Ansible is a configuration management tool maintained by Red Hat. It has to be installed on a controll machine. On the target machine, no configuration is needed. The control machine connects to the target machines via SSH.
Which problem does it solve?
In short: Ansible makes configurations repeatable.
Why this is good:
- Disaster Recovery: You have a web service running on AWS. Your account was hacked and deleted. Having your infrastructure defined as code (IaC), you can re-create all resources with the configuration you had before.
- Site Reliability: Having IaC, you can have code reviews for changes. This helps to reduce human error.
- Scalability: If we want to add more services, it is easier to repeat patterns. So this might help different teams at a company to keep in sync.
If you have a web service running, you hopefully have the code for that service
under version control (e.g.
Version control helps to keep the same state
everywhere, find the changes (
git bisect (docs) /
undo the change (
git revert). So the
version control gives you documentation and archives changes.
However, if you have a web service running, the software is not the only important thing. It has to run somewhere. This means you actually need a physical machine. You don't need to own it / take care about the hardware, but it needs to exist. Suppose you use Amazons Cloud AWS. Then you can use Terraform / AWS CloudFormation to define in code on which kinds of machines it is running. The idea to have this written in code is called Infrastructure as code (IaC). It allows you to have the infrastructure under version control and get the same benefits as were mentioned about version control for code.
Next, you need to configure the machines: Add certificates, SSH keys, LDAP, install Docker. This is where Ansible helps.
You might also want to read a real world example.
Ansible is written in Python. For this reason, the simplest way to install it
might be via the Python Package installer
$ pip install ansible
To test if it worked:
$ ansible --version ansible 2.9.0 config file = None configured module search path = ['/home/moose/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /home/moose/.local/lib/python3.6/site-packages/ansible executable location = /home/moose/.local/bin/ansible python version = 3.6.8 (default, Oct 7 2019, 12:59:55) [GCC 8.3.0]
- A task is a command executed on the target machine. A task is a call to an Ansible module.
- A list of tasks. Every role is a directory below
/rolesand contains a `main.yml` which defines the tasks.
- Determines which task/role should be applied to which target machine.
- Facts are information derived from speaking with your remote systems.
- An idempotent operation can be applied multiple times without changing the result beyond the initial application. Basically, it means "repeatable".
- Bring resources to a desired state if they diverge
- Resources are never changed. They are only created and destroyed. (Terraform and CloudFormation work like this)
Ad hoc command to check the connection:
$ ansible -m ping all
Ad hoc command to get the available disk space:
# ansible -m [module] -a '[module options]' [target] $ ansible -m shell -a 'df -h' all
Ansible executes stuff with your account. If you need root, specify
-k to ask for a password.
The default project structure is:
. ├── playbook.yml └── roles ├── example-role │ ├── files │ │ └── foo.txt │ └── tasks │ └── main.yml └── foo-role └── tasks └── main.yml
main.yml files have the following structure:
# Choose a descriptive name for the task as ansible will print them when # executing - name: Install a list of packages apt: # The ansible module pkg: # install the following packages - foo - bar - name: Add some file to the target machines copy: src: ../files/foo.txt dest: /absolute/path/foo.txt
playbook.yml file has the following structure:
- hosts: all become: true # become another user; by default root
You can then execute the playbook via
$ ansible-playbook playbook.yml
Where Ansible is push-based, Puppet and Chef are pull-based. So the target machines need to have an agent running which pulls.
- Ben's IT Lessons: Ansible - A Beginner's Tutorial, Part 1 / Part 2, 2017.
- Ansible: List of Ansible Modules
- halfercode on Reddit: Does Docker make Ansible and similar orchestration tools redundant?, 2017.
- Lou Bichard: Configuration Management: What Is It and Why Is It Important?, 2019.