https://opensource.com/article/18/8/ansible-playbooks-you-should-try
Streamline and tighten automation processes in complex IT environments with these Ansible playbooks.
Image by :
opensource.com
In
a complex IT environment, even the smallest tasks can seem to take
forever. Sprawling systems are hard to develop, deploy, and maintain.
Business demands only increase complexity, and IT teams struggle with
management, availability, and cost.
How do you address this complexity and while meeting today's business demands? There is no doubt that Ansible can improve your current processes, migrate applications for better optimization, and provide a single language for DevOps practices across your organization. More importantly, you can declare configurations through Ansible playbooks, but they orchestrate steps of any manual ordered process, even as different steps must bounce back and forth between sets of machines in particular orders. They can launch tasks synchronously or asynchronously.
While you might run the main
Here are four Ansible playbooks that you should try to further customize and configure how your automation works.
Hopefully, these tips and snippets of Ansible playbooks have provided some interesting ways to use and extend your automation journey.
How do you address this complexity and while meeting today's business demands? There is no doubt that Ansible can improve your current processes, migrate applications for better optimization, and provide a single language for DevOps practices across your organization. More importantly, you can declare configurations through Ansible playbooks, but they orchestrate steps of any manual ordered process, even as different steps must bounce back and forth between sets of machines in particular orders. They can launch tasks synchronously or asynchronously.
While you might run the main
/usr/bin/ansible program
for ad-hoc tasks, playbooks are more likely to be kept in source control
and used to push out your configuration or ensure the configurations of
your remote systems are in spec. Because the Ansible playbooks are
configuration, deployment, and orchestration language, they can describe
a policy you want your remote systems to enforce or a set of steps in a
general IT process.Here are four Ansible playbooks that you should try to further customize and configure how your automation works.
Managing Kubernetes objects
When you perform CRUD operations on Kubernetes objects, Ansible playbooks enable you to quickly and easily access the full range of Kubernetes APIs through the OpenShift Python client. The following playbook snippets show you how to create specific Kubernetes namespace and service objects:- name: Create a k8s namespace k8s: name: mynamespace api_version: v1 kind: Namespace state: present - name: Create a Service object from an inline definition k8s: state: present definition: apiVersion: v1 kind: Service metadata: name: web namespace: mynamespace labels: app: galaxy service: web spec: selector: app: galaxy service: web ports: - protocol: TCP targetPort: 8000 name: port-8000-tcp port: 8000 - name: Create a Service object by reading the definition from a file k8s: state: present src: /mynamespace/service.yml # Passing the object definition from a file - name: Create a Deployment by reading the definition from a local file k8s: state: present src: /mynamespace/deployment.yml
Mitigate critical security concerns like Meltdown and Spectre
In the first week of January, two flaws were announced: Meltdown and Spectre. Both involved the hardware at the heart of more or less every computing device on the planet: the processor. There is a great in-depth review of the two flaws here. While Meltdown and Spectre are not completely mitigated, the following playbook snippets show how to easily deploy the patches for Windows:You can also find other playbooks for Linux.- name: Patch Windows systems against Meltdown and Spectre hosts: "{{ target_hosts | default('all') }}" vars: reboot_after_update: no registry_keys: - path: HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management name: FeatureSettingsOverride data: 0 type: dword - path: HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management name: FeatureSettingsOverrideMask data: 3 type: dword # https://support.microsoft.com/en-us/help/4072699 - path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat name: cadca5fe-87d3-4b96-b7fb-a231484277cc type: dword data: '0x00000000' tasks: - name: Install security updates win_updates: category_names: - SecurityUpdates notify: reboot windows system - name: Enable kernel protections win_regedit: path: "{{ item.path }}" name: "{{ item.name }}" data: "{{ item.data }}" type: "{{ item.type }}" with_items: "{{ registry_keys }}" handlers: - name: reboot windows system win_reboot: shutdown_timeout: 3600 reboot_timeout: 3600 when: reboot_after_update
Integrating a CI/CD process with Jenkins
Jenkins is a well-known tool for implementing CI/CD. Shell scripts are commonly used for provisioning environments or to deploy apps during the pipeline flow. Although this could work, it is cumbersome to maintain and reuse scripts in the long run. The following playbook snippets show how to provision infrastructure in a Continuous Integration/Continuous Delivery (CI/CD) process using a Jenkins Pipeline.--- - name: Deploy Jenkins CI hosts: jenkins_server remote_user: vagrant become: yes roles: - geerlingguy.repo-epel - geerlingguy.jenkins - geerlingguy.git - tecris.maven - geerlingguy.ansible - name: Deploy Nexus Server hosts: nexus_server remote_user: vagrant become: yes roles: - geerlingguy.java - savoirfairelinux.nexus3-oss - name: Deploy Sonar Server hosts: sonar_server remote_user: vagrant become: yes roles: - wtanaka.unzip - zanini.sonar - name: On Premises CentOS hosts: app_server remote_user: vagrant become: yes roles: - jenkins-keys-config
Starting a service mesh with Istio
With a cloud platform, developers must use microservices to architect for portability. Meanwhile, operators are managing extremely large hybrid and multi-cloud deployments. The service mesh with Istio lets you connect, secure, control, and observe services instead of developers through a dedicated infrastructure such as an Envoy sidecar container. The following playbook snippets show how to install Istio locally on your machine:--- # Whether the cluster is an Openshift (ocp) or upstream Kubernetes (k8s) cluster cluster_flavour: ocp istio: # Install istio with or without istio-auth module auth: false # A set of add-ons to install, for example kiali addon: [] # The names of the samples that should be installed as well. # The available samples are in the istio_simple_samples variable # In addition to the values in istio_simple_samples, 'bookinfo' can also be specified samples: [] # Whether or not to open apps in the browser open_apps: false # Whether to delete resources that might exist from previous Istio installations delete_resources: false
Conclusion
You can find full sets of playbooks that illustrate many of these techniques in the ansible-examples repository. I recommend looking at these in another tab as you go along.Hopefully, these tips and snippets of Ansible playbooks have provided some interesting ways to use and extend your automation journey.
No comments:
Post a Comment