My thoughts on Ansible®
I’ve written about the infrastructure behind this blog in a previous post and the major issue with it currently is the old laptop I have at home that’s running the Jenkins instance. I really have no way of backing it all up. I’ve asked around a bit and the reddit thread I’ve made pointed me towards moving it all towards Ansible. Since people are using Ansible at work I thought it would be appropriate for me to try it as well.
So what I ended up doing is writing a playbook that will allow me to set everything up on a fresh machine. I’m not going to go into much detail of the process itself or look at the playbook instead, I’ll do a short summary of what I’ve learned on my way there. I’m not an expert in it by any means nor am I any good at it so do take everything you see here with a grain of salt.
Well, Ansible is an open source configuration management and application deployment tool. There’s probably a lot more to it than I just wrote but those are the parts I’ve had contact with so far. In essence Ansible allows you to define collections of scripts (called playbooks) that define what should be installed and run in a server. This is exactly what I was looking for as I wanted to create a portable script that I can easily use to replicate my at home infrastructure setup in case my laptop burns to death. You write a yaml file containing all the steps needed to install and run the required pieces of the puzzle.
I was a bit confused at first as to why this is any better than bash but after using it for a while, it starts to make sense. With bash you’d have to write a whole lot of boilerplate checking what has already been installed, what has already been run and what not. Ansible does that for you, it keeps track of what was run on which server so it does not perform the steps it does not need to perform. I would elaborate on the way it does this but I’ve honestly no clue and don’t think I need to know. All I know is it does and seems to do it very well.
Another layer above bash is called modules. These allow for easily performing common tasks, such as interacting with yum, pip or docker. There’s plenty of modules to choose from so Ansible comes with a whole lot of functionality out of the box. It also handles secrets quite well - you can encrypt and decrypt secrets quite easily. Once you’ve got a playbook setup it becomes trivial to scale to as many servers as you like. In short, it’s a great tool for deploying stuff.
Not everything went as smoothly as I had anticipated though. It took me quite a bit of time to get my first playbook going. I won’t lie - I had a couple of examples to go by from work which did help me. Even so I found it rather frustrating having to do everything the Ansible way.
It feels that you need to spend a lot of time familiarizing yourself with Ansible prior to using it properly. I had to learn the tool to use it properly although I already have the knowledge how to set up my machine. While trying to write an Ansible playbook it feels as if I’m not learning anything useful. All I’m learning is a concrete implementation of infrastructure as code defined in yaml. I’m learning the concrete data structures that I need to define for Ansible to behave the way I’d expect it to. I’m having to familiarize myself with the way Ansible handles folder structures in my playbook. One could say it’s hidden behind a steep learning curve. This would be fine - I’m not against learning something that’s rather hard to do at first - I’m totally up for a challenge. But here I feel I’m not gaining any long term value. Ansible might be a good solution now but with the rapid way technology evolves now it might not last as long as I wish.
With Ansible I feel it wraps everything too nicely and I struggled to find the long lasting benefit and therefore the motivation to continue learning as I do not see how any of what I was learning was portable in the long run.
I don’t mean to bash on Ansible. It’s a great tool at the hands of someone who can actually use it. However, I’m not that person, nor I intend to be. I really wanted to take it, make a simple script to deploy my infra in half an hour, commit it, push it and forget about it till the heat death of the universe. It turned out to be way too complex for that and it shows that I’ve probably taken a wrong tool for the job. What I probably need is a GUI layer on top of Ansible, called “Ansible for dummies” where I could click and drag and drop instead of touching yaml. Oh and I’ve mentioned in the past that I’m not a fan of yaml.
All in all - I’m happy I managed to finish the playbook but I’ll be happier still if I don’t have to do it again.