Our DevOps Toolbox: The Ansible Interview
There are many IT automation tools available, including mature ones like Puppet and Chef, so why choose Ansible? Michael Shklyar, DevOps Software Engineer from the Exadel Digital Transformation Practice, recently sat down with Sergey Krivopishin, a DevOps specialist from one of our client projects to discuss the advantages of Ansible and how it helps him solve issues.
What is Ansible?
Ansible is an open source IT tool for managing and deploying servers and configurations. Ansible is an unusually simple IT automation engine that automates cloud provisioning, configuration management, application deployment, intraservice orchestration, and many other IT needs.
What are some areas in which you use Ansible?
I work with our customer’s Global Business Services. GBS is designed to provide services to business units in sourcing, procurement, legal, finance, and HR. Global Business Services is the primary interface with the company’s service centers. In the GBS we standardize business processes to achieve operating efficiencies in software development and testing, content production, and other business process outsourcing functions where productivity improvements and increasing levels of quality can be achieved.
We’ve updated and tagged virtual machines (servers) in the Azure cloud and installed different software (antivirus software, updates, special software for monitoring servers in the enterprise, etc.) and configured different servers on Windows and Linux. There were 300 subscriptions in Azure and 300 accounts in AWS, with 15000 virtual servers.
What kinds of technical challenges did you run into and how did you solve them?
One implementation was a bit longer than others, deploying applications with Windows MSI packages. It was hard to track their installation on Windows for specific software.
In Ansible there are two ways to track Windows packages: the first one is product ID mapping; the second is checking the presence of a specific file. If the product version is changed, for example, a new version has to be set up. For Ansible, it meant that the application wasn’t set up. I worked with an app which was dealing with security monitoring. A special version with the product ID was set up. After the system (not Ansible) updated this version, the product ID was changed.
How long have you been using Ansible on this project?
I started to promote it from scratch and set up full deployments of 10 Ansible roles (5 Linux and 5 Windows). Earlier, Powershell and Bash scripts were used.
We’re planning to use Ansible Tower directly. The Ansible Tower comes with a very attractive feature: Ansible Survey. This is very useful for people who need to create something but are not authorized to do so. For example, a person from an HR department needs to create an account in an active directory, but they don’t have permissions to do so in the active directory because they are not an administrator. In Ansible Tower we can make a web form with set of parameters (a survey) to do so.
Why is Ansible better than other сonfiguration management tools?
I don’t think it’s helpful to make a sweeping statement that Ansible is better than other tools. All configuration management tools have their advantages and disadvantages. But one thing I can say for sure is that Ansible is easier to start using for beginners.
With Ansible, there’s no need to write custom scripts or modules. Ansible has everything necessary for configuration. If something is missing, it can be covered with Powershell or Shell. Everything is simple and clear.
Also, it’s agentless. You don’t need to install any other software, you just need to open firewall ports on the client systems you want to automate. You also don’t have to set up a separate management structure in many cases, and you can configure everything from your workstation.
Ansible can be learned quickly, with its easy installation and initial configuration. In less than 30 minutes, it’s possible to install, configure, and execute ad hoc commands for n servers to solve a specific problem: time adjustments, password changes, updating servers, restarting services, config file adjustments, etc.
Moreover, Ansible adapts well to mixed environments, coexisting seamlessly with partially or mostly automated environments. The transition from one model to another is generally far less traumatic with Ansible.
Is it safe to say that using Ansible will save money and time?
Will using Ansible make work easier and improve speed?
It definitely makes things easier if we compare it to writing scripts. The number of errors is greatly reduced. For example, scripts often don’t have checks to make sure that the desired result is already in place, or they don’t have enough checks for when particular errors occur while running. Ansible is a configuration tool with numerous checks. It simplifies things.
Parallel execution is available right out of the box, so it definitely increases the speed of work. In most cases, engineers do not write scripts with parallel execution.
The Main Takeaway
Ansible is a good tool for automation and can be used in different areas like configuration management or continuous deployment. It is developed in Python and supported by a community with all the pros and cons of that.
Ansible is a good choice for any company, large or small.
About the Series
This is just one article in the Our DevOps Toolbox series in which we share the tools we use in our DevOps work, one tool at a time. Here’s what we have published so far:
- Our DevOps Toolbox: Ansible
- Our DevOps Toolbox: The Ansible Interview
Learn more here about Exadel’s Digital Transformation practice and the challenges it can solve. Ask to speak with our experts to find out even more.