Weithenn - Apistek
Ansible AWX圖形化管理 Ansible 環境的利器王偉任weithenn.org
Agenda Infrastructure as Code (IaC) Why Ansible Ansible Engine vs Tower vs AWX Ansible AWX Features Use Case Demo3
Infrastructure as Code (IaC)
Bimodal IT – Mode 1 / Mode 2 Mode 1–Traditional Infrastructure –Reliability / StabilityPhysical Server / Storage / Network Mode 2–Infrastructure Agility–Software Defined (SDC, SDS, SDN)–VM / Container / Microservice Agility / DevOps5Image From: Gartner - Data Center Modernization and Consolidation Key Initiative Overview
7
CNCF – Cloud Native Landscape8Reference: CNCF Cloud Native Interactive Landscape
Infrastructure as Code (IaC)9
Why Ansible
Ansible – Language of automationCROSS PLATFORMHUMAN READABLEAgentless support for all major OSvariants, physical, virtual, cloud andnetwork devices.Perfectly describe and document everyaspect of your application environment.VERSION CONTROLLEDDYNAMIC INVENTORIESORCHESTRATION PLAYS WELLWITH OTHERSPlaybooks are plain-text. Treat them likecode in your existing version control.Capture all the servers 100% of the time,regardless of infrastructure, location, etc.Orchestration plays well with others:ServiceNow, Infoblox, AWS, Terraform,Cisco ACI and more11PERFECT DESCRIPTION OFAPPLICATIONEvery change can be made by Playbooks,ensuring everyone is on the same page.
Ansible Automates Technologies You UseCLOUDVIRT & ital OceanGoogleOpenStackRackspace moreDockerVMwareRHVOpenStackOpenShift igsUsersDomains iperPalo AltoOpenSwitch ionSlackHipchat giosNew RelicPagerDutySensuStackDriverZabbix moreOPERATINGSYSTEMSRHEL and LinuxUNIXWindows more12STORAGENetAppRed Hat StorageInfinidat more
Ansible ArchitecturePUBLIC / PRIVATECLOUDPUBLIC / PRIVATECLOUDCMDBANSIBLE AUTOMATION ENGINEUSERSANSIBLE PLAYBOOK13Reference: RedHat people bhinson – Ansible automation technical deckINVENTORYCLIMODULESPLUGINSHOSTSNETWORKDEVICES
Ansible Engine vs Tower vs AWX
Ansible Engine vs Tower vs AWXAnsible Engine CLI Only. Not centralized management. Integration with Red HatEnterprise Linux. Support for Ansible coremodules per product life cycle. Support for the Ansibleexecution engine.15Ansible Tower A GUI Dashboard. Red Hat licensed and 24x7supported. High Availability supported. Role-based access control Job scheduling Graphical inventorymanagement Multi-playbook workflow RESTful API External logging integrations Real-time job status updatesAnsible AWX The AWX Project is the fastmoving upstream project fromwhich Red Hat Ansible Tower isderived. Opensource of free to use. No node limitations. Frequent updates from thecommunity. Community support.
Why Ansible AWXAnsible AWX is a opensource of AnsibleTower, so it’s free to use, GUI based, andRESTful API allowing you to scale ITautomation, manage complexdeployments and speed productivity. RBAC (Role-Based Access Control) Push Button – Easy to execute playbook RESTful API Workflow Enterprise Integrations Centralized Logging Ansible AWX is FREE16Image From: RedHat people bhinson – Ansible automation technical deck
Ansible AWX Architecture17Image From: RedHat people bhinson – Ansible automation technical deck
Ansible AWX Features
Dashboard19
RBAC (Role-Based Access Control)20Reference: 27. Security — Ansible Tower User Guide v3.6.3
Easy to Execute Playbook21
Automation Workflow22Image From: RedHat people bhinson – Ansible automation technical deck
Thank you
Ansible Engine vs Tower vs AWX 15 Ansible Engine Ansible Tower Ansible AWX CLI Only. Not centralized management. Integration with Red Hat Enterprise Linux. Support for Ansible core modules per product life cycle. Support for the Ansible execution engine. A GUI Dashboard. Red Hat licensed and 24x7 supported.
Tom Rosenstiel Author, Director of the American Press Institute Senior Fellow at the Brookings Institution.
The 10 industries most targeted by ransomware attacks in 2020 Trend Micro 2020 Annual Cybersecurity Report . 31.72% 1.65% 15.30% 8.21% 6.75% 5.12% . Detection Investigation Response Data to Decision Cybersecurity Countermeasures . . Risk mitigation and malware containment Shield vulnerable assets and detect lateral movement Unknown attack
可以不要用VMware 和Hyper-V 嗎? . HPE OneView provider Additional out-of-the box and customized providers 3rd party OpenStack AWS / Azure New New New HPE Helion CloudSystem 9.0 Delivered as virtual appliances on VMware or Red Hat -now with 3 node . vCenter appliance
Privileged access management is a combination of processes, policies and technologies that ensure that privileged users and superusers who share administrative credentials are doing the right things, that access is delegated on an as-needed basis and that an audit trail is kept in
Semi-HCI v.s. True HCI Semi-HCI Compute and storage are in different physical node but in the same chassis Compute and storage are in the same node but there are dedicated control nodes Challenge of semi-HCI Resource is not optimized Flexibility and reliability True HCI Each node can be compute, storage and control nodes
HP Atalla & HP Security Voltage PCI/Complianc e/ scope reduction Atalla HSMs Payments applications, EMV, mobile, customizations and compliance in FIPS Level 3 appliances HP SecureData Reduce PCI costs up to 90% with P2P encryption; combine HP Secure Stateless Tokenization (SST) with
HPE Helion OpenStack 5 Simplified installation, patching and upgrading with Helion Lifecycle Manager Proven IaaS published customer success in production. Flexible . choice of hypervisor . to match the needs of your workloads. Operations Console . web UI. for the private cloud operator
1550-1950, which she curated with Anne Sutherland Harris for the Los Angeles County Museum of Art; the show was accompanied by the catalogue of the same title co-authored by both scholars. Linda Nochlin has written numerous books and articles focusing attention on social and political issues revealed in the work of artists, both male and female, from the modernist period to the present day .
