Ansible Tips and Tricks

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

that's the what i want to talk today about is how i've used ansible in the past or how other people have used ansible in the past that i found out about basically you guys come every day and tell us how do we use ansible this or this other way and i thought it was interesting because not everybody thinks of ansible uh the same way and this is what brought me to this presentation uh as you've already been told i'm a core maintainer of ansible right now uh i've been a contributor to ansible for almost two and a half years i think uh but employed by ansible for the last eight months before that i've done all kinds of jobs i've been help desk i've been app support programmer analysts qa been all over the place i've been a dba release manager a friend a few years back said no you're a tech janitor you just go in mop up whatever the problem is fix it leave it nice and clean and then yell at people if they dirty it again so that's stuck i like that i've had titles actual business cards with an asterisk or even a director of subversion that was a joke of me putting git everywhere so i've been around a lot of the industry and has seen everything used many ways and i'm happy to see that uh ansible is almost as flexible as i am it can do almost any job if you put it to we don't mean ansible to do every job it can it not always the best thing for the job but sometimes you're in a tight spot you have what you know you have it here you have it fast and you run with it ansible itself a lot of people give it different names configuration management release management automation orchestration system distributed batch executor for me it's always been a reduction ansible just runs a task on a host and then you can multiply that because it's n tasks on n hosts and very simple but incredibly powerful paradigm and taking that into account it's very easy to see how far you can take this or how little you need to do anything one of the biggest things i started using right away in ansible being a guy that had been doing a lot of shell both posix bashisms and years ago cornshell is that you have all these little scriptlets you always use you're used to them you know them answer allows you to reuse them and allows them to reuse them almost immediately one thing ansible is it's it is a batch system so you can't do interactive scripting across 500 machines if you really need to do that cshps pc pssh is good enough but you know you need a pretty big screen to handle three 400 machines so i would recommend that if you're configuring 10 machines at the same time you're okay big screen you know little windows but if you want to configure a thousand machines do it in a batch way it's also better for you not to be typing things when you're affecting several hundred machines it's better to have it typed test it on two or three and then run it on the 100. ansible started out as a unix tool and it is a unix tool even though you know now supports windows and a lot of people use it as a framework or even as a programming api it plays well with other unix tools and i'll show you soon now whatever you're doing in one place ansible just lets you leverage its transport over ssh or anything else common tools you used to use before and it just multiplies the utility of whatever you did before output uh that depends uh i used to have a custom callback plugin that would put everything in tab delimited files because uh i was a big user of the nosql database not the nosql everybody knows it's an uh tab delimited database that you use octaquery it's look it up the the original no sequel but ansible is very friendly with json and ammo the minus t option for the ad hoc command creates per host uh json files with all the json structures so you can reuse them and i found this to be very useful for certain things or for certain uh quick hacks to get stuff out of the way let people you know you've got the data now i'll do something prettier more robust uh better later on like almost every shell script i've ever written and is still running in production 20 years later this is a hack the five minutes get out of my way let me do the the final product so this is actually one such hack uh i started uh working at this web shop and the main complaint well there were several complaints one the website was slow this and that but one complaint in marketing is that our click-through was horrible especially on tuesdays our click-through was horrible i said well we do release tuesday morning so let me see if there's something so i came up with this little uh gem uh to parse and your next logs and check http error codes for uh the existence of the log the logs were rotated daily so i could see during the day the error logs and this is actually the after logs mostly 200s some redirects some 404s but mostly the good stuff when i ran this at first we had about four or 500 errors and i said well okay then i realized that on wednesday's release because of course we also have to re-release wednesday because tuesday and then on thursday's release to fix the wednesday's release these numbers would go down and then our click-throughs will go up so i started showing this to marketing guys is like can you guys listen what i was saying about you know the release process needs to be a bit better we actually need to let the qa people do their job and i showed them that the times that we would release without errors without 500s appearing in this our click rates would stay and they were all very happy with this okay but now i'm getting 10 emails a day is saying can you send me the report can you send me the report can you send me the report click rates are down it must be the 500s can you send me the report click further up the 500 must be a gun i said they've been gone for three weeks leave me alone so you know sometimes this little hack you did to prove a point now suddenly everybody wants it so this is what i did [Laughter] it's just proc male heal i translated it but uh to tell you the truth it it used to be a q mail file even worse than what you're seeing here uh so i created a proc mail rule that if you were sending a a subject with 500 report and it was normally re from the first email i already sent and it was a huge chain letter with every report already sent back and forth you could have the whole history of the company report just by getting at any point of that chain letter and then i i created a little playbook that just took my little shell thing and did a mail to to the environment variable that i was setting from proc mail and mailed to that person so now every morning when i got in and i had four emails waiting for marketings and 6am because they need to see the 500s turn off my machine i go for my bagel then the marketing has come to do you have the report do you have the report should be in your email now so just you know first thing i do my machine boots up reads the email is sending these uh these out and during the day they keep getting sent immediately as soon as they happen live reporting immediately three weeks later i'm setting up graphite uh nice log aggregation and here they have the 500s on big screen people still ask me the freaking report but you know this is ansible helping me going to first five machines and 20 then 35 then 10 again when i fixed all the problems of scaling um and very easy got people off my back it's a not everybody i i remember telling michael dean at the time he says what are you doing what the hell are you doing he did that a lot with me uh and it surprised him and he said no it makes perfect sense i created a unix tool you're using it as a unix tool you're calling it from another unix tool and you're leveraging existing tools to do the work faster and better that's what ansel bull was all about ansible itself leverages pseudo su ssh tools you already used now i'm using ansible as one of those tools i leverage from somewhere else uh another thing that i started doing with ansible that again michael think what the hell are you doing was what ansible strives not to be is a programming language tries very hard to be a very declarative language to get this done started creating small scripts and small binaries i would give people to hey execute this and they were executing playbooks they didn't know why i'm not using a shell wrapper and you'll see why uh in a second when i needed interactive i just used vars prompt when i needed batch they could pass minus e n variables and whatever uh later on the the ability to use a json file as input was added i never used that but you know it's a it's a nice feature to have uh you can even use the pause module for in the middle of things this i did in the release script uh here you release to the first servers are you sure you want to take them out of rotation yes boom hit it next and i used a very simple trick that if you look at the first line my playbook is executable and the shebang is ansible playbook and now you just write your playbook and people as long as they're authorized and everything else is in place they can just run your playbooks and not know what it is this is uh departed i created this because an hr lady was bothering it saying that she needed to be the one verifying people left the company and the users were out and i'm saying i'm not going to teach you how to take users out of every machine so i created this little script for her that would create a report she had a the ability to edit the the departed file a small sample of that is just a list of usernames so the user the file would get uh loaded and then the user module will just go with items on on the list of departed users absent and remove directory yes if she edited the file somebody knew left she would expect to change because you know ansible is very nice and reports okay okay okay changed and if you want to audit it at any time here it is this is the only thing she knew how to execute in the command line i had to teach her how to open a command line i had a teacher we made a macro so she would ssh directly into the management box and she could execute this and see her report but here's ansible being used as a programmer i created a small script and uh i'm letting anybody use it without actually even knowing what's in it this is a bit more complicated version uh this was the release script as i mentioned before vars prompt and pause are very good at this point this was actually made for a qa team so they could release and they could release any app any version and go through the steps and we would ask want to take this rotation yes no a normal release that you normally would do uh from your upside but now you want to give it to people that really don't know how to use the command line or really don't know how to do much else but can follow simple instructions you prompt them for those instructions playbook does the rest you make it executable and you put a shebang now answers your programming language and let me stress this ansible is not a programming language but you can use it as such and here's the important part you already have roles or task lists that do certain things this gives you a five-minute way to create a playbook and allow other people to leverage that if you want to give your developers the ability to restart the apache servers you can just do that give them the handler go at it you can't do anything else you can run this executable this executable will actually re go to all the other machines through sudo read the root key because you don't have access and now uh you've given everybody the ability to restart apache this example was a lot more involved it was the release script in the end in the end i ended up teaching the qa people how to use ansible and how to write playbooks but this was a good introduction and easy way to just pawn off to other people to work you want to do anymore now i can go and do automates other stuff now the qa people don't have to go to me or to the other people on the ops team to can we release this app can we release that it's all theirs and it's all theirs without them really having to have a lot of knowledge now for you know brownie points now you give them a web gui and a button tower as i was saying i taught the qa people how to use and right ansible but why is this because i also started using ansible as a qa tool ansible can do things and can set states on machines but it can also go to the same machines and ask what that state is if this file needs to be owned by root i can go as a again and say is this file owned by root uh sometimes the same playbook that you use to create things is the one that you run in check mode or diff mode and see uh if it's changed anything or even better you run it as a non-privileged user and if there's any change it's going to fail because you don't have permissions this is great for qa this is the state our application needs to be in they just run it if they see anything red they complain to the developer they don't even need to know anything that's happening the developer needs to see what went wrong he can run the same playbook again okay this is what's failing this is what i did wrong or no the ops guy messed up you know but you got a easy way to verify things without having to have the expertise on what those things are also you can create a specific qa or uh testing playbooks with uh the fail and assert modules they're there for once you gather information you can do comparisons and say i will fail if this is not true or if it's true or if these series of things are true or not and this is for an example of checking uh that our uh i forget tomcat app was deployed so qa actually wrote uh this i paraphrased it a bit from from the original but basically it checked that the the app user was present install on the box that the directory the scratch directory for the app was owned by that user and writeable by that user that the service for the app or the services for the app actually no this is nginx microwsj8 this was a flask app the services needed for the app are up and running you can check that the service is up and running without having the ability to start them and then from the app servers you could check connectivity using the postgres user to the database so this way you ensure that every server that is supposed to access the database from that server you're connecting to the database as the user database is up you can connect and the user is authorized all this you can do with ansible and this is not changing anything it's just verifying that everything is what you want it to be so this is uh uh this is a tomcat one i'm sorry uh this is checking that the app is running correctly uh lesson basis of the other one the other one will fail when things have changed because your permissions are not there this one for example uses stat to check the that the jar is there and it registers that data and then you assert that the checksum is the checksum you expect i stored the checksumming console at that time you can store it in a flat file anywhere else or keep it in a var you input it could be uh compared to the file you have here or you can go to maven artifactory check that file compare that it is the version that is supposed to be there then i also stat that the pid for that process is running i wait for the port 8080 to be responsive normal timecap port and i do a uri request and by default this app was supposed to return app one okay or actually it was server name okay and i can match that regex so here's some a playbook that does nothing except check the previous playbook could be used both by the guy creating uh the permissions for the user or the services or the qa guy this is a pure qa playbook it only checks that the application works now you have ansible both as a deployment tool and a qa tool that can verify both the deployment and the app itself the ansible can also be used as an audit tool and if you see this is almost the exact same slide as qa auditing is very much similar to qa you don't test functionality as much you do test for example permissions you do test that things are a certain patch level you do test that certain security holes do not exist one thing i liked about the recent venom heartbleed and others is that people came up with uh playbooks right away that tested these vulnerabilities now you could take that and test against all your machines very easy if they're vulnerable or not in parallel so this was for a firewall audit very simple a port 80 and 443 should be accessible from an outside host we had a outside host in one cloud provider and in another just to be able to test our main data center so ansible we'll go to that host try to get to our main website address on port 80 and 443 we know our firewall is configured we were running a uh as most people are a network appliance they are now getting to a point that they are very configurable and if you really want to see really cool stuff talk with james edmonton i'm sorry i'll always get your name right one of these days i'll get your name right uh he's doing really cool stuff with using ansible to automate networks automate network devices and make all this a thing of the past but at this time we had our network admin go in upload a file click three guise now it's configured yeah but i don't want to check manually this is what happened i created a playbook that he could run automatically and go to our data centers go to our test and pilot servers outside of our data centers and check that things were what they expected to be after even he's reconfiguring our devices manually but we are checking them automatically and the second check is actually the the contrary it's a negative check of the wait four this is where the failed when comes into play it reverses the fail condition so if uh i cannot get to port 80 or 443 this is actually i'm sorry if i cannot get to ports between 1 and 1 and 1024 with the exception of 80 and 443 because i'm only executing when the item is not 80 or 443 this is basically a poor man's a port scan and as a little koala says or you could just use zenmap but this is a way to demonstrate uh you can do this in ansible i'm not saying you should do it in ansible and it's a very small example if you want to see really cool stuff about even checking which switch is connected to which switch through cdp or lldp discovery uh again james uh i need to get your name right and have somebody else say it uh he he i i was in the new york meetup uh two days ago he very impressed with what he did he's brought network administration almost to where computer administration is using ansible and he's created tons of modules for this and this is basically a baby step to what he's doing now that's way more advanced and uh here's another thing that uh uh i created a fine module but uh this was before using a shell example of find and uh this is a poor man's uh intrusion detection system basically find goes to a path takes all the files there compares them looks for anything that has changed in the last day and fails if oh sorry fails if anything has changed in that day i register and if the array of registered things of items is greater than zero i i i should fail if it's different than zero i should fail then uh er this is a cut from a playbook there's an ignore errors that's missing here but then you can also assert and look at any of the files and look at their checksums are different or look if their m times are different or their owners are different again this is a five minutes you get an intrusion detection system up and running your boss leaves you alone and now you can go and install osiris a tripwire the real stuff but this shows you uh interesting uses that i've seen of ansible uh people this was actually uh a user was coming up to me is how can i do this i said no don't do this but how can i do this well if you press me and we ended up with this thing which surprised me because then we ended up with even here's how you save the database of the changes and we use a sim link to get to the latest and now you can report across this whole thing and i'm like oh my god why am i doing this just use trip fire leave me alone but you know you can do it you can do it and in a pinch you can have this up in 10 minutes from one machine without installing anything anywhere and it is helpful it's not as good as the products it's not a signed database oh wait i can add that no stop stop just download a roll to install aid or cyrus tripwire or any uh whichever one you like there might be others these are the three that i'm familiar with that's why i put them there hello kitty agrees with me just use those and very interesting one this is actually uh from a user this is a you just saw this that they're adding it in tower but this is how one of our users implemented it when we brought out the fact caching in the previous version we announced the redis one and i sneaked in last minute the json file fat caching because it's a how i originally developed the fat caching before i abandoned it michael took it over he abandoned it and the third guy took it over he actually did it and then we integrated it and then we added the redis plug-in so i had the json file plug-in and it took me like five minutes and i'll add it back two weeks later i get this guy saying hey how can i do this this what the hell are you doing so he's checking out he sets fat caching to use json file he points that to a git repo he has open he's got incron looking at that git repo and every time he sees a change he checks it in so now he's got in a repo all the history of changes of all his facts very easily done in the background and every time somebody runs a playbook he gets it for free the problem was when we added time facts that now the diff starts showing all the times but then he had to commit hook to filter out the time facts and he was happy again uh but again tower is doing this soon it's not only doing it on facts it's doing it on many other things it does specific scans a nice report give to your boss you don't need to do this yourself this also would require you that everybody executes ansible from the same machine with this permissions that lets you arrive right to the same fat cache which starts getting more complicated this was one guy managing 200 machines by himself he was happy this gave him exactly what he needed again something you can use ansible for becomes an auditing system automatically as a side effect this is something that i've never actually finished with ansible i've had it at partial stages of working ansible managed is something that a lot of people like to have in templates the problem is is that if you put in user date time every time you run the template it's changed because you're running at a different time at least i hope and sometimes you run as different users because it could be me it could be him it could be the other guy knobs and suddenly we're always changing this file so one thing that i had learned from uh on etl system we had been in a previous company is that uh it's hard especially when you're doing etl across a lot of clients to keep the information of a file with a file so we had the import specs we would figure out of a file and we tried to keep them time version but then a client would send us a file six weeks later with the version of the import from before so we couldn't do a time series it got pretty complicated so i learned about extended attributes and hell i'll just keep the spec in the extended attributes of the file and i started doing the same thing with changes to config files in ansible so i would create a handler with his extended attribute which would go to whatever file you had modified so now i could keep who did what when and even a hash of what the file is supposed to look like last time it was touched it has uh the disadvantage of not being immediately visible when you edit the file or when you ls the file but it's uh easy enough if you know that this is happening just to get a f attribute or lsf attribute depends on the tools on your system it also requires extended attributes on the user mount and the great thing now your template and your copy don't detect the file has changed because the extended attributes are not part of the sum of the file the checksum of the file is not affected by them which is why i also look up another checksum about the extended attributes but that's another issue and you can basically write them in json and they look like json because it's basically the same structure uh curly braces for dictionaries and then lists uh one last thing is a ansible itself uh internally is built as a unix tool has all these plugins it puts them all together to create a uh a result changing the plugins from underneath gives you different powers if you change ssh for parameco now you can deal with old sun machines because old sun ssh does not really like the open ssh with the control master and you get weird things you need to go against a windows machine you use winrm even though now they just added ssh which means all the time we spend on one arm let's see where that goes that you want to access a jail we've got a communication plugin for that but now it's not about the communication but or the communication you get back uh your callback plugins you want to display it to a person it's one plugin you want to display it to a system you can give it into json or tab delimited files as i said before you can play around with the output and that is part of a plug-in it works a lot like pipes and filters there's stuff that goes in vars plug-ins inventory i'm sorry in your inputs your transformations your your modules which you all know the hundreds of modules we have now to do almost anything you can think of and then the small things like lookups filters for transformations or getting new information into your playbook that are a piecemeal at any point and the nice thing about ginger filters you can also chain them they're pipeable within themselves a callbacks are i think a type of plugin that is really underrated they're very powerful and they are basically your event manager if you want it anything you do in the play gets sent into a callback when it happens and notification modules are kind of a lesser form of callback you saw before i'm running the report and sending mail or when i saw that a file was different i record that fact and send the mail that hey the files have changed with callbacks i could be sending all the information all the time with notification modules it's chosen events that you can send and one last part is a lot of people don't know the many ways of executing a module or that the module you're executing can be dynamic this is one thing that a lot of people have used for abstraction specifically ansible package manager so you don't have to use app yum or whatever else but it has its limitations because not all the package managers do the same thing i'm going to give an example on how to for example install apache with php and there's other things that a lot of people ask for us from us that are not built in but that are very easy to build in as this is a role i've created i get asked this a lot hey how can i make sure that in a directory only the files i created are there with other configuration management systems you know they we compile all this data about the machine and of course they know everything that should be there but with ansible it's a lot more free form i'm updating three of the configuration files in this play you're updating in that play you might have all that data in your bars but ansible does not have a holistic view of the machine you can give it to ansible and that's how i created this little uh row this role runs find on the path you give it registers all the files it then goes to each file and deletes every file that it finds existing there that is not in in the expected files so there's a variable tidy expected that i pass into this role and this is a list of files you should have it goes to the path these are the files i have so every file i have that is not that i should have file deletes and then i send the email and the body is the list of files i removed and this is a role now you have that tidy function everybody was asking for me you only have to give it two things the path to the directory that you want to keep tidy and the list of files that should be there a lot of people wanted to make a module i said you know what it's basically calling two modules find and file and then you might want to do something with that you can add a mail you can send a hip chat you can send to snapchat you can send whatever chat you want to do irc jabber there's all kinds of places you can send it to devnol that's where they all end and and this takes me to hacking ansible you don't really need to code you can look at the roles as a a small way to add functionality you can add them like their little programming libraries which you give two inputs and then things happen you either get something back or some effects happen in this case i give two inputs this is a path this is the files that should be there this little role takes care of removing what should not uh this is something that i found very interesting a call back this a user came and said oh we want uh to do this we want to have ansible instead of sending to syslog in normal lines as sensible does we wanted to send to json lines because they had a whole setup of their syslog ng would accept json and anything that was a json message would be resent to their aggregation server so that's very interesting let's talk on how to do that so they created this small logger plugin this is actually included with ansible i think in the last two versions and it basically everything that happens in ansible that goes to the callback that you would output the screen is now a json message getting sent to syslog this is sending it to syslog you can send it to elastic cache you can change it you can uh send it to an rd you can send it via whisper protocol you can send it anywhere where you want to aggregate the data this is a basically a reporting and auditing built in this has always been an ansible it's most people have only used it to see in their screen i mean there's one to send every action that happens in in a playbook to hipchat you can send it to slack you can email every playbook that's ever run because that's what we need more email that we're not going to read i used to work for a spammer it's really sore point with me and this little plug-in just demonstrated one of the really undervalued things these guys wanted all this information they wanted to build in a system themselves they want to correlate the information of ansible running with what their application was giving them they already had a system in place syslog transporting json other people might have opinions on that i don't it worked for them and this little plugin made it very easy for them to integrate ansible again ansible doesn't care i'm sending output to a plugin the plugin can do whatever you tell it to do and this is a more fun plugin this one was actually been in ansel for a long time this callback plugin will uh go to your mac and speak to you on every step of the play it uses the same utility i don't know if you all know it on the mac and for example it will tell you the name of the play you're going to run when something is okay it does a beep sound when it fails it uh you know it wails uh when everything is okay goes pew and uh a very fun uh thing with this uh michael diehan he's got this ansible and juliet it's basically a small the first three chapters of of romeo and juliet that go against an inventory you map that inventory to five six max you've got the best april fools pranks ever because now your office your machines start playing the different parts your machine is romeo this is juliette parsec you know and now you've got to play and everybody in the office is like what's going on uh that you're doing this with osxa you do this to a lava lamp that you do this to an led and stream information possibilities are endless we find the most ridiculous way of using it go at it ansible doesn't care it'll do whatever you tell it to just give it the plugin it'll recite romeo and juliet just because you asked it too no judgments and the last thing is because i'm very surprised most people don't know this there are several ways to call a module the first form i think is the the least used is that you have the action and inside action you have module and to module you give the module name almost nobody uses this because it's a lot of typing so michael introduced a shorthand which was action module name which a lot of people still found too much typing so everybody just does module name colon with one exception when you want to use local action and then you remember hey wait there's this action we add again and that's why you sometimes see everything module name module module name module name and then local action colon module but it's really the same uh uh way of expressing of calling a module it's just that we're so used to the shorthand we don't see that there's other ways but these other ways actually enable us uh to use uh a variable um i was actually very big fan of this when uh ansible still did the dollar variable notation which made it work much better now that we have the curly braces yaml gets a bit frisky about it and here it is for example this will install apache on any architecture that supports a package manager that takes a name and state present this works with yum apt i believe package ng and portage i really haven't tested with anything else it takes a list of packages which is a variable i use include vars to include the distribution appropriate uh variables that i'm going to use and then i template the config which it also uses uh paths to a distribution appropriate place a lot of people ask for this all the time and i keep telling them it's just as much work you end up with three files but this is the way to if you want to do it because the the data you're looking at as code remember this is a yaml file it's a data expression ansible just happens to interpret that data into actions which reminds me of lisbon scheme but your code is data it's always been data ansible just uses a data format to force you to express the code in it and i keep telling you it's not a programming language so this is the red hat file which for example as you saw before the configuration had to use an apache user because it's different on different distributions red hat uses httpd as a user for the config it uses etsy http conf httpd and the packages are completely named differently well they're named hdd mod ssl php fpm and the service is uh is also named httpd when we go to debian there's not one thing the same if you're not using the abstract you would need to have a apt install with the packages a yum install with the packages two files and then a variable file for the common data in this case i restructured the other way around instead of having two task lists or two plays i have one play and i have two data files but i can give you what a lot of people ask for which is abstraction when it comes to the package manager one caveat is that if you do the configurations also the same which you can up to a point as long as you keep them monolithic you break uh the debian apache control tools because they expect the wholly organized sim-linked configurations but that's up to you it's your context you want this you can have it but remember you asked for it and uh just a small recap on everything uh ansible was born for from unix plays well with unix remember this you will find uses that nobody else has thought of uh i had a patch to make ansible accept plays and standard in and that was promptly rejected several times [Music] then i stopped generating plays on the fly from ansible to ansible but that was my own insanity but otherwise it works very much like a unix tool it's a python script in the end you can call it and there's several ways to pass data into it it can pass data out in several ways the plugins allow you for enormous flexibility at this point roles are not only for a set of tasks that you're looking at it can be for subsets of that or use them as libraries programming libraries the tidy role i just showed you you can add that anywhere very easily just to make that function if you make them small composable they become very very reusable a lot of people want to code in the playbook i've seen this number of times why can't i write python here because it's not a programming language and yet i keep using it as one you've all seen it i've admitted to it and i deny it all the time it's not a programming language it's that way for a reason ansible is very simple to audit very simple to use very simple to ramp up if we convert into a programming language it loses that simplicity so what happens with all these programmers that want to add code to ansible or this is where the plugins are great because now you can add the code do the functionality you want it and make it in a reusable component that a non-programmer can use every lookup plugin every filter you add adds to the power of ansible it makes it do what the code would do it but people don't have to look at the code or copy and paste it to actually use it they don't have to import libraries they don't have to code themselves they can just use ansible write it into a playbook hide the code where it has to be in the plugins it's a good place for them they interact very well with everything else there should be very little that you cannot do using the plugins that you need to do every time i say plugins 99 percent of people think task modules library there are other plugin classes that are very interesting specifically filters lookbacks and callbacks are incredibly powerful they control your inputs your outputs and your transformations this is 80 to 90 percent of what a programming language does you input stuff you transform it you output this is uh what these plugins are meant for the library plugins are meant to do actions across other machines and create state these are not these are meant to take information transform it output information that's the biggest difference between the rest of the plugins and basically it's ansible can work for you just because i tell you not to do it that way does not mean you can't if it works for you makes your life easier makes your company work better go ahead and do it let me cry in a corner about how you're mistreating ansible it's not my hang-ups you need to deal with it's your circumstance you see uh many examples of using an ansible in unorthodox ways ways that people normally don't use little tricks i think the the shebang surprises most people nobody thinks of this and this for me was like the first thing i did and i'm like no really it's it's that easy even michael was like yeah what the hell you do he does that a lot with me using it as a qa tool and not a tool it's a tool how you use it words best to use it is up to you there's recommendations i can give you the recommendations anybody can give you and it all depends if you have a better tool for the job or not or sometimes it's just the fast tool because this is a tool you know this is a tool very easy to pick up this is a tool that almost anybody can pick up in a fraction of the time again have hr people and qa people that had no idea how to use a command line they are now using ansible to deploy uh their applications verify their applications uh ensure compliance with users not being in in the company it's uh something that i love about ansible it's so easy deceptively so sometimes it can get very complicated but that's you making it complicated basically me making complicator i'm just projecting and that's all i have to say any questions brian any questions questions okay great so uh we are gonna have thanks brian we're gonna have a you

Info

Channel: Red Hat Ansible Automation

Views: 8,998

Rating: undefined out of 5

Keywords:

Id: Apu0WCuFCuY

Channel Id: undefined

Length: 49min 31sec (2971 seconds)

Published: Thu Apr 07 2022