Skip to main content

Ansible overview

Ansible manages the ThinkAgile CP stack and its components using OpenSSH. It needs to be installed only on a single server, from which it can manage the whole stack. Ansible communicates with other devices without needing to install or run software on those machines.

For details on how to install Ansible and also to learn about any prerequisites it may have, see the official Ansible documentation at the following topic:

Ansible documentation

Securing Sensitive Data

If securing sensitive data is a concern, Ansible provides a means for keeping sensitive data such as passwords or keys in encrypted files, rather than as plain text in your playbooks or roles. Encryption of sensitive data is provided through Ansible's Vault feature. To understand how to use this feature, see the following topic:

Vault page

Configuration File

The Ansible configuration file – ansible.cfg – contains settings like the default timeouts, port numbers, and other parameters. The configuration file is located at the following address:

/etc/ansible/ansible.cfg

Note

To leave the configuration file intact, create a new file in a local directory. The new configuration file is editable and a reference to it must be provided in the ansible.cfg file.

Inventory

The inventory contains the list of hosts managed by Ansible. Hosts in the inventory are generally arranged into groups and the actions performed by Ansible are carried out on all the hosts in a group simultaneously. The Ansible host file is usually found at the following address:

/etc/ansible/hosts

In the inventory file, variables can be assigned to each host to be used later in playbooks. Variables can be also applied to a host group.

Note

Ansible can make use of multiple inventory files at the same time.

Modules

Modules are used by Ansible to do its work. They are Python scripts that get executed on the devices that Ansible manages. Multiple modules are usually executed as part of playbooks. Single modules can be run using the ansible command. After being executed on a device, a module returns information to Ansible in JSON format.

Modules can have arguments assigned to them.

Playbooks

Playbooks are used by Ansible for the configuration, deployment, and orchestration of remote devices. They are like a set of instructions that tell Ansible how to perform specific actions. For example, playbooks can describe the steps that Ansible needs to take to do a rolling update for multiple devices.

Playbooks can declare configurations. They can also be used to orchestrate the steps of any manually ordered process, even if different steps require to jump from one device to another in a specific sequence. Playbooks can launch tasks both synchronously and asynchronously.

Note

Playbooks are written in YML format.

Tasks

Every playbook contains a list of tasks. Ansible goes through a playbook and executes tasks in the specified order, one after the other. It runs a task on all devices that match the host pattern assigned to the task. After completing the task, Ansible moves to the next task in the playbook.

During the execution of a playbook, all hosts are going to get the same task directives. The purpose of a playbook is to map a selection of hosts to a selection of tasks, while the purpose of a task is to execute a module, usually with very specific arguments. Variables can be used in arguments assigned to modules.

Templates

Templates are like mathematical functions. Functions require some form of initial data that is processed by the function and then a result is generated. Templates work in a similar way. During the execution of a playbook, Ansible substitutes the variables in a template and outputs a command set file that can be used to configure different network elements.

The concept of a template is introduced in Ansible as a module. Templates for Ansible are made using Jinja2 – a popular Python template engine. For more information about Jinja2, see the following topic:

https://palletsprojects.com/p/jinja/

Variables

Variables are place holders for which their value may or not be known. The variable name is used to reference the value stored. This separation between the variable name and value allows the variable name to be used independently of the exact value it represents.

Note

Variable names should be letters, numbers, and underscores. They should always start with a letter.

Variables can be assigned to hosts in the inventory file. They can also be used in a playbook and can be defined in other files, such as roles or templates. All variables are further defined in the following file, where values can be provided for them:

/vars/main.yml

Handlers

Handlers perform different post-deployment tasks, such as the restart of a device. They are triggered tasks that are executed only if they are notified as such by other devices using notifications. For example, you can set up a handler to restart an interconnect switch when its configuration file changes. The interconnect detects that its configuration has been modified and it notifies the handler of this event. The handler is triggered and Ansible executes the tasks associated with it.

Ansible ensures that the tasks are performed only if the handler is triggered. For example, Ansible restarts the interconnect switch only if the interconnect’s configuration file has changed.

Handlers can also be configured to listen to specific events. This allows handlers to be triggered without being directly notified of an event.

Roles

Roles are methods of automatically loading specific variable files, tasks, and handlers based on a predetermined file structure. Roles are assigned to different hosts. When a host is declared to have a specific role, Ansible knows what actions to perform on that host based on the configuration of its assigned role.

Roles are the best way to organize playbooks. Grouping content by role also allows roles to be easy to share with other users.