July 27th, 2019 by Guest Author
What is Ansible?
Ansible is an agentless automation tool written in Python. It connects to your clients via SSH and allows you to automate the boring, repetitive tasks you don't want to do. It allows you to take a task done by a human that may take an hour to perform, and convert it into a single command that completes within minutes. This improves your performance and allows you to start work on the next big project.
Ansible provides many benefits, let's take some time to look at some of the most important. I am going to break this down into to sections, one for those who have no or minimal automation, and another for those who are already using an automation tool like Salt or Puppet.
New to Automation
If you are new to automation, using a tool that is simple can help with the learning curve. Let's look at some reasons why you should choose Ansible over the other tools available.
1. Simple syntax
Due to Ansible's simple way of defining tasks, it is very simple to get started with. Take the below snippet for example:
- hosts: all
- name: Install Nginx
A complete Ansible task, equivalent to running `yum install nginx` on all of your hosts.
You can probably already tell what it is doing. It is installing the latest version of the Nginx open-source web server on all of your defined hosts. We will look at defining hosts later. Since all of the tasks you create are in YAML, they are both easy to read, and easy to create. This is vital when starting to learn a new tool, as it allows you to quickly gain experience while building confidence and understanding.
2. Git Love
Since your automations are simple text files, it is possible to store them in Git (or another source repository system), where they have change control and can be checked out and updated from a central source.
3. Simple Execution Order
Since tasks are executed in the order you define, you do not have to worry about the execution order. Simply define the steps as you would to a human, and Ansible will execute them in exactly that order every time, without having to worry about missing a step.
Having an agentless way to manage your hosts is important, doubly so if you do not already have a way of deploying an agent in an automated manner. Trying to start an automation push in an existing environment can be a nightmare, especially if there are tens or hundreds of machines that need the new agent.
If you have already done some automation, maybe using Bash, Python, or Powershell, you might be wondering what Ansible brings to the table. Let's take a look.
1. Simple Orchestration
Have you ever tried to update a website using a bash script? Say you have a web load balancer or reverse proxy, 5 web servers, a database load balancer, and 2 database servers. You might spend hundreds of lines simply checking that each component was updated successfully.
With Ansible, you can define health checks, rolling upgrades, and set your load balancers to remove add and remove nodes during each step of the upgrade. You can see an example of this on the officialContinuous Delivery and Rolling Upgradesdocumentation.
Idempotenceis the property of certain operations in mathematics and computer science whereby they can be applied multiple times without changing the result beyond the initial application.- Wikipedia Basically, the goal is to run your playbook once to set things as desired, and then keep running it every *X*number of hours/days/weeks to ensure that nothing has changed. If anything does change, you should be looking for the source of *Configuration Drift*in your environment.
Configuration Driftis where servers in infrastructure become more and more different as time goes on.- Shadow Soft
3. Built-in secrets storage
Ansible's built-in secrets storage, called Ansible Vaultallows you to store sensitive data such as passwords, API keys, or even private keys in a secure manner, with the rest of your codebase, in source control. This is unheard of in Bash or Python, usually requiring third-party tools like an API-enabled password vault.
Ansible can be expanded easily for both Windows and Linux modules, as well as to communicate with third-party tools. This means that if you want to automate something, chances are there is already a community module you can use, or you can create or adapt an existing module in order to fit your needs.
You can find information about developing your own modules with the official documentation, or you can check out Ansible Galaxyfor community modules.
Getting Started With Ansible
Getting started is as simple as installing Ansible on your workstation or server. I am going to be showing the RedHat/CentOS commands, but you can view other installation steps in the official documentation.
`sudo yum install ansible`
That's it! You have a fully functional Ansible control node installed and are ready to go.
Ansible needs to know which machines to talk to and run your playbooks against. So let's look at setting up a basic inventory. The default inventory file is available at `/etc/ansible/hosts` on Linux. If you take a look at that file, you will see it is in an INI-like format, and probably looks something like this:
As explained in the documentation, the headings in brackets are group names, which allow you to classify systems into arbitrary groups. I would recommend you take some time and set up your inventory file, as it is important for Ansible to know which hosts you want to run tasks against.
Creating a Playbook
A playbook is a collection of tasks that are to be run against your hosts. You can create a playbook that's as simple as a single file with one play, or many files with multiple conditionals and imports from other playbooks. We are going to start off with a simple playbook that installs, starts and adds firewall rules for nginx on our webservers. In our hosts file, we might have something like this:
and in our `nginx-install.yaml` file, we have the following:
- hosts: webservers
- name: Install Nginx
- name: Start Nginx
- name: Allow port 80 through firewalld
port: 80/tcp # Alternatively, you can use the "service: http" syntax
Overview of the Ansible host connecting to your web servers and installing NGINX. To run this playbook, simply run `ansible-playbook nginx-install.yaml` and Ansible will go and install Nginx on any hosts in your webservers group. This is a simple playbook with a single play, however, it is a good example of the ease with which Ansible can be used in your environment.
As you can see, Ansible is a very flexible and easy to use automation tool which can work in any environment. With its easy learning curve and ability to grow to your needs, Ansible is one of the best automation tools for infrastructure deployment to a full DevOps-managed environment.