Fotolia

Users mull Ansible Tower features' config management controls

Ansible users know their way around a CLI, but some envision an all-inclusive IT automation platform based on the Ansible Tower management console UI and features.

AUSTIN, Texas -- Better configuration management controls in Ansible Tower prompt IT pros to invite more people into their domain. But many users still prefer to rule from the command line.

The Ansible Tower management console enables IT operations staff to securely share automation playbooks with individuals and teams in other departments, as well as open up a path to automation for these non-IT operations experts.

These added Tower users don't know F5 as well as the network team, or SAN better than the storage team, but Tower's capabilities give them ownership over their environment, said Harry Karr, senior application engineer at New York-based financial services business TIAA-CREF, who presented at AnsibleFest here this week.

Karr's team runs Tower clusters for build, staging and production. They teach other groups how to automate tasks with Ansible, rather than hand over those tasks to a core IT team.

What's new in Tower 3.3?

Tower version 3.3, released in September, refined the controls over the scheduler and permission settings. Now, admins can separately delegate permissions to give specific users access only to specific code and hosts.

For example, Tower allows a certain developer to run a playbook only on two hosts, said presenter Michael Raugh, senior systems engineer at the U.S. National Oceanic and Atmospheric Administration (NOAA). "People cannot exceed the authority you want them to have," he said.

Automation scripts run through Tower prevent ad hoc access issues that plague many IT organizations, even as it empowers groups to manage IT demands themselves. For example, rather than grant developers shell access to systems to restart a web server, an automation playbook in Ansible Tower can go through the steps and escalate privileges internally.

"I'm that guy that loves to say no to developers: 'No, you're not getting shell access,'" Raugh said. "I can say no more often with Ansible Tower."

I'm that guy that loves to say no to developers: 'No, you're not getting shell access.' I can say no more often with Ansible Tower.
Michael Raughsenior systems engineer, U.S. National Oceanic and Atmospheric Administration

Updated Tower features also could lure Ansible users who didn't previously see value in the centralized management technology. The infrastructure automation team at Natixis, a French financial services company, once considered installing Tower, but instead deployed Rundeck as a job scheduler with Ansible. Today, the company will reconsider Tower for things like key management, said Mark Fogg, vice president of infrastructure automation at Natixis.

Another appeal of Ansible Tower is its ability to integrate with other tools, which is improved in version 3.3. Caleb Cotton, a Linux engineer at a large, privately held U.S. bank, uses Ansible to automate compliance remediation activities.

Cotton said he foresees the potential to integrate Tower with ServiceNow as a self-service provisioning scheme for developers. Tower version 3.3 creates authentication tokens for third-party applications directly and offers more granular control of Lightweight Directory Access Protocol for integrations.

There are some who would like to see Ansible improve the user experience in Tower and its open source version AWX. "The user interface is slow, not convenient and doesn't make it easy to read logs," said Eran Sery, a DevOps engineer at Delta, based in Atlanta. He said he prefers to work in a command line.

Ansible Tower structural improvements

The Ansible Tower 3.3 release also adds support for multiple concurrent Ansible environments. For example, developers and quality-assurance engineers can use the most recent Ansible release, while production deployments remain on an earlier, vetted version until the IT team properly assesses the update.

Ansible Tower can also now deploy on the Red Hat OpenShift Container Platform and scale up capacity with additional pods. One roadmap item for Tower 3.4 -- release date to be determined -- is improved performance at large scale, with job sharding so users do not have to batch out jobs manually.

Ansible Tower sits atop an array of automation possibilities through Ansible, so experienced users said the product can be as much or as little as you'd like it to be. NOAA's Raugh said, because Tower's features are so broad, users need to start with a plan and priorities.

Dig Deeper on Systems automation and orchestration