00:16:45 <decause> #startmeeting ROC.py
00:16:45 <zodbot> Meeting started Wed Nov 18 00:16:45 2015 UTC.  The chair is decause. Information about MeetBot at http://wiki.debian.org/MeetBot.
00:16:45 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
00:16:52 <decause> #chair threebeand
00:16:52 <zodbot> Current chairs: decause threebeand
00:16:54 <decause> #chair threebean
00:16:54 <zodbot> Current chairs: decause threebean threebeand
00:16:57 <decause> Hi
00:17:00 <decause> I'm ralph
00:17:07 <decause> I hack on Fedora full-time
00:17:12 <decause> come hang out in IRC and hack with us :)
00:17:26 <decause> I use ansible on my personal machine, but also to manage all our servers in Fedora
00:17:30 <decause> #topic Ansible
00:17:47 <decause> namesake - Machine for super-liminal communication. From ender's game.
00:17:57 <decause> diff wikipedia
00:18:37 <decause> Ansible is a free software platform tool for managing and configuring computers. Taks management, over ssh, or powershell. Modules work over JSON and stdout. System uses .yaml to create descriptions of machines.
00:19:22 <decause> #topic People
00:19:28 <decause> Michael DeHaan(sp)
00:19:45 <decause> helped write ansible, and also Func. Wrote cobbler also, and took lessons to help make ansible.
00:20:01 <decause> Seth Vidal, author of Yum, helped Michael write ansible.
00:20:15 <decause> "We're making another func/cobbler? Is this a good idea" asked Seth
00:20:28 <decause> Michael says Seth's support had a big role in actually building it
00:20:34 <decause> RIP skvidal
00:20:42 <decause> #topic Health Benefits
00:20:49 <decause> Ansible is a configuration and orchestration tool
00:20:51 <decause> there are many tools like it
00:20:57 <decause> salt, puppet, chef
00:21:01 <decause> but Ansible is agentless
00:21:21 <decause> other machines, you have to install an agent, so there is a bootstrapping to get their system installed
00:21:24 <decause> not ansible
00:21:34 <decause> Ansible also has a PKI (Public Key INfrastructure)
00:21:49 <decause> itdoes everything over ssh, and you can reuse the PKI, and not manage another on top of that.
00:21:57 <decause> it has a really simple syntax/format
00:22:00 <decause> it uses .yaml
00:22:46 <decause> which is "yet another markup language"
00:24:05 <decause> you only need ssh, and python 2.4 or greater (but less than 3)
00:25:30 <decause> #topic Module Index
00:25:40 <decause> #link https://docs.ansible.com
00:25:47 <decause> #chair decause
00:25:47 <zodbot> Current chairs: decause threebean threebeand
00:25:51 <decause> #topic Module Index
00:25:59 <decause> #link https://docs.ansible.com
00:26:03 * decause shrugs
00:26:16 <decause> here you can see all the modules, and there is a whole set of thigns you can manage
00:26:40 <decause> Q: These are small python modules that bind ansible to the platform listed?
00:26:52 <decause> A: It becomes like a function you can call from your playbooks.
00:27:00 <decause> Q: Oh, so it reads the .yaml ,and makes python?
00:27:03 <decause> A: Yes!
00:27:09 <decause> This is .yaml (shows a playbook)
00:27:51 <decause> you define what you want (i.e. make my key present on this machine) and each time you run it, it will make sure that stuff has happened.
00:28:53 <decause> you can write your own in any language. YOu just make your module print out json to stdout!
00:29:07 <decause> a "callback" plugin can be called at the end of tasks
00:29:14 <decause> lookup plugins can be run before
00:29:42 <decause> #topic comparisons
00:30:20 <decause> puppet is a pull-based system
00:30:26 <decause> agents query the puppet master
00:30:31 <decause> but ansible is push oriented
00:30:37 <decause> it sends commands across the network
00:30:52 <decause> we had a puppet infrastructure, but then we used ansible to run puppet ;)
00:30:57 <decause> puppet needs it's own PKI
00:31:04 <decause> puppet is ruby, ansible is python
00:31:17 <decause> puppet has a DSL that looks like Ruby, but isn't turing complete
00:31:29 <decause> Ansible is .yaml, arguably readable
00:31:33 <decause> puppet uses ERB
00:32:07 <decause> puppet config style is declarative--a machine "should" have this service running, which means this package needs to be installed, and orders the resource treee into a dependency graph
00:32:19 <decause> ansible is imparative, which means you declare steps, and they happen in order
00:32:33 <decause> in a way puppet is more powerful, where you can specify a complicated resource graph
00:32:43 <decause> I got frustrated when the graph would get resolved in ways that I didn't expect
00:33:08 <decause> (e.g. applying an selinux label with two puppets, would be non-deterministic when I used it)
00:33:16 <decause> puppet is Ruby only, Ansible can be any language
00:33:26 <decause> You can invoke ansible directly to do "one offs"
00:34:04 <decause> ansible all -m ping
00:34:19 <decause> Q: How does ansible know "all"? MDNS?
00:34:31 <decause> A: You have an "inventory" file where you define everything
00:34:51 <decause> You can define things in your inventory like "database group" and within that a "staging" group
00:35:53 <decause> #topic modes of operation
00:35:58 <decause> mode #2, playbooks
00:36:18 <decause> you can specify extra arguments, and change what happens at the command-line
00:36:31 <decause> #3: using the python api. You can import ansible.runner
00:36:40 <decause> you can use the "virt" module, and then the "node info" command
00:37:37 <decause> #topic Example playbook
00:37:48 <decause> #info Slide #12 on threebean's slides
00:39:02 <decause> here is a playbook for shellshock
00:39:03 <decause> #12
00:39:08 <decause> here is a playbook for heartbleed
00:39:19 <decause> #info Slide #13 on threebean's slides
00:39:52 <decause> #topic lightsaber
00:40:13 <decause> #link https://github.com/ralphbean/lightsaber
00:40:23 <decause> this is a glorified dot-files repo
00:40:33 <decause> I use it to manage my laptop, and my cloudnodes, etc...
00:41:24 <decause> you can define parent/child releations, which themeselves can be gropus
00:41:29 <decause> you can create overlapping hierarchies
00:42:14 <decause> roles are like python modules
00:42:20 <decause> groups that contain many tasks
00:48:09 <decause> *threebean shows off playbooks and roles in lightsaber repo*
00:48:26 <decause> #topic
00:48:32 <decause> #topic Secrets
00:48:48 <decause> there are two repos: one has the public facing stuff, and one has the passwords and certs
00:50:04 <decause> we use ansible vaults
00:50:11 <decause> Q: We use git-crypt!
00:50:23 <decause> Q: we have a clear.yaml and encrypted.yaml
00:50:45 <decause> it auto-encrypts on push!
00:50:48 <decause> A: very cool
00:52:42 <decause> #topic Fedora Infra Playbooks
00:52:44 <decause> #link https://infrastructure.fedoraproject.org
00:53:06 <decause> fedmsg publishes whenever playbooks are run too, so we can make announcments
00:54:37 <decause> we have many playbooks, but most of the action is in the "groups" folder
00:54:44 <decause> we have a notifications backend playbook, for example
00:54:49 <decause> first line "include virt-create"
00:55:02 <decause> which passes in a command to spin up a node, or if it exists, continue
00:55:08 <decause> it doles out some generic configurations
00:55:23 <decause> it operates on the notice backend and notice backend staging group
00:55:35 <decause> we have a number of roles
01:04:40 <decause> *threebean shows off update playbook*
01:08:17 <decause> *threebean shows off vhost reboot playbook*
01:22:34 <tibbs|w> Without reading the scrollback, this is the best meeting ever.
01:46:27 <decause> tibbs|w: :)
01:46:35 <decause> forget to end it, got caught up in discussion
01:46:59 <decause> #link https://threebean.org/presentations/ansible
01:47:23 <decause> #link https://threebean.org/presentations/ansible/
01:47:40 <decause> thanks all for your patience :)
01:47:43 <decause> #endmeeting