Get the highlights in your inbox every week.
5 ops tasks to do with Ansible | Opensource.com
5 ops tasks to do with Ansible
Less DevOps, more OpsDev.
In this DevOps world, it sometimes appears the Dev half gets all the limelight, with Ops the forgotten half in the relationship. It's almost as if the leading Dev tells the trailing Ops what to do, with almost everything "Ops" being whatever Dev says it should be. Ops, therefore, gets left behind, punted to the back, relegated to the bench.
I'd like to see more OpsDev happening. So let's look at a handful of things Ansible can help you do with your day-to-day Ops life.
I've chosen to present these solutions within Ansible Tower because I think a user interface (UI) adds value to most of these tasks. If you want to emulate this, you can test it out in AWX, the upstream open source version of Tower.
In a large-scale environment, your users would be centralised in a system like Active Directory or LDAP. But I bet there are still a whole load of environments with lots of static users in them, too. Ansible can help you centralise that decentralised problem. And the community has already solved it for us. Meet the Ansible Galaxy role users.
What's clever about this role is it allows us to manage users via data—no changes to play logic required.
With simple data structures, we can add, remove and modify static users on a system. Very useful.
Privilege escalation comes in many forms, but one of the most popular is sudo. It's relatively easy to manage sudo through discrete files per user, group, etc. But some folk get nervous about giving privilege escalation willy-nilly and prefer it to be time-bound. So here's a take on that, using the simple at command to put a time limit on the granted access.
Wouldn't it be great to give a menu to an entry-level ops team so they could just restart certain services? Voila!
Manage disk space
Here's a simple role that can be used to look for files larger than size N in a particular directory. Doing this in Tower, we have the bonus of enabling callbacks. Imagine your monitoring solution spotting a filesystem going over X% full and triggering a job in Tower to go find out what files are the cause.
Debug a system performance problem
This role is fairly simple: it runs some commands and prints the output. The details are printed at the end of the run for you, sysadmin, to cast your skilled eyes over. Bonus homework: use regexs to find certain conditions in the output (CPU hog over 80%, say).
I've recorded a short video of these five tasks in action. You can find all the code on GitHub too!