Python for Configuration Management (with Ansible)

• Aaron Brady
• http://insom.me.uk
• http://www.insom.me.uk/post/pycon-talk.html (slides, links to code etc)
• responsible for 400 hosts, python developer
• originally using puppet

What is Ansible

• “radically simple”
• “automate in a language that approaches plain English, using SSH, with no agents to install”
• yaml
• use existing ssh
• GPLv3 (with important exception, BSD license for reuse)
• more procedural, script, python

ansible -a 'uname -n' -o -u iweb -s 'b*web1'

puppet-style invoation

playbook example

- hosts: all
  tasks:
  - name: disable auto reboots
    lineinfile:
      dest: /etc/apt/...
      state: present
      regexp: ^Unattended...
      xyz:

Write own modules (in any language, python most common). Example given, looks pretty easy.

Can use jinja template in yaml

...
host: {{ item.host }}
name: {{ item.user }}
password: {{ lookup('hash', item.user) }}
priv: {{ item.database }}.*:ALL

the hash lookup is custom - generate password from secret

Dependencies:

• clients - python 2.4 + simplejson, or python 2.5+
• controller - python 2.6+

Can run ansible through API if you want, but command line tool is easy. Can set up inventory, callbacks, choose which yaml file ... Could then do this in a web app (but want to run outside of the rendering thread - eg celery)

Very responsive community. iweb ran HEAD for a while - vagrant is useful for running code against to test. It was worth throwing away 3-year old puppet set up.

Questions:

key management, user management ...