At the Flock 2014 conference in Prague, Aditya Patawari delivered a talk on the Fedora Project’s use of Ansible for orchestrating its services. System administrators face many challenges today, as new servers, applications, and updates to these systems are constantly needing to roll out. Deciding whether to deploy virtually or on bare metal; configuring and managing systems and their access credentials is also a continuous and repetitive challenge which Patawari calls the “sysadmin loop.”
Hand-tooled scripts or other deployment tools like Puppet and Chef might be one way a sysadmin deals with these problems. But how do these solutions scale and help the sysadmin move on to other, more effective uses of their time? Scripts age quickly and may be hard to read later or pass on to others.
Fedora made use of Puppet for quite some time, since this was the best tool currently available. However, Puppet requires a per-machine agent to be installed, and is based on Ruby — often a different version than what a platforom ships. One of the Fedora Infrastructure team principals, Stephen Smoogen, also commented on the scalability issues of the puppet master.
Ansible takes a different aproach, using YAML for a readable definition called a playbook, and the very widely used OpenSSH as its transport engine. Another notable feature of Ansible is that it doesn’t require the servers to have any agent installed.
Ansible can be easily installed with yum, and any sysadmin who understands how to use ssh can run Ansible. It makes complex deployments equally as simple as ad-hoc or scripted commands. Ansible’s inventory file records and groups the hosts to be controlled in a simple, readable format so they can be controlled. Patawari then led the audience through some simple playbook examples to show how the hosts are accessed and managed in Ansible.
By reducing complexity and back-end requirements, Patawari asserted, Ansible makes the sysadmin’s job easy and accessible from anywhere at anytime. The one difficulty he noted was that migration from a more complex system like Puppet is challenging, whereas writing new playbooks from scratch is dead easy. He did note that playbooks should always be idempotent — meaning they will not affect the system if run more than once.
Fedora, Patawari said, leads by example with Ansible. We are in the process of converting our deployments from Puppet to Ansible, and there are modules remaining. Anyone interested can help with these remaining conversions, or just learn about Ansible and other ways to assist, by visiting our Fedora Infrastructure team in IRC Freenode at the #fedora-admin channel.
You can watch almost all of the Flock 2014 conference presentations at the conference YouTube channel here. You can also watch Patawari’s full presentation below.