Greetings to all! My name is George. I work for servers.com. I came to tell you about Ansible: about good Ansible and about bad Ansible in general, that is, about how people can do bad things on Ansible.
First, I want to ask a question. Who knows what this is about?
The audience responds: "This is about pain"
I saw three hands. I don't believe there are three people in the room who work with Ansible. Apparently not the most decent picture.
. . .
R&D , .
, , : , - - , , . , : « , ». : « , ».
. - , . , , . Ansible.
Ansible? , R&D , production . CI/CD , , , . Ansible .
Ansible. Chef. CFengine.
: « Ansible?» , .
, .
, 20 , -, . , . . ?
Ansible playbook, , . Chef - , . . , chef-. , Ansible .
, , .
, , - Ansible . , Ansible , - .
Chef , , Ansible.
, . , , Ansible , , .
, , Ansible . . , , , .
, , , . , . , , . , , , .
, Chef . - , .
Ansible . , Ansible .
, . , , , , . . , . . , , - , . Ansible .
Ansible – . , Ansible API, Ansible , , - , . Ansible , .
Ansible, . , , , .
Computer Science – .
. , , .
- .
- .
- .
- , .
Ansible. output Ansible. Ansible . – Jinja Vars, .
, side effects . , , , Ansible.
Ansible . , :
, , side effects. , , Ansible, side effect.
Ansible – Jinja, . X x. ? , , .
. .
, - , : , , . . , , .
, , , , .
, Ansible .
Ansible – , , . , - .
, Ansible.
Ansible , . . . , , , .
Ansible, - , . Ansible.
. .
, , . , , , .
Ansible "", , , - includes. , .
, Ansible. . .
:
- .
- .
- .
- , .
.
, , Ansible. , , . : « ? ». .
, Ansible, . .
. , play. . , /etc/foo .
. .
Ansible , .
, , , , - , .
. - .
– . Ansible , playbook . , .
, , , .
, .
.
, , , , , - . .
, .
, .
– . , .
, , inventory, , .
. , – playbook, .
, , .
Ansible , , .
, Ansible. . , . , . . , , . . , , , , . .
, .
– . , .
, . Kubernetes. YAML JSON.
Jinja YAML , YAML Jinja. , JSON YAML to_nice_yaml.
, , , Jinja YAML-.
. , Ansible .
. , , . .
coupling . . . , .
Ansible coupling. , .
– .
.
, . , , . YAML-, .
1 2 , 2 , . 2, , . , , , , 2.
, 80 % Ansible, . . , , .
, . , , , - , - , - .
, , - , .
. . , , Ansible . . Playbook host. : host:
, . . inventory playbook . , .
, , playbook template, .
. . – inventory.
inventory, , . hostvars , - . , - .
? . , play.
, , Ansible. Ansible . .
, (shadowing) .
vars .
set_facts, default. Ansible , .
– , .
Ansible , . 5 , 3 playbooks, 1 inventory.
, .
, , , .
, inventory . , , . 0 changing. - , - .
Ansible, Ansible , . , Ansible, . . , .
, Ansible.
. 200 - , includes. includes, .
, , . . . 2, : « 3», 2. , 3. , Ansible : « », : « ».
includes, import , , . , -.
. , , -. , .
Ansible , , , .
, , , includes , , Ansible .
, .
Ansible – 2 playbooks 2 Ansible. - . , .
, Ansible C
. undefine behavior, .
, , Ansible.
, .
– - Ansible. , , . - , - Ansible. : «, ». , -.
, : - Ansible; .
, , , - - , . , , Ansible. , Ansible python’ . , python’ Ansible. . Ansible – , .
, - Ansible, .
– , , . , . Ansible.
, Ansible, . . Python , , Go, Ryby, .
stderr , stdout JSON – . Ansible , , .
, , , Ansible playbook.
: , , - ; lookup- , -. Ansible -.
, , , - , -? – .
:
- Ansible, , .
- Ansible .
, , .
- Ansible , , , - .
Ansible http, , , .
, , Ansible , , , .
! . . Gartner , . Ansible , , Chef Puppet . .
. , .
CFEngine , , Ansible , . .
«» , Ansible : « ?». , , . , , , , , .
, - , - . , Ansible, . , , . , handlers, , , .
0 changes, , , , , - . . Ansible. , handler notify handler. handler when, event-, .
. Handlers - . , , , , , . Ansible .
. ? – , , …
. , . , , , . Debops , - , - , . - -. -, .
, Galaxy. , , . , 2 . 15-20 2 . – Knife. , Chef – cookbooks. Knife, , , .
, , . . . .
! . Tower AWX ? - ? - ?
. , Chef - ?
. Chef. , , Chef infrastructure as code. , infrastructure, . . - - , . , D+. , , kill -9 , .
. . , , . .
, , , . defense- , . .
, . , . .
, . , , 50 , , , , 50 , , , "". 50 , , 500 , , , 1 000 . , , , .
Tower – , . Ansible job’ Jenkins, Gitlab-CI . .
, .gitlab-ci.yml Tower.
- Ansible Red Hat. – , , .
-, , Ansible , . , -, , , .
, RBAC - playbook – production. Netflix, ssh- production-, production . , .
?
4 . 4 . , , tmp. , . . . , . - .
, , , , linter , . jobs ci .
Ansible, , Ansible Jinja. : Ansible – Python, Jinja – YAML. , . ( Ansible ) .
, Jinja. Ansible Jinja: if - true else false. Jinja. . YAML JSON. , - , YAML, , , , . : Javascript, PHP.
, Ansible , - , , ?
-, Ansible-lint – , . , , Ansible. Ansible-lint , . Ansible , , .
, , , . Ansible . . overleaf. presage, , . ., set_facts , default. , . : « ?». , Ansible , . , .
, include c set_fact, , , , . , , . Ansible , . , 2.6, 2.7, 2.8 2.9 includes, -. , .
, , , -, include- delegate. , - delegate, - . . , , . , , . , , , . 2.6, -. 2.7, 2.8, 2.9.
, . playbook. Import role vars x=1. : set_facts x=2, debug var=x. : debug var=x. . . , , , , .
, , 2, 2. , , . , , . , 1, : set_fact x=2. ? 1. , , set_fact 2. , 1, , 2. . . .
-, include- . .
. Terraform? ?
Terraform . – , , Terraform .
, Terraform state. Terraform states. n+1 provisioning. open source Terraform : «, . Git, locks, – ». .
, , , . docker. open source , .
Ansible and Terraform are not competitors at all anywhere, because you cannot do what Terraform does with Ansible and vice versa. You cannot configure servers normally internally with Terraform.
Terraform is actually a declarative method for ordering services. They call it provisioning, but in fact you either provide these services to yourself, or provide third-party providers. Terraform is a standardized method for ordering services from third-party providers through a machine-rich interface. They are very close to each other, but Terraform works, roughly speaking, before the arrival of Ansible.