Ansible Connection

The Motivation and Goal

The original background of the automation framework, Ansible, was very unique compared to others, which was removing any heavy dependencies of Agents and complexity of the automation tool itself. As a front tier solution that can provide human readable Yaml as well as easily understandable process of SSH connection, the adoption of automation had become easier than before.

But as the use case of Ansible is upgrading and expanding to not just to the OS automation regarding Linux and Windows, but also other type of Devices like network switch, the pure SSH connection based automation meets new challenges. The first issue was performance. Multiple SSH connections on one playbook was not ideal and required improvement, to adopt ControlPersist feature of the native OpenSSH. And the second issue was support and compatibility to the heterogeneous SSH connection of Network switch, which has “SSH-alike” connection and terminal.

With expanding use case of Ansible automation, a plug-able design called Ansible connection was adopted. To understand better, it is necessary to define what is, and what is not, regarding “Ansible connection”. This idea or structure called Ansible connection is related with the core of Ansible and quite different from what Ansible module is.

Ansible ModuleAnsible ConnectionComment
Command line runtimeConnection typeDifferent logic handling
Related with automationRelated the type of connectionDifferent goal of the implementation
Used in Yaml
by user for playbook implementation
Rarely used in playbook, and based on the type of connection, a module can or can not be used if the type of connection means different usecase Ansible Connection is related to Ansible module, and it provides the underlying foundation of the operation and command line execution runtime.
Comparison table

Ansible Connection is fully extensible and can be foundation of the different type of Ansible module, but it is not module and related with the implementation of the connection.

Terms and Idea

OpenSSH: A tool or suite that supports SSH protocol for providing a secure connection. It is widely used by the Linux administrator for the server management. It is available on Linux but recently Windows server also started to support.

ControlPersist: One of the options that OpenSSH provides, which increases the performance of the short lived multiple session very much. It was implemented long back after OpenSSH version 4.0, but for some Linux distro, it is not enabled or not tested.

Multiplexing: This means literally combining many signal into one TCP connection for transferring data, and SSH multiplexing means a single connection will carry multiple sessions of SSH.

Fallback to Paramiko: Ansible will use OpenSSH with ControlPersist for the performance reason, but if this is not available, the type of connection client will fall back from subprocess of SSH to Paramiko, which is python based SSH implementation.

Design – diagram and flow

Implementation – custom example

Reference

Ansible version: 2.9