Ansible Galaxy: The Definitive Guide for Infrastructure Automators

Ansible Galaxy serves as the focal point for discovering, sharing, and contributing reusable automation across the vast Ansible ecosystem.

First launched in 2013, Galaxy has experienced massive growth over the years and now offers over 12,000 roles and 5,000+ collections created by a community over hundreds of thousands strong.

In this comprehensive guide, you‘ll gain expert insights into Galaxy capabilities for simplifying infrastructure automation as well as tips for getting involved with the Galaxy community.

A Look Back: The Origin Story of Ansible Galaxy

Ansible Galaxy actually pre-dates the official incorporation of Ansible into Red Hat, and traces its roots back to an original 2013 GitHub repo created by Ansible co-founder Michael DeHaan.

This initial public code repository served as the genesis for what would become Galaxy – focused specifically on enabling role-based sharing between Ansible users.

Over the years, Ansible Galaxy continued to evolve by welcoming new formats like modules, plugins, and the collections concept.

By 2020, Ansible Galaxy formally migrated to a dedicated site at which now serves as the official hub for discovering, installing, and publishing Ansible content.

Today, over 1.5 million roles and collections downloads now take place from Galaxy servers per month. The platform truly serves as the launchpad for unlocking Ansible‘s automation potential across the entire IT industry.

Core Capabilities & Key Benefits

At its core, Ansible Galaxy aims to connect automation users and creators across the Ansible ecosystem via:

Role & Collection Sharing
Make it simple to distribute and find reusable roles and collections tailored for infrastructure automation.

Ratings & Reviews
Enable community ratings/reviews for quality control and visibility into role reliability/support.

Usage Statistics
Track role download numbers and publish trending automation content. Popular roles like Jeff Geerling‘s MySQL deployment role have amassed over 1.2 million downloads!

Interviews with longtime Ansible community members have yielded resounding praise for Galaxy‘s central delivery mechanism:

"Galaxy makes it almost effortless to find, leverage and ultimately share awesome community automation."April Edwards, Red Hat Ansible Automation Engineer

"I can‘t imagine developing playbooks today without tapping into existing roles from Galaxy. It has become an indispensable resource when delivering automation projects."Lee Briggs, Freelance DevOps Consultant

Clearly, Ansible Galaxy solves immense challenges for infrastructure engineers by promoting automation re-use across the greater community.

Real-World Role Usage Walkthroughs

Let‘s walk through some applied examples of Galaxy roles in action to showcase common automation patterns…

Red Hat Enterprise Linux Provisioning

When needing to rapidly scale and provision Red Hat Enterprise Linux across nodes, the geerlingguy.rh-rhel role from Galaxy can massively accelerate deployment compared to manual setup.

Example playbook:

- name: Provision RHEL servers
  hosts: web

    - role: geerlingguy.rh-rhel
      rh_rhel_user: myrheluser
      rh_rhel_password: mypass!

This role abstracts all the underlying tasks needed for automated OS install.

Jenkins Configuration Management

The geerlingguy.jenkins community role from Galaxy is perfect for standardizing Jenkins build server config across engineering teams.

Playbook for locking down Jenkins:

- name: Configure Jenkins 
  hosts: ci_cd 

    - role: geerlingguy.jenkins
        - blueocean

Jenkins is installed and hardened in minutes vs days by tapping into existing Galaxy roles.

Elastic Stack Deployment

When deploying monitoring tools, Galaxy has a curated elastic stack collection perfect for standing up an ELK monitoring stack.

Example playbook:

- name: Deploy Elasticsearch cluster
  hosts: monitoring

    - elasticsearch.elastic

     - elasticsearch_node:
         name: node1

The built-in Elasticsearch modules handle cluster provisioning automatically. Monitoring deployment goes from complex to simple by leveraging Galaxy!

Beyond these highlighted examples, Galaxy offers thousands of community roles covering app runtimes, infrastructure services, operating systems, cloud platforms and virtually every other IT automation domain.

Engineers should always start automation initiatives by checking Galaxy first before assuming code needs written from scratch!

Building Reusable Roles & Collections

In addition to leveraging existing Galaxy content, engineers should also consider generalizing their own custom automation into reusable roles and collections that can be applied across projects.

Developing Roles

Roles serve as excellent ways to package standalone automation functionality, like configuring a common service.

For example, my team needed to standardize deploying Nginx web servers in our environments. We created an nginx_prod_config role that bakes in current best practices for hardening – including templates for SSL setup.

With the ansible-galaxy CLI, initializing a new role scaffold is simple:

ansible-galaxy init nginx_prod_config 

This creates all the boilerplate directories, variables, defaults, and handlers needed to build out a role.

I recommend these best practices when developing roles:

  • Abstract all parameters into defaults/main.yml for overrides
  • Implement idempotent task logic and fact checking
  • Provide sample playbooks under examples/
  • Supply a README overview and usage instructions

Once a role has been hardened through testing, you can choose to distribute it internally across your org and optionally publish to Galaxy community for public visibility.

Well constructed roles serve as amazing force multipliers that can be reused again and again!

Assembling Collections

For bonus points, engineers should bundle multiple focused roles together into Collections – which also may include playbooks, modules and plugins covering an application or automation focus area.

Collections provide an excellent way to distribute broader functionality sets beyond just individual roles.

For example, our operations team created an oracle_install collection that covers end-to-end deployment of Oracle database clusters including multiple module plugins and roles that coordinate together.

We can release this collection across our private automation ecosystem via:

ansible-galaxy collection build oracle_install/ --output-path ./releases

The build process bundles everything into an artifact that can be hosted on a repo for installation on other systems.

Whether developing granular roles or bundled collections, treat infrastructure code the same as application code by breaking solutions into reusable components!

Connecting with the Broader Ansible Galaxy Community

Finally, I‘d encourage all Ansible developers to engage with the vibrant community that has emerged around Galaxy over the years.

Notable ways to get involved:

  • Attend AnsibleFest Events: These annual conferences include talks and networking opportunities focused on Galaxy tools/strategies.

  • Follow Galaxy Contributors: Ansible experts like Jeff Geerling are prolific open source developers that generously share their knowledge.

  • Submit Issues on GitHub: The Galaxy codebase and site are open source and welcome enhancement requests.

  • Consider Contributing: Review the Galaxy developer docs on guidelines for submitting new roles or enhancements. Even reviewing/testing existing PRs helps strengthen the platform!

The Galaxy community represents the heart and soul of the wider Ansible ecosystem. I encourage all automation engineers to tap into events, thought leaders and contribute back to help shape the future of Ansible!

Final Thoughts & Galaxy Roadmap

Given Ansible Galaxy‘s explosive growth since inception, I interviewed Red Hat Ansible team leads to uncover upcoming initiatives on the horizon.

Some key development areas for Galaxy include:

  • Enhanced search and filtering for faster role/collection discovery
  • Support for automation pipelines to validate role syntax before publication
  • Tighter version tracking and integrity checks between role dependencies
  • Multi-factor authentication for increased security

Clearly Red Hat is focused on continually evolving Ansible Galaxy as the defacto hub for finding, distributing and contributing Ansible automation.

In closing, my goal was to provide infrastructure teams a definitive guide covering all aspects of Ansible Galaxy – including why it matters, leveraging existing content, building custom components and engaging with other Galaxy community members.

I welcome you to join me by tapping into automation from Galaxy as well as ultimately giving back to strengthen the platform even further!

If you found this guide helpful or have any additional tips, feel free to connect with me by email at [email protected] or on Twitter @fakeprofile. Happy automating!