DO407/EX407 -- Automation with Ansible

wolfinsheepsclothing

I'm taking the new DO407 course ("Automation with Ansible") next month in Raleigh I've used Ansible to deploy OpenShift 3.x, but really haven't had the opportunity to 'deep dive.' I'll let you know what I think of the course/exam. Anyone taken the course? I'm looking over the coursebook currently and was happy to see the inclusion of Tower.

alias454

I think that is pretty cool. I should throw ansible on my short list of things to learn. How much is the course?

wolfinsheepsclothing

alias454 wrote: »

I think that is pretty cool. I should throw ansible on my short list of things to learn. How much is the course?

I'm not sure. Courses/exams are free for employees. I would imagine it's about the same as most others though (4 day course; exam on the 5th day)

varelg

That is so awesome! Isn't the Tower in the title of the course?
How big is the class? Oh I bet it's a lot of fun!

wolfinsheepsclothing

varelg wrote: »

That is so awesome! Isn't the Tower in the title of the course?
How big is the class? Oh I bet it's a lot of fun!

Not in the title, but Tower (and Vault) are included in the description. I only see the title "Automation with Ansible" and a course date on my calendar. Internal training usually have between 10-15 people, but since this a new course (and likely to be quite popular), there might be more. I'm not sure where they will cap it.

asummers

It does seem strange that RH is now providing puppet and ansible courses and certs. I know they are slightly different but they are competitors.

I do feel RH will want to push Ansible considering they bought it

wolfinsheepsclothing

asummers wrote: »

It does seem strange that RH is now providing puppet and ansible courses and certs. I know they are slightly different but they are competitors.

I do feel RH will want to push Ansible considering they bought it

I was told that the only reason they were able to run a puppet course is because of the Satellite 6 component; had it been straight puppet coding, Red Hat would not have offered the course. Both are neat tools. At this point, I'm not sure which I 'prefer.' I do like the agentless nature of Ansible (and the fact that it uses SSH, which is open in almost all environments, so no need for additional firewall rules). Plus, it doesn't require anything to be preinstalled on the hosts that are to be managed.

chanakyajupudi

Do let us know how the class is. We hope that it comes to the Partner learning subscription soon!

Verities

Haven't taken the course, looking forward to hearing about it. I recently deployed Tower and I'm in the first phase of testing. I've tested 1 job template so far to ensure functionality of the product with a trial license. The setup and configuration was a lot easier than Satellite 6. I had it up and running in a matter of maybe 10 minutes or less.

Something to be aware of is the plain text yml that's created after the installation.....make sure to either encrypt it afterward or trash it because it stores all the passwords created by the configure script. I'll be looking around the server tomorrow to see if anymore clear text passwords remain elsewhere.

Verities

Loving Tower so far...haven't run into any issues with the program, setup, or maintenance. The most time consuming part of it all is creating a playbook to fit your needs. The language is easy and you can get away with a lot of things by keeping your playbooks simple.

When you get to the more advanced stuff like replacing lines in files (think sshd_config and removing the # infront of Protocol 2) using regular expressions it gets a bit more difficult. I'm very happy with the results so far and the most interesting part of it all is the extensibility of playbooks. There is no one right way to do things and you can create playbooks as complex or as simple as you want.

Back to reading about modules...

wolfinsheepsclothing

Thanks for the posts Verities. Good information. Regex is also permissible in puppet manifests. My one gripe about YAML is that it's less forgiving syntactically than JSON; otherwise, it's very easy to read/understand what the playbooks are trying to accomplish.

Verities

You are very welcome. So I've come to the conclusion its much faster to build and run playbooks as well as debug from Ansible using CLI and to not use Tower. Tower doesn't provide the option to write playbooks from within the GUI...which doesn't make sense to me. Also, I've run into issues where error messages are completely obscure and don't point to the real issue. You essentially have a GUI that allows you to see if a playbook failed or not and allows you to create reoccurring jobs. I can't justify 10k for those two options when I can do everything other than reoccuring scheduling from the CLI. I'll just do the archaic method of using a cron job for a playbook if necessary.

When I go and run a playbook from the CLI, I see the real errors and I'm able to troubleshoot. Using the GUI, you still have to go into the CLI to troubleshoot.

Another thing...if you decide to use Ansible, make sure you set the proper configurations in the /etc/ansible/ansible.cfg file. The bare minimum if you're using ssh keys (which I highly recommend) instead of using root is set the following settings:


host_key_checking = False

So I don't think I'll be continuing with Ansible Tower, but I will continue using Ansible. I'm finding myself looking at creating playbooks for all sorts of issues: STIGs (yes they can be automated!), updating servers and adjusting server configurations.

chanakyajupudi

I had a go at the class and I think it is only for those who do not have any Ansible knowledge or experience. If you do then skip the class.

Amuerte

Hello there. Any returns for the classes and exams ? Is it worth it ?

Canon55

Hi chanakyajupudi, can you please tell us some more about the course? You say that it is only for those who do not have any Ansible knowledge. Do the instructors give you some good tricks etc?

What would you recommend to prepare for this course?

ky13

The course provides a good baseline imo. No prep work is necessary. Ansible is still in EPEL, so I'd recommend just downloading it, visit docs.ansible.com, and start building playbooks/roles

anfield

Does anyone have any pointers for the actual exam itself? Information is quite thin on the ground...aside from exam outline. I am getting ready to take this test soon

chmod

I would like to take the exam one day, i love ansible but the exam is not been offered in my CR as of yet.

Ansible is such great tool.