CoTech Hack 2018/CoTech and Ansible

Links

• Discourse thread
• Collaborative Minutes from Meeting

PLain text from the pad:

----------------------------------------------------------------------------
   ___     _____          _                 _             _ _     _      
  / __\___/__   \___  ___| |__      _      /_\  _ __  ___(_) |__ | | ___ 
 / /  / _ \ / /\/ _ \/ __| '_ \   _| |_   //_\\| '_ \/ __| | '_ \| |/ _ \
/ /__| (_) / / |  __/ (__| | | | |_   _| /  _  \ | | \__ \ | |_) | |  __/
\____/\___/\/   \___|\___|_| |_|   |_|   \_/ \_/_| |_|___/_|_.__/|_|\___|

----------------------------------------------------------------------------

https://pad.vvvvvvaria.org/cotech-infra
                                                     
# Agenda (1 hour)

  * Who Is Here, Introductions. (5 mins)
  * Survey: How do you use Ansible in your coop. (10-15 mins)
  * Ansible Galaxy and Sharing Infrastructure. (30-40 mins)
  * Ansible Project And CoTech. (5 mins) (optional)
  
Agenda forming! Add your points, shuffle times, whatever.

# Who Is Here?

* Autonomic: Leo
* Aptivate: Alice, Luke, Tom, Martin, Daniel
* Web Architects: Chris, Nick
* Media Blaze: Liam
* Stephen: Agile Collective
* Outlandish: Matt

# Survey: How do you use Ansible in your Coop?

Useful to know who is doing what. Let's take a minute and see what is useful to know.

* Since when are you using Ansible in your coop?
* How do you use Ansible (across the board, or just application deployment, etc.)?
* How many machines do you manage with Ansible (roughly).
* Who has roles that could potentially be shared?

* What distributions are targetted?
  * WebArchs: Debian Stretch
  * Outlandish: Ubuntu 16.04
  * Aptivate: CentOS 7
  * Agile Collective: Ubunutu 18.04
  * Autonomic: Debian Stable
  * MediaBlaze Hosts: Ubuntu 16.04 + 18.04 (looking to implement Ansible)

Autonomic:
    * server provisoning, pass integration
    * https://gitlab.com/autonomic-roles (libre roles)
    * Finding it hard to find the time to update our libre roles. Roles used internally are more up to date.
Aptivate:
    * started to use in last few months, moving from puppet based infra management. AH
    * https://git.coop/aptivate/ansible-roles
    * https://git.coop/aptivate/ansible-plays
Media Blaze:
    * Not currently using, but interested to get into it
Web Architects / Outlandish (Nic):
    * Experienced user
    * Many roles that can be shared
    * https://git.coop/webarch
Outlandish:
    * AWS provisioning and app deployment
Agile Collective:
    * Moving from puppet to Ansible


# Ansible-Galaxy And Sharing Infrastructure
* https://galaxy.ansible.com
* https://molecule.readthedocs.io
* https://github.com/ansible/ansible-lint


* Matt: difficulty using molecule. Big chunks
  * Limitations with Docker. Using AWS driver which works.
  * But it is slow. Issue with credentials (protected branches).
  * Cost issue with running.
* Matt: Molecule and testinfra seems most useful.
* Leo: Autonomic a tough time setting Molecule up.
* Nick: What if git.coop had a special runner to run tests on a clean VM?
* Luke: Aptivate created a driver? to spin up temporary vms on provider using API (Linode).
* Alice: What about sharing roles - trust? Who has control? 
  * AWX can do this (RedHat solution, recently Free Software). Ansible Tower?
  * AWX has team/prg access controls, which member ran a playbook.
  * Each coop can maintain their own repos - use the typical fork/pull request model.
* Stephen: Public roles typically, used as inspiration to write own roles.
* Nick: How do we find a middle ground between global public and 'it works for my machine'
* Alice: Everyone run their fork and only merge changes that they have reviewed.
* Chris: Would make sense to have separate roles for different OS's
* Chris: we could work towards common strategies for structuring our roles
* Luke's brain: we have common parts, but different OSes support (for example).
  * What if there was some way to plug in and out the bits that are specific for our own setups?
* Nick: examples of 'external/internal/...' where our setups differ
* Nick: Can we get going with a best practices document which we can start to share.
  * This could be very useful.
* Luke: How do we standardise documentation for our roles and hook 'what it says it does' to molecule.
* Nick: pluralistic documentation rather than "one true way"
* Chris: Chris from Barcelona who is working on coop cloud and are using web arch's roles
* Matt: Outlandish roles are done by me and can be shared
  * Matt: can we share how we are doing deployments? This would be useful!
* Stephen: We have a monolith repository so it is hard to share this
* Matt: we use ansistrano? for deploying applications
* Leo: its a good stratergy to share roles that do very specific things
* Matt: testinfra on the play level! Quick, easy, helps give guarantees.
  * Is the bloody webserver still up?

### Conditions for Sharing
* Tested
* Some way generally standardised (docs, roles, etc. - guide might help this)
* "UNIX thinking" - best practice? This is a design choice.
* VERSIONING (galaxy supports this - also releases etc.)
* change logs are important

- overhead is there but also better than things breaking
- lets stop writing lets encrypt roles
- does galaxy support signing?

* Luke: Ansible galaxy is almost ready for self hosting. A few issues right now but devs are working on it.
* https://galaxy.ansible.com/
* Matt: self hosted galaxy would be really useful
* Nick: we can already share roles and we shouldn't wait for galaxy to get sorted before we start sharing
* Alice: does ansible galaxy implement any signing?
* Leo: probably just TLS
* Matt: does anyone have worries about IBM by out of Red Hat affecting galaxy?
* Consensus that it will be ok becayse GPL

* Group temporaily distracted by Ansible swag including tshirts and stickers

* Chris: if we setup galaxy, we should to co-ops internationally

## co-op ansible stuff to browse

* https://gitlab.outlandish.com/ansible-roles
* https://git.coop/webarch/
* https://git.coop/aptivate/ansible-roles
* https://git.coop/aptivate/ansible-plays
* https://github.com/gcoop-libre?utf8=%E2%9C%93&q=ansible
* https://gitlab.com/autonomic-roles 

ACTION: git.coop/cotech/ANSIBLE/best-practices etc. one foo.md with some docs

##LIAM##
Sorry guys cant really hear you so ill drop call here and catch up via this etherpad if thats ok just hearibg a lot of background noise
Ok! Sorry, damn london noise pollution .
no problems haha 

* Sharing Infrastructure
  * Why aren't roles shared more? What makes you not re-use roles?
  * What would make roles more feasible for re-use?
  * What are concerns around sharing roles across coops? Blockers?

# The Ansible Project And CoTech

* https://docs.ansible.com/ansible/devel/dev_guide/.
* https://github.com/ansible/community/wiki/linode (example of working group run with Aptivate members).
* Why is this relevant for Coops?

# Meta
* https://community.coops.tech/t/cotech-gathering-ansible-and-shared-infrastructure-session/1107
* https://wiki.coops.tech/wiki/Main_Page
* https://www.meetup.com/Ansible-London/events/254878934/

__NOPUBLISH__