Like many configuration management and automation tools, Ansible was originally an open-source project for automating IT infrastructures and environments. As it began to gain a foothold in the enterprise, parent company AnsibleWorks expanded commercial support for the product. Currently their solutions consists of two offerings: Ansible and Ansible Tower, the latter featuring the platform’s UI and dashboard. Despite being a relatively new player in the arena when compared to competitors like Chef or Puppet, it’s gained quite a favorable reputation amongst DevOps professionals for its straightforward operations and simple management capabilities.
- Contents 5.2SwaggerUI 14 5.3Confdclient(cc) 15 5.4Config-watch.plx 15 6Examples 16 6.1Packetfilter 16 6.2WebAdminPort 17 7DifferentSophosUTMversions 18.
- Ansible is a radically simple IT automation engine that automates cloud provisioning, configuration management, application deployment, intra-service orchestration, and many other IT needs.
Of course, every tool has ideal use cases in which it shines brighter than the rest. For example, Ansible is widely regarded as being easy to learn and use– its Playbooks are human-readable/understandable, allowing for results to be achieved in a shorter amount of time. That said, the offering’s simplicity may leave advanced users desiring more sophistication. The following are our top 5 best and worst attributes of Ansible.
$ sudo su $ cd /path/to/playbook $ ansible-playbook letsencrypt.yml -vault-password-file.vault After an initial manuel play the automated certificate cycle for your private network is finished. Note: When deploying to Sophos UTM better split the initial play with -t.
ANSIBLE VERSION ansible 2.7.6 config file = None executable location = /usr/local/bin/ansible python version = 3.7.2 (default, Feb 12 2019, 08:15:36) Clang 10.0.0 (clang-1000.11.45.5) SUMMARY Implementation of SFOSModule Base Class that can easily be used to implement other endpoints to control Sophos XG NGFWs. Built-in SaltStack integration and official Ansible module allow automating configuration workflow. For custom automation solutions, an HTTP API is available. #12 Sophos XG Home Edition. This product is another completely free and robust option for home users. The firewall is offered as software package that can be installed on a dedicated.
Pros
Simple/Easy-to-Learn
This is perhaps Ansible’s most lauded attribute: users can get up to speed and productive quickly with the tool. Supported by clear, easy-to-follow documentation, one can learn the workflow and logic of Ansible’s operations in a short amount of time. A lack of a dependency system means Ansible tasks just run sequentially and stop when an error is encountered. This makes troubleshooting easier, especially when initially starting out with the tool.
Sophos Ansible Playbook
Written in Python
Ansible was written in Python, unlike other competing solutions that were built with languages such as Ruby. Consequently, getting it up and running is easier, since Python libraries are by default present on most Linux distributions. It’s also a language that’s more common for administration and scripting tasks: engineers and systems administrators are more likely to know Python than Ruby. Ansible modules for extending the tool’s functionality, however, can be written in any language, just as long as it returns data in JSON format.
Agentless
For managing nodes, Ansible handles all master/agent communications with standard SSH or the Paramiko module, which is a Python implementation of the SSH2. The tool doesn’t require any agents to be installed on remote systems to be managed, which means less maintenance overhead and performance degradations. Check out our take on why agentless was the way to go for GuardRail.
YAML-Based Playbooks
Playbooks– Ansible configuration files– are written in YAML, which for configuration management and automation purposes is a better fit than other formats such as JSON. It’s easier to read, supports comments, and employs the use of anchors for referencing other items.
Ansible Galaxy
This portal serves as the central repository for finding, reusing, and sharing Ansible content. For example, reusable Roles for server configuration or application installation can be downloaded for use in one’s playbooks, significantly accelerating deployment time.
Cons
UI is Lacking
Originally a command-line only tool, Ansible made a first attempt at a UI with AWX: a graphical user interface and REST endpoint to make infrastructure management easier. AWX eventually evolved into Ansible Tower, a web management UI that provides visual management capabilities and a team-based workflow tool. Though a serious improvement over AWX, Ansible Tower still has much room for improvement– in fact, only 85% of what can be done from the command line can be accomplished via the UI. Another common annoyance is that the GUI occasionally falls out of sync with the command line, resulting in different query results. Overall, Ansible Tower is still a work-in-progress, and cannot do everything that the command line interface can.
No Notion of State
Unlike comparable automation tools like Puppet, Ansible has no notion of state. Since it doesn’t keep track of dependencies, the tool simply executes a sequential series of tasks, stopping when it finishes, fails or encounters an error. For some, this simplistic mode of automation is desirable; however, many prefer their automation tool to maintain an extensive catalog for ordering (à la Puppet), allowing them to reach a defined state regardless of any variance in environmental conditions.
Nascent Windows Support
As of version 1.7, Ansible supports both Unix/Linux and Windows nodes. For the latter it uses native powershell remoting (as opposed to SSH), and a Linux control machine is still required for managing Windows hosts. Ansible is still early in its efforts to extend support for Windows, with future versions of Ansible ostensibly incorporating deeper Windows interoperability.
Minimal Enterprise Support Experience
Though Ansible’s Enterprise Tower and Premium Tower are targeted at medium-to-large enterprises-- both options offer extended support options: enterprise 8x5 support & SLA (4 hour critical incident response) and premium 24x7 support & SLA (2 hour critical incident response), respectively-- the company has had less experience working with large enterprises than competitors like Chef and Puppet.
A Newer Offering
Ansible hasn’t been around as long as competing solutions like Chef or Puppet; subsequently, it has the smallest developer/user community and has the least materials on the web for self-help and troubleshooting. Less time on the market means that certain problematic edge scenarios, bugs, and software issues have perhaps yet to come to light.
In short, Ansible’s solution is a simple but powerful tool for configuration management and automation. The Ansible Tower offering features a web management UI, built-in REST API for easy integration with other services, and extended service and support for enterprises-- despite this being new territory for them. As with most things, there is no “one-size-fits-all” solution– Ansible is easy to learn and use, but lacks some advanced features present in more mature competitors' solutions. Depending on the use case at hand, this can either be a hindrance or advantage.
Sources
Ansible Sopy
Refactr, a startup looking to ease DevOps headaches, introduced on Thursday a cloud-based version of Ansible—the first serverless, consumption-billed take on the popular configuration management technology.
The product, called playbook.cloud, initially comes to market as a standalone service, but will later be integrated into Refactr's Cloud + Security Architect Platform (CSAP) used by MSPs to manage their infrastructure, said Refactr CEO Michael Fraser.
'Our goal was to prove out this technology in a single, smaller SaaS play, and then we'll be adding this technology into CSAP,' Fraser told CRN.
[Related: The 10 Hottest DevOps Technology Startups Of 2018]
Red Hat, which acquired Ansible in 2015, didn't work with Refactr on development of playbook.cloud.
The new Ansible-as-a-Service delivers a backend container sandbox and an online playbook editor.
Ansible Sophos Free
By taking a serverless approach to Ansible, the startup focused on security delivers greater process and network isolation, Fraser said. Execution environments are containerized and ephemeral, with runtime data destroyed when the playbook completes and input variables encrypted in transit and at rest.
Red Hat offers Ansible Tower as a web-based solution, but it doesn't take the serverless approach to that product.
Refactr's playbook.cloud requires no setup, no need to stand up an Ansible server, and is billed by the minute. The service enables sharing Ansible playbooks through a link and can be connected to a larger workflow.
'You have the ability to run everything online,' Fraser said.
Refactr, based in Seattle, ultimately plans to support several configuration tools on its no-code DevOps platform, like HashiCorp's Terraform, though Ansible will probably be the only offered as a standalone version, Fraser said.
'Anybody from novice to advanced user can get in here and use this thing,' Fraser said.
The aim is to support partners managing increasingly complex infrastructure for their customers in an era of heightened security concerns, he said.
'A lot of people in the channel don't want to spend any legwork other than to get in and start using stuff,' Fraser told CRN. 'You can't make Ansible easier to use—it's a simple product offering, but any barrier to entry can preclude a ton of people in the channel from wanting to use any product.'
The serverless approach immediately appealed to Fishtech and its managed services subsidiary, CYDERES, said COO Eric Foster.
The Kansas City-based company was founded as a modern cybersecurity solutions provider, with a heavy focus on cloud and DevOps, said Foster, who leads the managed services business.
That emphasis on cloud security led the MSP to assess Refactr, which appeared on Fishtech's radar after it won a startup competition hosted by ConnectWise.
'We liked what they were doing,' Foster said. 'We're big fans of the serverless approach.'
With Ansible-as-a-Service, Fishtech engineers can use the configuration manager when in the field with clients, delivering playbooks and DevOps automation without worrying about standing up underlying infrastructure.
'It's zero management, zero overhead, and available for free to start with,' Foster said. 'We go into a client with specific needs. We can send them a link and say, 'sign up for this free service and you'll be able to run this playbook in your environment'.'
That enables moving fast and delivering value almost immediately to customers while being confident security is always baked in.
'They kind of flipped the script of what you normally think about Ansible and a lot of the approaches to this. The DevOps side of this is where it makes the most sense, but for us the security has been really interesting,' he said.