Automation, Orchestration and
Con�guration Management:
Getting Started With Ansible
Dimeji Fayomi
10 August 2021
1 / 20
Outline
A scenario exercise
Why automation, orchestration and configuration management are
important ?
Some concept definitions
Automation
Orchestration
Configuration Management
Infrastructure as Code (IaC)
Ansible
What is it ?
How it works
Features and advantages over other tools
Installing Ansible
Ansible concepts
Demos: using ansible
2 / 20
Scenario Exercise
Assume you are a devops for an organisation
You are responsible for:
Provisioning infrastructure for critical web applications on the cloud
Deploying the applications
Rolling out new features for the applications
Applying security patches to the infrastructure and applications
Providing 24/7 application and infrastructure support
3 / 20
Scenario Exercise
With small infrastructure
Doing these tasks manually:
is relatively easy
iterative and interactive
not time-consuming
With medium/large infrastrucure
Doing these tasks manually:
becomes boring
means the same tasks are repeated multiple times
error-prone
inconsistent configuration and state across your infrastructure
leaves litle time for innovation and adding value with new
features
Automation, Orchestation and Configuration management
Lets you focus on the important things:
Adding new features for your applications quickly!!!
Making your applications and systems better.
4 / 20
Concept De�nitions
Automation
Using tools and software to perform repeatable configuration actions and
processes
With minimal human intervention or input
Think single task or process:
Installing an application on a server
Orchestration
Coordinated provisioning and configuration of multiple applications
Involves executing a series of configuration and provisioning actions in a
specific order
Automating a series of tasks to work together
Think of the steps and tasks involved in deploying a PHP application
You need to install and configure:
PHP Engine
A web server (Apache or Nginx)
A database
5 / 20
Concept De�nitions
Con�guration Management
Keeping your infrastructure in the desired and consistent state
Maintaining consistency of configuration for all systems
Keeps your configuration uniform across your infrastructure
Makes it easy to track configuration changes
Minimises errors and faults due to wrong configurations
Infrastructure as code (IaC)
Provisioning and managing infrastructure:
with descriptive and declarative machine-readable files
More consistent across systems
Better than:
Iterative, interactive, physical and manual config processes and tools.
6 / 20
Ansible
What is it ?
An open source automation and orchestration tool for:
Provisioning and configuration of infrastructure
Deploying and configuring applications on the infrastructure
Cross platform
Linux/Unix and Windows supported
Swiss knife tool for automation and configuration
If a task can be automated, it can be done with ansible!!!
If a process can be orchestrated, it can be done with ansible!!!
7 / 20
Ansible
Key Features
No agent required on the nodes to be configured
Just SSH required
Declarative and human-readable language
Everything is a YAML file
Push-based approach for deploying configuration on nodes
Better control and security
Idempotent
Only make changes on the node if state is different from what is
specified in the configuration.
8 / 20
Ansible
How it works
9 / 20
Ansible
What makes it di�erent from other tools e.g Puppet,
chef e.t.c ?
Idempotent
Only make changes if needed
Repeat actions without side-effects
Declarative vs Procedural
Other tools are procedural
Perform this action first and then this
If one step is skipped, chaos ensures
Ansible is declarative
I want this service configured and running
No agents
Other tools require an agent installed on the managed nodes
10 / 20
Installing Ansible
You can install with pacakge manager (Not recommended!!!)
apt-get install ansible
Install with pip in a virtualenv
Install python3-pip
sudo apt-get install python3-pip
Install virtualenv
pip3 install virtualenv
Create a virtualenv
virtualenv -p /usr/bin/python3 compx527
11 / 20
Installing Ansible (Cont’d)
Activate your virtualenv
source compx527/bin/activate
Install Ansible and other AWS SDK libraries in your virtualenv
pip install ansible
pip install boto3
pip install botocore
pip install boto
12 / 20
Ansible Concepts
Control Node
The machine where ansible is installed
Ansible commands and playbooks are invoked from this machine
Could your laptop or dedicated machine
Managed Nodes
Servers, VMs and AWS resources managed with Ansible.
Ansible is not installed on these nodes
Inventory
The list of managed nodes
Useful for organising your nodes into groups
Can be specified using IP addresses or FQDNs
13 / 20
Collections
A distribution format for Ansible
Includes playbooks, roles and modules
Modules
Unit of code executed by Ansible
Each module has a specific use e.g
Administering users
Installing software
Managing files
Modules are used to implement tasks
Tasks
A unit of action performed on a node e.g
with the apt module, install packages on a node
14 / 20
Playbooks
An ordered list of tasks
That can be run repeatedly
Roles
Built-in structure for grouping and organizing similar tasks
Easily manage execution of tasks
15 / 20
Using Ansible
Ad hoc command
Running a command-line to automate a single task on one or more
managed nodes
Playbooks
repeatable deployment
Orchestrating tasks
16 / 20
Ansible playbooks
A small ansible playbook that deploys a simple static website on S3.
(Remember to change your bucket name in the ansible playbook)
git clone :olafayomi/COMPx527.git
cd COMPx527/ansible-s3
ansible-playbook main.yml –tags deploy-live-s3
Your website should be live at: http://[your-bucket-name].live.s3-website-
us-east-1.amazonaws.com/index.html
The same playbook can be used to remove the S3 bucket
ansible-playbook main.yml –tags remove-bucket
17 / 20
Another Ansible playbook
This ansible playbook creates a security group and provision an EC2
instance.
cd ../ansible-ec2
ansible-playbook -v -i inventories/hosts main.yml –tags provision
SSH to instance
ssh -v -i ~/.ssh/oof1-ec2-key.pem ubuntu@[instance-ip-address]
The playbook can be further extended to patch upgrade packages on the
newly created EC2 instances
ansible-playbook -v -i inventories/hosts main.yml –tags update-package-manag
ansible-playbook -v -i inventories/hosts main.yml –tags patch
ansible-playbook -v -i inventories/hosts main.yml –tags reboot
18 / 20
Ansible Ad Hoc Commands
ansible -i inventories/hosts webservers -m ping
ansible -i inventories/hosts webservers -m apt -a ‘name=nginx state=latest’
ansible -i inventories/hosts webservers -m apt -a ‘name=nginx state=absent’
19 / 20
Reference
Ansible Docs
(https://docs.ansible.com/ansible/latest/user_guide/index.html)
Digital Ocean
(https://www.digitalocean.com/community/tutorial_series/how-to-write-
ansible-playbooks)
Tutorials Point
(https://www.tutorialspoint.com/ansible/ansible_tutorial.pdf)
Ansible modules
(https://docs.ansible.com/ansible/2.9/modules/list_of_all_modules.html)
Questions ??
20 / 20
https://docs.ansible.com/ansible/latest/user_guide/index.html
https://www.digitalocean.com/community/tutorial_series/how-to-write-ansible-playbooks
https://www.tutorialspoint.com/ansible/ansible_tutorial.pdf
https://docs.ansible.com/ansible/2.9/modules/list_of_all_modules.html