Application

Ansible

DevOps software that handles the infrastructure of the backend through automation. Ansible's main function(s) operate through a "playbook" system that exectues a collection of commands for the system admin, which becomes a pillar within the IaaC environment.

KBVE Team

Feb 30th, 2024

Information

Automation software that enables IaC - also known as, infrastructure as code, thus allowing user to provision, configure, deploy and secure a whole array of software, applications and machines.

With Ansible, you can automate complex IT tasks with minimal effort and maximum efficiency. Ansible lets you manage systems, deploy applications, and coordinate workflows with simple and powerful modules. Ansible is a versatile and secure automation tool that harnesses the power of open source, Python, and SSH to connect and automate your devices. The software / application works by connecting to your devices by sending out tiny programs called modules that perform your tasks with precision and speed. Ansible can help you automate provisioning, configuration management, application deployment, and many other manual IT processes

Metaphor for Ansible

Think of it like:

  • Ansible is like a remote control that lets you manage your devices with the push of a button.
  • Ansible is like a chef that prepares a delicious meal using different ingredients and recipes.
  • Ansible is like a conductor that orchestrates a symphony of servers and applications.

Ansible described for a 5yr old!

Ansible is a tool that helps people do things with computers. Sometimes people have many computers and they want to do the same thing on all of them. For example, they might want to make them play a game, or show a picture, or talk to each other. Doing the same thing on many computers can be hard and boring. Ansible makes it easy and fun and has a list of things that people want to do with computers. It can read the list and do the things one by one and then also check if the things are done correctly. Ansible can talk to different kinds of computers and tell them what to do. Think of Ansible like a friend that helps people with computers.


Install

To install Ansible, you need two machines: a control node and a managed node. The control node is where you run Ansible commands and playbooks, and the managed node is where Ansible performs the tasks. The control node can be any UNIX-like machine with Python 3.9 or newer installed, while the managed node can be any device that supports Python 2.7 or newer and SSH or PowerShell remoting.

Depending on your operating system, you can install Ansible from different sources. For example, on Ubuntu, you can use the apt package manager to install Ansible from the official repositories. On Windows, you can use Windows Subsystem for Linux (WSL) to install Ansible from PyPI using pip / pip3. You can also install Ansible from source code if you want to use the latest development version.

After installing Ansible, you need to configure it by setting up the inventory file that lists the managed nodes and their connection details. You can also customize and fine-tune other settings in the ansible.cfg file or by using environment variables or command-line options. To confirm that Ansible is installed and configured correctly, you can run the ansible command with the ping module to test the connectivity and responsiveness of your managed nodes.

Need extra installation help?

Ask our support team? or visit our Discord

If you need help with Python, read our docs


Playbook

An Ansible playbook is your automation blueprint written in YAML/JSON. It tells Ansible what to do, where to do it, and how to do it. With a playbook, you can transform your IT tasks into simple and repeatable steps that run on any number of hosts. Whether you need to install software, configure settings, run commands, or anything else, an Ansible playbook will make it happen in a snap.

Playbook Examples

Let me dazzle you with an example of a playbook that I borrowed from the Ansible documentation.

- name: Update web servers
  hosts: webservers
  remote_user: root
  tasks:
    - name: Ensure apache is at the latest version
      ansible.builtin.yum:
        name: httpd
        state: latest
    - name: Write the apache config file
      ansible.builtin.template:
        src: /srv/httpd.j2
        dest: /etc/httpd.conf

- name: Update db servers
  hosts: databases
  remote_user: root
  tasks:
    - name: Ensure postgresql is at the latest version
      ansible.builtin.yum:
        name: postgresql
        state: latest
    - name: Ensure that postgresql is started
      ansible.builtin.service:
        name: postgresql
        state: started

This playbook has two plays. The first one updates the web servers by installing the latest version of apache and writing a config file. The second one updates the database servers by installing the latest version of postgresql and starting the service. Each play has a name, a list of hosts to target, a remote user to execute the tasks, and a list of tasks to perform. Each task has a name and a module to call with some parameters.


Minecraft Server Update Playbook

- name: Update Minecraft server
  hosts: minecraft
  vars:
    minecraft_version: latest
    minecraft_url: https://s3.amazonaws.com/Minecraft.Download/versions
    minecraft_home: /srv/minecraft
  tasks:
    - name: Get latest Minecraft version
      uri:
        url: "{{ minecraft_url }}/latest.json"
        return_content: yes
      register: latest_version
      when: minecraft_version == "latest"

    - name: Set Minecraft version
      set_fact:
        minecraft_version: "{{ latest_version.json.id }}"
      when: minecraft_version == "latest"

    - name: Check if Minecraft server jar exists
      stat:
        path: "{{ minecraft_home }}/minecraft_server.{{ minecraft_version }}.jar"
      register: jar_file

    - name: Download Minecraft server jar
      get_url:
        url: "{{ minecraft_url }}/{{ minecraft_version }}/minecraft_server.{{ minecraft_version }}.jar"
        dest: "{{ minecraft_home }}"
      when: not jar_file.stat.exists

    - name: Restart Minecraft service
      systemd:
        name: minecraft
        state: restarted
      when: not jar_file.stat.exists

This playbook is composed of four parts:

  • The name of the playbook, which is Update Minecraft server.
  • The hosts that the playbook will run on, which are the ones in the minecraft group in the inventory file.
  • The variables that the playbook will use, such as minecraft_version, minecraft_url, and minecraft_home.
  • The tasks that the playbook will execute, such as getting the latest Minecraft version, downloading the server jar file, and restarting the Minecraft service.

Each task has a name, a module to use, and some parameters for the module. Some tasks also have a condition (when) that determines when they will run. For example, the task Download Minecraft server jar will only run if the jar file does not exist in the minecraft_home directory. The playbook uses the register keyword to store the output of some tasks in variables, such as latest_version and jar_file. These variables can be used in later tasks or conditions and this playbook could be expanded to include file checks with hashing.


Modules

tldr; Ansible has a large collection of modules that can be used for various tasks and purposes.

Cloud Modules

Cloud modules can be used to interact with different cloud providers, such as AWS, Azure, Google Cloud, etc.

The cloud modules within Ansible are a set of modules that can be used to interact with different cloud providers and services. They allow you to provision, configure and manage cloud resources, such as virtual machines, networks, storage, databases, etc.

AWS Modules

These modules can be used to work with Amazon Web Services (AWS), such as EC2, S3, CloudFormation, etc. For example, you can use the ec2_instance module to create and manage EC2 instances on AWS.

Azure Modules

With these modules, you have full control over your Microsoft Azure resources, whether they are VMs, Storage, Network or anything else. For example, you can use the azure_rm_virtualmachine module to create and manage Azure virtual machines.

GCP Modules

You can work with any Google Cloud Platform service with these modules, such as Compute Engine, Storage, Network and more. The gcp_compute_instance module is an example of how you can achieve your goals with GCP servers using Ansible.

Official Documentation on GCP Compute Instance module


Create GCP Instance

Creating a compute instance with a specific name, zone, machine type, image and network:

- name: create gcp instance
  google.cloud.gcp_compute_instance:
    name: test_object
    zone: us-central1-a
    machine_type: n1-standard-1
    disks:
      - auto_delete: true
        boot: true
        source: "{{ disk }}"
    network_interfaces:
      - network: "{{ network }}"
        access_configs:
          - name: External NAT
            nat_ip: "{{ address }}"
            type: ONE_TO_ONE_NAT
    state: present

This example creates a compute instance with a specific name, zone, machine type, image and network. It uses the state: present parameter to indicate that the instance should exist. It also specifies the disks and network_interfaces parameters to configure the disk and network settings of the instance. The disk and network variables are assumed to be defined elsewhere in the playbook or inventory.

Delete GCP Instance

Deleting a compute instance with a specific name and zone:

- name: dlete gcp instance
  google.cloud.gcp_compute_instance:
    name: test_object
    zone: us-central1-a
    state: absent

For this task, it deletes a compute instance with a specific name and zone. It uses the state: absent parameter to indicate that the instance should not exist. It does not need to specify any other parameters, as the name and zone are enough to identify the instance to delete.

Update GCP Instance

Updating a compute instance with a new machine type and labels

- name: update gcp instance
  google.cloud.gcp_compute_instance:
    name: test_object
    zone: us-central1-a
    machine_type: n1-standard-2
    labels:
      env: prod
      webserver: nginx
    state: present

The update example performs the task of updating a compute instance with a new machine type and labels. It uses the state: present parameter to indicate that the instance should exist. It also specifies the machine_type and labels parameters to change the machine type and labels of the instance. The machine type determines the CPU and memory resources of the instance, and the labels are key-value pairs that can be used to organize and filter instances. Any other parameters that are not specified will remain unchanged.


OpenStack Modules

OpenStack modules can be used to work with OpenStack, an open source cloud platform that provides infrastructure as a service (IaaS). The os_server module is an example of how you can have full control over your OpenStack servers.


Network Modules

You can configure and manage any network device with these modules, such as routers, switches, firewalls and beyond.

System Modules

With these modules, you have full control over your system resources, whether they are users, groups, files, directories, services, packages or anything else.

Database Modules

Employing these modules, you have full control over your database servers and objects, from MySQL and PostgreSQL to MongoDB and more.

Windows Modules

Windows modules can be used to manage Windows systems and applications, such as Active Directory, IIS, PowerShell, etc. For example, you can use the win_service module to manage Windows services.


AWX

tldr; AWX is a web-base RESTFul API and task engine that operates on top of Ansible, thus enabling you to automate certain aspects of the IT/DevOps.

AWX is an open source project that gives you a sleek and modern web-based user interface, a powerful and flexible REST API, and a robust and scalable task engine to work with Ansible. It is the upstream project of Red Hat Ansible Automation Platform, which is a premium solution that offers additional features and support for enterprise customers. With AWX, you can easily manage your Ansible playbooks, inventories, credentials, and vaults in a collaborative and secure way among your team members. Moreover, AWX empowers you to plan and run your Ansible playbooks on your managed nodes with speed, efficiency and dependability; you can set up custom schedules, workflows, notifications, and callbacks to automate your Ansible operations and monitor their outcomes. In conclusion, AWX gives you full control and visibility over your Ansible playbooks and their execution.

AWX Repo

The official Repository for AWX - Ansible.

The AWX repository is a GitHub repository that contains a treasure trove of source code and other resources.


AWX Terraform

More information on Terraform

Terraform AWX Provider from Denouche.

By using AWX and Terraform together, you can leverage the power and flexibility of Ansible to manage your AWS resources with ease and efficiency. The Two tools that can be used together to automate IT infrastructure.

Example Usage - With Username/Password:

provider "awx" {
    hostname = "http://localhost:8078"
    username = "kbvetest"
    password = "changemepassword"
}

Example Usage - With Token:

provider "awx" {
  hostname = "http://localhost:8078"
  token    = "awxtoken"
}

Remember that if you set both (username/password) and (token), then the (token) will have precedence.


Cheatsheet

tldr; Commands that will make it easier operate ansible scripts / playbooks. This cheatsheet is still a work-in-progress.

An Ansible cheatsheet is a quick and handy reference guide that provides examples and tips on how to use Ansible command line tools and playbooks, thus enabling you to unleash the power of Ansible! With an Ansible cheatsheet at your fingertips, you can breeze through a variety of tasks that would otherwise be tedious and time-consuming. Whether you need to test the connectivity to your nodes, switch to a different user, use a custom SSH key, use password-based authentication, run ad-hoc commands, create and run playbooks, use modules and roles, or anything else, an Ansible cheatsheet will make your life easier and more fun.


KBVE Copyright ©