Real life working examples are some of the most useful things when learning a new system. The more – the better. That’s why this git repository of the Ansible setup for the Fedora project is a pure gold mine. It is large. It is complex. It covers a whole lot of things. But most importantly, it is alive and well tested.
Category: Linux
Linux is my primary operating system. I used it on the servers, desktops, laptops, netbooks, and even mobile phones since approximately 1997. I’ve tried a number of distributions over the years, and even created a couple myself. I still look around sometimes to see what others are up to. But most of my machines are running some sort of Red Hat – either a quick and easy Fedora Linux, or a stable and secure Red Hat Enterprise Server, or a cheaper CentOS alternative.
And while by now I am very comfortable in the Linux environment (both graphical and command line), I still discover a lot of new and interesting things about it. When I come across something worthy, I usually share it with the rest of the Open Software world, using this category.
First attempt at Ansible
After all the reading about Ansible that I’ve done yesterday, I woke up today with a strong will to try it out. Running a few “hello world” examples wasn’t illustrative enough, so I decided to migrate my dotfiles repository from Puppet to Ansible. This would provide just enough complexity to try things out, without any danger of breaking things horribly.
I’m proud to say that it took me only about two-three hours of trying things out to complete this task. In the process, the following things were tried:
- Ansible best practices
- Playbooks (site.yml)
- Roles (dotfiles, fonts, vim, git)
- Tasks (file system operations, package installation, git repositories)
- Tags (I’m using files, packages, network)
- Loops (file globs, ad hoc items, pre-defined lists)
- Filters (basename is super handy)
- Inventories (mostly for variables, but played around with hosts too)
- Variables (lists definitions for tasks, variables for templates)
- Templates (.gitconfig with the user name, email, and GitHub username).
One of the things that I haven’t tried yet is using non-core modules (Ansible Galaxy, etc). I will, eventually. But for now I have to say that Ansible provides enough functionality out of the box to run the most common tasks.
When I was done, the resulting change set had (according to diffstat):
- 213 files changed,
- 2,177 lines inserted,
- 11,975 lines deleted.
The majority of these changes were, of course, the removal of Puppet modules from the repository, not the actual configurations.
My initial impressions are:
- Ansible is indeed much easier and simpler to get started with. Maybe because I’ve already been through the configuration management initiation with Puppet.
- Like any other system, it has its quirks, which will need time to get used to. For example, recursively coping a directory locally is not as easy as you might think.
- YAML is not as bad as it looks, once you’ve been editing it for a couple of hours non-stop.
Overall, I’m pretty happy with how it goes. Next up – trying it out for provisioning some of my servers. And then, if all goes well, using it for project deployment as well.
Checking out Ansible. Sorry Puppet
It’s Thursday evening of a particularly difficult week at work. Tomorrow is a public holiday, effectively making this – a Friday. My brain is blank and exhausted, so I can’t do anything productive. And I’m too tired to go out. But I can still learn a thing or two.
First things first – cancel the external noise. I want something loud, but not too intensive, and with no words in it. So this 2 hour blues instrumental collection comes in handy. Start the playback, put the headphones on, and push the volume up.
Now. Here’s something I wanted to look into for quite some time – Ansible configuration manager.
Continue reading Checking out Ansible. Sorry Puppet
Universal Install Script
WTF with Amazon and TCP
Here goes the story of me learning a few new swear words and pulling out nearly all my hair. Grab a cup of coffee, this will take make a while to tell…
First of all, here is a diagram to make things a little bit more visual.
As you can see, we have an office network with NAT on the gateway. We have an Amazon VPC with NAT on the bastion host. And then there’s the rest of the Internet.
The setup is pretty straight forward. There are no outgoing firewalls anywhere, no VLANs, no network equipment – all of the involved machines are a variety of Linux boxes. The whole thing has been working fine for a while now.
A couple of weeks ago we had an issue with our ISP in the office. The Internet connection was alive, but we were getting extremely high packet loss – around 80%. The technician passed by, changed the cables, rebooted the ADSL modem, and we’ve also rebooted the gateway. The problem was fixed, except for one annoying bit. We could access all of the Internet just fine, except our Amazon VPC bastion host. Here’s where it gets interesting.
Continue reading WTF with Amazon and TCP