Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Ansible Tower at General Mills

Keith Resar
August 18, 2017
Technology
0
95

Ansible Tower at General Mills

See how Ashley has incorporated Ansible and Ansible Tower to provide API access and delegated playbook management across hundreds of nodes.

Extend the power of Ansible to your entire team - scale IT automation, manage complex deployments, and speed productivity. Centralize and control your IT infrastructure with a visual dashboard, role-based access control, job scheduling and graphical inventory management.

Keith Resar

August 18, 2017
Tweet

More Decks by Keith Resar

See All by Keith Resar
Real-Time Data Transformation by Example
keithresar
0
20
Exactly-Once Semantics and Transactions in Kafka
keithresar
0
63
Implementing Strangler pattern for microservices migrations
keithresar
0
210
Event streaming fundamentals with Apache Kafka
keithresar
1
310
Stream processing with ksqlDB and Apache Kafka
keithresar
1
260
How Nagios is leveraging Ansible Network Automation
keithresar
1
60
Automating Satellite Installation and Configuration With the Ansible Foreman Modules
keithresar
1
540
Writing your first Ansible operator for OpenShift
keithresar
1
150
Intro to CI/CD in GitLab and Anatomy of a Pipeline
keithresar
1
270

Other Decks in Technology

See All in Technology
一生覚えておきたい「システム開発=コミュニケーション」〜初めての実務案件振り返りLT〜
maimyyym
2
240
よく聞くけど使ったことないソフトウェアNo.1 KafkaとSnowflake
foursue
4
370
On Your Data を超えていく!
hirotomotaguchi
2
730
Janus
bkuhlmann
1
500
Android Target SDK 35 (Android 15) 対応の概要
akkie76
0
130
生産性向上チームの紹介
cybozuinsideout
PRO
1
900
web-application-security
matsuihidetoshi
1
180
BPStudyの200回を中心にIT業界を振り返る。そしてこれから
haru860
3
360
Microsoft for Startups Founders Hub_20240429 update
daikikanemitsu
1
2.3k
いいたいことちゃんという
tkengo
0
130
JAWS-UG Bedrock Claude Night
yamahiro
3
670
開発生産性大幅アップ!Postman VS Code拡張機能
nagix
3
550

Featured

See All Featured
The World Runs on Bad Software
bkeepers
PRO
61
6.7k
Being A Developer After 40
akosma
64
580k
In The Pink: A Labor of Love
frogandcode
138
21k
The Power of CSS Pseudo Elements
geoffreycrofte
61
5k
Agile that works and the tools we love
rasmusluckow
325
20k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
155
14k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
226
51k
What's in a price? How to price your products and services
michaelherold
238
11k
Code Review Best Practice
trishagee
56
15k
Building Effective Engineering Teams - LeadDev
addyosmani
30
1.9k
KATA
mclloyd
16
12k
Web Components: a chance to create the future
zenorocha
306
41k

Transcript

  1. Ansible Tower

  2. Ansible Journey @ General Mills - First used Ansible core

    to automate server patching - Linux team started using it for more automation tasks - Network and Enterprise App teams caught on - We started encouraging other teams to deploy applications using Ansible - Separate application from OS config - Windows web hosting team got involved - App Dev CoE team... - Automation team... - DBA team...

  3. What led to Ansible Tower? - Ops people spending a

    lot of time running playbooks for other people - Cron filling up with ansible jobs - No easy way of notifying of failure - Lack of Linux expertise on Windows side - Need for integration with other tools (API) - Want to hide playbook contents while still giving people ability to run them - Desire for complete inventory of systems - Physical and virtual - Regularly updating

  4. Tower Installation - Download latest tarball - Installation script that

    calls playbook - Also comes with config/database backup and restore functionality - Postgres database - Services - RabbitMQ - Nginx - Supervisord - Install dependencies in Ansible virtual environment - Separate from Tower virtualenv

  5. Our Environment - Clustered setup - Two control nodes -

    External Postgres database server - Load balancing via F5 across both control nodes - Nodes are RHEL 7.3 virtual machines - Each team has own Ansible core server - Set up to push to TFS Git repos - Tower logs exported to Splunk Control Node 1 Control Node 2 Postgres F5

  6. Tower Demo - Goal: Provision a new server in Digital

    Ocean and deploy an Nginx container - Create Project from GitHub playbook repo - Create Inventory to use for Digital Ocean servers - Create three Job Templates - Push SSH key and provision new server - Add new server to inventory - Deploy Docker and Nginx container - Create Workflow Job Template to chain templates - Execute workflow via UI - Execute workflow via API

  7. Advice - Playbook compatibility with Tower - Minimize local actions

    - use delegate_to instead - Remember Tower is running as “awx” user - Don’t turn off job isolation to get Kerberos working - Other Tower users can access credential cache - Write playbooks for Tower control node installation - Some configurations are local to nodes in /etc/tower/conf.d - Python dependencies for modules - PyCharm with Git integration is great for editing roles - Don’t set “Update on Launch” if you want concurrent job templates - http://docs.ansible.com/ansible-tower/latest/html/userguide/job_templates.html #utilizing-cloud-credentials