#ansible

Discussions related to ansible configuration management

2019-10-03

ruan.arcega

hi guys i got this error when i ran my ansible playbook

ruan.arcega

any advice?

ruan.arcega

i resolved it, setting selinux for disabled status

$ /usr/sbin/getenforce
Disabled

2019-09-11

Szymon

Hi, anyone here using molecule and docker for Ansible testing? How you deal with steps like cloning private git repository?

2019-08-09

2019-07-17

Blaise Pabon
ARA Records Ansible | ara.recordsansible.org

ARA Records Ansible playbook runs and makes the recorded data available and intuitive for users and systems.

mrwacky

Neat. Too bad we’re drifting towards a Dockerverse where we do not run Ansible much any more.

ARA Records Ansible | ara.recordsansible.org

ARA Records Ansible playbook runs and makes the recorded data available and intuitive for users and systems.

Jonathan Le

…Yeah. I haven’t touched Ansible in ages.

2019-07-08

Abel Luck

what’s the draw of gomplate over confd?

Abel Luck

one issue we’ve had with this quasi-immutable amis + confd approach is dependency order.. a ssm value gets changed, but the instance isnt rebooted (or the service on it restarted)

Erik Osterman

I would strongly caution against automatic restarts of services as one wrong value and you nuke your cluster

Erik Osterman

That’s why Kubernetes for example takes a rolling restart approach. Changes to config Maps are not immediate. Pods need to be explicitly restarted.

2019-07-01

Abel Luck

do you all bake amis with config secrets too? we’ve been deploying quasi-immmutable machines that pull config from ssm param store via confd

Erik Osterman

Confd is a nice approach

Erik Osterman

Gomplate also supports SSM.

Erik Osterman

Or you can just have your ansible scripts use environment variables and call ansible with chamber

Erik Osterman

All options support headless operation

Erik Osterman

Definitely discourage baking secrets into images as rotation is painfully slow and keeping an immutable “log” of secrets is not advisable

Erik Osterman

(Also, goes without saying, all suggestions assume use of IAM instance profiles to obtain STS access credentials)

2019-06-26

dustinvb

Not thrilled at the workflow proposed but would prefer to be on board with the two companies approach to work “Better Together” May need to set this up sometime on my own to explore an example.

tamsky

@dustinvb it sounds like you understand the ansible runtime environment differences … one is at packer-time (building AMI/docker images) and the other is at instance-launch-time via terraform’s ansible provisioner {} ?

tamsky

In my “immutable infrastructure” best-case universe, I don’t use or reccomend terraform’s provisioner feature.

2
tamsky

Based on that immutable approach, I typically recommend doing all provisioning in packer. And if you need to do some boot time configuration, configure the AMI to use cloud-init’s cloud-config to perform those boot time actions.

2
oscarsullivan_old

^ this

oscarsullivan_old

I cant remember what but I remember reading something negative about Terraforms ansible provisioner

oscarsullivan_old

So I also bake immutable machines with packer ahead of time. Best part is if I REALLY need to run something against some EC2s I can just run the playbook directly.. say urgently offboarsing an ssh key.

2019-06-25

dustinvb

Anyone have an example playbook that I can review that does Packer + Terraform? The model Ansible has now is not what I’m used to traditionally. I did review the Ansible provisioner above but given what I am reading the model for Ansible is invoking Packer and Terraform.

Erik Osterman

@tamsky

dustinvb

I just need to understand the playbook… Coming from a guy that has 0 Ansible experience.

Erik Osterman

@oscarsullivan_old are you using packer?

oscarsullivan_old

Yuss

oscarsullivan_old

But I invoke it with a simple shell script and a standard packer json file. It’s not being handled by ansible

oscarsullivan_old

Oh I read Dustin’s message. @dustinvb do you mean an example where packer calls a playbook?

My workflow: Bash script to invoke packer Packer reads packer Json file Packer builds AWS EBS AMI using ansible

dustinvb

The workflow as describe by Ansible and HashiCorp here: https://www.hashicorp.com/resources/ansible-terraform-better-together

Ends up with Ansible becoming the control plane that consumes Packer and Terraform. I am used to the opposite with any other config management tooling.

I’d like to see an Ansible playbook that would call Packer with the packer.json and then provision that image with Ansible and also the same approach with Ansible using the Terraform module and .tf file and provisioning that VM instance once it as started. As I understand it this is the flow prescribed by the two companies.

Ansible and Terraform: Better Together

Learn how users of the HashiCorp stack can use Ansible to achieve their goals of an automated enterprise—through complimentary security, image management, post provisioning configuration, and integrated end to end automation solutions.

oscarsullivan_old

Ah ok. Well I don’t call Terraform with Ansible so haven’t checked out their modules, but ansible is usually quick to grasp new modules.

I’m afraid I dont have the examples you’re looking for as I use bash to create the packer (ansible) AMI and then bash again to run terraform to go and use that packer baked AMI.

2019-06-21

Abel Luck

anyone know why ansible_date_time returns a value in the past?

Abel Luck

it seems to return the time of the first run of the playbook

2019-06-20

rohit kast

https://github.com/cloudposse/terraform-null-ansible how do I add multiple hosts to a group in dynamic inventory?

cloudposse/terraform-null-ansible

Terraform Module to run ansible playbooks. Contribute to cloudposse/terraform-null-ansible development by creating an account on GitHub.

2019-06-06

Blaise Pabon
ansible-community/ansible-bender

ansible-playbook + buildah = a sweet container image - ansible-community/ansible-bender

2019-04-23

2019-04-19

Erik Osterman
adammck/terraform-inventory

Terraform State → Ansible Dynamic Inventory. Contribute to adammck/terraform-inventory development by creating an account on GitHub.

2
EdBizarro

I use this on my projects, very useful

adammck/terraform-inventory

Terraform State → Ansible Dynamic Inventory. Contribute to adammck/terraform-inventory development by creating an account on GitHub.

2
Erik Osterman

@oscarsullivan_old stumbled across this by accident

Erik Osterman
radekg/terraform-provisioner-ansible

Marrying Ansible with Terraform 0.11+. Contribute to radekg/terraform-provisioner-ansible development by creating an account on GitHub.

2019-04-16

oscarsullivan_old

Thoughts on skipping host checking in Ansible / SSH?

Inventories have host names which are on R53. Host checking adds a chance to see the hosts have maybe ‘maliciously’ changed IP in DNS… however with IaC the IPs change regularly so how could you tell the change was malicious.

Erik Osterman

Yea it’s impractical to use host checking on dynamic infrastructure

Erik Osterman

Best to disable it in SSH config

1

2019-01-08

Joe Presley
03:00:37 PM

@Joe Presley has joined the channel

2019-01-03

puru
04:13:08 PM

@puru has joined the channel

2018-12-14

08:54:03 PM

@ has joined the channel

2018-12-12

Andrii
08:30:33 PM

@Andrii has joined the channel

09:12:02 PM

@ has joined the channel

2018-12-10

08:00:47 AM

@ has joined the channel

2018-12-08

richwine
01:51:26 PM

@richwine has joined the channel

2018-12-05

11:45:39 AM

@ has joined the channel

mallen
09:21:36 PM

@mallen has joined the channel

2018-12-04

2018-11-30

08:15:15 AM

@ has joined the channel

Pablo Costa
01:39:07 PM

@Pablo Costa has joined the channel

mrwacky
05:26:42 PM

@mrwacky has joined the channel

catdevman

@tamsky I have never used systemd in docker that is interesting idea. So to go a little deeper into how we are layering out images it goes like this base -> application -> code each of those have it’s own repository so I can update and play around with making underlaying dependencies changes in the system level stuff under application and then we always layer code over that . Last step we have tests which I am mostly using goss currently but that takes the code repo image and installs testing framework over it and runs them then that last step “could” give the green light in a CI/CD pipeline

tamsky

which CICD pipline do you use? I always wonder how folks arrange cascading dependencies between packer configs

catdevman

I use Jenkins.

tamsky


I have never used systemd in docker that is interesting idea.

Ok article describing one group’s setup: http://t0t0.github.io/internship%20week%207/2016/03/30/cloud-config-docker.html

ndobbs
09:36:26 PM

@ndobbs has joined the channel

09:36:26 PM

@ has joined the channel

09:36:39 PM

@ has joined the channel

Erik Osterman
11:20:54 PM

@Erik Osterman set the channel topic:

2

2018-11-29

Erik Osterman
10:31:53 PM

@Erik Osterman has joined the channel

Erik Osterman
10:31:54 PM

@Erik Osterman set the channel purpose: Discussions related to ansible configuration management

tamsky
10:31:54 PM

@tamsky has joined the channel

catdevman
10:31:54 PM

@catdevman has joined the channel

tamsky

thanks!

aknysh
10:35:21 PM

@aknysh has joined the channel

tamsky

I need to put my notes together but basically I’ve been enabling the OS-default /bin/init, after which I can test packer->docker+systemd->ansible playbooks pipelines that install/configure system services. CentOS publishes theirs at https://hub.docker.com/_/centos/ under “Dockerfile for systemd base image”. Right now I’m trying to see if I can walk this strategy all the way back to amazonlinux:1 and enable upstart.

tamsky

https://hub.docker.com/r/solita/ubuntu-systemd/ lays out many of the same ideas I had under their heading “But Why?”:

  • You want to test a provisioning or deployment script that configures and starts systemd services.
Erik Osterman

would love to get a demo of this stuff later….

Erik Osterman

also makes me think we should do an #lax meetup for show & tell

pigglesticks
07:02:17 AM

@pigglesticks has joined the channel

    keyboard_arrow_up