Ansible: Python makes apps and systems easier to deploy
Ansible is a simple open-source software automation platform that takes care of application deployment, configuration management, ad hoc task execution, and multi-node orchestration. Ansible itself is written in Python and has fairly minimal learning curve. Ansible has simple setup procedure and does not depend on any additional software (except Python 2.4 or later), servers or client daemons. It manages nodes over SSH and is parallel by default.
Ansible does not just manage one system at a time, it is based on the the principle of embracing your systems’ interrelation and architecture. Similar to other configuration management tools (like Salt, Puppet, or Chef), Ansible works with two types of servers: controlling machine and nodes. To orchestrate nodes Ansible uses small programs, called “Ansible Modules” - resource models of the desired system state executed over SSH. There is no need in agents and additional custom security infrastructure.
Modules library can reside on any machine. Modules work using JSON protocol over the standard output and, what is very convenient, can be written in any programming language, not just in Python. The system uses YAML in the form of Ansible playbooks to describe automation jobs. This way it is both machine and human friendly. And when Ansible is not managing nodes, it does not consume resources, since neither daemons, nor programs are executed in the background. Ansible has a number of advantages over similar software automation platforms:
- Ansible is simple. No more writing scripts or custom code in order to deploy and update apps. Ansible allows to automate in a language that approaches plain English. It is easy for sysadmins, developers, and IT managers to read, maintain and speed up the projects.
- Ansible is complete. It combines several complex tools for configuration management, app deployment, workflow orchestration, and even cloud provisioning in one system. Modules allow to automate almost everything out-of-the box, no additional software is needed.
- Ansible is secure. Ansible uses SSH, so it does not deploy vulnerable agents to nodes and does not need root level daemons or additional ports. As agentless system it improves security and can be usable as non-root. Ansible features built-in OS authentication, support for LDAP, Kerberos, and sssd.
Ansible is a powerful automation engine that makes deploying software easy. You can avoid agents, custom scripting or custom code, and focus on security and easy auditability/review/rewriting of content. To get more understanding of this consistent and highly reliable system visit Ansible website or its github repository.
Plone Ansible playbook
Since it is quite easy to install Plone on any platform for testing and development, but more complicated to actually deploy it a production server, an Ansible Playbook for automated deployment of Plone servers was introduced. It is basically a complete kit for running the full stack of Plone on a remote server, its initial provisioning and for updating. Complete documentation covers Plone deployment in a cluster configuration with:
- HAProxy for load balancing,
- Varnish as a caching proxy,
- Nginx for URL rewriting and logging support,
- Postfix as sent-only mail server,
- munin-node for networked resource monitoring,
- logwatch and fail2ban for log scanning, analysis and reporting,
- VirtualBox and Vagrant for configuring and testing of the remote server.