What is Ansible
To deploy applications, do cloud provisioning and manage other Information Technology tools, any agent or custom security is required on the client-side. It is not always possible and easy to have these requirements to run and manage applications. There was a need to have an application or IT engine that can help us perform these functions without the need for any agent or custom security on the client-side.
Introduction to Ansible
To ease the above processes, Michael DeHaan developed an IT engine, Ansible. After some years, RedHat acquired the Ansible tool in 2015. To use the Ansible tool smoothly, a user needs to be good at running commands in the Linux shell. Having sound knowledge of Linux can be considered as a prerequisite for using the Ansible tool.
The Ansible tool is generally an open-source IT engine or tool that automates various application deployments, cloud provisioning activities, intra-service orchestration, etc. Not having any need of an agent or custom security on the client-side is regarded as a big advantage of using Ansible. It is created for multi-tier deployment and it is easy-to-use as it is completely agentless. It simplifies the process of connecting to clients by using SSH-Keys. When we create an inventory file in which clients’ details like IP addresses, hostnames and SSH port details are stored, it can connect by using the details.
Ansible describes and carries out automation tasks by using the playbook. The playbook uses a simple language, Yet Another Markup Language (YAML). This language is easily readable and understandable by humans and is mainly used for configuring files but it can be used in various applications where data storage is involved. It is free of cost so it became very popular soon. Another benefit of using the Ansible tool is the playbook can be read and debugged if needed by IT support staff.
Ansible manages and stores the inventory in the form of simple text-files. It connects to your (system) nodes and then pushes small programs, generally known as Ansible Modules to the nodes. It runs the modules on the nodes and removes them when the process is finished.
An Ansible user writes the playbook and interacts with the Ansible orchestration engine to execute the Ansible orchestration. The Ansible tool interacts with configuration management databases and public or private cloud. The below diagram shows the Ansible architecture.
Below is the description of the Ansible architecture
- Playbook: Users write the playbook so it consists of written codes. Codes are written in YAML format (as it is easy to use). The playbook describes the tasks and executes them through Ansible. The tasks can be launched synchronously and asynchronously with the playbook.
- Cloud: It is a network of remote servers which are used to store, process and manage data. The servers are hosted on the internet and are remote. The data is stored remotely, not in physical servers.
- CMDB: CMBD acts as a data warehouse for IT installations and is a type of repository.
- Inventory: It consists of lists of nodes having IP addresses, servers, databases, etc. They are managed by the inventory.
- API: It works as a transport for private or public cloud services.
- Modules: When the Ansible tool connects the nodes, Modules are executed on the client-side and removed after completion by the Ansible tool. They can reside on any machine without the need for any server or database. Users can keep track of changes in the content while working with the text editor or version control system.
- Plugins: Plugins are generally considered as the core functionality of the Ansible tool. There are many useful plugins and they can be written easily as users want.
- Hosts: Hosts are generally nodes that are automated by the Ansible tool and other machines such as Linux, RedHat, Windows, etc.
- Networking: Ansible uses a powerful & automated networking system. It can manage automation of different networks as it uses a secure, simple and agentless framework for IT installation and operations.
Ansible connects to your nodes and runs a small program called Ansible modules on the client-side. After running the modules, it removes them. These Ansible modules can reside on any machine and do not require any database or server.
Workflow: Ansible Management Node plays the most important and crucial role in the whole operation of Ansible. It gets the lists of hosts where the Ansible modules are to be run from the Inventory. Ansible Management Node manages and controls all the executions perfectly and remotely. After getting the list of hosts from the Inventory, Ansible Management Node then connects with the hosts through SSH connections and runs the modules. After successful execution of modules, it removes them.
Ansible Inventory can be defined as a group of lists of hosts, servers, IP addresses, etc. and it is used to manage multiple hosts or groups in a single point of time. The inventory needs to be defined first to execute the workflow. Users can edit or write the inventory as per their needs.
The (default) location of inventory is a file: /etc/ansible/hosts. A different inventory can be specified in the command line using -i
Groups & Hosts
As given above, the default location is /etc/ansible/hosts. Hosts are in INI format in the below example. Headings in the bracket are considered as group names used for classifying the systems. Systems can be put in more than one group. Two servers are given (webservers & dbservers) below.
Host variables: Variables can be assigned to the hosts and they are used in the playbook.
Subscribe to our youtube channel to get new updates..!
Host1 http_port=50 maxRequestsPerCase=505
Host2 http_port=450 maxRequestsPerCase=495
Group variables: Application of variable to a group or more can be done at once.
There is a lot of sensitive data that should be protected by encryption. The sensitive data may include passwords, usernames, important data, etc. The Ansible Vault plays an important part in securing the data on the Ansible tool. It effectively encrypts the data so that Ansible can decrypt it with the help of the key at the runtime. It helps users to keep their data safe and protected with the help of encryption. Ansible vault provides the key to decrypt to Ansible to run the vault-encrypted content at runtime.
File-level granularity is implemented by Ansible Vault so the files are either encrypted or unencrypted entirely. It uses an algorithm (AES256) to provide a single password for decryption. A single password is used to do both encryption and decryption of content and it makes it easy to use. Ansible can identify any vault-encrypted data while executing a task.
Encryption & Decryption:
Encryption: First, a user needs to choose a password for encrypting any existing file.
Creating an encrypted file: Ansible vault is used to encrypt a file. Create & confirm a password for encryption and decryption after choosing a file name. Below is the command for creating an encrypted file -
Decryption: After encryption, the key is sent by Ansible vault to the Ansible tool. The key is to be entered to decrypt the content or file to extract the encrypted data.
Decrypting an encrypted file: To decrypt an encrypted file, the Ansible vault decryption key or command is used by using the following command - $ansible-vault decrypt
There are various other commands used to perform other functions using Ansible Vault that can be learned by referring to the official Ansible documentation.
Ansible vs Chef
Ansible is mainly used for automating application deployment, cloud provisioning,etc.
The chef is an automated platform used to transform infrastructure into code. It automates deployment, configuration and management of the infrastructure across a network. It is an open-source cloud configuration that can translate tasks related to system administration into reusable definitions also known as cookbooks and recipes. The chef can run on various platforms like Windows, Solaris, Nexus, etc. and it also supports other cloud platforms like AWS, Microsoft Azure, etc.
Some differences between Ansible & Chef are listed below based on different parameters.
YAML (Python) language is used in Ansible because it is very easy to learn and use. Mostly all Unix and Linux deployments have Python inbuilt which makes it easier to use.
As Ansible uses YAML, it is easy to manage. It has quick remote execution so it is mostly suitable for real-time applications because the server pushes applications to the nodes.
It derives its authoritative configurations from the deployed playbooks that serve as perfect source-control systems so it is more accessible.
Ansible cheat sheet
Ansible supports the task of setting up and maintaining remote servers but there are certain commands that are used to operate it. The collection of these commands most commonly used is called Ansible Cheat Sheet.
Some of the most common commands used in the Ansible tool are listed below.
- For testing Connectivity to nodes: $ ansible all -m ping
- For connecting as a different user: $ ansible all -m ping -u danny
This also applies to the playbook: $ ansible playbook myplaybook.yml -u danny
- For using a custom SSH key to connect to a remote server: $ ansible all -m ping --private-key=~/.ssh/custom_id
This also applies to the playbook: $ ansible playbook myplaybook.yml --private-key=~/.ssh/custom_id
- For using password-based authentication: $ ansible all -m ping --ask-pass
This applies to the playbook too: $ ansible playbook myplaybook.yml --ask-pass
- For running playbooks: $ ansible-playbook myplaybook-yml
- For editing an encrypted file: $ ansible-vault edit credentials.yml
Above are some of the commands but for more cheat-sheet commands, please refer to the Ansible official documentation.
Advantages of Ansible
Some of the advantages of using the Ansible tool is given below
- It is completely free of cost.
- It is very easy to set up & use.
- It is flexible and compatible with many systems and operating systems.
- It does not involve any agent because it is agentless.
- It is more efficient in performing the tasks.
- It is more powerful and faster as it can handle complex IT functions easily.