ANSIBLE

Automation is crucial these days, with IT environments that are too complex and often need to scale too quickly for system administrators and developers to keep up if they had to do everything manually. Automation simplifies complex tasks, not just making developers’ jobs more manageable but allowing them to focus attention on other tasks that add value to an organization. In other words, it frees up time and increases efficiency.So we use Ansile

Ansible is a Automation Tool. Ansible is an open-source software provisioning, configuration management, and application-deployment tool enabling infrastructure as code. It runs on many Unix-like systems, and can configure both Unix-like systems as well as Microsoft Windows. It includes its own declarative language to describe system configuration. Ansible was written by Michael DeHaan and acquired by Red Hat in 2015. Ansible is agentless, temporarily connecting remotely via SSH.

How Ansible Works?

Ansible works by connecting to your nodes and pushing out small programs, called "Ansible modules" to them. Ansible then executes these modules (over SSH by default), and removes them when finished. Your library of modules can reside on any machine, and there are no servers, daemons, or databases required.

The management node in the above picture is the controlling node (managing node) which controls the entire execution of the playbook. It’s the node from which you are running the installation. The inventory file provides the list of hosts where the Ansible modules needs to be run and the management node does a SSH connection and executes the small modules on the hosts machine and installs the product/software.

Beauty of Ansible is that it removes the modules once those are installed so effectively it connects to host machine, executes the instructions and if it’s successfully installed removes the code which was copied on the host machine which was executed.

Ansible Architecture

1. Modules

Modules are like small programs that Ansible pushes out from a control machine to all the nodes or remote hosts. The modules are executed using playbooks , and they control things such as services, packages, and files. Ansible executes all the modules for installing updates or whatever the required task is, and then removes them when finished. Ansible provides more than 450 modules for everyday tasks.

2. Plugins

As you probably already know from many other tools and platforms, plugins are extra pieces of code that augment functionality. Ansible comes with a number of its plugins, but you can write your own as well. Action, cache, and callback plugins are three examples.

3. Inventories

All the machines you’re using with Ansible (the control machine plus nodes) are listed in a single simple file, along with their IP addresses, databases, servers, and so on. Once you register the inventory, you can assign variables to any of the hosts using a simple text file. You can also pull inventory from sources like EC2 (Amazon Elastic Compute Cloud).

4. Playbooks

Ansible playbooks are like instruction manuals for tasks. They are simple files written in YAML, which stands for YAML Ain’t Markup Language, a human-readable data serialization language. Playbooks are really at the heart of what makes Ansible so popular is because they describe the tasks to be done quickly and without the need for the user to know or remember any particular syntax. Not only can they declare configurations, but they can orchestrate the steps of any manually ordered task, and can execute tasks at the same time or at different times.

Each playbook is composed of one or multiple plays, and the goal of a play is to map a group of hosts to well-defined roles, represented by tasks.

 5. APIs

Various APIs (application programming interfaces) are available so you can extend Ansible’s connection types (meaning more than just SSH for transport), callbacks, and more.

Ansible’s Features and Capabilities

1.   Configuration Management

Ansible is designed to be very simple, reliable, and consistent for configuration management. If you’re already in IT, you can get up and running with it very quickly. Ansible configurations are simple data descriptions of infrastructure and are both readable by humans and parsable by machines. All you need to start managing systems is a password or an SSH (Secure Socket Shell, a network protocol) key. An example of how easy Ansible makes configuration management: If you want to install an updated version of a specific type of software on all the machines in your enterprise, all you have to do is write out all the IP addresses of the nodes (also called remote hosts) and write an Ansible playbook to install it on all the nodes, then run the playbook from your control machine.

2. Application Deployment

Ansible lets you quickly and easily deploy multitier apps. You won’t need to write custom code to automate your systems; you list the tasks required to be done by writing a playbook, and Ansible will figure out how to get your systems to the state you want them to be in. In other words, you won’t have to configure the applications on every machine manually. When you run a playbook from your control machine, Ansible uses SSH to communicate with the remote hosts and run all the commands (tasks).

3. Orchestration

As the name suggests, orchestration involves bringing different elements into a beautifully run whole operation—similar to the way a musical conductor brings the notes produced by all the different instruments into a cohesive artistic work. For example, with application deployment, you need to manage not just the front-end and backend services but the databases, networks, storage, and so on. You also need to make sure that all the tasks are handled in the proper order. Ansible uses automated workflows, provisioning, and more to make orchestrating tasks easy. And once you’ve defined your infrastructure using the Ansible playbooks, you can use that same orchestration wherever you need to, thanks to the portability of Ansible playbooks.

4. Security and Compliance

As with application deployment, sitewide security policies (such as firewall rules or locking down users) can be implemented along with other automated processes. If you configure the security details on the control machine and run the associated playbook, all the remote hosts will automatically be updated with those details. That means you won’t need to monitor each machine for security compliance continually manually. And for extra security, an admin’s user ID and password aren’t retrievable in plain text on Ansible.

5. Cloud Provisioning

The first step in automating your applications’ life cycle is automating the provisioning of your infrastructure. With Ansible, you can provision cloud platforms, virtualized hosts, network devices, and bare-metal servers.

 CASE-STUDY OF ANSIBLE

Lifesum Case Study

 About Lifesum:

 Lifesum is a Stockholm-based digital health startup that offers its users a flexible platform to support and encourage a healthy, balanced lifestyle. Having already achieved over 6.5 million downloads across Europe, the Lifesum app is available on Android and iOS, and can be tailored by users and adapted to specific goals and aims, offering guidance based on individual data. Lifesum’s vision is to make people healthier and happier by helping users to forge good habits on their journey towards a better lifestyle, as well as an improved overall quality of life.

 What is their business challenge?

The Lifesum platform consists of applications for iOS, Android and web, and a joint backend API that supports them. The infrastructure is hosted on Amazon Web Services primarily using Ubuntu 12.04 LTS on application servers. We needed a simple and powerful tool for configuration management, application deployment and server provisioning. Prior to this we used another tool and various bash scripts to manage app deployments and remote commands execution. It was definitely a big problem provisioning and managing multiple environments and the differences between them.

How is Lifesum using Ansible?

Lifesum started using Ansible in February 2014. Shortly after that every back-end and frontend engineer at Lifesum was using Ansible playbooks to automatically spin up virtual development machines with Vagrant. Our goal was to ensure that everyone had exactlythe same working environment as we deploy our applications regularly. Three months later all our environments, from developer’s laptops to production instances on Amazon, were fully Ansible managed. We use AWS Auto Scaling and pre-bake Amazon AMI images with Ansible provisioning playbooks. When EC2 instances are launched by Auto Scaling, Ansible, triggered by cloud-init, runs provisioning playbooks, once again ensuring up to date configuration changes are applied, and pulling the latest applications versions from repositories. Ansible has helped us to automate, significantly simplify and speed up the process of dynamic resources scaling. They also make use of a limited set of tasks, from provisioning playbooks, to power one command application deployments. Ansible roles and playbooks are reused in various scenarios. Ansible has also aided us in ad-hoc remote commands, both across the whole infrastructure, and in specific environments, such as minor configuration changes and services administration.

What technology or products did they use in the past to solve this problem, if any?

They previously used Fabric to manage the deployments.

What are their results with Ansible?

We had limited experience with configuration management tools and Ansible shined among competitors with its power and simplicity. It allowed us to focus on getting things done well in a timely and reliable manner, instead of spending time learning to use the tools. Agentless design allowed quick adoption. Our main programming language is Python and Ansible being written in Python was a nice bonus.

 Application deployments became an easy and smooth process. Every developer at Lifesum runs deployments today with Ansible instead of having a release manager handling a complex procedure. We deploy as many times per day as w e wish androllback fast when needed.

 The greatest thing about Ansible and having infrastructure as code is that every instance can be rebuilt and reconfigured within minutes instead of hours. All this using a self-documented, repeatable process with guaranteed immutability. Developers can focus on building and delivering great product features instead of solving inconsistencies, misconfigurations and software version problems, thanks to the Ansible provisioner in Vagrant. As we integrated Ansible into the bootstrapping procedure of EC2 instances, I stay assured that configuration of every instance looks exactly as desired and Auto Scaling can spin up new machines rapidly.

Do they have plans to use Ansible moving forward?

Without doubt. Ansible is an essential tool in everyday work for us. They are currently working on taking things to the next level and utilizing an extensive set of Ansible cloud modules to orchestrate and configure our complete Amazon infrastructure and services.

NASA Before And After - ANSIBLE

As a result, NASA has achieved the following efficiencies:

? NASA web app servers are being patched routinely and automatically through Ansible Tower with a very simple 10-line Ansible playbook.

? Ansible is also being used to re-mediate security issues and was leveraged to re-mediate OpenSSL issues. This not only saved time but allowed to quickly re-mediate a very daunting security issue.

? Every single week, both the full and mobile versions of www.nasa.gov are updated via Ansible, generally only taking about 5 minutes to do.

? OS level user accounts for mission critical staff are continually checked and created if missing. Now, everyone who needs access has access, even if that means adding or removing a user almost instantly from all servers.

? NASA has also integrated Ansible facts into their CMDB, CloudAware, for better management visibility of entire AWS inventory. As a result, it became possible to organize the inventory of AWS resources in a very granular way that was not possible before.

Ansible is also used to ensure that the environment is compliant with necessary Federal security standards as outlined by FedRAMP and other regulatory requirements.

Results:

As a result of implementing Ansible, NASA is better equipped to manage its AWS environment. Ansible allowed NASA to provide better operations and security to its clients. It has also increased efficiency as a team.

If we see by the numbers:

? Updating nasa.gov went from over 1 hour to under 5 minutes

? Security Patching updates went from a multi-day process to 45 minutes

? Achieving near real-time RAM and disk monitoring (accomplished without agents)

? Provisioning OS Accounts across entire environment in under 10 minutes

? Baselining standard AMIs (Amazon Machine Image) went from 1 hour of manual configuration to becoming an invisible and seamless background process

? Application stacks set up time reduced from 1-2 hours to under 10 minutes per stack.

AMELCO

Amelco is a UK-based company that develops software solutions for the betting industry and financial betting markets. The business was looking for a way to deploy its applications efficiently across its hundreds of different environments, and it also sought to limit downtime. To do this, Amelco performed an Ansible migration to an agentless automation framework. This reduced the complexities it faced with the deployment, operations and the upgrade of applications over a range of contrasting locations, while also using one simplified language.

In addition, by introducing Ansible and Ansible Tower, Amelco has successfully automated its application deployments. Other benefits include reduced complexity and continuous delivery, along with speed solution delivery.

Further benefits include:

“Faster time to deployment for its bespoke and modular client solutions, resulting in speedier time to market and higher customer satisfaction”.

 “A simplified and repeatable deployment process, leveraging true multi-tier, multi-step orchestration that minimized the complex dependencies of heterogeneous environments,”.

THANKS FOR READING !!!