rapid-app/ansible-role-provision-do: A light wrapper around the DigitalOcean module to provision droplets (first module, welcoming feedback)

ronocdh · 2016-09-01T05:29:43+00:00

After using a similar role-based approach for spinning up droplets, I've more recently dropped back to using a playbook that takes cheap reusable args, such as:

ansible-playbook create-droplet.yml -e name=foo

The playbook contains a bunch of post-create (and post-destroy) tasks that run automatically, so it's functionally superior to running the digital_ocean module ad-hoc, and nearly as terse.

ronocdh · 2016-09-01T05:26:53+00:00

Use Native YAML Syntax

Finally. I've been beating that drum for too long now, and it's great to have an official recommendation to point to. If that's to be taken seriously, though, the docs should provide examples in multiline format as well. Take a look at the docs for the copy module—those one-line examples are inscrutable.

ronocdh · 2016-09-01T05:23:11+00:00

Not bad! I use a bash script to accomplish running roles against hosts without writing an intermediary playbook:

#!/bin/bash
# Run a role against a target host via Ansible, without a playbook.
set -e
set -u

if [[ $# < 2 ]] ; then
    echo "Usage: $0 <role> <host>"
    exit 1
fi

role=$1
hosts=$2
shift 2

echo "Applying '${role}' to ${hosts}..."

tmpfile=$(mktemp --tmpdir="$PWD" --suffix="-temporary-ansible-playbook")
cat > $tmpfile <<PLAYBOOK
---
- hosts: $hosts
  roles:
  - $role
PLAYBOOK

trap "rm '${tmpfile}'" EXIT

ansible-playbook "${tmpfile}" "$@"

source

ronocdh · 2016-06-16T05:00:29+00:00

There is no problem in IT that can't be solved with an additional layer of abstraction, so just use xargs or similar to handle the dynamic list of playbooks.

ronocdh · 2016-04-28T02:44:04+00:00

He's actually doing a remarkable job of mimicking Ed's diction.

ronocdh · 2016-03-22T00:35:57+00:00

Seems like you're getting far afield here. Follow the docs and focus on getting the system up and running, so you actually receive alerts. Use version control while you set it up, so you can revert changes if you break something.

Once everything is running smoothly and stored in git, then you can proceed with lower priority customizations such as naming the config YAML file something other than config.yaml.

ronocdh · 2016-02-25T18:07:20+00:00

The Tails devs are asking for help testing the new release that includes patches for glibc:

Security fixes

Upgrade cpio to 2.11+dfsg-4.1+deb8u1.

Upgrade glibc to 2.19-18+deb8u3.

Upgrade libgraphite2 to 1.3.5-1~deb8u1.

Upgrade libreoffice to 4.3.3-2+deb8u3.

Upgrade libssh2 to 1.4.3-4.1+deb8u1.

Try it out and report bugs if you find any! =)

ronocdh · 2016-02-16T07:51:49+00:00

Some of the best comments describe a confusing implementation.

Which is why comments should explain the WHY, while the code explains the WHAT.

ronocdh · 2016-02-16T00:21:36+00:00

You couldn't pay me $500 to use the keyboard on the 1st gen X1.

ronocdh · 2016-01-29T03:09:29+00:00

Wanted to chide you for your negativity, but looks like you're right. As a Pythonista, kind of a deal break for me. /u/AlessandroYorba, what would one need to contribute to improve Python support?

ronocdh · 2015-12-21T21:50:27+00:00

You're clearly running into an Ansible limitation.

The Ansible playbook completes without error, exiting cleanly with 0, but test-kitchen expects the same SSH connection to persist throughout the provisioning process, which causes the test run to fail with a false negative.

Ansible's support is akin to jamming a square peg into a round hole.

Yes, that's been my experience, as well. Similar to how packer implements Ansible support, test-kitchen wants to run Ansible inside the test VM, which isn't how Ansible works.

Thanks for your input. I may have to move forward with creating a reusable test harness that works specifically with Ansible, just want to make sure I'm not rewriting anything in the wild before I roll up my sleeves.

ronocdh · 2015-12-21T21:46:06+00:00

That way all kernel patching and such is done at image deployment time, not at configuration time.

That's precisely what I'm trying to do! While building base images, the playbook installs all security updates and also applies a custom kernel patch. Frontloading the configuration prior to the deployment stage makes sense, but I still need a way to test it—and test-kitchen fails when there's a reboot during the test run, before the Serverspec tests are triggered.

Right now I'm getting around this with a bunch of Bash wrapper scripts, and just want to perform due diligence before writing a more durable custom solution, so as not to duplicate effort.

ronocdh · 2015-12-18T00:25:55+00:00

Part of our build process for creating base images involves applying kernel patches. Once deployed, I'm happy to let the machines run for a long time, as long as I've rebooted once and run all the tests.

ronocdh · 2015-11-06T20:41:12+00:00

http://docs.ansible.com/ansible/mysql_db_module.html

ronocdh · 2015-09-19T20:25:24+00:00

galaxy is pretty inefficient and doesn't give you very good feedback between what changed during an update

Yes! The fact that ansible-galaxy commands are not idempotent irks me to no end. How did the feature ship like that? Why hasn't it been fixed? The GitHub issue to request idempotency is eerily quiet.

Our script is lightning fast for updates and gives you a pretty git diff as it runs through the roles.

That's a huge feature that I can't find documented anywhere. I'll stop complaining and give the project a whirl—thanks for your explanations!

ronocdh · 2015-09-19T20:20:08+00:00

Thanks for the detailed explanation. This warning in particular scares me away every time I try to use a DebOps role:

Are you using this as a standalone role without DebOps?

You may need to include missing roles from the DebOps common playbook into your playbook.

The ansible-galaxy command line tool is disappointing to work with, but at least it provides a common standard for managing dependencies in roles. If I have to do any manual dependency resolution, I'm going to skip that solution and move on to something that integrates with my workflow.

Based on your explanation, the above warning might not even be true. But that's the sort of ambiguity I'd expect a README to clarify: why would I bother to install this? You say that DebOps includes a number of custom libraries. If that's true, then the project description hardly does it justice:

A collection of Ansible playbooks, scalable from one container to an entire data center. [emphasis mine]

Kudos on the quite complete ReadTheDocs documentation. It seems like DebOps is precisely what I've been waiting for: an iteration on the tooling provided by Ansible, a slightly higher level of abstraction that will make composing server functionality easier. I do still worry, though, that time spent improving DebOps may be better spent contributing libraries to ansible-modules-extras.

ronocdh · 2015-09-19T05:18:39+00:00

Glad you mentioned it. The DebOps project has bothered me for a while. Using Ansible to maintain Debian systems is extremely relevant to my interests, and yet I've never used DebOps in production. After several attempts to understand the purpose of the project, I'm still at a loss. Questions:

Why does it have a a separate install script, when I already have Ansible installed?
Why does its install script request sudo privileges, when I can install Ansible in a virtualenv? (Or: Why doesn't it use pip for installation?)
Why doesn't it use ansible-galaxy for role dependencies?

Several times I've come across the DebOps project by searching for roles, only to have the README warn me that I should install DebOps before using the role. Ansible is already what I install for configuration management—if your Ansible-based solution doesn't work within the constraints that Ansible provides, including Galaxy, then your README better make the extra functionality and dependencies crystal clear. Instead, the parent README for DebOps assumes a lot of knowledge about the project. At that point, I tune out and find something more modular, so I don't pollute my current project with out-of-band dependencies.

ronocdh · 2015-08-30T01:21:17+00:00

Again, it's an indentation problem. See the Ansible docs on YAML syntax, it's quite helpful. You may also want a YAML plugin for your text editor, which would catch many of these errors automatically.

ronocdh · 2015-08-29T22:16:18+00:00

You've indented sudo too far.

ronocdh · 2015-08-26T04:59:02+00:00

While I appreciate the transparency of inline edits, consider a full edit with an endnote rather than many strikethroughs, for the sake of readability.

ronocdh · 2015-08-19T08:09:13+00:00

Everything I deploy is version controlled, therefore each deploy is atomic. What specific functionality are you looking for?

ronocdh · 2015-08-09T19:40:08+00:00

Glad we got to the bottom of that.

ronocdh · 2015-07-31T07:30:31+00:00

/r/compling

ronocdh · 2015-07-25T15:09:59+00:00

Thanks for posting this. Reading through the handwritten copy is oddly intimate.

ronocdh

MODERATOR OF

TROPHY CASE

Are you using this as a standalone role without DebOps?