Brian Coca 9/29 @ offer pop 

Brian Coca

@brian_coca

http://www.slideshare.net/bcoca/ansible-tips-tricks

===

small scripts: ansible is not a scripting language, but can help with that

-e “var=val”

-e @file.json

===

#!/usr/bin/ansible-playbook

vars_files:

 # departed: [a, b, c]

 – /etc/departed_users

tasks:

– name: delete users

 user: name={{item}} state=absent remove=yes

 with_items:”{{departed}}”

===

checks don’t normally need root

check_mode and diff_mode

On expanded ansible syntax style:

“I try to keep the style the same when modifying my playbooks.  it’s hard enough to modify a perl file that three other people wrote – by “three other people” I mean myself yesterday, my self two days ago, and myself last week”

==

ansible better for auditors

==

facts_drift

Probably the most useful slide

===

Qs

2 factor authentication?

how do you do it with 100 servers?

take ansible out of it – use jumphost

==

best practices?

i hate the phrase

“what do i need to do to not think?”

it’s a flexible tool – good and bad thing.  no easy script to follow.

==

‘in an enterprise env where some groups do not have overlapping needs: use one repo or what?’

suggest: common roles

team specific roles in their own repo

ansible galaxy not good with versions yet

company culture is the bigger deal.  drift happens.

==

‘any work being done with ansible vault?  more options than just password’

yes, but not for 2.0.  want to add lots of things.

adding feature ideas to github tracker

encrypted yaml – a ruby thing.

https://puppetlabs.com/blog/encrypt-your-data-using-hiera-eyaml

==

‘your session dies in the middle of a playbook’

v2 brings in “blocks”

use tmux/screen/etc

ansible is not dealing with your connection to the ansible machine, up to you.

==

“Ansible 2.0, what’s up”

we’re working on it