Real World Ansible - Common Role Walkthrough
In this video we look at how we can use Ansible to install and configure all the 'common' software packages and settings that we want every single time we build or provision a new server.
For me, this is one of the best features of Ansible.
Sure, we can deploy all kinds of cool software using a combination of Ansible Galaxy and our playbooks, but having a really nice base to work from - that is until now - would have meant building a standard master image with all our common software pre-installed.
Now, reading that you may very well be thinking: what could building our server this way offer that simply using / cloning a standard master does not?
It's a good question.
We also seem to be cloning from a master image here, so how are these two setups different anyway?
Let's explore the separate processes and look at how the two situations work out.
Cloning a Pre-Built Master Image
As software developers we are taught from very early in our careers that we should keep things DRY (Don't Repeat Yourself).
A prudent move therefore, should we be in a situation where we frequently need new base server images to be provisioned, would be to install our Ubuntu Server (as an example, but it could be any other OS), patch it up to date, install all the common things we need - git, ssh, fail2ban, etc - and then shut that machine down.
We might have added in some standard user accounts, but more often than not, we would keep this machine as generic as possible.
We call that machine our Master, Gold Image, or some other fancy term.
We never use that machine directly.
Instead, every time we need it, we take a clone of that image and then customise the clone to our needs.
If we discover some time later that we should have also installed a backup agent, added in another user account, or set up a specific user group then bad news, we not only need to edit our Master image, but also our clones.
What started out as a seemingly good idea has quite quickly become a maintainence headache.
Building Using Ansible
Remember that Master image that I just slagged off? Well, we still need it. Arf.
But not quite.
We could get away with building a brand new Ubuntu Server VM (or physical, if you're so inclined / rich enough) every time we need a new build. But why bother, if cloning only takes a few seconds compared to >10 mins to build the same image we already have.
Next, we configure an Ansible Playbook to install and configure all the common tools, user accounts, settings, and anything else we need.
There is effort involved in this - one time to set it up (skip that bit if you wish by using mine), then a few tweaks in the future as you refine / improve your process.
Need to add in another user?
No problem, tweak the
defaults/main.yml - or wherever else you have your User config - and run your playbook against your entire infrastructure. Bosh. All done. No headaches.
Same goes for backup agents, user groups, additional software you forget... anything!
The rigidity is gone.
This video assumes you have been following along with the tutorial series.
If you have, watching this should hold no surprises. Either clone my repo or make your own and get started creating your perfect server config.
If you haven't watched any other videos in this series then I hope watching this opens your eyes to the power of Ansible.
The best thing is that whilst this just installs the basics, this can be the base of every other machine you build. Want a RabbitMQ server? Awesome, grab a RabbitMQ role from Ansible Galaxy and you're good to go. But even better, run your common role first and you also have a RabbitMQ with all your settings, users, groups, security tweaks... the works. Perfect, every time.
Ansible. Is. Freaking. Awesome!