Keeping the Lights on !! — Automation with Ansible Tower
There is unprecedented demand for resource provisioning due to COVID-19, these days. Various open-source technologies are being used to respond to the challenges faced by the business. Automation is the key requirement among various firms and companies to keep their business running.
Can you roll out fixes at scale ? Can you automate repeatable IT tasks without compromising compliance?
Remote workers are demanding self-service, can you give it to them? Without breaking the bank?
Ansible automation can be the answer to all the questions.
Ansible is the most popular automation tool in the Github today, with more than a quarter-million downloads per month. There are more than 3500 contributors submitting new modules all the time.
Ansible can help to keep the lights on by automating the remediation of problems before they affect the systems and how we can keep IT systems secure.
The basic use-cases of Ansible are Provisioning, Configuration Management(CM), Security Remediation, Application deployment, etc.
- Agentless: Unlike Puppet, Chef, Salt, etc. Ansible operates only over SSH
- Built with Python: It's a universal language these days.
- Self-documenting: Simple YAML files describing the playbooks and roles.
- Feature-rich: Some call these “batteries included”, but there are over 150 modules provided out of the box, and new ones are pretty easy to write.
- PlayBook: Playbooks are the bread and butter of Ansible. They represent collections of ‘plays’, configuration policies which get applied to defined groups of hosts. Basically, it contains all the instructions we provide to the Ansible to perform the desired tasks. It is written in Declarative languages like YAML(preferred) or JSON. By constructing proper Playbooks, there’s almost no limit to what you can do with Ansible.
- Collections: Playbooks, however, can get very complex. Ansible Collections are pre-packaged content that can be used as-is or modified to meet your needs. The content found in Ansible Collections includes those for specific purposes, tools, and even demos to help you learn the ins and outs of Ansible. They are certified by Redhat.
This is an intermediate level workshop where it is understood that the basics of the Ansible technology is known. Here we are going to focus more on Ansible Tower, which is an advanced tool.
The main question that brings us to the topic is:
What will happen, if the main server on which we are running Ansible, goes down, i.e. my control node goes down?
That's where Ansible Tower comes into the picture. It gives Clustering features. We can have multiple towers deployed and share a common database so that if one server goes down, others can continue the management.
One of the major gripes from Ansible users is that it didn’t have a proper GUI. This was an especially critical issue because good UI is important for occasional and new users to get comfortable and familiar with an application, before diving into the complexities of the CLI and playbook creation. Ansible itself was (and still is) rather new, so most of its users were by definition, new users.
Ansible Tower, previously called the AWX project, is the fix to this problem. It is a comprehensive web-based UI for Ansible, containing the most important Ansible features, especially those that render better as graphical rather than text-based output, such as real-time node monitoring.
Ansible vs Ansible Tower: What are The Key Differences | UpGuard
Ansible is a newish CM tool and orchestration engine developed and released in 2012 by its eponymous company…
Some of the important features of Ansible Tower are listed below. The full feature list is available off the Ansible website.
- Role-based access control: you can set up teams and users in various roles. These can integrate with your existing LDAP or AD environment.
- Job scheduling: schedule your jobs and set repetition options
- Portal mode: this is a simplified view of automation jobs for newbies and less experienced Ansible users. This is an excellent feature as it truly lowers the entry barriers to starting to use Ansible.
- Fully documented REST API: allows you to integrate Ansible into your existing toolset and environment
- Tower Dashboard: use this to quickly view a summary of your entire environment. Simplifies things for sysadmins while sipping their coffee.
- Cloud integration: Tower is compatible with the major cloud environments: Amazon EC2, Rackspace, Azure.
We can create an AWS instance using Ansible Tower using a pre-created Job Template.
First, we need to create the Playbook containing the infrastructure as code. We are going to create a VPC and an Internet Gateway. Inside the VPC, we create a Subnet and finally provision an RHEL 8 EC2 instance in it.
This use-case is an Example of CD, part of DevOps. These days once there is any code change in big firms, they re immediately deployed. Once deployed in a testing environment, it becomes easy to understand the potential errors and security flaws.
From the Ansible Tower GUI, we can build a job template to perform the desired task. In the template, we can add the playbook, credentials, etc. Tower has a database to securely store the credentials. After that, we select the Launch Button. Automatically we see the entire infrastructure is built on AWS.
We can integrate Slack with Ansible Tower so that any changes related to the production immediately updates all developers connected to the slack channel.
In Ansible Tower, we have the feature of creating Workflows, which helps to run multiple playbooks together. We can visualize it in the Visualizer and update the workflow.
Most companies set up a continuous delivery pipeline for testing the application in a Development environment. But the process of Deploying to the Production environment needs manual intervention. We can use Ansible Tower to do the approval of the workflow to pass the application to the production environment.
3. Extending Ansible Automations to 3rd-Party Tools
Since Ansible requires Python to run, we can leverage various features of Python in Ansible. For example, we can create virtual environments in python and install specific packages in it. We can later use the particular virtual environment in the Tower.
Oracle Cloud integration is not provided by Ansible Tower out of the box. But we can connect Ansible tower to the Oracle Cloud through the
oci package provided by the latter. The package can be installed in the virtual environment and Tower can be instructed to use the environment. Also, we can create Credential Types to store the credentials, since the cloud is not having the support to store the Credentials by default in Ansible Tower.
Thus we can set up any of the Cloud Providers and use the existing tools and infrastructure and have them imported into Ansible Tower to securely perform the automation and orchestration.