What is Ansible?

Looking into Ansible

By Faster than Light

Ansible: Automation for sysadmins

Ansible allows automation and configuration management for numerous hosts.

In details

It’s a simple automation language that can perfectly describe an IT application infrastructure in Ansible Playbooks. It’s an automation engine that runs Ansible Playbooks Playbooks are Ansible’s configuration, deployment, and orchestration language. They can describe a policy you want your remote systems to enforce, or a set of steps in a general IT process. At a basic level, playbooks can be used to manage configurations of and deployments to remote machines. At a more advanced level, they can sequence multi-tier rollouts involving rolling updates, and can delegate actions to other hosts, interacting with monitoring servers and load balancers along the way.

Ansilbe’s architecture is very straight forward

Ansible works by connecting to your nodes and pushing out small programs, called "Ansible modules" to them. These programs are written to be resource models of the desired state of the system. Ansible then executes these modules (over SSH by default), and removes them when finished. Your library of modules can reside on any machine, and there are no servers, daemons, or databases required. Typically you'll work with your favorite terminal program, a text editor, and probably a version control system to keep track of changes to your content.

Tools of Ansible

Ansible is composed of some tools such as:

  • modules
  • playbooks
  • Roles
  • vaults
  • inventory

modules, roles, and playbooks: telling ansible what to do

Modules and playbooks are the actually code that gets run on different hosts

If Ansible modules are the tools in your workshop, playbooks are your instruction manuals, and your inventory of hosts are your raw material.

-Ansible documentation
Modules allow common commands to be packaged into an easy to use tool. Modules such as package, which allows managing installed packages across distribution package managers (e.g. apt, yum, pacman, emerge) make system administration simple.
Playbooks allow the stringing together of commands to allow automated status updates. Playbooks are the most frequent tool you'll be using in Ansible to run a series of tasks (possibly repeatedly via cron)

Running playbooks



ansible-playbook playbook.yml

Running one off commands

One off commands be run with `ansible` as seen below 

$ansible localhost -m ping
$ansible localhost -a ls

Roles: DRY(Don't repeat yourself)

Roles are a useful tool to avoid writing the same task over and over with the same variables and features in different playbooks. The file structure including roles might look like: 

site.yml
webservers.yml
roles/
	role1/
		files/
		templates/
		tasks/
		handlers/
		vars/
		defaults/
		meta/

Vaults: protecting credentials

Vaults help to keep your secrets, such as passwords, safe. Files are encrypted with AES 

ansible-vault [create|decrypt|edit|encrypt|rekey|view] vault_file.yml

Inventory

Inventory files list the hosts (and possibly variables such as ports and users). 

; /etc/ansible/hosts
[my-awesome-site:children]
webservers
databases

[webservers]
main ansible_host=74.125.21.100 ;named entry
www.example.com ;simple domain name

[databases]
db.example.com
backup.example.com

Use Case Example 1: Installing new software my servers

We need to install the package "nginx" on all of our servers

We can do this by running: 


$ansible all -s -m shell -a 'apt-get install nginx'

We have just ran a task. Ansible also allows combining different tasks into a taskfile, which will itself be part of a "Role". A Role will have the taskfile and all its related files. (more on this later)

However, we could probably have done the same thing with a bash script. What sets ansible apart is the ability to ensure idempotence (same final result).

Running the code below will also install nginx on all of our servers 


ansible all -s -m apt -a
'pkg=nginx state=installed update_cache=true'

The response will be: 


127.0.0.1 | success >>
{
"changed": false
}

Note that this will also ensure idempotence. Note that we used the ansible module 'apt' to accomplish this. Modules are an essential part of ansible.

Use Case Example 2: Adding a database to our servers

We can write the following taskfile for our "createDB" role:

Recall that the structure of a role looks like this:

When we run the role, Ansible will automatically run the "main.yml" taskfile in that role.

To run our role, we need to create a playbook file which calls our role, running our taskfile.

Playbook files are in the .yml format, and can call multiple roles. Here is one which will call our "createDB" role. Assume that the following playbook file is "DBplaybook.yml"

We now simply run:

ansible-playbook DBplaybook.yml

And the database will be set up on all of our servers!

Other use cases

-Adding users to databases

-Managing services on servers

-Deploying applications to servers

-Running application scripts on servers

Ansible: Is it right for you?

The competitors of Ansible include:

  • Puppet
  • Chef
  • SaltStack
  • Terraform
  • CloudFormation

Ansible users write playbooks in a descriptive language similar to YAML and Jinja. Users may prefer to use a competitor that uses a language they know, or that is coded in a more procedural style. For example, Terraform uses Go, and Puppet uses Ruby.

Ansible is often preferred because it uses client-only architecture. Many of its competitors, including Chef, SaltStack, and Puppet, use client-server architecture. However, there are two competitors, CloudFormation and Terraform, that also offer client-only architecture. Ansible is flexible and can be used either as push-based or pull-based system.

Ansible was first written for use in command line only. Unfortunately, this remains relevant, because the majority of functionality available in the command line is not available from the user interface.

Ansible is one of the newer configuration management tools, and some of its more established competitors, like Chef, offer greater stability. Chef and Puppet users will benefit from a larger user and developer communities.

Ansible nodes are managed by default over SSH. SSH communication can face reduced speed in a scaled or downsized environment. Furthermore, although Ansible uses an agentless architecture, machines must have a Python interpreter installed and require root SSH access for most functionality.

Example/tutorial 1: Localhost

Dependencies

  • Ansible

Ad Hoc commands: Pinging the localhost 


#this uses the module 'ping' on localhost
$ansible localhost -m ping

Ad Hoc commands: running shell commands 


#this allows a single command to be run
$ansible localhost -a 'ls -al'

Making a playbook 


---
# test-playbook.yml
- hosts: localhost
  tasks:
    - name: list homedir
      shell: ls
    - name: make ~/temp or update access time
      shell: touch temp
    - name: fail to make or update /tmp
      shell: touch tmp
      args:
        chdir: /

Running our playbook 


ansible-playbook test-playbook.yml

The command failed. Can you fix it

Example/tutorial 2: docker/ansible-container

Ansible container allows you to configure and automate your containers in a sane manner that doesn't require bash scripts, and uses ansible playbooks. yay!

Dependencies

Ansible-container is not included in Ansible. You'll need to install it here

Basic example

Make a new directory and cd into it then run: 


$ansible-container init
$ansible-container build
$ansible-container run

Example/tutorial 3: vagrant

Shamelessly stolen from geerlingguy