ANSIBLE AUTOMATION AT TJX

Ansible Introduction and TJX Use Case Overview

Priya Zambre Infrastructure Engineer

Tyler Cross Senior Cloud Specialist Solution Architect AGENDA

● Ansible Engine - what is it and how does it work? ● Ansible Tower - what is it and how does it work? ● TJX - infrastructure challenges ● TJX - why Ansible? ● TJX - Ansible Automation use cases AUTOMATION IS CRITICAL

86% 79% Automation is either mission Of IT organizations will need to critical or very important to their deploy new management and future Cloud strategy automation software between now and 2020

Source: IDC Infobrief sponsored by Red Hat, Automation, DevOps and the Demands of a Multicloud World, March 2018 N= 1171 Worldwide It Operations Decision Makers EVERYBODY NEEDS AUTOMATION

ENABLE REUSE Leverage existing people, processes, and (often) technology

INCREASE SAVINGS Free up time to work on more important things

SPAN SILOS Empower teams to work efficiently

CREATE REPEATABILITY Lather, rinse, repeat WHAT IS ANSIBLE AUTOMATION?

Ansible Automation provides the glue needed to bridge together all layers of an enterprise architecture. It includes both Ansible Engine and Ansible Tower.

Ansible Engine is a simple, cross-platform automation tool for individual engineers, administrators, and operators.

Ansible Tower is the enterprise automation platform for controlling, managing, integrating, securing and scaling out execution of Ansible Engine. RED HAT ANSIBLE TOWER Scale + operationalize your automation

CONTROL KNOWLEDGE DELEGATION

RED HAT ANSIBLE ENGINE Support for your Ansible automation

SIMPLE POWERFUL AGENTLESS

FUELED BY AN INNOVATIVE OPEN SOURCE COMMUNITY AUTOMATION FOR THE ENGINEER Ansible Engine technical introduction and overview SIMPLE POWERFUL AGENTLESS

Human readable automation App deployment Agentless architecture

No special coding skills needed Configuration management Uses OpenSSH & WinRM

Tasks executed in order Workflow orchestration No agents to exploit or update

Usable by every team Network automation Get started immediately

Get productive quickly Orchestrate the app lifecycle More efficient & more secure HOW ANSIBLE WORKS

Playbooks contain lists of tasks, each referencing a small program called a module. Playbooks describe the desired state of an endpoint.

Modules take directives from tasks

Register module output for later use

Future tasks act on the results of previous tasks

Desired state builds like a layer cake

Apply changes conditionally

Based on system state and results from earlier tasks Cumulus OpenSwitch Docker CloudStack Atomic A10 Palo VMware Alto RHV Arista Cisco F5 OpenStack Cumulus VIRT AND NETWORK Big CONTAINER Switch Juniper OpenShift

Dell

ACLs Domains Files Shell Packages Slack HipChat

Regedits NOTIFY Sendgrid WINDOWS Jabber

Commands RocketChat DSC IRC Email Services Shares Twilio IIS Users Google Linode CLOUD OpenStack Docker

Digital AWS Ocean Century Cloud Rackspace Scale 10 Link Azure *And 1500 more... THE LANGUAGE OF ENTERPRISE IT

ANSIBLE PLAYBOOK

From development… …to production.

DEV/TEST Q/A OPERATIONS MANAGEMENT OUTSOURCERS

COMMUNICATION IS THE KEY TO DEVOPS. Ansible is the first automation language that can be read and written across IT.

Ansible is the only automation engine that can automate the entire application lifecycle and continuous delivery pipeline. AUTOMATION FOR TEAMS Ansible Tower technical introduction and overview WHAT IS ANSIBLE TOWER?

Ansible Tower is an enterprise framework for controlling, securing and managing your Ansible automation – with a UI and RESTful API.

• Secure credential storage

• Role-based access control

• Launch Playbooks with the click of a button

• Create workflows composed of multiple Playbooks

• All automations are centrally logged

13 …. ANSIBLE CLI & CI SYSTEMS ANSIBLE PLAYBOOKS ADMINS ROLE-BASED KNOWLEDGE SCHEDULED & ANSIBLE ACCESS CONTROL & VISIBILITY CENTRALIZED JOBS TOWER SIMPLE USER INTERFACE TOWER API USERS

OPEN SOURCE MODULE LIBRARY ANSIBLE PLUGINS PYTHON CODEBASE

TRANSPORT

SSH, WINRM, ETC.

INFRASTRUCTURE NETWORKS CONTAINERS CLOUD SERVICES AUTOMATE LINUX, ARISTA, DOCKER, AWS, DATABASES, YOUR WINDOWS, CISCO, LXC … GOOGLE CLOUD, LOGGING, ENTERPRISE UNIX … JUNIPER … AZURE … SOURCE CONTROL MANAGEMENT…

USE CASES

PROVISIONING CONFIGURATION APP CONTINUOUS SECURITY & ORCHESTRATION MANAGEMENT DEPLOYMENT DELIVERY COMPLIANCE SUCCESS STORY Ansible Automation at TJX ● A Global Off-price retailer of apparel and home fashions in the

U.S. and worldwide

● Ranking No. 87 in the 2017 Fortune 500 listings

● 3800+ stores span 9 countries on 3 continents

● 7 Retail chains, including 3 e-commerce sites INFRASTRUCTURE SERVICE DELIVERY TASKS

Server Builds App/DB Deployment OS Upgrades Security Patches

Provision Service ID Configure Clusters App/DB Upgrades App / DB Changes Users/Groups TRADITIONAL IT18 Create VM Virtual Machine System Admin

Complete Security hardening and Post Install

System Admin Create APP/DB File System, Install Patches Server

Delivery time 7 to 8 weeks Provision Service Accounts/group Security Admin OS Image

Install APP/DB Configured Server DBA

Security Baseline Approved Server Information Assurance App Delivery Team ISSUES WITH TRADITIONAL INFRASTRUCTURE DELIVERY MODEL

Manual and inconsistent builds

Complex scripting

Room for human error

Low efficiency and high cost

Lack of drift detection management

Poor time to value ratio

Demands highly technical people WHY DID WE CHOOSE ANSIBLE AND ANSIBLE TOWER?

AGENTLESS LOW LEARNING CURVE DEVOPS READY

Agentless support for all major OS Ansible is incredibly easy to learn and The agentless design paired with its variants, physical, virtual, cloud and doesn’t require any programming large set of out-of-box modules makes network devices. skills. Ansible perfect for DevOps.

PLATFORM AGNOSTIC API ENABLED AUDIT AND RBAC

Ansible modules combined with the Ansible can automate interaction with Ansible Tower provides a way to control who can take different actions agentless design result in cross APIs and Ansible Tower has its own and view what actions they have taken platform automation capabilities. powerful API. in the past. System Admin add Playbook Delivery time 1 day Create Deploy App

Maintenance Provision Security push the button Baseline Security App Validation Security Configure Delivery Admin Team

Patch report deploy

Configured Approved App-Ready Server OS Image Infrastructure Virtual Machine Server Server Server WHAT DID WE AUTOMATE?

Full Stack IaaS PaaS Deployment Operational Tasks

Linux server builds Middleware stack deployment Install Java Patching and updates (WAS, MQ, IIB) Post install configuration Install web server Service account provisioning SQL, Oracle, DB2 DB Security hardening deployment Configure web server Agent deployments

Deploy application SELF-SERVICE APP DEPLOYMENT FLOW

User Initiates Request From Self-Service Portal

vRO Launches Ansible Tower Job

Download Artifact for Deployment

Deploy Application

APP SERVER

PostgreSQL RECOMMENDATIONS FROM THE EXPERIENCE

● Use Roles ● Externalize configuration parameters ● Use Tower for RBAC, auditing, UI and ease of management ● Use Tower API for integrations ● Get started now!

AUTOMATION & MANAGEMENT

Come see us in the Red Hat booth in the Partner Pavilion.

‘Management - What’s New’ + New products under development THANK YOU

plus.google.com/+RedHat facebook.com/redhatinc

linkedin.com/company/red-hat twitter.com/RedHat

youtube.com/user/RedHatVideos