Ansible - Task & Scenarios

Ansible use cases

Ansible is a versatile automation tool that can handle a wide range of tasks and scenarios. Here are some examples of how Ansible can be used in different scenarios:

1. Infrastructure Automation

Ansible can be used to automate the setup and configuration of servers, networks, and other infrastructure components. This can include tasks such as:

Provisioning virtual machines or containers
Installing and configuring software packages
Managing network devices such as routers and switches
Configuring firewall rules and security settings
Setting up monitoring and alerting systems

In the below example, Ansible is used to provision a virtual machine on a cloud provider and install and configure Apache web server on it:

- name: Provision a VM and install Apache web server

hosts: cloud_provider

vars:

vm_image: "Ubuntu 20.04"

vm_size: "Standard_B1s"

tasks:

- name: Provision a VM

azure_rm_virtualmachine:

resource_group: my_resource_group

vm_size: "{{ vm_size }}"

admin_username: my_username

admin_password: my_password

image:

offer: UbuntuServer

publisher: Canonical

sku: "{{ vm_image }}"

storage_profile:

image_reference:

offer: UbuntuServer

publisher: Canonical

sku: "{{ vm_image }}"

- name: Install Apache web server

apt:

state: present

become: yes

- name: Configure Apache web server

copy:

src: /path/to/apache-config-file.conf

dest: /etc/apache2/sites-available/my-site.conf

become: yes

notify: restart Apache

handlers:

- name: restart Apache

service:

state: restarted

2. Configuration Management

Ansible can be used to manage the configuration of software applications and services. This can include tasks such as:

Setting up database servers and configuring backups
Managing web server configurations and deploying code updates
Configuring load balancers and scaling applications
Setting up email servers and configuring spam filters
Managing DNS servers and configuring domain names

In the below example, Ansible is used to manage the configuration of a database server:

- name: Configure a MySQL server

hosts: db_servers

vars:

mysql_root_password: my_password

mysql_users:

- name: my_user

password: my_password

privileges:

- database: my_db

privilege: all

tasks:

- name: Install MySQL server

apt:

state: present

become: yes

- name: Set root password for MySQL

mysql_user:

password: "{{ mysql_root_password }}"

host: localhost

login_user: root

login_password: ""

state: present

become: yes

- name: Create MySQL users

mysql_user:

password: "{{ item.password }}"

priv: "{{ item.privileges }}"

host: localhost

login_user: root

login_password: "{{ mysql_root_password }}"

state: present

with_items: "{{ mysql_users }}"

become: yes

3. Continuous Deployment

Ansible can be used to automate the deployment of applications and services to production environments. This can include tasks such as:

Building and packaging code artifacts
Deploying code updates to production servers
Configuring and updating database schemas
Rolling back deployments in case of errors or issues
Managing infrastructure scaling and load balancing

In the below example, Ansible is used to deploy a web application to a production environment:

- name: Deploy a web application to production

hosts: web_servers

vars:

app_name: my_app

app_version: 1.0.0

tasks:

- name: Clone the Git repository

git:

repo: git@github.com:my-company/my-app.git

dest: /opt/{{ app_name }}

version: "{{ app_version }}"

become: yes

- name: Install application dependencies

npm:

path: /opt/{{ app_name }}

become: yes

- name: Build the application

command: npm run build

args:

chdir: /opt/{{ app_name }}

become: yes

- name: Deploy the application

copy:

src: /opt/{{ app_name }}/dist

dest: /var/www/{{ app_name }}

owner: www-data

group: www-data

mode: 0755

become: yes

4. Disaster Recovery

Ansible can be used to automate disaster recovery processes and ensure that systems and services can be quickly restored in case of outages or failures. This can include tasks such as:

Setting up backup systems and scheduling backups
Automating the replication of data across multiple sites
Automating the failover and recovery of services
Testing disaster recovery procedures and validating backups

In the below example, Ansible is used to orchestrate the deployment of multiple services on a Kubernetes cluster:

- name: Deploy a microservices application to Kubernetes

hosts: k8s_cluster

vars:

app_name: my_app

app_version: 1.0.0

services:

- name: auth

image: my-company/auth-service:{{ app_version }}

replicas: 2

port: 8080

- name: orders

image: my-company/orders-service:{{ app_version }}

replicas: 3

port: 8081

- name: inventory

image: my-company/inventory-service:{{ app_version }}

replicas: 2

port: 8082

tasks:

- name: Deploy the services

k8s:

definition:

apiVersion: apps/v1

kind: Deployment

metadata:

spec:

replicas: "{{ item.replicas }}"

selector:

matchLabels:

app: "{{ app_name }}"

service: "{{ item.name }}"

template:

metadata:

labels:

app: "{{ app_name }}"

service: "{{ item.name }}"

spec:

containers:

- name: "{{ item.name }}-container"

image: "{{ item.image }}"

ports:

- containerPort: "{{ item.port }}"

state: present

with_items: "{{ services }}"

- name: Expose the services

k8s:

definition:

apiVersion: v1

kind: Service

metadata:

labels:

app: "{{ app_name }}"

service: "{{ item.name }}"

spec:

selector:

app: "{{ app_name }}"

service: "{{ item.name }}"

ports:

- name: http

port: "{{ item.port }}"

targetPort: "{{ item.port }}"

state: present

with_items: "{{ services }}"

5. Compliance and Security

Ansible can be used to ensure that systems and services are compliant with regulatory requirements and security standards. This can include tasks such as:

Auditing and monitoring system configurations and logs
Enforcing security policies and access controls
Patching systems and updating software packages
Scanning systems for vulnerabilities and ensuring compliance with security standards
Automating security incident response and remediation

In the below example, Ansible is used to enforce security and compliance policies on a group of servers:

- name: Apply security and compliance policies

hosts: servers

tasks:

- name: Install security updates

apt:

update_cache: yes

upgrade: dist

autoremove: yes

become: yes

- name: Configure firewall rules

ufw:

rule: allow

port: "{{ item }}"

state: enabled

with_items:

- 22/tcp

- 80/tcp

- 443/tcp

become: yes

- name: Disable root login via SSH

lineinfile:

path: /etc/ssh/sshd_config

regexp: "^PermitRootLogin"

line: "PermitRootLogin no"

become: yes

- name: Configure password policy

pam_limits:

domain: "*"

limit_type: "hard"

limit_item: "maxlogins"

value: 3

become: yes

Conclusion

Ansible is a powerful automation tool that can be used in a wide range of tasks and scenarios. Whether you need to automate infrastructure setup and configuration, manage software applications and services, deploy applications to production, or ensure compliance and security, Ansible can help you streamline your IT operations and increase efficiency. With its flexible and extensible architecture, Ansible is a tool that can adapt to your specific needs and requirements, making it an essential tool for any IT organization.

Search This Blog

CodeCrush