Ansible’s Features and Capabilities
1. Configuration Management
Ansible is designed to be very simple, reliable, and consistent for configuration management. If you’re already in IT, you can get up and running with it very quickly. Ansible configurations are simple data descriptions of infrastructure and are both readable by humans and parsable by machines. All you need to start managing systems is a password or an SSH (Secure Socket Shell, a network protocol) key. An example of how easy Ansible makes configuration management: If you want to install an updated version of a specific type of software on all the machines in your enterprise, all you have to do is write out all the IP addresses of the nodes (also called remote hosts) and write an Ansible playbook to install it on all the nodes, then run the playbook from your control machine.
2. Application Deployment
Ansible lets you quickly and easily deploy multitier apps. You won’t need to write custom code to automate your systems; you list the tasks required to be done by writing a playbook, and Ansible will figure out how to get your systems to the state you want them to be in. In other words, you won’t have to configure the applications on every machine manually. When you run a playbook from your control machine, Ansible uses SSH to communicate with the remote hosts and run all the commands (tasks).
3. Orchestration
As the name suggests, orchestration involves bringing different elements into a beautifully run whole operation—similar to the way a musical conductor brings the notes produced by all the different instruments into a cohesive artistic work. For example, with application deployment, you need to manage not just the front-end and backend services but the databases, networks, storage, and so on. You also need to make sure that all the tasks are handled in the proper order. Ansible uses automated workflows, provisioning, and more to make orchestrating tasks easy. And once you’ve defined your infrastructure using the Ansible playbooks, you can use that same orchestration wherever you need to, thanks to the portability of Ansible playbooks.
4. Security and Compliance
As with application deployment, sitewide security policies (such as firewall rules or locking down users) can be implemented along with other automated processes. If you configure the security details on the control machine and run the associated playbook, all the remote hosts will automatically be updated with those details. That means you won’t need to monitor each machine for security compliance continually manually. And for extra security, an admin’s user ID and password aren’t retrievable in plain text on Ansible.
5. Cloud Provisioning
The first step in automating your applications’ life cycle is automating the provisioning of your infrastructure. With Ansible, you can provision cloud platforms, virtualized hosts, network devices, and bare-metal servers.
Next in our learning of what is Ansible, let us learn the Ansible architecture.
Ansible Playbooks
The real strength of Ansible lies in its Playbooks. A playbook is like a recipe or an instructions manual that tells Ansible what to do when it connects to each machine. Playbooks are written in YAML, which simplistically could be viewed as XML but human-readable. When I started using Ansible I’d never looked at YAML, but within hours I was able to write powerful playbooks. Also, there are a lot of examples online to help you while you learn.
You could have a Playbook that configures your servers according to a baseline you have defined, so they all are using the correct sshd config and central authentication. Then you use roles for specific server groups. Say you have groups for web servers, database servers, and monitoring servers. Then you decide to add a web server. When you fire off your Playbook, Ansible will install and configure the webserver. It will make sure your database server allows connections from the new server, and then add the new server to your network monitoring solution so that you are informed if the server suffers a failure in the future.
Ansible Terms:
👉Controller Machine: The machine where Ansible is installed, responsible for running the provisioning on the servers you are managing.
👉Inventory: An initialization file that contains information about the servers you are managing.
👉Playbook: The entry point for Ansible provisioning, where the automation is defined through tasks using YAML format.
👉Task: A block that defines a single procedure to be executed, e.g. Install a package.
👉Module: A module typically abstracts a system task, like dealing with packages or creating and changing files. Ansible has a multitude of built-in modules, but you can also create custom ones.
👉Role: A pre-defined way for organizing playbooks and other files in order to facilitate sharing and reusing portions of provisioning.
👉Play: A provisioning executed from start to finish is called a play. In simple words, the execution of a playbook is called a play.
👉Facts: Global variables containing information about the system, like network interfaces or operating system.
👉Handlers: Used to trigger service status changes, like restarting or stopping a service.
Ansible is a helpful tool that allows you to create groups of machines, describe how these machines should be configured or what actions should be taken on them. Ansible issues all commands from a central location to perform these tasks.
No other client software is installed on the node machines. It uses SSH to connect to the nodes. Ansible only needs to be installed on the control machine (the machine from which you will be running commands) which can even be your laptop. It is a simple solution to a complicated problem.
I am not boasting off when I say that Ansible has filled up all the holes in Configuration Management and IT Orchestration world. You will know it too when you take a look at the benefits of Ansible mentioned below:
Advantages Of Using Ansible
Simple: Ansible uses a simple syntax written in YAML called playbooks. YAML is a human-readable data serialization language. It is extraordinarily simple. So, no special coding skills are required and even people in your IT organization, who do not know what is Ansible can likely read a playbook and understand what is happening. Ansible always executes tasks in order. It is simple to install too
Agentless: Finally, Ansible is completely agentless. There are no agents/software or additional firewall ports that you need to install on the client systems or hosts that you want to automate. You do not have to separately set up a management infrastructure which includes managing your entire systems, network, and storage. Ansible further reduces the effort required for your team to start automating right away.
Powerful & Flexible: Ansible has powerful features that can enable you to model even the most complex IT workflows. In this aspect, Ansible’s batteries included approach (This philosophy means that something is self-sufficient, comes out-of-the-box ready to use, with everything that is needed) can manage the infrastructure, networks, operating systems, and services that you are already using, as Ansible provides you with hundreds of modules to manage them. Together Ansible’s capabilities allow you to orchestrate the entire application environment regardless of where it is deployed.
Efficient: No extra software on your servers means more resources for your applications. Also, since Ansible modules work via JSON, Ansible is extensible with modules written in a programming language you already know. Ansible introduces modules as basic building blocks for your software. So, you can even customize it as per your needs. For e.g. If you have an existing message sending module that sends messages in plain-text, and you want to send images too, you can add image sending features on top of it.
Ansible and Microsoft Azure
Automate Microsoft Azure simply
Chances are teams in your organization are already successfully deploying workloads in the public cloud. As more new applications are built natively for the cloud, IT leaders are looking for ways to deliver a consistent customer experience and management strategy across cloud and on-premise applications. The good news - if your IT teams are already using Ansible to describe on-premise infrastructure and applications, then you can easily use these descriptions to automate the same workloads in Microsoft Azure.
Azure supports customers’ push to a hybrid cloud in the areas of infrastructure, user identity, and management. Using Ansible to automate these Azure services gives organizations the flexibility to run workloads where they best make sense.
Automate once, Deploy anywhere
Ansible’s library of Azure modules makes it easy to provision instances, networks, and complete Azure infrastructure whenever you need, and in any region you require. For example, the same simple Playbook language you use for application deployment and on-prem automation also provisions your Azure infrastructure, applying the correct configuration.
Once you use Ansible to define your application locally, you can repeatedly deploy and redeploy the application. Re-deploying it to a different infrastructure is as straightforward as defining your Azure environment and then applying your application’s Playbook. No more surprises. Because of its power and flexibility, Ansible ensures your Azure deployments work seamlessly in a hybrid cloud configuration as easily as you build a single system.
Windows, Linux, Services, Networks AND MORE
Azure hosts a lot more than just Windows, and thankfully Ansible automates it all. Ansible has been designed for cloud deployments from the beginning, and Ansible easily allows you to provision a variety of Azure cloud services. Whether you’re building a simple 3-tier application, or a complicated set of virtual private clouds, services, and applications, your Azure environments can be described in Ansible Playbooks, and then scaled out across regions.
Ansible has modules for many different Azure capabilities, including:
🔵 Virtual Machines
🔵 Virtual Networks
🔵 Storage and Storage Accounts
🔵 Resource Groups
🔵 Security Groups
🔵 Resource Manager Templated Deployments
Ansible also has hundreds and hundreds of additional modules that help you manage every aspect of your Linux, Windows, UNIX, network infrastructure, and applications - regardless of where they're deployed.
Automating in Azure at Scale
As your Azure footprint and supporting teams grow, you will realize the need for controls to restrict users’ ability to modify certain environments. The answer is simple: Red Hat Ansible Tower gives you an enterprise framework for controlling, securing, and managing Ansible automation with a UI and RESTful API.
Ansible Tower helps teams who use Ansible with an extensive set of role-based access controls that ensures users will only have access to the Azure resources (networks, systems, security groups, etc.) that are required for their job. Plus, Ansible Tower encrypts credentials such as Azure and SSH keys so that you can delegate simple automation jobs to junior employees without giving out the (literal) keys to the kingdom.