ANSIBLE + DOCKER MAKE CHEF AND PUPPET 100% UNNECESSARY

John Minnihan @jbminn

why listen to me?

INVENTED HOSTED REPOS IN ’99CREATED LOTS OF INFRASTRUCTUREMY SYSTEMS MANAGE 2B+ LOCCAN JUMP A MOTORCYCLE 75 FEET

I noticed an increased number of mentions of Ansible + Docker.

SO I DUG IN.

‘Ansible + Docker’ queries have gone from zero to lots in 6 months

Docker + Ansible took off like a rocket delivering groceries to a

spaceship

why?

THAT’S IT.

They’re easier to use and produce portable & immutable outcomes.

(ssh + LXC + cgroups)

With the advent & quick rise of Docker and Ansible, engineers can now configure an environment once, save it into a container and rapidly reuse that container hundreds (or thousands) of times without additional configuration.

When additional config is necessary, for example for run-time changes that can't be preset, Ansible can be used to accomplish this with lightweight data description files requiring nothing more than ssh. This can be done either to the container's dockerfile before it is launched or can be done inside the container post-launch.

The need for complex client-server-agent arrangements like those in Chef or Puppet goes away. Chef and Puppet were great transition schemes that bridged the config management gap, but that gap has been firmly + completely closed by Docker + Ansible.

But what makes Ansible + Docker’s emergence an inflection point is what’s also occurring in the Chef + Puppet user

space - right now.

This talk could stop right here.

“I DIDN’T SIGNUP TO MANAGE MY MANAGEMENT SYSTEM”“WHY DO I HAVE TO KEEP UPGRADING THE AGENTS?”“SPINNING UP VMS TAKES A LOT OF TIME & ADDS NO VALUE.”

“CAN’T THIS BE RUN ONCE & JUST WORK EACH TIME I NEED IT?”

“I NEVER DID GET EITHER CHEF OR PUPPET TO ACTUALLY WORK.”

what people are saying

show me the codethere are 38,000 tutorial results for ansible

and 394,000 tutorial results for docker

….and there are 6 talks here at Gluecon on either ansible or docker or both.Seek out the data + make an informed decision.

here’s what I think is important

THERE’S A LOT OF WORK JUST GETTING CHEF OR PUPPET FUNCTIONAL

chef server install page:679chef client install page:1569

WORD COUNT

ansible install page: 145ansible client install page: 0

TO INSTALL ANSIBLE, CLONE THE REPO + CREATE AN INVENTORY. YOU’RE READY TO RUN AD-HOC COMMANDS.

TO INSTALL CHEF, DOWNLOAD THE RIGHT CLIENT + SERVER INSTALLERS, INSTALL THEM &

THEN WRITE A SCRIPT.

THERE’S ALSO A BIG DIFFERENCE IN THE DESIGN PHILOSOPHIES

ANSIBLE IS AGENTLESS. IT NEEDS ONLY SSH ON TARGET SYSTEMS TO FUNCTION

CHEF + PUPPET EACH REQUIRE SEPARATELY

RUNNING SERVER & CLIENTS BEFORE ANY WORK CAN BE

DONE

ANSIBLE’S GOAL-ORIENTED TASKS ENSURE WORK IS COMPLETED BY ENFORCING STATE.

CHEF ENCOURAGES IDEMPOTENCE, BUT IT DOESN’T ENFORCE IT

ANSIBLE PLAYBOOKS ARE SIMPLE DATA DESCRIPTIONS OF YOUR INFRASTRUCTURE, DEFINING THE DESIRED END-STATE

CHEF RECIPES ARE RUBY SCRIPTS. THAT’S NOT A BIG DEAL IF YOU KNOW

RUBY.

what about docker?

EVERYTHING REQUIRED FOR A CONTAINER IS IN ITS DOCKER FILE, ENSURING A BASE STATE THAT’S IMMUTABLE

CHEF DOES NOT PRESCRIBE A BASE STATE. SYSTEMS CAN DRIFT IF TARGET SYSTEMS

ARE EVEN SLIGHTLY DIFFERENT

DOCKER CONTAINERS SPIN UP IN < 2 SECONDS. NEED A CHANGE? BUILD A NEW CONTAINER.

VMS TAKE MINUTES TO SPIN UP

If you remember nothing else, remember the next two slides

BLAH, BLAH, BLAH

ANSIBLE IS AGENTLESS

This is a huge, game-changing difference.

DOCKER CONTAINERS ARE IMMUTABLE &

REUSABLE. Build once, run anywhere. Really.

references• Why Docker? Why Not Chef? -

http://blog.relateiq.com/why-docker-why-not-chef/

• The Walking Skeleton with Docker & Ansible - http://continuousdelivery.uglyduckling.nl/docker/the-walking-skeleton-and-docker-and-ansible/

• “After 4 years of heavy Chef usage, the infrastructure as code mentality becomes really tedious.” - http://thechangelog.com/ansible-docker/

• “I've used Puppet for over a year, and prefer @ansible after one afternoon.” - http://twitter.com/opdavies/status/448753755983736832

• https://twitter.com/jbminn/favorites - login to twitter to see those

THANK YOU!

John Minnihan

Founder, ModernRepojbminn@modernrepo.com

@jbminn

QUESTIONS?