Ansible Beyond Automation

Ansible is one of the fastest-growing Infrastructure as Code (IaC) and automation tools in the world. Many of us use Ansible for Day 1 and Day 2 operations. One of the best analogies to understand the phases/stages/operations is defined on RedHat's website:

"Imagine you're moving into a house. If Day 1 operations are moving into the house (installation), Day 2 operations are the 'housekeeping' stage of a software’s life cycle."

Simply put, in a software lifecycle:

• Day 0: Design/planning phase - This phase involves preparation, initial planning, brainstorming, and preparing for the project. Typical activities in this phase are defining the scope, gathering requirements, assembling the development team, and setting up the development environments. For example, the team discusses the CI/CD platform to integrate the project with, the strategy for project management, etc.
• Day 1: Development/deployment phase - This phase marks the actual development activities such as coding, building features, and implementation based on the requirements gathered in the planning phase. Additionally, testing will begin to ensure early detection of issues (in development lingo, "bugs"). 
• Day 2: Maintenance phase - This phase in which your project/software goes live and you keep a tap on the health of the project. You may need to patch or update the software and file feature requests/issues based on user feedback for your development team to work on. This is the phase where monitoring and logging (observability) play a crucial role. 

Ansible is an open-source tool written in Python and uses YAML to define the desired state of configuration. Ansible is used for configuration management, application deployment, and orchestration. It simplifies the process of managing and deploying software across multiple servers, making it one of the essential tools for system administrators, developers, and IT operations teams.

With AI, generating Ansible code has become simpler and more efficient. Check out the following article to learn how Ansible is bringing AI tools to your Integrated Development Environment: "Automation, Ansible, AI."

At its core, Ansible employs a simple, agentless architecture, relying on SSH to connect to remote servers and execute tasks. This eliminates the need for installing any additional software or agents on target machines, resulting in a lightweight and efficient automation solution.

Key Features of Ansible

Here is a list of key features that Ansible offers:

Infrastructure as Code (IaC)

Ansible allows you to define your infrastructure and configuration requirements in code, enabling you to version control, share, and replicate environments with ease. For example, say you plan to move your on-premises application to a cloud platform. Instead of provisioning the cloud services and installing the dependencies manually, you can define the required cloud services and dependencies for your application like compute, storage, networking, security, etc., in a configuration file. That desired state is taken care of by Ansible as an Infrastructure as Code tool. In this way, setting up your development, test, staging, and production environments will easily avoid repetition. 

Playbooks

Ansible playbooks are written in YAML format and define a series of tasks to be executed on remote hosts. Playbooks offer a clear, human-readable way to describe complex automation workflows. Using playbooks, you define the required dependencies and desired state for your application. 

Modules

Ansible provides a vast collection of modules for managing various aspects of systems, networks, cloud services, and applications. Modules are idempotent, meaning they ensure that the desired state of the system is achieved regardless of its current state. For example, ansible.bultin.command is a module that helps you to execute commands on a remote machine. You can either use modules that are built in, like dnf, yum, etc., as part of Ansible Core, or you can develop your own modules in Ansible. To further understand the Ansible modules, check out this topic on RedHat.

Inventory Management

Ansible uses an inventory file to define the hosts it manages. This inventory can be static or dynamic, allowing for flexible configuration management across different environments. An inventory file (.ini or .yaml) is a list of hosts or nodes on which you install, configure, or set up a software, add a user, or change the permissions of a folder, etc. Refer to how to build an inventory for best practices.

Roles

Roles in Ansible provide a way to organize and reuse tasks, variables, and handlers. They promote code reusability and help maintain clean and modular playbooks. You can group tasks that are repetitive as a role to reuse or share with others. One good example is pinging a remote server, you can move the tasks, variables, etc., under a role to reuse. Below is an example of a role directory structure with eight main standard directories. You will learn about a tool to generate this defined structure in the next section of this article.

roles/
    common/               # this hierarchy represents a "role"
        tasks/            #
            main.yml      #  <-- tasks file can include smaller files if warranted
        handlers/         #
            main.yml      #  <-- handlers file
        templates/        #  <-- files for use with the template resource
            ntp.conf.j2   #  <------- templates end in .j2
        files/            #
            bar.txt       #  <-- files for use with the copy resource
            foo.sh        #  <-- script files for use with the script resource
        vars/             #
            main.yml      #  <-- variables associated with this role
        defaults/         #
            main.yml      #  <-- default lower priority variables for this role
        meta/             #
            main.yml      #  <-- role dependencies
        library/          # roles can also include custom modules
        module_utils/     # roles can also include custom module_utils
        lookup_plugins/   # or other types of plugins, like lookup in this case

    webtier/              # same kind of structure as "common" was above, done for the webtier role
    monitoring/           # ""
    fooapp/     

Beyond Automation

Ansible finds applications in several areas. 

1. Configuration management: Ansible simplifies the management of configuration files, packages, services, and users across diverse IT infrastructures.
2. Application deployment: Ansible streamlines the deployment of applications by automating tasks such as software installation, configuration, and version control.
3. Continuous Integration/Continuous Deployment (CI/CD): Ansible integrates seamlessly with CI/CD pipelines, enabling automated testing, deployment, and rollback of applications.
4. Orchestration: Ansible orchestrates complex workflows involving multiple servers, networks, and cloud services, ensuring seamless coordination and execution of tasks.
5. Security automation: Ansible helps enforce security policies, perform security audits, and automate compliance checks across IT environments.
6. Cloud provisioning: Ansible's cloud modules facilitate the provisioning and management of cloud resources on platforms like IBM Cloud, AWS, Azure, Google Cloud, and OpenStack.

The list is not exhaustive, so only a subset of applications is included above. Ansible can act as a security compliance manager by enforcing security policies and compliance standards across infrastructure and applications through patch management, configuration hardening, and vulnerability remediation. Additionally, Ansible can assist in setting up monitoring and logging, automating disaster recovery procedures (backup and restore processes, failovers, etc.,), and integrating with a wide range of tools and services, such as version control systems, issue trackers, ticketing systems, and configuration databases, to create end-to-end automation workflows.

Tool and Project Ecosystem

Ansible provides a wide range of tools and programs like Ansible-lint, Molecule for testing Ansible plays and roles, yamllint, etc. Here are additional tools that are not mentioned in the Ansible docs:

1. Ansible Generator: Creates the necessary folder/directory structure; comes in handy when you create Ansible roles
2. AWX: Provides a web-based user interface, REST API, and task engine built on top of Ansible; Comes with an awx-operator if you are planning to set up on a container orchestration platform like RedHat OpenShift
3. Ansible VS Code extension by Red Hat: Syntax highlighting, validation, auto-completion, auto-closing Jinja expressions ("{{ my_variable }}") etc.

The Ansible ecosystem is very wide. This article gives you just a glimpse of the huge set of tools and frameworks. You can find the projects in the Ansible ecosystem on Ansible docs. 

Challenges With Ansible

Every tool or product comes with its own challenges. 

1. Learning curve:  One of the major challenges with Ansible is the learning curve.  Mastering the features and best practices can be time-consuming, especially for users new to infrastructure automation or configuration. 
2. Complexity: Initially, understanding the terminology, folder structure, and hierarchy challenges the user. Terms like inventory, modules, plugins, tasks, playbooks, etc., are hard to understand in the beginning. As the number of nodes/hosts increases, the complexity of managing the playbooks, and orchestrating increases.
3. Troubleshooting and error handling: For beginners, troubleshooting errors and debugging playbooks can be challenging. Especially, understanding error messages and identifying the root cause of failures requires familiarity with Ansible's syntax and modules, etc.

Conclusion

In this article, you learned that Ansible as an open-source tool can be used not only for automation but also for configuration, deployment, and security enablement. You also understood the features, and challenges and learned about the tools Ansible and the community offers. Ansible will become your go-to Infrastructure as Code tool once you pass the initial learning curve. To overcome the initial complexity, here's a GitHub repository with Ansible YAML code snippets to start with. Happy learning.

If you like this article, please like and share it with your network.