Skip to main content

Ansible

ansible_logo

https://docs.ansible.com/ansible/latest/index.html

Ansible is an automation tool created to manage multiple machines at once. It's capable of configuring systems, deploying software, and orchestrating advanced tasks like continuous deployment and continuous updates.

  • Very popular among sysadmins and devops.

  • Very complete documentation, considered one of the most detailed available.

  • Very short learning curve.

  • Strong focus on security and simplicity.

  • Uses SSH protocol and YAML language (simple).

  • Easy to maintain.

  • Doesn't require agents installed on instances, which is its biggest differentiator compared to Chef and Puppet.

  • Decentralized, but can connect with Kerberos, LDAP and other centralized authentication systems.

  • Good for managing few or many instances. Not necessarily only machines, but anything that accepts SSH like a switch, router, load balancer, etc.

  • Idempotence, that is, it guarantees that an already executed task will not be executed again, which is an advantage over scripts for example.

  • Use of templates by variable substitution using Jinja.

Pros and Cons

  • Doesn't guarantee that the configuration is active on all machines, so using it in a fleet of machines is not the best option. Of course there are solutions for this like using ansible tower which is paid to enhance its use, but it's not the best choice.

  • Good to be combined with other tools like terraform.

  • A very interesting thing is that we need to work with idempotency. This means that if you run a script multiple times the result will always be the same. For example if you asked to create a user running a script and then ran the script again it won't create twice.

Folders

The root folder of this project contains an ansible study with some considerations based on the repository contained in study-ansible.

Installation

Ansible is developed in Python so it can be installed with pip if you want, but I personally prefer installing the binary directly.

Since it's an open source system you can even compile the code if you want.

The documentation is so good that it's not even worth rewriting. But to summarize, you can install using your Linux distribution's package manager, or Brew on Mac and Chocolatey on Windows, just see in the link below. https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html

Version used during the study was 2.10.17

~/projects/ansible/study-ansible main !1                                                                1.1.7 00:27:24
❯ ansible --version
ansible 2.10.17
  config file = None
  configured module search path = ['/home/david/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  # python module path
  ansible python module location = /home/david/.asdf/installs/ansible-base/2.10.17/venv/lib/python3.10/site-packages/ansible
  # which binary it will execute
  executable location = /home/david/.asdf/installs/ansible-base/2.10.17/bin/ansible
  # python version
  python version = 3.10.2 (main, Mar 14 2022, 20:47:39) [GCC 11.2.0]

The general Ansible configuration file usually appears in /etc/ansible/ansible.cfg and this comes fully commented, only as an example.

The search order for this file is:

  • 1 in environment variables if ANSIBLE_CONFIG is set.

  • 2 in the current directory looking for ansible.cfg file

  • 3 in the home directory ~/.ansible.cfg

  • 4 in /etc/ansible/ansible.cfg

Config file example

Documentation

Hosts file example

Note that in the example it has a commented inventory line that points to /etc/ansible/hosts which is the file that defines which machines ansible knows.

It's worth remembering that ansible only needs to be installed on the control machine, but client machines need to have Python installed.

About community modules

The galaxy page should always be checked to see if the module needs anything extra.

For example, the aws galaxy module can be installed with the following command.

ansible-galaxy collection install community.aws

Additionally if you check the documentation on aws ansible.

pip install boto3

To remove a collection it must be deleted directly by removing its folder. There is not yet a parameter to remove collections using galaxy-ansible.

rm -rf ~/.ansible/collections/ansible_collections/collectionname

There's an interesting collection that can be very useful for kubernetes

ansible-galaxy collection install kubernetes.core

Extras

To help improve playbook code (sequence of Ansible commands in YAML language) we'll use ansible-lint. Installation is simple but requires python3 installed. Check the project page for best information.

pip3 install ansible-lint

Tip

Whenever in the hosts file you define the interpreter don't point to /usr/bin/python, but only to python, so it picks up the interpreter that's in the path.

[all:vars]
ansible_python_interpreter=python