System admins are often responsible for managing tens or thousands of computers. Some application upgrades require complex task orchestrations. Automation tools like Ansible make this daunting workload practical.
In this article, I'll introduce you to Ansible, a radically simple IT automation engine. I'll begin by introducing the core concepts of the Ansible system and how to set up a basic installation to start experimenting. Then I'll explore the fundamental components that make up an Ansible system. With an understanding of the basic concepts under our belts, I'll discuss the high level use cases that Ansible is well suited for. Finally, I'll share some reasons why I think Ansible is the best option available for IT automation. Let's lace up our boots and hit the trail to begin learning about Ansible.
Before you begin this article, there's a few things you need to know. In this article, I'll be demonstrating Ansible through the Linux command line. I'll be using a virtual machine running Ubuntu 20.04. You'll be able to follow along with any Fedora release newer than 22. Red Hat Enterprise Linux 7 or CentOS 7 will work as well. Finally you'll need a text editor that you're familiar with. I'll be using Visual studio code, but any text editor that can edit plain text files will do just fine.
Ansible, at is core, is a task execution engine. It exists to provide a method for operators, engineers, developers, hobbyists, or whomever, to easily define one or more actions to be performed on one or more computers. This capability represents a step beyond simply just logging into each computer in question, and manually typing out the command. These tasks can target the local system Ansible is running from, as well as other systems Ansible can reach over the network. Arguably, the ability to manage remote systems is the most important aspect of Ansible. When combined with the ability to express the tasks to be performed in a simple to read text file, Ansible provides a reusable and repeatable system for managing a fleet of infrastructure. Ansible is designed to scale beyond a small handful of systems to manage. In order to efficiently address whole fleets of systems, Ansible must be able to work on multiple machines at the same time. The default operation model allows Ansible to linearly execute a list of tasks on multiple machines at once. As the set of machines complete one task, they are given the next task to complete. This is the default, or linear strategy, and allows for data generated in an action on a particular machine to be used as input data for a later task on a different machine. There are however certain times when systems need to be worked on in smaller batches in a specific order. This strategy is useful for rolling changes out in small batches into production, or minimizing the impact of an upgrade by disrupting only small portions of a service at any one time. This is the serial strategy. Instead of linearly walking through the task list, one or more hosts in batches are walked through the task list before looping back to the beginning for the next set of hosts. A third operation strategy was introduced with Ansible 2.0, in which machines complete tasks as fast as they individually can, without waiting for the rest of the hosts to complete a given task. This is known as the free strategy, and is used mostly to reduce interruption of a specific machine or service, rather than the fleet as a whole. When using the strategy, it is not possible for one host to depend on task-generated data from a different host. The Ansible project manages code contribution and software releases. It is a very popular open source project. The Ansible company was created to fund development, which was later acquired by Red Hat. It remains an open source project hosted on GitHub with a very large number of contributors to the core code, and to the modules. Ansible is written in Python, an easy to use, powerful programming language. Python's ubiquitous availability in operating systems and embedded devices along with its low barrier of entry make it a great choice for Ansible. Most modules are written in Python. The way humans direct Ansible to accomplish tasks is with YAML formatted files. YAML neatly blends human readability with machine parsing. Perfectly suited as an operator to machine interaction language for Ansible.
Ansible is a lightweight fleet management system. There only needs to be one control system where the Ansible engine is installed. The system that will manage itself and other systems in a fleet. The Ansible engine has minimal installation requirements. Python, with a few additional libraries, is all that's required for the core engine. Agent software is not required on the hosts to be managed. Agents in other automation systems are installed on the remote hosts, and told to perform functions on the hosts through its own communication protocol. This requires configuration management before you can perform any configuration management. A real chicken and egg scenario. The actions to be performed may themselves require additional software on the target hosts, but Ansible can take care of the installation of those requirements as well. Communication with target hosts defaults to SSH, a widely available and trusted communication protocol. Instructions for an action to perform, and the necessary software to perform the desired tasks, are transported over SSH. Data from the action is returned over SSH as well. If I can SSH to a target system, I can manage it with Ansible. Ansible does not require the use of a persistent state engine. Every Ansible run determines state as it goes, and adjusts as necessary given the action requirements. As there is no central authority of what the state is or should be, Ansible then can be run from any system that has access rights to the target hosts. Running Ansible only requires an inventory source for potential targets, state directives, either expressed as a single ad hoc action, or a series coded in a YAML file, and the credentials necessary to communicate with the target.
Ansible needs to be explicitly installed on the control machine, which is the machine that will be processing all of the task execution directions. Ansible requires Python 2.6 or later with support for Python 3 coming soon. Use of Microsoft Windows as a control machine is not supported. However, most other operating systems are. I'll be using Fedora 25, a Linux distribution with a supported version of Python to demonstrate the installation of Ansible.
The Ansible project provides detailed installation directions on their website. Since I'm using Fedora, I'll use the built-in package manager dnf to install Ansible. Using dnf, I can search to see if Ansible is available for install. There are a few results and the first result is the one that we want, simply Ansible. I'll install it. Dnf determines which packages should be included to satisfy Ansible requirements. These requirements are based on the default of using SSH to communicate with remote target hosts. I'll accept the install of Ansible with its dependencies with Y. Now I can check the availability of Ansible using the which command. I can see that it is available at usr/bin/ansible. I can check which version is installed by using the version argument with the Ansible executable. This output shows that I've installed Ansible version 22.214.171.124 and further, that there is a configuration file in use at etc/ansible/ansible/cfg and that the module search path is the default. Using tab completion, I can see that there are multiple Ansible-based commands available. Alternatively, I can install Ansible via Python pip in a Python virtual environment. This is useful if I want to make use of multiple versions of Ansible or if I'm operating in an environment where I do not have rights to install things in the system path. First, I'll remove the system installed Ansible. A quick check of which shows that Ansible is no longer available to me. A Python virtual environment creates an isolated Python environment in the directory of my choosing. I'll need to make sure I have the virtual env utility installed. I also know that to install Ansible via pip, I'll need to install some development tools to build parts of the Python libraries, specifically the GCC Compiler and the Open SSL development headers. If you are working with a system where you do not have root access, you can ask your administrator to install these basic tools for you. Now I'll create a new Python virtual environment named Ansible and place it in my home directory where I have write access to the file system. Next, I need to activate this environment so that my execution path is set correctly. My shell prompt has changed slightly to indicate that I'm now set to work from the Ansible virtual environment. I can verify this by checking the location of the pip command which is used to install Python packages. Now I can search for Ansible using pip. There are quite a lot of results. Many things are available to work with Ansible, but I'm interested in the core of Ansible itself so I'll pipe the output into less and then search for a line that starts with Ansible with a trailing slash and here I quickly find what I'm looking for. Alternatively, I can browse to the Python website and from here, I can search for Ansible. The first result is the package I'm looking for and I can get more information about it by clicking on it. Now I'll ask pip to install this with the install directive. At this point, Ansible should once more be available to me and I'll verify this with the which command. This time, I see it available inside of the virtual environment. I'll check the version once more and see once again, I have version 126.96.36.199. But this time, there is not a configuration file in use as I did not have write access to the etc path.