BY LUKE ORLAND, SOFTWARE ENGINEER
Neverware employs a fleet of remote servers to provide schools with solutions that help extend the lifetime and usefulness of their computing infrastructure. While the system helped provide a seamless computing experience for schools, updating new versions of the software would require time-intensive, in-person work. Enter Ansible, and our innovative take on software deployment, ensuring our customers have the newest software, as quickly and easily as possible.
Previously, Neverware’s approach to deploying software updates was tightly coupled to the version of the software application. The monolithic stack that included the operating system and deployment logic made it challenging to modularize the components of our products.
Upgrading was a time-consuming, manual exercise that required an engineer to have in-depth knowledge of the sequence of upgrade tasks. The upgrade scripts were implemented in a variety of locations and programming languages.
By switching to a configuration management tool, we were able to simplify the processes of specifying the configuration of our infrastructure as well as executing the changes on our servers.
With a single Ansible command, our entire site or a selected subset of our infrastructure is concurrently re-configured in one go. If a failure occurs, the tool halts, and we can more easily troubleshoot the issue, which is a boon over shell scripts that tend to continue running unless carefully designed to stop on any unexpected result.
Ansible is the configuration management tool we selected. We were attracted by Ansible’s actively contributing open-source community. It also fits well into our team’s tech ecosystem, being that it is implemented in Python. In fact, our team has contributed bug reports and fixes to the Ansible codebase.
The server configurations are implemented using a declarative syntax. This enhances the configuration’s readability, more like documentation than a procedural script, requiring a reader to have knowledge of a programming language’s nuances.
Ansible can be run from a Linux or Mac OS X “master” machine that has Python installed. The “master” uses a “push”-based approach, ssh-ing into each remote machine and configuring the remote machine as needed.
Our team uses Ansible across our tech stacks to:
- Configure the PCReady system’s network and applications
- Deploy, install and remove packages, including PCReady applications and dependencies
- Secure the system authentication
- Start Neverware’s custom daemon services and others, such as Apache
- Configure remote utility EC2 hosts used for PCReady and cloudReady in similar ways
When writing our Ansible tasks, one priority is to take advantage of Ansible’s idempotent tools. Idempotence is a property of a procedure that only affects state when it needs to be changed, and leaves it untouched otherwise.
Ansible takes the following steps to execute tasks idempotently:
Determine whether the host’s state matches the prescribed state.
Make the changes necessary to move the system into the specified state.
Running the same task subsequent times will not affect the server at all, unless an external change moves it away from the declared configuration.
We diligently test our Ansible playbooks, including for idempotence. For each GitHub pull request opened against our Ansible playbooks, we run an automated test to assert that subsequent `ansible-playbook` runs do not change any state. This way we can model the expected state of our hosts. If Ansible reports an unexpected change, that may indicate that system-level side-effects are occurring that we have not accounted for. Practicing the deploys also gives us confidence that they will work as expected in the production setting.
Overall, our use of Ansible in house brings a number of tangible benefits to our team, which translate to a more seamless experience for customers. Ansible allows us to:
Easily keep our infrastructure in a known, good state
Document how all the servers in our infrastructure are configured
Quickly and simply roll out improvements to all of our customers at once
Access reliable, repeatable results
Run and re-run, safely
With all the tools and information that Ansible provides, delivering new value to our customers and supporting them is simpler and takes less time.
Ansible is flexible enough to be automated to minimize manual effort and risk of human error. This is a future area of focus for our team.