TLDR: I have been setting up Ansible and I am honestly amazed at this technology. This is the future for System Admins. I have finally added a few scripts and have been checking up/running them. no issues so far with the actual software itself. I love how there are modules this make it a lot easier to not develop everything from ground up. Customizability is HUGGGGE. I can’t stress this enough there are soo many, hundreds of commands you can use to make your environment run the way you want it to. This is agentless so makes a sys admin’s life easier. I see some shortcomings that we will talk about in a little bit.
So to start things off I would like to say that I did learn a lot going through every step of the way and making sure I understand and learn everything I have to before actually moving on. I think this is what made my process easier to understand/comprehend every single detail of how Ansible works. This whole concept of automation is still very new to me just because I have been manually updating and configuring servers for my whole early career so far. I would definitely be interested in implementing something like this at a massive scale. I truly believe this would be a great solution for a 100+ VM solution.
The setup of Ansible is not so bad if you understand how it works. There are a few things to consider “ansible.cfg” is like the default config file. Any commands in there can be overwritten by your playbooks (which are just tasks you want to be repeated). The playbook can be thought about like a instruction set for whatever job you want to do. Lastly you will have an “inventory” or “hosts” file. This file will be in charge of grouping your clients and who your clients are. You can configure this via IP or DNS. The best part of Ansible for me is that there is literally 3 config files that need to be altered for almost any change needed. Now you’ll still have to make sure your clients have some things done on their end but it shouldn’t require much.
With Ansible I did run into issues with configuring it but that was due to mainly not using enterprise services in my home lab like Active Directory. Although my instance still works I want to make it a little less tedious for each of my VMs to be connected to my Ansible. With Active Directory the deployment of clients becomes easier because you’d have a service user for all of your VMs. Most have a service user that is strictly used for automation with Ansible. This is something I will possibly implement inside of the lab network just to test it. Another feature of Ansible that I am trying to secure even further is the user that performs these automations. Currently most people simply use Ansible with key based authentication which is good and secure but I am currently looking for another security measure within the process.