Scaling with Ansible
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
Title |
| |
Title of Series | ||
Part Number | 23 | |
Number of Parts | 119 | |
Author | ||
License | CC Attribution 3.0 Unported: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. | |
Identifiers | 10.5446/19969 (DOI) | |
Publisher | ||
Release Date | ||
Language | ||
Production Place | Berlin |
Content Metadata
Subject Area | ||
Genre | ||
Abstract |
| |
Keywords |
00:00
Computer iconScaling (geometry)Scripting languageWeightWater vaporSlide ruleEndliche ModelltheorieSet (mathematics)Revision controlCodeMultiplication signServer (computing)XMLUMLLecture/Conference
01:36
StatisticsDisk read-and-write headTangentAbsolute valueMetropolitan area networkExecution unitSession Initiation ProtocolValue-added networkCodeEnvelope (mathematics)CausalityInsertion lossPhysical systemMathematicsCodeSystem administratorBitComplex (psychology)Figurate numberOrder (biology)Formal languageSoftware developerEndliche ModelltheorieDisk read-and-write headCodeProjective planeServer (computing)Open sourceMultiplication signProcess (computing)Field (computer science)Stack (abstract data type)Computer animation
05:13
Physical systemElectronic mailing listPoint (geometry)NumberExterior algebraQuicksortScaling (geometry)Service (economics)Server (computing)Error messageMarginal distributionLecture/Conference
06:04
Computer programmingTask (computing)BuildingAdditionRepository (publishing)Different (Kate Ryan album)Virtual machineFormal languageParameter (computer programming)Mathematical analysisComputer fileProcess (computing)Sheaf (mathematics)Set (mathematics)QuicksortSocial classRow (database)Task (computing)Physical systemMereologyMessage passingStudent's t-testOperator (mathematics)Personal digital assistantService (economics)Level (video gaming)Centralizer and normalizerDependent and independent variablesWritingServer (computing)Configuration spaceCodePlug-in (computing)Electronic mailing listData managementComputer programmingComputer animation
09:07
Configuration spaceData managementCAN busRoute of administrationMetropolitan area networkConfiguration managementData managementGroup actionSocial classSoftwareComputer fileRule of inferenceOperator (mathematics)QuicksortDemo (music)Interface (computing)Type theoryServer (computing)WeightLecture/Conference
10:12
Normal (geometry)State observerTask (computing)Computer fileRevision controlState of matterService (economics)Template (C++)CAN busOrder (biology)Computer programmingImperative programmingNatural languageSheaf (mathematics)Template (C++)Execution unitOrder (biology)Line (geometry)Revision controlGradientWorkstation <Musikinstrument>Task (computing)Series (mathematics)Group actionServer (computing)CASE <Informatik>Computer configurationState observerWebsiteNeuroinformatikConfiguration spaceLatent heatSoftwareVirtual machineQuicksortInterface (computing)Survival analysisFunction (mathematics)Perspective (visual)MathematicsMereologyPhysical systemState of matterSymbol tableEstimatorCellular automatonComputer fileVariable (mathematics)Service (economics)Electronic mailing listXMLComputer animation
15:23
Task (computing)Multiplication signNormal (geometry)Product (business)World Wide Web ConsortiumComa BerenicesBuildingPasswordState observerServer (computing)Group actionSound effectInclusion mapElectronic data processingOrder (biology)Task (computing)Arithmetic meanState of matterComputer fileInclusion mapDatabaseInsertion lossElectronic mailing listBackupWritingDomain nameMedical imagingCASE <Informatik>MathematicsType theorySound effectServer (computing)CountingPhysical systemMultiplication signSlide ruleMathematical analysisSocial classResultantFunction (mathematics)Template (C++)Service (economics)Natural languageConfiguration spaceSatelliteGroup actionCasting (performing arts)Civil engineeringCondition numberVirtual machineWeb serviceProduct (business)Heegaard splittingOperator (mathematics)Video gameMereologyIntegrated development environmentLevel (video gaming)Potenz <Mathematik>Celestial sphereDivisorGreatest elementMultiplicationRevision controlWebsiteOpen setSheaf (mathematics)Equaliser (mathematics)IP addressScripting languageVariable (mathematics)Computer programmingDemonMultilaterationBitUniversal product codeWeb 2.0Data storage deviceReal numberLecture/ConferenceComputer animation
21:28
Personal digital assistantRootCodeAmsterdam Ordnance DatumNewton's law of universal gravitationPointer (computer programming)Open setSpecial unitary groupDependent and independent variablesUniform resource nameNetwork operating systemConfiguration managementSimilarity (geometry)Duality (mathematics)Operator (mathematics)QuicksortConfiguration spaceInsertion lossSource codeLecture/Conference
22:02
Physical lawWide area networkExecution unitUniform resource nameDuality (mathematics)Virtual realityVarianceComa BerenicesTwin primeMetropolitan area networkComputer wormValue-added networkAnalog-to-digital converterCAN busInclusion mapMulti-agent systemIntegrated development environmentConditional probabilityRegulärer Ausdruck <Textverarbeitung>Gastropod shellMultiplication signGroup actionWeightCondition numberInformationNeuroinformatikRight angleVideo gameLogic gateExpressionWebsiteRevision controlCASE <Informatik>Category of beingOperator (mathematics)Product (business)Element (mathematics)Integrated development environmentCellular automatonCodeMoment (mathematics)Dependent and independent variablesTask (computing)Information securityTrailEvent horizonArithmetic meanPlastikkartePrime idealWordReduction of orderCodierung <Programmierung>Human migrationMathematical analysisComputer fileFreewareMultiplicationBitGastropod shellPower (physics)Function (mathematics)Variable (mathematics)Compilation albumLine (geometry)Endliche ModelltheorieMobile appInstallation artJSONXMLUML
28:09
Repository (publishing)Computer fileState of matterData managementService (economics)Scripting languageInterior (topology)Interface (computing)Installation artTemplate (C++)Server (computing)Group actionIntegrated development environmentBranch (computer science)Line (geometry)Data typeLevel (video gaming)CodeRight angleServer (computing)Module (mathematics)BitCodeOcean currentMessage passingTemplate (C++)Data storage deviceDigitizingInterface (computing)Computer fileWeb 2.0Endliche ModelltheorieVirtual machineDifferent (Kate Ryan album)Product (business)CuboidLine (geometry)Group actionData managementMultiplication signWritingBranch (computer science)Distribution (mathematics)MultiplicationIP addressPoint cloudCASE <Informatik>Video gameAddress spaceMassPoint (geometry)Process (computing)Tracing (software)Integrated development environmentPulse (signal processing)Social classLink (knot theory)Connectivity (graph theory)Latent heatWordCloud computingTwitterRight anglePhysical systemSummierbarkeitScaling (geometry)Personal digital assistantDirectory serviceScripting languageBasis <Mathematik>Atomic numberCellular automatonSubsetLevel (video gaming)Instance (computer science)Revision controlComputer animation
34:15
Coma BerenicesObservational studyGreatest elementEndliche ModelltheorieModule (mathematics)Type theoryLastteilungComputer fileIntegrated development environmentStructural loadLatent heatLecture/ConferenceComputer animation
35:17
State of matterMathematicsMereologyLevel (video gaming)NeuroinformatikData structureForcing (mathematics)Sheaf (mathematics)Configuration spaceError messageComputer fileQuicksortGame controllerVirtual machineFreewareCellular automatonArithmetic meanLatent heatPoint (geometry)Table (information)Revision controlSummierbarkeitProcess modelingRule of inferenceCombinational logicData conversionData managementLastteilungRow (database)Arrow of timeServer (computing)Repository (publishing)Flash memoryService (economics)Set (mathematics)Type theorySoftware developerStructural loadTowerLimit (category theory)Scripting languageProcess (computing)Lecture/Conference
Transcript: English(auto-generated)
00:15
Now with us is Federico Marani, talking about Ansible and DevOps.
00:30
So hello everybody, my name is Federico Marani and I'm going to talk about Ansible. Ansible is a DevOps tool and we've been using it for a while now, we've been using
00:44
it for around a year and a half, kind of started with version 1.2 I think, and then we kind of went through some experiments and then we kind of turned our own infrastructure
01:01
into Ansible scripts and then we kind of worked a lot on that idea and then we kind of extended it to do like many other things like census code deployment and a lot of like kind of server setup. I've been trying some other tools like DevOps tools and Ansible is a nice
01:25
compromise because it's quite simple and like it just works in the way the way I like it. Ok, so just to give a bit of introduction, I am a coder, so I've been coding Python for a long time
01:47
and I've been involved with some open source projects but like many company work and I code with like many languages, you know Python, I did some Scala, I did some PSP in the past
02:03
and I also like, always like the kind of the Sysami side of things because it's quite nice when you know both sides, you can code, you can deploy, you can configure server, so I always had that interest in kind of Sysami first and then moving towards DevOps.
02:24
I work for a company called Triviz, it's a startup, we are based in London and I'm the head of engineering there. Before that I worked with other companies, some of you may recognise some names.
02:43
Ok, so what is the thing about, like you know obviously we like talking about Ansible but like what is the real problem behind it? The problem behind it is DevOps and the problem behind
03:00
DevOps is system administration really. You can't do DevOps if you don't, if you don't understand Sysami, obviously you can use Ansible but like Ansible is just a tool that helps you to do you know the same Sysami work but like you still need to know Sysami in order to do that, like it just kind of simplifies some of the things
03:27
but like certainly it doesn't tell you how to configure Nginx, it doesn't tell you how to configure sudo, it doesn't tell you how to configure you know any other tools that you might use in your stack. So yeah, I mean basically in this field there is lots of the complexity
03:46
of system administration so we really need to know how these systems work and then you can use Ansible to simplify your workflow basically.
04:02
So what is DevOps? DevOps is like basically like one simple concept and is having infrastructure as code. So like just saying historically you had like this figure called Sysami, we
04:21
like go on the server and then do this, all this manual thing and like nobody, nobody knew what they were doing, they were like just doing magic on the server and somehow the server got interested, it was working and then suddenly these people, I leave the company and nobody knows like what they've done to the server and like we basically
04:42
lose track of like all these changes. So like what changed like some time ago especially when DevOps became a big thing, basically now every change you do on this system is going through this process of coding and then you basically have the coding as a first
05:06
step and then these deployments of infrastructure changes like you basically roll them out on one server or many servers like you know whatever number of servers you have.
05:20
What DevOps is about is about automation as well because I mean we are all engineers so we like to, we love when things are automated like this, this margin for error of this and it's just very nice, you don't have to think about these things anymore, you just have this automation in place. People leave companies so that's another
05:48
good point like you don't want knowledge to escape the companies, you want to keep the knowledge within the company and anybody can read the code, anybody can understand how the system works. Another point I feel strongly about and there's a lot of DevOps tools out there
06:09
which like they borrow too many ideas from programming languages so like I mean I love coding, I've done a lot of it but I don't feel necessarily the connection between like
06:23
doing DevOps and doing coding so I don't think DevOps should not require programming experience. This tool is like you know Chef is really kind of Ruby based for example and the puppet
06:40
is like you know entirely some language. I think that there's you know I was looking for a tool that kind of made this distinction a bit clear and that's when I came to Ansible. Ansible is a really nice tool, it's really quick to get started, it's really easy and
07:06
it builds on top of like tools that we all should know like Python, SSH, YAML files, it's written in Python, it's extensible with Python, you can write plugins in Python,
07:23
you can write plugins in other languages I think. Like differently from other systems is based on the idea of like pushing updates to the server instead of the server having the responsibility of pulling updates. Obviously this behavior can be tweaked but the idea
07:47
is like you run Ansible on your machine or a management machine and it basically connects to every server and pushes the operation that you want to run on the server. This
08:01
operation may be like installing packages or maybe configuring packages, you know whatever you chose to run, yes this push approach. The nice thing about this is it doesn't require you to install agents on the servers, it doesn't require you to have a central
08:24
repository of configuration files, yeah I mean it's just a different way. It's based on the idea of playbooks, so you can use Ansible in a simpler way but like I'm going to talk about playbooks and playbooks are basically a list of tasks,
08:48
so there is like a task section I'm going to describe and there's another file called inventory file, so those are like the two basic files you need to set up. Okay,
09:01
you can use Ansible for many things, I generally like tend to distinguish it in two big groups, one is configuration management and if you want you can use Ansible for co-deployments but it's quite like a separate thing. Configuration management like that's like the traditional
09:26
way to use these tools, so when I say configuration management I mean like installing software on the server, configuring like this software, making sure all the demos are started,
09:44
making sure all the network interfaces are up, making sure all the file rules are set, you know these sort of type of operations are basically like the traditional way to
10:01
use these tools. Okay, so this is a playbook, this is kind of the basic file for using Ansible, it's divided in three sections, you've got like cost section, task section
10:23
and the section. So really the most important part here is the task section, in this playbook there are three tasks, each one with a name and each one with an action, action
10:41
in this case is APT, template and service, so I mean this file is really easy what this file does, it's basically a set up nginx server on your machine, on many machines. So the very first thing you would do is make sure nginx is installed and it's the
11:03
latest version, so to do that you basically need one line, it's the APT line which is like there, you specify the package name and you specify the state you want the package to be in and when Ansible will run this action what it will do is basically check
11:25
if nginx is already installed, if it's already installed and it's already the latest version, it won't do anything, it won't cause any change in the server, if it's not installed or if it's out to date it will be upgraded.
11:47
Okay so second action, something you probably do for most of the software you install, you have to use your own configuration files because nginx you need to set up,
12:01
like you have a file to configure the website so you need to upload this. Template is basically a copy but like with some pre-processing done to it, this is templating, Ansible is using Jinja, Jinja is a templating engine, the same one used with Flask and
12:27
same auto Flask and what the template action does is takes this Jinja file and you like feed it to the template engine with a bunch of variables that are available in Ansible
12:43
and you can specify also variables in playbooks and the output of this kind of templated file is then copied on the server to that destination path there. Yeah, that's basically it. Third action here is the service action, service action
13:07
basically it's an interface to Inescript and in this case it's just about like making sure nginx is running, so if it's not running we call the Inescript to start nginx,
13:20
if it's running it won't do anything. So there's another important section here called endless, so the basic idea around endless is basically you list your endless and you can execute those on demand like
13:44
at the end of your task list and you can execute them only at the end of your task list if there's been a change like associated in this case to the template action. So if the template action caused a change in the target server it basically triggers
14:06
the notify which is then connected to the endless, so in this case if the configuration file changed on the server you want to restart nginx, so the notify will be triggered
14:21
and then the endless will be executed, it's just like basically there are actions you execute only when a notify has been called. So the last thing here is the host section it's actually a section you need, you always need and basically like the group
14:46
of servers you want to apply this playbook to. So task order is important, that's how Ansible works, that's not how all the tools work, it's really kind of typical of Ansible and to be honest it really makes sense from
15:08
my perspective when you set up machines, when you set up servers you will do things in order, so like it's quite convenient for me to reuse the same order when I define this
15:24
task, it's really kind of a nice way to think about problems like in steps. So like really kind of see the thing as it's important programming, so it's not like the order is quite important, that's how you define dependencies between tasks.
15:49
The other thing is task order is important, meaning that like you can execute the playbook as many times as you want and you won't try to install nginx twice, you won't try
16:01
to like override the configuration file if the configuration file is already on the server and that's a nice feature and basically like you won't change the system, you won't try to change the system if the system is already in the state you want that to be.
16:24
Already I can describe the end of it, basically there are commands that fly for later execution, so we better execute only if there has been a change in the system, typical case of reloading a daemon.
16:47
So the last type of file that you need to set up is the inventory file, it's actually like much simpler than a playbook, it's just a list of domains or IP addresses,
17:01
you can group them by house group if it makes sense to you, like what we normally do is like list all the web servers in one section, list of database servers in another section, we have monitoring servers, we have trillions of type of servers.
17:24
Like one thing you can do with inventory files that we found really helpful is you can define like variables per inventory per house group, so for example like for all the web servers you want to declare that the build environment is production or staging
17:44
or whatever environment you have, you may want to declare some database names in case you are running multiple versions of the same website on one machine, you can do the
18:00
same thing like for database servers, yeah that's a feature we use a lot basically Ok, so I think the important things here are like house groups, like really trying to understand how house groups work, I mean it's actually quite easy but there are some
18:26
little things that you need to know. There's a feature called roles in Ansible, we found it like really helpful, especially because basically it defines like a common convention
18:44
like to include files within your playbook, so if you have like a long list of tasks you need to run on the server, you may want to split this task into multiple files, I mean the same idea behind a programming language, you basically split your file into
19:04
multiple files, that's why there are includes and you should use them, and always try to use the actual side effects, meaning if you don't need to template a file you can
19:20
just use copy, basically there's less chances to trigger a change in the server and a change you don't really want to trigger, let's say. Ok, so this is how you define includes,
19:41
these are actually like a real snippet of production code we use, so you can basically see the operations you do on the server on a more logical level, obviously to store web packages, there are like many packages or many configuration files you need to apply,
20:03
just try to see that from a kind of agar ground, so like you basically install all the web packages that we configure on GNX, that we configure on Supervisor because we're using Supervisor, another thing we do is have a data restore backups and everybody should
20:26
do backup testing, but like we restore it from production to staging, so you can do a conditional includes if you want, and all the tasks in this include will be included
20:42
only if the variable is, you know, if that is evaluated through, I'm going to come back to conditional, it's up to me, just a bit more later. You can tag operation, tags meaning you can just write tags equal in any keyword, that's quite a nice thing because
21:06
sometimes you only need to execute parts of your NCBL scripts, or you may want to ignore some tags, and that's a nice way to do it, okay.
21:24
So that was like kind of the basics basically, we introduced a playbook, we introduced inventory files, we did some other things, but like the operations you do on configuration management, they are quite similar, unless you do, you know, a sort of like lots of Java, demos,
21:46
just to start ones, crazy like that. The other thing we use NCBL for are co-deployments, and the problem with co-deployments though is that they can be really custom, like
22:01
the really, like one, like, you know, when you write things like configure servers, they always, you know, they normally quite standard, co-deployments, like it's really personalized, like for your environment. We have like, you know, a ton of Python,
22:26
we have many based in Django, so, you know, this is actually like some playbooks that work well for us, but like, you know, just to describe, you know, the basic things we do, we basically create virtual environments, we store dependencies in the virtual environments,
22:46
we use Bower, we use like Node.js, and we use Grunt, like to do compilation of facets like server-side, and I mean, NCBL has some support for these tools,
23:03
especially NPM, and it doesn't support Bower, but I can always run shell commands, so you can run Bower install with the shell command, use Grunt, so just trigger a shell command to run the ground compilation server-side, and there's some, you know, standard operation
23:26
you do with Django, like you basically collect all the static files, you run the migrations, you want to run the migrations only in the case the migrations are not already applied,
23:40
and yeah, I mean, there is some setup to do that, using whiskey, so when we finish all this, we start whiskey, we start celery, we install everything we need, okay, so basically in this extra code that we have, it gets a bit trickier, because there's many
24:08
things that we need to add, which are not standard, I already introduced the conditionals, conditionals basically can be applied on any task, and it's just like an extra line
24:24
saying one, and then an expression, expression is using Jinja, so you have all the power of Jinja for free, in this case, like, we don't want, like, when we deploy something,
24:42
we need to know what environment we're deploying, so we force the failure if the app environment is not defined, yeah, I mean, that's quite easy, we just want to know the environment.
25:00
Okay, so another operation that we found quite useful, we used this in a few places, it's a register operation, the idea behind register is that, I mean, you can register a variable name, and that variable name at the end of the execution of the task will
25:28
contain some information about the task, so the problem we had is, like, I want to deploy to production only the version of the website which are being tagged with a version,
25:44
because I know if they're being tagged with a version, they are stable, so they might be deployed, there's no tags, Git tag support, there's no magnetic model to do tags, to read Git tags, but you can still use a shell command, so we run Git tag, we put
26:07
the output of this command in the Git tags variable, and then we kind of use that variable in a conditional later on, so in this case, like, the conditional is in production, and
26:24
the tag is not in the Git tags list, in that case, we need to fail, like, I don't want to deploy to production version, they won't be tested. Yeah, and one thing to add is Git tags basically contains many properties, and one of these
26:45
properties is the standard output, but it also contains XCOs, like the time this command took, many other things, yeah, just go and check the website that's written, everything
27:04
in there. One thing we use a lot in a lot of places is this with items, so sometimes you want to run the same action multiple times on many packages, or you want to store,
27:27
for example, many PIP packages or many Debian packages, and what you can do is repeat the same action, copy and pasting it, like, for every package, and it might make sense,
27:42
this is certainly an easier way to do it, so you basically run the same action, it's basically a loop, you run the same action on many items, in this case, you want to install the supervisor with PIP, and another nice thing that is in Ansible is something
28:11
called facts, facts are basically data coming from the server, from the current server,
28:21
Ansible facts may be like the hostname, for example, or the IP addresses that these are, the distribution name, distribution version, data about CPU, about disks, and you may need to do some of this information, when you, for example, write template files,
28:48
or you write in Ansible playbook. In this case, we as a company use Ipshot, and I want to let everybody know that's something to deploy on a particular server, with sensible
29:05
as a model called Ipshot, it's already done for you, so you don't need to write any Python code to talk to Ipshot, you specify the role, you specify the message,
29:20
the message is trained that can be a template, and basically what happens is this action will be run for every server that is in your playbook, and it's time this action is run, you will get like a different message, deploy to www, deploy to whatever your hostname
29:45
is, and you get that as many times as you have servers. Okay, so there's a lot of packages in Ansible, and I mean Ipshot is just one of the many,
30:04
and there are some which are a bit more standard than others, some of them are really specific on, with CC2 or with DigitalOcean, or like something, or like interface to backtracking system, and the actions or modules that we normally use are APT, because we're using
30:28
like Ubuntu everywhere, service, if you know like interface with any scripts, PIP packages, if you want to store PIP packages, we use Git, the pro is Git is quite limited,
30:46
you can only check our repositories, you can do any other Git operation, which are many, there's a file module if you want to check the presence of directories, if you want
31:05
to check the presence of files or links, and then there's some more modules specific to the Python world, like supervisor for example is one, or Django manage their interfaces
31:22
to run Django management commands, or supervisor commands, but as I said there's many more. So just to give you like an idea of the size, like we have more than a thousand lines
31:41
of playbooks, we do a lot of things with them, we have like four environments, some of them production environments, some of them staging environments, we actually have more than the production machines, because I just added a couple, we run like PostgreSQL,
32:02
we run Neo4j, we run NTNX, SORA machines, basically like we have a lot of things, like the way you set up all of them is quite similar, there's a bit of extra set up for Solr and Neo4j, because they're based on the JVM, so we have like that machines,
32:26
like everyone of the team has like both like local machine and the digital ocean box, so they can deploy anytime, we have some branch machines, we run like on the
32:41
multiple cloud providers, like AWS, digital ocean, every break-in box is a top with sensible, so basically it's quite nice because you do a break-in app, and then it runs the provision automatically, so you actually get like the final server, it takes a while,
33:03
but like you actually get it. Yeah, I mean that's getting to the end of the talk, you know, like a few suggestions, just try to keep server stateless, if you have like,
33:24
you know, especially when you scale, like you really need to like, not for example I store a file on a particular server and not another, because that file will become like state, and then that's kind of the thing that will stop you when you have to
33:41
scale, when you have to have more than one web server, more than like, you know, many web servers, and the nice thing about DevOps is kind of allows you to do things in the right place, so you can do like IP geolocation for example, both in code or in server, like infrastructure level, just like models for
34:06
Nginx to do that, so you might want to configure Nginx in a way that does geolocation for you, or you can do it in the code. Yeah, I mean, I think that's probably it.
34:21
Thank you very much. Do you have any questions?
34:41
So my question is, I was reading that Ansible can also handle local answers, so there's like a model for a file for Nginx, do you have any experience with that? We, like, we use load balancer, sorry, so you were asking about load balancer and if we use like load balancer modules when we do deployments,
35:03
so you're talking about a specific type of load balancer? Well, yeah, my company, we usually get five, but basically, the question is whether we have an experience with Ansible load balancer. We use load balancer for some of the, actually one of the environments we have.
35:26
Well, like we still do it manually, pretty much, but like there's a lot of support, like for EC2 load balancer and other types of load balancer, but yeah, I mean, we don't do it, we kind of do that process manually, so we take the machine off the load balancer
35:46
and then we deploy to a specific machine and then do this thing manually, basically.
36:04
Okay, so the question was about if there is a specific convention, about like kind of where you put files. Ansible rows are the thing that kind of forces you a lot, there's a lot of convention,
36:23
so especially when you use Ansible, Ansible rows basically automatically gives you like a folder structure you need to follow when you kind of declare the various sections. The same besides that, you can pretty much come out with the structure you want.
36:50
How do you control who gets to configure the structure? So how do I get to control who figures, who like kind of does the infrastructure, sets up the infrastructure.
37:07
You can, because everything is like kind of committed to repository, you can always use the repository to do that level of control. Who gets to deploy this, I mean, if you have the kind of SSH permission on the machine,
37:27
basically means you can run Ansible, so like the control is really kind of built on top of SSH. I mean, there are tools that you can put on top of Ansible if you're not,
37:42
especially when you use management service, and there's a tool they release called Ansible Tower. I don't think it's free, or maybe it's free for like a limited amount of service. But like, as it stands, basically the control is on SSH. So if you have the SSH key, you can configure SSH.
38:09
Sorry, how do you copy an SSH key? Do we have the same management server where everybody who has permission to access the management server
38:20
gets to configure all of the infrastructure? Or do we have several developers who have SSH permissions to some of the machines? The way we do it now is basically like, I have the permission to kind of apply these configuration files
38:40
to scripts on all machines, setting up like a management server now to do that. One problem I have with Ansible is that the handlers are called at the end,
39:01
so it's hard to run the handler. Sorry, if you have an arrow in the playbook? Yeah, then the handlers are called at the end, because the notification handlers are only wrapped with the old playbook.
39:24
Okay. And there is a flash handler, so it's like, just blink your legs or something like that. So the problem is if there is an error in the playbook, let's just say for example like you are copying a configuration file
39:43
and then like an error happens, so then this didn't run. Like how do you do that? Yeah, that's really annoying. And what I normally do is like, you can either force a change in the file,
40:03
or I'm sure there are more clever ways to do it. But yeah, I don't have a perfect solution for it.
40:22
That was it. Thank you very much again.