It is release night – time to take the changes you’ve been working on for weeks, and turn them loose on the Web. The client is eager to use their new features, and you’re ready to show them off. So you flip the switch, and… Wait, that’s not what it’s supposed to do! How is this possible when everything worked perfectly during testing? You painstakingly comb through the changes, finally finding that one little file that someone tweaked in development but forgot to update in production.
This is an all too common scenario. At Scivantage, we’re working to avoid it by using Ansible to script our infrastructure changes. Ansible is a tool for automating the setup of servers. Instead of manually installing software, setting permissions, and editing config files, you describe these steps in a “playbook”, and then run it. Playbooks are written in a simple language that programmers and sysadmins can both use. This has several advantages:
• Consistency: We can run the same playbook on our development, testing, and production servers, so they all work the same way. Adding a new server to increase capacity is easy: we just run the same playbook on it, and it’s ready to go. If we do need to maintain some differences between servers that use the same playbook, we can define variables, and give them different values on each server. For example, we might use a variable to control who can log in to the box, allowing different levels of access depending on the environment.
• Security: To maintain a secure web site, it’s essential to stay on top of the latest software patches. If a new bug is discovered in OpenSSH or PHP, we need to make sure that we can patch all of our servers right away. But manually doing this can be time-consuming and error-prone. With Ansible, we can just run one command to update the software on all boxes. And the benefits of automation go beyond just short-term time savings. When it’s easier and safer to fix problems, they tend to get fixed more often.
• Visibility: If you install software manually, there’s no record of it, and your infrastructure quickly becomes a mystery to anyone who needs to work with it. But with Ansible, changes to playbooks are tracked, just like changes to code. This gives us an audit trail of all installations: when they happened, who performed them, and what was done. In addition, the playbooks double as easy-to-read documentation, and they’re always up-to-date. Anyone can open them and see exactly what’s installed where.
We’re continuing to expand our use of Ansible, ensuring that more and more of our setup is automated. This lets us spend more of our time delivering useful features, and less time worrying about unpleasant surprises on release night.
Blog contributed by Jacob Weber, Senior Developer at Scivantage.