Ansible Advanced Oleg Fiksel Security Consultant @ CSPI GmbH - - PowerPoint PPT Presentation

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

Ansible Advanced

Oleg Fiksel Security Consultant @ CSPI GmbH

• leg.fiksel@cspi.com | oleg@fiksel.info

FrOSCon 2016

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

AGENDA

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END Q & A

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

ABOUT ME

◮ Security Consultant @ CSPI 1 (former MODCOMP 2) ◮ Main topics

◮ Automation ◮ Virtualisation ◮ Application Switching (load balancing) ◮ Perl Coding 1About CSPi 2Wikipedia: MODCOMP

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

GOALS OF THIS TALK

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

GOALS OF THIS TALK

◮ This is not a comparison of configuration management

systems.

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

GOALS OF THIS TALK

◮ This is not a comparison of configuration management

systems.

◮ Provide overview of some (not all) advanced features of

ansible.

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

GOALS OF THIS TALK

◮ This is not a comparison of configuration management

systems.

◮ Provide overview of some (not all) advanced features of

ansible.

◮ Using examples

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

GOALS OF THIS TALK

◮ This is not a comparison of configuration management

systems.

◮ Provide overview of some (not all) advanced features of

ansible.

◮ Using examples ◮ Provide links for possible deep dive on a particular subject

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

GOALS OF THIS TALK

◮ This is not a comparison of configuration management

systems.

◮ Provide overview of some (not all) advanced features of

ansible.

◮ Using examples ◮ Provide links for possible deep dive on a particular subject

◮ Talk about new features in ansible 2.0 (and ansible 2.2)

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

GOALS OF THIS TALK

◮ This is not a comparison of configuration management

systems.

◮ Provide overview of some (not all) advanced features of

ansible.

◮ Using examples ◮ Provide links for possible deep dive on a particular subject

◮ Talk about new features in ansible 2.0 (and ansible 2.2) ◮ Discuss new topics ansible is approaching

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

WHY ANSIBLE?

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

WHY ANSIBLE?

◮ Fresh

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

WHY ANSIBLE?

◮ Fresh

◮ Started February 2012

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

WHY ANSIBLE?

◮ Fresh

◮ Started February 2012 ◮ Core rewrite January 2016

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

WHY ANSIBLE?

◮ Fresh

◮ Started February 2012 ◮ Core rewrite January 2016

◮ Simple syntax

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

WHY ANSIBLE?

◮ Fresh

◮ Started February 2012 ◮ Core rewrite January 2016

◮ Simple syntax ◮ Bloody Enterprise compatible

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

WHY ANSIBLE?

◮ Fresh

◮ Started February 2012 ◮ Core rewrite January 2016

◮ Simple syntax ◮ Bloody Enterprise compatible

◮ Works with no agents on the systems

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

WHY ANSIBLE?

◮ Fresh

◮ Started February 2012 ◮ Core rewrite January 2016

◮ Simple syntax ◮ Bloody Enterprise compatible

◮ Works with no agents on the systems ◮ Works via jumphosts

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

WHY ANSIBLE?

◮ Fresh

◮ Started February 2012 ◮ Core rewrite January 2016

◮ Simple syntax ◮ Bloody Enterprise compatible

◮ Works with no agents on the systems ◮ Works via jumphosts ◮ Works on stripped down / hardened systems

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

PLAYBOOK BEST PRACTICES

Source: http://docs.ansible.com/ansible/playbooks_best_practices.html#directory-layout 1 stage # inventory f i l e f o r s t a g e environment 2 production # inventory f i l e f o r production environment 3 4 group_vars/ 5 group1 # assign v a r i a b l e s to p a r t i c u l a r s e r v e r groups 6 host_vars/ 7 hostname1 # systems s p e c i f i c v a r i a b l e s 8 9 s i t e . yml # master playbook 10 webservers . yml # playbook f o r webserver t i e r 11 12 roles/ 13 common/ # t h i s h i e r a r c h y r e p r e s e n t s a " r o l e " 14 tasks/ # 15 main . yml # < − − t a s k s f i l e can i n c l u d e s m a l l e r f i l e s i f warranted 16 handlers/ # 17 main . yml # < − − h a n d l er s f i l e 18 templates/ # < − − f i l e s f o r use with the t e m p l a t e r e s o u r c e 19 ntp . conf . j 2 # < − − − − − − − t e m p l a t e s end in . j2 20 f i l e s / # 21 foo . sh # < − − s c r i p t f i l e s f o r use with the s c r i p t r e s o u r c e 22 vars/ # 23 main . yml # < − − v a r i a b l e s a s s o c i a t e d with t h i s r o l e 24 defaults/ # 25 main . yml # < − − d e f a u l t lower p r i o r i t y v a r i a b l e s f o r t h i s r o l e 26 meta/ # 27 main . yml # < − − r o l e d e p en d e n c i es 28 29 monitoring/ # same kind

• f

s t r u c t u r e as "common" r o l e

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

MODULE INSIGHTS

1Ansible - Developing Plugins

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

MODULE INSIGHTS

Most work in ansible is handled by modules 1.

1Ansible - Developing Plugins

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

MODULE INSIGHTS

Most work in ansible is handled by modules 1.

◮ connection modules

1Ansible - Developing Plugins

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

MODULE INSIGHTS

Most work in ansible is handled by modules 1.

◮ connection modules

◮ connect to machines 1Ansible - Developing Plugins

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

MODULE INSIGHTS

Most work in ansible is handled by modules 1.

◮ connection modules

◮ connect to machines

◮ lookup modules

1Ansible - Developing Plugins

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

MODULE INSIGHTS

Most work in ansible is handled by modules 1.

◮ connection modules

◮ connect to machines

◮ lookup modules

◮ give data 1Ansible - Developing Plugins

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

MODULE INSIGHTS

Most work in ansible is handled by modules 1.

◮ connection modules

◮ connect to machines

◮ lookup modules

◮ give data

◮ filter modules

1Ansible - Developing Plugins

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

MODULE INSIGHTS

Most work in ansible is handled by modules 1.

◮ connection modules

◮ connect to machines

◮ lookup modules

◮ give data

◮ filter modules

◮ transform data 1Ansible - Developing Plugins

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

MODULE INSIGHTS

Most work in ansible is handled by modules 1.

◮ connection modules

◮ connect to machines

◮ lookup modules

◮ give data

◮ filter modules

◮ transform data

◮ callback modules

1Ansible - Developing Plugins

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

MODULE INSIGHTS

Most work in ansible is handled by modules 1.

◮ connection modules

◮ connect to machines

◮ lookup modules

◮ give data

◮ filter modules

◮ transform data

◮ callback modules

◮ register events that happen when tasks are executed 1Ansible - Developing Plugins

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

MODULE INSIGHTS

Most work in ansible is handled by modules 1.

◮ connection modules

◮ connect to machines

◮ lookup modules

◮ give data

◮ filter modules

◮ transform data

◮ callback modules

◮ register events that happen when tasks are executed

◮ task modules

1Ansible - Developing Plugins

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

MODULE INSIGHTS

Most work in ansible is handled by modules 1.

◮ connection modules

◮ connect to machines

◮ lookup modules

◮ give data

◮ filter modules

◮ transform data

◮ callback modules

◮ register events that happen when tasks are executed

◮ task modules

◮ self contained script 1Ansible - Developing Plugins

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

MODULE INSIGHTS

Most work in ansible is handled by modules 1.

◮ connection modules

◮ connect to machines

◮ lookup modules

◮ give data

◮ filter modules

◮ transform data

◮ callback modules

◮ register events that happen when tasks are executed

◮ task modules

◮ self contained script ◮ any programming language (core modules - python only) 1Ansible - Developing Plugins

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

MODULE INSIGHTS

Most work in ansible is handled by modules 1.

◮ connection modules

◮ connect to machines

◮ lookup modules

◮ give data

◮ filter modules

◮ transform data

◮ callback modules

◮ register events that happen when tasks are executed

◮ task modules

◮ self contained script ◮ any programming language (core modules - python only) ◮ do the heavy lifting 1Ansible - Developing Plugins

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

MODULE INSIGHTS

Most work in ansible is handled by modules 1.

◮ connection modules

◮ connect to machines

◮ lookup modules

◮ give data

◮ filter modules

◮ transform data

◮ callback modules

◮ register events that happen when tasks are executed

◮ task modules

◮ self contained script ◮ any programming language (core modules - python only) ◮ do the heavy lifting ◮ copied to the target machine 1Ansible - Developing Plugins

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

MODULE INSIGHTS

Most work in ansible is handled by modules 1.

◮ connection modules

◮ connect to machines

◮ lookup modules

◮ give data

◮ filter modules

◮ transform data

◮ callback modules

◮ register events that happen when tasks are executed

◮ task modules

◮ self contained script ◮ any programming language (core modules - python only) ◮ do the heavy lifting ◮ copied to the target machine ◮ executed with (json) input 1Ansible - Developing Plugins

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

MODULE INSIGHTS

Most work in ansible is handled by modules 1.

◮ connection modules

◮ connect to machines

◮ lookup modules

◮ give data

◮ filter modules

◮ transform data

◮ callback modules

◮ register events that happen when tasks are executed

◮ task modules

◮ self contained script ◮ any programming language (core modules - python only) ◮ do the heavy lifting ◮ copied to the target machine ◮ executed with (json) input ◮ (json) output is registered 1Ansible - Developing Plugins

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

PLAYBOOKS IN DEEP

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

TAGS

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

TAGS

1 # main.yml 2 --- 3 − hosts: webservers 4

gather_facts: false

5

tasks:

6

• package:

7

name: "lighttpd"

8

s t a t e : i n s t a l l e d

9

tags:

10

• packages

11

• template:

12

src: "template/lighttpd.j2"

13

dest: "/etc/lighttpd/lighttpd.conf"

14

tags:

15

• configuration

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

TAGS

1 # main.yml 2 --- 3 − hosts: webservers 4

gather_facts: false

5

tasks:

6

• package:

7

name: "lighttpd"

8

s t a t e : i n s t a l l e d

9

tags:

10

• packages

11

• template:

12

src: "template/lighttpd.j2"

13

dest: "/etc/lighttpd/lighttpd.conf"

14

tags:

15

• configuration

Run:

ansible−playbook main . yml − −tags packages ansible−playbook main . yml − −skip−tags configuration

1More details: Ansible - Playbook Tags

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

CUSTOM ACTIONS

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

CUSTOM ACTIONS

1 --- 2 − include_vars: "includes/{{ ansible_os_family }}.yml" 3 − name: "remove the apache package" 4

action: "{{custom_package_mgr}} name={{apache}} state=absent"

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

INTERACTION

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

COMMANDLINE/FILE

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

COMMANDLINE/FILE

ansible−playbook −e ’ apache_hostname=example . com’ deploy . yml ansible−playbook − −extra−vars " @vars . json " deploy . yml

1 # vars . json 2 {

" apache_hostname " : " example . com" }

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

PROMPTS AND PAUSE

1Ansible - Playbook Prompts 2Ansible - Pause Module

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

PROMPTS AND PAUSE

1 --- 2 − hosts: localhost 3

gather_facts: false

4

vars_prompt:

5

• name: "name"

6

prompt: "What is your name?"

7

private: no

8

• name: "location"

9

prompt: "What is you location?"

10

private: no

11

tasks:

12

• debug:

13

msg: "{{name}}, let me think for a moment..."

14

• pause:

15

seconds: 10

16

• debug:

17

msg: "Let me guess, you are now at {{location}}?"

1Ansible - Playbook Prompts 2Ansible - Pause Module

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

PLAYBOOK AS AN EXECUTABLE

1Example from: Ansible Webinar - Tips and Tricks by Brian Coca

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

PLAYBOOK AS AN EXECUTABLE

Use Shebang to run ansible as an executable.

1 #!/usr/bin/ansible-playbook 2 --- 3 − hosts: a l l 4

gather_facts: false

5 # sudo: true 6

v a r s _ f i l e s :

7

• departed_users . yml

8

tasks:

9

• name: Delete departed

users and a l l i t ’s files

10

user: name={{ item } } s t a t e =absent remove=yes

11

with_items: "{{departed}}"

1Example from: Ansible Webinar - Tips and Tricks by Brian Coca

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

PLAYBOOK AS AN EXECUTABLE

Use Shebang to run ansible as an executable.

1 #!/usr/bin/ansible-playbook 2 --- 3 − hosts: a l l 4

gather_facts: false

5 # sudo: true 6

v a r s _ f i l e s :

7

• departed_users . yml

8

tasks:

9

• name: Delete departed

users and a l l i t ’s files

10

user: name={{ item } } s t a t e =absent remove=yes

11

with_items: "{{departed}}"

1 # departed_users.yml 2 --- 3 − departed: ["toor" , "admin"] 1Example from: Ansible Webinar - Tips and Tricks by Brian Coca

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

PLAYBOOK AS AN EXECUTABLE

Use Shebang to run ansible as an executable.

1 #!/usr/bin/ansible-playbook 2 --- 3 − hosts: a l l 4

gather_facts: false

5 # sudo: true 6

v a r s _ f i l e s :

7

• departed_users . yml

8

tasks:

9

• name: Delete departed

users and a l l i t ’s files

10

user: name={{ item } } s t a t e =absent remove=yes

11

with_items: "{{departed}}"

1 # departed_users.yml 2 --- 3 − departed: ["toor" , "admin"]

./ delete_departed_users . yml −i . . / inventory −l host1

1Example from: Ansible Webinar - Tips and Tricks by Brian Coca

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

DELEGATION

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

DELEGATION

1 --- 2 − name: shush nagios

before deployment

3

nagios:

4

action: s i l e n c e

5

host: "{{inventory_hostname}}"

6

delegate_to: "{{nagios_host}}"

7 8

. . . deployment

9 10 − name: unshush nagios

a f t e r deployment

11

nagios:

12

action: unsilence

13

host: "{{inventory_hostname}}"

14

delegate_to: "{{nagios_host}}"

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

LOOKUPS

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

LOOKUPS 1/4

Lookups are executed on ansible controller.

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

LOOKUPS 1/4

Lookups are executed on ansible controller. Probably most well known lookup is:

1 --- 2 − name: add ssh key 3

authorized_key:

4

user: root

5

key: "{{ lookup(’file’, ’~/.ssh/id_rsa.pub’) }}"

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

LOOKUPS 2/4

You can use lookups for other weird things too:

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

LOOKUPS 2/4

You can use lookups for other weird things too:

1 --- 2 − hosts: localhost 3

gather_facts: false

4

tasks:

5

• name: random number ( using lookup )

6

debug:

7

msg: "Random number {{ lookup(’pipe’, ’perl -e "print i n t ( rand (100) )"’) }}"

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

LOOKUPS 3/4

Or just use build-in function:

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

LOOKUPS 3/4

Or just use build-in function:

1 --- 2 − hosts: localhost 3

gather_facts: false

4

tasks:

5

• name: ansible

native random number

6

debug:

7

msg: "{{100 | random}}"

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

LOOKUPS 4/4

Lookups list (incomplete):

◮ pipe ◮ redis_kv ◮ template ◮ etcd ◮ dig (DNS) ◮ csvfile ◮ ini ◮ . . .

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

FILTERS

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

FILTERS

Filters manipulate data and are executed on the ansible controller.

More information:

◮

http://docs.ansible.com/ansible/playbooks_filters.html

◮

http://jinja.pocoo.org/docs/dev/templates/#builtin-filters

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

EXAMPLE 1

Not all filters are dependency-free. IP address validation needs python-netaddr.

1 --- 2 − hosts: localhost 3

gather_facts: no

4

tasks:

5

• debug: msg={{

ip | ipv4 } }

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

EXAMPLE 2

1 --- 2 − hosts: localhost 3

gather_facts: false

4

tasks:

5

• debug:

6

msg: "{{ ’ansible’ | regex_replace(’^a.*i(.*)$’, ’a\\1’) }}"

Produces: “able”

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

VARIABLE VALIDATION

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

VARIABLE VALIDATION

1 --- 2 − hosts: a l l 3

gather_facts: no

4

tasks:

5

• debug: msg={{ hostname | mandatory

} }

6

• debug: msg={{

ip | mandatory } }

7

. . .

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

INCLUDES AND ROLES

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

INCLUDES

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

INCLUDES

1 --- 2 − servers: a l l 3

tasks:

4

• include: set_mysql_password . yml mysql_user=root mysql_pass

={{ var_mysql_pass } }

5

. . .

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

ROLES

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

ROLES

1 # sample

r o l e s t r u c t u r e

2 roles/ 3

common/

4

f i l e s /

5

templates/

6

tasks/

7

handlers/

8

vars/

9

defaults/

10

meta/

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

INCLUDES V.S. ROLES

When use includes and when roles?

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

INCLUDES V.S. ROLES

When use includes and when roles?

◮ includes for small code pieces ◮ if you have files/templates/handlers - use roles

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

VERBOSITY AND ERROR HANDLING

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

IGNORE_ERRORS

Continue running the task disregarding an error.

1 --- 2 − name: mysql root password 3

mysql_user: name=root password ={{ db_root_password } }

4

ignore_errors: true

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

ASSERT

1 --- 2 − hosts: localhost 3

gather_facts: false

4

vars_prompt:

5

• name: "name"

6

prompt: "What is your name?"

7

# show input contents

8

private: no

9

tasks:

10

• name: Very secure

user validation

11

as s e r t :

12

that: "name == ’Oleg’"

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

FAIL

1 --- 2 − hosts: localhost 3

gather_facts: false

4

vars_prompt:

5

• name: "name"

6

prompt: "What is your name?"

7

# show input contents

8

private: no

9

tasks:

10

• name: Very secure

user validation

11

f a i l :

12

msg: "You are not allowed to run this playbook, {{name}}!"

13

when: "name != ’Oleg’"

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

WHAT’S NEW IN ANSIBLE 2.0

1Details: Ansible 2.0 Release Notes

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

WHAT’S NEW IN ANSIBLE 2.0

◮ Task Blocks

1Details: Ansible 2.0 Release Notes

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

WHAT’S NEW IN ANSIBLE 2.0

◮ Task Blocks ◮ Playbook parsing and Error Reporting improvements

1Details: Ansible 2.0 Release Notes

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

WHAT’S NEW IN ANSIBLE 2.0

◮ Task Blocks ◮ Playbook parsing and Error Reporting improvements

◮ Syntax error shows the exact place in a playbook and gives

sugestions

1Details: Ansible 2.0 Release Notes

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

WHAT’S NEW IN ANSIBLE 2.0

◮ Task Blocks ◮ Playbook parsing and Error Reporting improvements

◮ Syntax error shows the exact place in a playbook and gives

sugestions

◮ No more escaping of escapings needed (\\\\) 1Details: Ansible 2.0 Release Notes

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

WHAT’S NEW IN ANSIBLE 2.0

◮ Task Blocks ◮ Playbook parsing and Error Reporting improvements

◮ Syntax error shows the exact place in a playbook and gives

sugestions

◮ No more escaping of escapings needed (\\\\)

◮ Dynamic Includes

1Details: Ansible 2.0 Release Notes

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

WHAT’S NEW IN ANSIBLE 2.0

◮ Task Blocks ◮ Playbook parsing and Error Reporting improvements

◮ Syntax error shows the exact place in a playbook and gives

sugestions

◮ No more escaping of escapings needed (\\\\)

◮ Dynamic Includes ◮ Execution Strategy Plugins

1Details: Ansible 2.0 Release Notes

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

TASK BLOCKS - BASIC EXAMPLE

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

TASK BLOCKS - BASIC EXAMPLE

1 tasks: 2

• block:

3

• debug: msg=’i execute normally’

4

• command: /bin/false

5

• debug: msg=’i never execute, cause ERROR!’

6

rescue:

7

• debug: msg=’I caught an error’

8

• command: /bin/false

9

• debug: msg=’I also never execute :-(’

10

always:

11

• debug: msg="this always executes"

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

TASK BLOCKS - ADVANCED EXAMPLE

1 --- 2 − hosts: a l l 3 s e r i a l : 1 4 vars: 5

• debug: false

6

• packages: [ git ,

lighttpd ] 7 tasks: 8

• block:

9

• name: i n s t a l l

packages 10 package: name="{{item}}" s t a t e = i n s t a l l e d 11 with_items: 12

• "{{packages}}"

13 r e g i s t e r : packages_state 14

• debug: msg="{{packages_state}}"

15 when: "debug == true" 16

• name: copy lighttpd

config f i l e 17 template: 18 src: "lighttpd.conf.j2" 19 dest: "/etc/lighttpd/conf-enabled/00-test.conf" 20

• name: r e s t a r t

lighttpd 21 service: name="lighttpd" s t a t e =restarted 22 rescue: 23

• name: remove l i g h t t p

config f i l e 24 f i l e : 25 dest: "/etc/lighttpd/conf-enabled/00-test.conf" 26 s t a t e : absent 27

• name: remove i n s t a l l e d

packages 28 package: name="{{item}}" s t a t e =absent purge=true 29 with_items: 30

• "{{packages}}"

31 when: "packages_state[’changed’] == true" 32

• f a i l :

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

DYNAMIC INCLUDES

1Porting guide to ansible 2.0

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

DYNAMIC INCLUDES

◮ Before ansible 2.0 includes were preprocessed (once at

start-time)

1Porting guide to ansible 2.0

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

DYNAMIC INCLUDES

◮ Before ansible 2.0 includes were preprocessed (once at

start-time)

◮ From ansible 2.0 on includes are dynamically evaluated in

runtime

1Porting guide to ansible 2.0

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

DYNAMIC INCLUDES

◮ Before ansible 2.0 includes were preprocessed (once at

start-time)

◮ From ansible 2.0 on includes are dynamically evaluated in

runtime

◮ The fact that your plabook from ansible < 2.0 is parsed

correctly in ansible 2.0 doesn’t mean it will behave the same way

1Porting guide to ansible 2.0

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

DYNAMIC INCLUDES

◮ Before ansible 2.0 includes were preprocessed (once at

start-time)

◮ From ansible 2.0 on includes are dynamically evaluated in

runtime

◮ The fact that your plabook from ansible < 2.0 is parsed

correctly in ansible 2.0 doesn’t mean it will behave the same way

◮ Examples:

1Porting guide to ansible 2.0

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

DYNAMIC INCLUDES

◮ Before ansible 2.0 includes were preprocessed (once at

start-time)

◮ From ansible 2.0 on includes are dynamically evaluated in

runtime

◮ The fact that your plabook from ansible < 2.0 is parsed

correctly in ansible 2.0 doesn’t mean it will behave the same way

◮ Examples:

◮ − include: "{{ ansible_os_family }}.yml" 1Porting guide to ansible 2.0

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

DYNAMIC INCLUDES

◮ Before ansible 2.0 includes were preprocessed (once at

start-time)

◮ From ansible 2.0 on includes are dynamically evaluated in

runtime

◮ The fact that your plabook from ansible < 2.0 is parsed

correctly in ansible 2.0 doesn’t mean it will behave the same way

◮ Examples:

◮ − include: "{{ ansible_os_family }}.yml" ◮ − include_vars: "{{ ansible_os_family }}.yml" 1Porting guide to ansible 2.0

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

EXECUTION STRATEGIES

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

EXECUTION STRATEGIES Sice ansible 2.0 execution strategies are plugins.

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

EXECUTION STRATEGIES 1/3

strategy: linear (default) host1 host2 task1=1sec task1=5sec task2=5sec task2=9sec

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

EXECUTION STRATEGIES 2/3

strategy: linear (default) strategy: free host1 host2 host1 host2 task1=1sec task1=5sec task2=5sec task2=9sec t1=5sec t1=5sec task1=1sec task2=9sec task1=5sec task2=5sec

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

EXECUTION STRATEGIES 3/3

strategy: linear (default) strategy: free strategy: linear serial: 1 host1 host2 host1 host2 host1 host2 task1=1sec task1=5sec task2=5sec task2=9sec t1=5sec t1=5sec task1=1sec task2=9sec task1=5sec task2=5sec task1=5sec task2=5sec task1=1sec task2=9sec

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

EXECUTION STRATEGIES - PLAYBOOK 1/3

1 #

F i l e s t r u c t u r e :

2 3 ./ deploy_facts . yml 4 ./ f i l e s 5 ./ f i l e s /host1 . f a c t 6 ./ f i l e s /host2 . f a c t 7 ./ run . yml

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

EXECUTION STRATEGIES - PLAYBOOK 1/3

1 #

F i l e s t r u c t u r e :

2 3 ./ deploy_facts . yml 4 ./ f i l e s 5 ./ f i l e s /host1 . f a c t 6 ./ f i l e s /host2 . f a c t 7 ./ run . yml 1 #

f i l e s / host1 . f a c t

2 [ general ] 3 t1 =1 4 t2 =9 1 #

f i l e s / host2 . f a c t

2 [ general ] 3 t1 =5 4 t2 =5

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

EXECUTION STRATEGIES - PLAYBOOK 2/3

1 # deploy_facts.yml 2 --- 3 − hosts: a l l 4

tasks:

5

• debug:

6

msg: "{{ ansible_local[’times’][’general’] }}"

7

ignore_errors: True

8

• f i l e :

9

path: ’/etc/ansible/facts.d’

10

s t a t e : directory

11

• copy:

12

src: "files/{{ inventory_hostname }}.fact"

13

dest: "/etc/ansible/facts.d/times.fact"

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

EXECUTION STRATEGIES - PLAYBOOK 3/3

1 # run.yml 2 --- 3 − hosts: a l l 4

strategy: free

5 #

strategy: linear

6 #

serial: 1

7

tasks:

8

• debug:

9

msg: "{{ ansible_local[’times’][’general’] }}"

10

• s h e l l :

11

cmd: "sleep {{ ansible_local[’times’][’general’][’t1’] }}"

12

• s h e l l :

13

cmd: "sleep {{ ansible_local[’times’][’general’][’t2’] }}"

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

GENERIC PACKAGE MODULE

1Details: Ansible - Package Module

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

GENERIC PACKAGE MODULE

1 --- 2 − package: name= g i t

s t a t e =present

We all have been waiting for it!

1Details: Ansible - Package Module

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

GENERIC PACKAGE MODULE

But wait a minute... Does this ease the pain of creating playbook for different distros?

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

GENERIC PACKAGE MODULE

But wait a minute... Does this ease the pain of creating playbook for different distros?

◮ apache package name

◮ CentOS/RHEL: httpd ◮ Debian: apache2

◮ apache config directory

◮ CentOS/RHEL: /etc/httpd/conf.d ◮ Debian: /etc/apache2/conf-enabled

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

GENERIC PACKAGE MODULE

But wait a minute... Does this ease the pain of creating playbook for different distros?

◮ apache package name

◮ CentOS/RHEL: httpd ◮ Debian: apache2

◮ apache config directory

◮ CentOS/RHEL: /etc/httpd/conf.d ◮ Debian: /etc/apache2/conf-enabled

How to solve?

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

GENERIC PACKAGE MODULE

Working with distro-dependent variables.

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

GENERIC PACKAGE MODULE

Working with distro-dependent variables.

1 # remove_apache.yml 2 --- 3 − hosts: a l l 4

tasks:

5

• include_vars: "includes/{{ ansible_os_family }}.yml"

6 7

• debug:

8

msg: "going to remove package {{apache}}"

9 10

# This uses a variable as this changes per distribution.

11

• name: "remove the apache package"

12

package: name={{ apache } } s t a t e =absent

1 # includes/Debian.yml 2 --- 3 apache: "apache2" 1 # includes/RedHat.yml 2 --- 3 apache: "httpd"

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

IPTABLES MODULE

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

IPTABLES MODULE

1 --- 2 # Block specific IP 3 − iptables: 4

ip_version: ipv4

5

chain: INPUT

6

source: 8 . 8 . 8 . 8

7

jump: DROP

8

# this must be runned as root (sudo)

9

become: true

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

ANSIBLE 2.2 (CURRENT DEVELOPMENT)

1Changelog

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

ANSIBLE 2.2 (CURRENT DEVELOPMENT)

Currently in development.

1Changelog

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

ANSIBLE 2.2 (CURRENT DEVELOPMENT)

Currently in development.

◮ Added support for binary modules.

"Yeah!" to all Golang programmers.

1Changelog

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

ANSIBLE 2.2 (CURRENT DEVELOPMENT)

Currently in development.

◮ Added support for binary modules.

"Yeah!" to all Golang programmers.

◮ letsencrypt

1Changelog

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

ANSIBLE 2.2 (CURRENT DEVELOPMENT)

Currently in development.

◮ Added support for binary modules.

"Yeah!" to all Golang programmers.

◮ letsencrypt ◮ cisco ASA

1Changelog

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

ANSIBLE 2.2 (CURRENT DEVELOPMENT)

Currently in development.

◮ Added support for binary modules.

"Yeah!" to all Golang programmers.

◮ letsencrypt ◮ cisco ASA ◮ lxd module

1Changelog

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

ANSIBLE 2.2 (CURRENT DEVELOPMENT)

Currently in development.

◮ Added support for binary modules.

"Yeah!" to all Golang programmers.

◮ letsencrypt ◮ cisco ASA ◮ lxd module ◮ aws_vpc_∗

1Changelog

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

ANSIBLE 2.2 (CURRENT DEVELOPMENT)

Currently in development.

◮ Added support for binary modules.

"Yeah!" to all Golang programmers.

◮ letsencrypt ◮ cisco ASA ◮ lxd module ◮ aws_vpc_∗ ◮ telegram

1Changelog

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

ANSIBLE 2.2 (CURRENT DEVELOPMENT)

Currently in development.

◮ Added support for binary modules.

"Yeah!" to all Golang programmers.

◮ letsencrypt ◮ cisco ASA ◮ lxd module ◮ aws_vpc_∗ ◮ telegram ◮ wakeonlan

1Changelog

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

ANSIBLE 2.2 (CURRENT DEVELOPMENT)

Currently in development.

◮ Added support for binary modules.

"Yeah!" to all Golang programmers.

◮ letsencrypt ◮ cisco ASA ◮ lxd module ◮ aws_vpc_∗ ◮ telegram ◮ wakeonlan ◮ ...

1Changelog

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

AMAZON AWS

1Changelog 2List of cloud modules

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

AMAZON AWS

◮ Current status

1Changelog 2List of cloud modules

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

AMAZON AWS

◮ Current status

◮ ansible 2.0 ∼ 70 AWS modules 1Changelog 2List of cloud modules

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

AMAZON AWS

◮ Current status

◮ ansible 2.0 ∼ 70 AWS modules ◮ For everthing else use awscli (until module will be

implemented)

1Changelog 2List of cloud modules

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

AMAZON AWS

◮ Current status

◮ ansible 2.0 ∼ 70 AWS modules ◮ For everthing else use awscli (until module will be

implemented)

◮ For better experience

1Changelog 2List of cloud modules

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

AMAZON AWS

◮ Current status

◮ ansible 2.0 ∼ 70 AWS modules ◮ For everthing else use awscli (until module will be

implemented)

◮ For better experience

◮ Use ansible ≧ 2.0 + Boto3 (long-term Boto will go away) 1Changelog 2List of cloud modules

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

AMAZON AWS

◮ Current status

◮ ansible 2.0 ∼ 70 AWS modules ◮ For everthing else use awscli (until module will be

implemented)

◮ For better experience

◮ Use ansible ≧ 2.0 + Boto3 (long-term Boto will go away) ◮ ansible 2.2 (current development) has more aws modules,

see changelog 1 for details

1Changelog 2List of cloud modules

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

EXAMPLE

1 --- 2 − name: seamless deployment 3

hosts: nodes_behind_elb

4

s e r i a l : 1

5

pre_tasks:

6

• name: get

ec2 f a c t s

7

ec2_facts:

8

• name: d i a c t i v a t e node in

elb

9

ec2_elb: s t a t e =absent # arguments

10

delegate_to: localhost

11 12

tasks:

13

• name: deploy new software

14

g i t : # arguments

15 16

post_tasks:

17

• name: a c t i v a t e node in

elb

18

ec2_elb: s t a t e =present # arguments

19

delegate_to: localhost

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

UPCOMING TOPICS

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

COMPLIANCE

1ansible-lockdown

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

COMPLIANCE ansible-lockdown 1

1ansible-lockdown

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

COMPLIANCE ansible-lockdown 1

◮ goal - implement STIG baseline

1ansible-lockdown

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

COMPLIANCE ansible-lockdown 1

◮ goal - implement STIG baseline ◮ IMHO good idea

1ansible-lockdown

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

COMPLIANCE ansible-lockdown 1

◮ goal - implement STIG baseline ◮ IMHO good idea ◮ current status: v0.1

1ansible-lockdown

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

NETWORK ORCHESTRATION

1Ansible - List of Network Modules

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

NETWORK ORCHESTRATION

Support in ansible 2.0 1:

◮ Arista EOS (cli, eapi) ◮ Cisco NXOS (cli, nsapi) ◮ Cisco IOS (cli) ◮ Cisco IOSXR (cli, netconf) ◮ Cumulus Linux (ssh) ◮ Juniper JUNOS (cli, netconf) ◮ OpenSwitch (ssh, cli, rest)

1Ansible - List of Network Modules

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

EXAMPLE

1 --- 2 − hosts: ios1 3

tasks:

4

• ios_command:

5

commands: show running−config a l l

6

provider: "{{cli}}"

7

r e g i s t e r : deviceconfig

8 9

• ios_config

10

l i n e s :

11

• description

configured by ansible

12

• ip address

1 0 . 0 . 0 . 1 255.255.255.0

13

• no shutdown

14

parents: i n t e r f a c e GigabitEthernet0 /1

15

config: "{{ deviceconfig.stdout[0] }}"

16

provider: "{{cli}}"

1Ansible Webcast - Automating your network

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

ANSIBLE-CONTAINER

1ansible-container readme

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

ANSIBLE-CONTAINER

◮ For all you Docker hipsters out there.

1ansible-container readme

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

ANSIBLE-CONTAINER

◮ For all you Docker hipsters out there. ◮ Aim is to use ansible playbooks for physical hosts, VMs as

well as containers.

1ansible-container readme

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

ANSIBLE-CONTAINER

◮ For all you Docker hipsters out there. ◮ Aim is to use ansible playbooks for physical hosts, VMs as

well as containers.

◮ Workflow: build, flatten the image, (run), push to

container registry.

1ansible-container readme

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

ANSIBLE-CONTAINER

◮ For all you Docker hipsters out there. ◮ Aim is to use ansible playbooks for physical hosts, VMs as

well as containers.

◮ Workflow: build, flatten the image, (run), push to

container registry.

◮ Current status:

1ansible-container readme

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

ANSIBLE-CONTAINER

◮ For all you Docker hipsters out there. ◮ Aim is to use ansible playbooks for physical hosts, VMs as

well as containers.

◮ Workflow: build, flatten the image, (run), push to

container registry.

◮ Current status:

◮ Only Docker support now 1ansible-container readme

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

ANSIBLE-CONTAINER

◮ For all you Docker hipsters out there. ◮ Aim is to use ansible playbooks for physical hosts, VMs as

well as containers.

◮ Workflow: build, flatten the image, (run), push to

container registry.

◮ Current status:

◮ Only Docker support now ◮ Support for other container providers will come (Rocket?) 1ansible-container readme

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

ANSIBLE-CONTAINER

◮ For all you Docker hipsters out there. ◮ Aim is to use ansible playbooks for physical hosts, VMs as

well as containers.

◮ Workflow: build, flatten the image, (run), push to

container registry.

◮ Current status:

◮ Only Docker support now ◮ Support for other container providers will come (Rocket?) ◮ Until now no network function support for docker 1ansible-container readme

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

SUMMARY

1Playbooks from this talk

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

SUMMARY

◮ Ansible is expanding it’s work area and developing

rapidly

1Playbooks from this talk

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

SUMMARY

◮ Ansible is expanding it’s work area and developing

rapidly

◮ Play the slides after the talk and try things out

1Playbooks from this talk

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

SUMMARY

◮ Ansible is expanding it’s work area and developing

rapidly

◮ Play the slides after the talk and try things out ◮ Use the links in slides to dive deeper

1Playbooks from this talk

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

SUMMARY

◮ Ansible is expanding it’s work area and developing

rapidly

◮ Play the slides after the talk and try things out ◮ Use the links in slides to dive deeper ◮ Most of standard recurring tasks can be automated using

ansible

1Playbooks from this talk

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

SUMMARY

◮ Ansible is expanding it’s work area and developing

rapidly

◮ Play the slides after the talk and try things out ◮ Use the links in slides to dive deeper ◮ Most of standard recurring tasks can be automated using

ansible

◮ Playbooks from the slides are available on Github 1

1Playbooks from this talk

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

SUMMARY

◮ Ansible is expanding it’s work area and developing

rapidly

◮ Play the slides after the talk and try things out ◮ Use the links in slides to dive deeper ◮ Most of standard recurring tasks can be automated using

ansible

◮ Playbooks from the slides are available on Github 1 ◮ ansible-doc is pretty handy for writing playbooks offline

1Playbooks from this talk

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

Q & A

ABOUT INTRODUCTION PLAYBOOKS IN DEEP WHAT’S NEW Amazon AWS Upcoming topics END

Thanks!

Oleg Fiksel

• leg.fiksel@cspi.com | oleg@fiksel.info