I must say that the amount of knowledge I have gained from this channel is unmatched, went from a regular HelpDesk Job to a sysadmin, thanks to the inspiration that chuck brings.
“Ansible” is a term from sci-fi novels for instant communication across the galaxy. It’s put to great effect in the novel Ender’s Game. It’s worth a read, if you happen to have a little time on your hands.
@@calebkandoro4513 for sure but time is of the essence most of the time, at least for me. Used to read mad books as a shorty, but now I find as an adult there is no time... And that's me saying that as a young hustler that RETIRED at age 40.... But I'll try to look into the books as well oNe
I LOVE Ansible. I've been using/learning it for months and I cannot live without it anymore in my lab work. My programming skills are ordinary, but my Linux skills are pretty good. So it's a perfect match for the my VM-based Cloud lab work. This was a nice intro for people. Ansible is a powerful beast.
Being a Sr Systems Admin for a large cloud consultancy, I can say, terraform and ansible are pretty much must have knowledge to start managing med-large enterprise or cloud networks period. Chef and Puppet are nice, but most of the companies I've helped I can say default to terraform and ansible about 85% of the time.
Being 5 years into my first job as an Infrastructure Engineer, I can confidently say that my life basically consists of Terraform and Ansible. We have a solid pipeline that deploys VMs with Terraform and then installs/configures software on them post-deployment via Ansible. They work really well together and since they’re infrastructure-as-code tools, all of our playbooks and state files are stored in a code repository for safekeeping.
You forgot or didn't know that Saltstack is also a very nice and handful automation system (which can also use Ansible templates since last years) ... which could use also Windows and devices like routers and more
Shawn Powers from CBT NUGGET and Network Chuck are like the best teachers ever..you can always feel the excitement and enthusiasm in their voice, that energy is contagious. and their real-life analogy to the IT concept they are tutoring is second to none and that alone is a winner for me...Thank you so much guys..
Can attest to how intuitive Ansible is. In half a year, I learned basic Ansible to develop a custom CIS template to assist in baselining RHEL systems for an organization. The template can be re-applied periodically on schedule (every 30 mins for example) to assist in maintaining those configurations, not just at the beginning of the systems lifecycle. Just one example of automation! Imagine going through a system and running every hardening command manually... I realize many automation tools exist that are capable of this. However, I would again like to express how easy, and actually fun, it is to learn and use Ansible.
@@dabadoo7631 Answering this based on my past experience, other people might be able to answer that question better than I. Malicious individuals attempting to circumvent security controls. If someone (a hacker for example) gains administrative access to a system, they might want to change certain settings to make post-exploitation easier, such as communication with C2 or exfiltration of data. Local firewall rules (iptables/firewalld) to allow inbound outbound traffic from the system, for example. If you have a firewall configuration restricting ip/port access, an automated ansible task containing your configuration could overwrite any changes made locally. To accompany this, any kind of alerting mechanism, maybe rsyslog to SIEM for example, for the modification of such firewall configs would be preferable. Further, insiders or even end users that already have access to the box might be capable of making certain changes that an admin simply does not want to be changed, for one reason or another. Examples could be meeting an approved compliance baseline such as CIS or STIGS, or not wanting to introduce certain risks or vulnerabilities to the system such as users installing and using an unencrypted protocol such as FTP as opposed to an encrypted protocol. Hope this helps.
Doing unit testing against a 'sacrificial' system, getting screens full of red error messages, updating the role, repeat. And then a 'yellow and green' run. Then a green run. Then you deploy to hundreds of systems and watch them come into line. All that drift corrected. Correcting huge chunks of technical debt in one broad stroke. If you like making computers do what you want them to do, this type of tool is very rewarding.
Chuck, great video. I’m already an ansible admin, but I’m definitely going to show this to my junior admins. I use ansible on my Cisco switches, updating firmware, adding vlans. Adding NTP and correct time zones. Similar things with my Junipers. My VMware environments to auto configure vms from templates in the fly. Scripts for emergency shutdown of physical and virtual machines. I even use ansible on my windows host to install/remove software that isn’t available as an MSI . I even have scripts to fix Windows update issues (windows update not working or hung... deleting software distribution folder, etc). I initially started ansible for updating Linux, but I also have Space for updates and space was easier for my windows admins in the event I get hit by a bus. Any major task I need to do that may need repeated in the future, I’ll go out of my way to write a playbook.
This might sound really weird, but are you looking to add another super awesome junior admin to your team? Someone who doesn't have much work experience but, has a degree, watches all of NetworkChuck, and totally geeks out over most of the things he covers!
Hi Chuck, great basic intro to Ansible! Just one thing that would be helpful to us Ansible noobs: since many cloud providers provide access using ssh keys instead of passwords, just cover how you would specify the rsa or pem file instead of the password.
This is the most easy to understand Ansible video out there. Chuck explains everything so well. I use ansible in my lab for a few things. Mainly at the minute I have ansible playbooks for: - Deploying VMs - Removing VMs - Configuring VMs with a base config to get things started. - Preparing nodes to become K8s nodes
Learn it right now!! This is the kind of push I need! You're amazing dude and I can't thank you🙏🙏 enough for the highly informative and to the point fun videos about the latest tech that's out there. I hope your reach grows 100x folds. 👏👏👏🙏🙏 😊
I love using ansible, I used this course to get me started over a year ago and now im using it to deploy changes on hundereds of servers. I learned to develop custom modules for the edge cases where the builtin modules don't suffice. It is a very satisfying way to automate and im glad i have it in my arsenal of automation. Thanks Chuck!
Hey NetworkChuck I really enjoy these "how to" types of videos you have been making. I really enjoyed the docker Linode lab you made not long ago and this is another great example of a "how to" video that i got a lot out of. Keep up the awesome content! Thank you.
Thanks man, spent 12h privately grinding ansible, reduced effectively a server setup of 4h into 5 minutes. Now I know stuff, and will save hours in the future like crazy. *THUMBS UP*
For sure you don't cover all the stuff related to the topic but you do illuminate passion among the IT folks.Thanks once again for this brilliant work you're doing.....do come up with such Videos again and again and cover many other technologies out there like Jenkins,puppet,chef,etc.
Since watching this video I've gone insane with ansible. I run redhat on all my devices, ansible is setup to deploy basically my desktop/server usecases on everything, manage the updates, deploy podman containers, VMs, manage the backups even restore backups :)
I have to say this is the most helpful video I’ve seen in a while. I’m a Student Sys Admin at my college and I was tasked to make an ansible server for our student GNS3 severs in order to automate lab creation. Needless to say I was very lost and found your video shortly after… I have seen the light!!! Keep doing what you’re doing, I’ve always loved your content!
I LOVE ANSIBLE! I work with it almost everyday, usually to run ad-hoc commands on like 150+ servers, to check things like if mounts are correct, or if I need to restart processes. LITTERALLY saves HOURS of time!
Twice I stopped your video to do more research...afterwards, once I resumed play, I realized you taught what I went on to research (how to remove packages through Playbooks and more module references). Your teaching method is on point, thank you!
Thank you for your "learn x right now" series of videos, I do keep adding things to my list of things to study, though your videos give quite a big idea about what it entails. This helps us choose the streams we could use to grow our IT career. Knowing a little about a lot of different things definitely helps in IT.
Genuinely can’t express how much I love this channel, all the questions I have have been answered already by this guy. No need to go on Google for a confusing explanation, instead listen to a guy that has a coffee break 11 times per day
17:55 Actually, that is NOT idempotency. Idempotency is the ability to execute the same thing multiple times and the outcome being the same as executing just once. In this case, the tool provides check if done and run if not done (close but not the same). You can clearly see it's not idempotency because the output of the program is different :)
Linux purists will probably hate this, but checkout Microsoft's VSCode for SSHing in to run commands and edit files. Way easier to edit files than vim or nano in my opinion. They probably have an Ansible plugin too.
Chuck, here's the problem: Many, many of us out here are IT guys in our late-30s, 40s, and 50s. We have certs (CCNAs, MCSEs, VMware, hardware vendor stuff, firewalls, etc.) decades of experience in various IT areas, and quite honestly, bills to pay. I'm 45. I do not have the time, nor the energy, to completely revamp myself at my age. Networking, servers, all kinds of software, etc. was the name of the game for the last 40 years. The fact that all of the sudden everyone needs to ALSO become a developer is just stupid. I might be the only one, but I'm in IT because back in the 90s everyone kept telling me I was good at it. Now, I honestly can't stand it. If I could be a carpenter (and still pay my bills) I would. But alas, instead I have to keep renewing certs over and over, keep learning every new version of every single server and firewall generation, iOS, or software title (management suites, AV, backups, cloud, VMware, etc., etc., etc.) every couple of years. It is exhausting. Why didn't I just become an accountant or a fireman, sigh.
LOL Being a firefighter was great, Until I was hurt. Things changed, Now I am in I.T. and 55 years old. And losing ground and job opportunities to 21 year olds. You know anyone that's looking for a Redhat / Cisco Administrator ? Neither do I...
What did you expect when you got started? That technology isn't gonna improve and progress will be stuck at the level of what we had in the 90s? You got into a field that's constantly changing and now you are looking surprised that you have to learn new things..
Dude. You're ridiculous! This (and your whole channel, frankly) is one of the coolest things to happen to my Linux journey in years. KEEP THIS STUFF COMING! You rock. Do you have a patreon?
Dude chill out with the "You need to learn this right now!" IM STILL TRYING TO LEARN PYTHON, first you want me to do that, then linux, then learn CCNA, then learn docker, then learn this, and that!!! GIVE ME TIMEEEEE
Oh - this is powerful. I have Macs, FreeBSD boxes, Centos machines, and Ubuntu machines - all with different package managers (apt / yum / pkg / brew), different ways of getting priviledges (sudo / doas), different user accounts and different ports to connect to ssh on. But I can write 1 simple playbook that says "make sure its got the latest version of this hexeditor" and ansible just works it all out for each machine. Awesome. You NEED to do a video on FreeBSD and Jails right now !
Haha, you will learn a lot and keep learning... trust me... it never ends! If you're like me, you will end up learning blueprints and building codes, etc. etc. Then your office will have a big old tool storage, bookshelf, solder station, fiber cleaners/test equipment, etc. etc. Then you will learn Python, Powershell and web languages, etc. etc. Then off to IDS systems, Nagios (She is my girlfriend on my phone - SMS), SSL, and anything else your Director throws at you... Maybe even GSuites!
Here is some advice, no one person will be all knowing in 500 software products (then 1/2 knowing stuff is a huge security hole) that seems to be out the window now. It would be better to be highly skilled in an area (no one person) can know everything.
ansible works on windows serves as well. I think you would use one or the other, not both. Since ansible can handle so much more than just Linux or routers it makes a lot of sense to use ansible and not DSC I think.
Meanwhile schools everywhere force students to do everything by a handwritten shell script in terminal. I am not trying to undermine learning the basics, but tools like this are far more powerful and get you deeper into the topic than beginner level shell scripting to try and hack the same results together.
I think schools everywhere still have it right. I do agree they need to come into the modern world and start training the collegians with some of these more modern methods as well. We all know in scripting that you don't learn it unless you do it. I know through my many years(read as I am old but still learning) of experience that scripting is just as important in automation as being able to feed some commands into a playbook because a lot of times I feed in plays that run scripts that I have created. You have to look at orchestration tools as enhancers not as the end all be all solution. They can do a lot but inevitably you'll find a use case that doesn't fit something out of the box and you'll end writing a script or two.
@@edewerth I mentioned that I fully understand the importance of learning the basics. Where I feel the modern education system lacks for IT students is how to apply the basics in a business/client forward way. Schools should discuss what is popular and explain why, then teach the basics that lead you to that point. The way things are now, you can learn more from stackoverflow than any classroom in America.
I have really saw many videos of networking and before you I never thought that it will be so much interesting because it was boring a lot on books, you know . I am happy to have you on youtube. Thank You so much for this.
Hi, NetworkChuck! That's perfectly explained! I'm using Ansible for a year now for my tasks in my company and I have seen many tutorials about it, and I have to say yours is one of the most clearest videos I have ever seen. Congrats!!! Thank you for your videos!
Excellent guide. I got started with automation with pssh, a small linux app that makes ssh connections in parallel instead of a series of connections from a typical bash loop. In a normal bash loop, it took hours to change one file on 1500+servers. With pssh, I could push the change out in under three minutes. Ansible is even more powerfui!
Just wanted to say I went through the whole RedHat Ansible Sales training and learned more in your 20 minute brief. Really appreciate the showing and learning approach to crappy PowerPoint slides.
May I ask what type of tasks you are using? I can't quite see the usecases for Ansible since i usually deploy to Kubernetes (where I can configure the machine state with ease)
Ansible is amazing! I had a project where I had to create a web server, setting up a firewall, protect it against port scanning and dos attacks, ensure ssl (self signed) and redirect http to https. Then i used ansible to deploy my solution on other servers. I made a famous playbook and scripts so that each machine had its iptable up, running and configured (to not ban its own ip). Each machine had its own signed ssl certificate and a lot of other configs... Totally automatically! Just with one little command on the host machine! Crazy
fun tip, you can just use *:x* instead of *:wq* while working with vi/vim *:x* saves the current file if changes have been made and exits or it simply exits if no changes have been made to the file
Or just use ZZ to save and exit. Without any : involved. And because in the past I used vi with some wacky terminals that sent weird character sequences with the ESC key, I got into the habit of using CTRL[ instead (control key held down and then typing the [ character).
A tool designed on top of SSH - protocol from 1995. SSH wasn't designed for scalability, it's not the case. It's used for interactive terminal sessions and ad-hoc commands evaluation. Imagine that nowadays service oriented architecture would use "SSH commands" for communication. Does that sound okay to you? I don't even say about "declarativity" with global variables and flow control on top of yaml. Poor bastards from red hat sold this to you.
Look, I'm gonna watch the rest of the video, lol but my first reaction to your very first example was - "why doesn't he just do:" for i in $(seq 1 5);do echo ssh -i key me@server$i sed -ri 's/(regexp)/value/ /etc/resolv.conf';done
How about some of the servers are powered off when you zap them so miss the update. Nothing breaks till someone decommissions the old DNS server later.
Hello Chuck, this was a very well put video which helped me get started....I followed two other courses on udemy and packt and they were quite a mess! you got me sorted and helped me get started. I like your style ....keep posting new videos. Cheers!
Been going through your network learning about all the new keywords that are appearing in network engineer job searches nowadays. Very helpful. Thanks.
My home server runs Debian and I've automated a LOT of stuff, although none of it with ansible. Automating things makes life so much easier because when you don't have to babysit your server for every mundane little task, you can do other things. Automated system updates, automated reboots, automated app updates for Nextcloud, automated backups and automatic deletion of old backups, I even automated my Minecraft server to send server chat messages in the event of a power outage to let players know how much time is left before the server automatically shuts itself down to conserve battery power, assuming the power outage lasts that long. The fact that this is all automated though means that even if I'm home during a power outage, I don't have to worry about waking up in the middle of the night so I can log in and gracefully shut my servers down, because they'll take care of themselves, and even auto-power back on when power is restored. I may check out ansible though for one task in particular. I have a raspberry pi in addition to my main server that hosts OpenVPN and Pihole, and I modified my doshutdown script that apcupsd runs when the power goes and the battery gets low so that it logs into the pi server and shuts it down gracefully. Since my UPS can only be monitored by one device at a time, only the main server is able to keep track of what's going on, so I tasked it with taking care of the raspberry pi as well. Ansible might be a neat way of doing this. I might mess with it, might not since my current method of just using SSH with an ssh key for auth is working fine. Very cool stuff nonetheless.
I'm not an ansible beast, but I use ansible to patch clients server environments! It's managed to save a lot of man hours. Unfortunately I haven't been able to automatically reboot the servers because we have a lot of clustered windows servers who don't like to play well. I've been evangelizing Ansible for several years now and so happy for this video :)
This is awesome ;) I'm not a network engineer I have been reading CCNA materials in spare time mainly as a hobby. My journey into IT was different I started with Linux and that became a passion. This Ansible stuff seems very powerful thank you for the introduction awesome stuff!
I have been using ansible for the last 6 mounths i have lost the truck of the HUNDREDS of work hours i have saved. This is a usefull tool really easy to learn and that has the capabilities to radically change tue way you manage your servers
Thanks for the quick overview, just manged to install Ansible on my Ubuntu system which I install from the Windows store on my Windows 10 box and updated my Linux box , up in running in under 5 mins.
I was just thinking about how I could be more productive on doing repetitive stuffs, specially setups, on production environments... and Ansible looks awesome to solve this issue. Thank you
Sir, I'm one of ur big fan..... I learnt so many things from u.... U teaching style is really different.... I really like that..... U already made me crazy sir...... Huge respect to u sir....🙏🏻
I helped my company setup ansible so that I could easily provision and configure Cisco switches with a default config, customizing the host name and subnet for each. Though the way we do it is to create the config to a txt file and manually copy to each switch through ssh.
I managed 22 machines arranged in 3 environments, fetching configurations from 3 branches of a repo, deploying Nginx with configuration changes for 3 levels of services (DMZ/Ingress, internal and Egress) with one single playbook .. would never been able to do that without Ansible.