Automation for all Ansible Automation: Overview and Technical Introduction
Götz Rieger Principal Solution Architect, Red Hat THE WORLD IS AUTOMATING Those who succeed in automation will win 40,000+ 3000+ 2,000,000+ Stars on GitHub Ansible modules Downloads a month “Adopting Red Hat Ansible Automation has not only changed how our networks are managed, but also sparked a cultural transformation within our organization.”
Bart Dworak Software Engineering Manager, Infrastructure and Operations, Network Red Hat Ansible Automation Platform
Lines of Network Security Operations Infrastructure Developers business
Engage Ansible SaaS: Engage users with an automation focused experience
Scale Ansible Tower: Operate & control at scale
Create Ansible Engine: Universal language of automation
Fueled by an open source community Red Hat Ansible Engine: Universal language of automation Red Hat Ansible Automation Platform
Lines of Network Security Operations Infrastructure Developers business
Engage Ansible SaaS: Engage users with an automation focused experience
Scale Ansible Tower: Operate & control at scale
Create Simple Powerful Agentless Human readable automation Thousands of integrations No agents to exploit or update
Fueled by an open source community What is Ansible?
Ansible is a simple automation language that perfectly describes IT application environments in Ansible Playbooks. It’s also an application, a framework and an API.
The Ansible and AWX projects are open source communities sponsored by Red Hat.
Ansible Engine and Tower are supported products built from the Ansible community projects. Why Ansible?
Simple Powerful Agentless
Human readable automation Cross Platform Agentless architecture
No special coding skills needed App deployment Uses OpenSSH & WinRM
Tasks executed in order Configuration management No agents to exploit or update
Usable by every team Workflow orchestration Get started immediately
Get productive quickly Network automation More efficient & more secure
Orchestrate the app lifecycle What can I do using Ansible?
Automate the deployment and management of your entire IT footprint.
Do this...
Configuration Application Continuous Security and Orchestration Provisioning Management Deployment Delivery Compliance
On these...
Firewalls Load Balancers Applications Containers Clouds
Servers Infrastructure Storage Network Devices And more... Ansible automates technologies you use The Magic is in the Modules
Cloud Virt & Container Windows Network Security Monitoring
AWS Docker ACLs A10 Checkpoint Dynatrace Azure VMware Files Arista Cisco Datadog Digital Ocean RHV Packages Aruba CyberArk LogicMonitor Google OpenStack IIS Cumulus F5 New Relic OpenStack OpenShift Regedits Bigswitch Fortinet Sensu Rackspace +more Shares Cisco Juniper +more +more Services Dell IBM Configs Extreme Palo Alto Devops Operating Storage Users F5 Snort Jira Systems Netapp Domains Lenovo +more GitHub RHEL Red Hat Storage +more MikroTik Vagrant Linux Infinidat Juniper Jenkins Windows +more OpenSwitch Slack +more +more +more PUBLIC / PRIVATE CLOUD PUBLIC / PRIVATE CMDB CLOUD
ANSIBLE AUTOMATION ENGINE
USERS
HOSTS INVENTORY CLI
MODULES PLUGINS NETWORK ANSIBLE DEVICES PLAYBOOK PUBLIC / PRIVATE CLOUD PUBLIC / PRIVATE CLOUD CMDB
ANSIBLE AUTOMATION ENGINE
PLAYBOOKS ARE WRITTEN IN YAML
USERS Tasks are executed sequentially
Invoke Ansible modules HOSTS INVENTORY CLI
MODULES PLUGINS NETWORK ANSIBLE DEVICES PLAYBOOK --- - name: install and start apache hosts: web become: yes
tasks: - name: httpd package is present yum: name: httpd state: latest
- name: latest index.html file is present template: src: files/index.html dest: /var/www/html/
- name: httpd is started service: name: httpd state: started PUBLIC / PRIVATE CLOUD PUBLIC / PRIVATE CMDB CLOUD
ANSIBLE AUTOMATION MODULES ENGINE ARE “TOOLS IN THE TOOLKIT” Python, Powershell, or any language Extend Ansible simplicity to the entire stack USERS
HOSTS INVENTORY CLI
MODULES PLUGINS NETWORK ANSIBLE DEVICES PLAYBOOK
- name: latest index.html file is present template: src: files/index.html dest: /var/www/html/ PUBLIC / PRIVATE CLOUD PUBLIC / PRIVATE CMDB CLOUD
PLUGINS ARE “GEARS IN THE ENGINE” Code that plugs into the core engine ANSIBLE Adaptability AUTOMATION for ENGINEvarious uses & platforms
USERS
HOSTS INVENTORY CLI
MODULES PLUGINS NETWORK ANSIBLE DEVICES PLAYBOOK
{{ some_variable | to_nice_yaml }} PUBLIC / PRIVATE CLOUD PUBLIC / PRIVATE CLOUD CMDB INVENTORY List of systems in your infrastructure that automation is executed against ANSIBLE AUTOMATION ENGINE [web] webserver1.example.com webserver2.example.com
USERS [db] HOSTS dbserver1.example.com INVENTORY CLI
[switches] leaf01.internal.com leaf02.internal.com MODULES PLUGINS NETWORK [firewalls] ANSIBLE DEVICES checkpoint01.internal.comPLAYBOOK
[lb] f5-01.internal.com PUBLIC / PRIVATE CLOUD PUBLIC / PRIVATE CLOUD CMDB
ANSIBLE AUTOMATION ENGINE
CLOUD USERS Red Hat Openstack, Red Hat Satellite, VMware, HOSTS AWS EC2, Rackspace,INVENTORY Google ComputeCLI Engine, Azure
MODULES PLUGINS NETWORK ANSIBLE DEVICES PLAYBOOK PUBLIC / PRIVATE CLOUD PUBLIC / PRIVATE CMDB CLOUD
ANSIBLE AUTOMATION ENGINE
USERS CMDB
ServiceNow, Cobbler, BMC,HOSTS Custom cmdb INVENTORY CLI
MODULES PLUGINS NETWORK ANSIBLE DEVICES PLAYBOOK PUBLIC / PRIVATE CLOUD PUBLIC / PRIVATE CLOUD CMDB
ANSIBLE AUTOMATION ENGINE
USERS
HOSTS INVENTORY CLI
MODULES PLUGINS AUTOMATE EVERYTHING NETWORK ANSIBLE DEVICES PLAYBOOKRed Hat Enterprise Linux, Cisco routers, Arista switches, Juniper routers, Windows hosts, Check Point firewalls, NetApp storage, F5 load balancers and more Red Hat Ansible Tower: Operate and control at scale Red Hat Ansible Automation Platform
Lines of Network Security Operations Infrastructure Developers business
Engage Ansible SaaS: Engage users with an automation focused experience
Scale Control Delegation Scale Web UI and API Role Based Access Controls Scalable Execution Capacity
Create Ansible Engine: Universal language of automation
Fueled by an open source community Why Ansible?
Simple Powerful Agentless
What is Missing? Ansible Tower
Central Integration Access
Central place for everyone Simple, powerful API Teams and users enable RBAC Overview of present and Uses REST for quick adoption past Deposit credentials securely No special agents or lib Schedule jobs needed Assign access to unprivileged Have one common view Integrate with everything Separate access and execution Ansible Automation Platform
…. ANSIBLE CLI & CI SYSTEMS ANSIBLE PLAYBOOKS ADMINS ROLE-BASED KNOWLEDGE SCHEDULED & CLOUD.REDHAT.COM ANSIBLE ACCESS CONTROL & VISIBILITY CENTRALIZED JOBS TOWER AUTOMATION CERTIFIED COLLECTIONS SIMPLE USER INTERFACE TOWER API HUB PARTNER COLLECTIONS USERS PERFORMANCE DASHBOARD ANSIBLE OPEN SOURCE MODULE LIBRARY AUTOMATION ANALYTICS ORGANIZATIONAL STATS ENGINE PLUGINS PYTHON CODEBASE
TRANSPORT
SSH, WINRM, NETWORK_CLI, HTTPAPI
INFRASTRUCTURE NETWORK SECURITY CLOUD SERVICES APP DEVELOPMENT AUTOMATE LINUX, ARISTA, CHECKPOINT, AWS, DATABASES, PYTHON VENV, YOUR OPENSHIFT, CISCO, QRADAR, GOOGLE CLOUD, LOGGING, NPM, ENTERPRISE WINDOWS, JUNIPER SNORT AZURE, SOURCE CONTROL YUM, CYBERARK, VMWARE, INFOBLOX IBM CLOUD … MANAGEMENT… APT, SPLUNK, OPERATORS, F5 … PIP... FORTINET … CONTAINERS …
USE CASES PROVISIONING CONFIGURATION APP CONTINUOUS SECURITY & ORCHESTRATION MANAGEMENT DEPLOYMENT DELIVERY COMPLIANCE What is Ansible Tower?
Ansible Tower is a UI and RESTful API allowing you to scale IT automation, manage complex deployments and speed productivity.
➔ Role-based access control ➔ Deploy entire applications with push-button deployment access ➔ All automations are centrally logged ➔ Powerful workflows match your IT processes Job Templates
Everything in Ansible Tower revolves around the concept of a Job Template. Job Templates allow Ansible Playbooks to be controlled, delegated and scaled for an organization.
Job templates also encourage the reuse of Ansible Playbook content and collaboration between teams.
A Job Template requires: ➔ An Inventory to run the job against ➔ A Credential to login to devices. ➔ A Project which contains Ansible Playbooks Inventory
Inventory is a collection of hosts (nodes) with associated data and groupings that Ansible Tower can connect to and manage.
➔ Hosts (nodes) ➔ Groups ➔ Inventory-specific data (variables) ➔ Static or dynamic sources Credentials
Credentials are utilized by Ansible Tower for authentication with various external resources:
➔ Connecting to remote machines to run jobs ➔ Syncing with inventory sources ➔ Importing project content from version control systems ➔ Connecting to and managing network devices
Centralized management of various credentials allows end users to leverage a secret without ever exposing that secret to them. Project
A project is a logical collection of Ansible Playbooks, represented in Ansible Tower.
You can manage Ansible Playbooks and playbook directories by placing them in a source code management system supported by Ansible Tower, including Git, Subversion, and Mercurial. RESTful API
Fully browsable API, everything within the Web UI can be accessed via the API for programmatic access
This structured JSON output contains clickable links Role Based Access Control (RBAC)
Job Templates, Inventory, Credentials and Projects can be assigned to specific Users and Teams.
Clicking the USERS or TEAMS buttons shows available options Enterprise Authentication
Multiple supported enterprise Use your existing authentication methods are easily integrated with Ansible enterprise authentication Tower including:
• Azure AD • Github • Google OAuth2 • LDAP • Radius • SAML • TACACS+ Centralized Logging
Ansible Tower creates a Multiple supported 3rd party centralized control point for external logging methods are Ansible Automation. If easily integrated with Ansible Tower desired Ansible Tower can integrated with existing log aggregation services. Self-Service IT
Tower lets you launch Playbooks with just a single click. It can prompt you for variables, let you choose from available secure credentials and monitor the resulting deployments.
Workflows
Create powerful holistic automation using Ansible Workflows.
Orchestration can easily be configured by linking Job Templates.
Workflow approvals allow Workflows to pause and wait for human interaction
Conditional logic can be applied to workflows. If this job fails this next Job is run! Webhooks - Enabling GitOps
Trigger Job Templates or Workflows straight via configurable webhooks
Automatically provision, update, configure, and apply based on pushes to your source control. Scale Ansible Tower Ansible Tower clusters add redundancy and capacity, allowing you to scale Ansible automation across your enterprise.
➔ Unifying task execution across execution nodes ➔ Leverage Kubernetes and OpenShift to spin up execution capacity at runtime ➔ Expand execution to be able to pull jobs from a central Ansible Tower infrastructure Ansible Automation Platform
Network Lines Of Business Security Operations Infrastructure Developers
Red Hat Ansible Automation Platform
Accelerate Collaborate Trust Inform Content Collections Automation Hub Certified Content Automation Analytics
Ansible Tower: Operate & control at scale
Ansible Engine: Universal language of automation
Fueled by an open source community CLOUD.REDHAT.COM Engage users with an automation focused experience Red Hat Ansible Automation Platform
Lines of Network Security Operations Infrastructure Developers business
Engage Knowledge Collaborate Trusted Accelerate Automation Analytics Automation Hub Certified content Collections
Scale Ansible Tower: Operate & control at scale
Create Ansible Engine: Universal language of automation
Fueled by an open source community Automation Hub
Discover, publish, and manage Collections Quickly discover available Red Hat and certified content through Collections.
Manage and test your organization’s view of available content.*
Manage your locally available automation via on-premise.* Automation Services Catalog
The Services Catalog delivers customers’ pre built automation to the developer and the business user
It also delivers governance of automation services for the enterprise user
And supplies the necessary controls required by the business to track how this automation is being used Automation Analytics
SaaS (Software as a Service) on cloud.redhat.com
Analytics for all Ansible Tower clusters for an organization
Includes: ➔ visual dashboard ➔ health notifications ➔ organization statistics
Gain information about automation in your enterprise: ➔ Which organizations are using the most automation? ➔ Utilization rates ➔ Enterprise-wide success and failure rates ➔ for automation
Organizational statistics Filter by Organization
Job Status by Organization
Usage by Organization
Job Runs by Organization Customers Red Hat Ansible Automation Platform Customers
Financial Healthcare Oil & Gas High Tech Government Other Services Ebook: The Automated Enterprise
https://www.redhat.com/en/resources/automated-enterprise-e-book Next steps:
Get started Join the community
ansible.com/get-started ansible.com/community
ansible.com/tower-trial
Workshops and training Share your story
ansible.com/workshops Follow us @Ansible
Red Hat Training Friend us on Facebook CORPORATE SLIDE TEMPLATES
linkedin.com/company/red-hat
Thank you youtube.com/AnsibleAutomation
facebook.com/ansibleautomation
twitter.com/ansible
github.com/ansible
50