Cheat Sheet: Ansible

DevOps / By

Ansible is an open source IT automation engine that automates provisioningconfiguration management, application deployment, orchestration, and many other IT processes.

From Learning Ansible

Use Ansible automation to install software, automate daily tasks, provision infrastructure, improve security and compliance, patch systems, and share automation across your organization.

It improves the scalability, consistency, and reliability of your environments and is simple to use and powerful enough to automate complex multi-tier IT application environments.  It abstracts the commands / steps to accomplish the tasks, you just specify the state you want the system to be in and Ansible does the rest.

What Problems can it solve?

  1. Configuration Management:  The process for maintaining systems, servers and software in a desired, consistent state.  Ansible makes changes and deployments faster, safer and consistent. Use it to start/stop services, install or update applications, patches, security updates and a wide variety of other configuration tasks.
  2. Orchestration: automating a process or workflow that involves many steps to complete.  Ensuring tasks are executed in a specific order and handle exceptions or different results accordingly.  This is critical for situations like….
  3. Application Deployment : enabling DevOps and CI/CD practices by automating the process of build, test and deploy and make it consistent for all environments
  4. Security and Compliance : reduce human dependency on site-wide implementation of security policies for applications and infrastructure.  You won’t have to monitor each node for security compliance manually as Ansible will updated with the details you specify in the playbooks.  It also enables rapidly respond to incidents faster and pushing remediation throughout your entire environment simultaneously
  5. Network Automation and Cloud Provisioning : provision cloud platforms, virtual machine, serverless resource and network devices. Configure, scale and integrate infrastructure and services more quickly and consistently/less error prone than when performed manually.

I believe Configuration Management is the initial reason you would try Ansible and might expand into other use cases as you become comfortable with its use and capabilities.

Features

  • Easy Setup :  a minimal requirement and configuration needed to get it to work. There is no need to maintain Ansible itself.
  • Easy to Learn and Use : no special coding or scripting skills required and there is comprehensive documentation and an active community available.
  • Agentless: You do not need to install special software on the target systems.  You only need to have Ansible installed on the control machine (Linux based).
  • Push architecture: Push configurations from the control machine to the hosts and see dozens to thousands of changes made in minutes.
  • SSH: Simple key based network authentication protocol.  When using in cloud (AWS) I found this youtube tutorial helpful
  • Declarative : describe your what your target system needs and Ansible and it’s modules handles all the details and it’s more readable then code.
  • Free: Ansible is an open-source tool. (Redhat offers a paid  enterprise solution which provides a UI, dashboard and Rest API, role based access control, job scheduling and graphical inventory management)

Concepts

Full list of concepts

  • Control Node: The system on which Ansible is installed and executed from;  No special software is need on any of the other systems
  • Host Inventory : List of managed nodes (remote systems, or hosts), organized into groups that Ansible will manage. This file is located on the control node. A simple example:
Simple Host Inventory
  • Modules :  discrete units of code that can be used from the command line or in a playbook. Ansible executes each module, usually on the remote target node, and collects return values. Ansible includes hundreds of modules that can do almost anything an administrators needs to do…if you don’t find a module for what you need, you can write your own.
  • 2 Ways to execute Modules:
  1. Ad hoc Command : A quick way to run a single task on one or more managed nodes via a command line tool.  Common use cases : rebooting servers, managing files and packages, managing users and groups, managing services, gathering facts.
Ad hoc command format
  1. Playbook : A Script (Written in YAML) that contains a set of commands to be deployed and  executed on the specified list of hosts. Can add variables, loops, conditions, input prompts, events, templates, blocks for more advanced scenarios. Use the ansible-playbook command to run a playbook.
Playbook Example

Installation

Alternatives

  • Puppet
  • Chef
  • Terraform
  • Saltstack