Will Thames' tech blog

Blog Posts

• Ansible Inventory Diff Github Action

  At Skedulo we have a pretty sophisticated inventory set up that uses the generator plugin and hundreds of inventory directories to manage the configuration of dozens of different microservices and infrastructure services across several environments and regions. ansible-inventory-diff is a tool that takes two git branches and runs ansible-inventory against both branches and compares the results, showing what hosts have inventory changes and what those changes are. We’ve been using ansible-inventory-diff to protect ourselves from unexpected issues as a result of inventory changes for a while now.

  09 Sep 2020

• Immutable Kubernetes configuration with Ansible

  This post touches on a key component of my Managing Kubernetes is Easy With Ansible talk that I gave at AnsibleFest 2018. Since giving that talk, I’ve also solved some of the unforeseen consequences, and go into further detail here.

  28 Jan 2019

• connection: local vs delegate_to: localhost

  Performing tasks locally is a common operation when working with an API of some kind—typical use cases are cloud services, network devices, cluster management. There are three ways of achieving this in Ansible: connection: local, delegate_to: localhost and local_action. The last is rarely seen these days and can be deemed equivalent to delegate_to: localhost in terms of advantages and disadvantages, but with the additional disadvantage of being a very unusual style, adding a readability penalty.

  01 Jul 2018

• Managing Multiple AWS Consoles With Multi Account Containers

  While there are ways of managing multiple AWS account consoles in a single browser (such as assuming roles to access other accounts), various constraints might prevent that (e.g. accounts owned by third parties to which access should be segregated).

  28 Feb 2018

• Using updated modules, libraries and plugins with stable Ansible
  This page was updated 2020-05-16 to incorporate how to use collections to the same effect
  This page was updated on 2019-04-07 to improve `module_utils` information and add plugin information

  There are many reasons to want to use newer modules than a chosen stable Ansible core release:

  • Feature enhancements don’t get backported to stable branches
  • Non-security bug fixes only tend to get backported one version — which means if say 2.N.0 hasn’t had all the core bugs ironed out yet, you might not get the benefit of module bug fixes while you remain on 2.N-1.0
  • Some improvements only exist in PR form. Some improvements only exist in branches made by combining multiple PRs.† Some improvements are very handy but so experimental they’re not even ready for a PR!†

  12 Dec 2017

• Generating inventory

  As mentioned in yesterday’s blogpost, using a combination of environments, applications and operations can cause a cartesian explosion in hosts and groups to manage.

  01 Nov 2017

• Making the most of inventory

  When using Ansible to consume APIs such as cloud services, the logic runs from the controller machine. As a result, people tend to think that as this runs locally, using hosts: localhost is the best option.

  31 Oct 2017

• So You Want To Test AWS Modules For Ansible
  This page was updated on 2018-02-28 to better document IAM policy changes, the aliases file, YAML anchors for testing credentials

  You’re a (prospective) contributor to Ansible, and you have some great improvements to make to an existing module or a brand new module. As a conscientious developer, you know that having tests will ensure that you don’t break existing behaviour, and that other people’s future enhancements won’t break your desired behaviour. The standard tests for AWS modules are integration tests as most of them rely on creating some resources in AWS, updating them, and then cleaning up afterwards.

  17 Jul 2017

• An Introduction to Code Reviews

  Most software development teams have long been doing code reviews, and while it’s not uncommon amongst system administrators, it’s not universally practised.

  07 Nov 2016

• Ansible Brisbane October 2016 talk

  At Ansible Brisbane October 2016, I gave a talk on Automating Ansible Code Reviews

  25 Oct 2016

• DevOps Days Singapore Ansible Workshop

  My three hour workshop on Ansible from Zero to Best Practices

  09 Oct 2016

• Using Ansible's command and shell modules properly

  I realise I have quite strong opinions on the command and shell modules in Ansible. There are now four independent checks in ansible-lint for ways to use the modules badly. Let me count the ways…

  21 Sep 2016

• Thoughts from the first Ansible Brisbane meetup

  Tonight we had the first Ansible Brisbane Meetup. It was relatively well attended, and there were a lot of interesting questions following the talks.

  21 Jul 2016

• Announcing ansible-review

  ansible-review is coming up to the three month anniversary of the first commit, and I’ve given it little publicity other than an ignite talk at the last DevOps Brisbane Meetup.

  28 Jun 2016

• DevOps Chennai talk

  For DevOps Chennai, I revisited my What Ops Can Learn From Dev talk

  20 Apr 2016

• Ansible slow to startup on Fedora 23

  I was sitting with a colleague helping with some Ansible stuff and I couldn’t help noticing his playbook runs were taking a minute before the first connection to a host.

  11 Mar 2016

• Devops Days Melbourne Talk

  At Devops Days Melbourne I gave a companion talk to last year’s talk. This year’s is called “What Operations can learn from Developers” and talks about how Ops can make use of the same practices and techniques that developers use to maintain great code.

  17 Jul 2015

• A Worked Example of Role Versioning

  This post is an example of how to use versioning of roles with playbooks. The initial premises are these:

  • We have per-environment playbooks. This is not very DRY but allows us to maintain different versions of applications in different environments
  • The bulk of the logic is in roles - our playbooks have almost zero logic in them
  • Roles are versioned rather than playbooks
  • Roles MUST be versioned before being used in production
  • Production environments MUST specify explicit role versions (not HEAD)

  03 Apr 2015

• Speeding up Ansible

  I noticed at work recently that Ansible seemed to be taking a really long time. On further inspection of the start and end time of tasks, each task seemed to be taking three seconds.

  31 Jan 2015

• Techniques for Versioning Ansible II

  This is a replacement post for my most recent entry on techniques for versioning ansible. The motivations described within that post remain valid. We do versioning for the following reasons:

  • Allow the reuse of a role across multiple playbooks
  • Ensure playbooks to have the same effect, even when run months later
  • Roles may be updated without worrying about breaking earlier playbooks that rely on them

  03 Sep 2014

• Techniques for Versioning Ansible

  First, let’s start with the why. With source control and inventory, do we actually need to version Ansible playbooks or roles?

  11 Aug 2014

• Refactoring ansible-lint for greater flexibility

  I first wrote ansible-lint nearly a year ago. The aim behind my implementation was to be able to spot common antipatterns and indeed bugs and report them to users.

  10 Aug 2014

• Devops Days Brisbane Talk

  At Devops Days Brisbane I gave a talk called “Designing and Devoloping Software for Operations”, providing my thoughts and advice to help write software that is easy to operate.

  10 Aug 2014

• Ansible Training

  I wrote a slide deck for work for internal training on Ansible. I’ve created a public-facing version.

  26 Jun 2014

• Debugging Ansible for fun and no profit

  A colleague reported some strange behaviour regarding Ansible, in particular with pgrep and pkill in the shell module.

  28 Apr 2014

• Using unarchive with local archives

  Ansible’s unarchive module has been around a while but it’s not always been suitable for use on archives local to the destination node (especially when running ansible-playbook on the destination host using the local connection. There are two key elements to this tip:

  17 Apr 2014

• An Ansible Inventory Grapher

  Inspired by my recent efforts to handcraft Ansible inventory graphs, and wanting to be able to quickly see what groups are used for a particular host in Ansible inventory, I decided to generate some graphs.

  03 Apr 2014

• Modelling Credentials Configuration in Ansible

  One of the most common things to configure in an application is some kind of credentials based connection. Typically this will be to a database or an API endpoint, but it doesn’t really matter too much - the examples in this post will be database configuration, but the principles are the same.

  02 Apr 2014

• Problems with graphviz font selection

  When tweeting about my recent Ansible post I mentioned that graphviz selection problems were the cause of some delay. @magneticnorth responded that it was dismaying given the size of the underlying font handling libraries. So I thought I’d give a more detailed breakdown.

  20 Mar 2014

• Ansible layered configuration for AWS

  Ansible’s system for managing configuration of hosts is inventory. The documentation on inventory - both static and dynamic - is a good reference but I’d like to provide further context through example.

  17 Mar 2014

• Welcome to my new blog

  A new year brings a new blog. I’ve been doing lots of cool things recently in the world of tech, particularly with AWS and Ansible, and it’s time to write some of my learnings down so that others can benefit.

  13 Jan 2014

• Devops Brisbane Ansible talk

  Source code

  24 Aug 2013