<div class="section" id="introducing-ansible">
<h1>Introducing Ansible<a class="headerlink" href="#introducing-ansible" title="Permalink to this headline"></a></h1>
<p>Ansible is a radically simple model-driven configuration management, deployment,
and command execution framework. Other tools in this space have been too complicated for too long,
require too much bootstrapping, and have too much learning curve. By comparison, Ansible is dead simple
and painless to extend. Puppet and Chef have about 60k lines of code. Ansible&#8217;s core is a little over 2000 lines.</p>
<p>Ansible isn&#8217;t just for configuration management &#8211; it&#8217;s also great for ad-hoc tasks, quickly firing off commands against nodes, and it excels at complex multi-tier deployment tasks, being designed for that purpose from day one.</p>
<p>Systems management doesn&#8217;t have to be complicated. We&#8217;ve learned well from the &#8220;Infrastructure is Code&#8221; movement.
Infrastructure should be easy and powerful to command, but it should not look like code, lest it acquire the disadvantages of a software project &#8211; bugs, complexity, and overhead. Infrastructure configurations should be simple, easy to develop, and easy to audit. This is Ansible&#8217;s philosophy and the main reason it&#8217;s different. Read on, though, and we&#8217;ll tell you more.</p>
<table border="1" class="docutils">
<col width="100%" />
<thead valign="bottom">
<tr><th class="head">Key Features</th>
<tbody valign="top">
<tr><td>Dead simple setup</td>
<tr><td>Can be easily run from a checkout, no installation required</td>
<tr><td>No agents or software to install on managed machines</td>
<tr><td>Ultra-secure; uses existing SSHd out of the box</td>
<tr><td>Connect as any user, not just root, and sudo as needed</td>
<tr><td>Super fast &amp; parallel by default</td>
<tr><td>Supports Kerberized SSH, jump hosts, forwarding, etc</td>
<tr><td>Modules are idempotent, but you can also easily use shell commands</td>
<tr><td>Modules can be written in ANY language</td>
<tr><td>Orchestrates load balancer rotations and outage windows</td>
<tr><td>Awesome API for creating very powerful distributed applications</td>
<tr><td>Pluggable transports (SSH is just the default)</td>
<tr><td>Can draw inventory data from external sources like EC2 and Cobbler</td>
<tr><td>The easiest config management system to use, ever.</td>
<div class="section" id="architecture">
<h1>Architecture<a class="headerlink" href="#architecture" title="Permalink to this headline"></a></h1>
<div align="center" class="align-center"><img alt="&quot;Architecture Diagram&quot;" class="align-center" src="" style="width: 800px;" /></div>
<table border="1" class="docutils">
<col width="35%" />
<col width="65%" />
<thead valign="bottom">
<tr><th class="head" colspan="2">Tell Me More</th>
<tbody valign="top">
<tr><td>Multi-node control &amp; orchestration</td>
<td>Ansible is especially strong at expressing complex multi-node
deployment processes, executing ordered sequences on
different sets of nodes through <a class="reference internal" href="playbooks.html"><em>Playbooks</em></a>. Performing
steps on all your webservers, then some steps on your database
servers, and then some steps on monitoring servers &#8211; all the
while sharing variables between them is trivial.</td>
<tr><td>Doesn&#8217;t choose sides in the
language war</td>
<td>Modules can be written in Bash, Perl, Python, Ruby, whatever.
Playbooks are not a programming language, but a data format.</td>
<tr><td>Infrastructure Is Not Code,
Infrastructure Is Data</td>
<td>Playbooks are not a programming language, they are designed to be
super-easy to write, and easy to audit by non-developers. You
will be able to skim and very quickly understand your entire
configuration policy.</td>
<tr><td>Three In One</td>
<td>Ansible handles multiple command and control
problems in one tool. You don&#8217;t need to use a config tool, a
deployment tool, and yet another ad-hoc parallel task execution
tool &#8211; Ansible will do all three.</td>
<tr><td>Lower Attack Surface, No Agents</td>
<td>Ansible is very secure. Ansible uses SSH as a transport,
resulting in a much lower attack surface, and requires no agents
to be running on managed machines. If a central server
containing your playbooks are comprimised, your nodes are not &#8211;
which is NOT the case of most other tools, which can, more or
less, turn into a botnet. Our security approach is to avoid
writing custom crypto code altogether, and rely on the most
secure part of the Linux/Unix subsystem that your machines are
already using &#8211; openssh.</td>
<table border="1" class="docutils">
<col width="23%" />
<col width="77%" />
<thead valign="bottom">
<tr><th class="head" colspan="2">Community</th>
<tbody valign="top">
<tr><td colspan="2">Your ideas and contributions are welcome. We&#8217;re also happy to help
you with questions about Ansible.</td>
<tr><td>Get the source</td>
<td>Visit the <a class="reference external" href="">project page</a> on Github</td>
<tr><td>File a bug</td>
<td>View the <a class="reference external" href="">issue tracker</a></td>
<tr><td>Spread the word</td>
<td>Watch slides on <a class="reference external" href="">Speakerdeck</a></td>
<tr><td>Join the mailing list</td>
<td>Visit the <a class="reference external" href="">Google Group</a></td>
<td>Visit the channel on <a class="reference external" href="">FreeNode</a></td>
<tr><td>Share &amp; Learn</td>
<td>Share <a class="reference external" href="">playbooks, modules, articles, and scripts</a></td>
<table border="1" class="docutils">
<col width="100%" />
<thead valign="bottom">
<tr><th class="head">What (Real) People Are Saying</th>
<tbody valign="top">
<tr><td>&#8220;I&#8217;ve been trying to grok Chef these last weeks, and really, I don&#8217;t get it. I discovered ansible
yesterday at noon, successfully ran it at 1pm, made my first playbook by 2pm, and pushed two small
[contributions to the project] before the office closed... Do that with any other config management
<tr><td>&#8220;Ansible is much more firewall-friendly. I have a number of hosts that are only accessible via reverse
SSH tunnels, and let me tell you getting puppet or chef to play nice with that is a nightmare.&#8221;</td>
<tr><td>&#8220;This software has really changed my life as an network admin, the simplicity ansible comes with is
really childs-play and I really adore its design. No more hassle with SSL keys, DNS based &#8216;server
entries&#8217; (e.g. puppet and what not). Just plain (secure!) SSH keys and one is good to go.&#8221;</td>
<tr><td>&#8220;You may get a kick out of the fact that I&#8217;m using ansible to install puppetmaster(s). I&#8217;m starting to
migrate all my stuff to the much more sensical ansible. Nice work.&#8221;</td>
<tr><td>&#8220;Simple as hell&#8221;</td>
<tr><td>&#8220;I swear, I have gotten more done with Ansible in three days than I did in not getting chef installed
in three weeks.&#8221;</td>
<tr><td>&#8220;Puppet was hell... gave up on Chef... found ansible and couldn&#8217;t be happier.&#8221;</td>
<tr><td>&#8220;Really impressed with Ansible. Up and running in ¼ of the time it took to get going with Puppet.&#8221;</td>
<table border="1" class="docutils">
<col width="100%" />
<thead valign="bottom">
<tr><th class="head">Presented By...</th>
<tbody valign="top">
<tr><td>Ansible was created and is run by <a class="reference external" href="">Michael DeHaan</a>
(<a class="reference external" href="!/laserllama">&#64;laserllama</a>), a Raleigh, NC
based software developer and architect, who also created the popular open-source
DevOps install server <a class="reference external" href="">Cobbler</a>.
Cobbler is used to deploy mission critical systems all over the
planet, in industries ranging from massively multiplayer gaming, core
internet infrastructure, finance, chip design, and more. Michael also
helped co-author <a class="reference external" href="">Func</a>, a precursor to Ansible, which is used
to orchestrate systems in lots of diverse places. He&#8217;s worked on systems
software for IBM, Motorola, Red Hat&#8217;s Emerging Technologies Group,
Puppet Labs, and is now with <a class="reference external" href="">rPath</a>. Reach Michael by email
<a class="reference external" href="mailto:michael&#46;dehaan&#37;&#52;&#48;gmail&#46;com">here</a>.</td>
