What's Ansible?
Like Chef, Puppet or Salt, Ansible is a configuration management and provisioning tool.
Ansible distinguishes two types of servers: controlling machines and nodes.
- First, there is a single controlling machine which is where orchestration begins. The controlling machine describes the location of nodes through its inventory.
- Nodes are managed by a controlling machine over SSH and run the configured Tasks.
Ansible Tasks are idempotent.
Ansible uses Facts, which is system and environment information it gathers (context) before running tasks to check state and see if it needs to change anything in order to get the desired outcome. This makes it safe to run Ansible tasks against a server over and over again.
To orchestrate nodes, Ansible deploys modules to nodes over SSH. Modules are temporarily stored in the nodes and communicate with the controlling machine through a JSON protocol over the standard output. When Ansible is not managing nodes, it does not consume resources because no daemons or programs are executing for Ansible in the background. - from Ansible (software)
Ansible is agentless - there's no central agent(s) running. In other words, it uses no agents and no additional custom security infrastructure, so it's easy to deploy - and most importantly, it uses a very simple language (YAML, in the form of Ansible Playbooks) that allow us to describe our automation jobs.
Ansible works by connecting to our nodes and pushing out small programs, called Ansible Modules to them. These programs are written to be resource models of the desired state of the system. Ansible then executes these modules (over SSH by default), and removes them when finished.
Our library of modules can reside on any machine, and there are no servers, daemons, or databases required. Typically we'll work with our favorite terminal program, a text editor, and probably a version control system to keep track of changes to our content.
Install
Here's how to install Ansible on Ubuntu 20.04.
$ sudo apt-get install python3-pip$ sudo pip3 install ansible
Now, Ansible is installed.
$ ansible --versionansible 2.10.2 config file = None configured module search path = ['/home/ubuntu/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.8/dist-packages/ansible executable location = /usr/local/bin/ansible python version = 3.8.5 (default, Jul 28 2020, 12:59:40) [GCC 9.3.0]
There will be no daemons to start or keep running. We only needed to install it on one machine (my laptop), and it can manage an entire fleet of remote machines from that central point.
Ansible in one page - Quick tutorial
For those who want to see how Ansible works in real world problem, visit Setting up web servers with Nginx, configure enviroments, and deploy an App.
In the tutorial, as a quick preview for Ansible, we'll set up two web servers: one for testing and one for production, on AWS. Then, install Nginx and configure the environments. Lastly, an app will be deployed.
The DevOps Bootcamp ๐ Newsletter
Join the newsletter to receive the latest updates in your inbox.
Lab 4/4 ๐ฌIstio Ambiant Mesh
Paid
Members
Public
Ambient interoperability with sidecarsAll the Pods don't need to use the new Ambient mode. You can have some Pods using sidecars while others are using Ambient. Let's create a new namespace called httpbin: kubectl create namespace httpbinTo use sidecars in this namespace, you need to label it accordingly: kubectl label
Lab 3/4 ๐ฌIstio Ambiant Mesh
Paid
Members
Public
L7 authorization policiesL4 policies are useful but may not be sufficient for your needs. For example, youโll be able to send any request to the web-api service from the sleep pod while you may only want to allow requests with the GET method. In order to have any L7