Ansible is an orchestration/automation tool, just like Chef or Puppet which are other alternatives to ansible, but ansible main advantage is that it can work through ssh, so target machines don't need ansible installed.
Big advantage is that it uses declarative playbooks (define what you want done) instead of imperative scripting (define what you want and how).
day-0;getallofyourinfrastructure;hardware/public-cloudetc.day-1;usesomethinglikeAnsibletosetuptheinfrastructurecomponents(EC2nodes,hardwareserversorGCEinstances)day-2;installk8sonthemtostartrunningcontainerizedworkloadsday-3;usek8snativemechanismstodeployandmanageandmonitorapplications (Day 2 and 3 is ideal, but i think we will just deploy the containers through our build system not k8s)
Ansible can help with availability, and we will use it to test, like if an ioc needs another ioc to run for testing, specifying which machine and what resources, ansible should handle that deployment.
Why Ansible
Reduces complexity and runs anywhere.
Lets you automate any task,
Manage and maintain system configuration
Agentless, the managed nodes only need to be accessible via ssh and sftp or scp, and python installed.
Quote from Developing modules — Ansible Community Documentation - 'If you need functionality that is not available in any of the thousands of Ansible modules found in collections, you can easily write your own custom module.' We can make our own as well which is important for like ioc deployment because thats a lot of manual steps
save the public key on this controller "/root/.ssh/id_ed25519.pub" to the target container at "~/.ssh/authrorized_keys"
2nd attempt
docker pull ubuntu
docker run -it -d -p 2200:22 --name ssh-access-server ubuntu:latest
docker exec -it ssh-access-server bash
apt update apt install openssh-server -y apt install vim -y vim /etc/ssh/sshd_config Search for PermitRootLogin and make it Yes service ssh start service ssh status passwd
TODO: 3rd attempt - try using any of the nodes in our ad-build-dev cluster as the managed nodes.
Ansible in Build System
TODO: need to figure out how we can roll out the ansible playbooks, for something like buildroot , like
Do we want it specified in the manifest (BOM) of the app
or do we want to have predefined playbooks for the control node and we just pass in arguments depending on the system
Ex use case: if a package needs updating, we just give an installer and some arguments like a filepath, and ansible will automatically handle that. A passive system if you will (it'll modify whenever changes are detected)