Iterative authorization 1.execute “ansible” steps 1-by-1 on a server 1.if it failed, fix arguments 2.if it succeeded, add it on playbook 2.complete playbook 3.run playbook on another server 4.run playbook on all servers
Very flexible! Variable expansion all yaml values are jinja2 template! variables from playbook, inventory, facts(servers) Conditionals execute it only when ... Loops “shell” & “command” modules
Don’t shoot yourself in the foot :( Too much flexibility brings destruction...
Infrastructure as Code Write code to struct our IT infra Infra? Server? Using IaaS: Network configuration as Code? On-premise: Datacenter as Code ... Server as Code
1. server deployment by code Only code deploy servers Blue-green deployment Code knows all of server status We must write all as code
2. GMs + setup code Golden Master server images for general purpose OS minor versions are not determined It’s not problem whether GM is from code or not Setup code has 2 layer Compatibility layer for GM diﬀerences Deployment layer for applications
3. Stateful servers + code Servers have state and be eventually changed Everything are diﬀerent from each other Minimum code for limited parts of server status For applications Fragile parts: routing, ssh keys, monitoring agents To be patched: security updates Middleware deployment: Hadoop, Presto, Fluentd
Just start to write minimum code :) As same with web or other apps!