Ansible Review: How to easily automate your IT infrastructure

Introduction

Ansible is an IT automation tool, which helps in cloud provisioning, configuration management and application deployment.
Developers designed Ansible with multi-tier systems in mind, trying to realize a tool simple, easy to use and with security features provided by OpenSSL and OpenSSH.
It models a multi-node infrastructure in terms of inter-relation between the various components, not just managing one system at a time.
Ansible connects to the infrastructure’s nodes, pushing out “Ansible Modules”, executing them and removing everything when finished. All this work is done through SSH by default, but you can choose Kerberos, if you want.

Installation

Ansible can be installed from source, since his source code is available on GitHub, but it’s also already built in .deb or .rpm.
RPMs are available from yum for EPEL 6, 7, and currently supported Fedora distributions.

$ yum install ansible

If you use Ubuntu, there’s a PPA for it.

$ sudo apt-get install software-properties-common
$ sudo apt-add-repository ppa:ansible/ansible
$ sudo apt-get update
$ sudo apt-get install ansible

Users can install Ansible also using pip, the Python package manager:
$ sudo pip install ansible

Getting started

Ansible, when speaking with remote machines, assumes by default you are using SSH keys. Though this is the encouraged way, there is also the possibility to use password authentication; if so, users must just pass the --ask-pass option.

As stated in Ansible documentation, when using this tool in a “cloud”, it’s better to run it on a machine on that cloud; of course, this is just common sense, but technically you can run it also through the Internet.

First commands

On the machine you use for managing the system, edit the /etc/ansible/hosts file, putting in it a list of remote systems you must “control”. In those systems, you have to put your public SSH key, of course.
/etc/ansible/hosts is an inventory file. It has a INI-like syntax, just like this:

mail.example.com
[mywebservers]
foo.example.com
bar.example.com
[dbservers]
one.example.com
two.example.com
three.example.com
four.example.com

You can specify a different path for your inventory, or split it in more files. Do whatever you like!

Connect to your nodes

If you configured everything, it’s time to connect!
Just as an example, you can ping to all nodes with a simple:
$ ansible all -m ping
You can also override the default remote user with the -u option, or access in sudo mode with the --sudo flag. It’s all in your hand (and your mind, of course). Now your machine should be connected with all the nodes of the infrastructure, so you can interact with them. Syntax for doing this is: $ ansible all -a "/path/to/command/on/remote/machines".
For instance: ansible -a all "/usr/bin/ls".

Conclusions

Ansible is a modern tool which can can change the way in which many sysadmins manage an enterprise, distributed, system. It has a lot of features, and in the next weeks we will go more in depth in analyze them. In this short overview we showed how easy can be to set up the environment and execute a command on remote machines, but this is just a little part of what users can accomplish with this software.