Skip to content

Instantly share code, notes, and snippets.

@juliedavila

juliedavila/presentation.html

Last active August 29, 2015 14:11
Show Gist options
  • Save juliedavila/6c5dd8a1f9d16856ab91 to your computer and use it in GitHub Desktop.
Save juliedavila/6c5dd8a1f9d16856ab91 to your computer and use it in GitHub Desktop.
Download ZIP
presentation.html
Raw
presentation.html
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Ansible Lessons Learned at NASA</title>
<meta name="apple-mobile-web-app-capable" content="yes" />
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent" />
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no, minimal-ui">
<link rel="stylesheet" href="/static/css/reveal.css">
<link rel="stylesheet" href="/static/css/default.css" id="theme">
<link rel="stylesheet" href="/static/css/zenburn.css">
<!--[if lt IE 9]>
<script src="lib/js/html5shiv.js"></script>
<![endif]-->
</head>
<body>
<div class="reveal">
<div class="slides">
<section>
<h1>Ansible @ NASA</h1>
<h3>Lessons Learned</h3>
</section>
<section>
<div>
<h4>What is your level of familiarity with Ansible?</h4>
</br>
<h3>Text "noob", "some" or "great" to</h3>
<!-- replace this with your Twilio number -->
<h1>571-xxx-xxxx</h1>
</div>
<br>
<div style="display: inline;">
<div style="float: left;">
<h2><div id="noob">0</div><h2 style="color: green">noob</h2>
</div>
<div style="float: right;">
<h2><div id="great">0</div><h2 style="color: orange">great</h2>
</div>
<div>
<h2><div id="some">0</div><h2 style="color: teal">Some</h2>
</div>
</div>
</section>
<section data-markdown data-separator="---" data-vertical="--">
<script type="text/template">
## About Me
* Based in Washington D.C
* Former Military
* StartUp Developer
* DevOps @ NASA WESTPrime
* Ansible as of yesterday
---
### **What are we going to discuss?**
![hmmm](http://user-cdn.spring.me/photos/20120509/n4faa1ff76b6a9.jpg)
---
![Ansible Logo](https://avatars3.githubusercontent.com/u/1507452?v=3&s=200)
#+
![NASA Logo](http://bolo.berkeley.edu/drupal/sites/default/files/AboutUs/NASALogo.jpg)
---
## Biggest Lessons
* Access Control
* Speed
* Directory Structure & Style-Guide
* Bastion/Jump Servers ⇒ To Not
* Upgrading Ansible w/o losing your Custom Hacks
* AWS Tags to boost efficiency
---
##Access Control
![Old Rusty Lock](http://srpearceart.com/wp-content/uploads/2013/11/Old-Lock2.jpg)
--
## Ansible-Core Only
- Key-based SSH Access into Servers
- Ansible then works only on servers you have access to
- Ops & Security Access to Everything. Not Devs.
- Bastion Access Point
- Ansible installed on bastion
- Ppl could also run locally
- Playbooks stored on a shared directory/git
- Cron...lots of cron
--
# **There were problems**
![Angry Spongebob](http://media.giphy.com/media/90FH7I3McAQ7u/giphy.gif)
--
## Painful Compliance
![Baby crying](http://www.shoestringmarketinguniversity.com/wp-content/uploads/2013/10/painful-emotions1.jpg)
--
## Trust Issues
![Fine in Dev](http://www.globalnerdy.com/wordpress/wp-content/uploads/2012/09/worked-fine-in-dev.jpg)
--
## Managment != Help
![Manager](http://www.youngandprosperous.com/wp-content/uploads/2010/09/middle-manager1.jpg)
--
## Cron =! Good Scheduler
--
### Solution?
# Ansible Tower
--
## RBAC
** Beautiful for Multi-Tenancy **
- Organizations
- Teams
- Users
--
## Built-in Logging
- Who
- What
- When
- Success/Failure
--
## Non-Techie Friendly
- One-click Updates
--
## Tower Scheduler > Cron
---
# Speed
![Speed](http://www.alejandrobarros.com/media/users/1/50369/images/public/4363/fast.gif?v=1310340865696)
--
### 2x Performance with Pipelining
- !Requiretty
- Modify ansible.cfg
--
# ansible.cfg
```
# By default, this option is disabled to preserve compatibility with
# sudoers configurations that have requiretty (the default on many distros).
#
#pipelining = False
# if True, make ansible use scp if the connection type is ssh
# (default is sftp)
#scp_if_ssh = True
```
--
## Disable requiretty for sudo
Sample { Jinja2 } Template file for a SysAdmin
```
%{{ item }} ALL=(ALL) NOPASSWD: ALL
%{{ item }} ALL=(ALL) NOPASSWD:/bin/*sh *, !/bin/bash
%{{ item }} ALL=(ALL) NOPASSWD:/usr/bin/sudoedit, !/usr/bin/vi*, !/usr/bin/emacs
Defaults:%{{ item }} !requiretty
```
--
## Control Machine Linux Flavor
- Easier with Debian family OS
- Opted for Ubuntu
- RHEL Machines < 7 known to have ControlPersist issues
- Patched?
---
## Style & Uniformity
![Military Formation](http://randommization.com/wp-content/uploads/2011/11/10000-toy-soldier-installation.jpg)
--
## Why?
- YAML != Strict syntax
- 100+ Playbooks w/o a Standard is Hell
--
## Style-Guide
- Borrowed from edx
- Covers Formatting ==> Security Guidelines
- Available on GH
---
# Architecture
![nice house](http://cdn.designhomes.pics/design/www.free3dmodelz.com/wp-content/uploads/Three-fan-style-architecture-490x367.jpg)
--
## Core Only:
- Bastion Setup
- Ansible installed
- Inside of various VPCs
--
## Pain in the ass
- Patching across env required SSHing multiple times
- Helping devs connect through bastions sucked
- Just simply inefficient
- Created more snowflakes
--
# Simple Solution
--
## Rennovated the Environment
- Created a Single Managment VPC
- VPC Peered into all the other VPCs
- Home for all tools
- Tower connected via private IP addresses (faster)
---
# Upgrading & Custom Hacks
--
## My Mods
- More detail in RAM
- List of apt/yum installed packages
- Also available on GH
--
## Realized that Upgrading Ansible Removed my mods
--
## Solution:
### An ansible playbook to reapply my modifications
On GH soon...
**Note:** Requires a quick check on release notes
---
## AWS Tagging
![tags](http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/images/AddEdit-Tags.png)
--
## Basic Tagging Scheme
* op_env: prod/staging/dev
* Name: ansible-webapp-1-prod-mgmt
* Windows:
--
## Name Tag Technique enables
```yaml
hosts: *_webapp_*_dev_*
```
Or...
```
hosts: *_prod_*_mgmt
```
Dynamic Inventory Script does all the heavy lifting
---
# Thank You!
## Questions?
</script>
</section>
</div>
</div>
<script type="text/javascript"
src="http://code.jquery.com/jquery-1.11.1.min.js"></script>
<script type="text/javascript" src="//cdnjs.cloudflare.com/ajax/libs/socket.io/0.9.16/socket.io.min.js"></script>
<script src="/static/js/reveal.js"></script>
<script src="/static/js/head.min.js"></script>
<script>
Reveal.initialize({
controls: true,
progress: true,
history: true,
center: true,
theme: Reveal.getQueryHash().theme,
transition: Reveal.getQueryHash().transition || 'default',
dependencies: [
{ src: '/static/lib/js/classList.js', condition: function() { return !document.body.classList; } },
{ src: '/static/plugin/markdown/marked.js', condition: function() { return !!document.querySelector( '[data-markdown]' ); } },
{ src: '/static/plugin/markdown/markdown.js', condition: function() { return !!document.querySelector( '[data-markdown]' ); } },
{ src: '/static/plugin/highlight/highlight.js', async: true, callback: function() { hljs.initHighlightingOnLoad(); } },
{ src: '/static/plugin/zoom-js/zoom.js', async: true, condition: function() { return !!document.body.classList; } },
{ src: '/static/plugin/notes/notes.js', async: true, condition: function() { return !!document.body.classList; } }
]
});
$(document).ready(function() {
namespace = '/presentation';
var socket = io.connect('http://' + document.domain + ':' + location.port + namespace);
/* add and edit choices here */
var appropriate_choices = ['noob','some','great'];
socket.on('msg', function(msg) {
/* ensure valid vote and div exists */
if (appropriate_choices.indexOf(msg.div) >= 0) {
var checkDiv = $('#' + msg.div);
if (checkDiv.length > 0) {
checkDiv.html(msg.val);
}
}
});
});
</script>
</body>
</html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment