Hello everyone and welcome to TechSimplify. It’s been over 2 months since I started TechSimplify and it’s been great and I can only hope that you guys are learning and enjoying the different content. Today we are going to take a peek at yet another tools for configuration management – Ansible. Few weeks back I shared a post about Chef Automation, another configuration management tool available is more or less similar to Ansible. I would recommend going through Chef Automation post before proceeding. Ansible was released in February 2012 and developed by Ansible, Inc. (originally AnsibleWorks, Inc.), which was later acquired by Red Hat in October 2015.
Why Ansible ?
One of the major reason why Ansible is growing fast and gaining popularity is the interest of Red Hat. Apart from that another reason is, Ansible is very simple to get up & running. The integration with your existing infrastructure is smooth and easy. Anyone can use Ansible, you do not need a dedicated experienced System’s Administrator. Ansible is agent-less tool, which means that the target system does not need to have a client installed and configured unlike Chef, which needs chef-client to be installed on each and every target client to work. Ansible has a large collection of modules which can be leveraged to perform automation in the target OS. To execute programs created by using modules to perform some task, Ansible uses SSH to deploy and execute commands on target machine, hence it does not need any additional protocol or agent on client side to execute any and all code on client system.
How Ansible Works ?
Ansible is simply an IT automation engine that automates cloud provisioning, configuration management, application deployment, intra-service orchestration and many other IT needs. It is agent-less means no agents are needed on client system, no additional custom security infrastructure, so it is very easy to deploy and most importantly, it uses a very simple language YAML (Yet Another Markup Language) in the form of Ansible Playbook’s, which can be leveraged to perform any and all sorts of automation in your infrastructure. Ansible does not have a series of step or functions or procedures, to understand better, we will take a look at its major components and how it contributes towards automating process in our infrastructure.
Ansible connects and executes programs on remote client system known as “Ansible Modules”. These modules represent the desired systems state. Ansible then executes these modules on client’s system, once the system is in desired state as per module, ansible then removes the module from the client system.
- SSH Keys
Ansible can connect to remote client system via Password or SSH keys. Passwords are supported by Ansible but the best way to operate Ansible is to leveraged SSH keys via ssh-agent. Kerberos are supported as well. There are many ways to use Ansible. Root logins are not required, “sudo” or “su” can be used.
Ansible uses INI file, which keeps a track of all the machines or systems that are managed via Ansible. These systems can be placed under groups which we can choose. Once done, we can trigger any module for execution on multiple system by using the group name. A system can be on one or more groups at a time. We can add new systems to the list as and when required without any SSL signing server. The server can be sourced from different provider like Amazon EC2, OpenStack etc.
- Playbook: Simple, yet Powerful Automation Language
Ansible’s Playbook’s approach towards orchestration is based on simplicity, as any code should be, one of the major benefits is that it makes perfect sense to any one looking at the code, even several years later. The syntax is fairly simple and is similar to English language. The application of Ansible is huge, here are some examples.
1. Take machines in and out of Load-Balancers and monitoring, maintenance windows.
2. Get information of a system such as IP address and other relevant details, and use them to create a config file dynamically.
3. Set some variable (local or global) for other system’s application to use, we can also set some default variables, if not set already.
4. Use the output of one command as an input to another.
- Ansible: Modules & API
We can write our own Ansible Modules, modules can be written in any language, the only requirement is that it should return JSON i.e. Ruby, Python, Bash etc. There are Python APIs for extending Ansible’s connection types, callbacks and even for adding new server-side behaviors.
Ansible for DevOps
In today’s world Developers spends way too much time focusing on tooling required to deliver capabilities and not enough time focusing on results. The Operations need technology that can be used across many groups with different skill sets. The developers need to respond and scale in pace with demands and the operations need centrally govern and monitor disparate systems and workloads. Ansible assists to address both issues. Ansible –
– Accelerates feedback loop.
– Reduces shadow IT.
– Provision systems faster.
– Discover bugs sooner.
– is faster, more coordinated and ensures reliable deployments.
– Deploy automated patching.
Ansible ensures complete IT Automation. Ansible seamlessly unites workflow orchestration with configuration management, provisioning and application development in single, simple, easy-to-use platform. Regardless of how and where you use Ansible, you will realize that Ansible is powerful, agent-less platform that can be used to solve almost any and all challenges presented in our IT infrastructure.
Baremetal Machine — Every infrastructure has baremetal machines. When a new datacenter is deployed, Ansible can be used to provision everything you need and work with the infrastructure you have.
Infrastructure Automation — While deploying a data center, OS is one of the primary programs that you need to set up. Once OS has been deployed to every node in the infrastructure, further application which will define the role of the node. Ansible’s library of built-in modules helps us to use the simple playbook language for configuring your servers, network and firewall.
- Configuration Management
Ansible is the simplest solution available for Configuration Management. It is designed to be minimal in nature, secure and consistent. It is highly reliable with low learning curve for administrator, developers and IT managers. Ansible are basically commands which is human-readable and machine-parsable which ensures that everyone in the team can understand what each configuration tasks? We can easily involve new people in team, and they can immediately start working on the infrastructure, without providing them specialized training which costs us significant amount of time and money.
- Application Deployment
Ansible is the simplest way to deploy your application, almost all application can be deployed using Ansible Playbook. The code is written in descriptive language which is easy to understand by humans and systems alike. Playbooks are simple to write and maintain. Ansible can be introduced into your environment without any bootstrapping of remote systems or opening up additional ports.
- Continuous Delivery
Ansible provides true multi-tier, multi-step orchestration. Ansible’s push-based architecture allows total control over operations. Ansible lets you define “play”, which selects a particular group of hosts and assign task to execute or role for them to fulfill. Ansible can work with networks, load-balancers, monitoring systems, web services and many other application.
- Security & Compliance
Security is one of the most important aspect of our infrastructure. Security of our data, systems and data of our customer. Ansible allows you to define your systems for security. Ansible can be used to set up firewall rules, blocks ports which are not going to be used, set rule over file and directory, manage user and groups permissions. Ansible can be used to enforce any and all security policies.
Deploying a single service on a single machine can be fairly simple and you have lots of solutions to choose from. Orchestration is about bringing together disparate things into a coherent whole. Today’s IT brings complex deployments and complex challenges. You’ve got to deal with clustered applications, multiple data centers, public, private and hybrid clouds and applications with complex dependencies. You need a tool that can orchestrate your complex tasks simply. Ansible is the answer.
Ansible Tower or Red Hat Ansible Tower helps you scale IT automation, manage complex deployments and speed productivity. You can control your IT infrastructure with a visible dashboard, role-based access control, job scheduling, integrated notification and graphical inventory management. And Ansible Tower’s REST API and CLI makes it easy to embed Ansible Tower into existing tools and processes.
The Ansible Tower dashboard provides a heads-up NOC-style display for everything going on in your Ansible environment.
Within Ansible Tower, Playbook runs stream by in real time. As Ansible automates across your infrastructure, you’ll see plays and tasks complete, broken down by each machine, and each success or failure, complete with output. Easily see the status of your automation, and what’s next in the queue.
With Ansible Tower, all automation activity is securely logged. Who ran it, how they customized it, what it did, where it happened — all securely stored and viewable later, or exported through Ansible Tower’s API.
Ansible Tower helps you manage your entire infrastructure. Easily pull your inventory from public cloud providers such as Amazon Web Services, Microsoft Azure, and more, or synchronize from your local OpenStack cloud or VMware environment. Connect your inventory directly to your Red Hat Satellite or Red Hat CloudForms environment, or your custom CMDB.
Well that’s all for today folks, hope you guys liked it, any feedback please get in touch. I’ll do a walk-through soon, where I’ll deploy Ansible from scratch, and we will create some basic small playbooks and see how Ansible works. Until then take care, see you all soon.