,you kind of then know those 18,\Nthey're always there
Dialogue: 0,0:09:14.79,0:09:18.41,Default,,0000,0000,0000,,and you kind of miss the 2 that are\Nimportant, that actually broke your system
Dialogue: 0,0:09:18.41,0:09:25.17,Default,,0000,0000,0000,,If you want to do it really well, you make\Nsure that it doesn't report any changes
Dialogue: 0,0:09:25.17,0:09:27.41,Default,,0000,0000,0000,,when you run it twice in a row.
Dialogue: 0,0:09:30.98,0:09:38.49,Default,,0000,0000,0000,,Also, a thing to consider is you can define\Nvariables in the "defaults" folder
Dialogue: 0,0:09:38.49,0:09:40.48,Default,,0000,0000,0000,,and also in the "vars" folder,
Dialogue: 0,0:09:41.26,0:09:46.10,Default,,0000,0000,0000,,but if you look up how variables get\Ninherited, you'll notice that
Dialogue: 0,0:09:46.10,0:09:49.72,Default,,0000,0000,0000,,the "vars" folder is really hard to\Nactually override,
Dialogue: 0,0:09:50.15,0:09:53.50,Default,,0000,0000,0000,,so you want to avoid that as much as\Npossible.
Dialogue: 0,0:09:58.99,0:10:05.86,Default,,0000,0000,0000,,That much larger section will be about\Ntypical anti-patterns I've noticed
Dialogue: 0,0:10:05.86,0:10:10.49,Default,,0000,0000,0000,,and I'll come to the first one now.
Dialogue: 0,0:10:11.63,0:10:15.17,Default,,0000,0000,0000,,It's the shell or command module.
Dialogue: 0,0:10:17.29,0:10:20.46,Default,,0000,0000,0000,,When people start using Ansible, that's\Nthe first thing they go
Dialogue: 0,0:10:20.46,0:10:26.08,Default,,0000,0000,0000,,"Oh well, I know how to use wget or I know\N'apt-get install' "
Dialogue: 0,0:10:26.08,0:10:29.77,Default,,0000,0000,0000,,and then they end up using the shell module\Nto do just that.
Dialogue: 0,0:10:30.54,0:10:35.39,Default,,0000,0000,0000,,If you use the shell module or the command\Nmodule, you usually don't want to use that
Dialogue: 0,0:10:35.39,0:10:38.56,Default,,0000,0000,0000,,and that's for several reasons.
Dialogue: 0,0:10:40.14,0:10:46.52,Default,,0000,0000,0000,,There's currently, I think, 1300 different\Nmodules in Ansible
Dialogue: 0,0:10:46.52,0:10:50.51,Default,,0000,0000,0000,,so there's likely a big chance that\Nwhatever you want to do,
Dialogue: 0,0:10:50.51,0:10:53.77,Default,,0000,0000,0000,,there's already a module for that, that\Njust does that thing.
Dialogue: 0,0:10:54.66,0:11:02.93,Default,,0000,0000,0000,,But those two modules also have several\Nproblems and that is
Dialogue: 0,0:11:02.93,0:11:09.64,Default,,0000,0000,0000,,the shell module, of course, gets\Ninterpreted by your actual shell,
Dialogue: 0,0:11:09.64,0:11:12.53,Default,,0000,0000,0000,,so if you have any special variables\Nin there,
Dialogue: 0,0:11:12.53,0:11:21.91,Default,,0000,0000,0000,,you'd actually also have to take care of\Nany variables you interpret in the shell string.
Dialogue: 0,0:11:24.55,0:11:31.46,Default,,0000,0000,0000,,Then, one of the biggest problems is if\Nyou run your playbook in check mode,
Dialogue: 0,0:11:31.46,0:11:34.26,Default,,0000,0000,0000,,the shell and the command modules\Nwon't get run.
Dialogue: 0,0:11:34.71,0:11:38.04,Default,,0000,0000,0000,,So if you're actually doing anything\Nwith that, they just get skipped
Dialogue: 0,0:11:38.04,0:11:47.60,Default,,0000,0000,0000,,and that would cause that your actual\Ncheck mode and the real mode,
Dialogue: 0,0:11:47.60,0:11:51.57,Default,,0000,0000,0000,,they will start diverging if you use\Na lot of shell module.
Dialogue: 0,0:11:55.59,0:12:01.28,Default,,0000,0000,0000,,The worst, also, a bad part about this\Nis that these two modules,
Dialogue: 0,0:12:01.28,0:12:03.60,Default,,0000,0000,0000,,they'll always ??? changed
Dialogue: 0,0:12:03.60,0:12:06.12,Default,,0000,0000,0000,,like, you run a command and it exits 0
Dialogue: 0,0:12:06.12,0:12:07.66,Default,,0000,0000,0000,,it's like "Oh, it changed"
Dialogue: 0,0:12:10.91,0:12:17.86,Default,,0000,0000,0000,,To get the reporting right on that module,\Nyou'd actually have to define for yourself
Dialogue: 0,0:12:17.86,0:12:21.07,Default,,0000,0000,0000,,when this is actually a change or not.
Dialogue: 0,0:12:21.61,0:12:29.33,Default,,0000,0000,0000,,So you'd have to probably get the output\Nand then check, for example,
Dialogue: 0,0:12:29.33,0:12:35.30,Default,,0000,0000,0000,,if there's something on stderr or something\Nto report an actual error or change.
Dialogue: 0,0:12:38.40,0:12:40.59,Default,,0000,0000,0000,,Then I'll get to the actual examples.
Dialogue: 0,0:12:41.20,0:12:46.24,Default,,0000,0000,0000,,The left is a bad example for using\Nthe shell module,
Dialogue: 0,0:12:46.24,0:12:48.64,Default,,0000,0000,0000,,I've seen that a lot, it's basically
Dialogue: 0,0:12:48.64,0:12:56.57,Default,,0000,0000,0000,,"Yeah, I actually want this file, so just\Nuse 'cat /path/file' and I'll use
Dialogue: 0,0:12:56.57,0:12:59.82,Default,,0000,0000,0000,,the register parameter to get the output".
Dialogue: 0,0:13:06.17,0:13:10.96,Default,,0000,0000,0000,,The actual output goes into the "shell_cmd"\Nand then
Dialogue: 0,0:13:10.96,0:13:16.20,Default,,0000,0000,0000,,we want to copy it to some other file\Nsomewhere else and
Dialogue: 0,0:13:16.20,0:13:25.66,Default,,0000,0000,0000,,so we use the Jinja "{{ }}" to define\Nthe actual content of the file
Dialogue: 0,0:13:25.66,0:13:30.63,Default,,0000,0000,0000,,and then put it into that destination file
Dialogue: 0,0:13:31.56,0:13:37.33,Default,,0000,0000,0000,,That is problematic because, first of all\Nif you run it in check mode,
Dialogue: 0,0:13:37.33,0:13:40.58,Default,,0000,0000,0000,,this gets skipped and then this variable\Nis undefined and
Dialogue: 0,0:13:40.58,0:13:45.50,Default,,0000,0000,0000,,Ansible will fail with an error, so you\Nwon't be able to actually
Dialogue: 0,0:13:45.50,0:13:47.08,Default,,0000,0000,0000,,run that in check mode.
Dialogue: 0,0:13:48.22,0:13:51.02,Default,,0000,0000,0000,,The other problem is this will always\N???
Dialogue: 0,0:13:51.100,0:13:54.96,Default,,0000,0000,0000,,so you'd probably have to…
Dialogue: 0,0:13:56.100,0:14:01.39,Default,,0000,0000,0000,,the most sensible thing would probably\Nbe to say just "changed when false"
Dialogue: 0,0:14:01.71,0:14:06.35,Default,,0000,0000,0000,,and just acknowledge that that shell\Ncommand won't change anything on this system
Dialogue: 0,0:14:07.61,0:14:13.82,Default,,0000,0000,0000,,The good example would be to use the\Nactual "slurp" module that will
Dialogue: 0,0:14:13.82,0:14:17.09,Default,,0000,0000,0000,,just slurp the whole file and base64encode it
Dialogue: 0,0:14:18.28,0:14:28.15,Default,,0000,0000,0000,,and you can access the actual content with\N"path_file.contents" and you then just
Dialogue: 0,0:14:28.15,0:14:30.71,Default,,0000,0000,0000,,base64decode it and write in there.
Dialogue: 0,0:14:31.93,0:14:39.25,Default,,0000,0000,0000,,The nice thing is slurp will never return\Nany change, so it won't say it changed
Dialogue: 0,0:14:39.25,0:14:42.78,Default,,0000,0000,0000,,and it also works great in check mode.
Dialogue: 0,0:14:46.48,0:14:48.43,Default,,0000,0000,0000,,Here's an other quick example.
Dialogue: 0,0:14:49.89,0:14:52.66,Default,,0000,0000,0000,,The example on the left, oh yeah wget.
Dialogue: 0,0:14:53.88,0:14:59.60,Default,,0000,0000,0000,,Here's the problem, every time your playbook\Nruns, this file will get downloaded
Dialogue: 0,0:14:59.60,0:15:07.61,Default,,0000,0000,0000,,and of course if the file can't be\Nretrieved from that URL
Dialogue: 0,0:15:07.61,0:15:12.77,Default,,0000,0000,0000,,it will throw an error and that will\Nhappen all the time.
Dialogue: 0,0:15:14.60,0:15:19.08,Default,,0000,0000,0000,,The right example is a more clean example\Nusing the uri module.
Dialogue: 0,0:15:20.42,0:15:27.57,Default,,0000,0000,0000,,You define a URL to retrieve a file from,\Nyou define where you want to write it to
Dialogue: 0,0:15:27.57,0:15:31.47,Default,,0000,0000,0000,,and you use the "creates" parameter to say
Dialogue: 0,0:15:31.47,0:15:34.89,Default,,0000,0000,0000,,"Just skip the whole thing if the file is\Nalready there".
Dialogue: 0,0:15:40.05,0:15:43.46,Default,,0000,0000,0000,,"set_facts", that's my pet peeve.
Dialogue: 0,0:15:44.72,0:15:49.55,Default,,0000,0000,0000,,set_facts is a module that allows you\Nto define variables
Dialogue: 0,0:15:49.55,0:15:56.94,Default,,0000,0000,0000,,during your playbook run, so you can say\Nset_facts and then
Dialogue: 0,0:15:56.94,0:16:02.92,Default,,0000,0000,0000,,this variable = that variable + a third\Nvariable or whatever
Dialogue: 0,0:16:02.92,0:16:04.91,Default,,0000,0000,0000,,you can do things with that.
Dialogue: 0,0:16:06.38,0:16:13.12,Default,,0000,0000,0000,,It's very problematic, though, because\Nyou end up having your variables
Dialogue: 0,0:16:13.12,0:16:15.39,Default,,0000,0000,0000,,changed during the playbook run
Dialogue: 0,0:16:15.39,0:16:24.78,Default,,0000,0000,0000,,and that is a problem when you use\Nthe "--start-at" parameter
Dialogue: 0,0:16:24.78,0:16:26.40,Default,,0000,0000,0000,,from ansible-playbook.
Dialogue: 0,0:16:29.98,0:16:36.44,Default,,0000,0000,0000,,Because this parameter allows you to\Nskip forward to a certain task in a role
Dialogue: 0,0:16:36.44,0:16:40.13,Default,,0000,0000,0000,,so it skips everything until that point\Nand then continues running there
Dialogue: 0,0:16:40.13,0:16:41.88,Default,,0000,0000,0000,,and that's really great for debugging
Dialogue: 0,0:16:41.88,0:16:48.87,Default,,0000,0000,0000,,but if you define a variable with set_facts\Nand you skip over it,
Dialogue: 0,0:16:48.87,0:16:50.86,Default,,0000,0000,0000,,that variable would just not be defined.
Dialogue: 0,0:16:53.59,0:17:02.03,Default,,0000,0000,0000,,If you heavily use set_facts, that makes\Nprototyping really horrible.
Dialogue: 0,0:17:04.91,0:17:07.56,Default,,0000,0000,0000,,Another point is that you can use
Dialogue: 0,0:17:07.56,0:17:13.41,Default,,0000,0000,0000,,"ansible -m setup" and then the hostname\Nto check what variables are actually defined
Dialogue: 0,0:17:13.41,0:17:18.52,Default,,0000,0000,0000,,for a specific host and everything set\Nwith set_facts is just not there.
Dialogue: 0,0:17:22.23,0:17:27.02,Default,,0000,0000,0000,,In summary, avoid the shell module,\Navoid the command module,
Dialogue: 0,0:17:27.02,0:17:29.87,Default,,0000,0000,0000,,avoid set_facts as much as you can,
Dialogue: 0,0:17:29.87,0:17:36.62,Default,,0000,0000,0000,,and don't hide changes with "changed_when"
Dialogue: 0,0:17:36.62,0:17:41.54,Default,,0000,0000,0000,,so the clean approach is always to use one\Ntask to check something
Dialogue: 0,0:17:41.54,0:17:46.10,Default,,0000,0000,0000,,and then a second task to actually execute\Nsomething for example.
Dialogue: 0,0:17:48.46,0:17:52.33,Default,,0000,0000,0000,,Also, a bad idea in my opinion is when\Npeople say
Dialogue: 0,0:17:52.33,0:17:55.95,Default,,0000,0000,0000,,"Oh well, it's not important if this\Nthrows an error or not,
Dialogue: 0,0:17:55.95,0:17:58.87,Default,,0000,0000,0000,,I'll just say 'fails when false'"
Dialogue: 0,0:18:00.18,0:18:06.48,Default,,0000,0000,0000,,That might work sometimes, but the problem\Nthere is, if something really breaks,
Dialogue: 0,0:18:06.48,0:18:08.06,Default,,0000,0000,0000,,you'll never find out.
Dialogue: 0,0:18:09.20,0:18:10.70,Default,,0000,0000,0000,,Advanced topics.
Dialogue: 0,0:18:13.75,0:18:17.32,Default,,0000,0000,0000,,This is about the templating.
Dialogue: 0,0:18:18.87,0:18:21.92,Default,,0000,0000,0000,,The usual approach, for example for\Npostfix role,
Dialogue: 0,0:18:21.92,0:18:24.69,Default,,0000,0000,0000,,would be to do the following templating.
Dialogue: 0,0:18:25.46,0:18:36.48,Default,,0000,0000,0000,,You define certain variables in for example\Ngroup_vars/postfix_servers
Dialogue: 0,0:18:36.48,0:18:40.87,Default,,0000,0000,0000,,so any host in that group would inherit\Nthese variables,
Dialogue: 0,0:18:41.56,0:18:47.90,Default,,0000,0000,0000,,so this is sort of a list of parameters\Nfor smtp recipient restrictions
Dialogue: 0,0:18:48.92,0:18:54.25,Default,,0000,0000,0000,,and this is just the smtp helo required.
Dialogue: 0,0:18:55.14,0:18:58.15,Default,,0000,0000,0000,,So the usual approach would be to\Ndefine variables
Dialogue: 0,0:18:58.15,0:19:02.73,Default,,0000,0000,0000,,in the host_vars or group_vars, or even\Nin the defaults
Dialogue: 0,0:19:02.73,0:19:08.07,Default,,0000,0000,0000,,and then you have a template where\Nyou just check every single variable
Dialogue: 0,0:19:08.07,0:19:15.23,Default,,0000,0000,0000,,If it exists, you actually sort of put\Nthe actual value there in place.
Dialogue: 0,0:19:18.03,0:19:23.72,Default,,0000,0000,0000,,Here, I check if this variable is set true\Nand if yes, put the string there
Dialogue: 0,0:19:23.72,0:19:26.78,Default,,0000,0000,0000,,else, put this string there
Dialogue: 0,0:19:27.82,0:19:34.13,Default,,0000,0000,0000,,and for example, smtpd_recipient_restrictions\NI just iterate over this array
Dialogue: 0,0:19:34.13,0:19:38.44,Default,,0000,0000,0000,,and just output these values in order\Nin that list.
Dialogue: 0,0:19:41.85,0:19:47.29,Default,,0000,0000,0000,,The problem here is that every time\Nupstream defines a new variable
Dialogue: 0,0:19:47.29,0:19:56.68,Default,,0000,0000,0000,,you'll end up having to touch the actual\Ntemplate file and touch the actual variables
Dialogue: 0,0:19:56.95,0:20:04.10,Default,,0000,0000,0000,,so, I thought, "Well, you actually have\Nkeys and values and strings and arrays
Dialogue: 0,0:20:04.10,0:20:09.47,Default,,0000,0000,0000,,and hashes on one side, and actually,\Na config file is nothing else than that,
Dialogue: 0,0:20:09.95,0:20:11.66,Default,,0000,0000,0000,,just in a different format".
Dialogue: 0,0:20:12.43,0:20:16.75,Default,,0000,0000,0000,,So I came up with…
Dialogue: 0,0:20:18.09,0:20:24.35,Default,,0000,0000,0000,,With Jinja2, you can also define functions
Dialogue: 0,0:20:24.35,0:20:29.48,Default,,0000,0000,0000,,I'll have to cut short a little bit on\Nexplaining it but
Dialogue: 0,0:20:29.48,0:20:36.23,Default,,0000,0000,0000,,basically, up here, a function is defined\Nand it's called here in the bottom
Dialogue: 0,0:20:36.23,0:20:43.59,Default,,0000,0000,0000,,Basically, what it just does, it iterates\Nover the whole dictionary defined here,
Dialogue: 0,0:20:43.83,0:20:47.00,Default,,0000,0000,0000,,"postfix.main", and it just goes…
Dialogue: 0,0:20:48.67,0:20:51.51,Default,,0000,0000,0000,,It iterates over all the keys and values\Nand it goes…
Dialogue: 0,0:20:53.30,0:20:57.93,Default,,0000,0000,0000,,If the value is a string, I'll just put\N"key = value" and
Dialogue: 0,0:20:57.93,0:21:04.06,Default,,0000,0000,0000,,if it's an array, I just iterate over it\Nand put it there in the format that
Dialogue: 0,0:21:04.06,0:21:05.70,Default,,0000,0000,0000,,postfix actually wants.
Dialogue: 0,0:21:07.89,0:21:11.81,Default,,0000,0000,0000,,Basically, you can do the same, for\Nexample, for haproxy and
Dialogue: 0,0:21:11.81,0:21:18.43,Default,,0000,0000,0000,,you can just deserialize all the variables\Nyou actually defined.
Dialogue: 0,0:21:20.26,0:21:22.58,Default,,0000,0000,0000,,The advantages of this is,
Dialogue: 0,0:21:22.58,0:21:27.97,Default,,0000,0000,0000,,your template file just stays the same\Nand it doesn't get messy
Dialogue: 0,0:21:27.97,0:21:29.72,Default,,0000,0000,0000,,if you start adding things.
Dialogue: 0,0:21:30.70,0:21:34.52,Default,,0000,0000,0000,,You have complete whitespace control,\Nusually if you edit stuff,
Dialogue: 0,0:21:34.52,0:21:39.08,Default,,0000,0000,0000,,you kind of get an extra space, a new\Nline in there, and that changes
Dialogue: 0,0:21:39.08,0:21:42.49,Default,,0000,0000,0000,,the template files for all machines.
Dialogue: 0,0:21:43.63,0:21:49.32,Default,,0000,0000,0000,,You have all the settings in alphabetical\Norder, so if you actually run it and
Dialogue: 0,0:21:49.32,0:21:54.72,Default,,0000,0000,0000,,you see the diff, you don't end up having\Nthings going back and forth.
Dialogue: 0,0:21:56.71,0:22:00.56,Default,,0000,0000,0000,,If you get the syntax on the template file\Nright, you don't have to touch it after that
Dialogue: 0,0:22:00.56,0:22:05.96,Default,,0000,0000,0000,,and you also don't get any syntax errors\Nby editing them.
Dialogue: 0,0:22:13.89,0:22:16.00,Default,,0000,0000,0000,,That follows to the next one.
Dialogue: 0,0:22:17.92,0:22:23.89,Default,,0000,0000,0000,,You can actually set a "hash_behaviour"\Nmerge in the Ansible config and
Dialogue: 0,0:22:23.89,0:22:26.97,Default,,0000,0000,0000,,that allows you to do the following.
Dialogue: 0,0:22:28.24,0:22:39.33,Default,,0000,0000,0000,,On the left here, you define for example\Na dictionary and this is, like, in a group
Dialogue: 0,0:22:39.33,0:22:45.35,Default,,0000,0000,0000,,and then in a specific machine, you define\Nan other setting in this dictionary.
Dialogue: 0,0:22:46.32,0:22:51.21,Default,,0000,0000,0000,,If you wouldn't use merge, the second\Nsetting would just override the first one
Dialogue: 0,0:22:51.21,0:22:53.68,Default,,0000,0000,0000,,and you'd end up with that, but if you\Nactually do the merge,
Dialogue: 0,0:22:53.68,0:22:55.59,Default,,0000,0000,0000,,it does a deep merge of the hash.
Dialogue: 0,0:22:56.61,0:23:03.59,Default,,0000,0000,0000,,So the previous thing I showed would\Nactually benefit from that
Dialogue: 0,0:23:03.80,0:23:06.41,Default,,0000,0000,0000,,so the combination of both is really good.
Dialogue: 0,0:23:08.44,0:23:09.86,Default,,0000,0000,0000,,I'll skip that.
Dialogue: 0,0:23:10.31,0:23:16.00,Default,,0000,0000,0000,,Further resources. Ansible has just\Na really good documentation,
Dialogue: 0,0:23:16.00,0:23:22.82,Default,,0000,0000,0000,,there's the IRC and there's also debops\Nwhich is a project that is
Dialogue: 0,0:23:22.82,0:23:27.57,Default,,0000,0000,0000,,specific to Debian and derivatives.
Dialogue: 0,0:23:30.34,0:23:31.48,Default,,0000,0000,0000,,That's it.
Dialogue: 0,0:23:31.76,0:23:37.16,Default,,0000,0000,0000,,[Applause]
Dialogue: 0,0:23:39.28,0:23:40.91,Default,,0000,0000,0000,,Thank you very much.