Ansible Automation Workshop - Dchan-redhat.github.io
Ansible Automation WorkshopIntroduction to Ansible Automation
Agenda1400-143030 minsWelcome & Ansible Automation overviewpresentation1430-144010 minsLab setup & introducing the lab controls45 minsHands-on 1 2Overview of public cloud provisioningConverting shell commands into Ansible commands45 minsHands-on 3 4Retrieving information from hostsDeploying applications at scale1610-165545 minsHands-on 5 6Self-service IT via surveysAutomation Workflows1655-17005 mins1440-15251525-16102Wrap-up: hands-on workshop review
What you will learn Overview of public cloud provisioning Converting shell commands into Ansible commands Retrieving information from hosts Deploying applications at scale Self-service IT via surveys Automation Workflows3
IntroductionTopics Covered: What is the Ansible Automation Platform? What can it do?4
Red Hat Ansible Platform technical deckAnyone can automate.but an enterprise needsto coordinate and scale5
Red Hat Ansible Platform technical deckMany organizations share the same challengeToo many unintegrated, domain-specific toolsNetwork ops6SecOpsDevs/DevOpsIT ops
Red Hat Ansible Platform technical deckBreak down silosDifferent teams a single platformConsistent governanceCloudDatacenterEdgeLine of businessDevs/DevOps7IT opsSecOpsNetwork ops
PUBLIC / PRIVATECLOUDPUBLIC / PRIVATECLOUDCMDBANSIBLE AUTOMATION NSHOSTSNETWORKDEVICES
Why the Red Hat Ansible Automation Platform?Why the Ansible Automation Platform?PowerfulSimpleAgentlessOrchestrate complexSimplify automation creationEasily integrate withprocesses at enterprise scale.and management acrosshybrid environments.multiple domains.9
PUBLIC / PRIVATECLOUDPUBLIC / PRIVATECLOUDCMDBANSIBLE AUTOMATION ENGINEUSERSANSIBLEPLAYBOOKPLAYBOOKS ARE WRITTEN IN YAMLTasks are executed sequentiallyInvoke Ansible ES
--- name: install and start apachehosts: webbecome: yestasks:- name: httpd package is presentyum:name: httpdstate: latest- name: latest index.html file is presentfile:src: files/index.htmldest: /var/www/html/- name: httpd is startedservice:name: httpdstate: started
PUBLIC / PRIVATECLOUDPUBLIC / PRIVATECLOUDCMDBANSIBLE AUTOMATIONMODULESENGINEARE “TOOLS IN THE TOOLKIT”USERSANSIBLEPLAYBOOKPython, Powershell, or any languageExtend Ansible simplicity to the entire - name: latest index.html file is presenttemplate:src: files/index.j2dest: /var/www/html/
PUBLIC / er2.example.comPUBLIC / PRIVATECLOUDINVENTORYList of systems in your infrastructure thatautomation is executed againstANSIBLE AUTOMATION ES
Ansible Automates Technologies You UseTime to Automate is Measured in MinutesCLOUDVIRT gital OceanGoogleOpenStackRackspace moreDockerVMwareRHVOpenStackOpenShift igsUsersDomains nF5JuniperOpenSwitchRuckusVyOS ionSlackHipchat giosNew RelicPagerDutySensuStackDriverZabbix moreOPERATINGSYSTEMSRHEL and LinuxUNIXWindows moreSTORAGENetAppRed Hat StorageInfinidat more
Automation HubDiscover, publish, and manage Collections Quickly discover available RedHat and certified contentthrough Collections. Manage and test yourorganization’s view of availablecontent.* Manage your locally availableautomation via on-premise.*
Why the Red Hat Ansible Automation Platform?Automate the deployment and management of automationYour entire IT footprintDo this.OrchestrateManage configurationsDeploy applicationsProvision / deprovisionDeliver continuouslySecure and complyOn these.16FirewallsLoad balancersApplicationsContainersVirtualization platformsServersCloudsStorageNetwork devicesAnd more .
ACCESS CONTROLRole-based access control& LDAP integrationAUDITINGSee a full Ansible jobhistory with drill-in detailsSCHEDULINGScheduleautomation jobs(great forperiodicremediation)DELEGATION OFCREDENTIALSDelegate credentials withoutgiving away secretsINVENTORY MANAGEMENTGraphically manage your internal &cloud resourcesPUSH-BUTTON LAUNCHLaunch automation jobs with a buttonAPI & CLIDocumented RESTful API andTower CLI to integrate Towerinto your tools
What makes a platform?On-premisesContent creatorsAutomation controllerOperatorsAnsible Cloud ServicesAutomationhubAutomationservices catalogInsights for AnsibleAutomation PlatformAnsible content domainsInfrastructureDomain expertsUsersLinuxWindowsCloudAnsible command lineFueled by anopen source community18NetworkSecurity
DevOps Pipeline with AnsiblePLANCODEBUILD CI/CDTEST CDDEPLOYRUNComplianceA/B, Blue-Green,UX MonitoringFEEDBACK LOOPSAgile PlanningPRODUCTOWNERUnit, Integration TestSystem, Smoke TestDEVELOPERFunctional, Perform.,SecurityUsability,AcceptanceTEST TEAMSMERELEASEMANAGEREND USERGOLIVE?CodeFEEDBACKAPP DELIVERY PIPELINEArtifactRepositoryBuild toExecutableNON-PRODPromote toDEVDEVPromote toTESTPromote toUATDeploy toPRODTESTUATPROD
Remediate AutomationMonitoring / LoggingPlatform1.Monitoring/Logging Platform detects securityissues and calls the Ansible Tower API2.Ansible Tower runs a playbook to automateremediation in servers / equipments3.Ansible Tower runs a playbook to open asupport ticket and/or notify security managers /system administratorsSend Notification/Open TicketRemediationNetworks / Servers /Cloud
Teams are implementing Disaster Recovery.Lines Of NetworkApprovedStartup Servers/ ServicesStartupApplicationComplianceCheckHealth CheckSwitch overnetwork trafficsSome planning tasks (e.g. Disaster Recovery Drill) usually required different teams to worktogether.
Teams are implementing Disaster Recovery.Lines Of NetworkApprovedStartup Servers/ ServicesStartupApplicationComplianceCheckHealth CheckSwitch overnetwork trafficsSome planning tasks (e.g. Disaster Recovery Drill) can’t be performed as it usually required differentteams to work together.
Rolling Upgrade / PatchingYour applications and systems aremore than just collections ofconfigurations. They’re a finely tunedand ordered list of tasks andprocesses that result in your workingapplication.23
Security Compliance - C2SAnsible remediation role for profile C2SProfile Title: C2S for Red Hat Enterprise Linux 7- hosts: allroles:- role: RedHatOfficial.rhel7 c2swhen:- ansible os family 'RedHat'- ansible distribution major version version compare('7', ' ') Huge manual works for checking / remediation of security compliance settingsAfter Ansible Automation:RHEL 7 C2S Shorten the time for manual ting-security-compliance-with-ease/24
Exercise 1Topics Covered: Understanding the Ansible Infrastructure Check the prerequisites25
The lab environment today Drink our own champagne.Provisioned by, configured by, andmanaged by Red Hat AnsibleWorkbench TopologyAmazon VPC routerAutomation Platform.https://github.com/ansible/workshops Learn with the real thingEvery student will have their own fullylicensed Red Hat Ansible Tower controlnode. No emulators or simulators here.Web Serversnode1 Red Hat Enterprise LinuxAll four nodes are enterprise Linux,showcasing real life use-cases to helpspark ideas for what you can automatetoday.ansiblenode2node3
How does it work?ProvisionConfigureManageResourcesAnsible environmentLogin WebsiteSubnets, gateways, securitygroups, SSH keysinstall Ansible Tower, SSH config,user accounts, etcDynamically create loginwebpage for studentsInstancesCode ServerInstructor InventoryRHEL, Cisco, Arista, Checkpoint,Windows, etcInventoryLoad and sort newly createdinstances for further automationConfigure in-browser text editorand terminalDNSConfigure DNS names for allcontrol nodesProvide inventory and logininformation and master keyLog InformationRecord student count andinstructor for statistics
Lab TimeComplete exercise 1-setup now in your lab environmenthttps://red.ht/ansibleworkshop
Exercise 2Topics Covered: Ansible inventories Main Ansible config file Modules and ad-hoc commands Example: Bash vs. Ansible29
Inventory 30Ansible works against multiple systems in an inventoryInventory is usually file basedCan have multiple groupsCan have variables for each group or even host
Understanding Inventory - Basicnode1node2node3ansible10.20.30.40
Understanding Inventory - Basic[web]node1 ansible host 3.22.77.141node2 ansible host 3.15.193.71node3 ansible host 3.15.1.72[control]ansible ansible host 18.217.162.148
Understanding Inventory - Variables[all:vars]ansible user student1ansible ssh pass ansible1234ansible port 22[web]node1 ansible host 3.22.77.141node2 ansible host 3.15.193.71node3 ansible host 3.15.1.72[control]ansible ansible host 18.217.162.148
First Ad-Hoc Command: ping Single Ansible command to perform a task quickly directly oncommand line Most basic operation that can be performed Here: an example Ansible ping - not to be confused with ICMP ansible all -m ping34
Ad-Hoc Commandsping# Check connections (submarine ping, not ICMP)[user@ansible] ansible all -m pingnode1 SUCCESS {"ansible facts": {"discovered interpreter python":"/usr/bin/python" Groups can be nested},"changed": false,"ping": "pong"}35
Bash vs. Ansibleecho Running mssql-conf setup.sudoMSSQL SA PASSWORD MSSQL SA PASSWORD \MSSQL PID MSSQL PID \/opt/mssql/bin/mssql-conf -n setup accept-eula- name: Run mssql-conf setupcommand: /opt/mssql/bin/mssql-conf -n setupaccept-eulaenvironment:- MSSQL SA PASSWORD: "{{ MSSQL SA PASSWORD }}"- MSSQL PID: "{{ MSSQL PID }}"when: install is changedecho 'export PATH " PATH:/opt/mssql-tools/bin"' /.bash profileecho 'export PATH " PATH:/opt/mssql-tools/bin"' /.bashrcsource /.bashrc- name: Add mssql-tools to PATHlineinfile:path: "{{ item }}"line: export PATH " PATH:/opt/mssql-tools/bin"loop:- /.bash profile- /.bashrc
Lab TimeComplete exercise 2-adhoc now in your lab environmenthttps://red.ht/ansibleworkshop
Exercise 3Topics Covered: Playbooks basics Running a playbook38
An Ansible Playbook--- name: install and start apachehosts: webbecome: yesA playtasks:- name: httpd package is presentyum:name: httpdstate: latest- name: latest index.html file is presenttemplate:src: files/index.htmldest: /var/www/html/- name: httpd is startedservice:name: httpdstate: started
An Ansible Playbook--- name: install and start apachehosts: webbecome: yesA tasktasks:- name: httpd package is presentyum:name: httpdstate: latest- name: latest index.html file is presenttemplate:src: files/index.htmldest: /var/www/html/- name: httpd is startedservice:name: httpdstate: started
An Ansible Playbook--- name: install and start apachehosts: webbecome: yesmoduletasks:- name: httpd package is presentyum:name: httpdstate: latest- name: latest index.html file is presenttemplate:src: files/index.htmldest: /var/www/html/- name: httpd is startedservice:name: httpdstate: started
Running an Ansible Playbook:The most important colors of AnsibleA task executed as expected, no change was made.A task executed as expected, making a changeA task failed to execute successfully42
Running an Ansible Playbook[user@ansible] ansible-playbook apache.ymlPLAY [webservers] *************************TASK [Gathering Facts] ********************ok: [web2]ok: [web1]ok: [web3]TASK [Ensure httpd package is present] ****changed: [web2]changed: [web1]changed: [web3]TASK [Ensure latest index.html file is present] ed: [web2]changed: [web1]changed: [web3]TASK [Restart httpd] **********************changed: [web2]changed: [web1]changed: [web3]43PLAY RECAP ********************************web2: ok 1changed 3 unreachable 0 failed 0web1: ok 1changed 3 unreachable 0 failed 0web3: ok 1changed 3 unreachable 0 failed 0
Lab TimeComplete exercise 3-playbooks now in your lab environmenthttps://red.ht/ansibleworkshop
Exercise 4Topics Covered: Working with variables What are facts?45
An Ansible Playbook Variable Example--- name: variable playbook testhosts: localhostvars:var one: awesomevar two: ansible isvar three: "{{ var two }} {{ var one }}"tasks:- name: print out var threedebug:msg: "{{var three}}"
An Ansible Playbook Variable Example--- name: variable playbook testhosts: localhostvars:var one: awesomevar two: ansible isvar three: "{{ var two }} {{ var one }}"tasks:- name: print out var threedebug:msg: "{{var three}}"ansible is awesome
Facts Structured data in the form of Ansible variables Information is capture from the host Ad-hoc command setup will show facts"ansible facts": {"ansible default ipv4": {"address": "10.41.17.37","macaddress": "00:69:08:3b:a9:16","interface": "eth0",.48
Ansible Variables and Facts--- name: Output facts within a playbookhosts: alltasks:- name: Prints Ansible factsdebug:msg: ”The default IPv4 address of {{ ansible fqdn }}is {{ ansible default ipv4.address }}”
Ansible Inventory - Managing Variables In Files tree ansible-files/ 50deploy index html.ymlfiles dev web.html prod web.htmlgroup vars web.ymlhost vars node2.yml
Ansible Inventory - Managing Variables In Files deploy index html.yml files dev web.html prod web.html group vars web.yml host vars node2.yml51 cat group vars/web.yml--stage: dev cat host vars/node2.yml--stage: prod- name: copy web.htmlcopy:src: "{{ stage }} web.html"dest: /var/www/html/index.html
Lab TimeComplete exercise 4-variables now in your lab environmenthttps://red.ht/ansibleworkshop
Exercise 5Topics Covered: Surveys53
SurveysTower surveys allow you to configure howa job runs via a series of questions,making it simple to customize your jobs ina user-friendly way.An Ansible Tower survey is a simplequestion-and-answer form that allowsusers to customize their job runs.Combine that with Tower's role-basedaccess control, and you can build simple,easy self-service for your users.
Creating a Survey (1/2)Once a Job Template is saved, the Add Survey Button will appearClick the button to open the Add Survey window.
Creating a Survey (2/2)The Add Survey window allows the Job Template to prompt users for one or more questions.The answers provided become variables for use in the Ansible Playbook.
Using a SurveyWhen launching a job, the user will now be prompted with the Survey. The user canbe required to fill out the Survey before the Job Template will execute.
Lab TimeComplete exercise 5-surveys now in your lab environmenthttps://red.ht/ansibleworkshop
Exercise 6Topics Covered: Workflows59
WorkflowsWorkflows can be found alongside Job Templates by clicking theTemplatesbutton under the RESOURCES section on the left menu.
Adding a new Workflow TemplateTo add a new Workflow click on the green buttonThis time select the Workflow Template
Creating the WorkflowFill out the required parameters and click SAVE. As soon as theWorkflow Template is saved the WORKFLOW VISUALIZER will open.
Workflow VisualizerThe workflow visualizer will start as a blank canvas.
Visualizing a WorkflowWorkflows can branch out, or converge in.Blue indicates this JobTemplate will always runGreen indicates this JobTemplate will only be run if theprevious Job Template issuccessfulRed indicates this JobTemplate will only be run if theprevious Job Template fails
Lab TimeComplete exercise 6-workflow now in your lab environmenthttps://red.ht/ansibleworkshop
Next StepsGET STARTEDansible.com/get-startedJOIN THE ialWORKSHOPS & TRAININGSHARE YOUR STORYansible.com/workshopsFollow us @AnsibleRed Hat TrainingFriend us on Facebook
Thank m/ansiblegithub.com/ansiblehttp://bit.ly/3jZSbJH68
issues and calls the Ansible Tower API 2. Ansible Tower runs a playbook to automate remediation in servers / equipments 3. Ansible Tower runs a playbook to open a support ticket and/or notify security managers / system administrators Remediate Automation Monitoring / Logging Platform
WHAT IS ANSIBLE AUTOMATION? Ansible Tower is an enterprise framework for controlling, securing and managing your Ansible automation with a UI and RESTful API. Ansible is an open source community project sponsored by Red Hat. It's a simple automation language that can perfectly describe IT application environments in Ansible Playbooks.
WHAT IS ANSIBLE AUTOMATION? Ansible Automation is the enterprise framework for automating across IT operations. Ansible Engine runs Ansible Playbooks, the automation language that can perfectly describe an IT application infrastructure. Ansible Tower allows you scale IT automation, manage complex deployments and speed productivity.
Ansible Automation is the enterprise framework for automating across IT operations. Ansible Engine runs Ansible Playbooks, the automation language that can perfectly describe an IT application infrastructure. Ansible Tower allows you operationalize IT automation, manage complex deployments and speed productivity. RED HAT ANSIBLE TOWER
What is Ansible? It's a simple automation language that can perfectly describe an IT application infrastructure in Ansible Playbooks. It's an automation engine that runs Ansible Playbooks. Ansible Tower is an enterprise framework for controlling, securing and managing your Ansible automation with a UI and RESTful API.
Ansible Tower is a UI and RESTful API allowing you to scale IT automation, manage complex deployments and speed productivity. Role-based access control Deploy entire applications with push-button deployment access All automations are centrally logged Powerful workflows match your IT processes What is Ansible Tower?
Ansible Tower User Guide, Release Ansible Tower 2.4.5 Thank you for your interest in Ansible Tower by Red Hat. Ansible Tower is a commercial offering that helps teams manage complex multi-tier deployments by adding control, knowledge, and delegation to Ansible-powered environ-ments.
framework for automating across IT operations. Ansible Engine runs Ansible Playbooks, the automation language that can perfectly describe an IT application infrastructure. Ansible Tower allows you scale IT automation, manage complex deployments and speed productivity. RED HAT ANSIBLE TOWER Operationalize your automation RED HAT ANSIBLE ENGINE
vi 6 4kÚezpÜhªÔ ã 15 7 4kÚeypã[njªÔ ã 16 h p 8Ù it hcÕ ã hÔ Ý 1 zià[ yj³Ý 17 2 zetãp[njÝ 17 3 4 Üyh³Ý p[njÝ 18
