I love Ansible while hating when people touch it. Yes, it’s very flexible but at what cost? If you actually learn it and follow some basic guidelines, you can make beautiful playbooks and inventories having wonderful automation for even complex setups while keeping it clean. But if one doesn’t care and just try to make servers go brrr, it becomes horrific glorified shell script with everything hardcoded, most tasks unaware of changes they make, cesspool of shitty templates, breaking itself in minutes, being pain to work with and making me want to delete all the shit and start all over.
I decided I wanted nothing to do with Ansible when I was half an hour into reading the website and I still didn’t have a fucking clue what it is or exactly what it does.
To this day, I couldn’t really tell you. It seems to be basically a framework for automatically SSH’ing into machines and running shell scripts on them which doesn’t sound robust in the slightest. It’s like they took thirty years of sysadmins’ discarded spit-and-duck-tape solutions and bundled them into a “framework”.
I dunno how the fuck you’re supposed to manage cloud infrastructure at scale with that.
Terraform for day 0 operations is a better experience but it had its quirks. Ansible is nice when it’s done well, but when you don’t have an Ansible module for something, you’re essentially writing a shell script
Yeah, in contrast the value proposition for Terraform was immediately obvious. “Oh, you mean I don’t have to manually set up Kubernetes clusters and shit every time we want to deploy to a new region? Fucking sign me up!”
It’s far more than just SSHing and running shell scripts. Besides, I wouldn’t ever call it a „framework”.
It’s a tool for Linux, BSDs and even Windows machine setup automation in a declarative fashion. Tasks are usually built out of wide range of provided modules for both universal actions (like file edits, templating, shell commands) and very specific ones (like Podman containers, Postgres users, indexes in Mongo, whatever you imagine, you can even implement your own in Python). Those tasks have logic that can detect the status for each of the tasks in each specified nodes, so they can not only be applied, but also dry run with precise diff tracking (diff of config files to be applied, packages to be installed, etc).
It has inventory that can be both static (config file), and dynamic (e.g query an AWS account for Ec2-s or get nodes from Proxmox) that lets you group your however many hosts (by purpose, etc), attach variables to specific hosts or entire groups, or even store encrypted credentials to use them in roles. When dealing with hundreds of hosts, at some point this is something you need to do anyway, but here it really shines even with much smaller amount of machines.
Ansible can be very reliable and provide awesome environments, but it requires some learning and due to its flexibility, it can also be used badly. I have some success stories with it in last 7 years of utilizing it for both small and big business.
That being said, if you want some magic hammer that just does stuff without requiring any understanding, Ansible might not be the thing.
And no, Terraform is not an replacement for Ansible and vice versa. Those two are designed for different purposes. I actually used them together in some projects.
And no, Terraform is not an replacement for Ansible and vice versa. Those two are designed for different purposes. I actually used them together in some projects.
Yeah, that’s the problem. Every time infrastructure management came up, a certain coworker would always bring up Ansible. It eventually got kind of annoying.
Yup. I used ansible for a good year, maybe two, and found myself asking, “Why the fuck am I maintaining some abstract thing when I can just write a shell script and deploy that?”
Cloud orchestration is better done with other tooling. Honestly don’t see a use case for ansible beyond physical data center deployments.
There is a reason ansible exists and is widely used. Shell scripts are brittle and don’t account for a ton of use cases.
For instance- are you going to write a shell script to determine the OS family of a server? Are you then going to do a bunch of if statements for things you want run on Debian hosts vs RedHat ones vs. Alpine? Are you going to manually make templates yourself or just use jinja templates and the template module in ansible (and use variables easily gathered by the setup module)? Are you going to manually select which hosts you’re going to target or are you just going to use your ansible inventory that categorizes your machines based on location or purpose or whatever other arbitrary thing and use tags? Are you going to manually dig in and find out how many NICs are in a box, what IPs they have, what CPU, how many cores so you can set some service to use “X” amount of threads, define service templates using those machine variables, etc. etc. etc.? Are you going to make such well defined shell scripts that they can be reused over and over again against a variety of machines without breaking things and make it easy to include them in parent shell scripts?
This is all stuff ansible does quite easily.
It’s not the end all be all of course. Some would argue (maybe rightfully) that Puppet or Salt can maintain config drift a bit better. I would argue it’s not the tool to use for containerization really either. But it definitely has a real purpose in initial and maintained configuration management and in both cloud and on-prem deployments.
They installed it for us at work as part of a project, and we went to ask the ansible guy wtf we could use it for in a windows world, and he couldn’t articulate how it would be an improvement in any way over a scheduled task.
It appeals to me for management of a windows machine for a few things:
Lots of machines at once, over winrm. Although ssh is the default, as ansible is linux first.
I don’t have to learn powershell - the shared language means the windows teams and the linux team don’t have to learn eachother’s language. In ansible, it’s very easy to avoid the footguns that come with something like bash, especially after you install the red hat linter, ansible-lint, which warns of ansible’s own footguns.
easy to version control it
premade stuff: the official “modules” are massive and do a lot. There are also community packages: https://galaxy.ansible.com - of course, you should probably check any stuff you run first. But ansible is very easy to read.
built in secret management. Encrypt secrets, but still be able to use them smoothly with the automation framework.
For just one machine? Task scheduler is probably good enough. 2-3 machines, managed remotely? Ansible is at least worth looking at.
The examples are very helpful, with things like getting a list of ad users. I used that to create a ansible script to shuffle all ad user passwords - while being a a linux lover who hates windows and has literally never touched ad before this.
I love Ansible while hating when people touch it. Yes, it’s very flexible but at what cost? If you actually learn it and follow some basic guidelines, you can make beautiful playbooks and inventories having wonderful automation for even complex setups while keeping it clean. But if one doesn’t care and just try to make servers go brrr, it becomes horrific glorified shell script with everything hardcoded, most tasks unaware of changes they make, cesspool of shitty templates, breaking itself in minutes, being pain to work with and making me want to delete all the shit and start all over.
I decided I wanted nothing to do with Ansible when I was half an hour into reading the website and I still didn’t have a fucking clue what it is or exactly what it does.
To this day, I couldn’t really tell you. It seems to be basically a framework for automatically SSH’ing into machines and running shell scripts on them which doesn’t sound robust in the slightest. It’s like they took thirty years of sysadmins’ discarded spit-and-duck-tape solutions and bundled them into a “framework”.
I dunno how the fuck you’re supposed to manage cloud infrastructure at scale with that.
Terraform for day 0 operations is a better experience but it had its quirks. Ansible is nice when it’s done well, but when you don’t have an Ansible module for something, you’re essentially writing a shell script
Or your own module in Python if it gets too complex to do with just Ansible https://docs.ansible.com/ansible/latest/dev_guide/developing_modules_general.html
Yeah, in contrast the value proposition for Terraform was immediately obvious. “Oh, you mean I don’t have to manually set up Kubernetes clusters and shit every time we want to deploy to a new region? Fucking sign me up!”
It’s far more than just SSHing and running shell scripts. Besides, I wouldn’t ever call it a „framework”.
It’s a tool for Linux, BSDs and even Windows machine setup automation in a declarative fashion. Tasks are usually built out of wide range of provided modules for both universal actions (like file edits, templating, shell commands) and very specific ones (like Podman containers, Postgres users, indexes in Mongo, whatever you imagine, you can even implement your own in Python). Those tasks have logic that can detect the status for each of the tasks in each specified nodes, so they can not only be applied, but also dry run with precise diff tracking (diff of config files to be applied, packages to be installed, etc).
It has inventory that can be both static (config file), and dynamic (e.g query an AWS account for Ec2-s or get nodes from Proxmox) that lets you group your however many hosts (by purpose, etc), attach variables to specific hosts or entire groups, or even store encrypted credentials to use them in roles. When dealing with hundreds of hosts, at some point this is something you need to do anyway, but here it really shines even with much smaller amount of machines.
Ansible can be very reliable and provide awesome environments, but it requires some learning and due to its flexibility, it can also be used badly. I have some success stories with it in last 7 years of utilizing it for both small and big business.
That being said, if you want some magic hammer that just does stuff without requiring any understanding, Ansible might not be the thing.
And no, Terraform is not an replacement for Ansible and vice versa. Those two are designed for different purposes. I actually used them together in some projects.
Yeah, that’s the problem. Every time infrastructure management came up, a certain coworker would always bring up Ansible. It eventually got kind of annoying.
Yup. I used ansible for a good year, maybe two, and found myself asking, “Why the fuck am I maintaining some abstract thing when I can just write a shell script and deploy that?”
Cloud orchestration is better done with other tooling. Honestly don’t see a use case for ansible beyond physical data center deployments.
There is a reason ansible exists and is widely used. Shell scripts are brittle and don’t account for a ton of use cases.
For instance- are you going to write a shell script to determine the OS family of a server? Are you then going to do a bunch of if statements for things you want run on Debian hosts vs RedHat ones vs. Alpine? Are you going to manually make templates yourself or just use jinja templates and the template module in ansible (and use variables easily gathered by the setup module)? Are you going to manually select which hosts you’re going to target or are you just going to use your ansible inventory that categorizes your machines based on location or purpose or whatever other arbitrary thing and use tags? Are you going to manually dig in and find out how many NICs are in a box, what IPs they have, what CPU, how many cores so you can set some service to use “X” amount of threads, define service templates using those machine variables, etc. etc. etc.? Are you going to make such well defined shell scripts that they can be reused over and over again against a variety of machines without breaking things and make it easy to include them in parent shell scripts?
This is all stuff ansible does quite easily.
It’s not the end all be all of course. Some would argue (maybe rightfully) that Puppet or Salt can maintain config drift a bit better. I would argue it’s not the tool to use for containerization really either. But it definitely has a real purpose in initial and maintained configuration management and in both cloud and on-prem deployments.
Building custom images for cloud can be one. Builtins have a lot of ready to use logic that you might want in your scripts anyway
They installed it for us at work as part of a project, and we went to ask the ansible guy wtf we could use it for in a windows world, and he couldn’t articulate how it would be an improvement in any way over a scheduled task.
To be fair it is not Ansible’s fault that Windows does pretty much everything differently from the systems Ansible was designed for.
Agreed entirely.
It appeals to me for management of a windows machine for a few things:
For just one machine? Task scheduler is probably good enough. 2-3 machines, managed remotely? Ansible is at least worth looking at.
Edit: also, really good docs. Like, check out this active directory module with examples: https://docs.ansible.com/ansible/latest/collections/microsoft/ad/object_info_module.html#ansible-collections-microsoft-ad-object-info-module
The examples are very helpful, with things like getting a list of ad users. I used that to create a ansible script to shuffle all ad user passwords - while being a a linux lover who hates windows and has literally never touched ad before this.
https://github.com/CSUN-CCDC/CCDC-2023/blob/main/windows/ansible/testing/users.yml
https://github.com/CSUN-CCDC/CCDC-2023/blob/main/windows/ansible/roles/domain/tasks/main.yml
Nice, I love it