Ansible Automation to Rule Them All
3 likes1,592 views
This document discusses Ansible, an open-source automation tool. It provides an overview of Ansible's capabilities including configuration management, orchestration, deployment and more. It also summarizes Ansible Tower which adds centralized control, RBAC, and other features to Ansible. Examples are given of using Ansible playbooks to automate tasks like installing and configuring Apache on Linux hosts and using Ansible modules to configure network devices.
![//how ansible works
ANSIBLE’S AUTOMATION ENGINE
ANSIBLE PLAYBOOK
PUBLIC / PRIVATE
CLOUD
CMDB
USERS
HOSTS
NETWORKING
PLUGINS
API
MODULES
INVENTORY
[web]
webserver1.example.com
webserver2.example.com
[db]
dbserver1.example.com](https://image.slidesharecdn.com/ansibleautomationtorulethemall-170306163125/85/Ansible-Automation-to-Rule-Them-All-10-320.jpg)
![● Configure Kerberos
# vi /etc/krb5.conf
[realms]
MY.DOMAIN.COM = {
kdc = domain-controller1.my.domain.com
kdc = domain-controller2.my.domain.com
}
[domain_realm]
.my.domain.com = MY.DOMAIN.COM
//authentication](https://image.slidesharecdn.com/ansibleautomationtorulethemall-170306163125/85/Ansible-Automation-to-Rule-Them-All-37-320.jpg)
Ad
More Related Content
What's hot (20)
Viewers also liked (20)
Ad
Similar to Ansible Automation to Rule Them All (20)
![[HKOSCON][20180616][Containerized High Availability Virtual Hosting Deploymen...](https://cdn.slidesharecdn.com/ss_thumbnails/hkoscon20180616containerizedhighavailabilityvirtualhostingdeploymentwithkubernetesdockerandansible-180616144342-thumbnail.jpg?width=560&fit=bounds)
Ad
Recently uploaded (20)
Ansible Automation to Rule Them All
- 1. Ansible: Automation to Rule them ALL! //live event Mar 1, 2017
- 2. //today’s expedition Introductions Ansible - What is it? Orchestration/Integration Demo Ansible Tower Tower and Lifecycle Demo Ansible + Windows Ansible for Networks What’s Next?
- 4. //arctiq’s focus - mvp and business value Trending, Visibility, and Feedback Loops Security Hardening and Access Management Automation and Orchestration Standardization, Hardened Imaging, Centralized Management, and Audit Reporting DEVELOPERS Self-Service Managed Container Platform Fail-Fast + Fix-Fast Mindset Freedom to Focus on Development THE BUSINESS Time-to-Market Advantages Operational Efficiencies Quality Software Speed and Agility IT OPERATIONS Standardized Frameworks Automated Repeatable Tasks Simplified Infrastructure Improved Security
- 5. //ansible automation MODERNIZE DEVOPS MIGRATE Automate existing processes Manage legacy like DevOps Model everything Deploy continuously Define applications once Re-deploy anywhere
- 6. //ansible for everyone SIMPLE POWERFUL AGENTLESS App deployment Configuration management Workflow orchestration Orchestrate the app lifecycle Human readable automation No special coding skills needed Tasks executed in order Get productive quickly Agentless architecture Uses OpenSSH & WinRM No agents to exploit or update More efficient & more secure
- 7. //how ansible works ANSIBLE’S AUTOMATION ENGINE ANSIBLE PLAYBOOK PUBLIC / PRIVATE CLOUD CMDB USERS INVENTORY HOSTS NETWORKING PLUGINS API MODULES
- 8. //how ansible works PUBLIC / PRIVATE CLOUD CMDB USERS INVENTORY HOSTS NETWORKING PLUGINS API MODULES ANSIBLE’S AUTOMATION ENGINE ANSIBLE PLAYBOOK PLAYBOOKS ARE WRITTEN IN YAML Tasks are executed sequentially Invokes Ansible modules
- 9. //how ansible works PUBLIC / PRIVATE CLOUD CMDB USERS INVENTORY HOSTS NETWORKING PLUGINS API ANSIBLE’S AUTOMATION ENGINE ANSIBLE PLAYBOOK MODULES MODULES ARE “TOOLS IN THE TOOLKIT” Python, Powershell, or any language Extend Ansible simplicity to entire stack
- 10. //how ansible works ANSIBLE’S AUTOMATION ENGINE ANSIBLE PLAYBOOK PUBLIC / PRIVATE CLOUD CMDB USERS HOSTS NETWORKING PLUGINS API MODULES INVENTORY [web] webserver1.example.com webserver2.example.com [db] dbserver1.example.com
- 11. //how ansible works ANSIBLE’S AUTOMATION ENGINE ANSIBLE PLAYBOOK PUBLIC / PRIVATE CLOUD USERS INVENTORY HOSTS NETWORKING PLUGINS API MODULES CMDB CLOUD: OpenStack, VMware, EC2, Rackspace, GCE, Azure, Spacewalk, Hanlon, Cobbler CUSTOM CMDB
- 12. //playbook example --- - name: install and start apache hosts: all vars: http_port: 80 max_clients: 200 remote_user: root tasks: - name: install httpd yum: pkg=httpd state=latest - name: write the apache config file template: src=/https/www.slideshare.net/srv/httpd.j2 dest=/etc/httpd.conf - name: start httpd service: name=httpd state=running
- 13. //playbook example --- - name: install and start apache hosts: all vars: http_port: 80 max_clients: 200 remote_user: root tasks: - name: install httpd yum: pkg=httpd state=latest - name: write the apache config file template: src=/https/www.slideshare.net/srv/httpd.j2 dest=/etc/httpd.conf - name: start httpd service: name=httpd state=running
- 14. //playbook example --- - name: install and start apache hosts: all vars: http_port: 80 max_clients: 200 remote_user: root tasks: - name: install httpd yum: pkg=httpd state=latest - name: write the apache config file template: src=/https/www.slideshare.net/srv/httpd.j2 dest=/etc/httpd.conf - name: start httpd service: name=httpd state=running
- 15. //playbook example --- - name: install and start apache hosts: all vars: http_port: 80 max_clients: 200 remote_user: root tasks: - name: install httpd yum: pkg=httpd state=latest - name: write the apache config file template: src=/https/www.slideshare.net/srv/httpd.j2 dest=/etc/httpd.conf - name: start httpd service: name=httpd state=running
- 16. //playbook example --- - name: install and start apache hosts: all vars: http_port: 80 max_clients: 200 remote_user: root tasks: - name: install httpd yum: pkg=httpd state=latest - name: write the apache config file template: src=/https/www.slideshare.net/srv/httpd.j2 dest=/etc/httpd.conf - name: start httpd service: name=httpd state=running
- 17. //playbook example --- - name: install and start apache hosts: all vars: http_port: 80 max_clients: 200 remote_user: root tasks: - name: install httpd yum: pkg=httpd state=latest - name: write the apache config file template: src=/https/www.slideshare.net/srv/httpd.j2 dest=/etc/httpd.conf - name: start httpd service: name=httpd state=running
- 18. //demo
- 19. //automation for everyone … what’s new in Tower 3.1?
- 20. //ansible tower CONTROL SIMPLE POWERFUL AGENTLESS KNOWLEDGE DELEGATION TOWER EXPANDS AUTOMATION TO YOUR ENTERPRISE. AT ANSIBLE’S CORE IS AN OPEN-SOURCE AUTOMATION ENGINE. Scheduled and centralized jobs Visibility and compliance Role-based access and self-service Everyone speaks the same language Designed for Multi-tier deployments Predictable, reliable, and secure
- 21. //what is ansible tower? Ansible tower is an enterprise framework for controlling, securing and managing your Ansible automation – with a UI and RESTful API. • Role-based access control keeps environments secure, and teams efficient. • Non-privileged users can safely deploy entire applications with push-button deployment access. • All Ansible automations are centrally logged, ensuring complete auditability and compliance.
- 22. //control your ansible deployment SITUATIONAL AWARENESS IS THE KEY TO DEVOPS ● Dashboard and real-time automation updates ● Integrated RBAC with credential management ● Job scheduling ● Graphical inventory management ● Built-in notifications to keep teams informed ● Stabilized API to plumb into existing tooling and processes ● Model entire processes with new Workflows
- 23. //tower workflows MIX AND RE-USE AUTOMATIONS WITHOUT WRITING A PLAYBOOK ● Combine any number of Playbooks into a Workflow ● Delegate access just like any other Tower automation ● Launchable with customizable parameters ● Easily build in-app workflows Provision Configure Deploy Scale Build Test Promote Verify Deploy
- 25. //delegation EMPOWER YOUR TEAMS INSIDE AND OUTSIDE OF OPERATIONS ● Connect to your LDAP, AD, SAML and other directories ● Full role-based access control engine ● Store credentials for use without exposure ● Enable users to automate without previous Ansible knowledge ● Find relevant information more quickly with new Smart Search ● Simple surveys configure automation at run-time ● REST API allows integration into your existing processes and tools ● Add capacity with new Tower Clusters
- 26. //tower clusters ADD TOWER CAPACITY AND REDUNDANCY WITH EASE ● Add new Tower nodes to scale out Tower job capacity ● Tower node fails? No problem ● Individual Tower jobs will run on any node with available capacity ○ Jobs are not spanned across multiple Tower nodes ● Cluster stays in sync with in-Tower configuration
- 27. //enterprise log integration ANALYZE YOUR AUTOMATION RESULTS ● Log all Tower activity to central enterprise logging ● Cross-reference automation with events and application logs ● Use Tower’s API to perform remediation if needed ● Support for: ○ Elastic ○ Splunk ○ Sumologic ○ Loggly ○ Custom (Via WebHook/RESTful API)
- 28. //automate everything USE CASES USERS ANSIBLE PYTHON CODEBASE OPEN SOURCE MODULE LIBRARY PLUGINS CLOUD AWS, GOOGLE CLOUD, AZURE … INFRASTRUCTURE LINUX, WINDOWS, UNIX … NETWORKS ARISTA, CISCO, JUNIPER … CONTAINERS DOCKER, LXC … SERVICES DATABASES, LOGGING, SOURCE CONTROL MANAGEMENT TRANSPORT SSH, WINRM, ETC. AUTOMATE YOUR ENTERPRISE ADMINS ANSIBLE CLI & CI SYSTEMS ANSIBLE PLAYBOOKS …. ANSIBLE TOWER SIMPLE USER INTERFACE TOWER API ROLE-BASED ACCESS CONTROL KNOWLEDGE & VISIBILITY SCHEDULED & CENTRALIZED JOBS CONFIGURATION MANAGEMENT APP DEPLOYMENT CONTINUOUS DELIVERY SECURITY & COMPLIANCE ORCHESTRATIONPROVISIONING
- 29. //demo
- 31. ● Linux ○ Ansible manages Linux/Unix machines using SSH ● Windows ○ Uses PowerShell remoting rather than SSH ○ Ansible still runs from a Linux control machine and uses ○ WinRM python module to talk to the windows host //how it works
- 32. ● Gather facts on Windows hosts ● Install and uninstall MSIs ● Enable and disable Windows Features ● Start, stop, and manage Windows services ● Create and manage local users and groups ● Manage Windows packages via the Chocolatey package manager ● Manage and install Windows updates ● Fetch files from remote sites ● Push and execute PowerShell scripts //native windows support
- 33. # Execute a command in the remote shell; stdout outputs to the specified file --- - name: Run win_shell hosts: all gather_facts: false tasks: - name: Run some script win_shell: C:somescript.ps1 >> c:somelog.txt //win_shell module
- 34. ● fetch ● raw ● script ● slurp ● template ● add_host ● assert //ansible core modules for windows ● pause ● set_fact ● debug ● fail ● group_by ● include_vars ● meta
- 35. --- # This playbook tests the script module on Windows hosts - name: Run powershell script hosts: all gather_facts: false tasks: - name: Run powershell script script: files/helloworld.ps1 //script module
- 36. ● Active Directory ○ Kerberos is the preferred option when using AD ○ Requirement to install ‘python-kerberos’ module on the control host # yum -y install python-devel krb5-devel krb5-libs krb5-workstation //authentication
- 37. ● Configure Kerberos # vi /etc/krb5.conf [realms] MY.DOMAIN.COM = { kdc = domain-controller1.my.domain.com kdc = domain-controller2.my.domain.com } [domain_realm] .my.domain.com = MY.DOMAIN.COM //authentication
- 38. ● runas ○ There is upcoming support to execute actions as the administrator with Windows ‘runas’ ○ Presently, connect and automate Windows using local or domain users //coming soon
- 39. //demo
- 41. //ansible for networks COMPLIANCE AND DRIFT Improved Security Troubleshooting Efficiencies Visibility Desired State Processes CONFIG AUTOMATION Time-to-Market Advantages Operational Efficiencies Quality Configurations MOPs? TEST AND VALIDATE Speed and Agility Automated Repeatable Tasks Simplified Infrastructure Ansible Tower for networks: Security: Store Network Credentials Delegation: Using Role-Based Access Control (RBAC) Power: Leverage the Ansible Tower API Control: Schedule Jobs for Automated Playbook Runs Flexibility: Launch Job Templates Using Surveys Integrations: Leverage Tower Integrations like Version Control Compliance: Run Jobs in Check Mode for Audits
- 42. //core network modules cloudflare_dns - manage Cloudflare DNS records dnsimple - Interface with dnsimple.com (a DNS hosting service). dnsmadeeasy - Interface with dnsmadeeasy.com (a DNS hosting service). haproxy - Enable, disable, and set weights for HAProxy backend servers using socket commands. ipify_facts - Retrieve the public IP of your internet gateway. ipinfoio_facts - Retrieve IP geolocation facts of a host’s IP address ldap_attr - Add or remove LDAP attribute values. ldap_entry - Add or remove LDAP entries. lldp - get details reported by lldp nmcli - Manage Networking nsupdate - Manage DNS records. omapi_host - Setup OMAPI hosts. snmp_facts - Retrieve facts for a device using SNMP. wakeonlan - Send a magic Wake-on-LAN (WoL) broadcast packet
- 43. //core vendors From MOPs to Playbooks!! 175 included network modules + community
- 44. //mops to playbooks Variables Templates + Declarative State - Network Infrastructure as Data
- 45. //playbook example --- - hosts: ios_devices gather_facts: no connection: local vars_prompt: - name: "mgmt_username" prompt: "Username" private: no - name: "mgmt_password" prompt: "Password" tasks: - name: SYS | Define provider set_fact: provider: host: "{{ inventory_hostname }}" username: "{{ mgmt_username }}" password: "{{ mgmt_password }}" - name: IOS | Show clock ios_command: provider: "{{ provider }}" commands: - show clock register: clock - debug: msg="{{ clock.stdout }}"
- 46. //what’s next? POCs Upcoming Arctiq-run demos and Blogs Use-case workshops and consulting Training Workshops We are HIRING //take the first step - www.arctiq.ca