The Clear Cloud - Home

ContentContainer

Assessing effectiveness of Ansible
DEC 14, 2016 01:38 AM
A+ A A-

Ansible is relatively new configuration management tool which gained popularity after its acquisition by Redhat. In this blog post, we at the DevOps Center of Excellence at HCL (ERS), present our point of view on Ansible. This is an outcome of an evaluation of different features desirable in an infrastructure configuration management tool, that impact their effectiveness to automate the management of infrastructure. We measured Ansible against parameters like Robustness, Flexibility, in-built script libraries, ease of setup, numbers of supported platforms, Support for Developer Community, learnability, total cost of ownership, support etc.

Overview


Right Scale 2016 survey reports Ansible as the fastest adopted infra configuration management tool. However, many DevOps engineers and decision makers are still juggling with the idea. We did an assessment of effectiveness of Ansible on some qualitative parameters and in this blog post we present our analysis of this assessment. 


The tools in the space of infrastructure configuration management are pretty matured. Led by the big two; Puppet and Chef, this space has seen them developed and have constantly extended their own toolset to make the entire process of configuration management highly automated and process oriented. Add to this a thriving developer community and a well-supported market place and why would anyone want to switch, even some of the work or start new automation on a new tool. And then Ansible being a new tool there are fewer independent analysts who have evaluated it. It is still being evaluated for situations and environments where it might be more effective than other established players. Ansible is one of the fastest growing (in terms of adoption) configuration management tool.But how do we effectively evaluate Ansible and on what parameters is another challenge. Given below is an approach to the same.

Evaluation Details

In this blog post we attempt to subjectively evaluate Ansible on some parameters and present our findings. Please note that we have not done a comparative evaluation of Ansible with Chef and Puppet on quantified parameters but qualitatively on those parameters which we feel are ‘must have’ features where advantage of one over other will make a significant difference to how we manage infrastructure as code.

Objectives

One of our objective is to do an analysis that can help a DevOps team to do an initial level assessment on whether they should give a trail to Ansible. Another one is based on this analysis practitioners are able to identify some use cases from their work where Ansible can be a good/ better tool for infra configuration management.

Analysis

We considered the following parameters to assess the effectiveness of Ansible

1. Learnability: How soon can a team learn and build skills on Ansible? From scripting perspective most of the tools in this category have an easy to learn scripting and support multiple scripting languages. But comparatively one good thing in Ansible is the clean and clear prebuilt modules. Chef and Puppet also provide a huge library of prebuilt modules but presence of so many versions of a module sometimes makes the task of dependency management very cumbersome. Ansible language YAML is easy to learn even for a new programmer. It is like a shell script for infrastructure management.

2. Ease of setup – How easy or complex is setup of this tool and configure it make it ready for use? How much time Ansible developers have to spend on installing and configuring its parameters and troubleshooting the configuration issues? This is one parameter where perhaps Ansible has a clear advantage. It works on agentless mode and to get started all of you to install is Ansible management console. Ansible uses SSH for to connect and communicate with remote servers. However on the downside the support for monitoring nodes is not so great. Redhat has developed Ansible tower for the purpose but it’s quite nascent at this time.

3. Usability: Ansible modules allows the engineer to use its features through English like YAML language. The modules implement most of the constructs and the engineers need to know how to use them. Other tools need pre and post steps to use a module. Sequential execution in Ansible is another advantage in usability and troubleshooting.

4. Scale and Speed – Can Ansible setup be scaled enough to manage large server farms. Can we trust it to successfully push and run updates on a large cluster?

Scale – Ansible management console with good hardware supports small and medium deployments. On large scale deployments, Ansible-pull mode provides the scalability and it can be configured with version control system or other code distribution methods based on the need.

Speed – Speed at which it can interact with different servers and execute commands/ scripts on it. As noted above, Ansible uses SSH which is a lightweight and fast protocol to connect to a remote machine. Ansible script files are stored in YAML which again is a lightweight file format to send over network and YAML files can be easily serialized.

5.  Support – Is there a centralized product support team or support from user community. This is one area where Ansible is still catching up with its more mature competitors. There is a user community which is now growing and in form of Ansible Galaxy Redhat has provided a common platform to share knowledge and modules with other users but competition has done far better on it. Open source contribution and developer community is growing but it will take time to scale to the level of Chef or Puppet. Ansible tower is a commercial version for complete Datacenter and comes with full-fledged support

6. Security – How secure are connections and are there vulnerabilities that can be exploited. Ansible uses SSH for remote connections which is a pretty safe and reliable communication protocol but can’t be said to be 100% secure. SSH is the most widely used protocol for communication and hence reported vulnerabilities are fixed almost immediately. It supports password less connections and data encryption but yet many enterprises have their doubts about Ansible. Ansible supports advanced SSH configurations such as Kerberized authentication and access control for OpenSSH.

7.  Success rate – What is the rate of successful execution of scripts? When a module is being run on a server farm are there any failures, and what is the mechanism for exception handling is and retry in such cases. Ansible modules provide good fault tolerance and error handling. Modules produce meaningful error messages from the low level error codes. Developer gets the support for error handling in the form of results registration, waiting for the desired state, ignoring certain errors, simulating errors and a dry run.  Since Ansible follows sequential execution, Orchestration of infrastructure configuration is made simple without conflicts. With proper checks, success rate is very high and Ansible core modules handle different situations effectively. In other tools where commands are executed asynchronously troubleshooting is tedious.

8.  Powerfulness – How powerful are the inbuilt modules? This is one area of strength of Ansible. Its developers continue to create a huge number of prebuilt modules to perform many of the common and complex operations that are fast and reliable than a custom written script. Key is the efficient way in which these modules are written. On downside it doesn’t have great support for Windows family of servers, however Ansible tower connects with windows servers using Winrm and manages them and the support is getting better.

9. Interoperability - Can same scripts run on platforms like Openstack, VMware, AWS, Azure etc. Ansible modules for different cloud systems handles cloud specific operations? Once the basic cloud layer is built and the stack / virtual machine is setup, generic operations between the virtual machine or on the generic stack are handled interoperably.  Linux container and Docker modules abstracts the interconnection and Ansible modules for Docker can be used on top

10. Integration - Tools like Jenkins provides multiple ways of invoking Ansible.  Once the binaries are produced in the CI, Ansible is used to continuously deploy the binaries to different infrastructure such as VMware, AWS, Azure etc. Jenkins provides Ansible plugin and Team city provides Ansible runner plugin. These plugins help in invoking Ansible commands, Playbooks and customize the inventory. Modules are grouped based on their functionality and there are many modules for integration starting from Database operations to network configurations, middleware configurations, Datacenter modules and Cloud modules etc.

11. Deployment Capabilities – Support for deployment to popular middleware like jboss, apache tomcat, web sphere and web logic? How well Ansible supports deployment of patches and hot deployment. Ansible provides core modules to configure the basic infrastructure such as

  • creating the virtual machine on Datacenter or Cloud
  • creating the network/application stack, and
  • modules to provision the virtual machine with required software packages(yum/apt) such as installing Database Server, Application server, load balancer etc.

Ansible playbook combined with Continuous Integration (CI) tools construct the deployment logic and powerful orchestration using these core modules. This orchestration is powerful enough to handle end to end deployment of

  • simple and complex software installation and configuration,
  • single machine to multiple machine provisioning,
  • Simple network segment to multiple segments and zones creation and tuning and many more.

Currently this orchestration power combined with load balancing, session sharing and fault tolerance ideas provides high availability for critical business applications and helps zero downtime patch upgrades and backup with full automation.

Ansible also provides extra modules for direct Web infrastructure management which are developed by the community. These modules support install, configure and monitor and deploy  applications such as Apache, JBoss, Jenkins and Jira. Based on the maturity level, some of these modules may get converted to core module at later stage.

12. Cloud Integration – Developers of Ansible a good focus on cloud integration. Ansible has a large library of modules using which you can deploy applications on public clouds like MS Azure, AWS, CloudStack, OpenStack, DigitalOcean, Google Cloud Platform, Rackspace, SoftLayer, VMware, and many more. It has a large number of modules that help to quickly build deployment and configuration scripts for provisioning virtual servers on these platforms and configuring them.

13. Big Data Integration – Ansible provides capabilities for configuration and management of Big Data nodes and clusters. Ansible can deploy big data, storage, and analytics environments, including Hadoop, Riak, and Aerospike. Ansible also helps to manage each node's resource consumption in these environments while consuming little CPU time and memory in the process. Ansible also has capabilities to monitor such nodes and can measure such properties as available CPU resources, which can help in the supervision of these nodes.

Future Direction / Long-Term Focus

With Redhat providing solid support and sponsorship to the future development of Ansible it seems that both the development of tool as well its adoption will continue to grow. There is a growing enthusiasm about Ansible among the practitioners and community and even enterprises are beginning to use it at least for managing preproduction environment.

We will see more focus will be towards Ansible tower development. The major USP of Ansible seems to be library of prebuilt modules created for different platforms. This library of scripts and modules are very efficient and scalable and provide out of box support for accelerated “infra as a code” configuration management of servers on a variety of platforms.

Results / Conclusion

Our analysis concludes that currently Ansible would be a very effective tool for managing your preproduction environments. Setting up Ansible is not complex and it has been designed in a way so that configuring scripts on it is very simple. Developers with basic understanding of YAML and knowledge of Linux can get started on Ansible very quickly and fast. Compared to Chef or Puppet the time needed to get started on Ansible may be a fraction of time it takes to understand the architecture, setup, hosting, dependency management and management of their scripts (cookbooks and manifests)

The development of scripts is accelerated due to presence of a huge library of modules. It also executes scripts on remote machines very fast. The challenge in monitoring and scaling the setup on large server farm is keeping it from wider adoption, especially in Production environment. But over a period of 2-3 years we think it will overcome these and see a surge in its use.

Appendices

Appendix A – Scenarios

A year back, when it came to tool selection, HCL ERS DevOps COE prioritized Ansible over Chef and Puppet at a time when others were trying to establish whether investing into Ansible would be worthy. Our observations and insights in this article have come on basis of using Ansible over past year in a number of operational scenarios.

1. Using Ansible for managing lifecycle of virtual machines on platforms like AWS and VMWare.

2. Ansible for management of middleware technologies and application servers, specifically for Tomcat and Apache httpd server as reverse proxy.

3. Ansible for Postgre SQL database server administration, right from installation of database server to configuring users, rights management running CRUD.

Appendix B – Options

1. Automatic virtual machine creation and provisioning using Ansible in VMware, AWS environments through DevOps tool chain. This tool chain uses Jenkins as CI and Ansible as CD

2. Docker image provisioning through Ansible playbook to install, configure and tune the software packages

Appendix C – Authors

Nitin Shah is involved in driving Technical Excellence for the DevOps CoE in HCL. He has primary expertise is Digital Transformation Technologies and Consulting services. His team provides consultative expertise to several global customers; focused on enterprise-wide strategy definition, governance setup and implementation of right practices and tools in DevOps.

Sathiyaraj Periyannan is a Solution Architect working in DevOps CoE in Technology Office. He is also a Certified Scrum Master practicing Agile for more than five years. His previous roles include Engineering Manager and Scrum Master.

Appendix D – References

 

FIRST
PREV
NEXT
LAST
Page(s):
[%= name %]
[%= createDate %]
[%= comment %]
Share this:
Please login to enter a comment:
RESET

Computing Now Blogs
Business Intelligence
by Keith Peterson
Cloud Computing
A Cloud Blog: by Irena Bojanova
The Clear Cloud: by STC Cloud Computing
Careers
Computing Careers: by Lori Cameron
Display Technologies
Enterprise Solutions
Enterprise Thinking: by Josh Greenbaum
Healthcare Technologies
The Doctor Is In: Dr. Keith W. Vrbicky
Heterogeneous Systems
Hot Topics
NealNotes: by Neal Leavitt
Industry Trends
Internet Of Things
Sensing IoT: by Irena Bojanova