On 2014-09-16 22:43, Alan McKinnon wrote:
Anyone here used ansible and at least one of puppet/chef?
What are your thoughts?
I've made several attempts over the years to get puppet going but never
really got it off the ground. Chef I stay away from (likely due to the
first demo of it I saw and how badly that went....)
Puppet seems to me a good product for a large site with 1000 hosts.
Not so much for ~20 or so. Plus puppet's language and configs get large
and hard to keep track of - lots and lots of directory trees with many
things mentioning other things. (Nagios has the same problem if you
start keeping host, services, groups and commands in many different
files)
I've stumbled upon ansible, it seems much better than puppet for
smallish sites with good odds I might even keep the whole thing in my
head at any one time :-)
Anyone care to share experiences?
We use ansible.
I like it because you don't need any agents to install, just the ssh
keys and python, which is mandatory on gentoo anyway. We use a
minimalistic script that bootstraps machines (xen-domU) and then
everything else is configured via ansible. Since version 1.6 there is
the portage module to install software and you can do pretty stuff with
replace/lineinfile/template/copy modules.
The roles are a good way of keeping your systems equal. We have a common
role for all gentoo machines, then roles specific for dom0 and domU
machines and then the actual roles of a project (project-app for
application server of a project). You can even more abstract it to have
a common application server or a common database, but since you can
include other playbooks, we don't use it that way (also to not get lost
in too many levels of abstractions).
For upgrades you either write precise playbooks (for example, before you
used a specific "testing" package and now you want a newer "testing"
one) where you delete the previous package.accept_keywords line and
insert the new one. Or by having a small number of servers it's often
faster by clusterssh.
