Ansible

I have been using Ansible for a long time now. I will try to explain why and how I use it.

Goals

  1. Training is an indispensable part for personal or profesional experiences.
    For different reasons, it is not always easy to give time to it.

  2. When I write an Ansible role, I try to make it complete and idempotent.
    This forces me to have a full knowledge on how a tool operates.

  3. To avoid manual actions, I want to be able to manage my whole infrastructure with Ansible:

    • tools and services
    • links and flows between the different elements
    • security
  4. I want to add some security layers (to the best I can):

    • there will be users for services and users for data
    • unix rights will be strict (if groups are not shared or if there is no privileges escalation: no visilibity on other users data)
    • resource management (using cgroups and systemd or the limits.conf file from OpenBSD)
    • SSL for all communications
  5. To find potential errors, I deploy all my roles in different environments:

    • a shared host
    • in the cloud (AWS for the moment)

Of course, I don’t shrug immutability off. It’s a also key part of a sane infrastructure but it requires a fully-working one (from packaging to alerting).

And it, thus, requires more tools like Terraform, Packer or other tools like that. But as I don’t have much time, I won’t use them each time.

Results

I therefore write my roles to answer those needs and they are available here: https://git.t18s.fr/.

The playbooks I used to deploy everything on my infrastructure are here: https://git.t18s.fr/ansible-playbooks/.

All roles and playbooks answer my own needs. I try to make them abstract but it is impossible to make them work in all use-cases.
It is thus possible that they won’t work as you wish: be prepared.

I hope however they can be used as a basis to your own developments.

Roadmap

The roles and playbooks I’ve made allow me to deploy:

From my initial plans, I still need to: