Enterprise Grade Ansible Automates Slide...Any playbook run would run one ansible-playbook process...

October 28, 2019

Enterprise Grade Ansible

Michelle PerzManager - Ansible Support

1

AGENDA

2

What’s Coming with the Ansible Automation Platform

Notable Past Features

Future Directions

Demo

What we’ll be discussing today

What is coming with the Red Hat Ansible Automation Platform?

3

OPO

NAL SECTION

MARKER O

R TITLE

RED HAT ANSIBLE AUTOMATION PLATFORM - COLLECTIONS

4

Red Hat Ansible Automation Platform

CollectionsAutomation Hub

Content Packages

Automation Analytics

Scalable Execution

Additional Tower Notes

Introducing Collections

RED HAT ANSIBLE AUTOMATION - INTRODUCING COLLECTIONS

5

A new way to create, package, and distribute Ansible Content

Repository structure and artifact to enable simple delivery of Ansible Content (Roles, Modules, and Plugins)

- A format for consistent project structure while in development

- Enables versioning of external content- Allows consistent delivery outside of Ansible packages

Allows for immediate use of the content found within the Artifact within a play

Namespacing support built into platform to account for content in a Collection

Example Collection

RED HAT ANSIBLE AUTOMATION - INTRODUCING COLLECTIONS

6

.├── galaxy.yml├── plugins│ ├── action│ │ └── ping.py│ ├── module_utils│ │ └── pingutils.py│ └── modules│ └── ping.py└── roles ├── ping_bootstrap │ ├── defaults │ ├── filters │ ├── meta │ ├── tasks │ └── vars └── ping_deploy ├── defaults ├── meta └── tasks

hosts: somehostscollections: - tima.pinger - redhat.open_ping

tasks: - tima.pinger.ping:

- ansible.builtin.ping: # use only the ping packaged in core

- ansible.legacy.ping: # use core or library(etc)/ping.py when: thing | tima.pinger.filter == 42

- ping: # searches collections “path” otherwise… # still works, == ansible.legacy.ping:

Layout In a playbook

RED HAT ANSIBLE AUTOMATION PLATFORM - AUTOMATION HUB

7


Collections

Automation HubContent Packages


Scalable Execution


Red Hat Ansible Automation Platform services (Automation Hub and Automation Analytics) require an active subscription to the platform.

8

DISCLAIMER AN

D WARN

ING

A note about services

Introducing the Automation Hub:

Discover, publish, and manage Collections

Introducing the Automation Hub, a new service available to Ansible Automation subscribers.

Quickly discover available Red Hat and certified content through Collections.

Manage and test your organization’s view of available content.*

Manage your locally available automation via on-premise.*

*FY21 roadmap

Example Collection on Automation Hub

RED HAT ANSIBLE AUTOMATION PLATFORM - CONTENT PACKAGES

11


Collections

Automation Hub

Content PackagesAutomation Analytics

Scalable Execution


Resource modules transform structured data into configurations.

Fact modules transform network configuration into structured data.

Ansible NetworkingBuilding resource-based management

RED HAT ANSIBLE AUTOMATION PLATFORM - AUTOMATION CONTENT PACKAGES

12

snmp: communities: <list> - community: <string> group: <string> ipv4acl: <string> ipv6acl: <string> contact: <string> location: <string> users: <list> - algorithm: <md5|sha> group: <string> localized_key: <bool> password: <string> username: <string>

NETWORK NATIVE

CONFIGURATION(ON BOX)

snmp: communities: <list> - community: <string> group: <string> ipv4acl: <string> ipv6acl: <string> contact: <string> location: <string> users: <list> - algorithm: <md5|sha> group: <string> localized_key: <bool> password: <string> username: <string>

NETWORK NATIVE

CONFIGURATION(ON BOX)

Ansible Security Automation

RED HAT ANSIBLE AUTOMATION PLATFORM - AUTOMATION CONTENT PACKAGES

13

Triage Of Suspicious Activities

Enabling programmatic access to log configurations such as destination, verbosity, etc.

Threat Hunting

Automating alerts, correlation searches and signature

manipulation

Incident Response

Creating new security policies to whitelist, blacklist or quarantine a

machine

RED HAT ANSIBLE AUTOMATION PLATFORM - AUTOMATION ANALYTICS

14


Collections

Automation Hub

Content Packages

Automation AnalyticsScalable Execution


Introducing Automation AnalyticsEnabling an Automation Center of Excellence

RED HAT ANSIBLE AUTOMATION PLATFORM - AUTOMATION ANALYTICS

15

View real-time information about automation health, usage and performance across your enterprise. Powered by the Red Hat Cloud Platform.

Gain information about automation in your organization:

• Which organizations are using the most automation • Utilization rates• Enterprise-wide success and failure rates for automation • If automation is failing in certain cases, why?

Analytics DashboardInformation across all clusters for an enterprise:

● Job Status graph● Top Job Templates● Top Modules

Health Notifications

● Ansible Tower Cluster is down● Node (within a cluster) is down● Last time data was updated● Near license count● More TBD...

Organizational Statistics

Filter by Organization

Job Status by Organization

Usage by Organization

Job Runs by Organization

RED HAT ANSIBLE AUTOMATION PLATFORM - SCALABLE EXECUTION

19


Collections

Automation Hub

Content Packages


Scalable ExecutionAdditional Tower Notes

Scalable Execution Capacity


20

Automate across and beyond the enterprise

Where you need itUnifying task execution across execution nodes

When you need itLeverage Kubernetes and OpenShift to spin upexecution capacity at runtime

How you need itExpand execution to be able to pull jobs from a central Ansible Tower infrastructure

Scalable Execution Capacity


21

Automation Webhooks


22

Enabling GitOps

Automatically provision, update, configure, and apply based on pushes to your source control.

RED HAT ANSIBLE AUTOMATION PLATFORM - ADDITIONAL TOWER NOTES

23


Collections

Automation Hub

Content Packages


Scalable Execution


Introducing the awx CLI


24

A brand-new CLI for use with Tower. (replacing tower-cli)

● Auto-detects API versions, available endpoints, and features across multiple versions of Tower (where possible) without requiring changes

● JSON and human readable output formats● Tested and shipped with Tower

Note: users of the send/receive functionality of tower-cli should still use tower-cli

[user@server: ~]$ awx organizations create --name "The Round Table"{ "id": 2, "type": "organization", "url": "/api/v2/organizations/2/", "summary_fields": { "created_by": {...[user@server: ~]$ awx -f human organizations listid name == ====================1 Here be Dragons 2 The Round Table[user@server: ~]$ awx -f human job_template launch "apply configuration"id name === =======================103 apply configuration

Assorted minor enhancements

- Created an Ansible collection for the awx/tower Ansible modules- Updated PostgreSQL to version 10.x- Configurable TLS connection support for:

- PostgreSQL (bring your own cert)- RabbitMQ (deployed by installer)

- Added the ability to collect detailed Ansible performance information for debugging- Adjusted LOG_AGGREGATOR_LEVEL to also change local logging level- Added notifications on job start and more authentication options for webhook

notifications- Added support for mapping org auditors via LDAP (analogous to org admins)


25

Notes for operators DEPRECATIONS, REMOVALS, AND BEHAVIOR CHANGES

- REMOVED /api/v1- this also removes the single credential field on templates

- REMOVED support for Ubuntu as a Tower platform- REMOVED OAuth2 ‘implicit grant’ type applications- REMOVED support for ‘Any’ notification template type

- Upgrades will migrate ‘any’ notifications into separate ‘success’ and ‘failure’ notifications- DEPRECATED /api/v2/dashboard

Use the /api/v2/metrics endpoint for summary data for monitoring- DEPRECATED support for custom inventory scripts

Please use SCM for custom inventory sources.

26


Notable Past Features

27

OPTIO

NAL SECTION

MARKER O

R TITLE

Support for External Credential Vaults

RED HAT ANSIBLE TOWER 3.5 OVERVIEW

28

Use credentials from your corporate standard password and key storage directly from Tower.

● HashiCorp Vault● CyberArk AIM● CyberArk Conjur● Microsoft Azure Key Vault

Enabling Advanced Ansible Features


29

Note: these features require Ansible 2.8

Inventory Plugins

AzureGCE

OpenStackTower

Privilege Escalation Plugins

Handle complex privilege escalation in your enterprise environment.

Metrics for Monitoring


30

Ansible Tower Health And Stats at a Glance

New, Prometheus-compatible metrics

Available at /api/v2/metrics

31

ENHANCED WORKFLOWS

WORKFLOW CONVERGENCE NODES

● Wait for any number of steps to finish before proceeding

● Allows for built-in synchronization points, easy result collection, and simplified error handling

Workflow convergence makes it easier than ever to have your Ansible

automation workflows model and match your actual deployment

processes.

32

JOB DISTRIBUTION VIA JOB SLICING

BEFORE ANSIBLE TOWER 3.4

● Any playbook run would run one ansible-playbook process on one cluster node

● Jobs run across thousands of machines could potentially starve that cluster node’s resources, or fail due to memory contention

● Job resizing could be a complicated manual process

WITH TOWER 3.4 AND LATER JOB SLICING

Jobs have a configurable number of slices. Each slice will be run as a separate ansible-playbook run, and slices will be distributed across the Tower cluster.

● Run fact gathering, configuration, and more across thousands of machines with ease

● Increase both job throughput and job reliability

NOTE: Job slicing is only appropriate when each host’s automation is independent of other hosts

Future Directions

33

OPTIO

NAL SECTION

MARKER O

R TITLE

RED HAT ANSIBLE AUTOMATION - ROADMAP TIMELINE

34

Automation AnalyticsCollections (GA)Automation Hub launch- Certified Partner content home- Delivery of Collections to subscribersBasic collection support in TowerGit WebhooksScalable execution in OpenShift/KubernetesSecurity Automation (GA)Network Automation Collections introduced

Initial release of the Automation PlatformFall

2019

RED HAT ANSIBLE AUTOMATION - ROADMAP TIMELINE

35

Collection synchronization and management in TowerDirect Collection use in WorkflowsAnsible content now delivered in CollectionsOn-premise content management in Automation HubOn-demand execution scaling outside of OpenShift/KubernetesNetworking Automation reference architecturesCollections for additional Automation use casesDeveloper tools for content testing and publishing

Spring 2020 and beyond

Demo

36

OPTIO

NAL SECTION

MARKER O

R TITLE

linkedin.com/company/red-hat

youtube.com/user/RedHatVideos

facebook.com/redhatinc

twitter.com/RedHat

Red Hat is the world’s leading provider of enterprise

open source software solutions. Award-winning

support, training, and consulting services make

Red Hat a trusted adviser to the Fortune 500.

Thank you

37

Enterprise Grade Ansible Automates Slide...Any playbook run would run one ansible-playbook process...

Documents

Transcript of Enterprise Grade Ansible Automates Slide...Any playbook run would run one ansible-playbook process...