Suppose you have created a hit app and are getting millions of hits everyday & now your application gets down. After root cause analysis, you got to know that it's because of the current infrastructure configuration. Now you have decided to update the infrastructure because the current configuration could not handle the workload. You thought of provisioning server Infrastructure to make your application make the user experience better & while configuring infrastructure, you want to make sure provisioning is fast & the same configuration is done on the other host servers. The manual configuration will be slow and error-prone.
To make configuration done in an efficient manner Infrastructure as code in the picture. Infrastructure as code (IaC) is the key that will provision the infra and make infrastructure configuration & orchestration easy for you in an effective way.
In this blog, we will dive into Ansible, an IaC tool. You will get to know what is Ansible, how it works to get better clarity on how it can help you in your infrastructure handling & provisioning?
What is Ansible?
Ansible is an open-source configuration management tool that helps you get a desired state of infrastructure and crush the complexity of infrastructure scaling and automate the whole process of infrastructure provisioning & configuration by handling all this with the help of code. It can handle any scale of infrastructure, as small as defining a package that needs to be installed on a system & as large as setting up a multi-tier orchestration.It helps you not only in the setup of infrastructure but also define infrastructure configuration to be implemented.
A set of operating principles, and a collection of practices that enable application development teams to deliver changes more reliably and regularly. Click to explore about, Continuous Integration and Continuous Delivery
What are the Goals of Ansible?
Simplicity as it is relevant to all whether it is developers, IT managers etc.
Ease of use.
Strong focus on Security as Security is our major concern.
Reality as all the work done should be reliable.
Usage of openSSH for transport.
Why Ansible is important?
Ansible is appropriate for managing all environments from setups with limited instances to enterprise environments with many thousand of instances.
Ansible manages machine in agent less manner.
Ansible is decentralized, it relies on existing OS credentials to control access to remote machines.
Ansible uses openSSH and it one of the most peer reviewed open source components, security exposure is greatly reduced.
Ansible manages remote machines.
Ansible is very useful when you have as the server's manual configuration, will be a tedious task. Through Ansible, we can ensure the configuration is precisely done. Not just that, It helps you in many ways stated ahead:
Configuration Management: It provides you control at a granular level which is required Handel enterprise-level infra where H/W & S/W information is recorded in detail, and consistency in configuration management is crucial.
Application Deployment: It can manage application management from development to production in the simplest manner with very few changes.
Orchestration: with the help of Ansible, we can define how infra configuration is to be done as a whole, not just restricted to a single server.
Security & Compliance: Wide security policy can be deployed with the help of Ansible to ensure the server's best practices and hardening.
Container Management technology has enabled Big Data Pipelines implementation.. Click to explore about, Infrastructure Automation for Big Data and Kubernetes
What is Ansible's architecture?
Before understanding Ansible working, let's get familiar with the terminology used in Ansible.
Controller Machine: Machine where Ansible is installed.
Ansible Playbooks - The real strength of ansible is that it all lies in its playbooks. A playbook is like a recipe or an set of instructions which tells Ansible what work it has to do when it connect to new machine. Playbooks are written in YAML, which simply could be viewed as XML.. For Example - if we have a group of web servers, database servers and monitoring servers and if we decide to add a web server then we will fire our playbook which is set of instructions, ansible will then install and configure web server and will make sure that our database allows connection from the new server and then it will add new server to our network monitoring solution.
Ansible Tasks: Procedure to be executed by Ansible.
Ansible Inventory: Information of servers(IP address and alias) to be managed.
Ansible Play: playbook contain plays. Plays are generally a group of tasks that are performed on defined hosts to perform defined functions.
Ansible Roles: It lets you automatically load related vars_files, tasks, and Ansible artifacts based on a known file structure. Once you group your content into roles, It gets easy to share and reusable. Roles are organizational components that can be assigned to set of hosts to organise tasks.
Module: Predefined commands executed directly on remote hosts
Handlers - Handlers are similar to tasks except that a handler will be executed only when it is called by an event.
Templates - Templates are files based on Python’s Jinja2 template engine and have .j2 extension
How Ansible Works?
Ansible is written in python. It works by connecting remote hosts via ssh mentioned in the inventory file. It uses a push mechanism to connect to the host and push out the small programs known as ansible modules that run the plays & tasks defined in the client's playbook over ssh.
The node on Which Ansible is installed is the controlling node, also known as the Ansible management node, which controls the entire playbooks' execution. After installation, it removes modules used. Let us look deeply how Ansible works?
There are many use cases but this is one of the most common ways most people use Ansible. So here we have the non ansible way so we have a user and an admin and admin is maintaining four servers the three servers are web servers and one of the server is a database.
So, admin wants to install Tomcat then the admin will have to install Tomcat on server one. Then install Tomcat on server two and install Tomcat on server three and then install MySQL on the database server, so basically the admin has to repeat all the steps again and the chances are here that he or she can make a mistake and the server's may not look same so, there comes ansible tool which makes life easier.
Admin instead of issuing commands to the server's individually, will issue a command to one machine and that machine will communicate with the other machines so admin can just issue one command say install Tomcat on all the web servers and then this machine will actually go ahead and install Tomcat on the other machines in our infrastructure and then the admin can say issue a command call say install MySQL and then the machine will go ahead and install MySQL on the database server so here the task of admin is reduced the admin doesn't have to maintain multiple machines.
DevOps’s goal is to generate automation and integration, its real-world implementation is a bit challenging. Click to explore about, Top Six Challenges in DevOps Adoption
Now imagine a case if a company has 40 web servers and you don't have to like install Tomcat on all 40 machines manually but you just have to issue a command once and then let ansible do the rest for you for that. Ansible uses two major files and to begin with there is an inventory file and there is a playbook. So, inventory file as the name suggests contains an inventory list.
This file consists of a group or a label and then IP addresses and then there is a group for database servers which contains the list of database servers. That way we have grouped our web servers and database servers so then using this inventory file we can issue command saying okay now install Tomcat on the web server, then Ansible will look in this inventory file and look at the web server IP addresses and then issue commands to those particular servers.Let's look at playbook.
Now, the playbook consists of multiple plays and each play consists of tasks. It contains multiple plays. The playbook is in Yaml format. So it starts with three dashes always and then each play consists of a dash. So here we there is one play and then we have target over here which is the web server, So we are targeting this play on web servers and then a playbook consists of multiple tasks each task has a name.
So over here we are going to run multiple tasks on our web servers and is at the latest version that's one of the tasks and thenll run the commands for the tasks and then there is another another task which says write the Apache config file and then run the commands for that and then there is another task which says ensure Apache is running and then we'll write the commands of how will ensure that Apache is running.
So these are multiple tasks inside a play then we can write another play after this and which could be saying install mysql on the database servers and ensure it's up and running so basically to recap again a playbook consists of multiple plays and each play consists of multiple tasks.
- Once you install Ansible, it will not add database automatically and there will be no daemons to be started or running. A Daemon is a computer program that runs as a background process rather than under the direct control of an interactive user. Ansible is written in python language, so its need to be installed on the remote host.
An object-oriented programming language. It provides support to functional programming. Click to explore about, Continuous Delivery Pipeline for Scala
What Version to Pick? As it does not require any installation on remote machines, users generally took development version. As release cycle of ansible is generally four months long , minor bugs get fixed in next release cycle and major bugs in more release cycle called as maintenance releases.
Cost of Ansible - Ansible is an open source software and its free to use and it runs on linux operating system, however it has a paid version which is an enterprise product called ansible tower.
The first tests - After the installation of the ansible, we have to install some hosts to the inventory file from which we have to connect with,typically /etc/ansible/hosts. By default a connection will be made with ssh keys. To test, we can just ping all or if we want to ping with a group, we can specify the group name.
Command to ping is -
ansible all -m ping
ansible all -m ping -u deploy
I am Sunil kumar, Please do follow me here and support #devOps #trainwithshubham #github #devopscommunity #devops #cloud #devoparticles #trainwithshubham
Connect with me over linkedin : linkedin.com/in/sunilkumar2807