Starting with Ansible
What I initially learned about Ansible
Ansible can be used for Infrastructure Automation.
But What is Infrastructure Automation?
Infrastructure automation refers to the way we are creating a system to reduce human interaction for the management and configuration of servers.
Ansible is mostly used when we are creating new servers, and we need to configure them according to our needs. But imagine this, it's not just one server that you need to maintain but 100s, how much pain in the ass it would be to configure each server with the same configuration ONE BY ONE, by use of ansible you can write a configuration file, that will manage and configure all your servers as intended.
Architecture of ansible
1. Inventory — Ansible Inventory is the collection of all the hosts under the group name of your desire, and you can simply use the variable name in your playbook.
10x.xx.xxx.221 ansible_ssh_private_key_file=path/to/key ansible_user="username"
10x.xx.xxx.218 ansible_ssh_private_key_file=path/to/key ansible_user="username"
2. Playbook — Ansible Playbook is the written manuscript of all the configurations you like to perform over your group of hosts. This file is written in YAML, and a Single playbook can be used to perform tasks over different groups of hosts.
Above is a basic playbook, orchestrating over two groups -
databaseIn the database, I took some help from MongoDB's official doc to write install instructions in the playbook. While writing this playbook, I tested commands in my local machine and converted simple Linux instructions. I went through some examples listed in APT, apt-key, command ansible modules.
$ ansible-playbook -i inventory.txt playbook.yaml
3. Ansible Config — Ansible configuration file contains environment variables and other configurations to run ansible. Generally, this file is stored in the Home directory of your project with the name
INVENTORY = inventory.txt
Here I have defined default Inventory, I don’t need to pass
inventory in command to run
ansible-playbook. I can simply run
$ ansible-playbook playbook.yaml
4. Modules —Ansible Modules are core modules or user-created modules loaded when any playbook runs. These modules are scripts, that enable configuration written inside a playbook to make changes in your host server, like installation or deletion, etc. An example of these modules is package management tools like apt, DNF, yum, etc. Read more about them here.
5. CLI — Ansible-CLI is a command-line tool that uses Ansible API to connect to nodes via SSH and perform plays. Red Hat also developed a UI tool for this purpose called Ansible Tower.
Ad-hoc commands can be used to test the connection or automate a single task, without needing to create a playbook, you can simply run an ad-hoc command using,
$ ansible <pattern> -m <module_name> -a "<module options>"
-m : it takes an ansible module name. This is the same module that I wrote above. check this introductory official doc about modules. The example shows how to use the module in an ad-hoc command as well as a playbook.
-a : this takes the operation you want to perform
$ ansible webservers -m ping
$ ansible webservers -m command -a "apt-key list"
$ ansible webservers -m service -a "service mongo status"
Ansible-Vault is an inbuilt secret management tool in ansible. This can be used to store the things that we want to hide, like sensitive passwords, keys, secrets, to connect to the remote servers. Ansible vault encrypts the data or file rather than storing it in a normal text file. You can also use a third-party tool like AWS secret management, Conjur, etc, but for their integration, you will need to write an extra script also, but this is doable.
What makes ansible greater?
- Ansible is Agent-less, which means there’s no need for an agent to be installed on a remote machine, Ansible will connect to it via ssh.
- Ansible is idempotent, which means you can run an ad-hoc command or a playbook any number of times, if there are no changes, the result will be the same.
- I can configure multiple hosts at the same time. However, I can decide how many hosts I want to configure in parallel.