cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

5 Ansible Playbook Steps to Success

Level 10

There are many configuration management, deployment, and orchestration tools available, ranging from open-source tools to automation engines. Ansible is one such software stack available to cover all the bases, and seems to be gaining more traction by the day. In this post, we’ll look at how this simple but powerful tool can change your software deployments by bringing consistency and reliability to your environment.

Ansible gives you the ability to provision, control, configure, and deploy applications to multiple servers from a single machine. Ansible allows for successful repetition of tasks, can scale from one to 10,000 or more endpoints, and uses YAML to apply configuration changes, which is easy to read and understand. It’s lightweight, uses SSH PowerShell and APIs for access, and as mentioned above, is an open-source project. It’s also agentless, differentiating it from some other similar competitive tools in this marketplace. Ansible is designed with your whole infrastructure in mind rather than individual servers. If you need dashboard monitoring, then Ansible Tower is for you.

Once installed on a master server, you create an inventory of machines or nodes for it to perform tasks on. You can then start to push configuration changes to nodes. An Ansible playbook is a collection of tasks you want to be executed on a remote server, in a configuration file. Get complicated with playbooks from the simple management and configuration of remote machines all the way to a multifaceted deployment with these five tips to start getting the most out of what tool can deliver.

  1. Passwordless keys (for SSH) is the way to go. Probably one you should undertake from day one. Not just for Ansible, this uses a public shared key between hosts based on the v2 standard with most default OSs creating 2048-bit keys, but can be changed in certain situations up to 4096-bit. No longer do you have to type in long complex passwords for every login session—this more reliable and easier-to-maintain method makes your environment both more secure and easier for Ansible to execute.
  2. Use check mode to dry run most modules. If you’re not sure how a new playbook or update will perform, dry runs are for you. With configuration management and Ansible’s ability to provide you with desired state and your end goal, you can use dry run mode to preview what changes are going to be applied to the system in question. Simply add the --check command to the ansible-playbook command for a glance at what will happen.
  3. Use Ansible roles. This is where you break a playbook out into multiple files. This file structure consists of a grouping of files, tasks, and variables, which now moves you to modularization of your code and thus independent adaptation upgrade, and allows for reuse of configuration steps, making changes and improvements to your Ansible configurations easier.
  4. Ansible Galaxy is where you should start any new project. Access to roles, playbooks, and modules from community and vendors—why reinvent the wheel? Galaxy is a free site for searching, rating, downloading, and even reviewing community-developed Ansible roles. This is a great way to get a helping hand with your automation projects.
  5. Use a third-party vault software. Ansible Vault is functional, but a single shared secret makes it hard to audit or control who has access to all the nodes in your environment. Look for something with a centrally managed repository of secrets you can audit and lock down in a security breach scenario. I suggest HashiCorp Vault as it can meet all these demands and more, but others are available.

Hopefully you now have a desire to either start using Ansible and reduce time wasted on rinse and repeat configuration tasks, or you’ve picked up a few tips to take your skills to the next level and continue your DevOps journey.

14 Comments
Level 13

Thanks for the Article

Level 13

Thanks for the article!

Level 15

This is on my list of items I need to study this year. Thanks for the write up.

MVP
MVP

Thanks for the article.

Level 12

So what happens if the Ansible server gets compromised?

MVP
MVP

I need to read more about this, thanks for the heads up.

Level 13

Good post, thanks.  I've used ansible for a few things, but we don't have a lot of use cases due to the work we do and the type of environment we operate in.  Things just aren't that dynamic, and don't need to be.

Level 15

Good post.   Thank you for adding this article.

Level 12

I'm curious about one item. You are correct that keys are more reliable from an operational perspective, but from a security perspective we're all encouraged to move away from them, as if one is blown - they're all blown.

My statement is a rather generic, industry trend. Does ansible offer mitigating strategies? Is there any sort of key rotation that is automated? Or is it just an ease of use item?

Level 12

Same question... Sorry I didn't see this first, but see my question on SSH keys below.

MVP
MVP

I've been curious how these various toolsets compare, I've been spending time with Cloud Formation to build AWS infrastructure which has been interesting.

Level 11

Thanks for the article.

Level 9

"Passwordless keys (for SSH) is the way to go."  THAT is so true.  Too bad we cant get Solarwinds developers to make NCM connections for configs and inventories password-less!

Please nag the NCM Product Manager. (he's a good guy and can take it and is well aware of my nagging about this.)

Level 12

thanks for the post

About the Author
A jack of all trades that seems to get pulled into projects that were not on my radar