Table Of ContentAnsible: Up and Running
Automating Configuration Management and
Deployment the Easy Way
THIRD EDITION
With Early Release ebooks, you get books in their earliest form—the
authors’ raw and unedited content as they write—so you can take
advantage of these technologies long before the official release of these
titles.
Bas Meijer, Lorin Hochstein, and René Moser
Ansible: Up and Running
by Bas Meijer, Lorin Hochstein, and René Moser
Copyright © 2022 Bas Meijer. All rights reserved.
Printed in the United States of America.
Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North,
Sebastopol, CA 95472.
O’Reilly books may be purchased for educational, business, or sales
promotional use. Online editions are also available for most titles
(http://oreilly.com). For more information, contact our
corporate/institutional sales department: 800-998-9938 or
corporate@oreilly.com.
Editors: John Devins and Sarah Grey
Production Editor: Kate Galloway
Interior Designer: David Futato
Cover Designer: Karen Montgomery
Illustrator: Kate Dullea
September 2022: Third Edition
Revision History for the Early Release
2021-06-03: First Release
2021-07-12: Second Release
2021-07-26: Third Release
2021-09-23: Fourth Release
2021-12-10: Fifth Release
2022-02-01: Sixth Release
See http://oreilly.com/catalog/errata.csp?isbn=9781098109158 for release
details.
The O’Reilly logo is a registered trademark of O’Reilly Media, Inc.
Ansible: Up and Running, the cover image, and related trade dress are
trademarks of O’Reilly Media, Inc.
The views expressed in this work are those of the authors, and do not
represent the publisher’s views. While the publisher and the authors have
used good faith efforts to ensure that the information and instructions
contained in this work are accurate, the publisher and the authors disclaim
all responsibility for errors or omissions, including without limitation
responsibility for damages resulting from the use of or reliance on this
work. Use of the information and instructions contained in this work is at
your own risk. If any code samples or other technology this work contains
or describes is subject to open source licenses or the intellectual property
rights of others, it is your responsibility to ensure that your use thereof
complies with such licenses and/or rights.
978-1-098-10908-0
Chapter 1. Introduction
A NOTE FOR EARLY RELEASE READERS
With Early Release ebooks, you get books in their earliest form—the
authors’ raw and unedited content as they write—so you can take
advantage of these technologies long before the official release of these
titles.
This will be Chapter 1 of the final book. The GitHub repo for this
edition is available at
https://github.com/ansiblebook/ansiblebook/tree/3rd-edition
If you have comments about how we might improve the content and/or
examples in this book, or if you notice missing material within this
chapter, please reach out to the author at bas.meijer@me.com.
It’s an interesting time to be working in the IT industry. We no longer
deliver software to our customers by installing a program on a single
machine and calling it a day. Instead, we are all gradually turning into cloud
engineers.
We now deploy software applications by stringing together services that run
on a distributed set of computing resources and communicate over different
networking protocols. A typical application can include web servers,
application servers, memory-based caching systems, task queues, message
queues, SQL databases, NoSQL datastores, and load balancers.
IT professionals also need to make sure to have the proper redundancies in
place, so that when failures happen (and they will), our software systems
will handle them gracefully. Then there are the secondary services that we
also need to deploy and maintain, such as logging, monitoring, and
analytics, as well as third-party services we need to interact with, such as
infrastructure-as-a-service (IaaS) endpoints for managing virtual machine
instances.1
You can wire up these services by hand: spinning up the servers you need,
logging into each one, installing packages, editing config files, and so forth,
but it’s a pain. It’s time-consuming, error-prone, and just plain dull to do
this kind of work manually, especially around the third or fourth time. And
for more complex tasks, like standing up an OpenStack cloud, doing it by
hand is madness. There must a better way.
If you’re reading this, you’re probably already sold on the idea of
configuration management and considering adopting Ansible as your
configuration management tool. Whether you’re a developer deploying
your code to production, or you’re a systems administrator looking for a
better way to automate, I think you’ll find Ansible to be an excellent
solution to your problem.
A Note About Versions
The example code in this book was tested against versions 4.0.0 and 2.9.20
of Ansible. Ansible 4.0.0 is the latest version as of this writing; Ansible
Tower includes version 2.9.20 in the most recent release. Ansible 2.8 went
End of Life with the release of 2.8.20 on April 13, 2021.
For years the Ansible community has been highly active in creating roles
and modules—so active that there are thousands of modules and more than
20,000 roles. The difficulties of managing a project of this scale led creators
to reorganize the Ansible content into three parts:
Core components, created by the Ansible team
Certified content, created by Red Hat’s business partners
Community content, created by thousands of enthusiasts worldwide
Ansible 2.9 has lots of built-in features, and later versions are more
composable. This new setup makes it more easily maintainable as a whole.
The examples provided in this book should work in various versions of
Ansible, but version changes in general call for testing, which we will
address in Chapter 14.
WHAT’S WITH THE NAME ANSIBLE?
It’s a science-fiction reference. An ansible is a fictional communication device that can
transfer information faster than the speed of light. Ursula K. Le Guin invented the
concept in her book Rocannon’s World (Ace Books, 1966), and other sci-fi authors have
since borrowed the idea, including Orson Scott Card. Ansible cofounder Michael
DeHaan took the name Ansible from Card’s book Ender’s Game (Tor, 1985). In that
book, the ansible was used to control many remote ships at once, over vast distances.
Think of it as a metaphor for controlling remote servers.
Ansible: What Is It Good For?
Ansible is often described as a configuration management tool and is
typically mentioned in the same breath as Puppet, Chef, and Salt. When IT
professionals talk about configuration management, we typically mean
writing some kind of state description for our servers, then using a tool to
enforce that the servers are, indeed, in that state: the right packages are
installed, configuration files have the expected values and have the
expected permissions, the right services are running, and so on. Like other
configuration management tools, Ansible exposes a domain-specific
language (DSL) that you use to describe the state of your servers.
You can use these tools for deployment as well. When people talk about
deployment, they are usually referring to the process of generating binaries
or static assets (if necessary) from software written by in-house developers,
copying the required files to servers, and starting services in a particular
order. Capistrano and Fabric are two examples of open-source deployment
tools. Ansible is a great tool for deployment as well as configuration
management. Using a single tool for both makes life simpler for the folks
responsible for system integration.
Some people talk about the need to orchestrate deployment. Orchestration
is the process of coordinating deployment when multiple remote servers are
involved and things must happen in a specific order. For example, you
might need to bring up the database before bringing up the web servers, or
take web servers out of the load balancer one at a time to upgrade them
without downtime. Ansible is good at this as well, and DeHaan designed it
from the ground up for performing actions on multiple servers. It has a
refreshingly simple model for controlling the order in which actions
happen.
Finally, you’ll hear people talk about provisioning new servers. In the
context of public clouds such as Amazon EC2, provisioning refers to
spinning up new virtual machine instances or cloud-native Software as a
Service (SaaS). Ansible has got you covered here, with modules for talking
to clouds including EC2, Azure,2
Digital Ocean, Google Compute Engine, Linode, and Rackspace,3
as well as any clouds that support the OpenStack APIs.
NOTE
Confusingly, the Vagrant tool, covered later in this chapter, uses the term provisioner to
refer to a tool that does configuration management. It thus refers to Ansible as a kind of
provisioner. Vagrant calls tools that create machines, such as VirtualBox and VMWare,
providers. Vagrant uses the term machine to refer to a virtual machine and box to refer
to a virtual machine image.
How Ansible Works
Figure 1-1Figure 1-1 shows a sample use case of Ansible in action. A user
we’ll call Alice is using Ansible to configure three Ubuntu-based web
servers to run Nginx. She has written an Ansible script called
webservers.yml. In Ansible, a script is called a playbook. A playbook
describes which hosts (what Ansible calls remote servers) to configure, and
an ordered list of tasks to perform on those hosts. In this example, the hosts
are web1, web2, and web3, and the tasks are things such as these:
Install Nginx
Generate a Nginx configuration file
Copy over the security certificate
Start the Nginx service
In the next chapter, we’ll discuss what’s in this playbook; for now, we’ll
focus on its role in the overall process. Alice executes the playbook by
using the ansible-playbook command. Alice starts her Ansible playbook by
typing two filenames on a terminal line: first the command, then the name
of the playbook:
$ ansible-playbook webservers.yml
Ansible will make SSH connections in parallel to web1, web2, and web3. It
will then execute the first task on the list on all three hosts simultaneously.
In this example, the first task is installing the Nginx package, so the task in
the playbook would look something like this:
- name: Install nginx
package:
name: nginx
Ansible will do the following:
1. Generate a Python script that installs the Nginx package
2. Copy the script to web1, web2, and web3
3. Execute the script on web1, web2, and web3
4. Wait for the script to complete execution on all hosts
Ansible will then move to the next task in the list and go through these
same four steps.
It’s important to note the following:
1. Ansible runs each task in parallel across all hosts.
2. Ansible waits until all hosts have completed a task before moving
to the next task.
3. Ansible runs the tasks in the order that you specify them.
Figure 1-1. Running an Ansible playbook to configure three web servers.
What’s So Great About Ansible?
There are several open-source configuration management tools out there to
choose from, so why choose Ansible? Here are 27 reasons that drew us to
it. In short: Ansible is simple, powerful, and secure.
