Ansible / Salt
by Pere Hospital
1. Ansible info
1.1. Best practices
1.2. Ansible on Orchestration
1.3. Ansible Performance Tuning
1.4. Ansible Vault
1.4.1. Security
1.5. Long running tasks
1.6. Running playbooks against just one host
1.7. Custom facts
1.8. Yaml parser
1.9. Great ansible intro
2. Salt vs Ansible
2.1. Salt vs. Ansible
2.2. Moving away from Puppet: SaltStack or Ansible?
3. Problems with current setup (master-less puppet + mcolletive)
3.1. Two tools
3.2. Complex infrastructure (activemq)
3.3. No accountability when running puppet runs
3.3.1. if mcollective daemon is not responding, no way to know
3.4. Security
3.4.1. Nodes can see each other
3.4.2. Nodes (could) start communication
3.4.3. Nodes (could) access mcollective server
3.5. Heavy on nodes
3.5.1. mcollective agent
3.6. Most stuff we execute is one to one
3.6.1. i.e. deploy application X to server Y
3.6.2. Between 3k and 5k daily mco calls
3.6.3. Only stuff we do with broadcasts
3.6.3.1. patching
3.6.3.2. Security vulnerabilities
3.6.3.3. Sync repos ...
4. Ansible strong points
4.1. No agent on nodes
4.2. Simple SSH
4.3. Ordered execution
4.4. Easy to learn
4.4.1. i.e. extending to customers
4.5. Modules can be written in any language (can we reuse mcollective agents?)
4.6. Best for Docker?
4.7. Security
4.7.1. No agent and outgoing connections to nodes (push)
5. Salt strong points
5.1. Fast (ZeroMQ)
5.2. Very modular (framework like)
6. Salt weak points
6.1. Steep learning curve
6.2. Agent
6.2.1. Agent includes already SSL + message queue, so simpler than current setup