sources/tech/20190826 5 ops tasks to do with Ansible.md
5.6 KiB
5 ops tasks to do with Ansible
In this DevOps world, it sometimes appears the Dev half gets all the limelight, with Ops the forgotten half in the relationship. It's almost as if the leading Dev tells the trailing Ops what to do, with almost everything "Ops" being whatever Dev says it should be. Ops, therefore, gets left behind, punted to the back, relegated to the bench.
I'd like to see more OpsDev happening. So let's look at a handful of things Ansible can help you do with your day-to-day Ops life.
I've chosen to present these solutions within Ansible Tower because I think a user interface (UI) adds value to most of these tasks. If you want to emulate this, you can test it out in AWX, the upstream open source version of Tower.
Manage users
In a large-scale environment, your users would be centralised in a system like Active Directory or LDAP. But I bet there are still a whole load of environments with lots of static users in them, too. Ansible can help you centralise that decentralised problem. And the community has already solved it for us. Meet the Ansible Galaxy role users.
What's clever about this role is it allows us to manage users via *data—*no changes to play logic required.
With simple data structures, we can add, remove and modify static users on a system. Very useful.
Manage sudo
Privilege escalation comes in many forms, but one of the most popular is sudo. It's relatively easy to manage sudo through discrete files per user, group, etc. But some folk get nervous about giving privilege escalation willy-nilly and prefer it to be time-bound. So here's a take on that, using the simple at command to put a time limit on the granted access.
Manage services
Wouldn't it be great to give a menu to an entry-level ops team so they could just restart certain services? Voila!
Manage disk space
Here's a simple role that can be used to look for files larger than size N in a particular directory. Doing this in Tower, we have the bonus of enabling callbacks. Imagine your monitoring solution spotting a filesystem going over X% full and triggering a job in Tower to go find out what files are the cause.
Debug a system performance problem
This role is fairly simple: it runs some commands and prints the output. The details are printed at the end of the run for you, sysadmin, to cast your skilled eyes over. Bonus homework: use regexs to find certain conditions in the output (CPU hog over 80%, say).
Summary
I've recorded a short video of these five tasks in action. You can find all the code on GitHub too!
Michael DeHaan is the guy who created, in his own words, "that Ansible thing." A lot of the things...
A little bit of coding knowledge can let anyone write small scripts to do these tasks and save them...
via: https://opensource.com/article/19/8/ops-tasks-ansible
作者:Mark Phillips 选题:lujun9972 译者:译者ID 校对:校对者ID