Automating the Enterprise with Ansible

AUTOMATING THE ENTERPRISE WITH ANSIBLE

Dustin Boyd Solutions Architect September 12, 2017 EVERY ORGANIZATION IS A DIGITAL ORGANIZATION.

Today, IT is driving innovation. If you can’t deliver software fast, your organization can’t meet the mission, period.

Digital organizations are essentially software. If they expect to thrive in a digital environment, they must have an improved competence in software delivery.

Gartner 2015

2 COMPLEXITY KILLS PRODUCTIVITY.

Complexity is the enemy of innovation, which is why today’s enterprises are looking to automation and DevOps tools and practices.

DevOps can help organizations that are pushing to implement a bimodal strategy to support their digitalization efforts.

Gartner 2015

3 WHEN YOU AUTOMATE, YOU ACCELERATE.

Ansible loves the repetitive work your people hate. It helps smart people do smarter work. All with fewer errors and better accountability.

Automation can crush complexity and it gives you the one thing you can’t get enough of… time.

4 “Ansible delivers DevOps to a broader class of enterprise users that include those inside the business units and teams where agile practices and fast provisioning of infrastructure are in demand.”

JAY LYMAN, 451 RESEARCH – NOV 2013

GARTNER COOL VENDOR 2015 “Previous vendors in this [DevOps] market often require unique programming skills. Ansible’s simple language reduces the barrier to adoption and opens it up to a variety of skill sets…”

5 AUTOMATION = ACCELERATION

“With Ansible Tower, we just click a button and deploy to production in 5 minutes. It used to take us 5 hours with 6 people sitting in a room, making sure we didn’t do anything wrong (and we usually still had errors). We now deploy to production every other day instead of every 2 weeks, and nobody has to be up at 4am making sure it was done right.”

“By using Ansible Tower Surveys, we have created a self-service capability that allows our IT guys to provision new cloud customers quickly. Our first 3 customers each took 2 weeks to provision. With Ansible, our next 500 customers took 10 minutes each to provision.”

“We use Ansible to deploy the network configurations to new datacenters for our games. Previously, it would take 4 days worth of work, onsite, to make sure that our networks were configured correctly. With Ansible, I can now configure a datacenter in 4 minutes, remotely.”

Many Ansible investments repay themselves in less than FOUR months 6 MODERNIZE MIGRATION Automate existing processes Define applications once

Manage legacy like DevOps Re-deploy anywhere

DEVOPS Model everything

Deploy continuously

7 WHAT IS ANSIBLE?

It’s a simple automation language that can perfectly describe an IT application infrastructure in Ansible Playbooks.

It’s an automation engine that runs Ansible Playbooks.

Ansible Tower is an enterprise framework for controlling, securing and managing your Ansible automation with a UI and RESTful API.

8 SIMPLE POWERFUL AGENTLESS

Human readable automation App deployment Agentless architecture

No special coding skills needed Configuration management Uses OpenSSH & WinRM

Tasks executed in order Workflow orchestration No agents to exploit or update

Get productive quickly Orchestrate the app lifecycle More efficient & more secure

9 WHAT IS ANSIBLE TOWER?

Ansible tower is an enterprise framework for controlling, securing and managing your Ansible automation – with a UI and restful API. • Role-based access control keeps environments secure, and teams efficient.

• Non-privileged users can safely deploy entire applications with push-button deployment access.

• All Ansible automations are centrally logged, ensuring complete auditability and compliance. ANSIBLE TOWER

TOWER EMPOWERS TEAMS TO AUTOMATE

CONTROL KNOWLEDGE DELEGATION Scheduled and Visibility and compliance Role-based access centralized jobs and self-service

SIMPLE POWERFUL AGENTLESS Everyone speaks the Designed for Predictable, reliable, same language multi-tier deployments and secure

AT ANSIBLE’S CORE IS AN OPEN-SOURCE AUTOMATION ENGINE

11 TOWER TAKES TEAMS FURTHER, FASTER

ACCELERATED INNOVATION • Automation enables IT to drive innovation across the business

SCALABLE SIMPLICITY • Reduction of manual effort speeds work with fewer errors

ACCOUNTABLE AUTOMATION • Achieve compliance without being held back by it

COMMUNITY DRIVEN • Unify teams with tooling built to drive culture 12 USE CASES

CONFIG MANAGEMENT APP DEPLOYMENT PROVISIONING

When you define your application Your apps have to live somewhere. Centralizing configuration file with Ansible, and manage the If you’re PXE booting and management and deployment is a deployment with Tower, teams are kickstarting bare-metal servers or common use case for Ansible, and able to effectively manage the VMs, or creating virtual or cloud it’s how many power users are entire application lifecycle from instances from templates, Ansible first introduced to the Ansible development to production. and Ansible Tower help streamline automation platform. the process.

CONTINUOUS DELIVERY SECURITY & COMPLIANCE ORCHESTRATION

Creating a CI/CD pipeline requires buy-in from numerous teams. You When you define your security policy Configurations alone don’t define can’t do it without a simple in Ansible, scanning and remediation your environment. You need to automation platform that everyone in of site-wide security policy can be define how multiple configurations your organization can use. Ansible integrated into other automated interact and ensure the disparate Playbooks keep your applications processes and instead of being an pieces can be managed as a whole. properly deployed (and managed) afterthought, it’ll be integral in Out of complexity and chaos, throughout their entire lifecycle. everything that is deployed. Ansible brings order. PLATFORM OVERVIEW

…. ANSIBLE CLI & CI SYSTEMS ANSIBLE PLAYBOOKS ADMINS ROLE-BASED KNOWLEDGE SCHEDULED & ANSIBLE ACCESS CONTROL & VISIBILITY CENTRALIZED JOBS TOWER SIMPLE USER INTERFACE TOWER API USERS

OPEN SOURCE MODULE LIBRARY ANSIBLE PLUGINS PYTHON CODEBASE

TRANSPORT

SSH, WINRM, ETC.

INFRASTRUCTURE NETWORKS CONTAINERS CLOUD SERVICES AUTOMATE YOUR LINUX, ARISTA, DOCKER, AWS, DATABASES, ENTERPRISE WINDOWS, CISCO, LXC … GOOGLE CLOUD, LOGGING, UNIX … JUNIPER … AZURE … SOURCE CONTROL MANAGEMENT…

USE CASES CONFIGURATION APP CONTINUOUS SECURITY & PROVISIONING MANAGEMENT DEPLOYMENT DELIVERY COMPLIANCE ORCHESTRATION HOW ANSIBLE WORKS

CMDB PUBLIC / PRIVATE CLOUD

ANSIBLE’S AUTOMATION ENGINE

USERS HOSTS INVENTORY API

MODULES PLUGINS NETWORKING ANSIBLE PLAYBOOK HOW ANSIBLE WORKS

CMDB PUBLIC / PRIVATE CLOUD

ANSIBLE’S AUTOMATION ENGINE PLAYBOOKS ARE WRITTEN IN YAML Tasks are executed sequentially USERS Invokes Ansible modules HOSTS INVENTORY API

MODULES PLUGINS NETWORKING ANSIBLE PLAYBOOK HOW ANSIBLE WORKS

CMDB PUBLIC / PRIVATE CLOUD

ANSIBLE’S AUTOMATIONMODULES ENGINE ARE “TOOLS IN THE TOOLKIT” Python, Powershell, or any language

USERS Extend Ansible simplicity to entire stack HOSTS INVENTORY API

MODULES PLUGINS NETWORKING ANSIBLE PLAYBOOK HOW ANSIBLE WORKS

CMDB [web] PUBLIC / PRIVATE webserver1.example.com CLOUD webserver2.example.com

[db] ANSIBLE’S AUTOMATIONdbserver1.example.com ENGINE

USERS HOSTS INVENTORY API

MODULES PLUGINS NETWORKING ANSIBLE PLAYBOOK HOW ANSIBLE WORKS

CMDB PUBLIC / PRIVATE CLOUD

ANSIBLE’S AUTOMATIONCLOUD: ENGINE OpenStack, VMware, EC2, Rackspace, GCE, Azure, Spacewalk, Hanlon, Cobbler USERS CUSTOM CMDB HOSTS INVENTORY API

MODULES PLUGINS NETWORKING ANSIBLE PLAYBOOK PLAYBOOK EXAMPLE

--- - name: install and start apache hosts: all vars: http_port: 80 max_clients: 200 remote_user: root

tasks: - name: install httpd yum: pkg=httpd state=latest - name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf - name: start httpd service: name=httpd state=running PLAYBOOK EXAMPLE

--- - name: install and start apache hosts: all vars: http_port: 80 max_clients: 200 remote_user: root

Management / Satellite Infrastructure / RHEL

● Deploy satellite agents to servers ● Existing environment baselining ● Unify post-build systems and management management ● System deployment, configuration, ● Manage server channel and management subscriptions ● Orchestrate complex environment ● Ease migration between satellite standups infrastructures ● Discover Red Hat Enterprise ● Unify disparate update and (RHEL) versions and reconcile management infrastructures subscriptions

27 ANSIBLE TOWER AND RED HAT CLOUD

Cloud / OpenShift Cloud / CloudForms

● Manage software development ● Existing system and environment lifecycle for applications deployed integration on OpenShift ● Ongoing environment and system ● Deploy applications into OpenShift updating and management ● Deploy and manage OpenShift in ● Complex multi-tiered deployments an on-prem environment

Cloud / OpenStack ● Deploy and manage OpenStack infrastructure ● Deploy and manage OpenStack instances

28 ANSIBLE TOWER AND RED HAT MIDDLEWARE

Middleware / JBOSS

● Deploy JBOSS products across disparate infrastructures ● Centrally manage JBOSS configurations ● Deploy and manage JBOSS applications ● Discover JBOSS versions and reconcile subscriptions

29 THE ANSIBLE WAY

CROSS PLATFORM – Linux, Windows, UNIX Agentless support for all major OS variants, physical, virtual, cloud and network

HUMAN READABLE – YAML Perfectly describe and document every aspect of your application environment

PERFECT DESCRIPTION OF APPLICATION Every change can be made by playbooks, ensuring everyone is on the same page

VERSION CONTROLLED Playbooks are plain-text. Treat them like code in your existing version control.

DYNAMIC INVENTORIES Capture all the servers 100% of the time, regardless of infrastructure, location, etc.

ORCHESTRATION THAT PLAYS WELL WITH OTHERS – HP SA, Puppet, Jenkins, RHNSS, etc. Homogenize existing environments by leveraging current toolsets and update mechanisms. COMMUNITY

THE MOST POPULAR OPEN-SOURCE AUTOMATION COMMUNITY ON GITHUB • 17,500+ stars & 5,300+ forks on GitHub • 2000+ GitHub Contributors • Over 450 modules shipped with Ansible • New contributors added every day • 1400+ users on IRC channel • Top 10 open source projects in 2014 • World-wide meetups taking place every week • Ansible Galaxy: over 7,000 Roles • 250,000+ downloads a month • AnsibleFests in NYC, SF, London ANSIBLE: THE LANGUAGE OF DEVOPS

ANSIBLE PLAYBOOK

From …to development… production.

DEV/TEST Q/A OPERATIONS MANAGEMENT OUTSOURCERS

COMMUNICATION IS THE KEY TO DEVOPS. Ansible is the first automation language that can be read and written across IT. Ansible is the only automation engine that can automate the entire application lifecycle and continuous delivery pipeline. ANSIBLE: ENTERPRISE IMPACT

TEAM IMPACT ENTERPRISE IMPACT

+ Save time and be more productive + Overcome complexity

+ Eliminate repetitive tasks + More resources for innovation

+ Fewer mistakes & errors + Increase accountability and compliance + Improve collaboration + A culture of success and job satisfaction GETTING STARTED

Have you used Ansible already? Try Tower for free: ansible.com/tower-trial

Would you like to learn Ansible? It’s easy to get started: ansible.com/get-started

Want to learn more? ansible.com/whitepapers PLAYBOOK EXAMPLES

RHEL DISA STIG Compliance:

http://www.ansible.com/security-stig https://github.com/MindPointGroup/RHEL7-STIG https://github.com/samdoran/ansible-role-rhel7-stig

LAMP + HA Proxy + Nagios:

https://github.com/ansible/ansible-examples/tree/master/lamp_haproxy

JBoss Application Server:

https://github.com/ansible/ansible-examples/tree/master/jboss-standalone

Many more examples at: http://galaxy.ansible.com https://github.com/ansible/ansible-examples