"Ansible is automation made simple", but that's it? Not really! The Ansible ecosystem is quite huge. It provides graphical UIs, tracing, testing and much more.
Ansible is the brand, the software and the package. But there is more to it. With Ansible (the package name), you will get 2 different packages. As explained in my Ansible 3.0.0 article, Ansible is crafted from Ansible Base and the Community Collections.
Ansible Base provides the necessary foundation. It is the heart of Ansible.
First and foremost, you will get a couple of command line tools, that will run certain tasks for you. The below (alphabetical) listing will give a brief overview of the built-in commands.
ansibleprovides access to ad-hoc commands. You can think of "single task playbooks". This is very helpful to test something or just do some quick operational tasks.
ansible-configcommand is really handy, if you want to review your configuration or check which configuration options are effectively used.
ansible-doccommand provides access to the offline documentation. You can use the tool to read about modules, plugins and more.
Since Ansible provides galaxy.ansible.com, one would also need a command to interact with it. You can use the
ansible-galaxycommand to install, search, list or develop roles and collections.
If you want to review your inventory or export it, you can use the command
ansible-inventory. It provides options to represent your inventory in different ways like lists or graphs, including the effective variables.
The backbone of Ansible, is the possibility to execute playbooks. For this, you will use the
ansible-playbookcommand. It takes playbooks and inventories as input to execute many tasks on your managed nodes.
Ansible provides a way to "reverse" its push paradigm with the
ansible-pullcommand. It can be used to have an agent-like behavior.
Ansible has also some testing possibilities included, which is very handy for developers of roles, playbooks and modules. You can use the
ansible-testcommand to run some sanity checks and syntax checks for your development.
Storing secrets and password can be a problem, when using a git repository for your development. Since one should never store private data unencrypted in a repo, Ansible provides
ansible-vault. You can use it to create vault files and secure your critical data.
In addition to the commands you will get several built-in modules and plugins to get started. In the below list, I will provide some example modules.
A wrapper module to install/update/remove packages via Ansible. It allows installing packages without using the (also built-in) yum/apt/dnf modules.
This module can be used to start/stop/restart or enable services. As the package module, it is a wrapper for service managers like BSD init, OpenRC or systemd.
This is the default module used to gather information from a managed host. It is used in the playbook step "Gather Facts".
You can review the complete list in the documentation.
Installing Ansible as a package also provides the community collections. The collections extend the functionality of Ansible to manage even more devices and software.
Below, I will list some of these collections and give a brief overview of what's in them.
The ansible.posix collection provides additional modules to control SELinux or firewalld. It is a very useful collection to manage Fedora, CentOS or Red Hat systems.
The community.general collection is vast pool of useful modules and plugins. It includes caching plugins for Redis or Callback plugins for Jabber and Slack. You will also get tons of modules like the Flatpak, GitHub or Proxmox module.
If you want to manage your Kubernetes deployments via Ansible, this collection is for you. You can apply your k8s deployment files or even Helm charts.
You can find the collection index in the official documentation.
Ansible on its own is awesome, when it comes to automation. But as we all know, sometimes we need a bit more. We want to have integrations, tracking, Web UIs and testing options.
The community has developed many tools, that extend the functionality. In this section, I will show some of them.
ARA (ARA records Ansible) provides reporting by saving detailed and granular results of Ansible runs. In a Web UI you can review when a playbook was running, how it went and how long it took. You can also check which hosts had changes and which not. It's basically tracing for Ansible.
ARA gets the data via a callback plugin, which allows it to be used by running
ansible-playbook commands. Therefore, you can integrate the software in Jenkins, GitLab CI, Molecule and more.
Ansible AWX (AWX for short) is the upstream project of Ansible Tower. The software provides a web interface and API to manage your Ansible Jobs in a convenient way. You can create and use Job Templates, credentials, inventories and much in the software. You will also get user management options, include LDAP connectors and Role Based Access Controls. For the deployment of AWX Docker, Kubernetes and OpenShift are supported.
Ansible CMDB (Change Management Database) provides a graphical representation of the inventory and facts about managed nodes over time. In a Web UI (static HTML), you can review different facts of your hosts and see when something was changed. The software also offers different output formats like HTML, CSV or SQL, which can be processed later on.
One can say, galaxy.ansible.com is the content hub for Ansible code. You will find all kind of roles and collections here.
Publishing your Ansible code can be done in a repository of course. Ansible Galaxy provides an additional option with some added value like ranking and tagging. Users can also see different versions of your code.
Ansible Runner / Builder
Ansible Runner is a tool that helps when interfacing with Ansible directly. If you intend to use Ansible with a CI/CD or container interface, Ansible Runner may be worth a look.
Ansible Builder on the other hand should help to prepare execution environments for Ansible runs. Execution environments are basically container images, that serve as a control node for Ansible.
The Molecule project is designed to aid in the development and testing of Ansible. It provides capabilities to test playbooks, roles and collections in multiple instances, operating systems and distributions. It can handle different test scenarios, integrates multiple testing frameworks and connects to different virtualization and container providers.
If you intend to develop Ansible code, you should have a look at Molecule.
More, more, more ...
In the above sections, I only mentioned bigger projects. But there is more. You can find Ansible integrations for IDEs and Editors like Atom, VSCode and PyCharm. Vagrant, Packer and Terraform also integrate Ansible in the tool chain to support your Development and Deployments. If you are working with Kubernetes and want to dig in Kubernetes native applications, check out the Operator SDK and its Ansible integration.
Ansible provides one of the best documentations, you can find for a project.
You can also find more resources like videos and e-books online.
The Ansible ecosystem provides lots of tools, that support development, deployment and operations. It is possible to build an entire lifecycle management around Ansible code or just use it as a helper in your workflow. I hope this article provides some useful information. In the future, I will have much more article about Ansible development and even showcase some mentioned tools in more details.