Ansible 2.5 Release Party

Transcript

1. ANSIBLE 2.5 RICHARD ZURAFF

2. ANSIBLE 2.5 AND 2.5.1 REFERENCES • Good Ansible 2.5 Blog

   • https://www.ansible.com/blog/ansible-2.5-traveling-space-and-time • Ansible 2.5 Porting Guide • Help assist in updating your playbooks from 2.4 to 2.5 • https://docs.ansible.com/ansible/2.5/porting_guides/porting_guide_2.5.html • Ansible 2.5 • In depth look at changes or additions • https://docs.ansible.com/ansible/2.5/roadmap/ROADMAP_2_5.html#id10 • Ansible Change Log on Github • https://github.com/ansible/ansible/blob/stable-2.5/changelogs/CHANGELOG- v2.5.rst

3. FUN FACT • Releases are named after Led Zeppelin songs.

   (Releases prior to 2.0 were named after Van Halen songs.) • Ansible 2.5 Kashmir

4. REMOVED FEATURES (PREVIOUSLY DEPRECATED) • Removed the previously deprecated 'accelerate'

   mode and all associated keywords and code. • boundary_meter: There was no deprecation period for this but the hosted service it relied on has gone away so the module has been removed. #29387 • cl_ : cl_interface, cl_interface_policy, cl_bridge, cl_img_install, cl_ports, cl_license, cl_bond. Use nclu instead • docker. Use docker_container and docker_image instead. • ec2_vpc. • ec2_ami_search, use ec2_ami_facts instead. • nxos_mtu. Use nxos_system's system_mtu option instead. To specify an interface's MTU use nxos_interface. • panos_nat_policy: Use panos_nat_rule the old module uses deprecated API calls

5. DEPRECATED FEATURES • Apstra's aos_* modules are deprecated as they

   do not work with AOS 2.1 or higher. See new modules at https://github.com/apstra. • Previously deprecated 'hostfile' config settings have been 're-deprecated' because previously code did not warn about deprecated configuration settings. • Using Ansible-provided Jinja tests as filters is deprecated and will be removed in Ansible 2.9. • The stat and win_stat modules have deprecated get_md5 and the md5 return values. These options will become undocumented in Ansible 2.9 and removed in a later version. • The redis_kv lookup has been deprecated in favor of new redis lookup • Passing arbitrary parameters that begin with HEADER_ to the uri module, used for passing http headers, is deprecated. Use the headers parameter with a dictionary of header names to value instead. This will be removed in Ansible 2.9 • Passing arbitrary parameters to the zfs module to set zfs properties is deprecated. Use the extra_zfs_properties parameter with a dictionary of property names to values instead. This will be removed in Ansible 2.9. • Passing arbitrary parameters that begin with HEADER_ to the uri module, used for passing http headers, is deprecated. Use the headers parameter with a dictionary of header names to value instead. This will be removed in Ansible 2.9

6. DEPRECATED FEATURES CONT. • Use of the AnsibleModule parameter check\_invalid\_arguments

   in custom modules is deprecated. In the future, all parameters will be checked to see whether they are listed in the arg spec and an error raised if they are not listed. This behaviour is the current and future default so most custom modules can simply remove check\_invalid\_arguments if they set it to the default value of True. The check\_invalid\_arguments parameter will be removed in Ansible 2.9. • The nxos_ip_interface module is deprecated in Ansible 2.5. Use nxos_l3_interface module instead. • The nxos_portchannel module is deprecated in Ansible 2.5. Use nxos_linkagg module instead. • The nxos_switchport module is deprecated in Ansible 2.5. Use nxos_l2_interface module instead. • The ec2_ami_find has been deprecated; use ec2_ami_facts instead. • panos_security_policy: Use panos_security_rule - the old module uses deprecated API calls • vsphere_guest is deprecated in Ansible 2.5 and will be removed in Ansible-2.9. Use vmware_guest module instead.

7. MAJOR CHANGES •Ansible Network improvements ◦Created new connection plugins network_cliand

   netconf to replace connection=local. connection=local will continue to work for a number of Ansible releases. ◦No more unable to open shell. A clear and descriptive message will be displayed in normal ansible-playbook output without needing to enable debug mode ◦Loads of documentation, see Ansible for Network Automation Documentation. ◦Refactor common network shared code into package under module_utils/network/ ◦Filters: Add a filter to convert XML response from a network device to JSON object. ◦Loads of bug fixes. ◦Plus lots more. •New simpler and more intuitive 'loop' keyword for task loops. The with_<lookup> loops will likely be deprecated in the near future and eventually removed. •Added fact namespacing; from now on facts will be available under ansible_facts namespace (for example: ansible_facts.os_distribution) without the ansible_ prefix. They will continue to be added into the main namespace directly, but now with a configuration toggle to enable this. This is currently on by default, but in the future it will default to off. •Added a configuration file that a site administrator can use to specify modules to exclude from being used.

8. MINOR CHANGES • ansible-inventory - now supports a --export option

   to preserve group_var data (https://github.com/ansible/ansible/pull/36188) • Added a few new magic vars corresponding to configuration/command line options: ansible_diff_mode, ansible_inventory_sources, ansible_limit, ansible_run_tags , ansible_forks and ansible_skip_tags • Updated the bundled copy of the six library to 1.11.0 • Added support to become NT AUTHORITY\System, NT AUTHORITY\LocalService, and NT AUTHORITY\NetworkService on Windows hosts • Fixed become to work with async on Windows hosts • Improved become elevation process to work on standard Administrator users without disabling UAC on Windows hosts • The jenkins_plugin and yum_repository plugins had their params option removed because they circumvented Ansible's option processing. • The combine filter now accepts a list of dicts as well as dicts directly • New CLI options for ansible-inventory, ansible-console and ansible to allow specifying a playbook_dir to be used for relative search paths. • The `stat` and win_stat modules have changed the default value of get_md5 to False which will result in the md5 return value not being returned. This option will be removed altogether in Ansible 2.9. Use get_checksum: True with checksum_algorithm: md5 to return an md5 hash of the file under the checksum return value.

9. MINOR CHANGES CONT. • The osx_say module was renamed into

   say. • Task debugger functionality was moved into StrategyBase, and extended to allow explicit invocation from use of the debugger keyword. The debug strategy is still functional, and is now just a trigger to enable this functionality. • The documentation has undergone a major overhaul. Content has been moved into targeted guides; the table of contents has been cleaned up and streamlined; the CSS theme has been updated to a custom version of the most recent ReadTheDocs theme, and the underlying directory structure for the RST files has been reorganized. • The ANSIBLE_REMOTE_TMP environment variable has been added to supplement (and override) ANSIBLE_REMOTE_TEMP. This matches with the spelling of the config value. ANSIBLE_REMOTE_TEMP will be deprecated in the future. • aci_* modules - added signature based authentication • aci_* modules - included dedicated ACI documentation • aci_* modules - improved ACI return values

10. NEW ITEMS • New Lookup Plugins • AWS • Lookup

    Ansible settings • New Callback Plugins • null • unixy • yaml • New Connection Plugins • •kubectl • •oc • •netconf • •network_cli • New Filter Plugins • parse_xml

11. NEW ITEMS CONT. • New Modules • Cloud • Amazon

    • Azure • Cloudstack • Digital_ocean • Google • Oneandone • Openstack • VMware • Vultr • Clustering • Crypto • Database

12. NEW ITEMS CONT. • New Modules continued • Identity •

    Monitoring • Net Tools • Network (lots of new modules) • F5 • Notification • Packaging • Remote Management • System • Web Infrastructure • Windows

13. BUGFIXES

14. STATIC LOOP KEYWORD • Deprecate (not on standard deprecation cycle)

    with_ in favor of loop: • This loop: will take only a list • Remove complexity from loops, lookups are still available to users • Less confusing having a static directive vs a one that is dynamic depending on plugins loaded.

15. MODULE BLACKLISTING • Added a configuration file that enables administrators

    to filter modules that should be excluded from being used in playbook runs. Operationally, this ensures administrators have more control over which Ansible Modules are approved for use.

16. WINDOWS • To ease the privilege escalation on Windows systems,

    we’ve expanded become capabilities to include: • Support to become NT AUTHORITY\System, NT AUTHORITY\LocalService, and NT AUTHORITY\NetworkService • Updated become to work with async on Windows hosts • Improved become elevation process to work on standard Administrator users without first disabling UAC on Windows hosts

17. ANSIBLE 2.5.1 • Minor Changes • Updated example in vcenter_license

    module. • Updated virtual machine facts with instanceUUID which is unique for each VM irrespective of name and BIOS UUID. • Bugfixes

18. QUESTIONS