Which Configuration Management Tool Should I Use? Spotlight on Ansible
IT infrastructure is moving to the cloud; VMs and containers are proliferating. There is a constant uptick in the amount of live applications, and all of them are hosted on servers. Today’s SysAdmins and DevOps teams have to manage a huge amount of servers; far more than they did even a few years ago.
To deal with this technical challenge, Configuration Management (CM) and Remote Execution (RE) tools have been developed. These apps help SysAdmins maintain visibility over their server infrastructure, and enable them to deploy and take action at a mass scale. CM and RE tools allow for the execution of tasks on multiple servers at once, and one-click app deployment. They do this through a process called infrastructure as code (IaC), in which an IT environment is represented via a programming language.
Puppet, Ansible, Chef, and SaltStack are the big four in this tech space. (And all of them can be used to deploy KernelCare.) Here is the lowdown on Ansible.
The Good: Lightweight, and Python-based
First released in 2012, and now owned by Red Hat, Ansible is open-source and supported by AnsibleWorks. The enterprise version is called Ansible Tower. Like SaltStack, Ansible was built in reaction to perceived deficiencies in big hitters Puppet and Chef. Unlike Puppet, which is developed in Ruby, Ansible is developed in Python
– the easiest-to-learn, fastest-growing, and most-popular programming language. Unlike Puppet, there is no pressure to use an app-native domain-specific language (DSL).
This flexibility is Ansible’s chief benefit. Ansible is lightweight, flexible and rapid to deploy. The overheads are low, and onboarding is very easy. The install is agent-free, and there are no agents running on the client machines. All functions are performed over SSH, and for configurations that don’t support root SSH, Ansible can sudo as root. For smaller tasks, Ansible can be run from the CLI (command line interface) without the use of configuration files. Bigger tasks can be tackled using YAML syntax in configuration files called playbooks. Ansible offers zero-downtime rolling updates to multi-tier applications across the cloud.
Most notably, Anisble’s CLI commands can be written in virtually any programming language. (Whereas Puppet, for example, has to be in Ruby or their DSL.) These commands are then distributed as universal JSON modules.
Using native modules, Ansible can provision your infrastructure and plug in to providers like AWS, VMWare, and Azure.
Ansible: A rawer product
Ansible’s UI doesn’t leave everyone satisfied. A full UI version comes with the enterprise-grade Ansible Tower, but it isn’t as smooth as the Puppet interface. The graphical user interface (GUI) is fairly raw, and doesn’t always sync with the CLI. People often find themselves having to manually sync.
The bias toward orchestration over configuration management means that the syntax across scripting components can vary. In scaled environments, the SSH communication can become sluggish. And although agents aren’t required, root SSH access is.
More broadly, Ansible are a small company, and can’t offer the support or peace of mind of a behemoth like Puppet. The support is leaner, and though Ansible has a growing global community, it still has a smaller developer and user community than Puppet, and fewer troubleshooting resources. Compared to Puppet, Ansible’s free version (ie. not Ansible Tower) is far less robust.
If you’re faced with a very complex or long-term deployment, Ansible might not be the best bet. The more established Puppet is regarded as a safer choice, for large and fixed sets of machines.
But Ansible is a fantastic option for small, fast and/or temporary deployments. The remote execution is easy, setup and scaling is straightforward, and onboarding is a breeze. You avoid the headache of managing node SSL certificates, and managing a set of web servers is a smoother experience. Ansible is well set up for a setting where machines are regularly being reprovisioned. Generally, Ansible is better at provisioning infrastructure, and should be the go-to choice for storage or network engineers.
Read more solution overviews by KernelCare team here:
- Which Configuration Management Tool Should I Use? Spotlight on Chef
- Which Configuration Management (CM) Tool to Use? Focus on SaltStack
- Which Configuration Management Tool Should I Use? Spotlight on Puppet
- Which Vulnerability Management Solution to Choose? Focus on Qualys
- Which Vulnerability Management Solution to Choose? Focus on Rapid7