Brian Coca 9/29 @ offer pop
Brian Coca
@brian_coca
http://www.slideshare.net/bcoca/ansible-tips-tricks
===
small scripts: ansible is not a scripting language, but can help with that
-e “var=val”
-e @file.json
===
#!/usr/bin/ansible-playbook
vars_files:
# departed: [a, b, c]
– /etc/departed_users
tasks:
– name: delete users
user: name={{item}} state=absent remove=yes
with_items:”{{departed}}”
===
checks don’t normally need root
check_mode and diff_mode
On expanded ansible syntax style:
“I try to keep the style the same when modifying my playbooks. it’s hard enough to modify a perl file that three other people wrote – by “three other people” I mean myself yesterday, my self two days ago, and myself last week”
==
ansible better for auditors
==
facts_drift
Probably the most useful slide
===
Qs
2 factor authentication?
how do you do it with 100 servers?
take ansible out of it – use jumphost
==
best practices?
i hate the phrase
“what do i need to do to not think?”
it’s a flexible tool – good and bad thing. no easy script to follow.
==
‘in an enterprise env where some groups do not have overlapping needs: use one repo or what?’
suggest: common roles
team specific roles in their own repo
ansible galaxy not good with versions yet
company culture is the bigger deal. drift happens.
==
‘any work being done with ansible vault? more options than just password’
yes, but not for 2.0. want to add lots of things.
adding feature ideas to github tracker
encrypted yaml – a ruby thing.
https://puppetlabs.com/blog/encrypt-your-data-using-hiera-eyaml
==
‘your session dies in the middle of a playbook’
v2 brings in “blocks”
use tmux/screen/etc
ansible is not dealing with your connection to the ansible machine, up to you.
==
“Ansible 2.0, what’s up”
we’re working on it
Reply