15:32:14 <mizmo> #startmeeting
15:32:14 <zodbot> Meeting started Sun Aug 11 15:32:14 2013 UTC.  The chair is mizmo. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:32:14 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
15:32:17 <mizmo> ansible talk
15:32:24 <mizmo> cloud computing is changing everything
15:32:26 <mizmo> (Driving factors)
15:32:57 <mizmo> in the cloud space we're having a lot more instances where security is a great concern
15:33:00 <mizmo> ansible being based on ssh
15:33:03 <mizmo> widely known and trusted
15:33:08 <mizmo> talk a little about collab between teams
15:33:18 <mizmo> may have case between OS and let someone deploy their apps on top
15:33:24 <mizmo> build system to easily federate your config and all that good stuff
15:34:12 <mizmo> couldn't have happened without seth
15:34:17 <mizmo> project started in (jan?) 2012
15:34:24 <mizmo> the reason i was able to form company aroud this
15:34:28 <mizmo> is because of how fedora picked this up
15:34:36 <mizmo> really apprecaite that
15:34:37 <mizmo> it's taken off rapidly
15:34:42 <mizmo> now most popular config manager on github
15:34:48 <mizmo> over 2500 followers in the last year and a half
15:34:52 <mizmo> typically 10 pull requests a day
15:35:09 <mizmo> contribution not always about devs
15:35:12 <mizmo> about documentation too
15:35:18 <mizmo> to make it easy for other people to use your sw
15:35:20 <mizmo> to share it
15:35:25 <mizmo> these are all forms of contrib that we need to encourage
15:35:28 <mizmo> as we buld communities
15:35:33 <mizmo> think of your projects not just as sw and end goal
15:35:38 <mizmo> but creating a framework for ppl to come together
15:35:53 <mizmo> some ppl using puppet, some using chef
15:36:00 <mizmo> these people all use ansible
15:36:05 <mizmo> rack space is using us
15:36:07 <mizmo> work with jesse keating
15:36:16 <mizmo> really interesting stuff going on with a lot of users doing rolling update tech
15:36:29 <mizmo> for instance gawker is set up for every 15 mins they can do rolling update of infra without downtime
15:36:38 <mizmo> ansible works well with bouncers, if any batches fail it'll stop
15:36:48 <mizmo> safe way to do these really cool cont deployment type philosophies that are popular lately
15:36:51 <mizmo> why is ansible different
15:36:53 <mizmo> number one reason
15:36:56 <mizmo> it is an agentless system
15:36:58 <mizmo> it just uses openssh
15:37:02 <mizmo> most pure security component you'll find
15:37:06 <mizmo> none of our own pki
15:37:07 <mizmo> hard to do well
15:37:09 <mizmo> very hard to manage
15:37:11 <mizmo> dont require that
15:37:19 <mizmo> not on a system, no daemon running anymore
15:37:24 <mizmo> no more 400mb of vms being consumer by agent
15:37:28 <mizmo> dont have extra services running
15:37:33 <mizmo> dont have problem of how to update mgmt infrastructure
15:37:43 <mizmo> as you grow in scale youll find that having mgmt infra consistent a proble
15:37:47 <mizmo> but ssh the thing you always know is there
15:37:52 <mizmo> instantly can command infra that you already know exists
15:37:56 <mizmo> and manage thruout lifcycle
15:38:03 <mizmo> another focus is orchestration
15:38:09 <mizmo> dont necessarily need to blast command out to a lot of systems
15:38:13 <mizmo> func and other tools let you know that
15:38:13 <mizmo> eg
15:38:21 <mizmo> i want to conduct woodwinds, then have brass play, then share info between them
15:38:24 <mizmo> talk about loda balancing
15:38:33 <mizmo> before i load balance i want to talk about monitoring, backend auditing of what i did before im done
15:38:38 <mizmo> ansible supprots this - restarts services
15:38:43 <mizmo> before treloading backend
15:38:47 <mizmo> makes it easy to describe these processes
15:38:55 <mizmo> execution - multitier stuff with web serves and db servers...
15:39:00 <mizmo> dont want to have to wait 30 min for db architure
15:39:07 <mizmo> ansible is push based so you can talk to everything
15:39:11 <mizmo> this diagram something we talked about
15:39:14 <mizmo> load balancers, things like that
15:39:18 <mizmo> so arch wise, ansible unique
15:39:20 <mizmo> no serve,r no client
15:39:28 <mizmo> can run easily from your laptop and manage system you have easily over ssh
15:39:39 <mizmo> not running anything, transfers small python modules that are enforcers of the resource state the you want
15:39:47 <mizmo> eg arbitraily i can say service cobblerd.state = running
15:39:51 <mizmo> understands all diff types of services
15:39:57 <mizmo> eg systemd, classic init scripts, upstart - whatever you have
15:40:00 <mizmo> regardless of OS
15:40:04 <mizmo> will decide whether or not it needs ot make changes or not
15:40:11 <mizmo> if it needs to make those changes it will and will report on what it changed
15:40:14 <mizmo> being very simple, simple plugins
15:40:19 <mizmo> i can describe them all in a single python file
15:40:23 <mizmo> if i want i can even write in other languges
15:40:28 <mizmo> things that return json
15:40:32 <mizmo> i can write them in ruby, perl, bash
15:40:36 <mizmo> so historiclaly speaking
15:40:40 <mizmo> in it infra space, in open source
15:40:47 <mizmo> 'oh i dont like this because it's in ruby or python'
15:40:50 <mizmo> i look at ansible as general purpose
15:40:58 <mizmo> core mods are in python, allow sus to maintian them easily as a devel team
15:41:04 <mizmo> but you have the freedom to interface with any libraries you might have
15:41:07 <mizmo> so thtas good stuff
15:41:15 <mizmo> we can also pull inventory from multiple dyynamic sources
15:41:19 <mizmo> VIDEOS TREAM DOWN
15:41:52 <nb> mizmo, working oni t
15:41:59 <mizmo> thanks nb :)
15:42:05 <nb> back?
15:42:17 <mizmo> yes! THANK YOU
15:42:25 <mizmo> veyr wihtespace friendly language
15:42:26 <nb> no problem
15:42:29 <mizmo> (yay no more menu either)
15:42:33 <nb> they rebooted the camera
15:42:34 <mizmo> uses yaml to describe our...
15:42:38 <mizmo> feels a little bit like writing python
15:42:40 <mizmo> very simple language
15:42:44 <mizmo> i dont have to go back and refactor it
15:42:48 <mizmo> another thing im doing
15:42:51 <mizmo> 'batteries included'
15:42:55 <mizmo> over 130-150 modules in core now
15:43:02 <mizmo> we're following a batteries included philsophy
15:43:05 <mizmo> someone writes a module
15:43:07 <mizmo> if its a good one
15:43:11 <mizmo> we'll include it in core and everyone maintains it
15:43:25 <mizmo> say you have best poss module to supervise service module
15:43:33 <mizmo> easy to find community implementation that wroks,
15:43:44 <mizmo> rather than... with ansible we want everyone to understand playbook language well enough to write your own
15:43:49 <mizmo> and we give you the building blocks for your legos
15:44:04 <nb> +
15:44:05 <nb> `
15:44:19 <mizmo> iventory - can just make lists of systems
15:44:22 <mizmo> put them in particular groups
15:44:27 <mizmo> these are my web servers, these are my db servers
15:44:30 <mizmo> can also make groups of groups
15:44:37 <mizmo> can assign variables in these files
15:44:41 <mizmo> eg the webservers use this ntp server
15:44:44 <mizmo> can group by role, geo, or both
15:45:07 <mizmo> have different playbooks that do diff things for sytsem
15:45:15 <mizmo> so you may not familiar with this command
15:45:16 <mizmo> from func
15:45:24 <mizmo> ansible all -i stage -m ping
15:45:28 <mizmo> running the ping module against them
15:45:35 <mizmo> going to reach out, this is 'host up or down' very basic
15:45:37 <mizmo> extend it
15:45:53 <mizmo> ansible 'www' -m shell -i production --limit rdu-lab -a '/sbin/shutdown -g 20'
15:46:00 <mizmo> now i'm keeping my production and stage inventory separate
15:46:04 <mizmo> 'www' group
15:46:25 <mizmo> basically this shuts down machines - go home for xmas example, didn't bother to write a playbook for itbut can use it to run arbirtray commands
15:46:29 <mizmo> i can sdecide how many forks i want to run
15:46:33 <mizmo> rackspace easily running 750 parallel
15:46:40 <mizmo> if you have more hosts, you're not just limited
15:46:50 <mizmo> here's an example of a playbook
15:46:56 <mizmo> something called tehc ommon role
15:47:01 <mizmo> (i cant read slide so can't trasncribe that)
15:47:03 <mizmo> web role, db role
15:47:14 <mizmo> if web role were to require another role you wouldn't have to list it out in the future
15:47:17 <mizmo> lots of whitespace
15:47:21 <mizmo> simple to read, easy to grok format
15:47:29 <mizmo> so i can say talk to my db servres, my web serves, and my load balancers
15:47:31 <mizmo> CAMERA DOWN AGAIN
15:47:36 <mizmo> HALP!
15:47:56 <mizmo> nb, ianweller, spot, ^^^
15:48:16 <ianweller> mizmo: try refreshing? the buffering has been weird from what i've gathered
15:48:32 <mizmo> canon full hd system
15:48:33 <mizmo> vixia
15:48:37 <mizmo> full hd 24 mpbs processing
15:48:39 <nb> ianweller, when it goes down, the camera goes to some canon hd system screen
15:48:40 <mizmo> 32x optical zoom lens
15:48:44 <mizmo> powerful advanced zoom 51x
15:48:45 <ianweller> weeeeird
15:48:46 <nb> mizmo, should be back now
15:48:47 <ianweller> mizmo: :)
15:48:50 <mizmo> automatically selects best IS setting
15:48:52 <mizmo> YAY
15:48:53 <mizmo> \o/
15:48:54 <ianweller> best transcriptions
15:48:55 <mizmo> this is kind of an example
15:48:58 <mizmo> running a trivial playbook
15:49:00 <mizmo> what was the result
15:49:06 <mizmo> you can see because we're a parallel system
15:49:09 <mizmo> hosts come back in different order
15:49:11 <mizmo> in the end it's really nice
15:49:13 <mizmo> it gives you a summary
15:49:16 <mizmo> you can see how many resources changed
15:49:25 <mizmo> you can tell if your system drifted
15:49:28 <mizmo> if you have any prbs on your systems
15:49:40 <mizmo> dont have to waste your time undoing stuff, it'll stop if it detects failure
15:49:52 <mizmo> i can decide if i have 20 fail out of 500 hosts.. it'll let me rerun it just on those 20
15:49:56 <mizmo> until i get down to no problems
15:49:59 <mizmo> so if you want to learn more
15:50:06 <mizmo> ansible-example repo, in github.com/ansible
15:50:15 <mizmo> the idea behind ansible-examples was to get full stack of best practice examples
15:50:22 <mizmo> instead of mongo in a trivial way our mongo example is fully HA
15:50:32 <mizmo> fo rinstance we dont just deploy lamp we deploy it with a proxy config and load balacning
15:50:38 <mizmo> ha proxy not clearest way to do load balancing
15:50:41 <mizmo> netscalers, and so on
15:50:47 <mizmo> even cleaner that ha proxy example
15:51:00 <mizmo> theres also a separate repo, we kept separate to encourage contrib/forking for deploying openstack with ansible
15:51:04 <mizmo> compare to ?stack if you like
15:51:07 <mizmo> using the red hat open stack packages
15:51:18 <mizmo> someone suggested to me the other dya - wouldn't it be nice if we had an ansible version of devstack
15:51:23 <mizmo> that may be something we look into later
15:51:31 <mizmo> q: do you kinow how... usability?
15:51:33 <mizmo> A: it's usable
15:51:45 <mizmo> a: if you have probs let us know in the issue tracker (on github)
15:51:52 <mizmo> we're obviously writing a ot of devel suppor for ansible
15:51:54 <mizmo> you can also get services
15:51:58 <mizmo> we also wrote this REST api
15:52:00 <mizmo> sits on top
15:52:04 <mizmo> can get role based access control
15:52:09 <mizmo> auto logging really good scaling intergration
15:52:13 <mizmo> can find all about this on our website
15:52:17 <mizmo> talking a little bit...
15:52:20 <mizmo> cool features / roadmap
15:52:23 <mizmo> what's coming up
15:52:28 <mizmo> everything that we do is community data driven
15:52:31 <mizmo> if you have ideas, share them
15:52:36 <mizmo> and we'll kind of see where ppl are looking for things
15:52:46 <mizmo> whether thats a better firewall ... starts off with ssh, then socket server
15:52:49 <mizmo> for faster connections
15:52:52 <mizmo> thats going to be in 1.3
15:52:55 <mizmo> also adding deps and roles
15:53:03 <mizmo> lots of improvements in how handling works, lots of new params on modules
15:53:08 <mizmo> 15-30 modules every single release
15:53:14 <mizmo> about 2 month cycles, do time based releases
15:53:18 <mizmo> definitely share your ideas and get involved
15:53:20 <mizmo> #ansible in freenode
15:53:24 <mizmo> 360 some odd ppl in there
15:53:27 <mizmo> good place to bounce ideas around
15:53:33 <mizmo> there is also a google group
15:53:35 <mizmo> also recommend joining
15:53:37 <mizmo> <can't read link>
15:53:42 <mizmo> documentation... structured text format
15:53:45 <mizmo> easy to dive in and contribute
15:53:49 <mizmo> built with sphinx
15:53:52 <mizmo> nice python tech
15:53:55 <mizmo> python ppl, very big for us
15:54:09 <mizmo> traditionally we used ?? when we started, then supported openssh directly which we prefer
15:54:13 <mizmo> would like to see ?? in recent rhel
15:54:23 <mizmo> some of ther hel machines will detect you dont have that and default to ?? for perf reasons
15:54:25 <mizmo> it's quite fast
15:54:30 <mizmo> for fedora you dont have that prob
15:54:33 <mizmo> only applies to control machine
15:54:36 <mizmo> also, django
15:54:44 <mizmo> django s framework been awesome for us, really nice graphical browseable api
15:54:48 <mizmo> CAM DOWN
15:54:53 <mizmo> \o/ CAM DOWN \o/
15:54:54 <nb> cam should be back now
15:55:09 <mizmo> nope
15:55:13 * mizmo refreshes again
15:55:33 <mizmo> no memory card (!)
15:55:35 <mizmo> does it work on windows
15:55:36 <mizmo> not right now
15:55:42 <mizmo> we'll be supporting something where you can write modules in power shell
15:55:45 <mizmo> i want something that's really native
15:55:52 <mizmo> that doesnt require installing extra agents on windows machines
15:55:58 <mizmo> for actually runing control machine, not something we're too interested in
15:56:05 <mizmo> q: ? key - authentication
15:56:11 <mizmo> a: we do support ssh keys but we also do passwords
15:56:17 <mizmo> could ask for your password or sudo password
15:56:19 <mizmo> we don't require root
15:56:26 <mizmo> can log into as you and sudo as postgres, or whatever
15:56:30 <mizmo> also really easy to integrate with kerb
15:56:34 <mizmo> any config you want, even freeipa
15:56:35 <mizmo> can plus into those
15:56:41 <mizmo> the connections are deployable as well
15:56:48 <mizmo> q: rsh?
15:57:06 <mizmo> q: has anybody tried to write tools for puppet to ansible config conversion
15:57:07 <mizmo> a: prolly not
15:57:18 <mizmo> a: one of the things you might try is blueprint to dump ansible from system that's already config
15:57:27 <mizmo> but i generally think most of the config is going tobe cleaner if you dont try straight cofig
15:57:31 <mizmo> but a lot of modules mostly the same
15:57:34 <mizmo> should not tak ea hwole lot to port over
15:57:41 <mizmo> i actually worked for puppet labs for a short period of time
15:57:51 <mizmo> resource model - service name = state. foo from ansible is directly portable
15:57:57 <mizmo> q: reference of people, lessons learned etc
15:58:04 <mizmo> a: so yeah... for ppl that are migrating, any lessons learned, tips
15:58:22 <mizmo> a: we have best practices for starting out with ansible on website, applies to that situation
15:58:33 <mizmo> a: thing that's intersting too, article about tumblr, they were using func
15:58:41 <mizmo> they had to glue it together using puppet and cobbler and other things
15:58:51 <mizmo> one of the things that led to ansible - it's kind of bad that you have to staple these together
15:58:57 <mizmo> if every biz has to do that it's a lot of effort
15:59:06 <mizmo> so no i think it's very favorable (To do conversion)
15:59:11 <mizmo> try everything and see what you like
15:59:17 <mizmo> any other q's?
15:59:18 <mizmo> all right
15:59:22 <mizmo> again thank you very much
15:59:28 <mizmo> swing by after or at lunch if you want to talk more
15:59:29 <mizmo> thank you
15:59:33 <mizmo> <applause>
15:59:37 <mizmo> #endmeeting