Ansible & devop world

So recently, due to lack of Infrastructure coder at my work place, I was asked to do some Devops work. :-/ Shitzz....

Anyhow, beside learning all the AWS jargons and how to deploy Cloudfoundry + Hacking it while i have the time, I have also been using/learning Ansible as well and gained a lot of benefit from it.

This is a simple Vagrant provision with ansible playbook that will help you manage your CF environment if you have multiple of them deployed (staging, dev, prod).

My recommendation is to have this ready in an encrypted portable HDD as it would contain sensitive AWS, UAA, CF admin credentials. And whenever you need to do admin/devops tasks, decrypt the drive, fire up the vagrant box, ssh and switch to the right user, perform the task! :)

https://github.com/santrancisco/thatdevopsguy/

Some notes when learning vagrant:

  • Vagrantfile can parse yml file cause it's essentially ruby. We can have 1 config file for everything
  • ansible-vault is fanstatic tool to encrypt credentials (AES256 if i rmb it correctly)
  • Use roles more often so it can be reusable
  • Playbook best practice Is great to learn how to write a playbook
  • vagrant up --no-provision & vagrant provision --provision-with {{provisionname}} is helpful to split different tasks into different provisions for Vagrant box. that way smaller playbook can be re-run later without running everything from scratch. (Eg, in this case i have a vagrant playbook to load the ansible-vault file and perform login/adding new credentials to the box
  • To make it a little more secure, soft-link ~/VirtualBox VMs folder to /Volume/Devops (which is where the encrypted drive is mounted to). This way even the VM state is also encrypted.

When i have the time, more quirky shits about ansible and CF will be listed here.

Note to self: Finish MitM+Wireless Mana vagrant box & think about using this awsome shiny tool for fuzzing in da future.

comments powered by Disqus