CASE STUDIES: NASA AND FRIENDS

Greg DeKoenigsberg (@gregdek)

GOOD MORNING!(Who are you?)

THIS IS A TALK FOR BUSINESS FOLKS(But we can go anywhere you like!)

ANSIBLE USERS HAVE A LOT OF USE CASESLet's talk about a few of them today.

WHAT IS ANSIBLE, ANYWAY?

CONFIGURATION MANAGEMENTKinda like Puppet / Chef

ORCHESTRATIONKinda like mCollective

APPLICATION DEPLOYMENTKinda like... Fabric / Capistrano

ALL OF THESE THINGS TOGETHERKinda like... nothing

\"FANCY SSH FOR-LOOP\"

NEXT GENERATION AUTOMATION FRAMEWORK

SIMPLE(Get started on your lunch hour)

AGENTLESS(Got ssh? Ansible is for you)

POWERFUL(Batteries included)

BINCKBANK

About BinckBank

Based in Amsterdam, NL

Largest Dutch online discount broker

590 employees

760,000+ accounts

600 UNIX servers

Mark Maas, UNIX/Linux System Administrator

THE CHALLENGE

We have 600 UNIX servers in house. We have a lot of specialtyenvironments that we need to create while at the same time

managing our production environment.

Our problem was complexity in the datacenter. We wantedautomation but we also wanted simplicity and to not have to send

people to training in order to use the product.

BEFORE ANSIBLE

In the past we did our own scripting for menial tasks over a lot oflate nights of pizza.

WITH ANSIBLE

Ansible is quite fun to use right away-—as soon as you write fivelines of code it works.

With SSH and Ansible I can send commands to 500 serverswithout having even used the servers before.

We are completely focused on automating as much as possible inour datacenter and going beyond Unix to create more stuff for

more people to do be able to do more.

MOVING FORWARD

Recently I purchased a license for Ansible Tower. I would like togive non-technical users access to it and open up the technicalside to people who have no idea what I am talking about. With

Tower, my Linux guys can access our templates without having todo any coding. Tower opens up Ansible to the rest of company.

HOOTSUITE

About HootSuite

Based in Vancouver, BC, Canada

Social media management

~400 employees

Over 8 million users

75% of Fortune 500 uses HootSuite

Beier Cai, Director of Technology

THE CHALLENGE

Our infrastructure is not scripted, repeatable or immutable.

Rebuilding a server relies on limited documentation and mostlymemory.

Lack of repeatability makes automating our infrastructure andapplication deployment difficult.

There was one time we had to spend over a month of anengineer’s time to rebuild a server that had lived for 2 years with

random config changes by ops engineers along the way, withlimited documentation.

BEFORE ANSIBLE

We had limited experience with Puppet, but didn’t quite like itbecause 1) it needs agents, and we don’t like agents; and 2) wefavor immutability over snowflake factory for infrastructure

management.

WITH ANSIBLE

Ops and devs both feel safer, literally. Before they were alwaysworried about ‘what if the server dies’. They aren’t worried about

this anymore after all servers are properly ‘Ansiblized’.

With the help of Vagrant we can test server builds locally asmany times as we want until it works, instead of testing it on EC2

cloud which is remote and always slow.

Increase our bus factor from 1 to infinite! Before, only 1 or 2people know how a server was built from the beginning. With

Ansible, storing playbooks in source control gives everyone theability to rebuild the server at any time.

MOVING FORWARD

We want to build out "Devops" into HootSuite, and our vision is"Software Engineers are engaged in the entire cycle of designing,implementing, deploying and maintaining their software across

all environments".

NASA

About NASA

They put men on the freaking moon

About NASA WESTprime

WESTPrime == Web Enterprise Service Technologies prime

Blanket purchase agreement funded by NASA

Contracted to InfoZen Inc., a cloud broker and integratorbased in Rockville, MD

InfoZen responsible for entire cloud migration for all NASAweb assets

Jonathan Davila, Senior DevOps Lead, InfoZen

THE CHALLENGE

WESTPrime’s initial focus was to move roughly 65 applicationsoff the old data center as quickly as possible in a seemingly

impossible timeline.

All of a sudden we had an environment spanning multiple VPCsand AWS accounts with no way of centrally managing it.

We were faced with a very ugly scenario where even simplethings like ensuring every SysAdmin had access to every server,

or simple patching were extremely burdensome.

BEFORE ANSIBLE

Previously, NASA WESTPrime was using a lot of shell scripts.There was a lot of "manually ssh-in-and-do-x" type of work being

done.

We then created a demo day in which we invited the automationplayers to demonstrate the enterprise flavors of their product.

After quite a long day of deep level demos and Q&A, and a weekof analysis with the technical team we decided unanimously that

Ansible was the best fit for us.

Why?

No agents

Very small learning curve (a day or less!)

Non-technical staff can read a play and know what's happening

Native use of SSH

The most active open source community among itscompetitors

WITH ANSIBLE

NASA web app servers are being patched routinely andautomatically through Tower with a very simple 10-line Ansible

playbook.

Every single week www.nasa.gov is updated via Ansible,generally only taking about 5 minutes to do, including the mobile

version of nasa.gov.

Because of Ansible we are able to organize our inventory of AWSresources in a very granular way that was not at all possible

before.

One time we faced some strict deadlines for monitoring and wedidn’t have time to deploy Nagios agents (due to lengthy approval

workflows in place) to monitor RAM and CPU. So what did wedo? We did a very simple hack to be able to monitor CPU and

RAM with Ansible in near real-time (no agent required!).

Ansible was leveraged to remediate both OpenSSL issues thisyear in ridiculous time (leadership was blown away).

It is also used to ensure our environment is compliant withnecessary Federal security standards as outlined by FedRAMP

and other regulatory requirements.

There is a level of comfort and confidence that Ansible has beenable to provide that simply was not there before.

MOVING FORWARD

We are working on moving many applications into cycles ofContinuous Integration and Deployment, which will be

leveraging Ansible as the conductor of these architectures.

The moment 1.7 is released, Ansible will be used to manage ourstack of Windows servers and do the same magic we've been

doing with Linux.

The end goal will be for our sysadmins to only need toSSH/WINRM into servers manually for troubleshooting. Allserver changes will eventually happen exclusively through

Ansible (and the occasional CloudFormation tempate).

A TWEET BEFORE WE GO

Adam Werewolf (@adamwwolf)

I use @ansible to do just about everything. If you say "I don't havetime to set it up" you're who it's for--you don't have time *not* to.

11:20 AM - 21 Oct 2014

https://twitter.com/adamwwolf/status/524626206470053889

THE WORLD IS CHANGING

THANKS / Q+Agreg@ansible.com

@gregdek