Before understanding what is ansible let us first understand what are the problems that were faced by industries before Ansible.
Let us take a little flashback to the beginning of networked computing when deploying and managing servers reliably and efficiently has been a challenge. Previously, system administrators managed servers by hand, installing software, changing configurations, and administering services on individual servers.
As data centers grew, and hosted applications became more complex, administrators realized they couldn’t scale their manual systems management as fast as the applications they were enabling. It also hampered the velocity of the work of the developers since the development team was agile and releasing software frequently, but IT operations were spending more time configuring the systems. That’s why server provisioning and configuration management tools came to flourish.
Consider the tedious routine of administering a server fleet. We always need to keep updating, pushing changes, copying files on them, etc. These tasks make things very complicated and time-consuming.
But let me tell you that there is a solution to the above-stated problem. The solution is — Ansible.
What is Ansible?
Ansible is a software tool that provides simple but powerful automation for cross-platform computer support. It is primarily intended for IT professionals, who use it for application deployment, updates on workstations and servers, cloud provisioning, configuration management, intra-service orchestration, and nearly anything a systems administrator does on a weekly or daily basis. Ansible doesn’t depend on agent software and has no additional security infrastructure, so it’s easy to deploy.
While Ansible may be at the forefront of automation, systems administration, and DevOps, it’s also useful to everyday users. Ansible allows us to configure not just one computer, but potentially a whole network of computers at once, and using it requires no programming skills. Instructions written for Ansible are human-readable. Whether we’re entirely new to computers or an expert, Ansible files are easy to understand.
What can Ansible Automate?
- Provisioning: Creating a suitable environment for the application/ software to live is necessary. Ansible provides a way to automate the environment created for the application’s existence.
- Configuration Management: Perform a wide variety of configuration tasks, such as start/ stop services, change the configuration of a system, device, or application, etc.
- Application Deployment: Automate the defining of deployment with Ansible and manage the deployment using Ansible tower. This makes the entire application cycle from production to deployment efficient and manageable.
- Continuous Delivery: Creating and managing a continuous integration/ continuous delivery pipeline can get cumbersome. That’s where Ansible steps in and makes the developer’s lives easier.
- Security and compliance: Working with the projects, always sets boundaries and is integrated with the company’s security policies. Having security policies integrated automatically with the deployment can make complying with policies easier.
- Orchestration: An entire project is a collection of many different instances having a different configuration. Ansible merges and manages these different instances as a whole.
What is Ansible Architecture?
Ansible architecture is fairly straightforward. See the below diagram understand the Ansible architecture:
As we can see, in the above image that the Ansible automation engine has a direct interaction with the users who write playbooks to execute the Ansible Automation engine. It also interacts with cloud services and Configuration Management Database (CMDB).
Components in Ansible Architecture :
Networking: Ansible can also be used to automate different networks. Ansible uses the same simple, powerful, and agentless automation framework IT operations and development are already using. It uses a data model (a playbook or role) that is separate from the Ansible automation engine that easily spans different network hardware.
Hosts: The hosts in the Ansible architecture are just node systems that are getting automated by Ansible. It can be any kind of machine — Windows, Linux, RedHat, etc.
Playbooks: Playbooks are simple files written in YAML format which describes the tasks to be executed by Ansible. Playbooks can declare configurations, but they can also orchestrate the steps of any manual ordered process, even if it contains jump statements. They can launch tasks synchronously or asynchronously.
CMDB: It is a repository that acts as a data warehouse for IT installations. It holds data relating to a collection of IT assets (commonly referred to as configuration items (CI)), as well as describes relationships between such assets.
Cloud: It is a network of remote servers hosted on the Internet to store, manage, and process data, rather than a local server. We can launch our resources and instances on the cloud and connect to your servers.
The Ansible Automation engine consists of:
- Inventories: Ansible inventories are lists of hosts (nodes) along with their IP addresses, servers, databases, etc. which need to be managed. Ansible then takes action via a transport — SSH for UNIX, Linux, or Networking devices and WinRM for Windows system.
- APIs: APIs in Ansible are used as transport for Cloud services, public or private.
- Modules: Modules are executed directly on remote hosts through playbooks. The modules can control system resources, like services, packages, or files (anything really), or execute system commands. Modules do it by acting on system files, installing packages, or making API calls to the service network. There are over 450 Ansible-provided modules that automate nearly every part of your environment.
- Plugins: Plugins allow to the execution of Ansible tasks as a job build step. Plugins are pieces of code that augment Ansible’s core functionality. Ansible ships with a number of handy plugins, and you can easily write your own.
Advantages Of Using Ansible
- Agentless –There are no agents or software deployed on the clients/servers to work with Ansible. The connection can be done through SSH or using Python.
- English Like Language — To use the Ansible, configure, and deploy the infrastructure is very simple and it is English like the language used called YAML.
- Modular — The Ansible uses modules to automate, configure, deploy, and orchestrate the IT Infrastructure. There are around 750 + modules built-in Ansible.
- Efficient — There are no servers, daemons, or databases required for Ansible to work.
- Features — Ansible comes with a whole lot of features and can be used to manage the Operating systems, IT Infrastructure, networks, servers, and services in very little time.
- Secure and consistent — Since Ansible uses SSH and Python it is very secure and the operations are flawless.
- Reliable — The Ansible Playbook can be used to write programs or modules and can be used to manage IT without any downside.
- Performance- The Ansible’s performance is excellent and has very little latency.
- Low Overhead — As it is agentless and does not require any servers, daemons, or databases it can provide a lot of space in the systems and has low overhead in terms of deployment.
- Simple — It is very simple to use and is supported by YAML
Ansible Case Study: Arista
Arista’s software-driven cloud networking model is helping to redefine cloud architectures as data centers adapt to achieve better agility and economy. Arista enables the use of standard provisioning and automation systems such as Ansible through our open Linux approach, bringing Net-Ops and Dev-Ops unification. So here Ansible helps Arista to improve speed and accuracy as well as when Arista uses Ansible it doesn’t require third-party EOS extensions and additional switch configuration. Arista has complete control of your configuration with idempotency built-in with Ansible that makes it intelligent, dynamic decisions in your playbook. Now Arista enables continuous compliance of EOS configuration with the configuration of Ansible.
Ansible Case Study — A Real Life Usage by NASA
Challenged face by NASA :
NASA needed to move 65 applications from a traditional hardware-based data center to a cloud-based environment for better agility and cost savings. The rapid timeline resulted in many applications being migrated ‘as it is to a cloud environment. This created an environment that spanned multiple virtual private clouds (VPCs) and AWS accounts that could not be managed easily. Even simple things, like ensuring every system administrator had access to every server, or simple security patching, were extremely cumbersome.
The solution was to leverage Ansible Tower to manage and schedule the cloud environment.
Hence, to solve the problems that NASA had with a lack of centralized management and a diverse environment, they evaluated multiple solutions and decided on the implementation of Ansible Tower. NASA is now leveraging Ansible Tower to manage their environment in a very organized and scheduled way.
How NASA is using Ansible:
Ansible Tower provided a dashboard that provided the status summary of all hosts and jobs which allowed NASA to group all contents and manage access permissions across different departments. It also helped to split up the organization by associating content and control permission for groups as well.
Ansible Tower is a web-based interface for managing Ansible. One of the top items in Ansible users’ wishlists was an easy-to-use UI for managing quick deployments and monitoring one’s configurations. Ansible management came up with Ansible Tower in response.
Further, Ansible divided the tasks among teams by assigning various roles. It managed the clean-up of old job history, activity streams, data marked for deletion, and system tracking info. Refer to the diagram below to understand how Ansible has simplified the work of NASA.
As a result, NASA has achieved the following efficiencies:
• NASA web app servers are being patched routinely and automatically through Ansible Tower with a very simple 10-line Ansible playbook.
• Ansible is also being used to remediate security issues and was leveraged to re-mediate OpenSSL issues. This not only saved time but allowed us to quickly re-mediate a very daunting security issue.
• Every single week, both the full and mobile versions of www.nasa.gov are updated via Ansible, generally only taking about 5 minutes to do.
• OS-level user accounts for mission-critical staff are continually checked and created if missing. Now, everyone who needs access has access, even if that means adding or removing a user almost instantly from all servers.
• NASA has also integrated Ansible facts into their CMDB, CloudAware, for better management visibility of the entire AWS inventory. As a result, it became possible to organize the inventory of AWS resources in a very granular way that was not possible before.
• Ansible is also used to ensure that the environment is compliant with necessary Federal security standards as outlined by FedRAMP and other regulatory requirements.
- Achieving near real-time RAM and disk monitoring (accomplished without agents)
- Provisioning OS Accounts across an entire environment in under 10 minutes
- Baselining standard AMIs (Amazon Machine Image) went from 1 hour of manual configuration to becoming an invisible and seamless background process
- Application stacks set up time reduced from 1–2 hours to under 10 minutes per stack.
I have done my best to give you all a basic idea about Ansible and How it provides benefits in the current Scenario.
In the upcoming days I am going to publish lots of articles on different automation Tools and other Technologies, So definitely follow me on Medium.
Here is my LinkedIn profile if u have any queries definitely comment below or DM me on Linkedin
Abhay Agarwal - Arth Technical volunteer - ARTH - The School of Technologies | LinkedIn
View Abhay Agarwal's profile on LinkedIn, the world's largest professional community. Abhay has 7 jobs listed on their…