Ansible® is an open source IT automation engine that automates provisioning, configuration management, application deployment, orchestration, and many other IT processes.
Use Ansible automation to install software, automate daily tasks, provision infrastructure, improve security and compliance, patch systems, and share automation across your organization.
What's the difference between Ansible and Red Hat Ansible Automation Platform?
Get trained in Ansible
Ansible Basics: Automation Technical Overview
This series of on-demand, online videos introduces you to Ansible automation and configuration management, provisioning, deploying, and managing compute infrastructure across cloud, virtual, and physical environments with Ansible.
Red Hat Enterprise Linux Automation with Ansible
This course will teach you how to automate Linux® system administration tasks with the latest version of Red Hat® Ansible Automation Platform. You will learn the techniques needed to use Ansible Automation Platform to automate provisioning, configuration, application deployment, and orchestration.
How does Ansible work?
Ansible works by connecting to your nodes and pushing out small programs—called modules—to these nodes. Modules are used to accomplish automation tasks in Ansible. These programs are written to be resource models of the desired state of the system. Ansible then executes these modules and removes them when finished.
Without modules, you’d have to rely on ad-hoc commands and scripting to accomplish tasks. Ansible can be installed on Red Hat® Enterprise Linux®, CentOS, or Fedora; Ubuntu; Debian; and many other operating systems.
Ansible contains built-in modules that you can use to automate tasks, or you can write your own. Ansible modules can be written in any language that can return JSON, such as Ruby, Python, or bash. Windows automation modules are even written in Powershell.
Ansible is agentless, which means the nodes it manages do not require any software to be installed on them. Ansible reads information about which machines you want to manage from your inventory. Ansible has a default inventory file, but you can create your own and define which servers you want to be managed.
Ansible uses SSH protocol to connect to servers and run tasks. By default, Ansible uses SSH keys with ssh-agent and connects to remote machines using your current user name. Root logins are not required. You can log in as any user, and then su or sudo to any user.
Once it has connected, Ansible transfers the modules required by your command or playbook to the remote machine(s) for execution. Ansible uses human-readable YAML templates so users can program repetitive tasks to happen automatically without having to learn an advanced programming language.
Using Ansible for ad-hoc commands
You can also use Ansible to run ad-hoc commands. To do this, you will need to run a command or call a module directly from the command line. No playbook is used. This is fine for a one time task, but anything more complex will require the use of an Ansible Playbook.
Ansible Playbooks are used to orchestrate IT processes. A playbook is a YAML file—which uses a .yml or .yaml extension—containing 1 or more plays, and is used to define the desired state of a system. This differs from an Ansible module, which is a standalone script that can be used inside an Ansible Playbook.
Plays consist of an ordered set of tasks to execute against host selections from your Ansible inventory file. Tasks are the pieces that make up a play and call Ansible modules. In a play, tasks are executed in the order in which they are written.
When Ansible runs, it can keep track of the state of the system. If Ansible scans a system and finds the playbook description of a system and the actual system state don't agree, then Ansible will make whatever changes are necessary for the system to match the playbook.
Ansible includes a "check mode" which allows you to validate playbooks and ad-hoc commands before making any state changes on a system. This shows you what Ansible would do, without actually making any changes. Handlers in Ansible are used to run a specific task only after a change has been made to the system. They are triggered by tasks and run once, at the end of all of the other plays in the playbook.
Variables are a concept in Ansible that enable you to alter how playbooks run. Variables are used to account for differences between systems, such as package versions or file paths. With Ansible, you can execute playbooks across different systems. Ansible variables should be defined in relation to what your playbook is actually doing. Variables follow variable precedence, which defines the order in which variables will override each other. It’s important to understand this when including variables in your playbook.
Ansible roles are a special kind of playbook that is fully self-contained and portable with the tasks, variables, configuration templates, and other supporting files that are needed to complete a complex orchestration. Multiple roles can exist inside a collection allowing easy sharing of content via Automation Hub and Ansible Galaxy.
When working with Ansible you will also need to understand collections. Collections are a distribution format for Ansible content that can include playbooks, roles, modules, and plugins.
Watch sessions from AnsibleFest 2022
AnsibleFest 2022 may be over, but you can keep building your automation knowledge. Explore our on-demand content hub, with more than 50 AnsibleFest sessions on automation use cases, processes, and more. Sign up for free to view all content until April 2023.
Configuration management with Ansible
Configuration management is a process for maintaining computer systems, servers, and software in a desired, consistent state. It’s a way to make sure that a system performs as it’s expected to as changes are made over time. Traditionally, this was handled manually or with custom scripting by system administrators.
When used as a configuration management tool, Red Hat Ansible® Automation Platform stores the current state of your systems and helps you to maintain that state.
Configuration management tools make changes and deployments faster, remove the potential for human error, and make system management predictable and scalable. They also help you to keep track of the state of your resources, and keep you from repeating tasks, like installing the same package twice.
Automating configuration management with Ansible can help you improve system recovery after a critical event. If a server goes down for an unknown reason, you can deploy a new one quickly and have a record of any changes or updates that occurred so you can identify the source of the problem.
Provisioning with Ansible
Infrastructure is now often defined in software, and virtualization and containers have sped up the provisioning process while eliminating the need for frequent hardware provisioning and management.
It’s difficult to track changes and control versions—and avoid errors and inconsistencies—when provisioning is managed manually for each deployment. Automating the provisioning of any infrastructure can make this much easier; it should be the first step in automating the operational life cycle of your applications.
Ansible can be used to provision the underlying infrastructure of your environment, virtualized hosts and hypervisors, network devices, and bare metal servers. It can also install services, add compute hosts, and provision resources, services, and applications inside of your cloud.
You can use an Ansible Playbook to describe the desired state of your infrastructure and then have Ansible provision it. Codifying your infrastructure through the use of a playbook ensures that you provision the same environment every time.
Deployment automation provides the ability to move your software between testing and production environments by using automated processes. This leads to repeatable and reliable deployments across the software delivery cycle. Deployment automation is an important piece of enabling DevOps practices and managing a CI/CD pipeline.
Deployment automation doesn’t work when the development team deploys applications or configures environments one way and the operations teams deploys and configures another way. In order for the environment to be automated, it needs to be consistent. The same deployment process should be used for every environment, including your production environment.
A deployment pipeline typically follows 3 main steps (though you may also have more): build, test, and deploy. This is the pipeline that supports your ability to automate the deployment process and ensures that code moves from being committed to deployment quickly. Ansible allows you to deploy multi-tier applications reliably and consistently, all from one common framework. You can configure needed services as well as push application artifacts using playbooks.
Orchestration with Ansible
In general, automation refers to automating a single task. This is different from orchestration, which is how you can automate a process or workflow that involves many steps across multiple disparate systems.
Cloud orchestration can be used to provision or deploy servers, assign storage capacity, create virtual machines, and manage networking, among other tasks. There are many different orchestration tools that can help you with cloud orchestration. Ansible is one option. Server configuration and management and application deployments can also be orchestrated with a tool like Ansible.
Application deployments can include frontend and backend services, databases, monitoring, networks, and storage, each with their own role to play and their own configuration and deployment. Orchestration ensures that each step happens the way you need it to. Ansible enables orchestration by executing the tasks in your playbook in the order in which they are written, so you know that your application deployment processes will happen in the correct order.
Network automation uses programmable logic to manage network resources and services. Network automation allows network operations (NetOps) teams to configure, scale, protect, and integrate network infrastructure and application services more quickly than when performed manually by users.
Even as underlying technologies have evolved, network management has remained largely the same for decades. Networks are typically built, operated, and maintained by hand. However, traditional, manual approaches to network configuration and updates are too slow and error-prone to effectively support the needs of rapidly shifting workload requirements.
Automating network resource and service management allows network operations teams to become more agile and flexible and effectively support modern business demands.
Security automation uses automation technology to perform tasks with reduced human assistance in order to integrate security processes, applications, and infrastructure. Automation can help you streamline daily operations as well as integrate security into processes, applications, and infrastructure from the start. Fully deploying security automation can even reduce the average cost of a breach by 95%.
Applying automation to your security processes can help you identify, validate, and escalate threats faster without manual intervention. If a security incident should occur, security teams can use Ansible to rapidly apply remediation to affected systems across your environment concurrently and respond to incidents faster.
Using Ansible, security teams can configure a sequence of jobs that share inventory, playbooks, or permissions to fully automate investigations or remediations. Red Hat Ansible Automation Platform integrates with third-party external log aggregation services, which helps security teams identify trends, analyze infrastructure events, monitor anomalies, and correlate disparate events.
Why choose Red Hat for automation?
Red Hat works with the greater open source community on automation technologies. Our engineers help improve features, reliability, and security to make sure your business and IT performs and remains stable and secure.
Red Hat Ansible Automation Platform includes all the tools needed to implement enterprise-wide automation, including playbooks and analytics. It allows users to centralize and control their IT infrastructure with a visual dashboard, role-based access control, and more to reduce operational complexity.
With a Red Hat subscription, you get certified content from our robust partner ecosystem, access to hosted management services, and life cycle technical support that allows your teams to create, manage, and scale automation across your organization. And you’ll get expert knowledge gained from our success with thousands of customers.
Organizations not only need the ability to easily create automation, but they also need to be able to share and reuse automation across projects and teams with the right level of governance and control. With the right automation solution in place, you can deploy new applications and services faster, manage IT infrastructure more efficiently, and see an increase in app development productivity.