Definition: the systems engineering practice of handling changes systematically so that a system maintains its integrity over time.
In software, this generally means ensuring the consistency of the environment in which our applications run:
- the operating system
- versions of interpreters, libraries, packages, and other services on which our stuff depends
- configuration settings and other variables that influence the behavior of our stuff and all the rest
The goal is to define the state a server should be in precisely, and put the server into that state in a deterministic way
- Historically, by hand (ideally with careful documentation)
- Ad-hoc scripting
- Infrastructure as code
I should note here that Ansible can also be used for deployment, orchestration, and provisioning , but was developed first and foremost as a CM tool, which is how we're using it at BenchPrep, and what I'll be covering here.
- Ansible is an open-source CM tool, comparable to Chef, Puppet, or Salt
- Sponsored by RedHat
- It uses SSH to connect to servers and run tasks
- No agent to install on the target machines, and no designated server
- Push-based
- Tasks are idempotent
- The DSL is declarative, not procedural
- Easy to learn (familiar tasks, human-readable config format)
brew update; brew install ansible
Fancy installation for Pythonistas:
Don't: sudo pip install ansible
pip install --user pipx
pipx install ansible
- Inventory
- Modules
- Tasks
- Playbooks
- Roles
- List of hosts to manage, in a text file.
- By IP address or DNS names
- Create groups with .ini-style square-bracket names example
- Ansible will look for
hosts
file in$PWD
and/etc/ansible/
- Can also pass inventory specifically with
-i
argument -i
allows for dynamic inventory: you can pass a script that outputs a list of hosts
- A unit of code for Ansible to execute
- Designed for some particular use: adding users, copying files, running system commands, etc
- Can be written in any language
- Idempotent
- Conforming to Ansible module API
- JSON inputs for state config
- JSON output reporting status
- There are lots already available
- The execution of a module, with args and variables set
- Loops over inventory, or a specific host, group, or pattern
- Can be executed ad hoc with
ansible
at the command line - Or combined into Playbooks, which execute a series of tasks sequentially
- The configuration language of Ansible
- Describe a set of tasks to execute sequentially
- Written in YAML
- Tasks are grouped into "plays"
- Handlers allow tasks to be run on notification of other tasks
- Playbooks can import or include other playbooks
- Variables
- defined at different levels
- used as config values
- inserted into templates
[Demo - install postgres on local vagrant box]
- Package management for configuration
- Break up config into repeatable chunks
- Encapsulate and organize tasks
- DRYs out vars, templates, etc
- Directory structure convention
- Roles can be called from playbooks
- Shared via Ansible Galaxy