In my past projects I had worked on Chef configuration management platform and for a new assignment recently I learnt Ansible. I found Ansible super easy to pick up without much help and loved how simple it is to automate tasks with Ansible. To understand the platform better I tried the Ansible tower by signing up for trial. I wanted to understand the what additional benefits one would get by using Tower. Some basic understanding of Ansible or similar platforms like Chef/Puppet/Salt is required to understand the topic of this post. You can check detailed documentation here.
For purpose of this post I spin up a t2.medium instance on AWS to host Ansible tower and a few t2.micro instances which acted as my server fleet. Without further ado, let’s walkthrough and understand capabilities of Ansible tower
The Home Screen
The home screen provides a quick overview of all important things that somebody managing a fleet of servers would care for. Apart from all hosts and inventories, you also see a trend of jobs ran on your servers and any sync issues/success etc. Some of terms might not be completely clear at this moment, but will dive through those details in coming sections.
Although above screen is useful for system administrators, there are some users for examples developers who are let’s say only interested in running jobs and seeing their results. For such users the “My view” icon on top right corner shows up a simpler screen which shows the job templates available and history of the jobs ran by the user.
Projects – the logical group
Projects are a group of ansible playbooks which together build a meaningful system/stack. For example if my system has three components – frontend, services and database then for creating a new environment I would need all three roles to be executed and I can logically form a project from these three playbooks. When you create a project, you can specify the source code to be picked up from one of SCM systems like Git/SVN or choose the playbook to be picked from a filesystem path. If you choose the filesystem then you can map one directory to only one project and you will have to manage code changes/updates etc. by yourself.
Permissions & notifications
You can define fairly fine grained permissions on a project by defining roles and users and then assigning them specific accesses to use, update or administer the project. This permission model applies more or less for all other types in Ansible tower
Lastly you can notify about the project through various channels such as Slack, pagerduty, Twillio and of course good old email. You can define a new notification template in notification tab and then attach the template to the project. You will need to provide access credentials/keys as appropriate based on notification type you choose. Again notification model is very similar and applied to most objects that you define in Ansible Tower.
Lastly once you have created a project and if it is based on some SCM system, you can define a schedule of how frequently to update the source code from SCM. This enables you a lot of control over introducing changes in code to live systems.
Managing the inventory
One of important aspects of any configuration management platform is managing the inventory of systems you have and their roles/purpose etc. You can define the inventory sets and each of inventory set can contain a group of servers or individual hosts. You can dynamically populate the groups by connecting to popular cloud providers such AWS, GCE, Azure or on premise such as OpenStack etc. As an example look at the DB servers inventory item below:
Defining Job templates
Job templates is where you combine projects, inventories, playbook and other things to do some real work. The job type can be run (Actually run), Check (Like a test run) and Scan (Gathers system information and is only available to admins.). You can decide which project to apply on which inventory and to run exactly which playbook. You can also prompt for some inputs from users before launching the job (Not shown in screen below) and use metadata features like tags etc.
Once you have saved a Job template, you can additionally define permissions, notifications and schedule. Schedule allows you to setup cron like jobs which can be triggered off at fixed times. Finally after saving you can click on “Rocket” icon next to job listing and actually launch it to run or simply to check till you are developing it further.
Running some Jobs
The jobs tab is a historical view of all jobs that have run, either kicked off manually or ran by scheduler. You can check overall status and details of logging to ensure correctness.
Concluding: Ansible Tower
Ansible tower can be a great addition to Ansible by providing all important management functions in UI form. It can also be a great way to expose jobs to be run by developers or other team members this enabling them to self service. While this is possible by using other tools such as Jenkins too, the native support for all Ansible concepts is definitely a big plus.