WHAT IS ANSIBLE ?
Ansible is an open source IT Configuration Management, Deployment & Orchestration tool. It aims to provide large productivity gains to a wide variety of automation challenges.
Ansible is the first human-readable automation language that can be read and written across IT.
No one likes repetitive tasks. With Ansible, IT admins can begin automating away the drudgery from their daily tasks. Ansible is a simple automation language that can perfectly describe an IT application infrastructure.
Automation plays a huge role in our digital transformation.
WHY ANSIBLE ?
Advantages Of Using Ansible:
- Free Tool : Ansible is an open-source tool.
- Agentless : Ansible is completely agentless. There are no agents/software or additional firewall ports that you need to install on the client systems or hosts which you want to automate.
- Easy to Learn : It’s easy-to-learn, self-documenting, and doesn’t require a grad-level computer science degree to read. Automation shouldn’t be more complex than the tasks it’s replacing.
- Simple to Understand : Ansible is written in Python and uses YAML for playbooks. Both Python and YAML are human-readable languages.
- Idempotent : Ansible keeps track of the state of resources in managed systems in order to avoid repeating tasks that were executed before. If a package was already installed, it won’t try to install it again. No matter how many times you call the operation, the result will be the same.
Ansible Controller or Management Node
- The machine where Ansible is installed, responsible for running the provisioning on the servers you are managing (known as Hosts).
Ansible basics: Ad-hoc commands, Playbooks and Inventories
- Ad-hoc commands: are command line “inline” commands that can run and return a result. These commands are associated with the ansible executable.
- Playbooks: are files that contain many plays and tasks that include multiple operations in YAML format. These are associated with the ansible-playbook executable.
- Inventories: Regardless of the way you use Ansible (ad-hoc, playbook), you will need a list of hosts that you want to manage. Inventory is an initialization file that contains information about the hosts you are managing.
ANSIBLE USE CASES
Ansible seamlessly unites workflow orchestration with configuration management, provisioning, and application deployment in one easy-to-use and deploy platform.
Your apps have to live somewhere. If you’re PXE (Preboot eXecution Environment) booting and kickstarting bare-metal servers or VMs, or creating virtual or cloud instances from templates, Ansible and Ansible Tower help streamline the process.
Ansible makes sure that the required packages are downloaded and installed in order to provision the application.
2. Configuration Management
Ansible is designed to be very simple, reliable, and consistent for configuration management. For e.g. If you want to install the new version of Tomcat on all of the machines present in your enterprise, it is not feasible for you to manually go and update each and every machine. You can install Tomcat in one go on all of your machines with Ansible playbooks and inventory written in the most simple way.
3. Application Deployment
When you define your application with Ansible, and manage the deployment with Ansible Tower, teams are able to effectively manage the entire application lifecycle from development to production.
4. Continuous Delivery
Creating a CI/CD pipeline requires buy-in from numerous teams. You can’t do it without a simple automation platform that everyone in your organization can use. Ansible Playbooks keep your applications properly deployed (and managed) throughout their entire lifecycle.
5. Security Automation
When you define your security policy in Ansible, scanning and remediation of site-wide security policy can be integrated into other automated processes and instead of being an afterthought, it’ll be integral in everything that is deployed.
Configurations alone don’t define your environment. You need to define how multiple configurations interact and ensure the disparate pieces can be managed as a whole. Out of complexity and chaos, Ansible brings order.
ANSIBLE CASE STUDY — A Real Life Usage by NASA
Business Challenge faced by NASA
NASA needed to move roughly 65 applications from a traditional hardware based data center to a cloud-based environment for better agility and cost savings. The rapid timeline resulted in many applications being migrated ‘as-is’ to a cloud environment.
Solution to this Challenge
The solution was to leverage Ansible Tower to manage and schedule the cloud environment.
How NASA is using Ansible
Ansible Tower is an enterprise framework to help you control, secure, and manage your Ansible automation at scale. Ansible Tower is a web-based interface for managing Ansible. Ansible Tower lets you launch playbooks with just a single click.
Before and After Using Ansible By NASA
While parts of the technical staff would sometimes use Ansible core for some tasks, previously NASA WESTPRIME was using shell scripts and manual SSH-based administration.
After testing, NASA decided that Ansible was the best fit for them, due to:
- Ansible does not require agents to be installed on hosts; native use of SSH
- The learning curve is very small and took less than a day to learn
- Non-technical staff can read an Ansible Playbook and know what’s happening
As a result of Ansible Tower implementation NASA have achieved the following efficiencies:
- NASA web app servers are being patched routinely and automatically through Ansible Tower with a very simple 10-line Ansible playbook.
- Ansible is also being used to re-mediate security issues and was leveraged to re-mediate both OpenSSL issues earlier this year. This not only saved time but allowed to quickly re-mediate a very daunting security issue.
- Every single week both the full and mobile versions of www.nasa.gov are updated via Ansible, generally only taking about 5 minutes to do.
- NASA has also integrated Ansible facts into their CMDB, CloudAware, for better management visibility of entire AWS inventory. As a result, it became possible to organize the inventory of AWS resources in a very granular way that was not possible before.
Result of using Ansible By NASA
As a result of implementing Ansible, NASA is better equipped to manage its AWS environment. Ansible allowed NASA to provide better operations and security to its clients. It has also increased efficiency as a team.
If we see by the numbers:
- Updating nasa.gov went from over 1 hour to under 5 minutes
- Patching updates went from a multi-day process to 45 minutes
- Achieving near real-time RAM and disk monitoring (accomplished without agents)
- Provisioning OS Accounts across entire environment in under 10 minutes
- Baselining standard AMIs went from 1 hour of manual configuration to becoming an invisible and seamless background process
- Application stack set up from 1–2 hours to under 10 minutes per stack
Automation is an essential and strategic component of modernization and digital transformation. Ansible is tool for automation. It runs on many Unix-like systems, and can configure both Unix-like systems as well as Microsoft Windows.