What is our primary use case?
Server configuration management: This is Ansible's forte as it has multiple modules to interact with servers either to orchestrate or configure them. This can take multiple forms like pushing a script and executing it, sending commands to restart services...
Network configuration management: Ansible coupled with Jinja2 allows to push parametered configurations in a reliable way. Support for network gear isn't as common as server/development use cases. But, with some hacking, it can be managed
The tool can also be used for CI/CD software deployment, But, we didn't explore this topic with it that much, yet.
How has it helped my organization?
Ansible provides great reliability when coupled with a versioning system (git). It helps to provide predictability to the network by knowing exactly what's being pushed after validating it in production.
It is very hard to manage more than a hundred servers with redundant configurations manually. It is too prone to error and troubleshooting can easily become a nightmare. This is why it is very beneficial to use an automation platform like Ansible coupled with configuration management/versioning (Gtilab, Gogs) and some best practices around that.
What is most valuable?
- Reliability & reproducibility: Being able to design playbooks that can be validated in the development environment, QA, then production is very valuable. This helps reducing configuration errors and provides faster deployments.
- Extensibility, versatility. Using its wide range of modules, Ansible can be used with different OSes and systems. In fact, using Ansible modules, one can interface with network gear using NAPALM, for example, or push remotely scripts for local execution on automated platforms.
- Facts gathering: Ansible is able to extract configuration items either to be used later for reporting or to be used as conditions for playbook actions
- Agentless: Ansible does not require to install a local agent on automated devices. It goes through communication protocols like SSH, Telnet, SQL (multiple DBS).
- Dry runs! Better safe than sorry!
What needs improvement?
- Accessibility. Ansible uses a CLI by default. Those accustomed to it can find their way and adopt the YAML files easily over time. But, some users are more comfortable using UIs.
- Ansible Tower's upstream project, Ansible AWX provides a web UI. But, it can be improved to make it more user-friendly.
- Overall, the learning curve could benefit from an easy to use UI.
- Network gear support is still not that great but evolving. We definitely would like to see a general direction towards those. Especially since there are so many vendors and managing them all from the same platform is a rare plus.
- For Windows, support is getting better, too.
For how long have I used the solution?
We've been using it for three years for various automation tasks from local user management (backup & monitoring) to orchestrated configuration updates
What do I think about the stability of the solution?
It has been very stable till know. As long as you test correctly your playbooks on dev/qa environments, you reduce the major source of concerns
Which solution did I use previously and why did I switch?
We previously were using custom-made Python scripts for automation. It can weirdly scale well when multi-threading is leveraged correctly. But, it definitely cannot replace an extensible framework like Ansible.
The community behind Ansible and its important number of modules make it a lot more relevant.
We were also using Puppet at some point. But, it's a bit different than Ansible, it was not a competing usage for
How was the initial setup?
The initial setup is quite easy. Creating your first playbook and inventory can be challenging if you're not used to the underlying technologies.
What's my experience with pricing, setup cost, and licensing?
It's opensource so it's free. But, not free as in beer.
The most important cost here is the learning curve. Small targets like local user management (backup/monitoring) or monitoring configuration management (Syslog/SNMP) are some of the easiest and low-risk ones can learn from. The OPEX gain is high, though. So, the ROI is definitely there.
For the UI, you might want to pay for Ansible Tower. But, there's also the opensource upstream project, AWX.
Which other solutions did I evaluate?
Chef, Puppet, Saltstack. Ansible proved to have the most traction and its orchestration use-case was a bit different than the configuration management one.
Which deployment model are you using for this solution?
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)