Ansible 101 - Episode 12 - Real-world Ansible Playbooks

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

all right I'm presuming that this is actually working I had a little technical difficulty here I'd YouTube sometimes when I open it up everything is fine and then I start streaming and then it starts saying that there's like streaming errors all this stuff and then I just restart my browser and it's good again I don't know if that's YouTube trying to get me to use Chrome or what but welcome and thank you for watching today is episode 12 of the san saba 101 livestream there will be still a few more episodes and at the end of the episode i'll get into what we'll do next but today we're going to talk about real world ansible playbooks and i wanted to dive right in first of all thank you for joining and if you'd like if you'd like to share where you're from and where you're watching this live stream that would be awesome it's always cool to see where everybody is from around the world in the past week I've gotten a few emails from people from the Netherlands which is near and dear to my heart me being a gilling from the southern part of the Netherlands not myself but two generations removed from that and but I've heard from people from India and from the UK and from all parts of the US Canada Mexico Brazil all over the place it's it's really cool to see the global community we have and also to see some of the unity we have in the midst of all the difficult times we've been through in different parts of the world so I started this series as we all kind of worldwide got into this difficult time with with kovat and and I will be continuing it for a few more episodes at least but I it's it's really cool to see everybody come together and another thing that I wanted to mention I'll switch to my screen share so you can see this today is the last day I'm going to close this contest the entries for this contest I set up a video a couple weeks ago for a pay it forward challenge so my youtube channel has 25 well now it has like 30 thousand subscribers which is crazy I mentioned many episodes ago that my goal this year was to get to 5000 subscribers and that kind of got blown away so that is I'm floored by that thank you very much for subscribing if you are if you don't you can go ahead and click Subscribe below there's plenty of good content coming but today is the last day that you can donate to an open-source project or maintainer and get a chance to win this Raspberry Pi 8 gigabyte model 4 which is brand-new unopened I have I have a well I don't know where it is here it is I have another one that I've been testing I'm gonna be doing a for review on it and yesterday in fact I worked entirely from the Raspberry Pi all day and I'll share my thoughts on that in a video coming very soon but if you're interested in that like I said subscribe to the channel that's a good content coming they're also talking about the Turing PI cluster and how I'm using ansible with kubernetes to control that it's over on the other side of the room so I can't grab it to show you it but anyway there's there's that and it's been really cool to see I think we're past 10,000 dollars raised for different open-source projects and a lot of them like there's a few people who donate to and to the patchy foundation things like that every organization that does open-source work always needs the help but it's been especially awesome for me to see some of the donations people you know if you give somebody three bucks or five bucks or a dollar and for a small open-source maintainer especially if they might just be starting out and you use something that they did now or even if you don't use something they did but she saw a blog post that you liked from them or something it it can really make their day so I'm happy to see that so go ahead and do that if if you're inclined you don't even have to enter the contest if you don't really want to win the pie for but it is pretty cool Raspberry Pi spoilers for the next video let's see so I also wanted to thank these new sponsors so much I I said in the last video like I guess I didn't make it explicit enough I didn't want people to give to me I wanted people to give to other open-source maintainer 's cuz I've I've been extremely blessed this whole time during during the lockdown that we've had staying at home I already was well set up for it my job I've I haven't had any real concerns there and so you know I really wanted to pay it forward to other people but there are some people who have been starting to support me which is awesome and I've mentioned on my github sponsors page my goal is if I can get $1,000 a month in sponsorship I'll be able to dedicate a certain amount of time each week to my open source work and these videos and things like that at this point I'm not to the point where I can make this a sustainable long-term thing but if I can that would be awesome and I would love to do that so this week cybot Carol Chen who I actually work with sometimes at Red Hat thank you very much Mozilla 99 noir Nordahl Nord 3l Frankie Grove Otto I like the name cron fire cron parser Vlad Volkov from Kiev Marko from Brussels and three other private sponsors Wykeham C league from patreon Bartles John Randy Eden Eden Eden Joseph got worse on Kirsch Marcel Hoffman Wesley Wilson Osmel Mahmud it was funny I knew somebody with a last name my food and so when I when I saw this as I call he must be no he's not it's my mood little different Sam bear Behrens and Alex hey Doc I think I might have gotten those names correct this week if you're on and you saw my name and I butchered it sorry about that but as I mentioned with other episodes deal I love doing these live it's it's a little more stressful because I have to do a little more prep work and I you can't hunt on one of my Drupal live streams I actually took down my production website during the live stream that's always fun to do and if I've mentioned that my brain is in a different mode when I do a live stream versus doing a pre-recorded thing I it's like when I'm doing pre-recorded stuff I have a little bit more time to think I can also go back and redo something sometimes it's annoying to do that and it takes longer but that way I can I can be very precise and a live stream it's it's a lot different and sometimes my brain slips out of like the remember to do this in this mode or the debug mode and I miss something so the live chat has been totally awesome please keep that up and if I say something wrong or if I say something inadequate or if somebody has a question that I don't see please feel free to to mention that the wall says write some AI to the text when you switch her focus and the camera view changes and that was in response to my new wide-angle camera that I have over here which I just AM realizing it's not quite aligned correctly but that's okay I also have a center camera but I haven't set that one up yet so I can't see that one unfortunately don't think I haven't thought about doing this that might be a topic for a new video sometime there are commercial systems that do this and it's actually kind of cool I'm thinking about doing some Raspberry Pi camera projects after using the PI 4 for a day I found some interesting things that I could do with it and we'll see we'll see about that I know it was probably ingest maybe but it's actually an interesting proposition Eamonn Hameed said in ansible tower workflow template we use parent credentials so there are a lot of things in the ansible tower demonstration I did I think two weeks ago there were a lot of little things that I went through that are it's like the super beginner way and as you get into tower you realize there's a lot of efficiencies you can get like workflows and templates can have surveys and there's a lot of different things you can do to make it more optimal and easier to maintain and easier to add new jobs and things so that's one of the things is credentials can be can be inherited by job templates so that you don't have to deal with adding the the credentials every every one of your job templates which tower version was I using I was using a WX 11 to 0 aw X 12 I think was just released like yesterday and it has some big changes that's using Redis instead of memcache real well it dropped memcache I don't know if it's using it instead but it now has Redis and not memcache and not rabbit mq and it's a pretty big architecture shift so the other thing is that ATX Nadi's is one docker image for both of the web and task containers so that's a nice efficiency there you don't have to download two container images every time you want to run it then Jim dumps her and Steven Julie if you're on hi I am in that the Metro East I'm in South st. Louis I won't give my specific location because that would be silly but I'm in st. Louis area and so it's always cool to see some other st. Louis people especially since the Midwest is not super techy we have we have our highlights and we actually have an answer we'll meet up that usually has 30 to 40 people at it I haven't had in a few months of course but but hi from from anyone in st. Louis Hans says why not multiple organizations and native us that was in response to me having a bunch of AWS accounts the problem is that I one of them is for a my work entity one is for my personal NZ entity one of them is for the book which I could put in the work and today I guess another one is for a business that I run that I want to have independent in case I want to branch it out someday had I've said that since 2008 so what are we it's more than ten years since then I haven't done it so maybe I should just kind of branch it back in but anyways yeah that's a good way to optimize your your spending you're tracking your billing and all that stuff you can add an ABS plugin config from the project instead of using the UI this is true another optimization you can do an ansible tower smart and Tory you can do that as well there's a lot of things in tower that you can do basically that I did not cover at all in my one hour talking about it the UI needs a ini file for the raw inventory files I guess but I can type in the path I think I found that when I was doing some testing after I did the episode so as I said there's a lot of things I didn't cover in tower and aetbx why is there a transparent part in the github logo yeah I actually noticed that I never saw that until until Michael her meet me call I don't know how to pronounce that mentioned it there's if I move over here you can see there's there's a little trans transparent part in here and it looks really funny so maybe I'll fix that someday or maybe not it's it's one of those things that I'll probably forget about it the second I'm done with this he bought a hard copy the book on Amazon how can I get an update copy anybody who's ever bought my book if you want a copy online bub email me and I will send you a coupon code to grab a free copy yeah so I I really don't want somebody that paid money for my book to not be able to get the latest updates I wish that Amazon had a way I think they have like a kindle match thing where it's two bucks or something you can get the Kindle version if he bought a hardcopy I wish they just said you buy the book you get a copy you get an e-book copy it's ironic that Amazon has the worst book update mechanism that I've encountered out of all the publishing groups that I've worked with but I you know they might have kind of a monopoly on it so maybe that's why anyways any inventory management type of software packages there are a lot of different lens so cmdbs track servers basically and let's you let you plug ansible into them so you can see them if you're all inside able us then you could use AWS plugins like you see to to get your inventory but most people are not entirely inside one cloud provider that can work with ansible that way so you might need it something like that there's a lot of different inventory systems out there device 42 is one who sponsored some of these videos and the free books that I gave away in March and April in April and I invite you to check them out to Norman says I look like Steven Locker in South Africa I tried to find who's Steven Locker was but I could not so if if anybody wanted to link me to who that is it would be fun to see if I actually do look like them someone on YouTube commented I look like Steve Buscemi or boost gaming if I pronounce his name I guess that's when I do my money YouTube thumbnails and I'm like that and kind of stuff the annoying thing is so YouTube thumbnails that's sorry to go on a tangent if I don't do that I have empirically found that that I get a much lower click-through rate and a much lower amount of watch time for my videos so yes I also hate YouTube face that you know people are making stupid faces and smiling and things but if you do that you get more views and more revenue and more subscribers which on one sense like you have optimization for this is a big debate in our tech community you have optimization for engagement but that's not always a good thing however if you don't have eyeballs if you don't have viewers than you know if you're not increasing your rates and things then how are you going to have a sustainable future and what you're doing so it's it's one of those things I hate it and most people do especially tech people because it's really stupid-looking and dumb but empirically it works so that's I'm not gonna go too far into territory of being a stupid annoying youtuber I hope but anyway let's see let's get on to real-world ansible playbooks somebody says hey steve buscemi after getting some rest yeah maybe I don't know I think I think it's the eyes I it's something that some of the gearing family has are for some reason the bottom eyelid kind of has a little bit of a more definition to it and I think that's what I share in common no no all right so we'll get into real-world ansible playbooks and I just so happen to have today the same playbook that killed my production server live a few weeks ago on my Drupal live stream and we'll see if it happens again today I figured that why not take the risk and see if we can blow things up at the beginning of the live stream last time it was at the end of the live stream so I was like okay I gotta go and then I fixed it if we can blow it up at the beginning of this live stream that would be even more fun so this is what is this I put in a comment here because I it's kind of this way this server has been around let me see git log let me go back it's been in get since 2015 but I believe that this configuration I didn't have all my ansible play books and get initially I think I started on this one in 2013 or 2014 so this particular play book has been around since 2014 or so and it's it's gone through a lot of different phases and there's a saying that in a shoe makers house the shoe always has a hole this playbook doesn't follow every best practice it doesn't follow all of the things that I've learned over the years and part of that is because it's been running constantly for years and its target is one digital ocean virtual machine it used to be on my note I think originally then I moved to digital ocean sometime in 2015 or 2014 maybe and it's been on there since but I've I've migrated to a couple times when I do OS upgrades instead of just upgrading in place i I migrated to a new VM entirely and I still don't use I don't have a what is it a persistent IP or whatever digital ocean calls it an elastic IP basically I don't have one of those so every time I do this update I have to plan it out and I have to I have to set up like a like a load balancer in front and then I kind of put it up a week beforehand and then I move my DNS to that load balancer or the just a proxy basically because just one server it's not balancing anything and then I move my server on the back end and then I take away the proxy after I see that the DNS requests are all going to the new IP so it's it's kind of annoying and kind of silly but as I said the the shoemaker's house the children don't wear shoes or whatever you want to call it someone mentioned the builder's house is never finished at some point and part of the problem is I have I started with like eight Drupal sites that we're all running on one server and I've slowly willeth down and down down to three Drupal seven sites in one Drupal 8 site I have a kubernetes cluster that I'm working on to host all of my miscellaneous junk including my static sites and my Drupal sites and all that so at some point I'm gonna move this all in there but that's all that's like down here on the list and my like paying work is up here family is I guess families a little bit higher than that and then all these like YouTube stuff is here so we'll see if that ever happens but this is the playbook it's it's pretty simple there's some variables it loads I just do everything is pseudo because that makes it easier I always get my sandwich let's see there's there's a fee little pre setup tasks there's all the ansible roles that I run to configure all the different services on the server and then I have this is basically where the important stuff happens once once it sets up all the all the different configurations for a lamp stack server there's a deployment a deployment tasks include here and I put a tag deploy because 99% of time when I run this playbook all I want to do is run some deployment tests I want to update something on the server so if I go to tasks deploy I'll show you how that works there are two folders for Drupal sites there's a Drupal 7 folder and a Drupal 8 folder and it just makes sure those folders exist it checks out the codebase for Drupal 7 it's a little different I never automated the truthfull 7 deployment so what I do for that is I act I literally go in and like click around on the interface which I tell people never to do because that's stupid but I do it anyways so I never really automated that but after the live stream I realized I should probably automate it with Drupal 8 because Drupal 8 has a few more steps involved and I didn't want to everytime I deploy my site I didn't wanna have to go in and do those by hand so with a Drupal 8 deployment it it deploys new code and right now I'm tied to the master branch that's just because this is a personal project again I would never recommend that you just deploy master production all the time unless you're way ahead of most people in terms of the the ability to always have an integrated and working master branch you should usually use tags and the tags should be tested and that's the tags should be intentionally deployed but I'm just using master because this is my personal site and if it's down for a few minutes at the end of the world anyway when it's deployed it registers and registers is variable and when this has changed I use a block I think I talked a little bit about blocks but it's kind of like a lightweight way to have a group of tests there's a couple different things you can use blocks for in this case instead of doing an include file and having this stuff right here in a separate file I wanted it inline so I just put these three tests in a block and then the block has one win condition so whenever this whenever this tasks up here results in a change it will run this block of code there's another purpose for blocks and that's to have block rescue and always to the to the point where in line in a playbook you can have some tasks if one of them fails it'll go to rescue and it'll do some other things so like if you deploy and the deployment fails you can in the rescue condition so that would be like under here rescue you could have a task like name rollback deployment something like that to make sure that your system gets back into a proper state and then you can also have an always section and that would be you know notify somebody of what happened or whatever and that would always run whether or not the block succeeded but in my case I'm just using this kind of like an inline include because I wanted to have a wind condition on these three tasks and it's easier to do this once then to have it on all three of these tests so if that happens then it has to make sure that there's a directory that's writable otherwise Drupal will fail with its updates and then it uses in PHP the dependency manager is called composer so when I update the code I want to make sure that all the dependencies my code uses are up-to-date so it does a composer install in the web directory and then it runs some commands that uses Rush's on Drupal's automation utility drush to clear caches import any new changes and update the database if there's any database schema changes to be made so again this is if you're dealing with a production website that your revenue dependent on this is not the best way to do a drupal deployment or most PHP applications are similar because this could result in some downtime while it's doing these operations so it's better to do something else I'll talk about it a little bit later some of the other ways that you can do this but I do have I do have a code change that's ready to deploy I updated one of the modules on the site I think let me go to Jeff Garlin comm go to available updates and Drupal has a module update available for search api solar my site uses host it uses a patchy Solar for search so if you search for ansible it's gonna use solar to find that content and give you facets for sorting and stuff it's pretty cool and that's one of the things I do like about the Drupal ecosystem is the solar and search integration support is really awesome for content based sites anyway so that module has an update and earlier this morning I went to my code repository which is entirely open source so if you ever want to see how my websites built you can go here I I guess I didn't submit a PR again the cobbler doesn't do the right thing all the time the yeah I just pushed the master on this and it just updated the module and the changes are in the composer time lock file so what this will do is it'll push up some new code that says hey my dependency bumped from version dot 0 2.1 and then this deployment code will run and it'll make sure that the in this composer install step it'll make sure that it updates that dependency and then it runs these standard tasks to make sure that everything is running correctly afterwards so I'm gonna go ahead and run that and like I said and I made some changes as file let me make sure I understand this that way when I'm running this playbook just to deploy changes I don't really need the reconfigured get because I know gets running fine I don't need to do any PHP updates I do that separately I have a weekly job that makes sure PHP and my sequel and all that are up to date so I just want to do the deploy so I put a tag on this include here so that I can just say run the PlayBook with just the deploy tasks and I think there's there's a couple other tests that have tags always if you ever put this is a special tag they always tag these tests will always run no matter what other tags you specify so there are some things you might always need to do like gathering facts or getting some data out of an external system and things elsewhere in the PlayBook would fail without them so you always want to make sure that those tests are tagged with always and it's pretty unparent if you don't have them tag you'll find out pretty quickly so I'm gonna go ahead and say ansible playbook and it's funny too you can tell my my older play books around 2016 was when I started switching from using playbook tamil to mein that Amal so if you ever see my ansible content and you see a playbook Tamil you know I probably set that up before 2016 nowadays I always call it main that you know some people say cite that animal for the full everything playbook but I'm just using play Bach playbook yellow saw the playbook Tamil - - tags deploy and it should just hit these two tasks which it's doing right now then it's gonna go into the deploy dot in the mo and everything should be fine and then it updates the codebase and then it sees that there's a change that's gonna run this block right here and it's going to run these commands so it's doing cache clearer than cache rebuild config import and update DB it did all that and let me make sure the site is still up it is so that's good and then if I go to available updates now if I go down here it should say that it's up to date yeah Search API solar for one one up to date so that's successful and that's a real world I mean that's a pretty simple playbook there's obviously things go a lot more complicated than a single server lamp stack for a Drupal site like I have here but it's that's a demonstration of a playbook that I started in 2014 and it's still around today and I you know if I go to a server check-in and well I don't remember my login for it right now but if I go there right at the uptime for Jeff Garlin calm has been 99.999 something for years for a lot of applications out there you don't need anything more complicated than that and like for my site I'm okay with having a minute or two of downtime when this runs so simplicity for me is more important than having a super robust deployment system that has a load balancer multiple servers everything is up all the time and I have caching in front of it like that stuff doesn't matter as much to me I did set up nginx to cache HTML responses so if it's just a basic web page that somebody's hitting they should that cash during the time that this might be down for a minute or so but it's all a trade-off between simplicity complexity and what you're willing to maintain and I guess the moral of that story for me is sometimes when I get into an enterprise project and somebody's asking for three load balancers and two regions and for failover zones and all you know it's like are you asking for that out of a need or out of something where your applications have been failing or you're asking for it because you saw it in a webinar and some company did some amazing thing or you saw that Netflix which is like all the bandwidth on the internet a company that big has this problem and you want to apply it to your company which has this teeny tiny little problem on his teeny tiny little application maybe there's a better way for you to do it I don't know Drupal 8 is a pretty resource intense application in my opinion and it's been running fine with this simple set up and I have a lot of uptime and I if I wanted to I could just have a spare server that I could switch over to if I needed to and sometimes people add a lot of complexity for a very small gain or in fact you had a lot of complexity and then you have a complex system which is almost impossible to manage so we'll always always fight that battle of mi adding complexity where complexity is not actually needed because it makes the system harder to maintain all right so that's my site I'll exit out of there going a small step further I'm going to look at one of the examples in the book and I'm actually going to look in the book forgot to mention here's my book ansible for DevOps most of the people watching this dream probably already know that so I won't get into it but I'm looking at I mean at an example in Chapter 9 deploying to app servers behind the load balancer and this is extremely common if you're using even if you're using something like kubernetes it's good to have an understanding of how a rolling deployment like this would work where it deploys it updates one thing takes it out of the load balance or out of the service balancer then it puts it back in when it's healthy then it takes out another one and then it puts it back in and it's healthy all that kind of stuff there's a lot of different ways to manage that depending on if you're in AWS and your use yell bees or Al bees or NL bees if you're in Google cloud and using the Google's balancers if you're using H a proxy on your own if you're using varnish if you're using nginx whatever the system is you have to be able to manage the the whole process of the update let me yeah I clicked on the wrong thing on my other window and now now I can't see myself to make sure that I'm actually in the stream all right so anyway I'm gonna look at this example it someone mentioned a few weeks ago are you gonna start using vagrant again I was like yeah this is tricky because it's you know the CPU kind of I found out that OBS the streaming software I use actually go it increases in CPU load throughout the course of the stream so by the end of the stream there's a lot fewer resources for the poor computer if you listen closely in the background you can probably even hear the fans are already turning pretty yeah pretty loudly but I'm gonna use this vagrant configuration just because it's it's quick and easy and I don't have to spin up instances and AWS and make sure to tear them down later so I don't get billed 2 bucks for the month or however much it'll be so I'm gonna go ahead and run these it's gonna set up a load balancer server and then to app servers and this these aren't going to be running real applications at this time I'm just illustrating with this example but the idea here is that the load balancer will be in front of the two app servers all requests and all traffic go to the load balancer and then it in it says ok app 1 is healthy so I'm going to send a request it app 2 is healthy I'm going to send a request to it and keep doing that and it's going to use round-robin using a che proxy and then when we do a deployment in a couple minutes let me go ahead and start figuring up so that this can run when we do a deployment after this what the deployment will do is it will use ansible z-- serial feature you can tell a play to use a serial number like not a serial number like on a boxes of cereal not on the not that kind of serial number like a number of 0 and well you can't do 0 because that would do nothing 1 to infinity however many servers at a time you want the play to run on so that you could have it run on one server or two or three servers at a time take them out of the mix do a deployment do the updates on them and then put them back in the mix and then go to the next set take them out of the mix update them put them back in the mix that kind of thing so it's gonna bring up those three VMs that'll be running a bunt to 18 I think and the PlayBook that it runs is this provision playbook it's extremely simple and for like I said your application might not be super complicated this is setting up a load balanced server setup with with two back-end servers for a lot of applications this might be all that's needed if you want to have high availability and have the ability to have one server go down or manage one server at a time that kind of thing I think somebody somebody mentioned in the comments what was it about managers clustering is sexy and managers gullible yeah so so I don't know I I always try to fight for what's simple more than what's complex unless the complexity is absolutely worth it but anyway this is going to set up a che proxy on the first server and it's going to tell it that there's two back-end servers and it's going to serve traffic through port 80 which is HTTP and then on the two back-end servers the app servers they're just going to run Apache and it should just load up the default Apache welcome page so once this comes up we should be able to load it and let me look at my notes here in the book there's we can use curl to check what cookie is set by H a proxy because H a proxy will set a cookie with the the server that it's pulling the the page load from and it should be round-robin so it should be going from dot 32.4 to that three back and forth so we'll check that in a second and let me make a new new tab here so this is still installing Apache on the two servers but the command is for I in 1.5 dude curl is to return cooking use HTTP slash 192.168 that 4.2 is the load balancer got cookie done so we're gonna do that command in a second okay so that's working and just to show you what it looks like this is the load bouncer if I go there I should be getting the default page and if i refresh it over and over and over again it's just giving me the default page but it's going to both of the back-end servers which are that 4.3 and that's not that 34.4 so these are both serving the same thing but if we use curl yeah what and oh that not in there we go so you can see that the first page load was that three second one is dot four third one is dot three that 4.3 back and forth and if I keep doing that it should be doing the same thing now I'm gonna go ahead and run a deployment and yeah someone said you did in for 4i and maybe I'm thinking of trying to go out of my house and visit anywhere on the planet right now but I'm still I don't know if you know this but I have Crohn's disease so I'm on to immunosuppressant drugs and I am a week or two before everyone officially announced lockdown so I was pretty much on lockdown because I I don't want to deal with the potential downsides to getting Kovan so anyways yeah I would love to go to an inn someday this year is my wife and I stent anniversary and I'm thinking like we were planning on going on a trip and now we're thinking like well we could like order some food from somewhere it's a lot different anyways let's see this deployment is going to when I run the playbook it's going to take the server out of h8 proxy and it's going to use ansible H a proxy module for that and this is this is one good case of where most load balancers actually have a module for ansible so that you can just take a server out like this it's really easy this way if it didn't have this I'd have to run a command or do something else inside of the server and it would be a little harder to maintain and make that item potent however it's not if you look at the H a proxy code it's not the most complicated module in the world and if your system doesn't have a module for it then you could probably write unanswerable for it to make it this simple in the future but it's going to disable the backend server and this is even set up so it right now the the balancer if I look at the inventory balance there's just one server the way this is set up if you had multiple load balancers running which you can do with like round robin DNS or something like that if you had multiple balancers this would still work with that - it would disable the server in each of the load balancers after it finishes doing that this is where there would be a deployment so you would update the code on the server you would run other updates whatever you needed to do on the server like what I was doing with the Drupal site once that's done maybe it's just copying files or something after that's done which I put in a pause of 10 seconds then it's going to use ansible x' wait for module to make sure that then service on that server is back up and running it's often good to do this so instead of just doing an employment and thinking ok it worked and then moving on and putting the server back in the mix this is going to make sure that the server is actually responding on port 80 so it's always better to and this this goes back to the episode I talked about testing this is an inline test that makes sure my application is running correctly it'd be even better if I checked like if this is a website that has content on it check that that content actually exists on the page and you can do that also using I think the URI module and using an until retry loop so anyway it's going to wait for that to come up then it's going to use a a proxy and put the server back into the mix so I'm going to go ahead and run this deploy playbook in here in scible and make sure you can see that by putting it above youtube's playhead an instable playbook and then it's - i inventory what is this playbook playbooks slash deploy so it's going to run this and while it's doing this pause I should see over in here that it's sending all requests now to one of the two servers so right here it's operating on on the dot 3 server and it took it out of the mix and it switched all traffic in H a proxy over to that for now that it's finished with the playbook and put it back the mix and then it took out dot for I should see that all requests are going to dot three so right now that the and it must have just finished because now distributing requests again so that's a super simple way if you're using H a proxy but other load bouncers are similar one nice thing about H a proxies it has a really good API for letting you control these different things compared to like if you use nginx Community Edition the open source version there's no way to put servers in and take them out the same way that you can here that I did with age H a proxy so anyway that's that's one way to get complete zero downtime deployments and if if I wanted to I could take my my Drupal PlayBook and I could have three servers instead of one and I can have it do that kind of setup and I could take away that risk of having a minute or two of downtime or on that live stream it was like seven minutes so I could take away more of that risk by doing this because what could happen to is if the deployment does fail on it if I don't have a robust block with a reader with a rescue statement in it if it takes that server out and then it fails the deployment then it could just fail it and it would be out of the mix and then I could go in manually and fix that server and then bring it back in the mix later alright so that is that to do I'm gonna delete this vagrant destroy because I don't want to have a bunch of extra VMs running on my machine that while the CPU is slowly increasing you can see OBS is up to two hundred and seventy two point eight percent I did a two hour livestream a couple days ago and OBS got up to six hundred and eighty percent and I think that the temperature was up to 99 or 98 or something like that Celsius and I am American so 98 degrees Celsius is 208 Fahrenheit that's pretty darn hot for a computer to be running so the fans are on full blast oh and apparently when I do spotlight it shoots the CPU up to a hundred percent on all course alright so yeah I should have did what is it doing destroy - f just lead them all and then I'm gonna switch over now actually I'm I put a note in the book so I wouldn't forget to mention it you also saw that I had in my playbook I just I had it do it in place and part of the reason for the downtime is that when you do operations to code that's running in production in place when you change that code there's going to be brief moments for the PHP interpreter it's gonna be like the file I'm using just went away or the file I'm using just changed right out from under me while I'm doing this page request so you're gonna get failures and things like that just from that so in the Ruby community at least there's a tool called Capistrano Capistrano and I believe you've kept a strano instable I believe there's even a is there module for it and there there's there was something in ansible that integrated with Capistrano directly but Capistrano is a way to do deployments on servers with better better availability where it kind of like makes a copy it does things to it and then it switches from one copy to the other so that it's it's a little quicker and faster and better but if you're interested in it and there's a I forget who it was I'd have to look back and maybe I'll put an in comment on this video or something somebody has a demonstration of how to use ancestry on Oh with with PHP apps like Drupal but it works with other applications too ancestor on Oh is a really cool project to check out for doing deployments that are a lot more robust and you can have easier rollback capabilities and things you can build all this stuff yourself and and for a lot of my products I actually did it myself a lot of it was before this project was even in existence which I forget when exactly it it came to be ancestor ah no but anyway it came into existence it was after I created my first Midwestern Mac the the Drupal server that I'm running on but it's it's a pretty cool product so check it out there there I'm totally blanking onto it that that had some presentations on using this in the real world anyway so check that out the other one that I'm going to look at in the from the book is the Ruby on Rails example and I'm gonna have to find that because I didn't make a note where exactly it is in here I think it's earlier in Chapter 9 here it is so actually what I'm realizing is that the rails app is substantially the same setup that I had deploying to my own server so instead of that I'm gonna look at the node.js example which is let's see that one is zero downtime multi server deployments this one is similar to what I just did but I'll just show how that works for a node.js app because I have been I have been lighter on node.js examples partly because of my pains and struggles that I've had with nodejs but I'll show that one really quick too and then go from there C D what is this this one is in the demo nodejs where is it then they looking to read me check for nine here we go Diamond deployments rolling okay this example and this also has a vagrant file it's gonna have four nodejs servers oh you know what I completely blanked on it part of the reason for showing this was to mention the serial option here and that was that was what enabled us to have this ability to control operating on one server than the other one so if you set serial one it's going to operate on one server at a time so it'll run this entire play on one server then when it's finished it goes back and runs the entire play on another server I mentioned that before I showed the playbook but this is actually what controls that so if you had let's say had 10 sir you could do cereal 5 and it would deploy to five servers first and then it would deploy to the next five and also if you want to get more into the details there and if you do have lots of servers ansible cereal let me look at thee let me look at the documentation for delegation rolling updates so there's another setting that you would want to be able to control sometimes just by the act acts of nature things a server will just kind of go bad and a network connection will go bad something like that so you can also set a max fail percentage and you know I usually try to be conservative with that I'd put maybe like 10 or 20 or something like that and if that many servers fail then it will consider that the whole thing failed and then it will fail your PlayBook if it if more servers than that actually succeed then it will continue running and it will run all the way through just so that you don't end up in a state where some of your servers got updates and then it failed and it stopped because especially if you have let's say 100 servers almost always one of those servers is going to have something go wrong so you can have that server just go out of your mix and kind of leave it and then you know if you have infrastructure as code you might be able to delete the server a new one pops up in its place like if you're using a load balancer if you're in kubernetes or something otherwise you can go in and like I said earlier fix that server and then bring it manually back into the mix but Mac's fail percentage and zero the two ways you control that let me go out of here and I'm going to go ahead and bring this environment up clear all right a vagrant up and I'll describe this playbook really quick this one is just going to basically install node.js and then it uses deploy to run a little API a little nodejs API and it's using forever I think there's better ways to do this nowadays back when I wrote this forever was the simplest way to get service like nodejs apps running kind of as a service but there's a lot of different ways to do that now and it calls both of those playbooks the first time that you run this to install no Jass and deploy the the API application to it let's see here so let that go in vagrant and I'm gonna take a quick glance at chat someone had kovat in the after effects are lousy from the few people I know that have gotten it yeah it doesn't sound like something fun they have just as a point of of data for me the last time that I had a cold I ended up in the hospital it's when you're on immunosuppressant drugs it's not a joke to get sick at all so I have to be very careful about precautions and you know if kovat could definitely wipe me out and I don't want that to happen no dad's Aman is asking about ansible for kubernetes and yes I am planning on on doing a series on kubernetes I have my touring PI cluster series and the next episode is going to be talking about benchmarking and a few other features in k3s and kubernetes that I'm using with it and but I that in that series I'm intentionally not going super deep into kubernetes itself or automating kubernetes and there's a problem here oh the role was not found no I got here no it's roles path roles I probably need to install the requirements in full galaxy stall - our requirements that should install some roles in here there they are okay and then I can say vagrant provision anyway so I am planning on doing a kubernetes I haven't decided if it's going to be kubernetes 101 or if it's gonna be ansible for kubernetes or if it's gonna be automated kubernetes 101 the thing is that there's a lot of different things I want to do and I think from from my looks around it the problem that I have with a lot of the kubernetes content while this is loading sorry to go on some tandon's today but kubernetes draw the owl you're the guy let's see if I can find this graphic is it on here yeah this is the problem with like 99% of kubernetes content out there today most like a lot of times you'll search for like I'm having this problem and I want to solve it in kubernetes and but stepping back a little bit sometimes kubernetes is not the right answer for your problem and that goes back to the complexity versus what are you trying to achieve conversation but sometimes you know it is necessary if you're running a pass platform as a service or if you're running a lot of micro services kubernetes can be a good option for that and a lot of like k3s and and managed kubernetes can make it a lot easier anyways the problem is that a lot of times when I'm doing something in kubernetes I run into an issue I search for that particular thing and I find a medium.com post and the post title is like exactly what I want and somebody says here's how you do this and then they give you like a little blurb that that kind of works for kicking off a job or something but it doesn't explain it at all how it works it doesn't explain why it works or why you'd want it to work that way and a lot of times it just kind of ends there and they don't give you any more data or any any further instruction for like oh and here's here's the documentation to read to go further so anyway my intention is I want to teach you how to draw the owl instead of just saying here's here's a couple circles and then you can draw this beautiful owl but I'm not kind of tell you how to do it I want to take you from this point to this point in a step-by-step fashion and I don't know if it's gonna be ansible or kubernetes 101 or or automating kubernetes 101 or what but we'll get there let's see mike is asking about meta / main that animal for dependencies I'm assuming you're talking about this right here I usually don't use that at all I usually want to be intentional about the order that I'm doing things in and a lot of my roles like I think my solar my Apache Solr role depends on java being present so I could put a dependency on my Java role and that that's one way to do it but I like to have some freedom and flexibility some server images already have Java installed so I don't want to have to run my java role every time that I set up solar if my server image already has Java on it similarly if you wanted to have a different method of Java installation besides the way Jeff Deerling does it if I put a dependency on my Java role in my solar roll if you use my solar roll you have to use my Java role and maybe my role could have a way to disable or something but it's just kind of kludge that way so I like to limit dependencies wherever possible you know I guess that's that's probably one reason why I'm not a node.js developer primarily I've made a few no js' applications but the nodejs takes the complete opposite approach where it's like oh i don't have to write one line of code if I add this dependency that has seven thousand lines of code I'm gonna add that dependency it's like no that's that's not the way that I operate there are very few instances where I do use a dependency but anyway next week I'm going to talk about collections and I will be talking about collection dependencies and role dependencies in the relationship to each other and some some potential risks with trying to manage things that way all right and Anatole says why not both Kate Cates 101 and automation for Kate's that could happen I just have to decide which one do I want to do first because I also I'm trying to finish my book on ansible for kubernetes so I can put it off on Amazon and get a wider audience for it but anyway there's there's plenty of fun things to do we'll see which fun thing I can do next all right so we have this thing running and I completely lost my train of thought on it it runs these it runs the four servers and let's see I don't really have anything particular that it does with them but what it's going to do is this playbook yeah let me where am I now okay this deploy playbook here is going to make sure it's present and it's going to use where wait a second no just gather facts all right so what I well I don't have everything set up for it and I don't have the time to get set up for it but what I was going to show is if I set cereal to that's similar to the other one that we were doing I'm gonna go ahead and run provision that's just gonna run the insult play without me having to type in interval playbook it's going to hit this deploy playbook actually I will do it in scible playbook dish i inventory play books deploy and it's going to run on two servers at a time and what I was going to show was changing an option in here what this is doing is it's actually running tests on the server so after it deploys up here if I change the app version which I don't have the time to grab the right version and test it all out but if I updated this app version and it deploys that update if a test fails so this is actually running the test suite against the the active application on the server that it could have just taken out of the load bouncing loop if that test fails then it's going to stop at that point and I can go in and fix those servers I don't have time to show all that example right now but you can find it in the book on page 265 of version one to two which is probably a different page number nowadays and that's why it's so hard to make an index for this book because I have to do it manually anyway so you can you can look up that example and run it on your own and find that captain wasabi says a one-line dependency from something like this took down the whole system the whole ecosystem recently another reason why I don't like dependencies unless they're absolutely necessary is a situation that in most code communities we all know it exists it just hasn't happened yet and hopefully it won't but like in the node.js community there was the left pad debacle which was there was a library that so many people used in the node.js ecosystem and I don't remember if the maintainer deleted it or changed it or something happen that cause just look up left pad node.js and basically tons of node.js application deployment started breaking because the one dependency that's way up the chain of dependencies was messed up and a similar thing happened a few months ago I think with chef Mei it was it chef or puppet I don't remember somebody basically deleted or they they they wiped out one of the repositories that was a module that so many people depended on and because of that everybody started having their automation breaking and it led to some outages even so the fewer dependencies the better and having a dependency manager that can manage them well is better and that's why a lot of times I fight hard to try to get ansible galaxy to work really well and allow you to install things easier and why I recommend a lot of times if you have a very important playbook commit your roles directory in your collections directory to your repo but if you do that you have to be very careful and intentional about how you do it and also make sure you get ignore certain things anyway that's gonna be a topic I'll talk about a little bit more next week because next week I'm going to talk about ansible collections which is a relatively new thing in the ansible ecosystem collections have been around for two releases now since 2.8 but there have been a lot of changes and I'm gonna talk a little bit about the history of why collections came into existence what they're best for what some of the what some of the things the rough edges right now and talk about how to build one and how to use one and how to submit one to galaxy 2 so anyway it was chef somebody somebody mentioned that had that issue so here's the social links and if I move over this way you can see that that the little little github guy is empty sorry about that I'll I'll maybe get that fixed maybe not but please consider subscribing to the channel following me on Twitter wherever and supporting me on github or patreon and again I wanted to mention that you can go back to the other video there's a link in the ansible for DevOps depository or if you don't know it just go back in my channel it's the 20 there's the 25k open source pay it forward giveaway or something like that if you want to enter to win that Raspberry Pi next week we'll talk about ansible collections and I can't think of anything else to mention so oh one other thing that I've I've noticed a lot of people have been emailing me directly asking for ansible support and while I would love to do that the problem is I only have so many hours in a day and I have all these decisions like whether to do kubernetes 101 or kubernetes automation 101 and all these things that I mentioned so I can't really do support like if you're gonna send me a large issue over email I'm just not gonna be able to help you with that but I often tell people if you want to get great ansible support go ahead and ask questions in an Sable's IRC channel ask in the interval project mailing list make sure that you have done your background research make sure that it's not something simple that you dismissed or something and if you find that it's a bug in the ansible project or a bug in one of the modules and ansible find the right repository on github file an issue when you file the issue follow the template so that it has the relevant information people would need to help you but unfortunately I can't help everybody with all their problems and especially if you're using Windows I am I used Windows my whole life here and there but I've never used it as my daily driver and I don't manage Windows servers so I'm totally out of my league there so if you have a Windows issue please don't ask me about it unfortunately I can't help you but anyway thank you very much for watching today and I will see you next week you

Info

Channel: Jeff Geerling

Views: 10,695

Rating: 4.9862542 out of 5

Keywords: ansible, ansible 101, devops, playbook, automation, tower, awx

Id: _QZr4xKhir4

Channel Id: undefined

Length: 59min 30sec (3570 seconds)

Published: Wed Jun 10 2020