AUTOMATING THE ENTERPRISE WITH ANSIBLE
Dustin Boyd Solutions Architect September 12, 2017 EVERY ORGANIZATION IS A DIGITAL ORGANIZATION.
Today, IT is driving innovation. If you can’t deliver software fast, your organization can’t meet the mission, period.
Digital organizations are essentially software. If they expect to thrive in a digital environment, they must have an improved competence in software delivery.
Gartner 2015
2 COMPLEXITY KILLS PRODUCTIVITY.
Complexity is the enemy of innovation, which is why today’s enterprises are looking to automation and DevOps tools and practices.
DevOps can help organizations that are pushing to implement a bimodal strategy to support their digitalization efforts.
Gartner 2015
3 WHEN YOU AUTOMATE, YOU ACCELERATE.
Ansible loves the repetitive work your people hate. It helps smart people do smarter work. All with fewer errors and better accountability.
Automation can crush complexity and it gives you the one thing you can’t get enough of… time.
4 “Ansible delivers DevOps to a broader class of enterprise users that include those inside the business units and teams where agile practices and fast provisioning of infrastructure are in demand.”
JAY LYMAN, 451 RESEARCH – NOV 2013
GARTNER COOL VENDOR 2015 “Previous vendors in this [DevOps] market often require unique programming skills. Ansible’s simple language reduces the barrier to adoption and opens it up to a variety of skill sets…”
5 AUTOMATION = ACCELERATION
“With Ansible Tower, we just click a button and deploy to production in 5 minutes. It used to take us 5 hours with 6 people sitting in a room, making sure we didn’t do anything wrong (and we usually still had errors). We now deploy to production every other day instead of every 2 weeks, and nobody has to be up at 4am making sure it was done right.”
“By using Ansible Tower Surveys, we have created a self-service capability that allows our IT guys to provision new cloud customers quickly. Our first 3 customers each took 2 weeks to provision. With Ansible, our next 500 customers took 10 minutes each to provision.”
“We use Ansible to deploy the network configurations to new datacenters for our games. Previously, it would take 4 days worth of work, onsite, to make sure that our networks were configured correctly. With Ansible, I can now configure a datacenter in 4 minutes, remotely.”
Many Ansible investments repay themselves in less than FOUR months 6 MODERNIZE MIGRATION Automate existing processes Define applications once
Manage legacy like DevOps Re-deploy anywhere
DEVOPS Model everything
Deploy continuously
7 WHAT IS ANSIBLE?
It’s a simple automation language that can perfectly describe an IT application infrastructure in Ansible Playbooks.
It’s an automation engine that runs Ansible Playbooks.
Ansible Tower is an enterprise framework for controlling, securing and managing your Ansible automation with a UI and RESTful API.
8 SIMPLE POWERFUL AGENTLESS
Human readable automation App deployment Agentless architecture
No special coding skills needed Configuration management Uses OpenSSH & WinRM
Tasks executed in order Workflow orchestration No agents to exploit or update
Get productive quickly Orchestrate the app lifecycle More efficient & more secure
9 WHAT IS ANSIBLE TOWER?
Ansible tower is an enterprise framework for controlling, securing and managing your Ansible automation – with a UI and restful API. • Role-based access control keeps environments secure, and teams efficient.
• Non-privileged users can safely deploy entire applications with push-button deployment access.
• All Ansible automations are centrally logged, ensuring complete auditability and compliance. ANSIBLE TOWER
TOWER EMPOWERS TEAMS TO AUTOMATE
CONTROL KNOWLEDGE DELEGATION Scheduled and Visibility and compliance Role-based access centralized jobs and self-service
SIMPLE POWERFUL AGENTLESS Everyone speaks the Designed for Predictable, reliable, same language multi-tier deployments and secure
AT ANSIBLE’S CORE IS AN OPEN-SOURCE AUTOMATION ENGINE
11 TOWER TAKES TEAMS FURTHER, FASTER
ACCELERATED INNOVATION • Automation enables IT to drive innovation across the business
SCALABLE SIMPLICITY • Reduction of manual effort speeds work with fewer errors
ACCOUNTABLE AUTOMATION • Achieve compliance without being held back by it
COMMUNITY DRIVEN • Unify teams with tooling built to drive culture 12 USE CASES
CONFIG MANAGEMENT APP DEPLOYMENT PROVISIONING
When you define your application Your apps have to live somewhere. Centralizing configuration file with Ansible, and manage the If you’re PXE booting and management and deployment is a deployment with Tower, teams are kickstarting bare-metal servers or common use case for Ansible, and able to effectively manage the VMs, or creating virtual or cloud it’s how many power users are entire application lifecycle from instances from templates, Ansible first introduced to the Ansible development to production. and Ansible Tower help streamline automation platform. the process.
CONTINUOUS DELIVERY SECURITY & COMPLIANCE ORCHESTRATION
Creating a CI/CD pipeline requires buy-in from numerous teams. You When you define your security policy Configurations alone don’t define can’t do it without a simple in Ansible, scanning and remediation your environment. You need to automation platform that everyone in of site-wide security policy can be define how multiple configurations your organization can use. Ansible integrated into other automated interact and ensure the disparate Playbooks keep your applications processes and instead of being an pieces can be managed as a whole. properly deployed (and managed) afterthought, it’ll be integral in Out of complexity and chaos, throughout their entire lifecycle. everything that is deployed. Ansible brings order. PLATFORM OVERVIEW
…. ANSIBLE CLI & CI SYSTEMS ANSIBLE PLAYBOOKS ADMINS ROLE-BASED KNOWLEDGE SCHEDULED & ANSIBLE ACCESS CONTROL & VISIBILITY CENTRALIZED JOBS TOWER SIMPLE USER INTERFACE TOWER API USERS
OPEN SOURCE MODULE LIBRARY ANSIBLE PLUGINS PYTHON CODEBASE
TRANSPORT
SSH, WINRM, ETC.
INFRASTRUCTURE NETWORKS CONTAINERS CLOUD SERVICES AUTOMATE YOUR LINUX, ARISTA, DOCKER, AWS, DATABASES, ENTERPRISE WINDOWS, CISCO, LXC … GOOGLE CLOUD, LOGGING, UNIX … JUNIPER … AZURE … SOURCE CONTROL MANAGEMENT…
USE CASES CONFIGURATION APP CONTINUOUS SECURITY & PROVISIONING MANAGEMENT DEPLOYMENT DELIVERY COMPLIANCE ORCHESTRATION HOW ANSIBLE WORKS
CMDB PUBLIC / PRIVATE CLOUD
ANSIBLE’S AUTOMATION ENGINE
USERS HOSTS INVENTORY API
MODULES PLUGINS NETWORKING ANSIBLE PLAYBOOK HOW ANSIBLE WORKS
CMDB PUBLIC / PRIVATE CLOUD
ANSIBLE’S AUTOMATION ENGINE PLAYBOOKS ARE WRITTEN IN YAML Tasks are executed sequentially USERS Invokes Ansible modules HOSTS INVENTORY API
MODULES PLUGINS NETWORKING ANSIBLE PLAYBOOK HOW ANSIBLE WORKS
CMDB PUBLIC / PRIVATE CLOUD
ANSIBLE’S AUTOMATIONMODULES ENGINE ARE “TOOLS IN THE TOOLKIT” Python, Powershell, or any language
USERS Extend Ansible simplicity to entire stack HOSTS INVENTORY API
MODULES PLUGINS NETWORKING ANSIBLE PLAYBOOK HOW ANSIBLE WORKS
CMDB [web] PUBLIC / PRIVATE webserver1.example.com CLOUD webserver2.example.com
[db] ANSIBLE’S AUTOMATIONdbserver1.example.com ENGINE
USERS HOSTS INVENTORY API
MODULES PLUGINS NETWORKING ANSIBLE PLAYBOOK HOW ANSIBLE WORKS
CMDB PUBLIC / PRIVATE CLOUD
ANSIBLE’S AUTOMATIONCLOUD: ENGINE OpenStack, VMware, EC2, Rackspace, GCE, Azure, Spacewalk, Hanlon, Cobbler USERS CUSTOM CMDB HOSTS INVENTORY API
MODULES PLUGINS NETWORKING ANSIBLE PLAYBOOK PLAYBOOK EXAMPLE
--- - name: install and start apache hosts: all vars: http_port: 80 max_clients: 200 remote_user: root
tasks: - name: install httpd yum: pkg=httpd state=latest - name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf - name: start httpd service: name=httpd state=running PLAYBOOK EXAMPLE
--- - name: install and start apache hosts: all vars: http_port: 80 max_clients: 200 remote_user: root
tasks: - name: install httpd yum: pkg=httpd state=latest - name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf - name: start httpd service: name=httpd state=running PLAYBOOK EXAMPLE
--- - name: install and start apache hosts: all vars: http_port: 80 max_clients: 200 remote_user: root
tasks: - name: install httpd yum: pkg=httpd state=latest - name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf - name: start httpd service: name=httpd state=running PLAYBOOK EXAMPLE
--- - name: install and start apache hosts: all vars: http_port: 80 max_clients: 200 remote_user: root
tasks: - name: install httpd yum: pkg=httpd state=latest - name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf - name: start httpd service: name=httpd state=running PLAYBOOK EXAMPLE
--- - name: install and start apache hosts: all vars: http_port: 80 max_clients: 200 remote_user: root
tasks: - name: install httpd yum: pkg=httpd state=latest - name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf - name: start httpd service: name=httpd state=running PLAYBOOK EXAMPLE
--- - name: install and start apache hosts: all vars: http_port: 80 max_clients: 200 remote_user: root
tasks: - name: install httpd yum: pkg=httpd state=latest - name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf - name: start httpd service: name=httpd state=running MODULES ANSIBLE TOWER AND RED HAT INFRASTRUCTURE
Management / Satellite Infrastructure / RHEL
● Deploy satellite agents to servers ● Existing environment baselining ● Unify post-build systems and management management ● System deployment, configuration, ● Manage server channel and management subscriptions ● Orchestrate complex environment ● Ease migration between satellite standups infrastructures ● Discover Red Hat Enterprise ● Unify disparate update and (RHEL) versions and reconcile management infrastructures subscriptions
27 ANSIBLE TOWER AND RED HAT CLOUD
Cloud / OpenShift Cloud / CloudForms
● Manage software development ● Existing system and environment lifecycle for applications deployed integration on OpenShift ● Ongoing environment and system ● Deploy applications into OpenShift updating and management ● Deploy and manage OpenShift in ● Complex multi-tiered deployments an on-prem environment
Cloud / OpenStack ● Deploy and manage OpenStack infrastructure ● Deploy and manage OpenStack instances
28 ANSIBLE TOWER AND RED HAT MIDDLEWARE
Middleware / JBOSS
● Deploy JBOSS products across disparate infrastructures ● Centrally manage JBOSS configurations ● Deploy and manage JBOSS applications ● Discover JBOSS versions and reconcile subscriptions
29 THE ANSIBLE WAY
CROSS PLATFORM – Linux, Windows, UNIX Agentless support for all major OS variants, physical, virtual, cloud and network
HUMAN READABLE – YAML Perfectly describe and document every aspect of your application environment
PERFECT DESCRIPTION OF APPLICATION Every change can be made by playbooks, ensuring everyone is on the same page
VERSION CONTROLLED Playbooks are plain-text. Treat them like code in your existing version control.
DYNAMIC INVENTORIES Capture all the servers 100% of the time, regardless of infrastructure, location, etc.
ORCHESTRATION THAT PLAYS WELL WITH OTHERS – HP SA, Puppet, Jenkins, RHNSS, etc. Homogenize existing environments by leveraging current toolsets and update mechanisms. COMMUNITY
THE MOST POPULAR OPEN-SOURCE AUTOMATION COMMUNITY ON GITHUB • 17,500+ stars & 5,300+ forks on GitHub • 2000+ GitHub Contributors • Over 450 modules shipped with Ansible • New contributors added every day • 1400+ users on IRC channel • Top 10 open source projects in 2014 • World-wide meetups taking place every week • Ansible Galaxy: over 7,000 Roles • 250,000+ downloads a month • AnsibleFests in NYC, SF, London ANSIBLE: THE LANGUAGE OF DEVOPS
ANSIBLE PLAYBOOK
From …to development… production.
DEV/TEST Q/A OPERATIONS MANAGEMENT OUTSOURCERS
COMMUNICATION IS THE KEY TO DEVOPS. Ansible is the first automation language that can be read and written across IT. Ansible is the only automation engine that can automate the entire application lifecycle and continuous delivery pipeline. ANSIBLE: ENTERPRISE IMPACT
TEAM IMPACT ENTERPRISE IMPACT
+ Save time and be more productive + Overcome complexity
+ Eliminate repetitive tasks + More resources for innovation
+ Fewer mistakes & errors + Increase accountability and compliance + Improve collaboration + A culture of success and job satisfaction GETTING STARTED
Have you used Ansible already? Try Tower for free: ansible.com/tower-trial
Would you like to learn Ansible? It’s easy to get started: ansible.com/get-started
Want to learn more? ansible.com/whitepapers PLAYBOOK EXAMPLES
RHEL DISA STIG Compliance:
http://www.ansible.com/security-stig https://github.com/MindPointGroup/RHEL7-STIG https://github.com/samdoran/ansible-role-rhel7-stig
LAMP + HA Proxy + Nagios:
https://github.com/ansible/ansible-examples/tree/master/lamp_haproxy
JBoss Application Server:
https://github.com/ansible/ansible-examples/tree/master/jboss-standalone
Many more examples at: http://galaxy.ansible.com https://github.com/ansible/ansible-examples