5 ops tasks to do with Ansible | Opensource.com

5 ops tasks to do with Ansible

Less DevOps, more OpsDev.

gears and lightbulb to represent innovation
Image by : 
Opensource.com
x

Subscribe now

Get the highlights in your inbox every week.

In this DevOps world, it sometimes appears the Dev half gets all the limelight, with Ops the forgotten half in the relationship. It's almost as if the leading Dev tells the trailing Ops what to do, with almost everything "Ops" being whatever Dev says it should be. Ops, therefore, gets left behind, punted to the back, relegated to the bench.

I'd like to see more OpsDev happening. So let's look at a handful of things Ansible can help you do with your day-to-day Ops life. 

I've chosen to present these solutions within Ansible Tower because I think a user interface (UI) adds value to most of these tasks. If you want to emulate this, you can test it out in AWX, the upstream open source version of Tower.

Manage users

In a large-scale environment, your users would be centralised in a system like Active Directory or LDAP. But I bet there are still a whole load of environments with lots of static users in them, too. Ansible can help you centralise that decentralised problem. And the community has already solved it for us. Meet the Ansible Galaxy role users.

What's clever about this role is it allows us to manage users via datano changes to play logic required.

With simple data structures, we can add, remove and modify static users on a system. Very useful.

Manage sudo

Privilege escalation comes in many forms, but one of the most popular is sudo. It's relatively easy to manage sudo through discrete files per user, group, etc. But some folk get nervous about giving privilege escalation willy-nilly and prefer it to be time-bound. So here's a take on that, using the simple at command to put a time limit on the granted access.

Manage services

Wouldn't it be great to give a menu to an entry-level ops team so they could just restart certain services? Voila!

Manage disk space

Here's a simple role that can be used to look for files larger than size N in a particular directory. Doing this in Tower, we have the bonus of enabling callbacks. Imagine your monitoring solution spotting a filesystem going over X% full and triggering a job in Tower to go find out what files are the cause.

Debug a system performance problem

This role is fairly simple: it runs some commands and prints the output. The details are printed at the end of the run for you, sysadmin, to cast your skilled eyes over. Bonus homework: use regexs to find certain conditions in the output (CPU hog over 80%, say).

Summary

I've recorded a short video of these five tasks in action. You can find all the code on GitHub too!

Core purpose people on jungle gym.

Michael DeHaan is the guy who created, in his own words, "that Ansible thing." A lot of the things...
Open source skills

A little bit of coding knowledge can let anyone write small scripts to do these tasks and save them...

Topics

About the author

Mark Phillips - With a quarter of a century of industry experience, Mark has designed and engineered automated infrastructures at every level–from a handful of hosts in startups, to the tens of thousands in investment banks.