Ansible, a free and open-source Python-based project by Red Hat, is a popular configuration management and IT automation platform.
It is multi-platform and can work with most modern operating systems, including Linux, Windows, and Mac. It supports a declarative language written in YAML or YAML Ain't Markup Language to describe system configuration.
Ansible, along with other modern configuration management platforms, has revolutionized IT automation and industry standards. Configuration management tools have become part of the DevOps toolset and are an inseparable part of any modern IT process lifecycle. This is applicable for any modern infrastructure environment, whether built on an on-premises, hybrid, or cloud environment. Not only for DevOps, but Ansible can also help automate many day-to-day tasks done by a System Administrator.
One of the advantages of using Ansible is that it is agent-less and doesn’t need much to get started besides SSH access to the target machine and the supported version of Python, which is already installed by default on most modern operating systems. Also, since it’s a lightweight tool, it can be deployed and used with a legacy to innovative systems.
Uses of Ansible
Orchestration
Ansible is a tool of choice for orchestrating various system administration and deployment tasks. Playbooks allow using the same orchestration workflows across different projects and YAML based configuration data allows storing and versioning your infrastructure on Git repository or any supported version control platform.
Application Deployment
Whether it’s a simple few lines code application or multi-tier heavy-weight deployment, Ansible makes it possible to automate the end-to-end application deployment lifecycle.
Security and Compliance
Ansible can also help ensure your systems are secured as per your organization’s guidelines and compliant with industry standards. It can run across thousands of servers, generate an audit, and fix those security holes, giving the administrator complete control of the environment.
Let’s now look at some of the common Sysadmin Tasks you can automate with Ansible.
Copy files from a local or remote system
As a System Administrator, it is common to copy files from one directory to another. Configuration files often need to be copied to remote servers, or sometimes we need to move files from one remote location to another.
Ansible copy module can help you do these tasks in a playbook.
It’s a routine task for a sysadmin to know the status of managed servers and perform predefined actions as per the organization’s policies. One such task is to know server uptime. With Ansible, we can easily fetch uptime values and print them together. An example to copy ntp configuration from local to a remote server using copy module is shown below:
---
- hosts: all
gather_facts: no
become: yes
tasks:
- name: Copy a new ntp configuration file and back up the original, if it differs
copy:
src: ./ntp.conf
dest: /etc/ntp.conf
owner: root
group: root
mode: '0644'
backup: yesConfigure additional cron jobs
Setting up scheduled jobs to carry out routine tasks is part of managing any server. You can schedule automatic backups, patching, auditing, etc., during certain times of day or month automatically and leaving productive time for your use.
cron is one such tool in Linux that supports scheduling, and Ansible can help you add or modify those jobs. As an example, the below playbook demonstrates how you can set a rsync job as root on some or all of your servers easily using Ansible.
---
- hosts: all
gather_facts: no
become: yes
tasks:
- name: Deploy cron job
cron:
name: "Set rsync job"
user: root
minute: "5"
hour: "4"
job: "rsync -avz /path/to/folder1 /path/to/folder1 2>&1"Manage disks and filesystems
Ansible can be used to manage disks, partition layouts, filesystems, and mounts, including /etc/fstab on Linux servers. Different Ansible module makes this possible. Here’s an example that creates a partition on a 100GB disk, formats it with ext4 filesystem creates a new directory for mounting the partition and finally mounts it on a given directory. An entry in /etc/fstab is also created through temporary or permanent mount depending on module options.
---
- hosts: all
gather_facts: no
become: yes
tasks:
- name: Create a partition
parted:
device: /dev/sdb
number: 1
part_end: "100%"
state: present
- name: Format new partition
filesystem:
fstype: ext4
dev: /dev/sdb1
- name: Create mount directory
file:
path: /data
state: directory
- name: Mount partition
mount:
path: /data
src: /dev/sdb1
fstype: ext4
state: mountedCollect server logs
Keeping logs in a convenient place is sometimes essential for security, audit as well as analysis. Ansible allows the collection of logs from different servers in your enterprise environment and keeps them in your defined location easily. Here’s the playbook to achieve this:
---
- hosts: all
gather_facts: no
become: yes
tasks:
- name: Find logs
find:
paths: /var/log/
patterns: '*.log'
recurse: yes
register: _logs
- name: Fetch logs
fetch:
src: "{{ item.path }}"
dest: /tmp/logs
with_items: "{{ _logs.files }}"Install or remove packages and software
Packages are often required to be installed on user requests or as part of initial server builds. We may also need to remove certain packages which are no longer needed or have some critical bugs etc. Ansible allows you to easily install or remove packages without the hassle of going to each server and running manual commands. Here’s an example demonstrating the installation and removal of one package each for Ubuntu and RHEL/CentOS-based Linux servers.
---
- hosts: ubuntu
gather_facts: no
tasks:
- name: Install lsof utility
apt:
pkg: lsof
state: latest
sudo: yes
- name: Remove ARP Scan utility
apt:
pkg: arp-scan
state: absent
sudo: yes
---
- hosts: centos
gather_facts: no
tasks:
- name: Install lsof utility
yum:
pkg: lsof
state: latest
sudo: yes
- name: Remove ARP Scan utility
yum:
pkg: arp-scan
state: absent
sudo: yesManaging users
Users and groups form the basic structure around which Unix/Linux-based systems manage access and permissions. In a big organization, managing users and groups can be a big challenge despite automation to support the environment.
With Ansible, the system administrator has an excellent tool to create, modify and delete users and groups with all different possibilities supported in the OS.
Here’s a simple example that shows the creation and deletion of users and groups using Ansible. After this playbook runs, target servers will have groupA and groupB created with given GIDs while user1 will be removed, if present. A new user without a shell will be created as user2 with given UID, groups assigned, and locked password.
---
- hosts: all
gather_facts: no
become: yes
tasks:
- group:
gid: 12310
name: groupA
state: present
- group:
gid: 12311
name: groupB
state: present
- user:
name: user1
state: absent
- user:
name: user2
uid: 12427
shell: /bin/false
password_lock: yes
groups: groupA, groupBManaging services
Services are process daemons that run in the background and serve some service like sshd providing SSH connectivity etc. Using Ansible, you can manage system and user services, like starting, stopping, and restarting them. Here’s a sample playbook to demonstrate that:
---
- hosts: all
gather_facts: no
become: yes
tasks:
- name: Restart ssh daemon
service:
name: ssh
state: restarted
- name: Restart sssd daemon
service:
name: sssd
state: stopped
- name: Restart httpd daemon
service:
name: httpd
state: startedIn the above example, the SSH service will be restarted while stopping the SSSD service next. The httpd daemon is started towards the end. As Ansible is idempotent, any service which is already started or stopped will not be changed while restarting always changes service state. Do remember to check service name as different Linux distributions use other names even for the same service like ssh and sshd.
Summary ๐จโ๐ป
Ansible makes the life of a system administrator easy by allowing you to execute repeated and time-consuming tasks in an automated way and reducing human errors and effort. Further, it will enable the storage of configuration data in a central code repository like Git, allowing multiple users to collaborate and review each activity.
To read more about Ansible and its extensive set of modules, refer to its documentation.