$30 off During Our Annual Pro Sale. View Details »

Some Ansible Best Practices

Serge van Ginderachter
December 12, 2015
How-to & DIY
3
2.9k

Some Ansible Best Practices

Serge van Ginderachter

December 12, 2015
Tweet

More Decks by Serge van Ginderachter

See All by Serge van Ginderachter
MODELLING INFRASTRUCTURE WITH ANSIBLE INVENTORY DATA
svg
3
1k

Other Decks in How-to & DIY

See All in How-to & DIY
スマホでNode-RED
ozk009
0
210
家のいろいろな数値を計測する
kishikawakatsumi
4
1.5k
Les Aventures d'un Facilitateur au Pays des Techs
thirion
1
140
Finding talent without LinkedIn
davidbonilla
1
1.9k
OuraRingで体調不良を同僚にそっと伝える方法
taokiuhuru
1
110
職能/職種横断でチームの生産性を高める
akatsuki174
2
5.1k
キャンプIoTに挑戦!vol.2
runrunsan
0
940
好みのコーヒー探し / find my favorite coffee
thatblue
0
140
SORACOMで子育てHack
ozk009
0
320
キャンプでIoT冷蔵庫は使えるのか
runrunsan
0
220
스크럼에 대한 거의 모든 것
haebom
0
280
営業撃退インターホン (リバイバル) #iotlt
n0bisuke2
0
260

Featured

See All Featured
Dealing with People You Can't Stand - Big Design 2015
cassininazir
351
21k
StorybookのUI Testing Handbookを読んだ
zakiyama
7
3.1k
Teambox: Starting and Learning
jrom
124
7.8k
KATA
mclloyd
10
9.4k
A Tale of Four Properties
chriscoyier
149
21k
Agile that works and the tools we love
rasmusluckow
320
19k
The Art of Programming - Codeland 2020
erikaheidi
35
11k
Ruby is Unlike a Banana
tanoku
92
9.5k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
1
310
Pencils Down: Stop Designing & Start Developing
hursman
113
10k
The Pragmatic Product Professional
lauravandoore
19
3.3k
Stop Working from a Prison Cell
hatefulcrawdad
263
18k

Transcript

  1. (Some) Ansible Best Practices according to @svg Ansible Meetup Berchem

    12/12/2015

  2. Hi! My name is Serge and I’m an Ansible User

    Serge van Ginderachter @svg github.com/srvg ops consultant @ ginsys.eu github.com/ginsys serge@ginsys.eu

  3. do one thing and do it well roles are the

    <body> of ansible focus on small roles that do one specific thing

  4. DON’T DO BIG SILO ROLES: SPLIT IN SMALL ROLES:

  5. provide small roles with extensive parameterization your role variables are

    your API

  6. assumptions are bad deploying on some public cloud? or high

    secure private banking datacenter? direct internet connection? internet repository or local mirror? proxy access? Allow for flexible options when writing your role.

  7. generic galaxy role assume remote_user is root? or assume sudo

    is needed?

  8. privilege escalation in roles explicit is better than implicit -

    if task needs root, explicitly use become: true and become_user: root - or become_user: myapp - cumbersome for all tasks - use blocks in v2

  9. Use full YAML notation instead of key=value http://blog.bandwidth.com/why-you-should-use-yaml-as- yaml-with-ansible/

  10. action: or modulename: ? - action: module: file dest: /blah/foo

  11. mention all module parameters explicitly if not, owner and group

    depend on remote_user OR become_user mode depends on some default os/user setting

  12. beware of defaults! defaults are bad!

  13. defaults change over time Java 8 is the new stable

    for now don’t build an app depending on the ‘latest stable’ of that library do not rely on group_vars/all {{role}}/defaults/main.yml is for providing a sane default example, not for running values explicit is better than implicit what if a role changes a default?

  14. all the things at once?

  15. update the default? group_vars/all ? group_vars/development ? group_vars/my_fancy_app ? upgrade

    all your Java 8 based apps at once, when changing the default to 9? … in all that application’s environments like dev, test and prod, at once? when java 9 is the new 8

  16. Code and Data separation ideally: code = ansible playbooks, plays,

    roles data = ansible inventory

  17. Constants, Variables, Parameters role/vars are constants play vars are constants

    too, but roles are better role/defaults are nothing more than examples group_vars and host_vars exist at both inventory level and playbook level most logical would be to override playbook vars with inventory vars keep things simple, don’t mix $ grep $ -r playbook/play.yml:- hosts: all playbook/play.yml: tasks: playbook/play.yml: - debug: var=myvar inventory/hosts:localhost inventory/group_vars/all:myvar: inventory playbook/group_vars/all:myvar: playbook $ ansible-playbook -i inventory/hosts playbook/play.yml PLAY *************************************************************************** TASK [setup] ******************************************************************* ok: [localhost] TASK [debug var=myvar] ********************************************************* ok: [localhost] => { "changed": false, "myvar": "playbook" } PLAY RECAP ********************************************************************* localhost : ok=2 changed=0 unreachable=0 failed=0 [2.1.0 (devel bd0f9a4afc)] serge@goldorak:~/Temp/ansible2$

  18. Variables inventory group_vars are powerful - also complex when lots

    of groups and childs keep it explicit at runtime, ansible only cares about vars per host, no reason why dynamic inventory script could not return only host vars and do the merging for you ansible.cfg: hash_behaviour=merge sounds cool for fancy dictionary things is not portable

  19. -- tags keep tags high level playbook role perhaps 1

    role ~ 1 tag do not overuse tags what do you want to achieve with tags? many tags within a role? perhaps you need smaller roles avoid. again, explicit is better than implicit role dependencies

  20. other resources https://www.theodo.fr/blog/2015/10/best-practices-to-build-great-ansible-playbooks/ https://www.reinteractive.net/posts/167-ansible-real-life-good-practices

  21. Questions?