Ansible is an automation tool, with strong focus on security and reliability. Use of OpenSSH for transport.
Ansible manages machines in an agent-less manner. Decentralized by using existing OS credentials to control access to remote machines. It will try to use native OpenSSH for remote communication when possible.
This enables ControlPersist, Kerberos, and JumpHost. Ansible does not expose a channel to allow communication between user and the ssh process.
Ad-hoc task execution
Playbook execution
Playbook are the basis for really simple configuration management and multi-machine deployment system.
While I might run the main program for ad-hoc tasks, playbooks are more likely to be kept in source control.
Consists of one or more plays.
A play maps a group of hosts to some well defined roles, represented by things ansible calls tasks.
A task is a call to an ansible module.
By composing a playbook of multiple ‘plays’, it is possible to orchestrate multi-machine deployments.
For each play, I get to define which machines are targeted, and what the remote user should do to complete the tasks.
hosts
line is a list of 1 or more groups or host patterns, separated by colons. remote_user
is name of user account.
Each play contains a list of tasks. Tasks executed in order, one at a time, against all machines matched by a host pattern.
Hosts with failed tasks are taken out of rotation for entire playbook.
Modules should be idempotent. Should always check if desired final state has been achieved, and if state has been achieved, to exit without performing any actions.
name
is a human readable output.
Handlers list of tasks referenced by a globally unique name, notified by notifiers. Handlers are listed in the notify
section.
ansible-pull : small script that checksout a repo of configuration instructions from git
ansible-lint : runs a detailed check of playbook
Should be specified in the config files. There should be a concern when replaying as the variables might not be the same/not declared
Register variables are used when we want to capture output of a task to a register. Some modules have specific return values.
Lookup plugins allow Ansible to access data from outside sources. This means that ansible can read file system, contact external datastores, services. Evaluated on the Ansible control machine and not the target or remote.
Lookup plugins can be used anywhere in the templating in Ansible: in a play, variables file, Jinja2 template for the template module.
query
is used for lookup plugins.