How Ansible works

Efficient architecture 

Both community Ansible and Ansible Automation Platform have the concept of a control node and a managed node. The control node is where Ansible is executed from, for example where a user runs the ansible-playbook command. Managed nodes are the devices being automated, for example a Microsoft Windows server.

For automating Linux and Windows, Ansible works by connecting to managed nodes and pushing out small programs, called "Ansible modules," to them. These programs are written to be resource models of the desired state of the system. Ansible then executes these modules (over SSH by default), and removes them when finished. These modules are designed to be idempotent when possible, so that they only make changes to a system when necessary.

For automating network devices and other IT appliances where modules cannot be executed, Ansible will run on the control node.  Since Ansible is agentless, it can still communicate with devices without requiring an application or service to be installed on the managed node. To increase execution capacity for devices without the ability to run modules, Ansible Automation Platform can spread automation jobs out across execution nodes using a technology called automation mesh. To understand more about how network automation is different, check out the Ansible documentation.

For automating public clouds and web services, Ansible will also run modules locally and talk directly to their APIs. There are a variety of documentation guides for each public cloud or web service that can be automated:

• Amazon Web Services Guide
• Google Cloud Platform Guide
• Microsoft Azure Guide

Credentials

For Ansible to execute, it needs an inventory (what are the managed nodes I am trying to automate?) and credentials (how do I login and connect to those managed nodes?).  

Community Ansible is decentralized—meaning it relies on your existing OS credentials to control access to remote machines. And if needed, Ansible can easily connect with Kerberos, Lightweight Directory Access Protocol (LDAP), and other centralized authentication management systems. You can also just store usernames and passwords as variables for Ansible and encrypt them with Ansible Vault. This can be as easy as storing them in your inventory file, as elaborated on below.

Red Hat Ansible Automation Platform can act as a centralized authentication as well as integrate with industry-standard tools like CyberArk AIM, Conjur, HashiCorp Vault, and Microsoft Azure Key Vault. Automation controller hashes local automation controller user passwords with the PBKDF2 algorithm using a SHA256 hash. Users who authenticate via external account mechanisms (LDAP, SAML, OAuth, and others) do not have any password or secret stored. For more information, check the Secret handling and connection security documentation.

Manage your inventory in simple text files

By default, Ansible represents which machines it manages using a very simple INI file that puts all of your managed machines in groups of your own choosing.  

To add new machines, there is no additional SSL signing server involved, so there's never any hassle deciding why a particular machine didn’t get linked up due to obscure NTP or DNS issues.

If there's another source of truth in your infrastructure, Ansible can also plug in to that, such as drawing inventory, group, and variable information from sources like Amazon Web Services, Google Compute Engine, Microsoft Azure, VMware vCenter, and more.  Both community Ansible and Ansible Automation Platform can use a variety of dynamic inventory plugins. Ansible Automation Platform makes these easily available and configurable in the WebUI.

Here's what a plain text inventory file looks like:

[webservers]
www1.example.com
www2.example.com

[dbservers]
db0.example.com
db1.example.com

Once inventory hosts are listed, variables can be assigned to them in simple text files (in a subdirectory called 'group_vars/' or 'host_vars/') or directly in the inventory file.

Or, as already mentioned, you can use a dynamic inventory to pull your inventory from data sources like AWS and Azure.

PLAYBOOKS: A SIMPLE AND POWERFUL AUTOMATION LANGUAGE

Playbooks can finely orchestrate multiple slices of your IT infrastructure, with very detailed control over how many machines to tackle at a time. This is where Ansible starts to get most interesting.

Ansible's approach to orchestration is one of finely tuned simplicity, as we believe you should be able to use existing knowledge while not having to remember special syntax or features.

Here's what a playbook looks like. As a reminder, this is only here as a teaser—visit docs.ansible.com for the complete documentation, and see all that's possible.

AN EXAMPLE apache.yml PLAYBOOK MIGHT LOOK LIKE:

---
- name: Apache server installed
  hosts: web
  become: true
  tasks:

  - name: latest Apache version installed
    yum:
      name: httpd
      state: latest

  - name: Apache enabled and running
    service:
      name: httpd
      enabled: true
      state: started

  - name: copy index.html
    copy:
      src: web.html
      dest: /var/www/html/index.html

Github source

The Ansible documentation explores this in much greater depth. There’s a LOT more that you can do, including:

• Take machines in and out of load balancers and monitoring windows.
• Have one server know the IP address of all the others, using facts gathered about those particular servers—and use those to dynamically build out configuration files.
• Set some variables and prompt for others, and set defaults for when they are not set.
• Use the result of one command to decide whether to run another.

There are lots of advanced possibilities, but it's easy to get started.

Most importantly, the language remains readable and transparent, and you never have to do things like declare explicit ordering relationships or write code in a programming language.

Extend ansible: plugins, modules, and api

Should you want to write your own, Ansible modules can be written in any language that can return JSON (Ruby, Python, Powershell, bash, etc). Inventory can also plug in to any datasource by writing a program that speaks to that datasource and returns JSON. There's also various Python APIs for extending Ansible’s connection types (SSH is not the only transport possible), callbacks (how Ansible logs, etc), and even for adding new server-side behaviors.

when would you use ansible automation platform versus community ansible?

Red Hat Ansible Automation Platform is a subscription product that builds upon the foundations of community Ansible and is designed to elevate automation across your organization. 

Flexible, security-focused, and capable, Ansible Automation Platform helps IT teams create, manage, and scale automation in a standardized way.  

With a subscription, you get fully supported and certified content from our robust partner ecosystem, expert knowledge gained from our success with thousands of customers, and differentiated services—like analytics reporting.

Here are three example instances of when Red Hat Ansible Automation Platform might make sense for an organization:

• Ansible Automation Platform can help organizations with security and support by providing fully certified and signed content. Your organization can know which automation content is the official content, and digitally signed Ansible content collections ensure an end-to-end software supply chain from development to production.
• Ansible Automation Platform can help an organization with operationalizing automation at scale with automation mesh and automation execution environments. Automation mesh allows an enterprise organization to add resilience, automation capacity, and security to their automation fabric across their IT infrastructure across multiple sites.
• Ansible Automation Platform can also help an organization understand their automation footprint with automation analytics. Automation analytics helps IT leaders and automation architects observe how teams are adopting automation and track the success of those efforts.

To learn more about Red Hat Ansible Automation Platform, check out our knowledgebase article, What is included in Red Hat Ansible Automation Platform subscription?