@@RedFenceAnime I thought he was cute and completely oblivious to the way corporate uses Excel worldwide. Even his worst examples seemed quite reasonable to me, allegedly.
@@ndupontnet like how the NHS lost covid cases because they converted & combined CSV to/in XLS and the rows ran out on daily cases. ps cute and oblivious, eww.
I highly recommend Jeff’s book about Ansible: Ansible for DevOps, Server and configuration management for humans. Jeff is very casual and accessible in his videos, but trust me, he’s a real pro when it comes down to server automation. Collecting technical books is my hobby. Recently I was preparing a new category of books in my collection - Linux hardening and server automation. After a thorough research I decided to place Jeff’s book (I finished reading it a couple days ago) as a go to manual for Ansible in that list. Yes, it’s that good. It’s my first comment on this channel and I don’t comment much on YT in general, but - kudos to you, Geerling Guy! Great, great stuff. Keep up the good work.
@@5TY Definitely: Mastering Linux Security and Hardening, Donald A. Tevault (for servers hardening). Also: How Linux Works, Brian Ward (linux in general). For nerds only: Site Reliability Engineering: How Google Runs Production Systems (hardcore server automation).
The full phrasing of "Jeff's Rule of Golden Hammers" is great, and reminds me of a sort of dysfunction I see in some online communities, where, in short, experts gather to share their golden hammer tips without mind for newbies watching and getting bad ideas. So maybe a sort of corollary to go along, "before you start swinging, check who's watching"
I know exactly what you mean about using a tool you know a lot about for as many uses as possible. After a decade spent learning everything to know about my job when I was in the Army, I started using my M1A1 Heavy tank for hard drive destruction. Turns out that a 62-ton main battle tank is perfect for destroying 3.5" platter drives on concrete. Crushes 'em flat with very little damage to the tank's track pads. I also learned how to cook using the tank's jet turbine engine. Sure, the food tasted a little like diesel fuel but the overall effort was worth it to avoid having to eat another MRE. It also worked great for chasing bad guys through houses - just put the main gun tube over the back deck and charge after them. Now I'm a network engineer and life is boring as hell.
When you said you couldn't manage your router with Ansible, it made me wonder if I could manage mine. Sure enough, it looks like there's actually quite a few Ansible libraries and modules for managing Mikrotik devices running RouterOS!
We manage thousands of Mikrotiks via Ansible The cli is not really made for automation so we've had to write a lot of built in checks to put in some level of idempotency on some things but it works.
What a relief!!!! I'm new with Ansible and I'm using it for everything. I was starting to worry but I realize that I am not alone in this. Thanks for the video,
Jeff this was one of the--if not **THE** best presentation/video you have done. I knew we had a lot of interests in common, and this confirms it. Ansible is one of the best configuration and configuration management tools, and when combined with other leading-edge open-source (from Hashicorp, Docker, etc.), it allows one to manage many. My home "lab" depends on it to manage all of the servers, workstations, network routers and switches, and of course, IOT devices. You've earned a Sugar Fire lunch for this one for sure!
I have always loved ansible and the uri module and have always found it a really easy way to script complex http requests, rather than using a shell script. It's doubly useful because you can more easily perform selective queries on the return results, variable substitution, loops, case conversion etc, all with built in functionality. Very handy!
hi Jeff, you might have seen me on the Ansible Community chat. Despite being active in the c.g collection, I actually started using Ansible little more than one year ago, and what drove me to it was almost the same motivation you had for your Mac setup. I am a Linux guy at heart, so last year when the laptop crashed for whatever reason and I had to reinstall it, I thought the same thing: "I should really automate that setup". That lead me to the `xfconf` module, which was in dire need of some TLC, which eventually made me the maintainer of that module. From that point on, I've start submitting many contributions and eventually became a co-maintainer of the collection. My personal configuration playbook has increased its size many times over since last year. Last run when through more then 500 tasks (overall, including roles and loops). Thanks for all the awesome work you have been doing with Ansible!
I always enjoy your videos, and especially enjoyed your dad showing his chops. This video moved you from "oh wow! I should set that up sometime on my montagnard army of Tau" to practical job skill education. Rawk on!
Looking forward to your backup script. Meanwhile, will be using the earlier Ansible projects to manage my Pi cluster & implement similar monitoring & Pi-hole applications. Thanks for the examples & the books. I'm learning a lot in my retirement.
Everybody watching, This guy even bought a solid 24k golden hammer for the content (it is clearly not painted), Such commitment, how can you not Subscribe?
I automate the build of all my local kit including laptops and PIs too. Has been invaluable when having to keep in sync, migrate, duplicate or perform OS upgrades. Saved so so much time. Now looking to automate anything else I can as Ansible rocks!
I built a fully automated VM deployment system using ansible. it's built atop a mysql dynamic inventory, it ingests yaml files for individual VM configs, creates a vm in the correct xcp-ng pool according to the yaml file, and adds it to the dynamic inventory. It then dynamically builds debian net install ISOs with templated vars that pull down the preseed files, and is set up so that it will automatically run postinstall playbooks after the OS install completes. it's kinda a frankenstein's monster of a platform, with some really ugly accounting for edge-cases, but it does work, and saves a ton of time over the many completely manual installations I had to do before I built it.
Automating the deployment of Docker Swarm services is actually one my main use cases for Ansible. Docker swarm configs are a bit of a pain to update by hand, and Ansible has been a life saver here.
Very funny. Twenty or more years ago, AWK was my "golden hammer". Anything and everything, I did with AWK. Not only in UNIX but on Windows, I used MKS Systems UNIX tools for windows, which include an AWK interpreter and an AWK compiler. Very easy way to make executables for a simple task that would run in DOS or Windows.
@Jeff would be great to have a video for Salt as well. Even though Ansible is amazing, the lack of support for doing things programmatically (meaning calling roles and playboks via an API and getting JSON results, for example) makes it less than ideal in certain circumstances, while Salt seems to do the job well for the use case.
I've been working on Ansible to automate Linux patching. Who wants to sit through several SSH sessions doing apt update && apt update -y whenever updates are available? Ansible *should* make it painless to do just that.
Heads off to read up on Ansible... I've got a massive automation nightmare on the horizon, fingers crossed you've just saved me a lot of torn out hair.
@@JeffGeerling Ah, after searching your blog I finally understand. All this time watching your channel and hearing your name it never occurred to me it could be dutch, even though i am a native dutch speaker. I can hear it in dutch clearly now. Pindakaas for all !
There used to be a way to curl pip and install it and ansible remotely in the "pre tasks". Don't know how reliable that was but it sure was satisfying.
The weird and wonderful world that can be automated with Ansible, I built a ci/cd server using ansible and cron. it would poll repos and register the hash of a branch, watching if it changed. Was pretty simple
The electrician example is actually pretty funny. There's a special wire stripping tool you can buy at home depot. Right tool for the job? The professional electricians I know don't use those. They just use regular linesman pliers.
thanks Jeff another great video. I have question as you are getting your head around Collections any plans on doing one of your great videos on it??? Thanks again Jeff
I've never understood why Ansible looks in the playbook directory for all sorts of plugins (modules, filters, roles, etc.) but AFAICT it's impossible to put collections in the playbook directory. Otherwise git submodules would be a great way to pin the collection dependencies!
One of the things I ran into was the speed of ansible was less than ideal, because it did a python ssh connection for each and every step. There were certain things that were just much faster and more streamlined by the builtin module "script" where there were a LOT of steps. For example, we have an application install script that seems like it is built for ansible to run: creation, permission, and installation of files, directories, and packages. But the larger the build, the slower it was on ansible than it was to upload an install script and run that. Like ansible took 11 minutes versus the 5 from a bash script per server. The problem with "script" is the output of the job (its debug module) is very limited, littered with json garbage, and can't handle progress bars. So while I *could* use ansible, I realized it wasn't efficient enough where I *should* use it.
I know some older versions didn't use a persistent SSH connection, but newer versions should by default, I think-meaning your SSH connection is shared among tasks in one playbook making it a bit faster. But even so, there are a lot of little performance issues that can add up, and I wish Red Hat took the performance more seriously :(
Jeff, what are you using for DNS these days to get nice addresses for your devices? I think in a couple of years and now the office, DNS entries should skyrocket. You still using Pi-Hole to do that?
My favorite use for Ansible: dynamicly mounting extra EBS volumes and network interfaces on ec2 instances comming up in an ASG to get persistent storage and internal static IPs. least favorite thing: python library conficts with all the other crap runing on ec2 instances that needs python
I can't post URLs in comments, but there is a semantic versioning library out there for python that would probably make the version comparisons a lot easier.
I've been using Ansible to bootstrap Salt, as the salt bootstrap script doesn't behave well on "non-baseline" distros (eg. POP_OS, etc). Ansible has also been useful for managing and running Powershell DSC configs against Windows systems (with some minor caveats).
I run PowerShell for all my Windows and VMware stuff, but Ansible is one of the next things I want to learn. Do you have any Windows examples in your book?
I am still shocked about the change of your T-Shirt and wonder and requesting a hybrid out of Emacs, Excel, Ansible and RedBull (not sponsored but I should stop drinking too much energy drinks).
Any chances to see an updated version of Ansible Collections and testing roles with Molecule inside a collection with the dependencies from the same, sibling and external collections? I found it quite "interesting" to figure out, how dependencies should be listed in order for Molecule to work. Other thing i do quite often is tie Ansible and Terraform together. Like... i could run Terraform to provision servers and once servers is up Terraform runs Ansible to do the final configuration. On top of that i had integrated that into CI pipeline. If i need new machine, i just push the changes to the remote git, and after couple of minutes i have a new machine ready for a workload. Like this approach pretty much. The only downside of this is that initial infrastructure provisioning should be triggered manually. :) But i think i'm close to deploying Skynet soon. :)
@@JeffGeerling Oh, that's nice! Then i could potentially mention some particular things. The Secrets. Any kind of them! There is differences do you call Ansible with remote_exec from Terraform or the other way around. If you execute Terraform from Ansible itself, then you can just utilize Ansible's Vault and safely store secrets encrypted in repo itself. If you are executing Ansible from Terraform, then... you need to think how to manage secrets. What i did, was deploying Hashicorps Vault and injected secrets (keys, passwords, TLS, etc) at CI stage (Jenkins has extensions for that). Anyway... secret management i found to be quite "interesting". Other thing i could mention is environment management. You most likely want to provision staging, production and other environments. How do you structure you project for maximal module reusability? What i did, i made some "external" TF modules, which at local development stage i sourced as local files. But when they are done, i can just switch to sourcing directly from remote git (no need for terraform cloud). Also some was just local modules. In Ansible side i also did several environment directories, each containing it's own ssh config and group/host variables. Terraform global variables. Still not quite happy with my solution with feeding in some custom *.tfvars file. For example set of dns domains which are the same for different environments. Or some paths, links to storage, etc. I am even not sure if i do things right if i am reaching for some kind of global vars. Terraform random placeholders. For example you have module which provisions some resource. If user of the module does not provide explicit name of the resource, then you could use things like "random_pet" as fall-back/default/placeholder which you can do only in locals. But again, there are some caveats and bad/good practice rules. And lastly, i found really great way to test the whole setup by utilizing "dmacvicar/libvirt" provider, which allows to to spin up virtual environment without paying for Bezos space flights. :) Overall really interesting topic!
I'm assembling a bramble and have managed to cobble together enough familiarity with ansible that I got it to do the apt update and upgrade thingies. (I'm starting almost from ground zero with linux, as well, so there was much pain here; I had to reimage each pi a couple times because I kept screwing things up.)
"If it's stupid but it works..." I read a study a couple of years ago about co2 levels and its effect on our cognitive function, it dropped significantly at levels as low as 1200ppm. Think it was in the order of 10-30%. At higher levels it dropped by over 50%. High enough and it will be hazardous. Time matters though, you would need to spend some time (hours) with bad air quality for it to have that effect.
Yeah; levels in my office were sometimes reaching 2000-3000 ppm, and I definitely noticed the cognitive decline. Little things like knowing the actual level are immensely helpful. I yearn for a day when every room in an office building would include CO2 monitoring.
Hey Jeff came across your video and was interested in knowing more on how you used Ansible on scale. We have 1500 - 2000 VMs and ansible takes hell lot of time. We thought the forking mechanism helps but only see 30-32 forks happening at a time with a 64 GM RAM. Any suggestions ?
Typically at that scale you'd either use ansible-pull or some other more tailored mechanism... honestly I'd work with the community through IRC or via mailing list as I typically deal in individual playbooks with 1-200 endpoints to manage. A lot simpler than the thousands!
For your version checker can you use a split on . And then take the values as an array and compare each element that way? That could make it so array[1] (9) and array2[1] (10) are compared instead of 9 compared to to 1
I hate ansible sometimes. There are so many limitations, especially if I need to create a cluster setup and hosts need to know something about other hosts which is not in their facts. Also everything seems to be a string after fiddling with jinja expressions although it should output an integer. So many weird things happen that I wish I could use Python more easily with it. Also the delegate_to functionality is very restricted. At the moment I have to invest hours and hours to do simple tasks where a bash or python script would have been just easier. But I also have to use ansible because this is not my personal project. In the end it is nice to have it and it works somehow. Nevertheless debugging could be a bit easier...
Ansible. Can it automate government? Can prison inmates be rehabilitated without working or generating tax revenue? Can Ansible automate the feeding and sheltering of homeless who seek assistance? Can Ansible replace fear with love? Can Ansible establish a more perfect union without getting into an *emacs vs. vi* war?
A reminder that you still can't run Ansible directly on #Windows ...Maybe have a Raspi that is inside your LAN that manages Windows hosts? Working on such a solution to manage my old folks machines.