Red Hat Ansible Automation Overview
Raed Soliman Solution Architect, Management Tiger Team
1 Value of Automation
How do you modernize existing I.T. while shifting investment to innovation?
Optimize the IT Integrate apps, data, Add & manage cloud Build more modern Automate & you have & processes infrastructure applications manage IT
2 ROI Value of Automation
Operational Efficiency Reduced lead times, automated provisioning “It’s all about repeatability and consistency” Cost Avoidance Saved $390k in additional hardware costs System Reconfiguration and Incident Response Reduced staff time requirements by 94% <3 months payback Security Updates Reduced staff time requirements by 80% 146% ROI
3 Source: Findings for an Organization interviewed for The Total Economic Impact™ Of Red Hat Ansible Automation, a June 2018 commissioned study conducted by Forrester Consulting on behalf of Red Hat. Red Hat Ansible Automation
Ansible is a simple automation language that can perfectly describe an IT application infrastructure in Ansible Playbooks.
RedHat Ansible Engine is an automation engine that runs Ansible Playbooks.
Red Hat Ansible Tower is an enterprise framework for controlling, securing and managing your Ansible automation with a UI & RESTful API.
4 The Ansible Way
CROSS PLATFORM HUMAN READABLE PERFECT DESCRIPTION OF
APPLICATION
Agentless support for all major OS Perfectly describe and document Every change can be made by variants, physical, virtual, cloud and every aspect of your application Playbooks, ensuring everyone is on network devices. environment. the same page.
VERSION CONTROLLED DYNAMIC INVENTORIES ORCHESTRATION PLAYS
WELL WITH OTHERS
Playbooks are plain-text. Treat them Capture all the servers 100% of the Every change can be made by like code in your existing version time, regardless of infrastructure, Playbooks, ensuring everyone is on control. location, etc. the same page.
5 Why Ansible?
SIMPLE POWERFUL AGENTLESS
Human readable automation App deployment Agentless architecture
No special coding skills needed Configuration management Uses OpenSSH & WinRM
Tasks executed in order Workflow orchestration No agents to exploit or update
Usable by every team Network automation Get started immediately
Get productive quickly Orchestrate the app lifecycle More efficient & more secure
6 Ansible Is The Universal Language
BUSINESS DEV QA/SECURITY IT OPERATIONS
Ansible is the first automation language that can be read and written across IT.
Ansible is the only automation engine that can automate the entire application lifecycle and continuous delivery pipeline.
7 What Can Ansible Do?
USE ANSIBLE FOR: USE ANSIBLE ON:
● Orchestration ● Servers ● Configuration Management ● Clouds ● Application Deployment ● Storage ● Provisioning ● Applications ● Continuous Delivery ● Containers ● Security and Compliance ● Clouds ● Firewalls ● Load Balancers ● Network Devices ● …. And More How Ansible Works
PLAYBOOK
9 How Ansible Works
--- - name: install and start apache hosts: web become: yes vars: http_port: 80
tasks: - name: httpd package is present yum: name: httpd state: latest
- name: index.html file is present copy: PLAYBOOK src: files/index.html dest: /var/www/html/
- name: httpd is started service: name: httpd state: started 10 How Ansible Works
--- - name: install and start apache hosts: web Ansible Playbooks: become: yes vars: http_port: 80 ● Written in YAML
tasks: - name: httpd package is present ● A collection of Plays yum: name: httpd state: latest ● Each play is a collection of Tasks
- name: index.html file is present copy: ● Tasks invoke ansible modules PLAYBOOK src: files/index.html dest: /var/www/html/ ● Tasks are executed sequentially - name: httpd is started service: name: httpd ● Runs against a defined set of targets state: started 11 How Ansible Works
--- - name: install and start apache hosts: web Ansible Playbooks: become: yes vars: http_port: 80 ● Written in YAML
tasks: - name: httpd package is present ● A collection of Plays yum: name: httpd state: latest ● Each play is a collection of Tasks
- name: index.html file is present copy: ● Tasks invoke ansible modules PLAYBOOK src: files/index.html dest: /var/www/html/ ● Tasks are executed sequentially - name: httpd is started service: name: httpd ● Runs against a defined set of targets state: started 12 How Ansible Works
--- - name: install and start apache hosts: web Ansible Playbooks: become: yes vars: http_port: 80 ● Written in YAML
tasks: - name: httpd package is present ● A collection of Plays yum: name: httpd state: latest ● Each play is a collection of Tasks
- name: index.html file is present copy: ● Tasks invoke ansible modules PLAYBOOK src: files/index.html dest: /var/www/html/ ● Tasks are executed sequentially - name: httpd is started service: name: httpd ● Runs against a defined set of targets state: started 13 How Ansible Works
--- - name: install and start apache hosts: web Ansible Playbooks: become: yes vars: http_port: 80 ● Written in YAML
tasks: - name: httpd package is present ● A collection of Plays yum: name: httpd state: latest ● Each play is a collection of Tasks
- name: index.html file is present copy: ● Tasks invoke ansible modules PLAYBOOK src: files/index.html dest: /var/www/html/ ● Tasks are executed sequentially - name: httpd is started service: name: httpd ● Runs against a defined set of targets state: started 14 How Ansible Works
--- - name: install and start apache hosts: web Ansible Playbooks: become: yes vars: http_port: 80 ● Written in YAML
tasks: - name: httpd package is present ● A collection of Plays yum: name: httpd 1 state: latest ● Each play is a collection of Tasks
- name: index.html file is present copy: ● Tasks invoke ansible modules PLAYBOOK src: files/index.html 2 dest: /var/www/html/ ● Tasks are executed sequentially - name: httpd is started service: ● Runs against a defined set of targets name: httpd 3 state: started 15 How Ansible Works
--- - name: install and start apache hosts: web Ansible Playbooks: become: yes vars: http_port: 80 ● Written in YAML
tasks: - name: httpd package is present ● A collection of Plays yum: name: httpd state: latest ● Each play is a collection of Tasks
- name: index.html file is present copy: ● Tasks invoke ansible modules PLAYBOOK src: files/index.html dest: /var/www/html/ ● Tasks are executed sequentially - name: httpd is started service: name: httpd ● Runs against a defined set of targets state: started 16 How Ansible Works
INVENTORY
PLAYBOOK
17 How Ansible Works
INVENTORY
[web] web01.org.com web02.org.com
[db] db01.org.com PLAYBOOK db02.org.com 134.33.23.345
18 How Ansible Works
Ansible Inventory:
● Defines hosts and host groups INVENTORY ● Can be defined manually [web] web01.org.com web02.org.com ● Public/Private Cloud: [db] db01.org.com ○ OpenStack, VMware, EC2, Rackspace, GCE, PLAYBOOK db02.org.com 134.33.23.345 Azure, Spacewalk, Cobbler
● CIs from CMDB
19 How Ansible Works
Ansible Inventory:
● Defines hosts and host groups INVENTORY ● Can be defined manually [web] web01.org.com web02.org.com ● Public/Private Cloud: [db] db01.org.com ○ OpenStack, VMware, EC2, Rackspace, GCE, PLAYBOOK db02.org.com 134.33.23.345 Azure, Spacewalk, Cobbler
● CIs from CMDB
20 How Ansible Works
Ansible Inventory:
● Defines hosts and host groups INVENTORY ● Can be defined manually [web] web01.org.com web02.org.com ● Public/Private Cloud: [db] db01.org.com ○ OpenStack, VMware, EC2, Rackspace, GCE, PLAYBOOK db02.org.com 134.33.23.345 Azure, Spacewalk, Cobbler
● CIs from CMDB
21 How Ansible Works
Ansible Inventory:
● Defines hosts and host groups INVENTORY PUBLIC/PRIVATE CLOUD ● Can be defined manually [web] web01.org.com web02.org.com ● Public/Private Cloud: [db] db01.org.com ○ OpenStack, VMware, EC2, Rackspace, PLAYBOOK db02.org.com 134.33.23.345 GCE, Azure, Spacewalk, Cobbler
● CIs from CMDB
22 How Ansible Works
CMDB Ansible Inventory:
● Defines hosts and host groups INVENTORY PUBLIC/PRIVATE CLOUD ● Can be defined manually [web] web01.org.com web02.org.com ● Public/Private Cloud: [db] db01.org.com ○ OpenStack, VMware, EC2, Rackspace, GCE, PLAYBOOK db02.org.com 134.33.23.345 Azure, Spacewalk, Cobbler
● CIs from CMDB
23 How Ansible Works
CMDB
INVENTORY PUBLIC/PRIVATE CLOUD
PLAYBOOK
24 How Ansible Works
CMDB PUBLIC/PRIVATE CLOUD
INVENTORY PUBLIC/PRIVATE CLOUD
LINUX/WINDOWS HOSTS
PLAYBOOK
ansible-playbook -i hosts playbook.yml
NETWORK DEVICES 25 Ansible for Windows
ANSIBLE WINDOWS AUTOMATION
Use Ansible to deploy and manage Windows systems and applications.
100+ 1,300+ Windows Modules Powershell DSC resources
ansible.com/windows
26 Ansible for Windows: Example
--- - hosts: new_servers tasks: ANSIBLE WINDOWS AUTOMATION - name: ensure common OS updates are current win_updates: register: update_result Use Ansible to deploy and manage Windows - name: ensure domain membership systems and applications. win_domain_membership: dns_domain_name: contoso.corp domain_admin_user: '{{ domain_admin_username }}' domain_admin_password: '{{ domain_admin_password }}' state: domain register: domain_result
- name: reboot and wait for host if updates or domain change require it win_reboot: 70+ 350+ when: update_result.reboot_required or domain_result.reboot_required Windows Modules Powershell DSC
resources - name: ensure local admin account exists win_user: name: localadmin password: '{{ local_admin_password }}' groups: Administrators
- name: ensure common tools are installed win_chocolatey: name: '{{ item }}' ansible.com/windows with_items: ['sysinternals', 'googlechrome']
27 Ansible for Network Automation
ANSIBLE WINDOWS AUTOMATION ANSIBLE NETWORK AUTOMATION
Use Ansible to deploy and manage Windows systems and applications.
50 700+ 12* Network Platforms Network Galaxy 70+ Modules 350+ Network Roles Windows Modules Powershell DSC resources
ansible.com/networking galaxy.ansible.com/ansible-network ansible.com/ windows 28 Ansible for Networking: Example
--- - name: configure ios interface hosts: ios01 ANSIBLE WINDOWS AUTOMATION tasks: - name: collect device running-config ios_command: Use Ansible to deploy and manage Windows commands: show running-config interface GigabitEthernet0/2systems and applications. provider: “{{ cli }}”
register: config
- name: administratively enable interface ios_config: lines: no shutdown parents: interface GigabitEthernet0/2 provider: “{{ cli }}” 70+ 350+ when: ‘”shutdown” in config.stdout[0]‘Windows Modules Powershell DSC resources - name: verify operational status ios_command: commands: - show interfaces GigabitEthernet0/2 - show cdp neighbors GigabitEthernet0/2 detail waitfor: - result[0] contains ‘line protocol is up’ ansible.com/windows - result[1] contains ‘iosxr03’ 29 - result[1] contains ’10.0.0.42’ provider: “{{ cli }}” Automate All The Things
CLOUD VIRT & CONTAINERANSIBLEWINDOWS WINDOWS AUTOMATIONNETWORK DEVOPS MONITORING
AWS Docker ACLs Arista Jira Dynatrace Use Ansible to deploy and manage Windows Azure VMware Files A10 GitHub Airbrake systems and applications. Digital Ocean RHV Packages Cumulus Vagrant BigPanda Google OpenStack IIS Bigswitch Jenkins Datadog OpenStack OpenShift Regedits Cisco Bamboo LogicMonitor Rackspace +more Shares Cumulus Atlassian Nagios +more Services Dell Subversion New Relic Configs F5 Slack PagerDuty Users Juniper Hipchat Sensu 70+ Domains Palo Alto 350+ +more StackDriver OPERATING SYSTEMS STORAGE Windows Modules+more OpenSwitchPowershell DSC Zabbix RHEL and Linux NetApp +more resources +more UNIX Red Hat Storage Windows Infinidat +more +more
ansible.com/windows
30 Jumpstart Your Automation
15,000 ROLES AT YOUR DISPOSAL
Reusable Roles and Container Apps that allow you to do more, faster
Built into the Ansible CLI and Tower
galaxy.ansible.com Ansible Tower
● A visual dashboard ● Role-based access control ● Job scheduling ● Graphical inventory management ● Multiplaybook workflows ● External logging integrations ● Real-time job status updates ● Support for external credential vaults ● REST API and CLI ● Self Service I.T. ● …..
32 Ansible Tower
…. ANSIBLE CLI & CI SYSTEMS
ANSIBLE PLAYBOOKS ADMINS
ROLE-BASED KNOWLEDGE SCHEDULED & ANSIBLE ACCESS CONTROL & VISIBILITY CENTRALIZED JOBS TOWER SIMPLE USER INTERFACE TOWER API
USERS
OPEN SOURCE MODULE LIBRARY ANSIBLE PLUGINS PYTHON CODEBASE
TRANSPORT
SSH, WINRM, ETC.
INFRASTRUCTURE NETWORKS CONTAINERS CLOUD SERVICES
AUTOMATE LINUX, ARISTA, DOCKER, AWS, DATABASES, YOUR ENTERPRISE WINDOWS, CISCO, LXC … GOOGLE CLOUD, LOGGING, UNIX … JUNIPER … AZURE … SOURCE CONTROL MANAGEMENT…
USE CASES
33 CONFIGURATION APP CONTINUOUS SECURITY & PROVISIONING ORCHESTRATION MANAGEMENT DEPLOYMENT DELIVERY COMPLIANCE Ansible Tower Integrations
Client accessing Ansible Tower
CMDB
Postgre5QL 34
MANAGED HOSTS DOMAIN CONTROLLER Ansible in the Enterprise
Individual Teams Enterprise
Virtual project or Individual Windows Team Network Team Windows Team Network Team automation Team
Playbooks Playbooks Playbooks Playbooks
ENGINE Playbooks
WORKFLOW
Network device
Network device
Network device
35 OPTIONAL SECTION MARKER OR TITLE OR MARKER SECTION OPTIONAL CONFIDENTIAL Designator
● Try Ansible yourself: ansible.com/resources/get-started
● Check out the documentation: docs.ansible.com
● Ansible Galaxy: galaxy.ansible.com
● Try Ansible Tower: ansible.com/products/tower/trial
36 OPTIONAL SECTION MARKER OR TITLE OR MARKER SECTION OPTIONAL
Thank you
Red Hat is the world’s leading provider of enterprise
open source software solutions. Award-winning support,
training, and consulting services make Red Hat a trusted
adviser to the Fortune 500.
linkedin.com/company/red-hat facebook.com/redhatinc
youtube.com/user/RedHatVideos twitter.com/RedHat
37