WORDS BY Tadej Borovšak
Cloud provisioning is a critical element of the modern cloud computing model. We live in the age of microservices, where automation is not a nice-to-have anymore. It became an integral part of everyday operations.
Luckily, there is a wide variety of automation and orchestration tools out there. Those tools can save us time while simultaneously increasing the performance and accuracy of provisioning and configuration management processes.
In this article, we will explore the benefits of cloud automation with Ansible. We will discuss several use cases that illustrate the power this tool presents in the areas of provisioning, configuration, and compliance.
Ansible is, first and foremost, an automation tool. Given the right content (roles, modules, and other plugins), Ansible can automate almost anything. And cloud management is no exception, which means that we can automate our provisioning processes with relative ease.
With a little help from continuous integration and continuous deployment (CI/CD) products, Ansible can transform into a mighty orchestration tool. We can start combining standalone tasks into complex workflows that automate complex IT processes.
And if we bind workflow executions to events from our monitoring systems, we made some serious steps towards self-healing infrastructure.
But none of the previously described things are possible if we do not have Ansible integration for the cloud provider of our choice.
The traditional model for many businesses is to have infrastructure provisioning processes separated from the configuration management workflows. And while configuration management is often (at least partially) automated, it is not uncommon for system administrators to manage infrastructure manually, which is slow, laborious, and error-prone.
By provisioning cloud infrastructure with Ansible, system administrators can perform day one and day two operations using a modern and reliable tool. And the Ansible playbooks used to manage cloud resources also serve as human-readable and machine-executable documentation.
Many users already use Ansible for their non-infrastructure automation needs. Having a high-quality Ansible integration offers a seamless transition for such users, unifying their management tools.
Providing Ansible integration as a cloud provider will raise the confidence and improve cloud customers’ user experience.
Ansible is not the only tool that we can use to manage cloud resources. But because of its simplicity and flexibility, it does offer quite a few advantages compared to similar utilities.
No need for a separate configuration management tool. Ansible is so powerful, we can provision cloud resources, configure the operating system, and then install and configure the application on top. We can do this using a single Ansible playbook if we wish. Chaining together multiple Ansible playbooks is a more flexible alternative.
Less vendor lock-in. Ansible modules serve as a thin abstraction layer over the cloud provider’s application programming interface (API). Abstraction gives the freedom and flexibility to switch between different cloud providers at any time with minimal effort. And it enables us to work with multiple clouds simultaneously without risking the cloud-specific tools overload.
User-friendly automation layer. Ansible playbooks are YAML files that describe the desired state of the system we want to manage. Writing Ansible playbooks requires no prior development or programming experience. And there are plenty of online resources to help us with the Ansible playbook authoring process.
As already stated before, we can use Ansible to manage almost anything. But in this section, we will look at three different cloud-related use cases that benefit significantly from Ansible’s involvement.
Creating a new virtual machine does not sound too complicated. We need to click a few buttons, and that is it. Right? Well, in reality, things are never this simple. Because before we create a new virtual machine, we may need to create a virtual private cloud that will host our resources. And set up a security group (think firewall). And create an internet gateway. And make sure we have our SSH keys ready. The list goes on and on.
We can describe all those steps in a reusable Ansible playbook once and then run them as many times as needed. We can also parameterize our Ansible playbook. Parameterization allows us to modify the deployment process without having to edit the Ansible playbook. And with a little help from Ansible Tower, we can package our parameterized Ansible playbook into a self-service catalog item anyone can use.
Ansible can use a cloud provider as a source of information about existing resources. This dynamic approach makes manual inventory management a thing of the past. We can now manage hundreds of servers without breaking a sweat.
Combining dynamic inventory with Ansible’s ability to execute operations in batches, we get a potent tool for performing rolling updates of clusters.
If we follow the best practices when authoring our Ansible playbooks, we will produce a concise description of the desired state. We already know that Ansible will, when executing the instructions, robustly enforce this state on the managed node.
But we can reuse the same description to detect unauthorized or unintentional configuration changes, commonly referred to as configuration drift. Running Ansible in check mode will produce a list of deviations from the desired state. For example, we can detect changes to security group rules.
Although we focused our attention on the cloud today, we looked at it through the eyes of an Ansible user. For example, we talked about the desired state of resources and change detection, which are the two most fundamental things Ansible users expect from Ansible integration.
Cloud providers often only think about the cloud functionality they offer when setting up an Ansible integration. Typically, this leads to poorly-designed Ansible content that feels out of place when used in Ansible playbooks.
Creating a high-quality Ansible integration is far more than just wrapping an existing cloud API. Ensuring modules have a public API that follows Ansible’s best practices, setting up a robust test suite, and properly documenting the content are just a few things each high-quality Ansible Collection needs.
By outsourcing the development of Ansible Collections to experts, cloud providers get a high-quality Ansible integration while allowing them to focus their efforts on their primary product.
Ansible is probably the only widely-used automation tool that allows us to describe the whole deployment uniformly: from the provisioning phase to the holistic configuration of the applications that run on top of the cloud resources.
Ansible Collections play a central role in Ansible’s flexibility. They provide, among other things, integrations with cloud providers that unlock cloud-management capabilities. If appropriately designed, Ansible Collections significantly improve user experience and remove barriers to adoption, bringing benefits to both customers and cloud providers.
Discover more about the benefits of high-quality Ansible Collections, read a customer story, and get inspired by downloading our free e-book.