@@RedFenceAnime I thought he was cute and completely oblivious to the way corporate uses Excel worldwide. Even his worst examples seemed quite reasonable to me, allegedly.
@@ndupontnet like how the NHS lost covid cases because they converted & combined CSV to/in XLS and the rows ran out on daily cases. ps cute and oblivious, eww.
I highly recommend Jeff’s book about Ansible: Ansible for DevOps, Server and configuration management for humans. Jeff is very casual and accessible in his videos, but trust me, he’s a real pro when it comes down to server automation. Collecting technical books is my hobby. Recently I was preparing a new category of books in my collection - Linux hardening and server automation. After a thorough research I decided to place Jeff’s book (I finished reading it a couple days ago) as a go to manual for Ansible in that list. Yes, it’s that good. It’s my first comment on this channel and I don’t comment much on YT in general, but - kudos to you, Geerling Guy! Great, great stuff. Keep up the good work.
@@5TY Definitely: Mastering Linux Security and Hardening, Donald A. Tevault (for servers hardening). Also: How Linux Works, Brian Ward (linux in general). For nerds only: Site Reliability Engineering: How Google Runs Production Systems (hardcore server automation).
The full phrasing of "Jeff's Rule of Golden Hammers" is great, and reminds me of a sort of dysfunction I see in some online communities, where, in short, experts gather to share their golden hammer tips without mind for newbies watching and getting bad ideas. So maybe a sort of corollary to go along, "before you start swinging, check who's watching"
I know exactly what you mean about using a tool you know a lot about for as many uses as possible. After a decade spent learning everything to know about my job when I was in the Army, I started using my M1A1 Heavy tank for hard drive destruction. Turns out that a 62-ton main battle tank is perfect for destroying 3.5" platter drives on concrete. Crushes 'em flat with very little damage to the tank's track pads. I also learned how to cook using the tank's jet turbine engine. Sure, the food tasted a little like diesel fuel but the overall effort was worth it to avoid having to eat another MRE. It also worked great for chasing bad guys through houses - just put the main gun tube over the back deck and charge after them. Now I'm a network engineer and life is boring as hell.
Automating the deployment of Docker Swarm services is actually one my main use cases for Ansible. Docker swarm configs are a bit of a pain to update by hand, and Ansible has been a life saver here.
I always enjoy your videos, and especially enjoyed your dad showing his chops. This video moved you from "oh wow! I should set that up sometime on my montagnard army of Tau" to practical job skill education. Rawk on!
What a relief!!!! I'm new with Ansible and I'm using it for everything. I was starting to worry but I realize that I am not alone in this. Thanks for the video,
Jeff this was one of the--if not **THE** best presentation/video you have done. I knew we had a lot of interests in common, and this confirms it. Ansible is one of the best configuration and configuration management tools, and when combined with other leading-edge open-source (from Hashicorp, Docker, etc.), it allows one to manage many. My home "lab" depends on it to manage all of the servers, workstations, network routers and switches, and of course, IOT devices. You've earned a Sugar Fire lunch for this one for sure!
Looking forward to your backup script. Meanwhile, will be using the earlier Ansible projects to manage my Pi cluster & implement similar monitoring & Pi-hole applications. Thanks for the examples & the books. I'm learning a lot in my retirement.
When you said you couldn't manage your router with Ansible, it made me wonder if I could manage mine. Sure enough, it looks like there's actually quite a few Ansible libraries and modules for managing Mikrotik devices running RouterOS!
We manage thousands of Mikrotiks via Ansible The cli is not really made for automation so we've had to write a lot of built in checks to put in some level of idempotency on some things but it works.
I automate the build of all my local kit including laptops and PIs too. Has been invaluable when having to keep in sync, migrate, duplicate or perform OS upgrades. Saved so so much time. Now looking to automate anything else I can as Ansible rocks!
hi Jeff, you might have seen me on the Ansible Community chat. Despite being active in the c.g collection, I actually started using Ansible little more than one year ago, and what drove me to it was almost the same motivation you had for your Mac setup. I am a Linux guy at heart, so last year when the laptop crashed for whatever reason and I had to reinstall it, I thought the same thing: "I should really automate that setup". That lead me to the `xfconf` module, which was in dire need of some TLC, which eventually made me the maintainer of that module. From that point on, I've start submitting many contributions and eventually became a co-maintainer of the collection. My personal configuration playbook has increased its size many times over since last year. Last run when through more then 500 tasks (overall, including roles and loops). Thanks for all the awesome work you have been doing with Ansible!
I have always loved ansible and the uri module and have always found it a really easy way to script complex http requests, rather than using a shell script. It's doubly useful because you can more easily perform selective queries on the return results, variable substitution, loops, case conversion etc, all with built in functionality. Very handy!
thanks Jeff another great video. I have question as you are getting your head around Collections any plans on doing one of your great videos on it??? Thanks again Jeff
Everybody watching, This guy even bought a solid 24k golden hammer for the content (it is clearly not painted), Such commitment, how can you not Subscribe?
For your version checker can you use a split on . And then take the values as an array and compare each element that way? That could make it so array[1] (9) and array2[1] (10) are compared instead of 9 compared to to 1
I've been thinking of doing something like the requirements updater, but more generic for git and automatically creating a pull requests/merge requests. Maybe I don't know how to search for it, but I've not seen anyone build it yet.
@Jeff would be great to have a video for Salt as well. Even though Ansible is amazing, the lack of support for doing things programmatically (meaning calling roles and playboks via an API and getting JSON results, for example) makes it less than ideal in certain circumstances, while Salt seems to do the job well for the use case.
I run PowerShell for all my Windows and VMware stuff, but Ansible is one of the next things I want to learn. Do you have any Windows examples in your book?
Hey Jeff came across your video and was interested in knowing more on how you used Ansible on scale. We have 1500 - 2000 VMs and ansible takes hell lot of time. We thought the forking mechanism helps but only see 30-32 forks happening at a time with a 64 GM RAM. Any suggestions ?
Typically at that scale you'd either use ansible-pull or some other more tailored mechanism... honestly I'd work with the community through IRC or via mailing list as I typically deal in individual playbooks with 1-200 endpoints to manage. A lot simpler than the thousands!
Heads off to read up on Ansible... I've got a massive automation nightmare on the horizon, fingers crossed you've just saved me a lot of torn out hair.
I built a fully automated VM deployment system using ansible. it's built atop a mysql dynamic inventory, it ingests yaml files for individual VM configs, creates a vm in the correct xcp-ng pool according to the yaml file, and adds it to the dynamic inventory. It then dynamically builds debian net install ISOs with templated vars that pull down the preseed files, and is set up so that it will automatically run postinstall playbooks after the OS install completes. it's kinda a frankenstein's monster of a platform, with some really ugly accounting for edge-cases, but it does work, and saves a ton of time over the many completely manual installations I had to do before I built it.
Very funny. Twenty or more years ago, AWK was my "golden hammer". Anything and everything, I did with AWK. Not only in UNIX but on Windows, I used MKS Systems UNIX tools for windows, which include an AWK interpreter and an AWK compiler. Very easy way to make executables for a simple task that would run in DOS or Windows.
Hello, this is really nice video. I will migrate my MB pro 2018 to new M1, but i am wondering how i can backup or sync setting like theme on zsh. I have .zshrc file and i want to have this file also in new mac and also install homebrew and apps. I checked your github project with mac syncing but its little bit to complex for me. Have you got some video with walktrought creation proces of this ansible script?
At the most basic level I sync things like that through a 'dotfiles' repository-see github.com/geerlingguy/dotfiles That can also be managed through my mac-dev-playbook but if you just want those configs synced, many people just pull from a GitHub repo for it.
I've been using Ansible to bootstrap Salt, as the salt bootstrap script doesn't behave well on "non-baseline" distros (eg. POP_OS, etc). Ansible has also been useful for managing and running Powershell DSC configs against Windows systems (with some minor caveats).
I'm assembling a bramble and have managed to cobble together enough familiarity with ansible that I got it to do the apt update and upgrade thingies. (I'm starting almost from ground zero with linux, as well, so there was much pain here; I had to reimage each pi a couple times because I kept screwing things up.)
There used to be a way to curl pip and install it and ansible remotely in the "pre tasks". Don't know how reliable that was but it sure was satisfying.
One of the things I ran into was the speed of ansible was less than ideal, because it did a python ssh connection for each and every step. There were certain things that were just much faster and more streamlined by the builtin module "script" where there were a LOT of steps. For example, we have an application install script that seems like it is built for ansible to run: creation, permission, and installation of files, directories, and packages. But the larger the build, the slower it was on ansible than it was to upload an install script and run that. Like ansible took 11 minutes versus the 5 from a bash script per server. The problem with "script" is the output of the job (its debug module) is very limited, littered with json garbage, and can't handle progress bars. So while I *could* use ansible, I realized it wasn't efficient enough where I *should* use it.
I know some older versions didn't use a persistent SSH connection, but newer versions should by default, I think-meaning your SSH connection is shared among tasks in one playbook making it a bit faster. But even so, there are a lot of little performance issues that can add up, and I wish Red Hat took the performance more seriously :(
Any chances to see an updated version of Ansible Collections and testing roles with Molecule inside a collection with the dependencies from the same, sibling and external collections? I found it quite "interesting" to figure out, how dependencies should be listed in order for Molecule to work. Other thing i do quite often is tie Ansible and Terraform together. Like... i could run Terraform to provision servers and once servers is up Terraform runs Ansible to do the final configuration. On top of that i had integrated that into CI pipeline. If i need new machine, i just push the changes to the remote git, and after couple of minutes i have a new machine ready for a workload. Like this approach pretty much. The only downside of this is that initial infrastructure provisioning should be triggered manually. :) But i think i'm close to deploying Skynet soon. :)
@@JeffGeerling Oh, that's nice! Then i could potentially mention some particular things. The Secrets. Any kind of them! There is differences do you call Ansible with remote_exec from Terraform or the other way around. If you execute Terraform from Ansible itself, then you can just utilize Ansible's Vault and safely store secrets encrypted in repo itself. If you are executing Ansible from Terraform, then... you need to think how to manage secrets. What i did, was deploying Hashicorps Vault and injected secrets (keys, passwords, TLS, etc) at CI stage (Jenkins has extensions for that). Anyway... secret management i found to be quite "interesting". Other thing i could mention is environment management. You most likely want to provision staging, production and other environments. How do you structure you project for maximal module reusability? What i did, i made some "external" TF modules, which at local development stage i sourced as local files. But when they are done, i can just switch to sourcing directly from remote git (no need for terraform cloud). Also some was just local modules. In Ansible side i also did several environment directories, each containing it's own ssh config and group/host variables. Terraform global variables. Still not quite happy with my solution with feeding in some custom *.tfvars file. For example set of dns domains which are the same for different environments. Or some paths, links to storage, etc. I am even not sure if i do things right if i am reaching for some kind of global vars. Terraform random placeholders. For example you have module which provisions some resource. If user of the module does not provide explicit name of the resource, then you could use things like "random_pet" as fall-back/default/placeholder which you can do only in locals. But again, there are some caveats and bad/good practice rules. And lastly, i found really great way to test the whole setup by utilizing "dmacvicar/libvirt" provider, which allows to to spin up virtual environment without paying for Bezos space flights. :) Overall really interesting topic!
I can't post URLs in comments, but there is a semantic versioning library out there for python that would probably make the version comparisons a lot easier.
The weird and wonderful world that can be automated with Ansible, I built a ci/cd server using ansible and cron. it would poll repos and register the hash of a branch, watching if it changed. Was pretty simple
@@JeffGeerling Yeah, it is a bit of a nightmare. We are a small team and do not have resources and a usecase to run a prod Kubernetes. And even if we had: What happens when our Kubernetes breaks and the automation to repair it is in the said Kubernetes. Do we need a second cluster?
My favorite use for Ansible: dynamicly mounting extra EBS volumes and network interfaces on ec2 instances comming up in an ASG to get persistent storage and internal static IPs. least favorite thing: python library conficts with all the other crap runing on ec2 instances that needs python
I've never understood why Ansible looks in the playbook directory for all sorts of plugins (modules, filters, roles, etc.) but AFAICT it's impossible to put collections in the playbook directory. Otherwise git submodules would be a great way to pin the collection dependencies!
Jeff, what are you using for DNS these days to get nice addresses for your devices? I think in a couple of years and now the office, DNS entries should skyrocket. You still using Pi-Hole to do that?
I've been working on Ansible to automate Linux patching. Who wants to sit through several SSH sessions doing apt update && apt update -y whenever updates are available? Ansible *should* make it painless to do just that.
@@JeffGeerling Ah, after searching your blog I finally understand. All this time watching your channel and hearing your name it never occurred to me it could be dutch, even though i am a native dutch speaker. I can hear it in dutch clearly now. Pindakaas for all !
The electrician example is actually pretty funny. There's a special wire stripping tool you can buy at home depot. Right tool for the job? The professional electricians I know don't use those. They just use regular linesman pliers.
Me, using Excel for anything, "Yup, looks like a task for a spreadsheet."
... I'm going to take away the covid tracing database from you thank you very much
I stopped my spreadsheet addiction after watching Matt Parker's video: "When Spreadsheets Attack!"
@@RedFenceAnime I thought he was cute and completely oblivious to the way corporate uses Excel worldwide. Even his worst examples seemed quite reasonable to me, allegedly.
@@ndupontnet like how the NHS lost covid cases because they converted & combined CSV to/in XLS and the rows ran out on daily cases.
ps cute and oblivious, eww.
I had spreadsheet with macros to automate software installation after windows reinstall...
Woaahhh did you see that Orange Shirt Jeff transformation to Green Shirt Jeff? Mind blown. That has to be the work of Ansible.
Automate your wardrobe!
YaY Dutch soccer team!
Orange-green deployments
It was a cut.
I already liked it when I saw the Dutch orange T shirt. Thanks Jeff for supporting the Dutch team :)
I highly recommend Jeff’s book about Ansible: Ansible for DevOps, Server and configuration management for humans.
Jeff is very casual and accessible in his videos, but trust me, he’s a real pro when it comes down to server automation.
Collecting technical books is my hobby. Recently I was preparing a new category of books in my collection - Linux hardening and server automation. After a thorough research I decided to place Jeff’s book (I finished reading it a couple days ago) as a go to manual for Ansible in that list. Yes, it’s that good.
It’s my first comment on this channel and I don’t comment much on YT in general, but - kudos to you, Geerling Guy! Great, great stuff. Keep up the good work.
Thank you, and I love your nickname.
Now you have me curious about other books in your collection. Any other recommendations for Linux hardening and automation?
@@5TY Definitely: Mastering Linux Security and Hardening, Donald A. Tevault (for servers hardening). Also: How Linux Works, Brian Ward (linux in general).
For nerds only: Site Reliability Engineering: How Google Runs Production Systems (hardcore server automation).
The full phrasing of "Jeff's Rule of Golden Hammers" is great, and reminds me of a sort of dysfunction I see in some online communities, where, in short, experts gather to share their golden hammer tips without mind for newbies watching and getting bad ideas. So maybe a sort of corollary to go along, "before you start swinging, check who's watching"
Who knew that sledges and axes are interchangeable?
the guy is so smooth that the talk footage and the yt footage just splices flawlessly together
Hehe, you barely notice the wardrobe change ;)
I know exactly what you mean about using a tool you know a lot about for as many uses as possible.
After a decade spent learning everything to know about my job when I was in the Army, I started using my M1A1 Heavy tank for hard drive destruction.
Turns out that a 62-ton main battle tank is perfect for destroying 3.5" platter drives on concrete. Crushes 'em flat with very little damage to the tank's track pads.
I also learned how to cook using the tank's jet turbine engine. Sure, the food tasted a little like diesel fuel but the overall effort was worth it to avoid having to eat another MRE.
It also worked great for chasing bad guys through houses - just put the main gun tube over the back deck and charge after them.
Now I'm a network engineer and life is boring as hell.
So... what I'm hearing is every network admin should have an M1A1 tank on call?
> So... what I'm hearing is every network admin should have an M1A1 tank on call?
@@JeffGeerling America F*CK YEAH!
Automating the deployment of Docker Swarm services is actually one my main use cases for Ansible. Docker swarm configs are a bit of a pain to update by hand, and Ansible has been a life saver here.
"There is nothing so permanent as a temporary solution."
You have a great talent for weaving concepts. Thanks!
I always enjoy your videos, and especially enjoyed your dad showing his chops.
This video moved you from "oh wow! I should set that up sometime on my montagnard army of Tau" to practical job skill education. Rawk on!
What a relief!!!! I'm new with Ansible and I'm using it for everything. I was starting to worry but I realize that I am not alone in this. Thanks for the video,
Jeff this was one of the--if not **THE** best presentation/video you have done. I knew we had a lot of interests in common, and this confirms it. Ansible is one of the best configuration and configuration management tools, and when combined with other leading-edge open-source (from Hashicorp, Docker, etc.), it allows one to manage many. My home "lab" depends on it to manage all of the servers, workstations, network routers and switches, and of course, IOT devices. You've earned a Sugar Fire lunch for this one for sure!
I'll take it!
2:56-3:01 is now the perfect reaction clip for many, many IT-related discussions I participate in.
Looking forward to your backup script. Meanwhile, will be using the earlier Ansible projects to manage my Pi cluster & implement similar monitoring & Pi-hole applications. Thanks for the examples & the books. I'm learning a lot in my retirement.
When you said you couldn't manage your router with Ansible, it made me wonder if I could manage mine. Sure enough, it looks like there's actually quite a few Ansible libraries and modules for managing Mikrotik devices running RouterOS!
We manage thousands of Mikrotiks via Ansible
The cli is not really made for automation so we've had to write a lot of built in checks to put in some level of idempotency on some things but it works.
Man, you are helpful! Your ansible chroot role made things very easy for me, thanks so much!
I automate the build of all my local kit including laptops and PIs too. Has been invaluable when having to keep in sync, migrate, duplicate or perform OS upgrades. Saved so so much time. Now looking to automate anything else I can as Ansible rocks!
Hey Jeff great video just ordered your book ansible Dev ops can't wait to read it an learn how to do some automation
Good luck, and happy automating!
hi Jeff, you might have seen me on the Ansible Community chat. Despite being active in the c.g collection, I actually started using Ansible little more than one year ago, and what drove me to it was almost the same motivation you had for your Mac setup.
I am a Linux guy at heart, so last year when the laptop crashed for whatever reason and I had to reinstall it, I thought the same thing: "I should really automate that setup". That lead me to the `xfconf` module, which was in dire need of some TLC, which eventually made me the maintainer of that module. From that point on, I've start submitting many contributions and eventually became a co-maintainer of the collection. My personal configuration playbook has increased its size many times over since last year. Last run when through more then 500 tasks (overall, including roles and loops).
Thanks for all the awesome work you have been doing with Ansible!
I have always loved ansible and the uri module and have always found it a really easy way to script complex http requests, rather than using a shell script. It's doubly useful because you can more easily perform selective queries on the return results, variable substitution, loops, case conversion etc, all with built in functionality. Very handy!
I like it because it's like shell scripts, but more sane.
I didn't know you were such a pro, congrats!
o7
I love this video. Great inspiration!
THAT SHIRT!! You earned a like just with the thumbnail of this video!
This is a great talk. Thanks Jeff.
(Now all I have to do is figure out what Ansible is...)
:D
Cheers,
Learning Ansible Tower right now for my new job. This was super interesting.
thanks Jeff another great video. I have question as you are getting your head around Collections any plans on doing one of your great videos on it???
Thanks again Jeff
Well darn. I may have to learn Ansible. You convinced me
Everybody watching,
This guy even bought a solid 24k golden hammer for the content (it is clearly not painted),
Such commitment, how can you not Subscribe?
All of this year's budget in that prop!
But seriously, I did slightly damage the paint job on our family minivan painting the thing ;)
That is what i call "an explanation" good job ma man!
Percussive maintenance: the terminology I didn't know I needed and can no longer do without. #RadShirtJeff
Subscribed, as a bit of an IT nerd I love this.
A orange shirt of the Dutch KNVB. Did not know Jeff was a soccer fan...
The hardest time is when USA and NED match up. Luckily it's been pretty rare!
Wearing the Dutch KNVB shirt, nice ! (Netherlands soccer association)
For your version checker can you use a split on . And then take the values as an array and compare each element that way? That could make it so array[1] (9) and array2[1] (10) are compared instead of 9 compared to to 1
I think there's an ansible specific jinja filter for version comparisons.
As a web dev, this was extremely painful. Everything else was an inspiration!
I've been thinking of doing something like the requirements updater, but more generic for git and automatically creating a pull requests/merge requests. Maybe I don't know how to search for it, but I've not seen anyone build it yet.
@Jeff would be great to have a video for Salt as well. Even though Ansible is amazing, the lack of support for doing things programmatically (meaning calling roles and playboks via an API and getting JSON results, for example) makes it less than ideal in certain circumstances, while Salt seems to do the job well for the use case.
Like your Shirt :) ! (the orange one that is)
That's a golden Birmingham screwdriver!
Thanks Jeff
Seems like this is a Red Shirt Jeff presentation, except instead of pliers it would have been a chainsaw.
I run PowerShell for all my Windows and VMware stuff, but Ansible is one of the next things I want to learn.
Do you have any Windows examples in your book?
Hey Jeff came across your video and was interested in knowing more on how you used Ansible on scale. We have 1500 - 2000 VMs and ansible takes hell lot of time. We thought the forking mechanism helps but only see 30-32 forks happening at a time with a 64 GM RAM. Any suggestions ?
Typically at that scale you'd either use ansible-pull or some other more tailored mechanism... honestly I'd work with the community through IRC or via mailing list as I typically deal in individual playbooks with 1-200 endpoints to manage. A lot simpler than the thousands!
Heads off to read up on Ansible... I've got a massive automation nightmare on the horizon, fingers crossed you've just saved me a lot of torn out hair.
You get points for the guitar on the wall.
Jeff what is a yuml file? I use node red myself.
I built a fully automated VM deployment system using ansible.
it's built atop a mysql dynamic inventory, it ingests yaml files for individual VM configs, creates a vm in the correct xcp-ng pool according to the yaml file, and adds it to the dynamic inventory.
It then dynamically builds debian net install ISOs with templated vars that pull down the preseed files, and is set up so that it will automatically run postinstall playbooks after the OS install completes.
it's kinda a frankenstein's monster of a platform, with some really ugly accounting for edge-cases, but it does work, and saves a ton of time over the many completely manual installations I had to do before I built it.
Very funny. Twenty or more years ago, AWK was my "golden hammer". Anything and everything, I did with AWK. Not only in UNIX but on Windows, I used MKS Systems UNIX tools for windows, which include an AWK interpreter and an AWK compiler. Very easy way to make executables for a simple task that would run in DOS or Windows.
Hey great video, learning a lot. Can you make video on local DNS server with raspberry pi?
Hello, this is really nice video.
I will migrate my MB pro 2018 to new M1, but i am wondering how i can backup or sync setting like theme on zsh.
I have .zshrc file and i want to have this file also in new mac and also install homebrew and apps.
I checked your github project with mac syncing but its little bit to complex for me. Have you got some video with walktrought creation proces of this ansible script?
At the most basic level I sync things like that through a 'dotfiles' repository-see github.com/geerlingguy/dotfiles
That can also be managed through my mac-dev-playbook but if you just want those configs synced, many people just pull from a GitHub repo for it.
5:15 I guess you need to switch to OpenWRT then you can very much use ansible :D
Great session btw!
first thing I googled was to see what popular router firmwares could be managed with ansible.
Thanks!
Is it possible to get a GPU to work on Raspberry Pi with WOR
Windows on Raspberry Pi
Could GPUs work in windows on raspberry pi
Maybe the conference should have used ansible to record and distribute the great man's speech....
No way Orange shirt😁 Much love from the Netherlands😊
Not gonna lie, I did not learn a thing, but I enjoyed this video nonetheless. Still waiting for that RX6X00 on the Pi update!
Still working on it :(
I've been using Ansible to bootstrap Salt, as the salt bootstrap script doesn't behave well on "non-baseline" distros (eg. POP_OS, etc). Ansible has also been useful for managing and running Powershell DSC configs against Windows systems (with some minor caveats).
I need to ansible my job! Then I can go on vacation without the boss knowing!
Can you automate with ansible, a maintenance plan in sql management?
Over the past weekend, i learned how to get and deploy a SSL cert from let's encrypt.
I'm assembling a bramble and have managed to cobble together enough familiarity with ansible that I got it to do the apt update and upgrade thingies. (I'm starting almost from ground zero with linux, as well, so there was much pain here; I had to reimage each pi a couple times because I kept screwing things up.)
Reimaging Pis is something I think I can now do in my sleep :D
There used to be a way to curl pip and install it and ansible remotely in the "pre tasks". Don't know how reliable that was but it sure was satisfying.
One of the things I ran into was the speed of ansible was less than ideal, because it did a python ssh connection for each and every step. There were certain things that were just much faster and more streamlined by the builtin module "script" where there were a LOT of steps. For example, we have an application install script that seems like it is built for ansible to run: creation, permission, and installation of files, directories, and packages. But the larger the build, the slower it was on ansible than it was to upload an install script and run that. Like ansible took 11 minutes versus the 5 from a bash script per server. The problem with "script" is the output of the job (its debug module) is very limited, littered with json garbage, and can't handle progress bars. So while I *could* use ansible, I realized it wasn't efficient enough where I *should* use it.
I know some older versions didn't use a persistent SSH connection, but newer versions should by default, I think-meaning your SSH connection is shared among tasks in one playbook making it a bit faster.
But even so, there are a lot of little performance issues that can add up, and I wish Red Hat took the performance more seriously :(
Ansible sounds like a good thing to look at for homelab
I'd be up a creek without it! It's reassuring knowing I can rebuild any part of my homelab in minutes without even a full disk image backup.
Anyone noticed that the video is not perfectly synced with audio? (video is slower)
But can ansible do faster then light communication
I'm working on a playbook to set up a bash environment on my workstation and any remote environment.
Nice dutch football shirt!
Any chances to see an updated version of Ansible Collections and testing roles with Molecule inside a collection with the dependencies from the same, sibling and external collections? I found it quite "interesting" to figure out, how dependencies should be listed in order for Molecule to work.
Other thing i do quite often is tie Ansible and Terraform together. Like... i could run Terraform to provision servers and once servers is up Terraform runs Ansible to do the final configuration. On top of that i had integrated that into CI pipeline. If i need new machine, i just push the changes to the remote git, and after couple of minutes i have a new machine ready for a workload. Like this approach pretty much. The only downside of this is that initial infrastructure provisioning should be triggered manually. :) But i think i'm close to deploying Skynet soon. :)
I'm actually working on some Terraform + Ansible work for my 2nd Ansible book, 'Ansible for Kubernetes'. It's been a long time coming though :O
@@JeffGeerling Oh, that's nice! Then i could potentially mention some particular things.
The Secrets. Any kind of them!
There is differences do you call Ansible with remote_exec from Terraform or the other way around. If you execute Terraform from Ansible itself, then you can just utilize Ansible's Vault and safely store secrets encrypted in repo itself. If you are executing Ansible from Terraform, then... you need to think how to manage secrets. What i did, was deploying Hashicorps Vault and injected secrets (keys, passwords, TLS, etc) at CI stage (Jenkins has extensions for that).
Anyway... secret management i found to be quite "interesting".
Other thing i could mention is environment management. You most likely want to provision staging, production and other environments. How do you structure you project for maximal module reusability? What i did, i made some "external" TF modules, which at local development stage i sourced as local files. But when they are done, i can just switch to sourcing directly from remote git (no need for terraform cloud). Also some was just local modules.
In Ansible side i also did several environment directories, each containing it's own ssh config and group/host variables.
Terraform global variables. Still not quite happy with my solution with feeding in some custom *.tfvars file. For example set of dns domains which are the same for different environments. Or some paths, links to storage, etc.
I am even not sure if i do things right if i am reaching for some kind of global vars.
Terraform random placeholders. For example you have module which provisions some resource. If user of the module does not provide explicit name of the resource, then you could use things like "random_pet" as fall-back/default/placeholder which you can do only in locals. But again, there are some caveats and bad/good practice rules.
And lastly, i found really great way to test the whole setup by utilizing "dmacvicar/libvirt" provider, which allows to to spin up virtual environment without paying for Bezos space flights. :)
Overall really interesting topic!
I can't post URLs in comments, but there is a semantic versioning library out there for python that would probably make the version comparisons a lot easier.
Just in time for those new MBP's next week...
Exactly!
Anyone know the font @ 4:51?
13:20 Bro, Jeff tagged his repo with "gore" . RIP my man
The weird and wonderful world that can be automated with Ansible, I built a ci/cd server using ansible and cron. it would poll repos and register the hash of a branch, watching if it changed. Was pretty simple
Simple is good. Simple is easy to maintain!
Is there some reliable procedure to install a recent AWX without Kubernetes?
Unfortunately... no. I don't really use AWX anymore, it has become a bit too complex to run.
@@JeffGeerling Yeah, it is a bit of a nightmare. We are a small team and do not have resources and a usecase to run a prod Kubernetes. And even if we had: What happens when our Kubernetes breaks and the automation to repair it is in the said Kubernetes. Do we need a second cluster?
Hammering a screw.
I had my homeautomation running via ansible playbooks .. if that's uncommon enough :D
My favorite use for Ansible: dynamicly mounting extra EBS volumes and network interfaces on ec2 instances comming up in an ASG to get persistent storage and internal static IPs. least favorite thing: python library conficts with all the other crap runing on ec2 instances that needs python
Jeff's Rule of Golden Hammers 😃. I guess Red-Shirt-Jeff got the rest of the golden toolbox: saws and blow torches anyone?
I haven't yet revealed the law of hacksaws and blowtorches.
i ve been using Ansible to automate Cloud datacenter build
I've never understood why Ansible looks in the playbook directory for all sorts of plugins (modules, filters, roles, etc.) but AFAICT it's impossible to put collections in the playbook directory. Otherwise git submodules would be a great way to pin the collection dependencies!
Jeff, what are you using for DNS these days to get nice addresses for your devices? I think in a couple of years and now the office, DNS entries should skyrocket. You still using Pi-Hole to do that?
Pi-hole at home, unbound at office
@@JeffGeerling Nice! I hope you publish the playbooks you use for the equipments in your office network soon!
No way, it's the guy who autocloses all pull requests :D
I've been working on Ansible to automate Linux patching. Who wants to sit through several SSH sessions doing apt update && apt update -y whenever updates are available? Ansible *should* make it painless to do just that.
is ... is that a dutch soccer shirt ??
Why yes, it is! 🇳🇱
@@JeffGeerling Ah, after searching your blog I finally understand. All this time watching your channel and hearing your name it never occurred to me it could be dutch, even though i am a native dutch speaker. I can hear it in dutch clearly now. Pindakaas for all !
@@thygate Mmm, add a little nutella for one of the best treats.
My golden hammer is "write an over-engineered project in C#". At least you get stuff done!
The electrician example is actually pretty funny. There's a special wire stripping tool you can buy at home depot. Right tool for the job? The professional electricians I know don't use those. They just use regular linesman pliers.
Did Red Shirt Jeff snug the screw in, instead of a nail (2:00). 😉😁
I wish I had Ansible at Yahoo in ‘98, I’d own the planet now.
Yahoo in 98 was like a different universe.
Remember BATCH file in DOS, well it's a bit of a same story too here 😙
Nice!
So your Ansible based SSG won't be released soon?
Heh... don't think I haven't considered such an ill-suited task.
so ansible is an API? a language or something else?
Take a shot every time he says "Ansible"
That’s suicide
You painted the hammer right ?
Nice shirt :)
"if it's stupid and it works, it's not stupid"
Percussive maintenance, thats what i call my DIY.
When is the Radxa video going to be aired? Can't wait for it :)
It's going to be a big one. Probably some time in November. Plenty of other fun things brewing between now and then though!
Even RedHat used to swear by Ansible to configure Ceph but have finally realized its not the correct tool.....