O slideshow foi denunciado.
ANSIBLE + DOCKER
MAKE CHEF AND
John Minnihan @jbminn
why listen to me?
INVENTED HOSTED REPOS IN ’99
CREATED LOTS OF INFRASTRUCTURE
MY SYSTEMS MANAGE 2B+ LOC
CAN JUMP A MOTORCYCLE 75 FEET
I noticed an increased number of mentions of Ansible + Docker.
‘Ansible + Docker’ queries have
gone from zero to lots in 6 months
Docker + Ansible took off like a
rocket delivering groceries to a
They’re easier to use and produce portable & immutable outcomes.
(ssh + LXC + cgroups)
With the advent & quick rise of Docker and
Ansible, engineers can now configure an
environment once, save it into a container
and rapidly reuse that container hundreds
(or thousands) of times without additional
When additional config is necessary, for example
for run-time changes that can't be preset, Ansible
can be used to accomplish this with lightweight
data description files requiring nothing more than
ssh. This can be done either to the container's
dockerfile before it is launched or can be done
inside the container post-launch.
The need for complex client-server-agent
arrangements like those in Chef or Puppet
goes away. Chef and Puppet were great
transition schemes that bridged the config
management gap, but that gap has been firmly
+ completely closed by Docker + Ansible.
But what makes Ansible + Docker’s emergence
an inflection point is what’s also occurring in the
Chef + Puppet user space - right now.
This talk could stop right here.
“I DIDN’T SIGNUP TO MANAGE
MY MANAGEMENT SYSTEM”
“WHY DO I HAVE TO KEEP
UPGRADING THE AGENTS?”
“SPINNING UP VMS TAKES A LOT
OF TIME & ADDS NO VALUE.”
“CAN’T THIS BE RUN ONCE & JUST
WORK EACH TIME I NEED IT?”
“I NEVER DID GET EITHER CHEF
OR PUPPET TO ACTUALLY WORK.”
what people are saying
show me the code
there are 38,000 tutorial results for ansible
and 394,000 tutorial results for docker
….and there are 6 talks here at Gluecon on either ansible or docker or both.
Seek out the data + make an informed decision.
here’s what I think is
THERE’S A LOT OF WORK
JUST GETTING CHEF OR
chef server install page:679
chef client install page:1569
ansible install page: 145
ansible client install page: 0
TO INSTALL ANSIBLE, CLONE THE
REPO + CREATE AN INVENTORY.
YOU’RE READY TO RUN AD-HOC
TO INSTALL CHEF, DOWNLOAD
THE RIGHT CLIENT + SERVER
INSTALLERS, INSTALL THEM &
THEN WRITE A SCRIPT.
THERE’S ALSO A BIG
DIFFERENCE IN THE
ANSIBLE IS AGENTLESS. IT
NEEDS ONLY SSH ON TARGET
SYSTEMS TO FUNCTION
CHEF + PUPPET EACH REQUIRE
SEPARATELY RUNNING SERVER
& CLIENTS BEFORE ANY WORK
CAN BE DONE
ANSIBLE’S GOAL-ORIENTED TASKS
ENSURE WORK IS COMPLETED BY
IDEMPOTENCE, BUT IT
DOESN’T ENFORCE IT
ANSIBLE PLAYBOOKS ARE SIMPLE
DATA DESCRIPTIONS OF YOUR
THE DESIRED END-STATE
CHEF RECIPES ARE RUBY
SCRIPTS. THAT’S NOT A BIG
DEAL IF YOU KNOW RUBY.
what about docker?
EVERYTHING REQUIRED FOR A
CONTAINER IS IN ITS DOCKER
FILE, ENSURING A BASE STATE
CHEF DOES NOT PRESCRIBE A
BASE STATE. SYSTEMS CAN
DRIFT IF TARGET SYSTEMS ARE
EVEN SLIGHTLY DIFFERENT
DOCKER CONTAINERS SPIN
UP IN < 2 SECONDS. NEED A
CHANGE? BUILD A NEW
VMS TAKE MINUTES TO
If you remember nothing else, remember the next two slides
BLAH, BLAH, BLAH
ANSIBLE IS AGENTLESS
This is a huge, game-changing difference.
ARE IMMUTABLE & REUSABLE.
Build once, run anywhere. Really.
• Why Docker? Why Not Chef? - http://blog.relateiq.com/why-docker-why-not-
• The Walking Skeleton with Docker & Ansible -
• “After 4 years of heavy Chef usage, the infrastructure as code mentality
becomes really tedious.” - http://thechangelog.com/ansible-docker/
• “I've used Puppet for over a year, and prefer @ansible after one afternoon.”
• https://twitter.com/jbminn/favorites - login to twitter to see those