ANSIBLE AUTOMATION AT TJX
Ansible Introduction and TJX Use Case Overview
Priya Zambre Infrastructure Engineer
Tyler Cross Senior Cloud Specialist Solution Architect AGENDA
● Ansible Engine - what is it and how does it work? ● Ansible Tower - what is it and how does it work? ● TJX - infrastructure challenges ● TJX - why Ansible? ● TJX - Ansible Automation use cases AUTOMATION IS CRITICAL
86% 79% Automation is either mission Of IT organizations will need to critical or very important to their deploy new management and future Cloud strategy automation software between now and 2020
Source: IDC Infobrief sponsored by Red Hat, Automation, DevOps and the Demands of a Multicloud World, March 2018 N= 1171 Worldwide It Operations Decision Makers EVERYBODY NEEDS AUTOMATION
ENABLE REUSE Leverage existing people, processes, and (often) technology
INCREASE SAVINGS Free up time to work on more important things
SPAN SILOS Empower teams to work efficiently
CREATE REPEATABILITY Lather, rinse, repeat WHAT IS ANSIBLE AUTOMATION?
Ansible Automation provides the glue needed to bridge together all layers of an enterprise architecture. It includes both Ansible Engine and Ansible Tower.
Ansible Engine is a simple, cross-platform automation tool for individual engineers, administrators, and operators.
Ansible Tower is the enterprise automation platform for controlling, managing, integrating, securing and scaling out execution of Ansible Engine. RED HAT ANSIBLE TOWER Scale + operationalize your automation
CONTROL KNOWLEDGE DELEGATION
RED HAT ANSIBLE ENGINE Support for your Ansible automation
SIMPLE POWERFUL AGENTLESS
FUELED BY AN INNOVATIVE OPEN SOURCE COMMUNITY AUTOMATION FOR THE ENGINEER Ansible Engine technical introduction and overview SIMPLE POWERFUL AGENTLESS
Human readable automation App deployment Agentless architecture
No special coding skills needed Configuration management Uses OpenSSH & WinRM
Tasks executed in order Workflow orchestration No agents to exploit or update
Usable by every team Network automation Get started immediately
Get productive quickly Orchestrate the app lifecycle More efficient & more secure HOW ANSIBLE WORKS
Playbooks contain lists of tasks, each referencing a small program called a module. Playbooks describe the desired state of an endpoint.
Modules take directives from tasks
Register module output for later use
Future tasks act on the results of previous tasks
Desired state builds like a layer cake
Apply changes conditionally
Based on system state and results from earlier tasks Cumulus OpenSwitch Docker CloudStack Atomic A10 Palo VMware Alto RHV Arista Cisco F5 OpenStack Cumulus VIRT AND NETWORK Big CONTAINER Switch Juniper OpenShift
Dell
ACLs Domains Files Shell Packages Slack HipChat
Regedits NOTIFY Sendgrid WINDOWS Jabber
Commands RocketChat DSC IRC Email Services Shares Twilio IIS Users Google Linode CLOUD OpenStack Docker
Digital AWS Ocean Century Cloud Rackspace Scale 10 Link Azure *And 1500 more... THE LANGUAGE OF ENTERPRISE IT
ANSIBLE PLAYBOOK
From development… …to production.
DEV/TEST Q/A OPERATIONS MANAGEMENT OUTSOURCERS
COMMUNICATION IS THE KEY TO DEVOPS. Ansible is the first automation language that can be read and written across IT.
Ansible is the only automation engine that can automate the entire application lifecycle and continuous delivery pipeline. AUTOMATION FOR TEAMS Ansible Tower technical introduction and overview WHAT IS ANSIBLE TOWER?
Ansible Tower is an enterprise framework for controlling, securing and managing your Ansible automation – with a UI and RESTful API.
• Secure credential storage
• Role-based access control
• Launch Playbooks with the click of a button
• Create workflows composed of multiple Playbooks
• All automations are centrally logged
13 …. ANSIBLE CLI & CI SYSTEMS ANSIBLE PLAYBOOKS ADMINS ROLE-BASED KNOWLEDGE SCHEDULED & ANSIBLE ACCESS CONTROL & VISIBILITY CENTRALIZED JOBS TOWER SIMPLE USER INTERFACE TOWER API USERS
OPEN SOURCE MODULE LIBRARY ANSIBLE PLUGINS PYTHON CODEBASE
TRANSPORT
SSH, WINRM, ETC.
INFRASTRUCTURE NETWORKS CONTAINERS CLOUD SERVICES AUTOMATE LINUX, ARISTA, DOCKER, AWS, DATABASES, YOUR WINDOWS, CISCO, LXC … GOOGLE CLOUD, LOGGING, ENTERPRISE UNIX … JUNIPER … AZURE … SOURCE CONTROL MANAGEMENT…
USE CASES
PROVISIONING CONFIGURATION APP CONTINUOUS SECURITY & ORCHESTRATION MANAGEMENT DEPLOYMENT DELIVERY COMPLIANCE SUCCESS STORY Ansible Automation at TJX ● A Global Off-price retailer of apparel and home fashions in the
U.S. and worldwide
● Ranking No. 87 in the 2017 Fortune 500 listings
● 3800+ stores span 9 countries on 3 continents
● 7 Retail chains, including 3 e-commerce sites INFRASTRUCTURE SERVICE DELIVERY TASKS
Server Builds App/DB Deployment OS Upgrades Security Patches
Provision Service ID Configure Clusters App/DB Upgrades App / DB Changes Users/Groups TRADITIONAL IT18 Create VM Virtual Machine System Admin
Complete Security hardening and Post Install
System Admin Create APP/DB File System, Install Patches Server
Delivery time 7 to 8 weeks Provision Service Accounts/group Security Admin OS Image
Install APP/DB Configured Server DBA
Security Baseline Approved Server Information Assurance App Delivery Team ISSUES WITH TRADITIONAL INFRASTRUCTURE DELIVERY MODEL
Manual and inconsistent builds
Complex scripting
Room for human error
Low efficiency and high cost
Lack of drift detection management
Poor time to value ratio
Demands highly technical people WHY DID WE CHOOSE ANSIBLE AND ANSIBLE TOWER?
AGENTLESS LOW LEARNING CURVE DEVOPS READY
Agentless support for all major OS Ansible is incredibly easy to learn and The agentless design paired with its variants, physical, virtual, cloud and doesn’t require any programming large set of out-of-box modules makes network devices. skills. Ansible perfect for DevOps.
PLATFORM AGNOSTIC API ENABLED AUDIT AND RBAC
Ansible modules combined with the Ansible can automate interaction with Ansible Tower provides a way to control who can take different actions agentless design result in cross APIs and Ansible Tower has its own and view what actions they have taken platform automation capabilities. powerful API. in the past. System Admin add Playbook Delivery time 1 day Create Deploy App
Maintenance Provision Security push the button Baseline Security App Validation Security Configure Delivery Admin Team
Patch report deploy
Configured Approved App-Ready Server OS Image Infrastructure Virtual Machine Server Server Server WHAT DID WE AUTOMATE?
Full Stack IaaS PaaS Deployment Operational Tasks
Linux server builds Middleware stack deployment Install Java Patching and updates (WAS, MQ, IIB) Post install configuration Install web server Service account provisioning SQL, Oracle, DB2 DB Security hardening deployment Configure web server Agent deployments
Deploy application SELF-SERVICE APP DEPLOYMENT FLOW
User Initiates Request From Self-Service Portal
vRO Launches Ansible Tower Job
Download Artifact for Deployment
Deploy Application
APP SERVER
PostgreSQL RECOMMENDATIONS FROM THE EXPERIENCE
● Use Roles ● Externalize configuration parameters ● Use Tower for RBAC, auditing, UI and ease of management ● Use Tower API for integrations ● Get started now!
AUTOMATION & MANAGEMENT
Come see us in the Red Hat booth in the Partner Pavilion.
‘Management - What’s New’ + New products under development THANK YOU
plus.google.com/+RedHat facebook.com/redhatinc
linkedin.com/company/red-hat twitter.com/RedHat
youtube.com/user/RedHatVideos