Hey All - I’m fairly new to Ansible and have managed to setup some playbooks in my work to interact with a few different REST APIs to perform some automation. I’m running the playbooks on localhost as it doesn’t need to execute across multiple hosts. Would you say this is the correct way to use Ansible? It’s working well for us but I’m aware there is a lot more we can do with this.
What’s the best resources to learn more? Books, Training Courses etc all welcome.
Would you say this is the correct way to use Ansible?
There is no wrong way to use Ansible IMO, though there are definitively best practices to observe and pitfalls to avoid.
Anyways, this is 100% legit usage; tasks doesn’t necessarily need to run against remote machines, it all depends on what you’re trying to do.
If you need any assistance or opinion on your playbooks / roles / modules / …, don’t hesitate to ask here.
What’s the best resources to learn more?
Depends on how you like to learn stuff. Some people like following courses over books or videos, others prefer an hands-on initiation.
I don’t have much to recommend here, but I heard @geerlingguybook was a good read ! Fun thing is I bought it some time ago but haven’t found the time to read through it yet. What a shame !
I personally would try to find tasks I’d like to automate or existing scripts to convert, be it for personal or professional usage, then start writing playbooks and roles as needed, learning on the fly as I bash my head against various problems.
What @ptn has mentioned is absolutely correct, and I wouldn’t change a single word However, I’d like to enhance his explanation by including two helpful diagrams that greatly assisted me when I started teaching basic Ansible a few months ago.
Firstly, there’s the scenario of local execution, where the module code runs on the control node (your Ansible host). In this scenario, API requests are generated locally by the module and then transferred to the managed hosts endpoint (e.g., via HTTPS):
On the other hand, we have the scenario where the module code is copied to the managed nodes (e.g., via SSH), enabling remote execution at those nodes. Essentially, the control node initiates the connection to the managed hosts, and then the Ansible code runs remotely on those hosts:
Running playbooks targeting localhost is perfectly fine. It’s also bread-n-butter for testing Jinja pipelines and data management ideas, and for reproducing issues others present on forums like this when you’re ready to have a go at helping out other folks.
However, until you’ve experienced watching a handful of hosts get a tweak all at once and realize that N tasks you had to do just turned into 1, you may not appreciate what a multiplier automation across remote hosts can be.
My advice: Bring Ansible Home. Our work group’s “work from home” roll-out was a bit chaotic. I ended up swapping my at-home work machine several times for various reasons. That doesn’t mean they all got decommissioned of course. I have 5 Fedora 38 boxes within reach as I sit here at work/home, and 3 more in other parts of the house. I feel quite at home on any of them because practically everything I tweak on one sooner or later ends up in my home Ansible config and deployed to all. That includes my backup procedures/scripts, so I can rebuild any of them or commission a new box, and in fairly short order – a few playbook runs – it’s ready to back itself up and be my primary workstation du jour.
That wasn’t the case the first couple of times. I occasionally bang my head still, but Ansible at home has softened the walls considerably. There’s one “hostprep.yml” playbook to set up ansible keys, configure networking, passwordless sudo, and lock down sshd to pubkey auth only, and then everything else is in other roles, playbooks, etc.
Use Ansible to keep your personal machines personalized. You will learn a lot, and you get to keep using what you created in the process.
This is one of those times when I wish we could mark more than one post as the solution but… @max could you perhaps pick one to tick?
If so, it would be super helpful if you could click the on their post to accept the solution - it recognises the input of others, helps our volunteers find new issues to answer, and keeps the forum nice and tidy.