What is Ansible?
Ansible is a simple open-source software automation platform that takes care of application deployment, configuration management, ad hoc task execution, and multi-node orchestration. Ansible itself is written in Python and has a fairly minimal learning curve. Ansible follows a simple setup procedure and does not depend on any additional software, servers or client daemons. It manages nodes over SSH and is parallel by default.
Ansible does not just manage one system at a time, it is based on the principle of embracing your systems’ interrelation and architecture. Similar to other configuration management tools (like Salt, Puppet, or Chef), Ansible works with two types of servers: controlling machines and nodes. To orchestrate nodes Ansible uses small programs, called “Ansible Modules” - resource models of the desired system state executed over SSH. There is no need for agents and additional custom security infrastructure.
Modules library can reside on any machine. Modules work using JSON protocol over the standard output and, what is very convenient, can be written in any programming language, not just in Python. The system uses YAML in the form of Ansible playbooks to describe automation jobs. This way it is both machine and human-friendly. And when Ansible is not managing nodes, it does not consume resources, since neither daemons nor programs are executed in the background.
Benefits
Ansible is a powerful automation engine that makes deploying software easy. You can avoid agents, custom scripting or custom code, and focus on security and easy auditability/review/rewriting of content. Ansible has a number of advantages over similar software automation platforms:
Simplicity
No more writing scripts or custom code in order to deploy and update apps. Ansible allows automating in a language that approaches plain English. It is easy for sysadmins, developers, and IT managers to read, maintain and speed up their projects.
Completeness
It combines several complex tools for configuration management, app deployment, workflow orchestration, and even cloud provisioning in one system. Modules allow to automate almost everything out-of-the box, no additional software is needed.
Secureness
Ansible uses SSH, so it does not deploy vulnerable agents to nodes and does not need root-level daemons or additional ports. As an agentless system, it improves security and can be usable as non-root. Ansible features built-in OS authentication, support for LDAP, Kerberos, and SSSD.
Plone Ansible Playbook
Since it is quite easy to install Plone on any platform for testing and development, but more complicated to actually deploy it a production server, an Ansible Playbook for automated deployment of Plone servers was introduced. It is basically a complete kit for running the full stack of Plone on a remote server, its initial provisioning and for updating. Complete documentation covers Plone deployment in a cluster configuration with:
- HAProxy for load balancing,
- Varnish as a caching proxy,
- Nginx for URL rewriting and logging support,
- Postfix as a send-only mail server,
- Munin-node for networked resource monitoring,
- Logwatch and fail2ban for log scanning, analysis, and reporting,
- VirtualBox and Vagrant for configuring and testing of the remote server.
Contact us to get more understanding of this consistent and highly reliable system.