case study: ansible and nasa
TRANSCRIPT
![Page 1: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/1.jpg)
CASE STUDIES: NASA AND FRIENDS
Greg DeKoenigsberg (@gregdek)
![Page 2: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/2.jpg)
GOOD MORNING!(Who are you?)
![Page 3: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/3.jpg)
THIS IS A TALK FOR BUSINESS FOLKS(But we can go anywhere you like!)
![Page 4: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/4.jpg)
ANSIBLE USERS HAVE A LOT OF USE CASESLet's talk about a few of them today.
![Page 5: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/5.jpg)
WHAT IS ANSIBLE, ANYWAY?
![Page 6: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/6.jpg)
CONFIGURATION MANAGEMENTKinda like Puppet / Chef
![Page 7: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/7.jpg)
ORCHESTRATIONKinda like mCollective
![Page 8: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/8.jpg)
APPLICATION DEPLOYMENTKinda like... Fabric / Capistrano
![Page 9: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/9.jpg)
ALL OF THESE THINGS TOGETHERKinda like... nothing
![Page 10: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/10.jpg)
\"FANCY SSH FOR-LOOP\"
![Page 11: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/11.jpg)
NEXT GENERATION AUTOMATION FRAMEWORK
![Page 12: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/12.jpg)
SIMPLE(Get started on your lunch hour)
AGENTLESS(Got ssh? Ansible is for you)
POWERFUL(Batteries included)
![Page 13: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/13.jpg)
BINCKBANK
![Page 14: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/14.jpg)
About BinckBank
Based in Amsterdam, NL
Largest Dutch online discount broker
590 employees
760,000+ accounts
600 UNIX servers
Mark Maas, UNIX/Linux System Administrator
![Page 15: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/15.jpg)
THE CHALLENGE
![Page 16: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/16.jpg)
We have 600 UNIX servers in house. We have a lot of specialtyenvironments that we need to create while at the same time
managing our production environment.
![Page 17: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/17.jpg)
Our problem was complexity in the datacenter. We wantedautomation but we also wanted simplicity and to not have to send
people to training in order to use the product.
![Page 18: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/18.jpg)
BEFORE ANSIBLE
![Page 19: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/19.jpg)
In the past we did our own scripting for menial tasks over a lot oflate nights of pizza.
![Page 20: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/20.jpg)
WITH ANSIBLE
![Page 21: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/21.jpg)
Ansible is quite fun to use right away-—as soon as you write fivelines of code it works.
![Page 22: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/22.jpg)
With SSH and Ansible I can send commands to 500 serverswithout having even used the servers before.
![Page 23: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/23.jpg)
We are completely focused on automating as much as possible inour datacenter and going beyond Unix to create more stuff for
more people to do be able to do more.
![Page 24: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/24.jpg)
MOVING FORWARD
![Page 25: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/25.jpg)
Recently I purchased a license for Ansible Tower. I would like togive non-technical users access to it and open up the technicalside to people who have no idea what I am talking about. With
Tower, my Linux guys can access our templates without having todo any coding. Tower opens up Ansible to the rest of company.
![Page 26: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/26.jpg)
HOOTSUITE
![Page 27: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/27.jpg)
About HootSuite
Based in Vancouver, BC, Canada
Social media management
~400 employees
Over 8 million users
75% of Fortune 500 uses HootSuite
Beier Cai, Director of Technology
![Page 28: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/28.jpg)
THE CHALLENGE
![Page 29: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/29.jpg)
Our infrastructure is not scripted, repeatable or immutable.
![Page 30: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/30.jpg)
Rebuilding a server relies on limited documentation and mostlymemory.
![Page 31: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/31.jpg)
Lack of repeatability makes automating our infrastructure andapplication deployment difficult.
![Page 32: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/32.jpg)
There was one time we had to spend over a month of anengineer’s time to rebuild a server that had lived for 2 years with
random config changes by ops engineers along the way, withlimited documentation.
![Page 33: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/33.jpg)
BEFORE ANSIBLE
![Page 34: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/34.jpg)
We had limited experience with Puppet, but didn’t quite like itbecause 1) it needs agents, and we don’t like agents; and 2) wefavor immutability over snowflake factory for infrastructure
management.
![Page 35: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/35.jpg)
WITH ANSIBLE
![Page 36: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/36.jpg)
Ops and devs both feel safer, literally. Before they were alwaysworried about ‘what if the server dies’. They aren’t worried about
this anymore after all servers are properly ‘Ansiblized’.
![Page 37: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/37.jpg)
With the help of Vagrant we can test server builds locally asmany times as we want until it works, instead of testing it on EC2
cloud which is remote and always slow.
![Page 38: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/38.jpg)
Increase our bus factor from 1 to infinite! Before, only 1 or 2people know how a server was built from the beginning. With
Ansible, storing playbooks in source control gives everyone theability to rebuild the server at any time.
![Page 39: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/39.jpg)
MOVING FORWARD
![Page 40: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/40.jpg)
We want to build out "Devops" into HootSuite, and our vision is"Software Engineers are engaged in the entire cycle of designing,implementing, deploying and maintaining their software across
all environments".
![Page 41: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/41.jpg)
NASA
![Page 42: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/42.jpg)
About NASA
They put men on the freaking moon
![Page 43: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/43.jpg)
About NASA WESTprime
WESTPrime == Web Enterprise Service Technologies prime
Blanket purchase agreement funded by NASA
Contracted to InfoZen Inc., a cloud broker and integratorbased in Rockville, MD
InfoZen responsible for entire cloud migration for all NASAweb assets
Jonathan Davila, Senior DevOps Lead, InfoZen
![Page 44: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/44.jpg)
THE CHALLENGE
![Page 45: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/45.jpg)
![Page 46: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/46.jpg)
![Page 47: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/47.jpg)
WESTPrime’s initial focus was to move roughly 65 applicationsoff the old data center as quickly as possible in a seemingly
impossible timeline.
![Page 48: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/48.jpg)
All of a sudden we had an environment spanning multiple VPCsand AWS accounts with no way of centrally managing it.
![Page 49: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/49.jpg)
We were faced with a very ugly scenario where even simplethings like ensuring every SysAdmin had access to every server,
or simple patching were extremely burdensome.
![Page 50: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/50.jpg)
BEFORE ANSIBLE
![Page 51: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/51.jpg)
Previously, NASA WESTPrime was using a lot of shell scripts.There was a lot of "manually ssh-in-and-do-x" type of work being
done.
![Page 52: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/52.jpg)
We then created a demo day in which we invited the automationplayers to demonstrate the enterprise flavors of their product.
![Page 53: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/53.jpg)
After quite a long day of deep level demos and Q&A, and a weekof analysis with the technical team we decided unanimously that
Ansible was the best fit for us.
![Page 54: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/54.jpg)
Why?
No agents
Very small learning curve (a day or less!)
Non-technical staff can read a play and know what's happening
Native use of SSH
The most active open source community among itscompetitors
![Page 55: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/55.jpg)
WITH ANSIBLE
![Page 56: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/56.jpg)
NASA web app servers are being patched routinely andautomatically through Tower with a very simple 10-line Ansible
playbook.
![Page 57: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/57.jpg)
Every single week www.nasa.gov is updated via Ansible,generally only taking about 5 minutes to do, including the mobile
version of nasa.gov.
![Page 58: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/58.jpg)
Because of Ansible we are able to organize our inventory of AWSresources in a very granular way that was not at all possible
before.
![Page 59: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/59.jpg)
One time we faced some strict deadlines for monitoring and wedidn’t have time to deploy Nagios agents (due to lengthy approval
workflows in place) to monitor RAM and CPU. So what did wedo? We did a very simple hack to be able to monitor CPU and
RAM with Ansible in near real-time (no agent required!).
![Page 60: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/60.jpg)
Ansible was leveraged to remediate both OpenSSL issues thisyear in ridiculous time (leadership was blown away).
![Page 61: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/61.jpg)
It is also used to ensure our environment is compliant withnecessary Federal security standards as outlined by FedRAMP
and other regulatory requirements.
![Page 62: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/62.jpg)
There is a level of comfort and confidence that Ansible has beenable to provide that simply was not there before.
![Page 63: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/63.jpg)
MOVING FORWARD
![Page 64: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/64.jpg)
We are working on moving many applications into cycles ofContinuous Integration and Deployment, which will be
leveraging Ansible as the conductor of these architectures.
![Page 65: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/65.jpg)
The moment 1.7 is released, Ansible will be used to manage ourstack of Windows servers and do the same magic we've been
doing with Linux.
![Page 66: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/66.jpg)
The end goal will be for our sysadmins to only need toSSH/WINRM into servers manually for troubleshooting. Allserver changes will eventually happen exclusively through
Ansible (and the occasional CloudFormation tempate).
![Page 67: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/67.jpg)
A TWEET BEFORE WE GO
![Page 68: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/68.jpg)
Adam Werewolf (@adamwwolf)
I use @ansible to do just about everything. If you say "I don't havetime to set it up" you're who it's for--you don't have time *not* to.
11:20 AM - 21 Oct 2014
https://twitter.com/adamwwolf/status/524626206470053889
![Page 69: Case Study: Ansible and NASA](https://reader031.vdocuments.mx/reader031/viewer/2022020110/55a7949f1a28ab751f8b45b1/html5/thumbnails/69.jpg)
THE WORLD IS CHANGING