10 May 19


good afternoon Drupal Delphia this is the session called a ansible and clown api's how we use Drupal to manage

our entire platform as-a-service really excited about the stock so the

The problem

problem is that creating service is really easy that's the problem right you got all these ways to do it it is

actually really easy press the button or use the API and you get servers but configuring them and tracking them is kind of hard right you have to do more

thinking about that and there's a million ways to do it so there's solutions there's a couple solutions you

may have heard of this is a great graphic I just found there's other ones about like that see the cloud for

foundation and stuff they put together there's millions of companies and tools and all sorts of stuff to like manage

your your DevOps but we think this Drupal thing is really cool way to do it and centralize all of that because you

can plug anything into it so Eggers is 11 year old Drupal hosting system right it's in this runs in Drupal

7 a host Drupal 8 but with ansible it's got exactly the right structures for

managing and ansible inventory this is what ager looks like super pretty uh but

it's old and it works this is just lists sites but it also has servers so I couldn't open def shop on top of that to

make it more like developer friendly it's got like git push work clothes and stuff like that it's really just a hater

under the hood though right so both systems leverage these concept of servers there's server node types thanks

and each of those these are just notes okay and there's each each server lists

the services that it that it's running and you give it enough information and it can verify that that thing is working

so you go to create a server you punch in the host name you punch in the right username and password when you select my

ex-girl you put in this information for apache and if you put in the right

information the verify task the task system maneger runs on the backend and then does the

job and it has no logic the code has the logic to see if it's working so like to see if it can access that - ql database

then it can create more databases and it can do and if it can write your certain folders and run this apache command that

this site can then reach more Drupal sites so that's what like server verification does it just verifies that you can access it and that

the connection credentials are correct and you get this basic UI which is just a Drupal site where you can see like

green verified server or red if it fails and then you can have these different task types and like other information is

just a Drupal site so and it's really persist admin so they don't really spend too much time on like amazing UX it's an

open source project so the old way of doing things with eager with anything else really you kind of have to manually

set up your server and then you can kind of plug it into eager and get it automated like I just said you have to put the password in you create the

server you install all these packages there's Debian packages and other ways to make it smoother but you still kind

of have to do this terminal work on the terminal first before you can kind of get that server right then once you have

that information that's why I created this like big ugly blue message on the create server page because up until I

did this Aker itself didn't have any indication that that was true and as a first user of ægir you would just see

server hosting and be like oh great I'll punch whatever in and then it would verification would fit you'd be like why did that happen and you go through this

learning curve or thinking how it worked the point is you have to do it backwards you create the server first you create

the database server the password all that stuff and then you go to Hager and then the verified turns green if you put

the information in there properly so we're like okay this is there must be a better way this is very tedious yeah

yeah so you think this has to be in two separate servers so no this is all one this is actually on one server this is a

gherkin run a single server but it it you saw like these local hosts or

whatever is that why you're asking this is all right now this is this can host maintains itself basically okay so yeah

these server nodes represent this server this site is actually running right ICU okay so the so it's trying to see

whether it can build something on a separate server it starts out on it on it selves a single server and then you

can add additional servers which are remotes do you know that's what this is yeah this is a secondary road so it's

optional like it starts it starts with a single server setup and it can configure itself and put as many sites on that

single server as as you need that's it and using virtual hosts and databases instead of doctor no you know no

confusing stuff just basic raw services right so again yeah there must be a better way

Puppet Ansible

right and so we've been doing this a long time I started going with chef and puppet ansible is great again it's a

drupal module so it doesn't really matter at the end of the day these are all the ways you can make servers but here's how you know if you've used

Drupal VM you know you know Jeff's work Jeff made an incredible amount of an thermal rolls for like just about

everything this is not even I need to search for him you go to Anthony galaxy and he's on the first page right so any

of these rolls are great we the Dru VM uses Apache PHP MySQL DEP shop uses

those plus a couple more just to make sure these is an eager user is in place so they can do some of the self automation stuff ansible really is still

Getting started with Ansible

just a tool though right you actually need to go to the danceable Docs and go to like starting with the basics it's

like relatively simple but once you kind of get deep into it and start using these roles you have to kind of go through all these steps to actually get

it running unless it's in the drupal vmware it's just like vagrant pop or something else so you have to kind of

understand the concept that there's these roles that are like Drupal modules up there that Ansel galaxy hosts you say

download them you have to create a playbook create a VARs file you run this command and hope it all goes well and

keep doing it until you kind of get used to it this is example of a playbook right this is right off the Jeff's documentation

page so it's still kind of this manual process and Sable's great but you still

have to maintain this ya know file and kind of you know remember the commands and there's a lot of options to the

commands like it's more playbook so there is still a man it's still relatively manual process even if you're using ansible there still must be a

Why Drupal

better way right so a couple of years ago this is actually two year old code is Egger ansible stuff i presented on

drew and in philly can't till they meet up three years ago paper and drupal

would make a great platform for managing these inventories all the information we needed was already there both to create

servers with the cloud API is that all the providers provide not only do they provide API is like I know a google

packet you know oli Amazon they all of you guys they all know PHP libraries that make it super easy to

so all we have to do is load all that stuff into the one thing we created these two sets of modules that work in concert to do complete and total

automation from scratch why does this make why Drupal make a great ansible inventory well oh yeah sorry okay we're

getting that second cuz it's more complicated we're stuffing the cloud stuff okay Agra cloud instead of

selecting database boom you got Drupal code this is just forms API and a little PHP magic you selected emotion it knows

the regions it knows the images the sir sizes you get a user interface you choose what you want and you hit go

crazy server super basic code to make these things possible so digitalocean

packet SoftLayer I've already done anybody else can help come in and maintain these things for other systems

like we note or Amazon super easy classes the forms is just Drupal seven

Drupal Forms

forms API right each provider has slightly different options for region or image order they'd call it a different

thing we can just just customize just that piece for that provider a method

for destroying server is like super simple this just loads the droop the digitalocean API calls - delete and throws a drupal

error a triple for mary if it doesn't work so all of this stuff works in

concert unless you can even enable multiple cloud providers on one host I didn't here it's just a dilution that you can enable stock layer and tuck it

in other ones to have the same site create servers in any of those providers yep so I don't have to go in to do oh

yeah I'm not yeah I should have I should

have done that full yeah you're good it

pings API and that comes back and tells you like if there was something wrong and it's an increase of server on the

backend so the settings page basically but your token in you can check this box

it like I put code in there to create destroy DNS record so you actually aren't access it with the real domain right away and then these are just the

faults so that when you go to the forum create server these defaults are the ones that are um the SSH keys thing is from

digitalocean and every other most others they're like what SSH keys do want me to put on the server as route so I just

check that box and I have access to all my servers right out of the gate and when you're done it runs this verify

task a Gers task serve these all funnels but useful tools I just hook into that

it waits for the IP to come back from the API it waits for the domain to validate it waits for every step you

need DNS and it waits for SSH and then once that's done bigger ansible comes

along right so we save the options that you selected and we save the data that

comes back from the API so like we have the digitalocean ID and whatever data comes back from their api we just save

it so it's pretty simple to kind of it's arbitrary right but every every system

you pass options and it gives you back yeah right now like I said these are the

three support if you would like to support more we would love maintainer xand backers or you have an open collect

like I said they're just like Drupal modules but it's really you kind of have to maintain them long term if you have

to be using this cloud provider so it can be a challenge to maintain like all of the cloud providers and every the first one everyone asked for of course

is Amazon but you look at their API feel like one of the most complex API secure are compared to the rest of these so I I

have and there are other tools that actually run Drupal and create Amazon servers like there's a model called

cloud that is now being maintained we maintained it after many years so once


that's done what do we do we decided we've kind of set on ansible it landed on ansible for the best way that to

configure these servers right and why this is the Egger server page i want to

get rid of those big X's and look like there's something wrong but it just means they don't have those services but look we have the inventory of service we

get the list of servers but list of post names and ip's isn't that all so we've got we got the roles ansible roles we've

got variables like we're already doing this this is ten year old code this forms a PF right we store the username

and we need from the variable later we got roles and variables we've got playbook runs a

history of playbook runs drupal of major tasks are just nodes and they're stored forever so you delete them right and not

just the what ran and when but every log output is also stored in there so you can go back and view them just like

Jenkins or whatever else you might be using like this we've got real-time color output so there's logs playbook

run status and history so you can see if it passed or failed it bands very handsome old every ansible playbook run returns an exit code if it fails or

passed and it's all yamo like everything is yellow so this is perfect fit perfect

fit for between Drupal and kind of ansible management this is getting a

little deeper but this is where some serious magic happens inventory and answerable is this thing where you have to maintain a list of

your server somehow right you can dance was like two or three different formats there's like an indie format and I think

there's a yamo format but there's also a remote inventory function where it will actually people can write a plug-in

wherever that script returns in this form if it returns it in this format in Jason then that works as well there's

Amazon plugins and other things we are providing it at remote an inventory over Jason then you can pull from anywhere so

we can run commands I'll show you the command in a minute I gotta rearrange slides a little bit

yeah vertigo over that stuff okay so it's a set of modules services are pre-configured for Aker like get it to

Aegir Modules

work with Apache get it to work with the database you just select Angela MySQL and look and when you configure

automatically instead of having a text field for the root password it just generates it and saves it in the system and provides it as a variable to the

role same thing with web you used to be able to used to have to type in the reset command and save it there and hopefully

the restart command worked but pseudo but this time it's configured automatically except port you might actually want to

end at the port so we leave that to be editable for our users ansible roles allows you to add any role you want from

Ansible Roles

the galaxy in the Drupal UI you go to the settings page you click add a role you type in the name you can even type

in a different get URL for the source of the role this is ansible roles remember this is like the role of the server I'm not a

Drupal all typed in the version and it maintains a list in the drupal site and it automatically installs those on the

backend so you can just check boxes when you create your server so what do the

different checkboxes do it depends so you and I got github users these like

you would see here link I dot PHP for example these are like public roles from ansible galaxy which is like the Drupal

network of ansible so there's public roles for everything and Jeff is known for like maintaining them top-notch

right so github users is really cool if you piped a list of github user names it

automatically creates a user on the server for every github user in that list and it automatically puts the SSH

keys all your SSH keys from github on there but each of these do different things this is this is part of our

platform as a service so we added these extra role so that every customer server automatically gets me gives me access as

a systems admin with this dot security it automatically adds a chinga and it

sets up a whole new dev shop ansible variables is another module where it

Ansible Variables

simply provides a text field to lady add additional variables for each server and merges that with all the other variables

that get created from this whole system so that when you go to the server you can very easily click Edit on the server

node you scroll down you type in whatever antal variables you want it validates it

on the client side is valid yamo so you can't submit bad Hamel and it also shows you the existing variables that were

generated from all the different roles that you selected thanks to them

really powerful are really easy to override stuff and all of like angel' variable is a common system ever you go

to the documentation of any any role on galaxy jeff's are the best you'll see right on the readme is a documentation

of all the different variables like memory limit clearly everything is in there available for you so it's really

quick and easy to customize that stuff and then this is the dynamic inventory I mentioned earlier and yeah this is more

Getting to the Server

detail so this is a really cool thing because some of the hardest stuff is

like yeah how am I getting to the server to configure it to say someone's got like firewall you can run ansible

anywhere and load this Jason over the web so you can run your egg or a dev

shop somewhere and then call ansible from anywhere that can get that inventory right so what you do is you

Server Configuration

set up this host file to be a script and it actually does it curl and get to the head Jason then spits it out so we're

gonna use this for that our clients that require us to be behind firewalls or behind VPNs for example so that the

servers will be able to configure themselves based on the information of a site outside what we're thinking is have

like basically around around agent like Ansel doesn't have its own agent they just don't that's not their model but

this way we can yeah the server's could check in with the with the the master server essentially load the load their

inventory which contains like memory limit what users should i in i'll all these variables can pull it over the web

and then use that to configure itself so this is kind of like a running like a benevolent

you can use it for anything yeah yeah yeah you're really good yeah the point is like I said you could centralize this

inventory have these servers kind of pull football from the same place because that's kind of a challenging

thing is like you can because you can run ansible on the master you can run anymore on the on the unit itself you can run it anywhere it's just a command

it's really simple to use and you there's options for what user you run as so deciding like where is my inventory

gonna be is kind of the first step you figure out when you try to actually put go to brushin like where's our source of truth for the system this becomes the

source of truth for that yeah exactly a phantom tower my puppet master our

Foreman or whatever these like central every automation system as something like this what I turn Drupal into that

and so even the ansible thing is just modules right the server nodes are abstracted from that so if we wanted to

write a your puppet or regular salt which actually looks really cool salt looks amazing we could do that and

basically once you have this dynamic inventory set up you can just run this command ansible without telling it the

inventory option and it'll load up that stuff remotely and run against all those things so if you you can still use it

with command line and do all sorts of stuff with the I mean this ansible you

literally can do anything basically and it's all just server notes these are

Custom Roles

all just drupal notes so in our use case like our back-end dashboard for dev shop

cloud or we want to fire up new servers for customers really quickly there's some custom things we want to put in

there for ourselves like our a Chango hosts our list of users right so we

wrote a custom module that's private codes not open source because it's just for us that simply alters the node alters the

variables and sets up like the security for the Guerlain guys security role

it sets up these super admin users for sudo where's password lists

that gets loaded into the node which gets piped in the inventory hundreds it so super gives you to kind of customize

and also have like pre-built stuff already in it this is what I was talking

about the github users role is awesome all you got to do is provide these to

this little list of users given this example is overly complicated see just fat pot I just put - John Q - whoever as

soon as you run that provide yep username keys github that karma slash

username keys list all your public keys with all the extra info scrape also so

you don't see the name or anything it's brilliant like why aren't we doing that for everything you know I instantly

get access this is at this role to be like I actually said this world to be

second I said that Zynga role to be first so I get graphing as soon as possible and then this role so that like

seconds within a minute or two after that button is pushed I can log into that server from all of my laptops yeah

because it pulls all of your public keys from github and puts them all in the authorized keys for that user so it's

great because I basically can add them I have a master list that's just your github username if I put you in that list and run verify

across all my servers you instantly have root access to all my servers SSH which is what the IT admins actually need to

get in and when things really go wrong right last module is just a simple playbook it allows arbitrary XML

Run Playbook

playbook commands to be run you just click run playbook take the name and this is like if you're a really used to

the XML stuff you can punching very specific things here

and that's what you know that's what the run looks like

so yeah I was like 60 slides 80 actually what we're gonna do now is kind of play

with it so but I can kind of break for questions but basically what is our platform right def shop is is the CI

open source CI for drupal right it's open source Acquia cloud or Pantheon we

provide support agreements and we are starting to sell servers through both a support service called snapshot that

support what you host your own you bring us the servers we plug in and monitor or we also you can press a button and get

your own server without having a second bill and having to have your own basically our back-end uses all of this

to fire it up and I'm after I leave it a couple seconds for questions don't kind of show show how that works

no questions don't so you grabbed a

What is Ansible

purpose I don't have much about it in school and yeah and so the instable I

feel like there's a split where there's some things like maybe salt that are

more like remote command tools and some that are like puppet where is actually

explicitly designed to be this kind of

yeah it's kind of in between really it's like it is just commands

it is all just coming up this just basically allows you to it's just running that stuff over SSH and it all

boils down to like it just generates these shell scripts actually each module just ends up generating something but if

the inventory systems I think that make it really cool and allows you to like you could run ansible playbook web

servers and it would run against without however many you would have it would run against Oliver yeah it's kind of but and

then the ants will fake you say hey I've got this team to the DNS server and fit

up these zones and then it kind of trans excited to okay but well and this would

you like puppet if I go in and edit a file puppet manages puck will be like hey I'm gonna like put revert that pain

right it's like a staple yeah yeah it's a little like a I guess it's kind of

grown in popularity because it's not it's flexible it kind of can be used in all these different ways yeah you would have to you run the PlayBook and when a

change happen this basically is what has to put you have to do okay there but I need people I think people do that check

the state of all the systems and Roberta do this I mean it I don't know I thought

is just playbook and it's a play by friends but there's probably tools in there for just about everything

yeah anything well that's the point like it's

just me here DevOps feel like I don't want to get into that I want to learn ansible I want to look it's very it could be very overwhelming and like

having to do everything by hand it can be very tricky so we're trying to kind of just make it easier thank you

so I know that with a girl and I've never installed it yet so but you know I

know that like you create a platform you said this is the version and let's say I make module updates and I say anymore this to hear and then you hit a button

and that's that for you does that also do pepper with the server so like let's say I need to upgrade from PHP seven one

two seven two I can do the mic I can do that in the ansible playbook fun stuff yeah essentially every time in one's

playbook like it reads the inventory so sometimes you can just change the variable for those of those Deerling

guys playbook there's just a variable change the PHP version yeah it's

basically will you talk with there's a verify server it's a verify server task compared to what you're talking about is

is not even in this talk right now is the platform's insights part of the

Drupal deployment part of it those are separate node types that link into the servers to say - but basically the

server's can run and verify completely separately from that so the playbook

will update this the server from my PHP seven the can't that's what yeah


oh you want to see some women in action

all right so if you go to our site I've shut that support it's just a basic like landing page producti page you can click

connect with github to sign up I'm just gonna log in here myself I already have

a team but if you've never been here before you add a team first and then a server so but I already got one so I'm

just going to add another one keep it under this team Billy right so this is

the actual like what you are going it still needs work but this is what they use you're gonna sign up and actually

use once it's fully automated and kind of choose the size your droplet here all right I'm still an admin so I think I'm

seeing some extra stuff but it's fine alright so coming up got a license key

here and basically it meant pings are back on which has all the cool stuff

that I talked about today right this is the list of our servers I

want to go to ad server

this there's already an API for this and that's how it's going to work with our front-end site pings list but I want to

show you how we do it manually I pick this host name and that's how it knows

what dns account to put it under choose digitalocean it's already preset and

then I choose my special role because this what I'm actually doing here is

creating a whole nother DEP shop server like this is one dev shops over there creating another one so I'm not even

bothering with like the built-in web or database stuff for agar here I'm just I've got my own custom one and yeah I'll

show you kind of the source

it actually lists the rolls hmm yeah

totally I'm gonna to scale it so with a custom module I can say easily modify

the list of rolls and stuff so that I don't have to remember to check all these right so my platform by checking

this one automatically sets all the other rolls put my license key in there this just this is custom code that just

saves it look pipes it into the instable variables and that's all I got to do I hit create server it pings digitalocean

that's why it takes a few more seconds wait for it to come back make sure the API worked and then there

it is so there's the digitalocean ID and all that stuff the verified server task is queued and already running if I click


kickstart a quick toying around with it today

again this is our back end platform so it's a lot more complicated we don't normally have to do it do this there it

goes okay there we go so the server droplets already been created but it may not have an IP address so we wait for that and

then there it is and then we wait for the API to return active droplet and

then we wait for the DMS and then we wait for the SSH and then sometimes it actually just hangs here and sometimes it just works and it just worked so we

took all the data in the Drupal site we render an answerable playbook dynamically so at the end of the day

you're still getting a playbook file and a variables variables coming dynamically but you could do you can put variables

in the playbook all right it tells you where it saves it so that every time you can just kind of edit it and then there

goes it kicks off this ansible playbook call installing the achene gonna

packages cachinga is a hero Nagios it's a mockery

it's a giant yeah it's a very complex monitoring thing but basically this serves as an API the server's get can

link to it and it starts sending them sending them information and as soon as that happens the chinga feeds target

fauna which feeds to these and the load we're already getting a load load report

so Ginga this is our part of our cloud basically there's a Ching go there's your fauna there's like graphite there's

a client yeah there's there's packages it's called monitoring plugins on the server that monitors all the different

things you need so we're able to give users disk usage and load graphs and

there it goes so you can send see the answer though there's a disk disk space so that's why we want that to be the very first thing so the users get is

quickly get as much feedback as they can I can have this H in now as my username

so this brand-new droplet guess the name

is this when you drop it and I don't have to do anything it's going through my rolls and installing

first and installs giving guys because my role depends on that role uses the

same apache setup that Drupal VM uses installs everything it needs to anywhere

I'm run Drupal and also in this

particular server run adaption

so it's like that's it just sit there and wait see these variables okay this

is my module telling like Ginga is hard-coded like the IP with my custom

right one so at the end of this process you're going to be able to log into Philly dev shop and see this whole yeah

so this thing just build itself so we've just built a new dev shop server this is

our central master it creates new droplets and installs in our case we had salt dev shops on them but it can us all

any role any role right you go put in

these things and then I have and then I can create on the servers well yes we

can actually but yeah we're that's why I feel that's the tricky part how do we

write you could you can create other remotes yes exactly and that's kind of

what we're thinking we're thinking of pivoting the model but this is not a little bit because you can run this stuff on your own service totally open

source what we're thinking of doing is basically you sign up you get we host

the Deaf shop UI and then you can if you want to go to a secondary remote you put

it in your API key and you go from there so essentially it's like a base price for that and then you can decide on your

own like how how you want to scale yeah if you want to go live you add in and up you have to add in your own production

server basically but there's no config you just give us the guy key and then we take it

any questions while this is installing

this is so yeah we totally need me like it's a

community effort you know this is a Drupal thing it's in Drupal 7 we definitely need to figure that out a couple of years so the difference

between this and anger is that this these are just add-on modules for Eggert yeah and it contains the logic to

install not just like not just verify that the server works in Dickens it can

install by Anna doesn't have code to install itself right it basically they

maintain a debian package to do it so you still do it from the command line so it's a little bit easier but it bigger

is does not by itself doesn't contain the code to configure others to configure that the server's directly

other than the Debian package and we

maintain and install a sage script that uses

same thing so saves the license key so this comes from our our variable that license key look at that it loaded our

users it checked back and if we go back to this will see coming up goes away

last update 12 seconds ago and the every individual dev shop pings us basically

every minute so we know they're online and this is the payload we got coming

the dev shops and that's it complete

it'll take a few more runs for me to be able to login because then the dev shop server takes over actually and does some

more verification of itself but yeah once this see the let's encrypt didn't

finalize yet but it will and

when you twenties or yep I logged in

before the role ran actually so the auto-update role runs

so the I mean it doesn't happen instantly but you can see the numbers did change we've got more security updates so that

gear any guys here any role that's what it does I'll show you

yep our custom module put that one right at the top right next to the inching the other one his readme is very very clear

you're still responsible for security but basically this role does a lot of

good stuff like if selling fail to ban disable root login you know like you

change one variable from yes to no and they will disable root login and only allow those users to log in setup

automatic updates there are some other things you might want to do what we do I

think this one securely configure user accounts I'm actually going to point this should link to the github one because it again those two roles

combined make it that's how I got in there and not only was able to SSH in

with my new user like a sudo as well

see so now I have this special user I don't have to put a password so you have

to maintain your passwords only like

what SSH port should be on and what would we use it them to but you can

these most of the roles work in Red Hat as well which is another but this is

kind of why we like it because it's like you can use these tools on any type of server like you're not locking yourself into doctor you're not locking yourself

into any particular provider or even the operating system you're using like most of these our goals were concent OS 7 you

know Red Hat and and also I Mattoon Debian because people have Red Hat

licenses like it depends on the roles

some of them our roles are built in just the techs it detects it and when works I

think most of Jeff's do too yeah yeah

yeah see the see the Debian RedHat so this one homie runs for Debian so to

changes the package name this one only runs for Red Hat and you know I'll show you how it does that include OS specific

variables very easy this is why ansible is amazing right these are default variables it has from whatever system

it's running on so you can know you can use that too so that it's only including and tasks as

well say so it's only loading fail - man - Red Hat if both this variable and the

family is right now so if you kind of right here that's what I mean one reason Jeff so amazing is like these he got

these things to work on all of them he saw testing and all like you go look at the Travis tests they tested all these

different OSS okay and that's the only reason he's able to even able to do it because it's not like he knows where is

he's just in genius so yes I guess yeah but yeah the best I like

puppet knows all that stuff from back end you like install this package that already it maintains its own West yeah

no this is for all different operating systems you have installer package what yeah I didn't know that principal it is

cool I mean again it's a different it's choice yeah do you like I want to run this command by itself you have to have

some other tools to do that so yeah but I give you a people want this as you can do all kinds of

orchestration that's cool feature yeah

southern theater

if such a deep ugly thing one total

automation so I think there's always a cemetery

so funny it's like for things that may cause the full total automation to fail

and they're all different and they all have been randomly but I know what they are like the SSH sometimes hangs like

you know sometimes hangs and kind of have to keep going back to finding ways to mitigate those little education it's

a four sentence tasks around it should fix this or so

so there you go it's a deaf shop server it actually kicked me out and log me back in using

cast so I guess cats working now yep

there it is SSL casts is a single sign-on system so I can click this see the step this is

kind of an example of a activated license of a deaf shop server license as active it shows my using my my central

sign-on with leezar I can click back and go right back there see filly and so there's the fence and I

click this and then boom boom boom and I'm in so when I log out for example like I'm blocked out from the whole

cloud and so this is the front logout front page of deaf shop but when you

enable the license you get these two buttons instead of a user password you can login directly with one actually

this won't let me because I'm not an access with that account if I click that login with John I get sent right back to

the Philly - shop yeah

that's it we're just gonna talk about that I'm not gonna talk about the rest because that's plenty of sessions on

deaf shop and creating new things but there are some cool new features but I'm not going to digress too much 45 minutes

Oh actually I know what did you know remember I said managing servers is hard

what happens when you've done with it done with it I don't want it anymore I

go to the server I find fili look delete

server [Music]

did you see the IP address is there like acres stored IP addresses in a field for 10 years so another reason this is like

such a perfect fit of a tool I click run on delete and sure you want to delete

this will be completely destroyed everything on it provider post name IP

address this is a link back to the droplet if you really want to be sure it goes to the API right so delete the DNS

records yes please all of these were created oh that's from earlier look at

that okay delete server that's it this is the API

destroys the thing and it's going if I go over here

I haven't seen it happen always but Drupal generations API will actually pop

up a window that says droplet destroyed without you doing anything but I guess

sometimes it doesn't actually do it oh no this is really proud it's already

gone that's a different server no they totally don't charge you for dns yeah yeah this is really proud this is a

different server so it's not there no no

more sir

do they only give you they'll only give you dinner comes to like you gustas tu' their idea present is no please use it

free if you have an account you can use it even if you have a droplet actually yeah networking I have a ton of domains

on it with IPS anywhere both of the locations ticket I would assume

I'm not sure where the DNS SEC like I knew that

yeah it may be something signed up

oh I mean they support all kind all the DNS I'm not sure

so that's our talk it's a big effort I want a left update at the Drupal 8 we

but it's like all community we should all work together they're making it happen but it works they often said we

got two years but you saw those that's classes it's really odd but think like

we need ya back you need like you know big companies that help start using this thing make

music we centers good front-end - boy

what about the Tigers I'm just gonna be usable that's the whole provision

discussion that I'm I created a new CLI back in the existing the courage and is

drush commands trophy so yeah that too but that's a lot of that I've done

already with the provision next version provision but there's a lot of other

it's a very big backlog but the provision for is perfect on set it works

and the next the next mother so I'll get back to getting a ager for working

prototype because I have I have gotten it where you see the provision for back in and in the Agra front and the current

in front so they can kind of step by step

cool well that's the talk for some more questions we can call it get Nam you

said if you added something public user they now have access to all of this stuff so if I'm so if I'm a dev shop I I

get a higher new person I want him to now like be able to manage all of our

sites right I just had well that's if you wanted to have like SSH access so he

has his user as a user with his name like damn shop has a separate UI it's

not it's a logged in serve any server

yeah the server's themselves almost that's a server layer right yeah everybody using like WW data or right

well right they can access agent as yourself and the role even has a list of users to remove so when that person

leaves you have to keep that person's name in there so ansible knows to remove it maybe that's another thing that comes

in handy where you're like I don't know how that they handle right but you have to like yeah in order to remove the

account you have to maintain that in a separate list [Music]

yeah you might have its Gotham is disabled there's something like you might include a bed some iron it

basically say feathers person off but with the with the deaf shop cloud

support portal you can log into the front end with github with like the clicking you need to click log in again

friend of mine is using it for some orchestration

and because it was like every 15 minutes to make sure everything is up to date if

you lose someone because they're not on the list they get wiped out although people are

current with it the downside is that every 15 minutes for about two seconds

you can't log it at all because the entire yeah which is not a big deal

except you don't seem to do I call that I don't have a name for it that I should

coin a term the amount of time where you aren't sure yet if it's like your computer or the Wi-Fi or the internet or

the global internet like there's a certain grace period in there well you're happy to hit reload once or twice

and not really be concerned right yeah well if it's than that you're okay because it always could be something

yeah all right thanks for coming

English (auto-generated)


The Aegir Hosting System has been used for hosting thousands of Drupal sites for over 11 years, using Drupal as a web interface for managing your servers and sites.

In classic Aegir 3.x and earlier, you still need root shell access to install and configure a few things before Aegir can work.

in 2016 I set out to solve this by creating server configuration tools in Ansible and integrating with Cloud server providers like DigitalOcean, Packet, and SoftLayer.

The result was the Aegir Cloud and Aegir Ansible modules.

Now with a single form from node/add/server, you can:

  1. Create a cloud server instance with your choice of data center, OS, memory, etc. and automatically authorizing the Aegir user's SSH key. 
  2. Select the services you want installed, like Apache or MySQL preconfigured to work with Aegir.
  3. Add custom Ansible playbooks to each server.
  4. Add custom Ansible variables as YML into a simple text field. 
  5. Automatically discover the server's IP address and set DNS records for the server's hostname.
  6. Wait for SSH access via root.
  7. Run the chosen Ansible playbooks with the generated and manually entered Ansible variables.
  8. Get a Red or Green or Orange result if any of those steps failed.

Come to this session to see how we are using this combination of totally free and open source tools to power our platform-as-a-service,, where we create and destroy DevShop servers on the fly.