Tips and tricks for Ansible. Code at git.io/pK57
10 tips & tricksSydney Ansible Meetup,Thursday 12 March 2015Dynamic Clarity
View Slide
define variables with aJSON web service1
{"server_ip": "192.168.0.44","server_name": "dilbert"}https://api.site.com/config/staging
{"server_ip": "10.10.11.34","server_name": "pointy_haired_boss"}https://api.site.com/config/production
multi-stage environments2
!"" inventory# !"" _common# # $"" inventory# !"" production# # !"" group_vars# # # $"" all# # !"" host_vars# # $"" inventory -> ../_common/inventory# $"" staging# !"" group_vars# # $"" all# !"" host_vars# $"" inventory -> ../_common/inventory
ansible_connection=localfor local connections, use3
single self-contained repo4
remove global config (/usr/local/etc/ansible/hosts)keep SSH config in Ansible projectcheck out repo and run!
cloud-local control host5
co-located onsame VPC / VLAN
~zero latencyno public SSHrepo access required
buildkite.com*for deployment6
install agent onAnsible control host
use roles7
don’t use roles,use include
roles can’t strictly bemixed with tasks
pre_tasks:- remove host from load balancerpoolroles:- railstasks:- do stuffpost_tasks:- return load balancer back to pool
pre_tasks:- remove host from load balancer pooltasks:- do stuff- role: nginx- do more other stuff- role: railspost_tasks:- return load balancer back to pool
roles/nginx/files/templates/tasks/handlers/vars/defaults/meta/
$ ansible-galaxy init
Ruby* modules8
located in /librarymust be executabletask name is file name
#!/usr/bin/env ruby# WANT_JSONshebang warning!
*any executable that canread a JSON formatted file(input)and returns JSON to stdout(output)
instant offline accessto documentation9
Dash Alfred+
10style
- name: Install Nginx.yum: name=nginx state=installed
- name: copy somethingtemplate:src: "templates/config.j2"dest: "/home/{{ deploy_user }}/config"owner: "{{ deploy_user }}"group: "{{ deploy_user }}"mode: 0755
- name: copy somethingtemplate: >src="templates/config.j2"dest="/home/{{ deploy_user }}/config"owner="{{ deploy_user }}"group="{{ deploy_user }}"mode=0755
multiline for single parameter=good
- name: decrypt the key on the serversudo_user: "{{ deploy_key_user }}"command: >openssl rsa-in {{ deploy_key_path }}.protected-out {{ deploy_key_path }}-passin pass:{{ deploy_key_secret }}
git.io/pK57
ansibleworkshop.com
Steven Ringo | stevenringo | [email protected]Dynamic Clarity