It is multi-platform and can work with most modern operating systems, including Linux, Windows, and Mac. It supports a declarative language written in YAML or YAML Ain’t Markup Language to describe system configuration. Ansible, along with other modern configuration management platforms, has revolutionized IT automation and industry standards. Configuration management tools have become part of the DevOps toolset and are an inseparable part of any modern IT process lifecycle. This is applicable for any modern infrastructure environment, whether built on an on-premises, hybrid, or cloud environment. Not only for DevOps, but Ansible can also help automate many day-to-day tasks done by a System Administrator. One of the advantages of using Ansible is that it is agent-less and doesn’t need much to get started besides SSH access to the target machine and the supported version of Python, which is already installed by default on most modern operating systems. Also, since it’s a lightweight tool, it can be deployed and used with a legacy to innovative systems.
Uses of Ansible
Orchestration Ansible is a tool of choice for orchestrating various system administration and deployment tasks. Playbooks allow using the same orchestration workflows across different projects and YAML based configuration data allows storing and versioning your infrastructure on Git repository or any supported version control platform. Application Deployment Whether it’s a simple few lines code application or multi-tier heavy-weight deployment, Ansible makes it possible to automate the end-to-end application deployment lifecycle. Security and Compliance Ansible can also help ensure your systems are secured as per your organization’s guidelines and compliant with industry standards. It can run across thousands of servers, generate an audit, and fix those security holes, giving the administrator complete control of the environment. Let’s now look at some of the common Sysadmin Tasks you can automate with Ansible.
Copy files from a local or remote system
As a System Administrator, it is common to copy files from one directory to another. Configuration files often need to be copied to remote servers, or sometimes we need to move files from one remote location to another. Ansible copy module can help you do these tasks in a playbook. It’s a routine task for a sysadmin to know the status of managed servers and perform predefined actions as per the organization’s policies. One such task is to know server uptime. With Ansible, we can easily fetch uptime values and print them together. An example to copy ntp configuration from local to a remote server using copy module is shown below:
Configure additional cron jobs
Setting up scheduled jobs to carry out routine tasks is part of managing any server. You can schedule automatic backups, patching, auditing, etc., during certain times of day or month automatically and leaving productive time for your use. cron is one such tool in Linux that supports scheduling, and Ansible can help you add or modify those jobs. As an example, the below playbook demonstrates how you can set a rsync job as root on some or all of your servers easily using Ansible.
Manage disks and filesystems
Ansible can be used to manage disks, partition layouts, filesystems, and mounts, including /etc/fstab on Linux servers. Different Ansible module makes this possible. Here’s an example that creates a partition on a 100GB disk, formats it with ext4 filesystem creates a new directory for mounting the partition and finally mounts it on a given directory. An entry in /etc/fstab is also created through temporary or permanent mount depending on module options.
Collect server logs
Keeping logs in a convenient place is sometimes essential for security, audit as well as analysis. Ansible allows the collection of logs from different servers in your enterprise environment and keeps them in your defined location easily. Here’s the playbook to achieve this:
Install or remove packages and software
Packages are often required to be installed on user requests or as part of initial server builds. We may also need to remove certain packages which are no longer needed or have some critical bugs etc. Ansible allows you to easily install or remove packages without the hassle of going to each server and running manual commands. Here’s an example demonstrating the installation and removal of one package each for Ubuntu and RHEL/CentOS-based Linux servers.
Managing users
Users and groups form the basic structure around which Unix/Linux-based systems manage access and permissions. In a big organization, managing users and groups can be a big challenge despite automation to support the environment. With Ansible, the system administrator has an excellent tool to create, modify and delete users and groups with all different possibilities supported in the OS. Here’s a simple example that shows the creation and deletion of users and groups using Ansible. After this playbook runs, target servers will have groupA and groupB created with given GIDs while user1 will be removed, if present. A new user without a shell will be created as user2 with given UID, groups assigned, and locked password.
Managing services
Services are process daemons that run in the background and serve some service like sshd providing SSH connectivity etc. Using Ansible, you can manage system and user services, like starting, stopping, and restarting them. Here’s a sample playbook to demonstrate that: In the above example, the SSH service will be restarted while stopping the SSSD service next. The httpd daemon is started towards the end. As Ansible is idempotent, any service which is already started or stopped will not be changed while restarting always changes service state. Do remember to check service name as different Linux distributions use other names even for the same service like ssh and sshd.
Summary 👨💻
Ansible makes the life of a system administrator easy by allowing you to execute repeated and time-consuming tasks in an automated way and reducing human errors and effort. Further, it will enable the storage of configuration data in a central code repository like Git, allowing multiple users to collaborate and review each activity. To read more about Ansible and its extensive set of modules, refer to its documentation.