Nerd For Tech
Published in

Nerd For Tech

Created by Raktim

Benefits of using Ansible Tower over Ansible Engine !!!

When I first started learning one of the most demanding Automation Tool — Ansible, I found it so much useful and interesting. But after deep dive the question came —

“What if Ansible Controller Node fail ?” then how you can maintain your Managed Nodes.

Answer of this question is very much simple. Use Ansible Tower, because there are lots of facilities it provides on top of Ansible. In this article I gonna discuss about those benefits with some practical examples. 🙌

What is Ansible :

Source : Google
  • Ansible is an open-source software provisioning, configuration management, and application-deployment tool enabling infrastructure as code. It runs on many Unix-like systems, and can configure both Unix-like systems as well as Microsoft Windows.
  • In Ansible we write the configuration in a YAML file known as Playbook, and on behalf of admin from Controller Node, Ansible go to the Managed Nodes over SSH (for Linux), or WinRM (for Windows) protocol and perform the required tasks.
  • The best feature of Ansible is it’s agentless. Also it has the capability of idempotence means Ansible know the state of the task that needs to perform on the Managed Node. Also in Ansible we has the support of Ansible Vault, which is a encrypted method to store our credentials.
  • To know more about Ansible : https://www.ansible.com/overview/how-ansible-works

Till now sounds fine, then What are the deficiencies we have in Ansible, or more precisely we can say why in industry Ansible is not enough to solve all the challenges. Or why we are using Ansible Tower ? 🤨 Let's start by knowing —

What is Ansible Tower :

Source : Google
  • Ansible Tower is a REST API, web service, and web-based console designed to make Ansible more usable for IT teams with members of different technical proficiencies and skill sets. It is a hub for automation tasks.
  • Ansible Tower allows you to control access to who can access what, even allowing sharing of SSH credentials without someone being able to transfer those credentials. Inventory can be graphically managed or synced with a wide variety of cloud sources.
  • It logs all of your jobs, integrates well with LDAP, and has an amazing browsable REST API. Command line tools are available for easy integration with Jenkins as well. Provisioning callbacks provide great support for auto scaling topologies.
  • To know more about Ansible Tower : https://docs.ansible.com/ansible-tower/

Benefits of Ansible Tower on top Ansible :

1. Support of Cluster Environment :

Source : Google
  • As we can notice on the above mentioned diagram we have multiple “UI & Scheduler”. These are our independent Ansible Tower Nodes running on top of Ansible Engine. All the tower is connected with one centralized shared PostgreSQL Database. That means all the tower has the same information on every point of time. Also we have the same inventory details across all the Tower Nodes.
  • Now in Ansible we use our Controller Node to configure something on our Managed Nodes, but in any point of time if Controller Node goes down then we won't be able to manage our Managed Node. Or, suppose you run one playbook and suddenly on the middle of the operation your Controller Node goes down, then there is no one to perform the roll back.
  • Here comes the play of Ansible Tower. As Tower works on a cluster environment, so if somehow one Tower Node fail then we have other Nodes to handle the situation. Also as they are accessing the same Database across all the Tower Node, so we don't need to worry about Data loss.

2. Credentials Storing & using in a Smart Manner :

Source : Ansible Docs
  • If you ever user any playbook to provision something over the cloud using Ansible, then in most of the cases you gonna notice we are using “Ansible Vault” to securely store our Cloud login credentials. Now on each task we need to use those credentials and for that we use the variable that is stored in Vault.
  • Like for example if we want to provision AWS VPC, Subnet and SG using one playbook, then on each task we need to mention our credentials. If we notice closely, then we can see this is making our code more heavy. Also it's a unwanted wastage of the time.
  • To solve this challenge we use Ansible Tower, which stores our credentials in a secure encrypted format on the centralized database and in future we don't need to mention the credentials on the playbook. Because when we create a job template in Ansible Tower we just need to add our playbook and credentials on the respective filed and Tower will automatically put the credentials on the places where it's needed.

3. CI/CD Workflow Support :

Source : Ansible Docs
  • Using Ansible if we want to create a workflow, then our code gonna have lots of exception handling and conditional statements. This gonna make our code complex and big which gonna degrade the performance.
  • To, solve this it's always recommended to create lots of simple & small playbooks and finally using Tower we can create a Workflow where we can add those small playbooks to perform our tasks one after another.
  • The biggest benefit of Workflow is here we can build a proper CI/CD (Continuous Integration & Continuous Deployment) pipeline and we can have a better development process. Also if some part of the Workflow fails then we also have the support of Roll Back.

4. Job Scheduling and Notification Support :

Source : Ansible Docs
  • If we want to run our playbook periodically daily, or weekly or in between any time, then we can achieve that using the option of Job Scheduling in Ansible Tower. This feature we don't have on Ansible.
  • Next, suppose you want to send updates regarding the jobs to the admin over email, slack or any kind of API based notification tools, then you can use modules in Ansible, but in today's Automation World we don't want any manual process.
Source : Ansible Docs
  • Here, we can use Ansible Tower which has the built in support for sending the notification to most of the famous API based notification tools like email, Slack, HipChat etc.

5. Working on a Team :

If we see any Cloud providers, we know they have the support to create specific user with specific set of permissions. So, that in Industry each team can work on their own filed on same project without hampering other’s work. Similar support we have on Ansible Tower.

Source : Ansible Docs
  • Here under one Ansible Tower Cluster we can create lots of Teams and under each Team we can have multiple user with their own credentials to login. Also we can setup specific permissions for each team.
  • Teams provide a means to implement role-based access control schemes and delegate responsibilities across organizations. For instance, permissions may be granted to a whole Team rather than each user on the Team.

Final Words :

Source : Google
  • Similarly, there are lots of benefits of using Ansible Tower like here we get an advanced real-time monitoring support on a Graphical WebUI. Also, Ansible Tower has the support to reach most of the standard API and can configure them. It is more secure and also it has direct support from RedHat because we need official subscription to use the Tower.
  • To know more about Ansible Tower Features : https://docs.ansible.com/ansible-tower/latest/html/userguide/index.html

Lastly…

  • There are endless future possibilities of learning Ansible Tower. Industry is keep on adapting those technologies which can make their development more faster and automated. Ansible & Ansible Tower is one of them.
  • I tried to make it as simple as possible. Hope You learned Something from here. Feel free to check out my LinkedIn profile mentioned below and obviously feel free to comment. I write DevOps, Cloud Computing, Machine Learning etc. blogs so feel free to follow me on Medium.

Thanks Everyone for reading. That’s all… Signing Off… 😊

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Raktim Midya

Raktim Midya

Technical Content Writer || Exploring modern tools & technologies under the domains — AI, CC, DevOps, Big Data, Full Stack etc.