Welcome to the third installment of WEI’s ongoing DevOps for SysOps Series. Previously, we discussed Git and Configuration as Code (CaC). Now, let’s focus on Ansible. Ansible is an open-source IT automation platform developed by Red Hat. Ansible enables organizations to automate a wide range of IT tasks, including provisioning, configuration management, application deployment, and orchestration. If you are looking to automate things like server deployment, cloud provisioning, software installation, and configuration updates, this is the quick read for you.

Key Features of Ansible

Forrester Research identified Red Hat Ansible as an industry leader in infrastructure automation in 2024. Here are some of the standout features that make Ansible so popular and effective today:

• Compatibility: Ansible can be used across various platforms including Mac, Linux, Windows, and even non-operating systems like routers and switches. This broad compatibility makes it a great fit for hybrid environments and mixed-infrastructure organizations.
• Agentless: There are many tools out there that require you to install a bit of software first to communicate with the target host. Ansible isn’t one of them as it communicates directly with systems using standard protocols. This reduces overhead, simplifies setup, and minimizes security concerns tied to third-party agents.
• SSH Protocol: Instead of an agent, Ansible uses SSH by default, which is a widely supported protocol and readily used by IT admins. If you are using Windows, it can use the Windows remote management protocol which can be easier to work with for Windows hosts.
• Idempotence: This is a word you don’t use every day. This feature allows Ansible to run scripts repeatedly without causing issues because Ansible is smart enough to check the state of the machine and only performs actions that are necessary. Once a script is run once, it won’t be run again.
• Extensibility: Ansible is extensible, which means you can keep adding to it beyond its core capabilities. Its modular design gives you the flexibility to tailor automation to your unique environment and workflows.
  

What is YAML?

Another feature that makes Ansible so popular is its use of declarative scripting language. A declarative language focuses on describing the desired end state of a system, rather than outlining the exact procedural steps to reach that state. The descriptive scripting language that Ansible uses is YAML, a human-readable data serialization format. It is structured to be easily understood by both people and machines. This clarity and simplicity make YAML ideal for writing Ansible playbooks.

Components of YAML

We mentioned playbooks, which are one of the primary components of YAML. Playbooks are where the action happens. Ansible playbooks serve as blueprints that define the desired state and configuration of your managed nodes, orchestrating complex workflows and multi-step processes with clarity and precision. A playbook is basically a file that describes a series of automation tasks to be executed on specified hosts or groups of hosts. Each playbook consists of one or more “plays,” and each play consists of a list of tasks. Playbooks are executed from top to bottom, with each play and task running in the order they are listed.

Some of the other components that make up Ansible are:

• Modules: These are packages of code that Ansible executes against predefined hosts. Modules are the core of Ansible’s functionality and can be executed over SSH or other protocols
• Plugins: Plugins augment Ansible’s core functionality. They can be used to extend Ansible’s capabilities beyond its basic functions 
• Inventories: Inventories are used to organize groups of hosts. While technically not required, leveraging inventories allows users to take full advantage of Ansible’s functionality 
• Variables: Variables can be assigned in various ways and are used to customize configurations for different hosts or groups.

Two Versions to Choose From

Ansible comes in two forms – a free version and a paid version. The free version comes as a command line interface (CLI) version. It is very basic, but suitable for a single user working on a single machine. If you’re a small organization with a single senior IT admin, it might be all you need.

For those seeking more functionality without cost, there is AWX, the free and open-source upstream project for Red Hat Ansible Automation Platform. While AWX provides a web-based user interface and REST API, it’s important to note that as a community-supported project, it may experience stability issues and lacks enterprise support. This may make it potentially less suitable for production environments with critical automation needs…

…which leads us to the paid version called Red Hat Ansible Automation Platform. It includes a web UI and API for managing playbooks, inventories, credentials, and workflows. This makes it much easier to use and scale than just running playbooks via CLI. Unlike the CLI version, the Red Hat Ansible Automation Platform allows collaborative work so it is great for teams.

The paid version also gets you these features not available in the CLI:

• Red Hat Support: Access to Red Hat support for troubleshooting and assistance 
• Event-Driven Ansible: This feature allows for additional automation, such as monitoring a web server and executing predefined actions if it goes down. Event-Driven Ansible helps organizations respond faster to incidents and automate complex workflows across their IT environments.
• Ansible Lightspeed: An AI-powered coding assistant that provides real-time code suggestions and can generate entire playbooks or tasks from natural language prompts within your Integrated Development Environment (IDE) 
• RBAC (Role-Based Access Control): Built-in RBAC is crucial for team environments to ensure powerful automations are locked down, letting you control who can run what, on which hosts, with what credentials.
• Verified and Validated Collections: Access to pre-written, validated, and certified scripts from partners like AWS, Cisco, and Aruba. These collections are tested and supported, helping you deploy automation with confidence and speed.

Ansible in Action

Let’s start with a real basic example of YAML in action. Here we will add a user to a Linux host. The process involves creating a project folder, an inventory file, and a playbook. The inventory file lists the target hosts and their variables, while the playbook specifies the tasks to be executed. In this scenario, the task is to add a user to the host using the ansible.builtin.shell module. Let’s see an example.

Ansible Playbook for Creating a Local User:

# ——————————————————————————————————————-

– name: Create a local user on a single host

hosts: LinuxServer1

become: yes

tasks:

   – name: Add user “exampleuser”

     ansible.builtin.shell: useradd exampleuser

     args:

       creates: /home/exampleuser 

Components explained:

• Playbook name: Create a local user on a single host – This is a descriptive name for the playbook.
• Target hosts: hosts: LinuxServer1 – This specifies that the playbook will run only on the host or group named “LinuxServer1” defined in your Ansible inventory.
• Privilege escalation: become: yes – This tells Ansible to execute the tasks with elevated privileges (like sudo), which is necessary for user creation.
• Tasks section: Contains the list of actions to perform.
• User creation task:
  • name: Add user “exampleuser” – A descriptive name for this specific task
  • builtin.shell: useradd exampleuser – Uses the shell module to run the Linux command useradd exampleuser
  • args: section with creates: /home/exampleuser – This is an important idempotency check that prevents the command from running if the home directory already exists, making the playbook safe to run multiple times

Note:

While this will work, Ansible has a dedicated user module that would be more appropriate for this task. Modules help to re-use code and decrease complexity. The equivalent using the proper module would be:

– name: Add user “exampleuser”

ansible.builtin.user:

   name: exampleuser

   state: present 

The dedicated module handles idempotency automatically and provides more options for configuring the user account.

# ——————————————————————————————————————-

In addition to configuring users and groups, you can use Ansible to install or update software packages, reboot or shut down servers, manage files and directories or deploy and configure applications. There are so many things that Ansible can do. With its hundreds of built-in modules, it can automate everything from system updates and cloud provisioning to enforcing security policies. By making use of human readable YAML playbooks, users don’t need to master a complex programming language, and its agentless design means there is no additional software to deploy. Whether you’re managing a handful of servers or scaling to thousands across hybrid environments, Ansible provides the consistent and reliable automation framework that businesses are looking for today.