1 00:00:00,480 --> 00:00:03,480 foreign 2 00:00:09,200 --> 00:00:13,620 's career has spanned two centuries if 3 00:00:12,240 --> 00:00:15,540 not millennia 4 00:00:13,620 --> 00:00:17,820 he has worked a variety of roles within 5 00:00:15,540 --> 00:00:20,039 the I.T industry and one day he may even 6 00:00:17,820 --> 00:00:22,560 pick one and stick with it 7 00:00:20,039 --> 00:00:24,600 today however is not that day 8 00:00:22,560 --> 00:00:26,580 Dave is going to tell us about how one 9 00:00:24,600 --> 00:00:29,519 person's ansible is another person's pie 10 00:00:26,580 --> 00:00:31,560 infra take it away Dave 11 00:00:29,519 --> 00:00:33,719 Daryl sorry 12 00:00:31,560 --> 00:00:35,940 [Applause] 13 00:00:33,719 --> 00:00:37,620 um I'd like to pay my respects to the 14 00:00:35,940 --> 00:00:39,600 traditional owners of the land on which 15 00:00:37,620 --> 00:00:41,579 we meet today the Ghana people of the 16 00:00:39,600 --> 00:00:43,980 Adelaide region and pay my respects to 17 00:00:41,579 --> 00:00:45,540 Elders past present and emerging I'd 18 00:00:43,980 --> 00:00:47,820 also like to thank our interstate and 19 00:00:45,540 --> 00:00:50,399 overseas visitors for visiting my home 20 00:00:47,820 --> 00:00:51,360 state it's lovely to have you here and 21 00:00:50,399 --> 00:00:52,940 you should definitely come back when 22 00:00:51,360 --> 00:00:55,199 it's a lot warmer 23 00:00:52,940 --> 00:00:58,920 preferably when we're not on fire though 24 00:00:55,199 --> 00:01:00,300 as an ex CFS member I'm qualified to say 25 00:00:58,920 --> 00:01:02,100 that 26 00:01:00,300 --> 00:01:04,920 I would also like to acknowledge my 27 00:01:02,100 --> 00:01:05,640 employers if they're watching 28 00:01:04,920 --> 00:01:07,619 um 29 00:01:05,640 --> 00:01:09,900 technically I'm self-employed but the 30 00:01:07,619 --> 00:01:11,520 people pay me to do money people pay me 31 00:01:09,900 --> 00:01:13,619 money so to do things to their computers 32 00:01:11,520 --> 00:01:15,479 and My Views probably don't represent 33 00:01:13,619 --> 00:01:18,600 theirs 34 00:01:15,479 --> 00:01:20,640 um and I'd also uh would like to ask for 35 00:01:18,600 --> 00:01:22,320 questions at the end of the talk 36 00:01:20,640 --> 00:01:24,720 um I'm a little bit nervous up here this 37 00:01:22,320 --> 00:01:27,960 first time for me so 38 00:01:24,720 --> 00:01:30,840 quite easily derailed in my thoughts 39 00:01:27,960 --> 00:01:32,400 I'd also like to add to that the GitHub 40 00:01:30,840 --> 00:01:34,020 repo isn't ready yet 41 00:01:32,400 --> 00:01:36,180 um the talk will be uploaded probably in 42 00:01:34,020 --> 00:01:38,540 the next couple of days so uh don't hit 43 00:01:36,180 --> 00:01:38,540 it yet 44 00:01:38,820 --> 00:01:44,100 so I'm going to make some assumptions 45 00:01:41,939 --> 00:01:46,200 um that you probably all got a passing 46 00:01:44,100 --> 00:01:48,360 understanding of python and you probably 47 00:01:46,200 --> 00:01:50,640 all got a passing understanding of 48 00:01:48,360 --> 00:01:51,659 interval which was why you're here if 49 00:01:50,640 --> 00:01:54,659 you're thinking this is an ansible 50 00:01:51,659 --> 00:01:58,439 beginner's talk not quite 51 00:01:54,659 --> 00:01:59,759 um and I'm not really seeking to convert 52 00:01:58,439 --> 00:02:02,240 you I'm just providing an alternate 53 00:01:59,759 --> 00:02:02,240 point of view 54 00:02:04,079 --> 00:02:07,439 so previous talk titles that I've 55 00:02:06,240 --> 00:02:08,160 wrestled with 56 00:02:07,439 --> 00:02:10,039 um 57 00:02:08,160 --> 00:02:14,120 is 58 00:02:10,039 --> 00:02:16,860 uh yes what you see here these are the 59 00:02:14,120 --> 00:02:18,420 the more family friendly ones 60 00:02:16,860 --> 00:02:20,640 um 61 00:02:18,420 --> 00:02:22,560 so and to be clear these are talk titles 62 00:02:20,640 --> 00:02:24,180 that were rejected by myself not by the 63 00:02:22,560 --> 00:02:25,920 program chair the program chair here has 64 00:02:24,180 --> 00:02:28,080 been lovely 65 00:02:25,920 --> 00:02:30,239 um I've been struggling with the theme 66 00:02:28,080 --> 00:02:31,800 of this talk and it's something I 67 00:02:30,239 --> 00:02:35,640 wrestle with constantly 68 00:02:31,800 --> 00:02:37,920 um because I'm very uh OCD about diving 69 00:02:35,640 --> 00:02:39,379 into problems and problems that I 70 00:02:37,920 --> 00:02:42,599 perceive 71 00:02:39,379 --> 00:02:45,180 so this is kind of what that talks about 72 00:02:42,599 --> 00:02:46,920 but I still haven't got basically the 73 00:02:45,180 --> 00:02:48,720 essence or the Zen of this talk out yet 74 00:02:46,920 --> 00:02:50,340 so 75 00:02:48,720 --> 00:02:52,640 um 76 00:02:50,340 --> 00:02:56,580 still a work in progress 77 00:02:52,640 --> 00:02:57,900 so it's also sort of documenting my 78 00:02:56,580 --> 00:03:00,000 struggles with ansible over the years 79 00:02:57,900 --> 00:03:02,819 and so 80 00:03:00,000 --> 00:03:05,760 which will lead me I guess to confession 81 00:03:02,819 --> 00:03:07,500 time which is what was taught currently 82 00:03:05,760 --> 00:03:09,959 kind of is 83 00:03:07,500 --> 00:03:11,459 um I struggle with ansible like I've 84 00:03:09,959 --> 00:03:14,819 been using it for probably five years 85 00:03:11,459 --> 00:03:17,400 now and not what it does or 86 00:03:14,819 --> 00:03:18,680 what it is but more how it does what it 87 00:03:17,400 --> 00:03:21,959 does 88 00:03:18,680 --> 00:03:24,780 I find ansible 89 00:03:21,959 --> 00:03:26,280 tends to be a tool there are some tools 90 00:03:24,780 --> 00:03:29,459 that sort of fit into this model where 91 00:03:26,280 --> 00:03:30,900 you're trying to solve a problem and you 92 00:03:29,459 --> 00:03:32,220 have to think about that problem in 93 00:03:30,900 --> 00:03:35,580 terms of the tool that you're using 94 00:03:32,220 --> 00:03:37,319 against it and and I find that quite 95 00:03:35,580 --> 00:03:38,640 often that was my case with ansible is 96 00:03:37,319 --> 00:03:40,980 like I'd have to 97 00:03:38,640 --> 00:03:45,080 structure it in terms of the way ansible 98 00:03:40,980 --> 00:03:45,080 thinks too to do things 99 00:03:45,180 --> 00:03:52,260 so and it sort of it it caused a fair 100 00:03:48,060 --> 00:03:55,560 bit of cognitive workload on myself 101 00:03:52,260 --> 00:03:57,180 doing that just having to deal with then 102 00:03:55,560 --> 00:03:58,560 I won't call them shortcomings they're 103 00:03:57,180 --> 00:04:01,140 just it's the way ansible's been 104 00:03:58,560 --> 00:04:02,340 developed and grown over the years 105 00:04:01,140 --> 00:04:04,080 um 106 00:04:02,340 --> 00:04:05,459 and it sort of it takes away the 107 00:04:04,080 --> 00:04:08,360 workload from actually thinking about 108 00:04:05,459 --> 00:04:08,360 the problem itself 109 00:04:08,480 --> 00:04:12,900 some of the 110 00:04:10,860 --> 00:04:14,099 uh the cognitive workloads that I 111 00:04:12,900 --> 00:04:15,000 mentioned 112 00:04:14,099 --> 00:04:17,880 um 113 00:04:15,000 --> 00:04:20,459 keeping track of global state that sort 114 00:04:17,880 --> 00:04:24,120 of makes me feel like my old GW basic 115 00:04:20,459 --> 00:04:25,620 days and to be fair I came to GW basic 116 00:04:24,120 --> 00:04:29,040 after I'd worked in other Basics that 117 00:04:25,620 --> 00:04:30,900 had things like local variables and name 118 00:04:29,040 --> 00:04:32,460 subroutines so it was going back and 119 00:04:30,900 --> 00:04:33,960 trying to have to think of global 120 00:04:32,460 --> 00:04:37,220 variables again 121 00:04:33,960 --> 00:04:39,540 uh and winter and winter not Ginger 122 00:04:37,220 --> 00:04:43,199 Ginger coding still kicks my butt on a 123 00:04:39,540 --> 00:04:43,199 regular basis uh 124 00:04:43,979 --> 00:04:49,380 the obtuse error messages and this is a 125 00:04:46,800 --> 00:04:51,600 true saver message is more a case of um 126 00:04:49,380 --> 00:04:53,820 if you've forgotten to download a 127 00:04:51,600 --> 00:04:56,120 collection that you're using you'll come 128 00:04:53,820 --> 00:04:59,940 up with a rather bizarre error 129 00:04:56,120 --> 00:05:01,460 it's sort of it's a the equivalent of a 130 00:04:59,940 --> 00:05:06,120 code smell but in the design space 131 00:05:01,460 --> 00:05:09,180 because it's a parsing issue when that 132 00:05:06,120 --> 00:05:10,740 happens and it sort of it it again when 133 00:05:09,180 --> 00:05:12,419 it occurs I have to think about it and 134 00:05:10,740 --> 00:05:14,040 think why are you doing that is that 135 00:05:12,419 --> 00:05:16,680 something I've coded wrong and it's like 136 00:05:14,040 --> 00:05:19,460 oh no I've just forgotten to incorporate 137 00:05:16,680 --> 00:05:19,460 the correct collection 138 00:05:19,740 --> 00:05:25,620 um data structures I tend to a lot of my 139 00:05:23,460 --> 00:05:27,360 playbooks tend to be well complicated 140 00:05:25,620 --> 00:05:29,460 playbooks tend to be build data 141 00:05:27,360 --> 00:05:31,500 structures around how I want things to 142 00:05:29,460 --> 00:05:33,419 be deployed 143 00:05:31,500 --> 00:05:37,680 um if when they start getting moderately 144 00:05:33,419 --> 00:05:39,419 complex and coupled with uh templating 145 00:05:37,680 --> 00:05:41,900 it gets 146 00:05:39,419 --> 00:05:45,479 pretty messy pretty quickly 147 00:05:41,900 --> 00:05:46,860 include task versus import tasks I 148 00:05:45,479 --> 00:05:48,720 struggle with that all the time I can 149 00:05:46,860 --> 00:05:50,039 never remember when to do which I've 150 00:05:48,720 --> 00:05:51,840 always got to look up the documentation 151 00:05:50,039 --> 00:05:55,199 for that 152 00:05:51,840 --> 00:05:57,860 nested looping as probably also my 153 00:05:55,199 --> 00:06:01,979 favorite is there is many ways to do it 154 00:05:57,860 --> 00:06:04,440 in uh ansible 155 00:06:01,979 --> 00:06:07,580 not necessarily 156 00:06:04,440 --> 00:06:07,580 every way is equal 157 00:06:08,220 --> 00:06:11,820 there are just some dead ends that 158 00:06:10,380 --> 00:06:13,080 you'll go to well they're not that ends 159 00:06:11,820 --> 00:06:14,340 until you've actually gone down them and 160 00:06:13,080 --> 00:06:18,020 then you'll realize no I should have 161 00:06:14,340 --> 00:06:18,020 handled this differently so 162 00:06:18,120 --> 00:06:21,419 so 163 00:06:19,320 --> 00:06:23,880 I I tend to think long and hard about 164 00:06:21,419 --> 00:06:26,400 these things I spend a lot of time lying 165 00:06:23,880 --> 00:06:27,479 awake at night staring at my ceiling 166 00:06:26,400 --> 00:06:28,740 um 167 00:06:27,479 --> 00:06:33,120 I shouldn't do that I should have 168 00:06:28,740 --> 00:06:34,979 hobbies but I'd only waste them uh so 169 00:06:33,120 --> 00:06:36,479 while I was sitting there and again I 170 00:06:34,979 --> 00:06:38,580 tend to like research these things and 171 00:06:36,479 --> 00:06:39,840 trying to dig into the nature of what it 172 00:06:38,580 --> 00:06:41,819 is 173 00:06:39,840 --> 00:06:44,400 um somewhere between giving the previous 174 00:06:41,819 --> 00:06:46,740 version of this talk and this one which 175 00:06:44,400 --> 00:06:49,800 was probably about a year ago now in the 176 00:06:46,740 --> 00:06:52,800 python local Adelaide users group I came 177 00:06:49,800 --> 00:06:54,419 across this quote 178 00:06:52,800 --> 00:06:56,759 um 179 00:06:54,419 --> 00:07:00,419 which sort of 180 00:06:56,759 --> 00:07:04,259 sealed the deal for me it was like yeah 181 00:07:00,419 --> 00:07:06,479 it was it was quite an opener 182 00:07:04,259 --> 00:07:07,259 and it sort of it did actually appeal to 183 00:07:06,479 --> 00:07:08,460 me 184 00:07:07,259 --> 00:07:10,620 um it was it was pretty much a light 185 00:07:08,460 --> 00:07:12,380 bulb moment when I came across this 186 00:07:10,620 --> 00:07:15,660 ironically the 187 00:07:12,380 --> 00:07:18,419 coincidentally the uh question talking 188 00:07:15,660 --> 00:07:19,620 about this was talking about ansible uh 189 00:07:18,419 --> 00:07:21,060 and I wasn't actually researching 190 00:07:19,620 --> 00:07:23,220 ansible stuff in the time I was just 191 00:07:21,060 --> 00:07:25,139 having to be looking for something else 192 00:07:23,220 --> 00:07:26,880 but when I came across this it was just 193 00:07:25,139 --> 00:07:29,400 like oh okay he's 194 00:07:26,880 --> 00:07:30,840 studying he's suffering from similar 195 00:07:29,400 --> 00:07:32,280 issues with ansible and I was finding 196 00:07:30,840 --> 00:07:34,680 there's actually a small group of us 197 00:07:32,280 --> 00:07:36,960 like that that are struggling with some 198 00:07:34,680 --> 00:07:38,520 of these issues 199 00:07:36,960 --> 00:07:40,199 this is sounding like a self-help group 200 00:07:38,520 --> 00:07:41,580 sorry about that 201 00:07:40,199 --> 00:07:46,199 um 202 00:07:41,580 --> 00:07:48,180 and coincidentally uh he while I was 203 00:07:46,199 --> 00:07:49,860 sort of looking for a new product to 204 00:07:48,180 --> 00:07:52,740 pick up I'd already picked it up by the 205 00:07:49,860 --> 00:07:55,020 stage and he was also talking about the 206 00:07:52,740 --> 00:07:57,500 same product 207 00:07:55,020 --> 00:07:57,500 hello 208 00:07:58,639 --> 00:08:04,699 certainly so you have your my permission 209 00:08:02,160 --> 00:08:04,699 to touch me 210 00:08:09,720 --> 00:08:12,680 okay 211 00:08:14,060 --> 00:08:19,259 it's me it's my uh well now I can hear 212 00:08:17,699 --> 00:08:22,160 myself that's worse 213 00:08:19,259 --> 00:08:22,160 please don't do that 214 00:08:24,660 --> 00:08:30,139 I'm sorry that's okay 215 00:08:27,000 --> 00:08:30,139 it could be my metal implant 216 00:08:32,839 --> 00:08:37,740 maybe I'll just try not to move so much 217 00:08:35,640 --> 00:08:40,580 was that better 218 00:08:37,740 --> 00:08:40,580 I would just 219 00:08:40,860 --> 00:08:44,539 this is going to be awkward 220 00:08:45,180 --> 00:08:50,279 um so 221 00:08:47,100 --> 00:08:51,420 I was reading um lox blog post 222 00:08:50,279 --> 00:08:54,000 um he was talking about problems with 223 00:08:51,420 --> 00:08:55,440 ansible but he was also saying oh I've 224 00:08:54,000 --> 00:08:58,080 also found the solution which I'd 225 00:08:55,440 --> 00:08:59,940 already started dabbling in and by 226 00:08:58,080 --> 00:09:01,019 dabbling I mean actually wholeheartedly 227 00:08:59,940 --> 00:09:06,480 committing 228 00:09:01,019 --> 00:09:08,220 and the thing in question was Pi infra 229 00:09:06,480 --> 00:09:10,560 when I came across Pine for I sort of 230 00:09:08,220 --> 00:09:12,360 went oh because it's rare that I do that 231 00:09:10,560 --> 00:09:14,040 for a project these days 232 00:09:12,360 --> 00:09:17,339 um but it was hitting all 233 00:09:14,040 --> 00:09:18,660 it was solving a lot of no solving's 234 00:09:17,339 --> 00:09:20,399 probably not the correct word but it was 235 00:09:18,660 --> 00:09:22,320 covering a lot of the pain points that I 236 00:09:20,399 --> 00:09:23,459 was having with ansible 237 00:09:22,320 --> 00:09:27,420 um 238 00:09:23,459 --> 00:09:29,100 so uh basically it's very similar it 239 00:09:27,420 --> 00:09:31,620 runs in the sort of the same problem 240 00:09:29,100 --> 00:09:34,100 space as ansible it's uh 241 00:09:31,620 --> 00:09:37,440 an agentless 242 00:09:34,100 --> 00:09:38,519 orchestration tool a impotent for the 243 00:09:37,440 --> 00:09:39,180 most part 244 00:09:38,519 --> 00:09:40,680 um 245 00:09:39,180 --> 00:09:42,839 you can still sort of work around that 246 00:09:40,680 --> 00:09:45,080 but that's 247 00:09:42,839 --> 00:09:47,820 something you shouldn't do 248 00:09:45,080 --> 00:09:50,820 and it has inventories and playbooks 249 00:09:47,820 --> 00:09:51,420 well the equivalent of playbooks 250 00:09:50,820 --> 00:09:56,060 um 251 00:09:51,420 --> 00:09:56,060 but they're all written in Python 252 00:09:56,420 --> 00:10:01,080 it's 253 00:09:58,260 --> 00:10:03,420 so generally it's it's it's a similar 254 00:10:01,080 --> 00:10:07,760 model to python it runs basically on a 255 00:10:03,420 --> 00:10:10,140 control node sorry python ansible 256 00:10:07,760 --> 00:10:12,540 however it sort of differs from ansible 257 00:10:10,140 --> 00:10:15,120 ansible tends to upload well what tends 258 00:10:12,540 --> 00:10:17,640 to ansible compiles a module uploads it 259 00:10:15,120 --> 00:10:19,519 to the remote end and runs it expects 260 00:10:17,640 --> 00:10:21,899 you to have python on there 261 00:10:19,519 --> 00:10:23,640 Pi in for a dozen buying for just 262 00:10:21,899 --> 00:10:27,480 expects 263 00:10:23,640 --> 00:10:29,880 a working shell of some sort at SSH is 264 00:10:27,480 --> 00:10:32,640 across and not necessarily just SSH it 265 00:10:29,880 --> 00:10:34,760 has a whole bunch of connectors but SSH 266 00:10:32,640 --> 00:10:36,779 is one of them and is the default one 267 00:10:34,760 --> 00:10:39,540 executes a bunch of commands on there 268 00:10:36,779 --> 00:10:42,060 copies the results back or retrieves the 269 00:10:39,540 --> 00:10:44,519 results back and then processes that and 270 00:10:42,060 --> 00:10:47,600 then continues on from there it has 271 00:10:44,519 --> 00:10:50,339 facts for doing a lot of that 272 00:10:47,600 --> 00:10:52,260 so it will use the fax to determine the 273 00:10:50,339 --> 00:10:55,260 current state if you 274 00:10:52,260 --> 00:10:56,760 structure you deploy correctly it'll use 275 00:10:55,260 --> 00:10:57,720 fax to determine the current state of 276 00:10:56,760 --> 00:11:00,240 the system 277 00:10:57,720 --> 00:11:02,279 then apply a set of operations to bring 278 00:11:00,240 --> 00:11:03,779 it to the desired state that you want so 279 00:11:02,279 --> 00:11:06,540 this is where the eye dependency comes 280 00:11:03,779 --> 00:11:08,459 in high dependency 281 00:11:06,540 --> 00:11:11,459 sorry practice that word and I still 282 00:11:08,459 --> 00:11:12,899 have trouble speaking it out loud so 283 00:11:11,459 --> 00:11:14,220 this is where the idepatency comes in 284 00:11:12,899 --> 00:11:15,959 where you would sit there if you 285 00:11:14,220 --> 00:11:17,579 re-execute a Playbook and there's no 286 00:11:15,959 --> 00:11:20,459 changes to be made it should not make 287 00:11:17,579 --> 00:11:24,060 any changes to that 288 00:11:20,459 --> 00:11:25,800 to the desired state of the system uh I 289 00:11:24,060 --> 00:11:27,959 was saying before it has connectors what 290 00:11:25,800 --> 00:11:29,579 it what it calls connectors so SSH is 291 00:11:27,959 --> 00:11:31,200 usually the bog standard one you use 292 00:11:29,579 --> 00:11:33,600 unless you're talking to your local 293 00:11:31,200 --> 00:11:36,060 machine and it's got a specific one 294 00:11:33,600 --> 00:11:37,620 called local for that basically a 295 00:11:36,060 --> 00:11:40,380 connector is any means that it can use 296 00:11:37,620 --> 00:11:43,019 to talk to the remote endpoint other 297 00:11:40,380 --> 00:11:46,160 connectors that it includes a connectors 298 00:11:43,019 --> 00:11:46,160 for Docker terraform 299 00:11:46,220 --> 00:11:51,060 and there's a few others as well which 300 00:11:48,240 --> 00:11:53,279 completely escaped my mind the SSH 301 00:11:51,060 --> 00:11:54,320 sessions remain open for the duration of 302 00:11:53,279 --> 00:11:57,600 the run 303 00:11:54,320 --> 00:11:59,880 if you run ansible and your playbook has 304 00:11:57,600 --> 00:12:02,220 multiple plays in it it tends to do an 305 00:11:59,880 --> 00:12:05,459 SSH connection for each one if you've 306 00:12:02,220 --> 00:12:07,980 got uh like some environments I've 307 00:12:05,459 --> 00:12:10,440 worked in previously 308 00:12:07,980 --> 00:12:12,300 um sorry waving to a colleague there X 309 00:12:10,440 --> 00:12:14,100 Colleen 310 00:12:12,300 --> 00:12:16,680 um 311 00:12:14,100 --> 00:12:18,180 uh for SSH connections if you're 312 00:12:16,680 --> 00:12:20,100 spawning off a bunch of them a 313 00:12:18,180 --> 00:12:22,200 connection create quite a sort of uh 314 00:12:20,100 --> 00:12:23,880 quite a workload behind 315 00:12:22,200 --> 00:12:26,040 um sorry that's me making noises again 316 00:12:23,880 --> 00:12:28,800 sorry 317 00:12:26,040 --> 00:12:31,560 I don't think I can keep still 318 00:12:28,800 --> 00:12:33,260 um if you spawn a bunch a large bunch of 319 00:12:31,560 --> 00:12:35,820 SSH connections you can actually create 320 00:12:33,260 --> 00:12:38,760 uh quite the workload behind on your 321 00:12:35,820 --> 00:12:40,500 authentication back-end system so uh 322 00:12:38,760 --> 00:12:43,260 with this it spawns the SSH connection 323 00:12:40,500 --> 00:12:46,560 but it remains for the duration of the 324 00:12:43,260 --> 00:12:48,180 entire run it doesn't uh sit there and 325 00:12:46,560 --> 00:12:51,060 reconnect 326 00:12:48,180 --> 00:12:52,500 it also opens ssh in a slightly 327 00:12:51,060 --> 00:12:55,860 different mode to what ansible does 328 00:12:52,500 --> 00:12:58,740 ansible is quite noisy if you do uh for 329 00:12:55,860 --> 00:13:00,360 example it logs in using a regular user 330 00:12:58,740 --> 00:13:02,220 login account so if you do a who on the 331 00:13:00,360 --> 00:13:04,200 system afterwards you can see you've 332 00:13:02,220 --> 00:13:07,440 just done a manageable run because your 333 00:13:04,200 --> 00:13:10,440 ansible user is logged in quite often 334 00:13:07,440 --> 00:13:12,660 this uses ssh in a 335 00:13:10,440 --> 00:13:14,639 uh in more of the remote connect mode 336 00:13:12,660 --> 00:13:16,740 like when you're typing SSH hostname 337 00:13:14,639 --> 00:13:18,420 command so it doesn't actually appear in 338 00:13:16,740 --> 00:13:19,800 your login but it still appears in your 339 00:13:18,420 --> 00:13:23,839 ortholog so if you need to go back and 340 00:13:19,800 --> 00:13:23,839 do any sort of research for that 341 00:13:24,000 --> 00:13:27,240 um so it's saying it uses the remote 342 00:13:25,440 --> 00:13:29,880 Shell at the far end it's not 343 00:13:27,240 --> 00:13:33,180 particularly wedded to the remote shell 344 00:13:29,880 --> 00:13:34,740 that you use it's got a variety of um 345 00:13:33,180 --> 00:13:36,899 different sort of plugins where you can 346 00:13:34,740 --> 00:13:39,240 sit there and and depend on your back 347 00:13:36,899 --> 00:13:41,480 end shell that you connect to you could 348 00:13:39,240 --> 00:13:44,180 be connecting to some proprietary device 349 00:13:41,480 --> 00:13:47,940 like a switch for example 350 00:13:44,180 --> 00:13:50,040 and uh and it's particular set of 351 00:13:47,940 --> 00:13:52,920 commands to use for that 352 00:13:50,040 --> 00:13:55,019 the deploy process runs as two passes so 353 00:13:52,920 --> 00:13:56,240 the the initial run 354 00:13:55,019 --> 00:13:58,519 um sits there 355 00:13:56,240 --> 00:14:00,480 executes all the code 356 00:13:58,519 --> 00:14:02,100 gathers all the facts that it requires 357 00:14:00,480 --> 00:14:03,959 to do that and it builds up a set of 358 00:14:02,100 --> 00:14:06,240 operations and then the second part just 359 00:14:03,959 --> 00:14:08,160 blats those operations on top of the the 360 00:14:06,240 --> 00:14:10,639 system to bring it into the state that's 361 00:14:08,160 --> 00:14:10,639 required 362 00:14:10,700 --> 00:14:17,839 so I present you a concrete example 363 00:14:14,100 --> 00:14:20,220 um this is a 364 00:14:17,839 --> 00:14:22,620 lab maintenance script I call it a home 365 00:14:20,220 --> 00:14:26,760 lab maintenance script that I used so I 366 00:14:22,620 --> 00:14:29,399 run a small set of vps's and whatnot 367 00:14:26,760 --> 00:14:32,339 um I quite often 368 00:14:29,399 --> 00:14:33,839 SSH into them as we all probably do 369 00:14:32,339 --> 00:14:35,760 um but 370 00:14:33,839 --> 00:14:38,820 what I don't want to see when I SSH into 371 00:14:35,760 --> 00:14:40,380 them is that 372 00:14:38,820 --> 00:14:41,820 or usually I don't want to see the 373 00:14:40,380 --> 00:14:43,920 initial connect message that the initial 374 00:14:41,820 --> 00:14:46,079 connect message is usually you've never 375 00:14:43,920 --> 00:14:48,600 logged into this host before do you want 376 00:14:46,079 --> 00:14:50,399 to and it's like I think it's the host 377 00:14:48,600 --> 00:14:53,579 I'm connecting to I always have that 378 00:14:50,399 --> 00:14:57,480 moment of Doubt I've 379 00:14:53,579 --> 00:14:59,100 dagnabbit now I can hear it sorry guys 380 00:14:57,480 --> 00:15:01,920 um I always have that moment of Doubt 381 00:14:59,100 --> 00:15:04,260 logging into it and I know of a previous 382 00:15:01,920 --> 00:15:06,360 Linux conference where someone did do 383 00:15:04,260 --> 00:15:09,300 that and ignored the warning and were 384 00:15:06,360 --> 00:15:10,639 subsequently slightly pwned 385 00:15:09,300 --> 00:15:15,839 so 386 00:15:10,639 --> 00:15:18,779 uh for SSH key hygiene so 387 00:15:15,839 --> 00:15:21,480 I tend to now be quite security 388 00:15:18,779 --> 00:15:24,360 conscious I tend to make sure that I 389 00:15:21,480 --> 00:15:27,360 populate my global 390 00:15:24,360 --> 00:15:28,800 known hosts SSH keys with all the keys 391 00:15:27,360 --> 00:15:30,959 of the machines I'm connecting to so 392 00:15:28,800 --> 00:15:33,000 that when I do connect to them if I ever 393 00:15:30,959 --> 00:15:34,980 get a scary message like before I know 394 00:15:33,000 --> 00:15:36,779 something is really wrong and I never 395 00:15:34,980 --> 00:15:39,740 get the you're connecting to this 396 00:15:36,779 --> 00:15:39,740 machine for the first time 397 00:15:41,240 --> 00:15:44,660 sorry just 398 00:15:44,880 --> 00:15:51,180 what's up so host names this is uh good 399 00:15:48,959 --> 00:15:53,220 Lord my slide is incredibly small sorry 400 00:15:51,180 --> 00:15:55,339 I've got to appear around at this one um 401 00:15:53,220 --> 00:15:58,920 so this is what we're manipulating 402 00:15:55,339 --> 00:16:00,199 uh the top one is the name of is the 403 00:15:58,920 --> 00:16:03,839 the public 404 00:16:00,199 --> 00:16:06,720 uh known hosts also the public host key 405 00:16:03,839 --> 00:16:08,160 that the server will be known by and 406 00:16:06,720 --> 00:16:11,040 what we've got to do is get the contents 407 00:16:08,160 --> 00:16:13,079 of that into the SSH known host file the 408 00:16:11,040 --> 00:16:13,740 global one 409 00:16:13,079 --> 00:16:16,500 um 410 00:16:13,740 --> 00:16:19,620 slight wrinkle these days is that 411 00:16:16,500 --> 00:16:22,860 um we hash the host names because 412 00:16:19,620 --> 00:16:24,120 security I'm 100 sure why but it's 413 00:16:22,860 --> 00:16:25,680 probably 414 00:16:24,120 --> 00:16:28,260 if they do it it must be a good reason 415 00:16:25,680 --> 00:16:30,300 so we don't tend to keep the host names 416 00:16:28,260 --> 00:16:32,279 in the clear these days anymore 417 00:16:30,300 --> 00:16:35,399 uh the other 418 00:16:32,279 --> 00:16:38,759 key point there is that there's also the 419 00:16:35,399 --> 00:16:41,519 uh so the in the SSH known host file 420 00:16:38,759 --> 00:16:43,440 there's the uh the hashed hostname 421 00:16:41,519 --> 00:16:45,720 there's the key type and the key value 422 00:16:43,440 --> 00:16:48,380 and usually there's a bunch of key types 423 00:16:45,720 --> 00:16:48,380 per host 424 00:16:51,360 --> 00:16:55,259 so this is the ansible Playbook that I 425 00:16:53,220 --> 00:16:57,320 originally had for it 426 00:16:55,259 --> 00:16:57,320 um 427 00:16:57,480 --> 00:17:03,899 and to fit it I've stripped out no I've 428 00:17:02,519 --> 00:17:05,459 stripped out a lot of the comments and 429 00:17:03,899 --> 00:17:06,959 now when I go back to look at it I quite 430 00:17:05,459 --> 00:17:10,140 often find it quite difficult to read 431 00:17:06,959 --> 00:17:12,240 without the comments which is the part 432 00:17:10,140 --> 00:17:14,339 of the whole beef of this talk 433 00:17:12,240 --> 00:17:16,679 um so 434 00:17:14,339 --> 00:17:19,319 this Playbook basically it logs into the 435 00:17:16,679 --> 00:17:21,959 room well it uses uh 436 00:17:19,319 --> 00:17:24,360 it fetches from the remote host 437 00:17:21,959 --> 00:17:26,579 uh the list of files that we need to get 438 00:17:24,360 --> 00:17:27,500 actually prior to that sorry 439 00:17:26,579 --> 00:17:31,620 um 440 00:17:27,500 --> 00:17:33,000 we know the remote host by one of three 441 00:17:31,620 --> 00:17:35,160 ways we know by its fully qualified 442 00:17:33,000 --> 00:17:37,140 domain name it's fully qualified domain 443 00:17:35,160 --> 00:17:38,760 name with a DOT on the end of it and 444 00:17:37,140 --> 00:17:40,020 there's good DNS reasons for that which 445 00:17:38,760 --> 00:17:42,299 I won't go into here 446 00:17:40,020 --> 00:17:44,280 and then it's also known by its IP 447 00:17:42,299 --> 00:17:47,580 address which is the long convoluted 448 00:17:44,280 --> 00:17:49,740 host vars underneath it 449 00:17:47,580 --> 00:17:52,020 we then connect to the server and we get 450 00:17:49,740 --> 00:17:53,520 a list of the public key files that we 451 00:17:52,020 --> 00:17:55,200 want to bring back across 452 00:17:53,520 --> 00:17:58,679 and 453 00:17:55,200 --> 00:18:00,900 with a new slip to fetch them slip 454 00:17:58,679 --> 00:18:03,720 brings them back as a base64 encoded 455 00:18:00,900 --> 00:18:05,880 file because it's not uh it's only ASCII 456 00:18:03,720 --> 00:18:07,440 clean the connection so 457 00:18:05,880 --> 00:18:11,340 um the 458 00:18:07,440 --> 00:18:13,440 we retrieve the the key back actually 459 00:18:11,340 --> 00:18:18,059 we've achieve all parts of the public 460 00:18:13,440 --> 00:18:19,140 file The Next Step then splits it up 461 00:18:18,059 --> 00:18:21,840 got 462 00:18:19,140 --> 00:18:24,059 it's boring me even 463 00:18:21,840 --> 00:18:26,640 it's not boring it's a lot of detail and 464 00:18:24,059 --> 00:18:28,500 what I find and this is 465 00:18:26,640 --> 00:18:30,960 partly what I'm trying to convey is what 466 00:18:28,500 --> 00:18:32,220 I find is that with the comment strip I 467 00:18:30,960 --> 00:18:33,780 get confused as to what it's doing 468 00:18:32,220 --> 00:18:36,900 easily and I have to stare at it for 469 00:18:33,780 --> 00:18:39,059 quite a while and again it's the problem 470 00:18:36,900 --> 00:18:40,740 I'm trying to solve not the problem I'm 471 00:18:39,059 --> 00:18:43,580 trying to solve in the tool that I'm 472 00:18:40,740 --> 00:18:43,580 trying to solve it with 473 00:18:43,620 --> 00:18:48,539 um there's all sorts of chicanery in 474 00:18:45,840 --> 00:18:51,299 here there's the uh the use of default 475 00:18:48,539 --> 00:18:52,980 for the SSH host key because SSH host 476 00:18:51,299 --> 00:18:55,200 key when you do the original pass 477 00:18:52,980 --> 00:18:57,360 through it is blank or it's actually 478 00:18:55,200 --> 00:18:59,039 doesn't exist so if you don't have the 479 00:18:57,360 --> 00:19:00,480 default ansible then throws an error and 480 00:18:59,039 --> 00:19:01,620 saying this key has never been used 481 00:19:00,480 --> 00:19:03,660 before and it's like well I'm just 482 00:19:01,620 --> 00:19:05,400 looping through it typically if I was 483 00:19:03,660 --> 00:19:06,900 doing this in Python I'd just set the 484 00:19:05,400 --> 00:19:08,700 variable beforehand so I know it's 485 00:19:06,900 --> 00:19:10,940 default State and then proceed through 486 00:19:08,700 --> 00:19:10,940 it 487 00:19:14,100 --> 00:19:18,360 uh 488 00:19:16,140 --> 00:19:20,340 this goes on 489 00:19:18,360 --> 00:19:22,440 this then gets to the the 490 00:19:20,340 --> 00:19:25,320 the uh 491 00:19:22,440 --> 00:19:26,820 the uh the end of the wedge of the 492 00:19:25,320 --> 00:19:29,039 matter I guess 493 00:19:26,820 --> 00:19:30,600 um this then actually updates the known 494 00:19:29,039 --> 00:19:32,520 host file 495 00:19:30,600 --> 00:19:35,520 we do this on the local machine we have 496 00:19:32,520 --> 00:19:36,780 delegate 2 on localhost which says for 497 00:19:35,520 --> 00:19:38,280 all the data you've just collected from 498 00:19:36,780 --> 00:19:40,559 all the remote machines we're now just 499 00:19:38,280 --> 00:19:43,200 applying it to in this case it's usually 500 00:19:40,559 --> 00:19:45,840 the laptop that I'm running it from 501 00:19:43,200 --> 00:19:48,900 um we're doing a lot of looping we're 502 00:19:45,840 --> 00:19:50,700 doing looping with products and again if 503 00:19:48,900 --> 00:19:53,220 I don't go back and review the ansible 504 00:19:50,700 --> 00:19:54,419 documentation for I think what is it I'm 505 00:19:53,220 --> 00:19:57,539 doing here 506 00:19:54,419 --> 00:19:59,880 it just slips out we also have in Loop 507 00:19:57,539 --> 00:20:02,220 control where we can sit there and as 508 00:19:59,880 --> 00:20:03,720 it's as edible is looping through it it 509 00:20:02,220 --> 00:20:05,460 sits there and reports only on the 510 00:20:03,720 --> 00:20:07,200 subset of the information otherwise it 511 00:20:05,460 --> 00:20:09,419 just tends to blurt out 512 00:20:07,200 --> 00:20:11,100 great deal of noise onto the screen and 513 00:20:09,419 --> 00:20:14,120 if something breaks you're not actually 514 00:20:11,100 --> 00:20:14,120 sure what's broken 515 00:20:19,740 --> 00:20:24,660 so I come to 516 00:20:23,100 --> 00:20:25,980 there's 517 00:20:24,660 --> 00:20:28,440 there's some ways you can work around 518 00:20:25,980 --> 00:20:31,500 this like you can 519 00:20:28,440 --> 00:20:34,440 deploy you can modularize stuff to tasks 520 00:20:31,500 --> 00:20:36,000 but again once you do so you've got to 521 00:20:34,440 --> 00:20:37,740 sit there and you've got to be aware of 522 00:20:36,000 --> 00:20:40,740 what variables are going into and out of 523 00:20:37,740 --> 00:20:43,740 tasks you've got to track that yourself 524 00:20:40,740 --> 00:20:46,740 you know we have methods in Python where 525 00:20:43,740 --> 00:20:48,120 you can pass in local variables 526 00:20:46,740 --> 00:20:49,620 these are things I don't have to worry 527 00:20:48,120 --> 00:20:51,240 about these are just things that occur 528 00:20:49,620 --> 00:20:53,460 naturally to me when I'm coding it's 529 00:20:51,240 --> 00:20:55,500 like but when I'm coding an ansible I've 530 00:20:53,460 --> 00:20:57,720 got to like no I can't do it that way I 531 00:20:55,500 --> 00:21:00,059 have to track all of this state myself 532 00:20:57,720 --> 00:21:02,160 that's the computer's job I don't want 533 00:21:00,059 --> 00:21:04,740 to be doing the computer's job 534 00:21:02,160 --> 00:21:06,720 I've got other things to do stare at my 535 00:21:04,740 --> 00:21:09,120 ceiling 536 00:21:06,720 --> 00:21:11,700 so 537 00:21:09,120 --> 00:21:13,140 again as I'm obsessing over this 538 00:21:11,700 --> 00:21:14,820 um 539 00:21:13,140 --> 00:21:15,660 I love this quote 540 00:21:14,820 --> 00:21:17,700 um 541 00:21:15,660 --> 00:21:19,320 it's from an old web comment which no 542 00:21:17,700 --> 00:21:21,980 longer exists unfortunately but I've 543 00:21:19,320 --> 00:21:24,480 still talked to Phil Barnes occasionally 544 00:21:21,980 --> 00:21:26,400 Owens the program manager and Desmond's 545 00:21:24,480 --> 00:21:27,539 the programmer 546 00:21:26,400 --> 00:21:29,220 and this is one of the things I 547 00:21:27,539 --> 00:21:32,400 struggled with is like this is part of 548 00:21:29,220 --> 00:21:35,700 my struggle with this whole concept is 549 00:21:32,400 --> 00:21:38,400 I'm still writing code you know and part 550 00:21:35,700 --> 00:21:40,919 of ansible's reason was to be able to be 551 00:21:38,400 --> 00:21:41,760 usable by the every man sorry every 552 00:21:40,919 --> 00:21:44,340 person 553 00:21:41,760 --> 00:21:46,200 sorry that's gender inappropriate 554 00:21:44,340 --> 00:21:49,140 um usable by everyone 555 00:21:46,200 --> 00:21:51,539 it should be relatively simple to put 556 00:21:49,140 --> 00:21:53,340 together and for simple cases it is 557 00:21:51,539 --> 00:21:54,900 ansible was quite simple but when you 558 00:21:53,340 --> 00:21:57,840 get to start doing complex things with 559 00:21:54,900 --> 00:21:59,760 it it just for me and it might not be 560 00:21:57,840 --> 00:22:01,200 everyone here but for me personally it 561 00:21:59,760 --> 00:22:05,000 goes off the routes fairly quickly when 562 00:22:01,200 --> 00:22:07,620 I have to burn brain CPU Cycles on 563 00:22:05,000 --> 00:22:09,059 details that I'd rather be burning 564 00:22:07,620 --> 00:22:11,400 elsewhere 565 00:22:09,059 --> 00:22:14,820 so I was concerned 566 00:22:11,400 --> 00:22:16,799 when moving to python when moving to Pi 567 00:22:14,820 --> 00:22:18,179 infra but not just paying for it I was 568 00:22:16,799 --> 00:22:20,640 looking at other programs in the same 569 00:22:18,179 --> 00:22:22,740 space I was concerned am I just swapping 570 00:22:20,640 --> 00:22:23,760 one program from another one problem for 571 00:22:22,740 --> 00:22:26,580 another 572 00:22:23,760 --> 00:22:29,520 but I don't feel that's quite the case 573 00:22:26,580 --> 00:22:31,679 um again it's more the power of 574 00:22:29,520 --> 00:22:35,659 abstraction that you get from Python and 575 00:22:31,679 --> 00:22:35,659 being able to express problems in Python 576 00:22:35,820 --> 00:22:40,440 so I've converted that script I'm sorry 577 00:22:38,820 --> 00:22:41,220 that Playbook 578 00:22:40,440 --> 00:22:42,740 um 579 00:22:41,220 --> 00:22:45,780 Pi infra 580 00:22:42,740 --> 00:22:48,539 and as I said point for basically the 581 00:22:45,780 --> 00:22:52,080 inventory and the deploy scripts what 582 00:22:48,539 --> 00:22:53,400 its versions of playbooks are 583 00:22:52,080 --> 00:22:56,100 um 584 00:22:53,400 --> 00:22:58,799 for all intents and purposes python so 585 00:22:56,100 --> 00:23:01,620 first up is the inventory 586 00:22:58,799 --> 00:23:03,900 um for so for my example 587 00:23:01,620 --> 00:23:06,059 um we just this is the inventory.pi that 588 00:23:03,900 --> 00:23:07,799 we pass into paying for it's just 589 00:23:06,059 --> 00:23:09,780 basically a list of servers normally 590 00:23:07,799 --> 00:23:10,860 it's just a straight list of servers I 591 00:23:09,780 --> 00:23:14,820 actually 592 00:23:10,860 --> 00:23:17,400 like again I like my running dialogue as 593 00:23:14,820 --> 00:23:18,600 things are running to be reasonably 594 00:23:17,400 --> 00:23:19,620 cleaned so you don't have to pick 595 00:23:18,600 --> 00:23:21,179 through and try and pick through the 596 00:23:19,620 --> 00:23:22,320 error messages so I like my server name 597 00:23:21,179 --> 00:23:27,299 short 598 00:23:22,320 --> 00:23:29,520 and my SSH known assh hostname's long so 599 00:23:27,299 --> 00:23:31,520 basically when playing for runs it knows 600 00:23:29,520 --> 00:23:33,740 that the host that it has to connect to 601 00:23:31,520 --> 00:23:36,120 known as server one is actually 602 00:23:33,740 --> 00:23:37,220 server1.example.com and so on you can 603 00:23:36,120 --> 00:23:41,100 pass other 604 00:23:37,220 --> 00:23:44,159 uh variables in sorry you can assign 605 00:23:41,100 --> 00:23:45,539 other variables into this these are just 606 00:23:44,159 --> 00:23:48,000 the ones that I needed for the purpose 607 00:23:45,539 --> 00:23:49,620 the 608 00:23:48,000 --> 00:23:52,799 upshot this though is that it's 609 00:23:49,620 --> 00:23:55,140 executable python code so you can use 610 00:23:52,799 --> 00:23:58,020 something like requests and 611 00:23:55,140 --> 00:23:59,640 grab your inventory from you know a 612 00:23:58,020 --> 00:24:01,740 convenient Json server that's located 613 00:23:59,640 --> 00:24:03,539 nearby but has all your stuff there if 614 00:24:01,740 --> 00:24:05,820 it doesn't come back in the format you 615 00:24:03,539 --> 00:24:09,000 know that's that's like this you can 616 00:24:05,820 --> 00:24:10,640 Mudge it within the script you don't 617 00:24:09,000 --> 00:24:14,220 have to write 618 00:24:10,640 --> 00:24:15,840 a uh a separate inventory source as you 619 00:24:14,220 --> 00:24:19,020 would do with ansible you can actually 620 00:24:15,840 --> 00:24:19,919 do it it's it's python you can do it as 621 00:24:19,020 --> 00:24:23,039 is 622 00:24:19,919 --> 00:24:24,900 uh so paying for when running this it's 623 00:24:23,039 --> 00:24:27,299 just concerned about prod servers it can 624 00:24:24,900 --> 00:24:30,000 it basically any uh variable that's 625 00:24:27,299 --> 00:24:32,100 sorry any yeah variable that's set in 626 00:24:30,000 --> 00:24:34,980 the module space it uses 627 00:24:32,100 --> 00:24:36,900 uh as the inventory so you can have prod 628 00:24:34,980 --> 00:24:38,220 servers you could have Dev servers and 629 00:24:36,900 --> 00:24:39,780 they'd be selectable from the command 630 00:24:38,220 --> 00:24:41,460 line as well or it'll just execute 631 00:24:39,780 --> 00:24:43,500 against the lot 632 00:24:41,460 --> 00:24:46,380 uh 633 00:24:43,500 --> 00:24:49,020 uh I'll come back to it local shortly uh 634 00:24:46,380 --> 00:24:50,640 but at local as I said before it's uh 635 00:24:49,020 --> 00:24:54,620 basically saying I want to connect to 636 00:24:50,640 --> 00:24:54,620 the local server not virus sh 637 00:24:55,039 --> 00:24:59,159 but I'm sorry I won't come back to it 638 00:24:57,480 --> 00:25:01,020 just I'll come back to it right now uh 639 00:24:59,159 --> 00:25:02,820 the reason we do that is that Pi infra 640 00:25:01,020 --> 00:25:05,100 doesn't have the concept of a delegate 641 00:25:02,820 --> 00:25:06,720 to so when previous Playbook had a 642 00:25:05,100 --> 00:25:08,520 delegate to to say I need you to run 643 00:25:06,720 --> 00:25:11,520 this on the Local Host 644 00:25:08,520 --> 00:25:13,500 time for it doesn't have that but it 645 00:25:11,520 --> 00:25:16,400 just lets you run your playbook against 646 00:25:13,500 --> 00:25:16,400 localhost anyway 647 00:25:17,340 --> 00:25:22,500 uh and we have group files as well 648 00:25:20,640 --> 00:25:24,480 same as ansible so almost feature 649 00:25:22,500 --> 00:25:27,000 complete for that and this is basically 650 00:25:24,480 --> 00:25:28,440 saying this is the SSH user which isn't 651 00:25:27,000 --> 00:25:31,440 my user in case any of you thinking 652 00:25:28,440 --> 00:25:33,179 about trying to hack a new my framework 653 00:25:31,440 --> 00:25:35,580 um and the key 654 00:25:33,179 --> 00:25:38,039 which one of you have either but um be 655 00:25:35,580 --> 00:25:40,820 sure to commit that to uh GitHub later 656 00:25:38,039 --> 00:25:42,960 uh 657 00:25:40,820 --> 00:25:44,640 interesting bug and it's probably worth 658 00:25:42,960 --> 00:25:47,400 keeping and this will be uploaded to the 659 00:25:44,640 --> 00:25:50,460 repository um interesting but paramico 660 00:25:47,400 --> 00:25:52,980 and modern versions of Debian and Ubuntu 661 00:25:50,460 --> 00:25:54,779 SSH servers 662 00:25:52,980 --> 00:25:57,120 can't negotiate 663 00:25:54,779 --> 00:25:59,400 can't play nicely there's a couple of 664 00:25:57,120 --> 00:26:01,919 algorithms there that it seems to it 665 00:25:59,400 --> 00:26:03,600 tries to use and then dies badly but 666 00:26:01,919 --> 00:26:05,880 it's a simple matter to disable those 667 00:26:03,600 --> 00:26:08,720 and say just exclude these algorithms in 668 00:26:05,880 --> 00:26:11,820 your initial setup and negotiation 669 00:26:08,720 --> 00:26:15,240 and then go nuts 670 00:26:11,820 --> 00:26:17,880 um the last line uh 671 00:26:15,240 --> 00:26:22,440 that's also a paramico thing uh paramico 672 00:26:17,880 --> 00:26:27,059 just uses your local your personal home 673 00:26:22,440 --> 00:26:30,980 directory SSH known hosts by default 674 00:26:27,059 --> 00:26:30,980 holy duly I am so sorry 675 00:26:31,679 --> 00:26:35,760 have you wiped that five minute thing in 676 00:26:33,059 --> 00:26:37,080 me yet you did sorry about that um speed 677 00:26:35,760 --> 00:26:38,700 run 678 00:26:37,080 --> 00:26:40,500 I apologize for this because this is 679 00:26:38,700 --> 00:26:43,200 what I swear I wouldn't do 680 00:26:40,500 --> 00:26:44,820 ah the deploy script proper 681 00:26:43,200 --> 00:26:47,340 ly to the deploy script 682 00:26:44,820 --> 00:26:49,740 uh the deploy script only needs to 683 00:26:47,340 --> 00:26:52,080 execute on the local host and this is as 684 00:26:49,740 --> 00:26:54,360 you can see pure python 685 00:26:52,080 --> 00:26:55,919 um I grabbed some bits from paying for 686 00:26:54,360 --> 00:26:57,419 it that I need I also grabbed some bits 687 00:26:55,919 --> 00:27:00,360 from help script that I need 688 00:26:57,419 --> 00:27:03,240 and then I sit there and I go right I 689 00:27:00,360 --> 00:27:05,220 need to slurp up all the keys from all 690 00:27:03,240 --> 00:27:07,320 the hosts that aren't me 691 00:27:05,220 --> 00:27:08,940 hence the I name does not equal that 692 00:27:07,320 --> 00:27:10,320 local and the ones I've successfully 693 00:27:08,940 --> 00:27:13,320 connected to so if there's any servers 694 00:27:10,320 --> 00:27:16,580 offline it skips over them as well it 695 00:27:13,320 --> 00:27:19,919 grabs the connection IP the SSH hostname 696 00:27:16,580 --> 00:27:22,400 and then executes that fact SSH known 697 00:27:19,919 --> 00:27:25,020 host keys 698 00:27:22,400 --> 00:27:26,460 it then sits there and creates all the 699 00:27:25,020 --> 00:27:27,720 host names based on that so that's the 700 00:27:26,460 --> 00:27:30,720 fully qualified domain name with them 701 00:27:27,720 --> 00:27:34,440 without the dot and the connection IP 702 00:27:30,720 --> 00:27:35,340 and then bunks that all into a list of 703 00:27:34,440 --> 00:27:37,860 lists 704 00:27:35,340 --> 00:27:41,159 and then it calls this is H known host 705 00:27:37,860 --> 00:27:44,159 subset which sits there and says passes 706 00:27:41,159 --> 00:27:45,179 that all off to the SSH host module 707 00:27:44,159 --> 00:27:47,220 um 708 00:27:45,179 --> 00:27:48,500 which is the operation that Pi infra 709 00:27:47,220 --> 00:27:51,120 runs 710 00:27:48,500 --> 00:27:53,820 so it does that tells you the name of 711 00:27:51,120 --> 00:27:56,760 the path the path to the message you 712 00:27:53,820 --> 00:27:59,520 want to update name is the descriptive 713 00:27:56,760 --> 00:28:01,039 field that comes up as it's running so 714 00:27:59,520 --> 00:28:03,059 you can 715 00:28:01,039 --> 00:28:04,860 so you know what it's doing in the play 716 00:28:03,059 --> 00:28:08,039 and of course we need pseudo access to 717 00:28:04,860 --> 00:28:10,340 do that so just say give me sudo or give 718 00:28:08,039 --> 00:28:10,340 me death 719 00:28:17,400 --> 00:28:22,500 I have cheated slightly but to be fair 720 00:28:20,580 --> 00:28:24,900 answer we'll start at it 721 00:28:22,500 --> 00:28:27,240 ansible has a lot of building facts and 722 00:28:24,900 --> 00:28:29,000 modules that we can leverage on 723 00:28:27,240 --> 00:28:32,279 um 724 00:28:29,000 --> 00:28:33,539 that we do not have so I've actually had 725 00:28:32,279 --> 00:28:37,279 to write 726 00:28:33,539 --> 00:28:37,279 two facts and an operation 727 00:28:37,740 --> 00:28:41,279 I'm going to really speak on through 728 00:28:39,419 --> 00:28:42,960 this 729 00:28:41,279 --> 00:28:44,520 this is a fact 730 00:28:42,960 --> 00:28:46,860 these are very simple 731 00:28:44,520 --> 00:28:48,539 these are so simple I've spent no time 732 00:28:46,860 --> 00:28:50,700 thinking about writing these as it 733 00:28:48,539 --> 00:28:52,380 should be again this is the problem that 734 00:28:50,700 --> 00:28:54,659 I was trying to solve I do not want to 735 00:28:52,380 --> 00:28:55,860 be thinking about how to solve these 736 00:28:54,659 --> 00:28:57,299 problems I want to be thinking about the 737 00:28:55,860 --> 00:29:00,539 problem that I'm trying to solve in 738 00:28:57,299 --> 00:29:03,500 ansible sorry the automation problem not 739 00:29:00,539 --> 00:29:03,500 in ansible no 740 00:29:03,840 --> 00:29:08,580 um so a fact is basically we derive it 741 00:29:07,080 --> 00:29:11,539 from what's called fact base which is 742 00:29:08,580 --> 00:29:13,980 just the you know the the superclass 743 00:29:11,539 --> 00:29:15,539 there's two methods that we need to 744 00:29:13,980 --> 00:29:18,240 implement command which in this case 745 00:29:15,539 --> 00:29:19,559 we're actually there is a helper script 746 00:29:18,240 --> 00:29:21,240 that applying for supplies that just 747 00:29:19,559 --> 00:29:22,860 lets us go hey we just want to cap the 748 00:29:21,240 --> 00:29:25,020 output of all those files 749 00:29:22,860 --> 00:29:26,520 and then there's a process which it runs 750 00:29:25,020 --> 00:29:29,820 which basically grabs the output of all 751 00:29:26,520 --> 00:29:32,039 those files which is executed across SSH 752 00:29:29,820 --> 00:29:33,240 brought brought back and then we just go 753 00:29:32,039 --> 00:29:36,000 hey 754 00:29:33,240 --> 00:29:37,679 do with it whatever and what I'm doing 755 00:29:36,000 --> 00:29:39,000 with it here is basically just returning 756 00:29:37,679 --> 00:29:40,980 a dictionary that says this is the key 757 00:29:39,000 --> 00:29:43,020 type this is the key value imagine says 758 00:29:40,980 --> 00:29:43,860 one minute 759 00:29:43,020 --> 00:29:45,539 um 760 00:29:43,860 --> 00:29:47,820 but this is the thing is that the fact 761 00:29:45,539 --> 00:29:49,140 is structured in a way that helps me 762 00:29:47,820 --> 00:29:51,299 solve the problem that I'm trying to 763 00:29:49,140 --> 00:29:54,320 solve 764 00:29:51,299 --> 00:29:54,320 and skip over the next fact 765 00:29:54,480 --> 00:29:59,279 should note right 766 00:29:57,539 --> 00:30:02,700 and then this is the operation the 767 00:29:59,279 --> 00:30:04,860 operation is basically it grabs all the 768 00:30:02,700 --> 00:30:07,520 data that you've collected and then sits 769 00:30:04,860 --> 00:30:07,520 there and 770 00:30:08,100 --> 00:30:11,100 where what I'm doing here is irrelevant 771 00:30:09,720 --> 00:30:12,000 skip that 772 00:30:11,100 --> 00:30:13,860 um 773 00:30:12,000 --> 00:30:15,840 but we need to basically say in the SSH 774 00:30:13,860 --> 00:30:19,320 known case files we need to delete Keys 775 00:30:15,840 --> 00:30:20,760 we need to append Keys we sit there and 776 00:30:19,320 --> 00:30:22,919 we work over 777 00:30:20,760 --> 00:30:24,179 we do basically technical Mumbo jumper 778 00:30:22,919 --> 00:30:26,340 don't need to care about it but what we 779 00:30:24,179 --> 00:30:27,779 do at the end is we go for the lines 780 00:30:26,340 --> 00:30:29,399 that I want to lead out of the key file 781 00:30:27,779 --> 00:30:31,380 this is the said command I want to 782 00:30:29,399 --> 00:30:32,700 execute for all the keys I need to 783 00:30:31,380 --> 00:30:34,980 append these are the keys I need to 784 00:30:32,700 --> 00:30:36,600 append and if I've made any of those 785 00:30:34,980 --> 00:30:39,840 changes 786 00:30:36,600 --> 00:30:41,580 it's almost up if I if I have made any 787 00:30:39,840 --> 00:30:43,860 of those changes then I need to use SSH 788 00:30:41,580 --> 00:30:46,020 Keygen to sit there and reformat the 789 00:30:43,860 --> 00:30:49,440 output to rehash the output 790 00:30:46,020 --> 00:30:50,760 and I think I'm done and I apologize 791 00:30:49,440 --> 00:30:53,539 um 792 00:30:50,760 --> 00:30:53,539 30 seconds 793 00:30:53,700 --> 00:30:56,760 right 794 00:30:54,659 --> 00:30:57,600 there will be no questions 795 00:30:56,760 --> 00:31:00,600 um 796 00:30:57,600 --> 00:31:02,220 if you do two months fee operations to 797 00:31:00,600 --> 00:31:04,140 Pine for when you run it you get to see 798 00:31:02,220 --> 00:31:06,899 the commands that it spits out over the 799 00:31:04,140 --> 00:31:08,640 top commands are the facts that it's the 800 00:31:06,899 --> 00:31:10,860 shell commands that it executes for the 801 00:31:08,640 --> 00:31:13,500 facts the bottom commands are the ones 802 00:31:10,860 --> 00:31:17,100 that the output of the operation that I 803 00:31:13,500 --> 00:31:19,080 ran and that shows you yep exactly what 804 00:31:17,100 --> 00:31:21,059 it is it's doing if you use three minus 805 00:31:19,080 --> 00:31:22,620 fees it actually sits there and shows 806 00:31:21,059 --> 00:31:24,360 you the command the response from those 807 00:31:22,620 --> 00:31:26,840 commands coming back this is great for 808 00:31:24,360 --> 00:31:26,840 debugging 809 00:31:27,179 --> 00:31:32,399 any Lessons Learned yes time up talks 810 00:31:29,340 --> 00:31:34,380 more properly uh no questions 811 00:31:32,399 --> 00:31:36,860 this time we're really done I apologize 812 00:31:34,380 --> 00:31:36,860 sorry 813 00:31:37,620 --> 00:31:41,240 honestly pretty good speed run