Ansible is an open-source automation engine that automates software provisioning, configuration management, and application deployment. It lets you control and configure nodes from a single machine. What makes it different from other management software is that Ansible uses SSH infrastructure. It uses push mode, where the configuration is pushed from a master machine to nodes.
Architecture
Ansible has two types of servers: controlling machines and nodes. First, there is a single controlling machine which is responsible for managing the nodes over SSH. The controlling machine describes the location of nodes through its inventory files. In contrast with popular configuration management software — such as Chef, Puppet, and CFEngine — Ansible uses an agentless architecture. So there is no need to install any client software on nodes in order to manage them.
NO AGENT = MORE SECURE, MORE PERFORMANCE, LESS EFFORT
For the basic understanding of Ansible, you should be familiar with these terms-
Playbook
Playbooks are simple YAML files. These files are descriptions of the desired state of your systems, which are usually kept in source control. Ansible then does the hard work of getting your systems to that state no matter what state they are currently in. Playbooks make your installations, upgrades and day-to-day management repeatable and reliable.
Playbooks are simple to write and maintain. Playbooks are written in a natural language so they are very easy to evolve and edit. Thanks to its agentless design, Ansible can be introduced into your environment without any bootstrapping of remote systems or opening up additional ports.
Playbook contains Plays.
Plays contain tasks.
tasks call modules.
Here is a sample playbook which has only one play and this play has two tasks.
--- - hosts: webservers remote_user: root tasks: - name: ensure apache is at the latest version yum: name=httpd state=latest - name: ensure apache is running (and enable it at boot) service: name=httpd state=started enabled=yes
Modules
There are over 450 modules provided by Ansible to automate every part of the environment. Modules are like plugins that do the actual work in Ansible, they are what gets executed in each playbook task. But you can also run a single one using the ‘ansible’ command. Each module is mostly standalone and can be written in a standard scripting language (such as Python, Perl, Ruby, Bash, etc.). One of the guiding properties of modules is idempotency, which means that even if an operation is repeated multiple times, it will always place the system into the same state.
Let’s review how we execute two different modules from the command line:
ansible 127.0.0.1 -m service -a "name=httpd state=started"
ansible localhost -m ping
You can find all the Ansible modules from here.
Inventory
The Inventory is a description of the nodes that can be accessed by Ansible. By default, the Inventory is described by a configuration file, whose default location is in./etc/ansible/hosts The configuration file lists either the IP address or hostname of each node that is accessible by Ansible. In addition, nodes can be assigned to groups.
Here is an example of inventory
mail.example.com [webservers] foo.example.com bar.example.com [dbservers] one.example.com two.example.com three.example.com
The headings in brackets are group names, which are used in classifying systems and deciding what systems you are controlling at what times and for what purpose. It is ok to define one node in more than one group because a server could be both a web server and a DB server.
Configuration Management with Ansible
Ansible is the simplest solution for configuring the nodes. It’s designed to be minimal in nature, consistent, secure and highly reliable. Any developer, testest or IT manager can easily configure nodes. Any IT person can write playbooks easily.
Ansible configurations are simple data descriptions of your infrastructure (human readable) ensuring everyone on your team will be able to understand the meaning of each configuration task.
Ansible requires nothing more than a password or SSH key in order to start managing systems and can start managing them without installing any agent software. There’s no more wondering why configuration management daemons are down, when to upgrade management agents, or when to patch security vulnerabilities in those agents.
Ansible relies on the most secure remote configuration management system available as its default transport layer: OpenSSH. OpenSSH is available for a wide variety of platforms, is very lightweight and when security issues in OpenSSH are discovered, they are patched quickly.Further, it does not require any remote agents. It delivers all modules to remote systems and executes tasks, as needed, to enact the desired configuration.
All the configuration is defined in playbooks. Plays are written in the playbook. A play contains multiples tasks. A task uses a module to configure nodes. With the help of task, we configure single or multiple nodes. For example, if we want to install a web server on multiple nodes so we will write a task for this operation.
Thanks.
References
Reblogged this on Coding, Unix & Other Hackeresque Things.