Ansible Automation
??This Article is based on brief about Automation powered by ANSIBLE,which is the open source automation tool by Red Hat called as Global Red Hat Ansible!! Open Source and Collaborations are the heart of Ansible Automation as its most of the modules are created with contributions from an active community and built for the people who use it every day. Ansible and its modules were made to help more people experience the power of automation so they could work better and faster together.Let's see about Red Hat Ansible,its feature and its case studies??
What is the concept behind Ansible Automation??
Ansible basically works on concept called Declarative Language in which we dont need to specify how we can complete the task ,just need to specify the what we want !! Ansible is a radically simple IT automation engine that automates cloud provisioning, configuration management, application deployment, intra-service orchestration, and many other IT needs.
Architecture of Ansible??
Ansible works by connecting to your nodes and pushing out small programs, called "Ansible modules" to them. ... Ansible then executes these modules , and removes them when finished. Your library of modules can reside on any machine, and there are no servers, daemons, or databases required.
??Inventory
An inventory is a text file that contains a list of servers or nodes that you are managing and configuring. Usually, the servers are listed based on their host-names or IP addresses.
??Playbook
A playbook is a set of configuration management scripts that define how tasks are to be executed on remote hosts or a group of host machines. The scripts or instructions are written in YAML format.
??Modules
Modules are discrete units of code used in playbooks for executing commands on remote hosts or servers. Each module is followed by an argument.The basic format of a module is key: value.
?? Plays
An ansible play is a script or an instruction that defines the task to be carried out on a server. A collection of plays constitute a playbook. In other words, a playbook is a collection of multiple plays, each of which clearly stipulates the task to be carried out on a server. Plays exist in YAML format.
??Variables
If you have a background in programming, then most likely you have used variables. Basically, a variable represents a value. A variable can include letters, numerals, and underscores but MUST always begin with letters.Variables are used when instructions vary from one system to another. This is especially true during the configuration or various services and features.
There are 3 main types of variables:
Playbook variables
Inventory variables
Special variables
??Facts
Facts are system properties gathered by Ansible when it executes a playbook on a host system. The properties include hostname, OS family, CPU type, and CPU cores to mention a few.
??Configuration Files
In Ansible, a configuration file is a file that contains different parameter settings that determine how Ansible runs. The default configuration file is the ansible.cfg file located in /etc/ansible/ directory.
?? Provisioning of Ansible ??
?? Infrastructure Platforms ??
1.Bare-metal - Underneath virtualization and cloud platforms there is always the physical server. When it's your own cloud or hypervisor system you still need to provision bare metal some of the time. Ansible integrates with many data center management tools to both invoke and enact the provisioning steps required.
2.Virtualization - Hypervisors, virtual storage and virtual networks – the transition from physical devices as the base platform has opened up increasingly diverse scenarios at previously unavailable scale. Tame the complexity with Ansible to simplify the experience of cross platform management. The large selection of ansible modules gives you the flexibility and choice to manage your diverse environment.
? Networking
Ansible Network Automation allows users to configure, validate and ensure continuous compliance for physical network devices. Ansible is the only language that can easily provision across multivendor environments, often replacing the need for manual processes that exist across network environments.
?Storage
Ansible can provision and manage the storage in your infrastructure. From software-defined storage, cloud based storage, or even hardware storage appliances, you can find a module to leverage Ansible’s common, powerful language.
?Cloud
1.Public Cloud
Ansible is packaged with lots of modules supporting services on the largest public cloud platforms. Compute, storage and networking modules allow playbooks to directly provision these services.
2.Private Cloud
One of the easiest ways to deploy, configure and orchestrate OpenStack Private Cloud is using Ansible. Ansible can be used to provision the underlying infrastructure, install services, add compute hosts, and more. Once the underlying environment is provisioned, Ansible can also be used provision resources, services, and applications inside of your cloud.
? Ansible Tower
Red Hat Ansible Tower helps you scale IT automation, manage complex deployments and speed productivity. Centralize and control your IT infrastructure with a visual dashboard, role-based access control, job scheduling, integrated notifications and graphical inventory management. And Ansible Tower's REST API and CLI make it easy to embed Ansible Tower into existing tools and processes.
?Orchestration
The idea that you have to deploy a database update prior to enabling new webserver code is an example of common ordering that can be called orchestration. This is basic, and Ansible can easily define these orders in a playbook - but it can also go beyond this pattern to provide more advanced orchestration.
Deploying a single service on a single machine can be fairly simple and you have lots of solutions to choose from. You can bake all your configuration into a virtual image, or you can run a configuration management tool . But no one deploys a single service on a single machine any more. Today’s IT brings complex deployments and complex challenges. You’ve got to deal with clustered applications, multiple datacenters, public, private and hybrid clouds and applications with complex dependencies. You need a tool that can orchestrate your complex tasks simply. We need Ansible!!.
Why Ansible?? (Compared to other Automation Tools!!)??
??Very first benefit of ansible over other automating tools is we dont need to specify the commands to perform that particular tasks like we do in other automation tools like python,bash shell scripting,perl etc.Of course, there are other alternatives to Ansible such as Puppet, Chef, and Salt. However, Ansible is mostly preferred because it is easy to use and simple to learn.The primary benefit of Ansible is it allows IT administrators to automate away the drudgery from their daily tasks. That frees them to focus on efforts that help deliver more value to the business by spending time on more important tasks.
??Other Features:
- Free: Ansible is an open-source tool.
- Very simple to set up and use: No special coding skills are necessary to use Ansible's playbooks (more on playbooks later).
- Powerful: Ansible lets you model even highly complex IT workflows.
- Flexible: You can orchestrate the entire application environment no matter where it’s deployed. You can also customize it based on your needs.
- Agent-less: You don’t need to install any other software or firewall ports on the client systems you want to automate. You also don’t have to set up a separate management structure.
- Efficient: Because you don’t need to install any extra software, there’s more room for application resources on your server.
?? Case Studies of Ansible ??
??NASA-Case-Study:
NASA stands for National Aeronautics and Space Administration. NASA is a U.S. government agency that is responsible for science and technology related to air and space. ... The agency was created to oversee U.S. space exploration and aeronautics research!! NASA is the agency of the United States government that is responsible for the nation’s civilian space program and for aeronautics and aerospace research.
Challenge Faces By NASA-
NASA WESTPRIME’s initial focus was to move roughly 65 applications from a traditional hardware based data center in a rapid time-line to a cloud-based environment. The rapid time-line resulted in many applications being migrated ‘as-is’ to a cloud environment. This allowed for NASA to gain signifcant cost savings from the change in infrastructure but did not allow for immediate cloud optimization of the applications and sites. As a result of the rapid migration requirement we had an environment spanning multiple virtual private clouds (VPCs) and AWS accounts that could not be easily managed. This resulted in scenarios where even simple things, like ensuring every system administrator had access to every server, or simple patching, were extremely burdensome
How Ansible Solved this Challenge??
To solve the problems that we had with lack of centralized management and a diverse environment, we evaluated multiple solutions and decided on an implementation of Ansible Tower. We are now leveraging Ansible Tower to manage our environment in a very organized and scheduled way. Leverage Ansible Tower to manage and schedule the cloud environment.While parts of the technical staf would sometimes use Ansible core for some tasks, previously NASA WESTPRIME was using shell scripts and manual SSH-based administration. OS level user accounts for mission critical staf are continually checked and created if missing. NASA can now say with absolute certainty that everyone who needs access has access, even if that means adding or removing a user almost instantly from all servers. NASA had also integrated Ansible facts into their CMDB, CloudAware, for better management visibility of our entire AWS inventory. As a result, they are able to organize inventory of AWS resources in a very granular way that was not possible before. Ansible is also used to ensure our environment is compliant with necessary Federal security standards as outlined by FedRAMP and other regulatory requirements.After testing, NASA decided that Ansible was the best tool for them, due to:
? Ansible does not require agents to be installed on hosts; native use of SSH
? The learning curve is very small and took less than a day to learn
? Non-technical staff can read an Ansible Playbook and know what’s happening
? Most active open source community among its competitors
Finally ,What NASA Achieved by Using Ansible ??
?
??NASA web app servers are being patched routinely and automatically through Ansible Tower with a very simple 10-line Ansible playbook.
??Ansible is also being used to re-mediate security issues and was leveraged to re-mediate both OpenSSL issues earlier this year. This not only saved us time but allowed us to quickly re-mediate a very daunting security issue.
?? Every single week both the full and mobile versions of www.nasa.gov are updated via Ansible, generally only taking about 5 minutes to do.
As a result of implementing Ansible NASA has better equipped to manage their own environment. Ansible has allowed us to provide better operations and security to NASA's clients. It has also increased the efficiency!!
Future Usage plans of ansible by NASA ??
As NASA is moving towards a more optimized environment they have strategic modernization plans that include a heavy dependency on Ansible and Ansible Tower.
?They are working on moving many applications into cycles of Continuous Integration and Deployment, which will be leveraging Ansible as the conductor of these architectures.
?In the future, Ansible will be used to manage our stack of Windows servers and perform the same magic we’ve been able to achieve in our Linux environments.
?The end goal will be for our production environment to be completely automated with system administrators only needing to SSH/ WIN RM into instances manually for troubleshooting. All other instance changes would happen exclusively through Ansible (and the occasional Cloud Formation template).
??Thanks For Reading the Article!!??