Red Hat Ansible Automation Overview

Raed Soliman Solution Architect, Management Tiger Team

1 Value of Automation

How do you modernize existing I.T. while shifting investment to innovation?

Optimize the IT Integrate apps, data, Add & manage cloud Build more modern Automate & you have & processes infrastructure applications manage IT

2 ROI Value of Automation

Operational Efficiency Reduced lead times, automated provisioning “It’s all about repeatability and consistency” Cost Avoidance Saved $390k in additional hardware costs System Reconfiguration and Incident Response Reduced staff time requirements by 94% <3 months payback Security Updates Reduced staff time requirements by 80% 146% ROI

3 Source: Findings for an Organization interviewed for The Total Economic Impact™ Of Red Hat Ansible Automation, a June 2018 commissioned study conducted by Forrester Consulting on behalf of Red Hat. Red Hat Ansible Automation

Ansible is a simple automation language that can perfectly describe an IT application infrastructure in Ansible Playbooks.

RedHat Ansible Engine is an automation engine that runs Ansible Playbooks.

Red Hat Ansible Tower is an enterprise framework for controlling, securing and managing your Ansible automation with a UI & RESTful API.

4 The Ansible Way

CROSS PLATFORM HUMAN READABLE PERFECT DESCRIPTION OF

APPLICATION

Agentless support for all major OS Perfectly describe and document Every change can be made by variants, physical, virtual, cloud and every aspect of your application Playbooks, ensuring everyone is on network devices. environment. the same page.

VERSION CONTROLLED DYNAMIC INVENTORIES ORCHESTRATION PLAYS

WELL WITH OTHERS

Playbooks are plain-text. Treat them Capture all the servers 100% of the Every change can be made by like code in your existing version time, regardless of infrastructure, Playbooks, ensuring everyone is on control. location, etc. the same page.

5 Why Ansible?

SIMPLE POWERFUL AGENTLESS

Human readable automation App deployment Agentless architecture

No special coding skills needed Configuration management Uses OpenSSH & WinRM

Tasks executed in order Workflow orchestration No agents to exploit or update

Usable by every team Network automation Get started immediately

Get productive quickly Orchestrate the app lifecycle More efficient & more secure

6 Ansible Is The Universal Language

BUSINESS DEV QA/SECURITY IT OPERATIONS

Ansible is the first automation language that can be read and written across IT.

Ansible is the only automation engine that can automate the entire application lifecycle and continuous delivery pipeline.

7 What Can Ansible Do?

USE ANSIBLE FOR: USE ANSIBLE ON:

● Orchestration ● Servers ● Configuration Management ● Clouds ● Application Deployment ● Storage ● Provisioning ● Applications ● Continuous Delivery ● Containers ● Security and Compliance ● Clouds ● Firewalls ● Load Balancers ● Network Devices ● …. And More How Ansible Works

PLAYBOOK

9 How Ansible Works

--- - name: install and start apache hosts: web become: yes vars: http_port: 80

tasks: - name: httpd package is present yum: name: httpd state: latest

- name: index.html file is present copy: PLAYBOOK src: files/index.html dest: /var/www/html/

- name: httpd is started service: name: httpd state: started 10 How Ansible Works

--- - name: install and start apache hosts: web Ansible Playbooks: become: yes vars: http_port: 80 ● Written in YAML

tasks: - name: httpd package is present ● A collection of Plays yum: name: httpd state: latest ● Each play is a collection of Tasks

- name: index.html file is present copy: ● Tasks invoke ansible modules PLAYBOOK src: files/index.html dest: /var/www/html/ ● Tasks are executed sequentially - name: httpd is started service: name: httpd ● Runs against a defined set of targets state: started 11 How Ansible Works

--- - name: install and start apache hosts: web Ansible Playbooks: become: yes vars: http_port: 80 ● Written in YAML

tasks: - name: httpd package is present ● A collection of Plays yum: name: httpd state: latest ● Each play is a collection of Tasks

- name: index.html file is present copy: ● Tasks invoke ansible modules PLAYBOOK src: files/index.html dest: /var/www/html/ ● Tasks are executed sequentially - name: httpd is started service: name: httpd ● Runs against a defined set of targets state: started 12 How Ansible Works

--- - name: install and start apache hosts: web Ansible Playbooks: become: yes vars: http_port: 80 ● Written in YAML

tasks: - name: httpd package is present ● A collection of Plays yum: name: httpd state: latest ● Each play is a collection of Tasks

- name: index.html file is present copy: ● Tasks invoke ansible modules PLAYBOOK src: files/index.html dest: /var/www/html/ ● Tasks are executed sequentially - name: httpd is started service: name: httpd ● Runs against a defined set of targets state: started 13 How Ansible Works

--- - name: install and start apache hosts: web Ansible Playbooks: become: yes vars: http_port: 80 ● Written in YAML

tasks: - name: httpd package is present ● A collection of Plays yum: name: httpd state: latest ● Each play is a collection of Tasks

- name: index.html file is present copy: ● Tasks invoke ansible modules PLAYBOOK src: files/index.html dest: /var/www/html/ ● Tasks are executed sequentially - name: httpd is started service: name: httpd ● Runs against a defined set of targets state: started 14 How Ansible Works

--- - name: install and start apache hosts: web Ansible Playbooks: become: yes vars: http_port: 80 ● Written in YAML

tasks: - name: httpd package is present ● A collection of Plays yum: name: httpd 1 state: latest ● Each play is a collection of Tasks

- name: index.html file is present copy: ● Tasks invoke ansible modules PLAYBOOK src: files/index.html 2 dest: /var/www/html/ ● Tasks are executed sequentially - name: httpd is started service: ● Runs against a defined set of targets name: httpd 3 state: started 15 How Ansible Works

--- - name: install and start apache hosts: web Ansible Playbooks: become: yes vars: http_port: 80 ● Written in YAML

tasks: - name: httpd package is present ● A collection of Plays yum: name: httpd state: latest ● Each play is a collection of Tasks

- name: index.html file is present copy: ● Tasks invoke ansible modules PLAYBOOK src: files/index.html dest: /var/www/html/ ● Tasks are executed sequentially - name: httpd is started service: name: httpd ● Runs against a defined set of targets state: started 16 How Ansible Works

INVENTORY

PLAYBOOK

17 How Ansible Works

INVENTORY

[web] web01.org.com web02.org.com

[db] db01.org.com PLAYBOOK db02.org.com 134.33.23.345

18 How Ansible Works

Ansible Inventory:

● Defines hosts and host groups INVENTORY ● Can be defined manually [web] web01.org.com web02.org.com ● Public/Private Cloud: [db] db01.org.com ○ OpenStack, VMware, EC2, Rackspace, GCE, PLAYBOOK db02.org.com 134.33.23.345 Azure, Spacewalk, Cobbler

● CIs from CMDB

19 How Ansible Works

Ansible Inventory:

● Defines hosts and host groups INVENTORY ● Can be defined manually [web] web01.org.com web02.org.com ● Public/Private Cloud: [db] db01.org.com ○ OpenStack, VMware, EC2, Rackspace, GCE, PLAYBOOK db02.org.com 134.33.23.345 Azure, Spacewalk, Cobbler

● CIs from CMDB

20 How Ansible Works

Ansible Inventory:

● Defines hosts and host groups INVENTORY ● Can be defined manually [web] web01.org.com web02.org.com ● Public/Private Cloud: [db] db01.org.com ○ OpenStack, VMware, EC2, Rackspace, GCE, PLAYBOOK db02.org.com 134.33.23.345 Azure, Spacewalk, Cobbler

● CIs from CMDB

21 How Ansible Works

Ansible Inventory:

● Defines hosts and host groups INVENTORY PUBLIC/PRIVATE CLOUD ● Can be defined manually [web] web01.org.com web02.org.com ● Public/Private Cloud: [db] db01.org.com ○ OpenStack, VMware, EC2, Rackspace, PLAYBOOK db02.org.com 134.33.23.345 GCE, Azure, Spacewalk, Cobbler

● CIs from CMDB

22 How Ansible Works

CMDB Ansible Inventory:

● Defines hosts and host groups INVENTORY PUBLIC/PRIVATE CLOUD ● Can be defined manually [web] web01.org.com web02.org.com ● Public/Private Cloud: [db] db01.org.com ○ OpenStack, VMware, EC2, Rackspace, GCE, PLAYBOOK db02.org.com 134.33.23.345 Azure, Spacewalk, Cobbler

● CIs from CMDB

23 How Ansible Works

CMDB

INVENTORY PUBLIC/PRIVATE CLOUD

PLAYBOOK

24 How Ansible Works

CMDB PUBLIC/PRIVATE CLOUD

INVENTORY PUBLIC/PRIVATE CLOUD

LINUX/WINDOWS HOSTS

PLAYBOOK

ansible-playbook -i hosts playbook.yml

NETWORK DEVICES 25 Ansible for Windows

ANSIBLE WINDOWS AUTOMATION

Use Ansible to deploy and manage Windows systems and applications.

100+ 1,300+ Windows Modules Powershell DSC resources

ansible.com/windows

26 Ansible for Windows: Example

--- - hosts: new_servers tasks: ANSIBLE WINDOWS AUTOMATION - name: ensure common OS updates are current win_updates: register: update_result Use Ansible to deploy and manage Windows - name: ensure domain membership systems and applications. win_domain_membership: dns_domain_name: contoso.corp domain_admin_user: '{{ domain_admin_username }}' domain_admin_password: '{{ domain_admin_password }}' state: domain register: domain_result

- name: reboot and wait for host if updates or domain change require it win_reboot: 70+ 350+ when: update_result.reboot_required or domain_result.reboot_required Windows Modules Powershell DSC

resources - name: ensure local admin account exists win_user: name: localadmin password: '{{ local_admin_password }}' groups: Administrators

- name: ensure common tools are installed win_chocolatey: name: '{{ item }}' ansible.com/windows with_items: ['sysinternals', 'googlechrome']

27 Ansible for Network Automation

ANSIBLE WINDOWS AUTOMATION ANSIBLE NETWORK AUTOMATION

Use Ansible to deploy and manage Windows systems and applications.

50 700+ 12* Network Platforms Network Galaxy 70+ Modules 350+ Network Roles Windows Modules Powershell DSC resources

ansible.com/networking galaxy.ansible.com/ansible-network ansible.com/ windows 28 Ansible for Networking: Example

--- - name: configure ios interface hosts: ios01 ANSIBLE WINDOWS AUTOMATION tasks: - name: collect device running-config ios_command: Use Ansible to deploy and manage Windows commands: show running-config interface GigabitEthernet0/2systems and applications. provider: “{{ cli }}”

register: config

- name: administratively enable interface ios_config: lines: no shutdown parents: interface GigabitEthernet0/2 provider: “{{ cli }}” 70+ 350+ when: ‘”shutdown” in config.stdout[0]‘Windows Modules Powershell DSC resources - name: verify operational status ios_command: commands: - show interfaces GigabitEthernet0/2 - show cdp neighbors GigabitEthernet0/2 detail waitfor: - result[0] contains ‘line protocol is up’ ansible.com/windows - result[1] contains ‘iosxr03’ 29 - result[1] contains ’10.0.0.42’ provider: “{{ cli }}” Automate All The Things

CLOUD VIRT & CONTAINERANSIBLEWINDOWS WINDOWS AUTOMATIONNETWORK DEVOPS MONITORING

AWS Docker ACLs Arista Jira Dynatrace Use Ansible to deploy and manage Windows Azure VMware Files A10 GitHub Airbrake systems and applications. Digital Ocean RHV Packages Cumulus Vagrant BigPanda Google OpenStack IIS Bigswitch Jenkins Datadog OpenStack OpenShift Regedits Cisco Bamboo LogicMonitor Rackspace +more Shares Cumulus Atlassian Nagios +more Services Dell Subversion New Relic Configs F5 Slack PagerDuty Users Juniper Hipchat Sensu 70+ Domains Palo Alto 350+ +more StackDriver OPERATING SYSTEMS STORAGE Windows Modules+more OpenSwitchPowershell DSC Zabbix RHEL and Linux NetApp +more resources +more UNIX Red Hat Storage Windows Infinidat +more +more

ansible.com/windows

30 Jumpstart Your Automation

15,000 ROLES AT YOUR DISPOSAL

Reusable Roles and Container Apps that allow you to do more, faster

Built into the Ansible CLI and Tower

galaxy.ansible.com Ansible Tower

● A visual dashboard ● Role-based access control ● Job scheduling ● Graphical inventory management ● Multiplaybook workflows ● External logging integrations ● Real-time job status updates ● Support for external credential vaults ● REST API and CLI ● Self Service I.T. ● …..

32 Ansible Tower

…. ANSIBLE CLI & CI SYSTEMS

ANSIBLE PLAYBOOKS ADMINS

ROLE-BASED KNOWLEDGE SCHEDULED & ANSIBLE ACCESS CONTROL & VISIBILITY CENTRALIZED JOBS TOWER SIMPLE USER INTERFACE TOWER API

USERS

OPEN SOURCE MODULE LIBRARY ANSIBLE PLUGINS PYTHON CODEBASE

TRANSPORT

SSH, WINRM, ETC.

INFRASTRUCTURE NETWORKS CONTAINERS CLOUD SERVICES

AUTOMATE LINUX, ARISTA, DOCKER, AWS, DATABASES, YOUR ENTERPRISE WINDOWS, CISCO, LXC … GOOGLE CLOUD, LOGGING, UNIX … JUNIPER … AZURE … SOURCE CONTROL MANAGEMENT…

USE CASES

33 CONFIGURATION APP CONTINUOUS SECURITY & PROVISIONING ORCHESTRATION MANAGEMENT DEPLOYMENT DELIVERY COMPLIANCE Ansible Tower Integrations

Client accessing Ansible Tower

CMDB

Postgre5QL 34

MANAGED HOSTS DOMAIN CONTROLLER Ansible in the Enterprise

Individual Teams Enterprise

Virtual project or Individual Windows Team Network Team Windows Team Network Team automation Team

Playbooks Playbooks Playbooks Playbooks

ENGINE Playbooks

WORKFLOW

Network device

Network device

Network device

35 OPTIONAL SECTION MARKER OR TITLE OR MARKER SECTION OPTIONAL CONFIDENTIAL Designator

● Try Ansible yourself: ansible.com/resources/get-started

● Check out the documentation: docs.ansible.com

● Ansible Galaxy: galaxy.ansible.com

● Try Ansible Tower: ansible.com/products/tower/trial

36 OPTIONAL SECTION MARKER OR TITLE OR MARKER SECTION OPTIONAL

Thank you

Red Hat is the world’s leading provider of enterprise

open source software solutions. Award-winning support,

training, and consulting services make Red Hat a trusted

adviser to the Fortune 500.

linkedin.com/company/red-hat facebook.com/redhatinc

youtube.com/user/RedHatVideos twitter.com/RedHat

37