Automating the Enterprise with Ansible
Total Page:16
File Type:pdf, Size:1020Kb
AUTOMATING THE ENTERPRISE WITH ANSIBLE Dustin Boyd Solutions Architect September 12, 2017 EVERY ORGANIZATION IS A DIGITAL ORGANIZATION. Today, IT is driving innovation. If you can’t deliver software fast, your organization can’t meet the mission, period. Digital organizations are essentially software. If they expect to thrive in a digital environment, they must have an improved competence in software delivery. Gartner 2015 2 COMPLEXITY KILLS PRODUCTIVITY. Complexity is the enemy of innovation, which is why today’s enterprises are looking to automation and DevOps tools and practices. DevOps can help organizations that are pushing to implement a bimodal strategy to support their digitalization efforts. Gartner 2015 3 WHEN YOU AUTOMATE, YOU ACCELERATE. Ansible loves the repetitive work your people hate. It helps smart people do smarter work. All with fewer errors and better accountability. Automation can crush complexity and it gives you the one thing you can’t get enough of… time. 4 “Ansible delivers DevOps to a broader class of enterprise users that include those inside the business units and teams where agile practices and fast provisioning of infrastructure are in demand.” JAY LYMAN, 451 RESEARCH – NOV 2013 GARTNER COOL VENDOR 2015 “Previous vendors in this [DevOps] market often require unique programming skills. Ansible’s simple language reduces the barrier to adoption and opens it up to a variety of skill sets…” 5 AUTOMATION = ACCELERATION “With Ansible Tower, we just click a button and deploy to production in 5 minutes. It used to take us 5 hours with 6 people sitting in a room, making sure we didn’t do anything wrong (and we usually still had errors). We now deploy to production every other day instead of every 2 weeks, and nobody has to be up at 4am making sure it was done right.” “By using Ansible Tower Surveys, we have created a self-service capability that allows our IT guys to provision new cloud customers quickly. Our first 3 customers each took 2 weeks to provision. With Ansible, our next 500 customers took 10 minutes each to provision.” “We use Ansible to deploy the network configurations to new datacenters for our games. Previously, it would take 4 days worth of work, onsite, to make sure that our networks were configured correctly. With Ansible, I can now configure a datacenter in 4 minutes, remotely.” Many Ansible investments repay themselves in less than FOUR months 6 MODERNIZE MIGRATION Automate existing processes Define applications once Manage legacy like DevOps Re-deploy anywhere DEVOPS Model everything Deploy continuously 7 WHAT IS ANSIBLE? It’s a simple automation language that can perfectly describe an IT application infrastructure in Ansible Playbooks. It’s an automation engine that runs Ansible Playbooks. Ansible Tower is an enterprise framework for controlling, securing and managing your Ansible automation with a UI and RESTful API. 8 SIMPLE POWERFUL AGENTLESS Human readable automation App deployment Agentless architecture No special coding skills needed Configuration management Uses OpenSSH & WinRM Tasks executed in order Workflow orchestration No agents to exploit or update Get productive quickly Orchestrate the app lifecycle More efficient & more secure 9 WHAT IS ANSIBLE TOWER? Ansible tower is an enterprise framework for controlling, securing and managing your Ansible automation – with a UI and restful API. • Role-based access control keeps environments secure, and teams efficient. • Non-privileged users can safely deploy entire applications with push-button deployment access. • All Ansible automations are centrally logged, ensuring complete auditability and compliance. ANSIBLE TOWER TOWER EMPOWERS TEAMS TO AUTOMATE CONTROL KNOWLEDGE DELEGATION Scheduled and Visibility and compliance Role-based access centralized jobs and self-service SIMPLE POWERFUL AGENTLESS Everyone speaks the Designed for Predictable, reliable, same language multi-tier deployments and secure AT ANSIBLE’S CORE IS AN OPEN-SOURCE AUTOMATION ENGINE 11 TOWER TAKES TEAMS FURTHER, FASTER ACCELERATED INNOVATION • Automation enables IT to drive innovation across the business SCALABLE SIMPLICITY • Reduction of manual effort speeds work with fewer errors ACCOUNTABLE AUTOMATION • Achieve compliance without being held back by it COMMUNITY DRIVEN • Unify teams with tooling built to drive culture 12 USE CASES CONFIG MANAGEMENT APP DEPLOYMENT PROVISIONING When you define your application Your apps have to live somewhere. Centralizing configuration file with Ansible, and manage the If you’re PXE booting and management and deployment is a deployment with Tower, teams are kickstarting bare-metal servers or common use case for Ansible, and able to effectively manage the VMs, or creating virtual or cloud it’s how many power users are entire application lifecycle from instances from templates, Ansible first introduced to the Ansible development to production. and Ansible Tower help streamline automation platform. the process. CONTINUOUS DELIVERY SECURITY & COMPLIANCE ORCHESTRATION Creating a CI/CD pipeline requires buy-in from numerous teams. You When you define your security policy Configurations alone don’t define can’t do it without a simple in Ansible, scanning and remediation your environment. You need to automation platform that everyone in of site-wide security policy can be define how multiple configurations your organization can use. Ansible integrated into other automated interact and ensure the disparate Playbooks keep your applications processes and instead of being an pieces can be managed as a whole. properly deployed (and managed) afterthought, it’ll be integral in Out of complexity and chaos, throughout their entire lifecycle. everything that is deployed. Ansible brings order. PLATFORM OVERVIEW ANSIBLE CLI & CI SYSTEMS …. ANSIBLE PLAYBOOKS ADMINS ROLE-BASED KNOWLEDGE SCHEDULED & ANSIBLE ACCESS CONTROL & VISIBILITY CENTRALIZED JOBS TOWER SIMPLE USER INTERFACE TOWER API USERS OPEN SOURCE MODULE LIBRARY ANSIBLE PLUGINS PYTHON CODEBASE TRANSPORT SSH, WINRM, ETC. INFRASTRUCTURE NETWORKS CONTAINERS CLOUD SERVICES AUTOMATE YOUR LINUX, ARISTA, DOCKER, AWS, DATABASES, ENTERPRISE WINDOWS, CISCO, LXC … GOOGLE CLOUD, LOGGING, UNIX … JUNIPER … AZURE … SOURCE CONTROL MANAGEMENT… USE CASES CONFIGURATION APP CONTINUOUS SECURITY & PROVISIONING MANAGEMENT DEPLOYMENT DELIVERY COMPLIANCE ORCHESTRATION HOW ANSIBLE WORKS CMDB PUBLIC / PRIVATE CLOUD ANSIBLE’S AUTOMATION ENGINE USERS HOSTS INVENTORY API MODULES PLUGINS NETWORKING ANSIBLE PLAYBOOK HOW ANSIBLE WORKS CMDB PUBLIC / PRIVATE CLOUD ANSIBLE’S AUTOMATION ENGINE PLAYBOOKS ARE WRITTEN IN YAML Tasks are executed sequentially USERS Invokes Ansible modules HOSTS INVENTORY API MODULES PLUGINS NETWORKING ANSIBLE PLAYBOOK HOW ANSIBLE WORKS CMDB PUBLIC / PRIVATE CLOUD ANSIBLE’S AUTOMATIONMODULES ENGINE ARE “TOOLS IN THE TOOLKIT” Python, Powershell, or any language USERS Extend Ansible simplicity to entire stack HOSTS INVENTORY API MODULES PLUGINS NETWORKING ANSIBLE PLAYBOOK HOW ANSIBLE WORKS CMDB [web] PUBLIC / PRIVATE webserver1.example.com CLOUD webserver2.example.com [db] ANSIBLE’S AUTOMATIONdbserver1.example.com ENGINE USERS HOSTS INVENTORY API MODULES PLUGINS NETWORKING ANSIBLE PLAYBOOK HOW ANSIBLE WORKS CMDB PUBLIC / PRIVATE CLOUD ANSIBLE’S AUTOMATIONCLOUD: ENGINE OpenStack, VMware, EC2, Rackspace, GCE, Azure, Spacewalk, Hanlon, Cobbler USERS CUSTOM CMDB HOSTS INVENTORY API MODULES PLUGINS NETWORKING ANSIBLE PLAYBOOK PLAYBOOK EXAMPLE --- - name: install and start apache hosts: all vars: http_port: 80 max_clients: 200 remote_user: root tasks: - name: install httpd yum: pkg=httpd state=latest - name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf - name: start httpd service: name=httpd state=running PLAYBOOK EXAMPLE --- - name: install and start apache hosts: all vars: http_port: 80 max_clients: 200 remote_user: root tasks: - name: install httpd yum: pkg=httpd state=latest - name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf - name: start httpd service: name=httpd state=running PLAYBOOK EXAMPLE --- - name: install and start apache hosts: all vars: http_port: 80 max_clients: 200 remote_user: root tasks: - name: install httpd yum: pkg=httpd state=latest - name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf - name: start httpd service: name=httpd state=running PLAYBOOK EXAMPLE --- - name: install and start apache hosts: all vars: http_port: 80 max_clients: 200 remote_user: root tasks: - name: install httpd yum: pkg=httpd state=latest - name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf - name: start httpd service: name=httpd state=running PLAYBOOK EXAMPLE --- - name: install and start apache hosts: all vars: http_port: 80 max_clients: 200 remote_user: root tasks: - name: install httpd yum: pkg=httpd state=latest - name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf - name: start httpd service: name=httpd state=running PLAYBOOK EXAMPLE --- - name: install and start apache hosts: all vars: http_port: 80 max_clients: 200 remote_user: root tasks: - name: install httpd yum: pkg=httpd state=latest - name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf - name: start httpd service: name=httpd state=running MODULES ANSIBLE TOWER AND RED HAT INFRASTRUCTURE Management / Satellite Infrastructure / RHEL ● Deploy satellite agents to servers ● Existing environment baselining ● Unify post-build systems and management management