This talk is for Domino admins and developers who would like to learn Ansible basics. Ansible is an automation engine to automate deployments. HCL provides a set of Ansible playbooks and roles to deploy a complete HCL Connections 7 environment. Come learn what Ansible is and why you should use it in this webinar.
The speaker will be:
Christoph Stoettener, HCL Ambassador
2. AGENDA
• Welcome – Howard Greenberg and Graham Acres
• Christoph Stoettener, HCL Ambassador
• Q and A - All
3. ASKING QUESTIONS
• First Question – Will this be recorded?
• Yes, view on YouTube!!!
• https://www.youtube.com/user/OpenNTF
• Use the Questions Pane in GoToWebinar
• We will get to your questions at the end of
the webinar
• The speakers will respond to your questions
verbally
• (not in the Questions pane)
• Please keep all questions related to the
topics that our speakers are discussing!!!
• Unrelated Question => post at:
• http://openntf.slack.com/
4. THANKS TO THE OPENNTF SPONSORS
• HCL made a significant contribution to help our
organization
• Funds these webinars!
• Contests like Hackathons
• Running the organization
• Prominic donates all IT related services
• Cloud Hosting for OpenNTF
• Infrastructure management for HCL Domino and Atlassian
Servers
• System Administration for day-to-day operation
5. THIS IS OUR COMMUNITY
• Join us and get involved!
• We are all volunteers
• No effort is too small
• If your idea is bigger than you can do on your own, we
can connect you to a team to work on it
• Test or help or modify an existing project
• Write guides or documentation
• Add reviews on projects / stars on Snippets
6. NEXT WEBINAR
• March OpenNTF Webinar: Nomad Mobile -
Tips and Tricks
• For Domino developers who would like to
optimize their apps for Nomad.
• Thomas Hampel, HCL
• Maxx Sutton, HCL
• Theo Heselmans, HCL Lifetime Ambassador
• Tom Van Aken, HCL Ambassador
• Thursday, March 18, 2021 at 11:00 AM (New
York time)
• www.openntf.org/webinars
7. INTRODUCTION TO ANSIBLE FOR
NEWBIES
Christoph Stoettner <stoeps@vegardit.com>
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 1 / 60
8. WHO AM I?
Christoph Stoettner
Senior Consultant @Vegard IT
Focusing on HCL Connections deployments and migrations
Ansible since 2017 — Social Connections 12 [1]
Example code on
1.
github.com/stoeps13/ansible-examples
share.stoeps.de/2017-10-16-ansible4connections.pdf
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 2 / 60
9. HANDCRAFTED SERVERS
Hard to maintain
Setups are not reproducible
Complicated vendor documentation
Inhouse documentation outdated
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 3 / 60
10. IMMUTABLE VERSUS MUTABLE
SERVER
Mutable infrastructure just gets updates
Software 6.0 → + I x 1 + I x 2 + I x 3
In production 6.0 → i x 3
Result will be different
Immutable creates a new environment with 6.0.x
Migrates data after testing
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 4 / 60
11. SNOWFLAKE SERVERS
Special tweaks or versions needed for proper function
Exception of your standards
Dif cult to reproduce
Fragile if they need a change
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 5 / 60
13. WHY ARE DEDICATED
TESTENVIRONMENTS IMPORTANT?
Reliable testing can give you con dence during live migration
Applying Fix 3 over Fix 2 over Fix 1 often different from Fix3 over Fix1
Use the same scripts to build development, test or production systems
Handcrafted is always different from production
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 7 / 60
14. ADVANTAGES
Developer
Build a development environment which is compareable to production
Adminstrator
Build a test environment to go through a migration
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 8 / 60
15. BE AS PRECISE AS POSSIBLE
Avoid different hostnames
Production: example.com
Test: test.example.com
Better:
example.com
example-test.com
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 9 / 60
16. HOW CAN WE SOLVE THIS?
Deployment and Application development should follow a fully automated approach
Avoid Snow akes
Easier to have a full clone of production as test environment
Reducing production bugs caused by con guration differences
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 10 / 60
17. AUTOMATE DEPLOYMENTS AND
CONFIGURATION CHANGES
Large ecosystem of tools to do automatic deployments
Puppet
Chef
Saltstack
Ansible
Wikipedia OSS Con guration Management
puppet.com
www.chef.io
saltstack.com
ansible.com
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 11 / 60
18. ANSIBLE
Written in Python
Encryption and Security built in
Easy to read (Everything is YAML)
Easy to use (Extensible via modules)
Uses SSH
YAML Tool Kit
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 12 / 60
19. ANSIBLE HISTORY
Created by AnsibleWorks Inc, acquired by
Red Hat in 2015
Initial release: 20. February 2012
Stable release: 2.10.6
3.0.0 announced for the 16th of February
(two days ago)
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 13 / 60
20. A VERY IMPORTANT TERM:
IDEMPOTENCY
Mathematics
denoting an element of a set which is unchanged in value when multiplied or otherwise operated on by itself
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 14 / 60
21. IDEMPOTENCY — EXAMPLE
Add entry to hosts
Don’t add when present
Change if different
Restart services only when changes were made
Not idempotent
Idempotent
echo "192.168.1.1 cnx-websphere.example.com" >> /etc/hosts
grep -qxF '192.168.1.1 cnx-websphere.example.com' /etc/hosts ||
echo "192.168.1.1 cnx-websphere.example.com" >> /etc/hosts
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 15 / 60
22. WHAT IS ANSIBLE?
Helps automating tasks during installation and migration
Secure (SSH)
Open (tons of free playbooks)
Well documented
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 16 / 60
23. WHAT IS ANSIBLE NOT?
A GUI Tool (Get used to console!)[1]
A one click installer
1. Ansible Tower and AWX are browser tools
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 17 / 60
24. ANSIBLE INSTALLATION
pip install ansible on the machine you want to run it
Newer version than distribution package
Needs internet connection
targets need at least ssh and python installed
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 18 / 60
25. WINDOWS AND ANSIBLE
Ansible "server" needs Linux (but works with WSL)
Windows support through
Windows Remote Shell (WinRM)
SSH
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 19 / 60
26. INVENTORY INI OR YAML FORMAT
[leafs]
leaf01.example.com
leaf02.example.com
[spines]
spine01.example.com
spine02.example.com
[network:children]
leafs
spines
---
leafs:
hosts:
leaf01.example.com:
leaf02.example.com:
spines:
hosts:
spine01.example.com:
spine02.example.com:
network:
children:
leafs:
spines:
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 20 / 60
28. VARIABLES
Lots of places to de ne
Presedence important for large
environments
no hyphens in variable names!
Allowed variable
Not allowed variable
ldap_user: abc
ldap-user: abc
docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 22 / 60
29. PLAYBOOK
Run commands (so called tasks) on your inventory servers
Select servers or server groups
Roles
Tasks
Handlers
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 23 / 60
30. TASKS
Lots of modules built-in
Package install
Copy and Edit les
Create les and folders (directly and with templates)
Manage services
Command
Shell
Sudo aware
Become: true
Become_user: xyz
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 24 / 60
31. TASKS FOR DIFFERENT OS
1 or use yum
2 valid terms are Redhat | Darwin | Debian | Windows
3 or use apt
4 check OS family (Debian) or distribution
...
tasks:
- name: Install mkpasswd
package:
name: whois
state: present
when: ansible_os_family == "Redhat"
- name: Install mkpasswd
package:
name: expect
state: present
when: ansible_distribution == "Ubuntu"
1
2
3
4
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 25 / 60
32. EXAMPLE (BUILD AN ANSIBLE ROLE)
Most products of IBM or HCL need disabled SELinux during installation
So let’s disable SELinux on a host
Additional steps will be
Con gure limits.conf
Reboot after changes
Create a user
Install packages with yum
All example les can be found at
Branches named for the steps
github.com/stoeps13/ansible-examples
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 26 / 60
33. DISABLE SELINUX (INVENTORY)
inventory
1 if hostname is resolvable that is enough
Sometimes you need to add IP or SSH Port! For example
[websphere_servers]
cnx-was.stoeps.internal 1
[websphere_servers]
cnx-was.stoeps.internal ansible_host=10.0.11.101 ansible_port=2222
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 27 / 60
34. SET SELINUX TO permissive
playbook.yml
1 Run this tasks on this server group
2 Use sudo to execute command
3 sudo to user root
4 tasks (one or multiple tasks)
5 use module selinux
6 policy and state are arguments / parameters for module selinux
---
- hosts: websphere_servers
become: yes
become_user: root
tasks:
- name: ensure selinux is set to permissive
selinux:
policy: targeted
state: permissive
1
2
3
4
5
6
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 28 / 60
35. Ansible Workshop - step1
Ansible Workshop - step1
Watch later
Watch later Share
Share
0:00
0:00 /
/ 0:35
0:35
youtu.be/g8OvWIcmNgU
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 29 / 60
36. DISPLAY A MESSAGE
playbook.yml
1 register a variable to keep the status of this task
2 run only when the task had status changed
---
- hosts: websphere_servers
become: yes
become_user: root
tasks:
- name: ensure selinux is set to permissive
selinux:
policy: targeted
state: permissive
register: selinux_status
- debug:
msg: "SELinux changed. Please reboot the server to apply changes"
when: selinux_status.changed == true
1
2
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 30 / 60
37. Ansible Workshop - step2
Ansible Workshop - step2
Watch later
Watch later Share
Share
0:00
0:00 /
/ 0:12
0:12
youtu.be/HPFuliVmtBE
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 31 / 60
38. RUN REBOOT AS A TASK
playbook.yml
1 imagine multiple tasks, you’ll end up with tons of variables and complicated when clauses
---
- hosts: websphere_servers
become: yes
become_user: root
tasks:
- name: ensure selinux is set to permissive
selinux:
policy: targeted
state: permissive
register: selinux_status
- name: reboot
reboot:
msg: "Reboot initiated from Ansible"
connect_timeout: 30
reboot_timeout: 120
test_command: whoami
when: selinux_status.changed == true
1
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 32 / 60
39. Ansible Workshop - step3
Ansible Workshop - step3
Watch later
Watch later Share
Share
0:00
0:00 /
/ 0:25
0:25
youtu.be/JeeZMPitUs4
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 33 / 60
40. HANDLER
No need to register a variable
Just notify the handler (runs only when task status has changed)
1 Notify the handler that status has changed
hosts: websphere_servers
become: yes
become_user: root
tasks:
- name: ensure selinux is set to permissive
selinux:
policy: targeted
state: permissive
notify: reboot
handlers:
- name: reboot
reboot:
msg: "Reboot initiated from Ansible"
connect_timeout: 30
reboot_timeout: 120
test_command: whoami
1
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 34 / 60
41. Ansible Workshop - step4
Ansible Workshop - step4
Watch later
Watch later Share
Share
0:00
0:00 /
/ 0:29
0:29
youtu.be/OLmGwdNncUM
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 35 / 60
42. ADD MORE TASKS
1 Reuse the same handler as before (one task must be status changed for a reboot)
---
- hosts: websphere_servers
become: yes
become_user: root
tasks:
- name: ensure selinux is set to permissive
selinux:
policy: targeted
state: permissive
notify: reboot
- name: set number of open files in limits.conf
pam_limits:
domain: root
limit_type: '-'
limit_item: nofile
value: "65535"
notify: reboot
handlers:
- name: reboot
reboot:
msg: "Reboot initiated from Ansible"
connect_timeout: 30
reboot_timeout: 120
test_command: whoami
1
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 36 / 60
43. Ansible Workshop - step5
Ansible Workshop - step5
Watch later
Watch later Share
Share
0:00
0:00 /
/ 0:53
0:53
youtu.be/ya5TXDRSsHk
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 37 / 60
44. INSTALL A PACKAGE
1 flush_handler initiates the handler to run if needed, normally it runs on the end of the role/playbook
---
- hosts: websphere_servers
become: yes
become_user: root
tasks:
- name: ensure selinux is set to permissive
selinux:
policy: targeted
state: permissive
notify: reboot
- name: Reboot if necessary
meta: flush_handlers
- name: install compatibility package for installation manager
package:
name: compat-libstdc++-33.x86_64
state: present
handlers:
- name: reboot
reboot:
msg: "Reboot initiated from Ansible"
connect_timeout: 30
reboot_timeout: 120
test_command: whoami
1
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 38 / 60
45. Ansible Workshop - step6a
Ansible Workshop - step6a
Watch later
Watch later Share
Share
0:00
0:00 /
/ 0:29
0:29
youtu.be/HO1dkKlzQd0
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 39 / 60
46. REMOVED flush_handlers
Ansible Workshop - step6c
Ansible Workshop - step6c
Watch later
Watch later Share
Share
0:00
0:00 /
/ 0:24
0:24
youtu.be/B4b0LZAhl9c
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 40 / 60
47. INSTALL MULTIPLE PACKAGES
1 placeholder variable
2 all items will be installed
- name: install compatibility packages for installation manager
package:
name: "{{ item }}"
state: present
with_items:
- compat-libstdc++-33.x86_64
- compat-libstdc++-33.i686
- libstdc++.x86_64
1
2
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 41 / 60
48. Ansible Workshop - step7
Ansible Workshop - step7
Watch later
Watch later Share
Share
0:00
0:00 /
/ 2:06
2:06
youtu.be/DhGghnYgG0k
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 42 / 60
49. ADD ADDITIONAL SERVERS
1 Add a second server group
2 Add children of the servergroups to installationmanager
[websphere_servers]
cnx-was.stoeps.internal ansible_host=10.0.11.100
[web_servers]
cnx-web.stoeps.internal ansible_host=10.0.11.101
[installationmanager:children]
web_servers
websphere_servers
1
2
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 43 / 60
50. ADD SECOND HOSTGROUP
1 tasks for the new hostgroup (will install package to both server groups
---
- hosts: websphere_servers
tasks:
- name: ensure selinux is set to permissive
selinux:
[...]
handlers:
- name: reboot
[...]
- hosts: installationmanager
tasks:
- name: install compatibility package for installation manager
package:
name: "{{ item }}"
state: present
with_items:
- compat-libstdc++-33.x86_64
- compat-libstdc++-33.i686
- libstdc++.x86_64
1
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 44 / 60
51. Ansible Workshop - step8
Ansible Workshop - step8
Watch later
Watch later Share
Share
0:00
0:00 /
/ 2:22
2:22
youtu.be/P55Dp5EwpBY
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 45 / 60
52. ADD A GROUP AND A USER
1 Module needs hash, calculate with python -c "import crypt; print crypt.crypt('password')"
- name: add group for WebSphere users
group:
name: was
state: present
- name: add user for im and websphere (non_root)
user:
name: wassys
comment: WebSphere user
uid: 2000
group: was
shell: /bin/bash
state: present
password: "$6$40GE6/6h6A4UhpBT$kPtpBLe3Komc2bmadagr6S.v0/VRPJoJunEaMl5PBhAb4F5FTWsZff/6CYtTQlVm8Qa2wya4HV
1
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 46 / 60
53. Ansible Workshop - step9
Ansible Workshop - step9
Watch later
Watch later Share
Share
0:00
0:00 /
/ 0:29
0:29
youtu.be/z06fB5WRLyE
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 47 / 60
54. USE VARIABLES
Add to inventory
1 Calculate the password hash
2 register variable
3 Use stdout (output of hash command) for password hash
...
[installationmanager:vars]
was_user=wassys
was_user_password=password
- name: hash user password
shell: "python -c "import crypt; print crypt.crypt('{{ was_user_password }}')""
register: was_user_password_hash
changed_when: false
- name: add user for im and websphere (non_root)
user:
name: "{{ was_user }}"
comment: WebSphere user
uid: 2000
state: present
update_password: on_create
password: "{{ was_user_password_hash.stdout }}"
1
2
3
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 48 / 60
55. Ansible Workshop - step10
Ansible Workshop - step10
Watch later
Watch later Share
Share
0:00
0:00 /
/ 0:27
0:27
youtu.be/GPxHlQuU7N8
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 49 / 60
56. CREATE SEPARATE ROLES
playbook.yml
1 put into roles/ansible-demo2/tasks/main.yml
2 put into roles/ansible-demo2/handlers/main.yml
- hosts: websphere_servers
become: yes
become_user: root
tasks:
- name: ensure selinux is set to permissive
selinux:
policy: targeted
state: permissive
notify: reboot
...
handlers:
- name: reboot
reboot:
msg: "Reboot initiated from Ansible"
connect_timeout: 30
reboot_timeout: 120
test_command: whoami
1
2
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 50 / 60
57. VARIABLES DEFAULTS
Add a folder defaults to the role
Add used variables and their defaults
So even when you forget to de ne the variable, the role will run
ansible_demo2/defaults/main.yaml
1 add a variable and read the value from variable was_user, if not present use default wassys
2 default password
__websphere_user: "{{ was_user | default('wassys') }}"
__websphere_user_password: "{{ was_user_password | default('password') }}"
1
2
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 51 / 60
58. Ansible Workshop - step11
Ansible Workshop - step11
Watch later
Watch later Share
Share
0:00
0:00 /
/ 0:21
0:21
youtu.be/Yca0gHKOkxI
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 52 / 60
59. USE ANSIBLE VAULT TO SECURE THE
PASSWORD
move the
variables to group_vars/installationmanager.yml
passwords to group_vars/all.yaml
encrypt all.yml
ansible-vault encrypt group_vars/all.yml
ansible-playbook -i inventory playbook.yml --ask-vault-pass
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 53 / 60
60. Ansible Workshop - step12
Ansible Workshop - step12
Watch later
Watch later Share
Share
0:00
0:00 /
/ 0:34
0:34
youtu.be/Ktyy3MKeoRQ
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 54 / 60
61. RUN ANSIBLE PLAYBOOK
Manually through your shell
Ansible Tower (enterprise server, $$$)
On Windows use Windows Subsystem for Linux (WSL)
Ansible AWX
Jenkins (Pipeline)
Directly during provisioning of Vagrant and Terraform
github.com/ansible/awx
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 55 / 60
62. WHERE TO FIND ROLES?
Simple said: Download or write them
Check
Download role ansible-playbook install …
roles and collections make Ansible modular
Download complete repositories like connections-automation
galaxy.ansible.com
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 56 / 60
63. SECURITY
How do we store passwords or deployment keys
Ansible Vault
AES265 encrypted
Encrypted during ansible-playbook run
Ansible AWX
Allow users to run tasks and playbooks against hosts without having a root or user
account on it
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 57 / 60
64. WHERE TO START (LINKS)
Documentation
Books
Jeff Geerling: Ansible for Devops
Youtube
docs.ansible.com/intro_getting_started.html
github.com/orgs/ansible/people
Ansible 101 with Jeff Geerling
Build and deploy container images and containers
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 58 / 60
65. ADMINISTRATOR OR DEVELOPER
Have a look at Ansible
Saves you a ton of time
Easy to deploy
Easy to deploy different environments
Dev
QA
Test
Production
KISS
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 59 / 60
66. CONNECTIONS CUSTOMERS
Have a look at
github.com/HCL-TECH-SOFTWARE/connections-automation
OpenNTF Webinar
This work is licensed under a
Christoph Stoettner · @stoeps
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 60 / 60
67. QUESTIONS?
Use the GoToWebinar Questions Pane
Please keep all questions related to the
topics that our speakers are discussing!!!
Unrelated Question => post at:
http://openntf.slack.com/