Skip to content

Commit

Permalink
docs(ansible): explored ansible and configuration management
Browse files Browse the repository at this point in the history
  • Loading branch information
@shaikahmadnawaz
shaikahmadnawaz committed Oct 6, 2024
1 parent 6ca9871 commit 4c3b055
Showing 1 changed file with 348 additions and 0 deletions.
348 changes: 348 additions & 0 deletions ansible/ansible.mdx
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,348 @@
# **Configuration Management**

1. **What is Configuration Management?**

- A process that manages and maintains systems’ configurations to ensure consistency and control over infrastructure.

2. **Importance:**

- **Consistency**: Ensures systems are in a known, predictable state.
- **Automation**: Speeds up deployments and reduces manual errors.
- **Disaster Recovery**: Enables quick recovery of systems after failure.
- **Version Control**: Tracks changes, enabling rollbacks and audits.

3. **How it Works:**

- Define desired system state.
- **Push/Pull Model**: Systems receive configurations via push from a central server or pull updates periodically.
- Enforces desired state to prevent **configuration drift**.

4. **Popular Tools:**

- **Ansible**, **Puppet**, **Chef**, **Terraform**, **SaltStack**.

5. **Best Practices:**

- Use **version control** for configurations.
- Standardize configurations across environments.
- Automate patch management and security enforcement.
- Regularly test and document changes.

6. **Challenges:**
- Managing **configuration drift**.
- Handling complexity in large environments.
- Integrating with legacy systems.

---

# **Ansible**

1. **What is Ansible?**

- Ansible is an open-source **configuration management** and automation tool.
- It’s **agentless**, relying on SSH or WinRM for communication with managed nodes.
- Uses **YAML** files called "Playbooks" to define automation tasks.

2. **Key Features:**

- **Idempotent**: Ensures tasks only apply changes when needed.
- **Modules**: Pre-built scripts for managing configurations (e.g., packages, services).
- **Inventory**: Defines the systems (hosts) to manage.
- **Roles**: Organizes playbooks into reusable components.

3. **Advantages:**

- Easy to learn, minimal overhead.
- Agentless, reducing system dependencies.
- Great for both **orchestration** and configuration management.

4. **Use Cases:**
- Server provisioning.
- Application deployment.
- Network automation.
- Security and compliance enforcement.

---

# **Puppet vs. Ansible: A Quick Comparison**

| **Criteria** | **Puppet** | **Ansible** |
| -------------------- | ----------------------------------------------- | ----------------------------------------------- |
| **Agent** | Requires agents on nodes | Agentless (uses SSH) |
| **Language** | Puppet DSL (declarative) | YAML (easy, human-readable) |
| **Architecture** | Client-server (Pull-based) | Push-based model |
| **Setup** | More complex, requires server | Simpler, no server needed |
| **Use Cases** | Large-scale enterprise configuration | Versatile for config management & orchestration |
| **Learning Curve** | Steeper | Easier (due to YAML) |
| **Platform Support** | Primarily Linux, with agent support for Windows | Supports Linux, Windows, network devices |

### **Key Differences:**

- **Puppet**: Best for large, complex environments with a pull-based model.
- **Ansible**: Easier to use, agentless, and suitable for both config management and automation tasks.

---

### **Ansible Overview**

**Ansible** is an open-source automation tool used for configuration management, application deployment, task automation, and orchestration. It helps manage infrastructure by simplifying the deployment process and ensuring that systems are in a consistent state.

---

### **Key Features of Ansible:**

1. **Agentless:**

- Ansible operates without the need for an agent to be installed on the managed nodes. It uses SSH (Linux) or WinRM (Windows) to communicate with nodes.

2. **Declarative Language:**

- Ansible uses YAML (Yet Another Markup Language) to define playbooks. It follows a declarative approach, meaning you declare the desired state of your system, and Ansible ensures it reaches that state.

3. **Idempotency:**

- Ansible ensures that tasks are idempotent, meaning they only apply changes if required. This avoids unnecessary re-execution of tasks.

4. **Modules:**

- Ansible has a wide variety of built-in modules that enable it to perform various system tasks, such as file management, package installation, and service management.
- Custom modules can be written if needed.

5. **Playbooks:**

- Playbooks are the heart of Ansible’s configuration management, defining configurations, deployments, and orchestrations. They are written in YAML and consist of plays, which define tasks to be executed.

6. **Inventory:**

- Ansible uses an inventory file to define the list of managed nodes. This file can be static or dynamic.
- The inventory can group nodes based on roles, locations, or environments (e.g., development, production).

7. **Easy to Learn:**

- Since it uses simple YAML files and does not require installing agents, Ansible is easy to learn and use.

8. **Extensible:**
- Ansible can be extended using plugins and custom scripts.

---

### **Core Components of Ansible:**

1. **Control Node:**

- The system where Ansible is installed and executed. It sends commands to the managed nodes over SSH/WinRM.

2. **Managed Nodes:**

- The remote systems (servers, VMs, containers, etc.) that Ansible manages.

3. **Playbook:**

- A file written in YAML containing plays, which define the desired configuration, orchestration, or automation tasks.

4. **Task:**

- Individual actions executed on the managed nodes, like installing packages, copying files, or restarting services.

5. **Handlers:**

- Tasks that are triggered when certain conditions are met. For example, restarting a service after a configuration change.

6. **Roles:**

- A way to organize playbooks into reusable components. Roles allow for modular, reusable, and maintainable configurations.

7. **Facts:**

- Facts are variables that Ansible gathers about the system during the execution of a playbook. These include system architecture, memory, OS type, etc.

8. **Vault:**
- A feature in Ansible that allows for secure storage of sensitive data (like passwords and credentials) in encrypted files.

---

### **Common Use Cases:**

1. **Configuration Management:**

- Ensure servers have consistent configurations (e.g., same software versions, security patches, etc.).

2. **Application Deployment:**

- Automate the deployment of applications on servers, including setting up the necessary environment.

3. **Orchestration:**

- Manage and coordinate a series of tasks across multiple machines. For example, deploying a multi-tier application.

4. **Security Automation:**

- Enforce security compliance across servers by automating security patching and hardening.

5. **Cloud Provisioning:**
- Automate the provisioning of cloud resources (e.g., AWS, GCP, Azure) using Ansible modules.

---

### **Ansible Playbook Structure:**

```yaml
---
- name: Example playbook
hosts: webservers
become: yes # Execute tasks with elevated privileges (root)

tasks:
- name: Install Apache
apt:
name: apache2
state: present

- name: Copy index.html
copy:
src: /path/to/index.html
dest: /var/www/html/index.html
mode: "0644"

- name: Ensure Apache is started
service:
name: apache2
state: started
```
---
### **Commonly Used Ansible Modules:**
1. **File Operations:**
- `file`: Manage file/directory permissions and ownership.
- `copy`: Copy files from control node to managed node.
- `fetch`: Fetch files from managed node to control node.
- `template`: Manage configuration files using Jinja2 templates.

2. **Package Management:**

- `apt`, `yum`: Install or remove packages (for Debian/RedHat-based systems).
- `pip`: Install Python packages.

3. **Service Management:**

- `service`: Start, stop, or restart services.
- `systemd`: Control systemd services.

4. **User and Group Management:**

- `user`: Manage users and their properties.
- `group`: Manage groups.

5. **Network:**

- `firewalld`: Manage firewalld rules.
- `iptables`: Manage iptables rules.

6. **Cloud Modules:**
- `ec2`: Manage AWS EC2 instances.
- `gcp_compute`: Manage Google Cloud Compute instances.
- `azure_rm`: Manage Azure resources.

---

### **Ansible Roles:**

- **Roles** provide a way to structure playbooks for reusability and organization. A role is essentially a collection of tasks, handlers, variables, templates, and files that can be easily reused across different playbooks.

**Typical Role Directory Structure:**

```
roles/
├── role_name/
│ ├── tasks/
│ │ └── main.yml
│ ├── handlers/
│ │ └── main.yml
│ ├── files/
│ ├── templates/
│ ├── vars/
│ │ └── main.yml
│ ├── defaults/
│ │ └── main.yml
│ ├── meta/
│ │ └── main.yml
```
---
### **Ansible Galaxy:**
- **Ansible Galaxy** is a hub for finding, reusing, and sharing Ansible roles. You can download pre-built roles and use them directly in your playbooks, or contribute your own roles to the community.
---
### **Best Practices for Ansible:**
1. **Use Roles and Playbooks for Reusability:**
- Break down complex playbooks into smaller, reusable roles to make the configuration more modular and maintainable.
2. **Use Variables Wisely:**
- Define variables in inventory files or `vars` directories to make your playbooks more flexible.
3. **Utilize Handlers for Efficiency:**
- Handlers should be used to perform tasks like restarting services only when necessary.
4. **Secure Secrets with Vault:**
- Store sensitive information (like API keys or passwords) securely using Ansible Vault.
5. **Use Version Control:**
- Store your playbooks in a version control system (e.g., Git) for tracking changes and collaborating with others.
---
### **Ansible vs Other Configuration Management Tools:**
| Feature | Ansible | Puppet | Chef | SaltStack |
| --------------------- | ------------------ | ------------------ | ----------------- | ------------------------- |
| **Agentless** | Yes | No | No | No |
| **Ease of Use** | Easy | Moderate | Difficult | Moderate |
| **Language** | YAML (declarative) | Ruby (declarative) | Ruby (imperative) | Python/YAML (declarative) |
| **Push/Pull Model** | Push | Pull | Push/Pull | Push |
| **Community Support** | Large | Large | Large | Moderate |
---
### **Common Commands:**
1. **Run Playbook:**
```bash
ansible-playbook playbook.yml
```

2. **Ping All Hosts in Inventory:**

```bash
ansible all -m ping -i inventory.ini
```

3. **List Inventory Hosts:**

```bash
ansible-inventory --list -i inventory.ini
```

4. **Encrypt a File with Vault:**

```bash
ansible-vault encrypt secrets.yml
```

5. **Decrypt a Vault File:**
```bash
ansible-vault decrypt secrets.yml
```

---

0 comments on commit 4c3b055

Please sign in to comment.