In this chapter, we are going to cover configuration management (CM), Configuration as Code (CaC), and our tool of choice for it: Ansible.

We will cover the following topics:

• CM systems and CaC
• Ansible
• Ansible Galaxy
• Handling secrets
• Ansible Tower and alternatives
• Advanced topics

For this chapter, you will need a Linux system that you can access through ssh. If your main operating system is Windows, you will need another Linux system to play the role of the control node. As of now, the Ansible project does not support Windows as a control node.

Setting up and maintaining a system other than a hobbyist server (and even those, maybe, too) poses a serious challenge: how do you ensure that the system is installed and configured correctly and according to expectations? When you have to install a new server that is identical in configuration, how do you ensure that? In the past, a way of doing it was documenting the current configuration after the installation process was done. This would be a document describing the hardware, operating system, installed software, created users, and configuration applied. Any person who wanted to recreate it would have to follow steps to achieve the configuration described in the document.

The very next logical step is to write shell scripts that achieve the same goal with one additional improvement over the manual process: the scripts—properly written, tested, and maintained—do not require manual work, except, maybe, the initial system installation. But a properly...

In this section, we are going to introduce you to Ansible, our tool of choice when it comes to CaC.

Ansible is a tool written for managing the configuration of systems and devices. It is written in Python and its source code is freely available to anyone for downloading and modification (within the limits of its license, which is Apache License 2.0). The name “Ansible” comes from Ursula K. Le Guin’s book Rocannon’s World and denotes a device that allows instantaneous communication no matter the distance.

Some interesting characteristics of Ansible are set out here:

• Modularity: Ansible is not a monolithic tool. Rather, it’s a core program with each task it knows how to perform written as a separate module—a library, if you will. Since this was the design from the start, it produced a clean API that anyone can use to write their own modules.
• Idempotence: No matter how many times you perform a configuration, the result...

Ansible is a powerful automation tool that enables users to configure, deploy, and manage complex IT infrastructures with ease. However, creating and maintaining Ansible playbooks can be time-consuming, especially when working with large-scale environments. Fortunately, Ansible Galaxy exists to help streamline this process by providing a centralized repository of pre-built roles and playbooks that can be easily integrated into an existing Ansible project.

Ansible Galaxy is a community-driven platform that hosts an extensive collection of Ansible roles and playbooks. These roles and playbooks are submitted by users from around the world and are reviewed and curated by Ansible’s maintainers. Ansible Galaxy provides a simple, efficient way to find and use pre-built automation content that can save users time and effort while ensuring quality and consistency.

Using Ansible Galaxy, users can quickly find, download, and use pre-built roles and playbooks for popular...

Protecting secrets such as passwords, tokens, and certificates is crucial in any IT infrastructure. These secrets are the keys to accessing sensitive information and services, and their exposure can lead to severe security breaches. Therefore, it is crucial to keep them safe and secure. Ansible provides several methods for managing secrets, such as Ansible Vault, which allows users to encrypt and decrypt sensitive data using a password or key file. This feature helps to protect secrets and ensures that only authorized users have access to them.

Saving secrets in a Git repository or any other public place is a significant security risk. Such repositories are often accessible to multiple users, some of whom may not have the necessary permissions to access sensitive data. Additionally, version control systems such as Git retain the history of changes made to files, making it possible for secrets to be exposed inadvertently. This could happen if a user inadvertently...

Ansible Tower provides a centralized platform for managing Ansible automation workflows, making it easier for IT teams to collaborate, share knowledge, and maintain their infrastructure. Some of its key features include a web-based interface for managing Ansible playbooks, inventories, and job runs, role-based access control (RBAC) for managing user permissions, a built-in dashboard for monitoring job status and results, and an API for integrating with other tools and platforms.

It was first released in 2013 by Ansible, Inc. (now part of Red Hat), and has since become one of the most popular tools for automating IT workflows.

Since its initial release, Ansible Tower has undergone numerous updates and enhancements, including support for more complex automation workflows, integration with cloud platforms such as AWS and Azure, and improved scalability and performance. Ansible Tower is a commercial product shipped by the Red Hat company. The closest...

In this section, we will show you how to handle advanced Ansible features and techniques for debugging and automatically checking your playbooks for possible errors.

Debugging

In order to debug issues with your Ansible playbook runs, it is often useful to increase the verbosity level to get more detailed output about what Ansible is doing. Ansible has four verbosity levels: -v, -vv, -vvv, and -vvvv. The more vs you add, the more verbose the output becomes.

By default, Ansible runs with -v, which provides basic information about the tasks that are executed. However, if you are experiencing issues with your playbook, it may be helpful to increase the verbosity level to get more detailed output. For example, using -vv will provide additional information about the playbooks, roles, and tasks that are being executed, while using -vvv will also show the tasks that Ansible is skipping.

To increase the verbosity level of an Ansible playbook run, simply add one...

In this chapter, we have presented you with the Ansible CaC tool. We have explained and demonstrated how moving configuration, from tribal knowledge and documents (as well as describing steps required to get your system to a desired state) to tools that can implement said configuration based on a well-defined syntax brings benefits to your organization, such as repeatability, ability to run many configurations in parallel, automated tests, and execution.

In the next chapter, we are going to introduce you to Infrastructure as Code (IaC).

• Mastering Ansible, Fourth Edition by James Freeman and Jesse Keating
• Ansible Playbook Essentials by Gourav Shah
• Ansible for Real-Life Automation by Gineesh Madapparambath