Wednesday, 20 April 2022

Ansible

 

·         Ansible is an open source CMT (Configuration Management Tool), Deployment and Orchestration tool (Orchestration tool here – means managing the infrastructure can be managed through Ansible)

·         Ansible is a product of Red Hat.

·         Very simple and powerful

·         Products of Ansible:

o   Ansible Tower (Licensed) – Beautiful UI interface – u can manage ur hosts

o   AWX Tower (OpenSource) – UI interface where u can manage hosts, supported with docker.

·         Why Ansible ?

o   For example: In Amazon, or Flipkart big billion days offer, there are millions of users logging in during those days. These sites or apps in order to manage the load of high no of users spin up more instances of their servers (for ex: of they have 5 servers, they spin up 5 more servers to manage the load of requests coming up).

o   Now along with server replication, they need the same image/copy of the server (along with same configuration) to be rolled out to be ready for use immediately.

o   Ansible will help to do this in a fraction of mins.

·         Ansible is agent-less. That is, if you want to replicate/copy/create image of ur server in 5 other nodes, and u don’t want to install Ansible in all newly created nodes. You just want to install Ansible on a master node or server and control other nodes from there, it will match ur reqt.

·         Ansible is secure (thru SSH based connection) when it communicates with other nodes.

·         Ansible connects to the host and it manages using openSSH or WinRM and run tasks by pushing out small programs called ansible modules to these hosts. Communication to linux host is SSH with port 22 enabled. (can be password less SSH or with stored password). Then only Ansible master host can interact with target host.

·         Communication to Windows host has to be using WinRM services with post no 5956. Then only Ansible master host can interact with target host.

·         Ansible is written completely in Python. In order to interact with Ansible, we will use yaml script (syntax using which we can interact with Ansible).

·         Ansible has developed many modules (ex: to create user – create user module, to interact with aws, to interact with VMWare, they have VMware module, copy file from src to target host – copy module, etc). So for each task, there is a module readily available in ansible. If u don’t have any matching module avl, then u can write ur own python script and convert that script into ur own custom module.

·         In Ansible, you normally write an Ansible Playbook in yaml (like u write shell script in Linux).

·         Ansible is idempotent – means any action performed on a host will not be repeated. It means if Ansible has created a user ‘Sanket’ on a host, and next time if the same action/module is run on that host, then Ansible will automatically chk if this user already exists or not, if yes, it will not perform any action. This will happen for all its modules (not just create user). Ansible will print in logs that ‘Ok’ (if operation is performed), if nothing is changed, then it will print no change.

·         Ansible is powerful and can deploy applications for:

o   Configuration Mgmt

o   Workflow automation

o   Network automation

o   Used to orchestrate entire application life cycle

·         Ansible is very secure. There is Ansible vault where all security related stuff is taken care, so ANsible users don’t need to worry about it.

·         Cross platform support – OS/Network devices (Physical, virtual, cloud, container)

·         Easy to manage in version control – Ansible playbooks and projects are in plain text. They are treated like source code and maintained in VCS.

·         In today’s world – developer, non-coder, linux admin, everyone would want to make use of Ansible. Developers can write their own playbook, QA person can write test cases, for managing infra - linux admin can use it. Ansible GUI is available for use for multiple users.

·         FYI à Salt – similar to Ansible, but has some differences like Salt is not agent-less. Even ‘Puppet’ is also not agent-less.

·         Ansible when installed on a master host – it can communicate to any cloud or any data center. All major clouds are supported – AWS, GCP (Google Cloud Platform), Azure, etc.

o   Once Ansible master connects to an AWS cloud (for example), u can perform multiple actions on ur AWS cloud – like spinning up new instances, autoscaling, etc – because on AWS, the ansible modules are available i.e AWS has exposed ansible modules for use. No need to install ansible in cloud.

o   Same case with VMWare. If you want to create ur own netwk, define ur own data storage, all are possible. No need of installing ansible in vmware machine.

·         In today’s IT world, most of the systems work with ticketing tool or system like JIRA or service-now for tracking requests, issues, tasks, etc. So a linux admin will think like – when I wake up in the morning and see the tickets assigned to me, I want the things to be automated. These are the servers where I need to perform patching activities or similar. So the service-now request can be picked up by Ansible, and make it work to perform ur task.

·         Ansible can interact with service-now , jira, vmware, aws, etc.

·          

·         Ansible Architecture

·         The host names on which the action is to be performed is mentioned in Ansible’s ‘Inventory’ file.

·         API – Ansbile has many modules like servicenow api, aws api, azure api, gcp api, jira api, all readily available – for tool which we want to interact.

·         Modules – Similar to above point

·         Plugins – Other custom modules or configurations u want to add, plug n play

·          

·         All instructions u have to write  in a yaml file. Once all instructions are ready, we call that file as Ansible playbook.

·         When u run the ansible playbook, it will search for inventory à that will search ur APIs à that will read and understand ur modules (which u have called in ur playbook), and once understood, ansible will perform ur tasks.

·          

·         Ansible Concepts

·         There are two types of machines in Ansible architecture

o   Control nodes (where ur Ansible is installed)

§  This machine also has copies of ur Ansible project files.

§  Control node can be admin’s laptop, a system shared by admins or a server using Ansible tower.

o   Managed nodes (tasks where they are going to be actually performed are managed nodes)

§  Hosts information is listed in inventory

§  All new nodes are added as managed nodes.

·         If master (control node) becomes down, then how to avoid single point of failure:

o   Commit the code of ur playbook in git

o   As soon as a node is down, just re-install Ansible on the new node (Ansible will be installed in mins), and then check out and build ur code and run it on that control node to avoid single point of failure.

 

·          

·         Inventory

o   Defines the collection of nodes (target/managed nodes) that Ansible will manage.

o   Hosts can also be assigned to groups which can be managed collectively.

o   Groups can contain child groups and can be a member of multiple groups.

o   Can also set variables that apply to the hosts and groups that it defines.

·         Modules

o   Each task runs a module – a small piece of code written in python, powershell or other language

o   Each module is essentially a tool in ur toolkit.

o   Ansible has 100s of ready made modules avl to perform automated tasks

o   They can act on file systems, install software or make API calls

o   Based on ur reqt, u have to pick up ur module

·         Tasks

o   U have inventory file, and u have selected a modul to perform a task.

o   For each task, u should have an ansible module for it.

o   For one task – u can call multiple modules.

o   Task means – the action items u perform on ur target host.

·         Plays

o   Ordered set of tasks which shud be run against hosts selected from ur inventory

o   Instead of writing complex scripts, Ansible user create high level plays

o   A play can perform a series (ordered set) of tasks on the host or hosts in the order specified in the play

o   Plays are written in .yml (text file).

o   Goal of a play is to map a group of hosts to some well defined roles, represented by things which Ansible calls as tasks.

·         Playbook

o   A file that contains one or more plays is called a playbook

o   In other words, A playbook is a text file that contains list of one or more plays to run in order.

·         Idempotent (Tasks, Plays, Playbook should be idempotent)

o   If the system is not in that state, the task shud be put in that state

o   If the system is already in that state, it should do nothing. For example: if to run a task, there has to be a service which has to be up (ex: jodconverter or soffice), then in the playbook mention the task of making this jodconverter up and running before performing the actual task. Ansible will not perform any action if jodconverter is already running, but if its down, it will make it up, running and then perform the next task.

o   If a task fails, abort the rest of the playbook for the hosts that had a failure.

·         All ur Ansible instructions will be executed in parallel.  For example: U have ansible playbook to 1) create user,  2)to add user to group, 3) to create a folder, 4) to create a file.  So when the playbook is run, all these tasks will be run in parallel on all ur 5 hosts. That is, 1st task of create user will be performed on all hosts in parallel, then 2nd task of adding user to group will be performed on all hosts in parallel, that way.

·         U can also change this manner of parallel execution to serial execution. That is, if u want all ur tasks to be completed on 1st host, and if its success, then go ahead and run them on other host, that also can be done.

 

·         Installing Ansible

·         Ansible needs to be installed only on the master node (control node) from which Ansible will be run.

·         Hosts that are managed by Ansible do not need to have Ansible installed.

·         Requirements are as follows for installation:

o   Control node should be Linux or Unix (where Ansible is to be installed). This control node connects to managed hosts using SSH. No need to have any special agent installed on the control node.

o   Windows is not supported for control node, although for managed nodes, its supported

o   Python2 (v2.6 or higher) needs to be installed on control node as well as managed nodes (mostly linux will have python installed).

 

·         Defining host inventories

·         Host entries can be defined in two ways :

o   Static inventory – INI text file that specifies the managed hosts that Ansible targets in its simplest form.  That is, list of host names or IP address of managed hosts, each on a single line.

o   Dynamic inventory – Ansible inventory information can be dynamically generated using info provided by external sources.

·         Reference: http://docs.ansible.com/

 



Posted by at

1 comment:

Subscribe to: Post Comments (Atom)