$30 off During Our Annual Pro Sale. View Details »

20190720_Better Practice_ Day 2 Operaition with Ansible

Phil Huang
July 20, 2019
Technology
1
800

20190720_Better Practice_ Day 2 Operaition with Ansible

#ansible

Phil Huang

July 20, 2019
Tweet

More Decks by Phil Huang

See All by Phil Huang
20231129 如何選擇適當的 CNCF Project 來使用
pichuang
0
50
20231024 CNSW Lightning Talk: TAG Environmental Sustainability
pichuang
0
58
20230913_採用 Azure OpenAI 和 Azure Kubernetes Service 來建構您自己的 AI 應用程式
pichuang
1
64
20230615 Kubernetes Scalable Workloads
pichuang
1
220
混合雲基礎架構探討 Microsoft Azure Infrastructure
pichuang
0
56
20230328 ARO Technical Workshop
pichuang
0
57
20230320 Azure Red Hat OpenShift Network Concepts
pichuang
0
83
20221222 Unleashing the Power of Azure VMware Solution
pichuang
0
260
20221220 Azure Public IP 路由偏好教戰手冊
pichuang
0
140

Other Decks in Technology

See All in Technology
10分でわかる株式会社ログラス − エンジニア向け会社説明資料 / Loglass in 10 min for Engineers
loglass2019
2
830
The Future of encoding/json
iamshunta
2
270
実装がすべてではない、開発者の周りから考える Web プロダクトセキュリティ
oldbigbuddha
1
230
LLMを活用した爆速アウトプットのすゝめ / bakusoku-outputs-with-llm
yuya4
8
4.1k
エンタープライズSaaSへの挑戦〜顧客の事業を成長させるプロダクトマネジメントとは?〜 / pmconf2023
route06
2
960
Oracle Cloud Infrastructure データベース・クラウド:各バージョンのサポート期間
oracle4engineer
PRO
6
5.2k
Parsing case study in Go / Go Conference mini 2023 Winter IN KYOTO
k1low
2
270
ChatGPT for Developer - 超入門
dahatake
41
23k
18行のLinuxカーネルモジュールを 作ってみる
sat
PRO
1
100
SRE推進における失敗と成功 〜く"し"け"な"い"〜 - NIFTY Tech Day 2023
niftycorp
0
120
開発組織の体制づくり、いつやるか問題
akiroom
0
1.9k
GPT APIを使ったテキスト生成コンペ@YANS2023に参加した話
naohachi89
2
860

Featured

See All Featured
Typedesign – Prime Four
hannesfritz
35
1.8k
RailsConf 2023
tenderlove
0
350
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
39
4k
The MySQL Ecosystem @ GitHub 2015
samlambert
241
11k
The Cost Of JavaScript in 2023
addyosmani
10
3.1k
Reflections from 52 weeks, 52 projects
jeffersonlam
342
19k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
123
31k
5 minutes of I Can Smell Your CMS
philhawksworth
199
19k
Designing for Performance
lara
601
66k
Large-scale JavaScript Application Architecture
addyosmani
501
110k
Building Better People: How to give real-time feedback that sticks.
wjessup
349
18k
Debugging Ruby Performance
tmm1
68
11k

Transcript

  1. Best Better Practice:
    Day 2 Operation with Ansible
    Phil Huang 黃秉鈞
    SDN x Cloud Native Meetup #18, Taiwan, July. 20, 2019

    View Slide

  2. # whois Phil Huang 黃秉鈞
    ● 社群斜槓 青年 青壯年
    ○ SDNDS-TW
    ○ Cloud Native Taiwan User Group (CNTUG)
    ● 任職於 Red Hat 擔任 Solution Architect
    ○ Ansible IT Automation
    ○ OpenShift Container Platform
    ○ Software-Defined Networking (SDN)
    ○ Network Function Virtualization (NFV)
    ● Blog
    ○ https://blog.pichuang.com.tw
    Ref: https://www.linkedin.com/in/phil-huang-09b09895/

    View Slide

  3. 感謝 Monosapce 共同工作空間 提供場地支持
    Ref: https://monospace.tw/

    View Slide

  4. 感謝 台中自由軟體愛好者社群 - TFC 提供社群支持
    Ref: https://www.facebook.com/tfctaiwan

    View Slide

  5. Before Starting

    View Slide

  6. 閒聊...
    1. Ceph 快起飛了
    2. k8s 多網卡架構
    3. Ansible 的 Logo 小趣事

    View Slide

  7. 假設你...
    1. 你知道 Ansible
    2. 你用過 Ansible
    3. 你電腦有裝 Ansible

    View Slide

  8. 回顧一下 Ansible 技術概觀介紹_20190130
    Ref: https://speakerdeck.com/pichuang/ansible-ji-shu-gai-guan-jie-shao-20190130

    View Slide

  9. Ansible in Real World

    View Slide

  10. Q: Ansible 在 IT 架構具體落地是在哪裡?
    Ref: https://www.ibm.com/cloud/blog/end-to-end-application-provisioning-with-ansible-and-terraform

    View Slide

  11. A: 堡壘機 (Bastion Host / Jump Server )
    ● 單一管理入口
    ● 權限控管窗口
    ● 雜 Code 放置所
    Ref: 認識 Bastion Host 部署管理機 - Yi Yang

    View Slide

  12. 關於 SSH 連線 - ProxyCommand
    Ref: 認識 Bastion Host 部署管理機 - Yi Yang
    Host 10.10.10.*
    ProxyCommand ssh -W %h:%p bastion.pichuang.local
    IdentityFile ~/.ssh/private_key.pem
    Host bastion.pichuang.local
    Hostname bastion.pichuang.local
    User pichuang
    IdentityFile ~/.ssh/private_key.pem
    StrictHostKeyChecking no

    View Slide

  13. 到底 ansible.cfg 放在哪裡好?
    A. ANSIBLE_CONFIG (environment variable if set)
    B. ansible.cfg (in the current directory)
    C. ~/.ansible.cfg (in the home directory)
    D. /etc/ansible/ansible.cfg
    Ref: https://docs.ansible.com/ansible/latest/reference_appendices/config.html#the-configuration-file
    個人慣例

    View Slide

  14. 是否該維護自己的 ansible.cfg?
    Ref: https://gist.github.com/pichuang/7b1b826595aada062f37eee5ab9852a2#file-ansible-cfg-L13
    ● 就像對待 dotfiles (.bashrc / .vimrc / … )
    ● 常駐外掛: SSH 加速設定
    ● 開了不會後悔的參數
    ● callback_whitelist = profile_tasks
    ● stdout_callback = debug

    View Slide

  15. Recap: 三個指令學一下
    ● 檢查環境
    ○ ansible -i hosts all -m ping
    ● 同時下指令 (回想起用 tmux synchronize-panes 的畫面嗎?)
    ○ ansible -i hosts all -m command -a “ls”
    ● Copy 檔案 (回想起用 scp + for 迴圈的日子了嗎?)
    ○ ansible -i hosts all -m copy -a “src=/ooxx dest=/xxoo”

    View Slide

  16. Ansible Command v.s. Shell v.s. Raw
    ● Linux
    ○ command > shell > raw
    ● Windows
    ○ win_command > win_shell > raw
    ● Network
    ○ *os_command > raw
    三者參考選擇:
    ● 避免環境變數注入問題,寫 Playbook 時,優選 command
    ● shell 類同於一般打指令
    ○ ansible -m shell -a “xxx | ooo >> $HOME”
    ● raw 在受控機器環境嚴苛狀況下再考慮用 (例如 router)

    View Slide

  17. 啥時該寫 Ansible Playbook?
    ● 短時間內需要反覆下同樣的指令
    ● 每日例行公事
    ● Debugging
    ● 分享經驗給其他人
    ○ ansible-galaxy (o)
    ○ git (o)
    ○ svn (o)
    ○ zip (x)
    Check List

    View Slide

  18. Q: 如何使用 ansible-playbook 指令?
    A. 直接下指令: ansible-playbook -i hosts ...
    B. shell script + ansible-playbook
    C. makefile + ansible-playbook
    個人慣例

    View Slide

  19. A: ansible-playbook 與 {Shell Script, Makefile} 是好友
    $ cat /usr/bin/upgrade.sh
    #!/bin/bash
    ansible-playbook -i hosts /do/not/copy/the/script/upgrade.yml
    $ chmod +x /usr/bin/upgrade.sh
    $ upgrade.sh

    View Slide

  20. Ansible v.s. (or +) Terraform (1/2)
    ● Ansible: 單點 Configuration
    ● Terraform: 廣域 Provision

    View Slide

  21. Ansible v.s. (or +) Terraform (2/2)

    View Slide

  22. IaC 基礎建設即代碼: Git + Ansible 上班撿到槍組合
    Ref: https://about.gitlab.com/community/heroes
    ● 版本控制 >> 多人共用
    ● 地端最多人用 GitLab
    ● 開發流程選擇
    ○ 小型副本: GitHub Flow
    ○ 大型副本: GitLab Flow

    View Slide

  23. Ansible 除錯小技巧
    Ref: https://blog.pichuang.com.tw/20190618-ansible-troubleshooting/

    View Slide

  24. 思考 Pipeline 心法: Step by Step
    點、線、面

    View Slide

  25. After

    View Slide

  26. Ref: https://www.facebook.com/events/2143280755732051/

    View Slide

  27. Ref: http://ansible.tw/#!index.md

    View Slide

  28. Ref: https://www.facebook.com/RedHatTaiwan/
    紅帽美女S小編說:

    View Slide

  29. Q&A
    台上一小時,台下三日夜
    社群正向回饋,需要一起參與
    Ref: https://www.facebook.com/micomikicat/

    View Slide