Transcription
CONFIDENTIAL DesignatorWall to wall AnsibleMaxim BurgerhoutPrincipal Solution ArchitectRed Hat1
ABOUT MECONFIDENTIAL PublicTwitter: @MaximBurgerhoutYouTube: 100 Things to do with Red Hat Management Productsbit.ly/100thingsredhatMaxim BurgerhoutPrincipal Solutions Architectmaxim@redhat.comRed Hat2
AGENDACONFIDENTIAL DesignatorWhat I want to do todayBackgroundWhat is Ansible, where is it goingAnsible use casesWhat lies beyond configuration managementGoing wall to wallHow do I maintain this huge playbook with my team(s)?DemoLet’s see it!3
BACKGROUNDWhat’s Ansible?4CONFIDENTIAL Designator
ANSIBLE BACKGROUNDCONFIDENTIAL DesignatorAnsibleSimple5PowerfulAgentlessHuman readable automationApp deploymentAgentless architectureNo special coding skills neededConfiguration managementUses OpenSSH & WinRMTasks executed in orderWorkflow orchestrationNo agents to exploit or updateUsable by every teamNetwork automationGet started immediatelyGet productive quicklyOrchestrate the app lifecycleMore efficient & more secure
ANSIBLE BACKGROUNDCONFIDENTIAL DesignatorAnsible Automation works across teamsBUSINESS6DEVNETWORKQA/SECURITYI.T. OPERATIONS
ANSIBLE BACKGROUNDCONFIDENTIAL DesignatorWhat can I do using Ansible?Automate the deployment and management of your entire IT footprint.Do ionDeploymentProvisioningContinuous DeliverySecurity andComplianceOn these.7FirewallsLoad tructureStorageNetwork DevicesAnd more.
BACKGROUNDHow does it work?8CONFIDENTIAL Designator
PUBLIC / PRIVATECLOUDPUBLIC / PRIVATECLOUDCMDBANSIBLE AUTOMATION NSHOSTSNETWORKDEVICES
PUBLIC / PRIVATECLOUDPUBLIC / PRIVATECLOUDCMDBANSIBLE AUTOMATION ENGINEUSERSANSIBLEPLAYBOOKPLAYBOOKS ARE WRITTEN IN YAMLTasks are executed sequentiallyInvoke Ansible ES
PLAYBOOK EXAMPLE--- name: install and start apachehosts: webbecome: yesvars:http port: 80tasks:- name: httpd package is presentyum:name: httpdstate: latest- name: latest index.html file is presentcopy:src: files/index.htmldest: /var/www/html/- name: httpd is startedservice:name: httpdstate: started11
PUBLIC / PRIVATECLOUDPUBLIC / PRIVATECLOUDCMDBANSIBLE AUTOMATIONMODULESENGINEARE “TOOLSIN THE TOOLKIT”Python, Powershell, or any languageExtend Ansible simplicity to the entire TYANSIBLEPLAYBOOKCOREHOSTSNETWORKDEVICES
PUBLIC / PRIVATECLOUDPUBLIC / PRIVATECLOUDCMDBPLUGINS ARE “GEARS IN THE ENGINE”Code that plugs into the core s uses & UGINSHOSTSNETWORKDEVICES
PUBLIC / PRIVATECLOUDPUBLIC / PRIVATECLOUDCMDBINVENTORY[web]ANSIBLE AUTOMATION heckpoint01.internal.com[lb]f5-01.internal.com
PUBLIC / PRIVATECLOUDPUBLIC / PRIVATECLOUDCMDBANSIBLE AUTOMATION ENGINEUSERSINVENTORYANSIBLEPLAYBOOKCLIHOSTSCLOUD MODULESPLUGINSNETWORKRed Hat Openstack, Red Hat Satellite, VMware, DEVICESAWS EC2, Rackspace, Google Compute Engine, Azure
PUBLIC / PRIVATECLOUDPUBLIC / PRIVATECLOUDCMDBANSIBLE AUTOMATION iceNow, Cobbler, BMC,Custom cmdbHOSTSCLIPLUGINSNETWORKDEVICES
PUBLIC / PRIVATECLOUDPUBLIC / PRIVATECLOUDCMDBANSIBLE AUTOMATION ENGINEUSERSINVENTORYCLIMODULESPLUGINSAUTOMATE EVERYTHINGANSIBLERed Hat Enterprise Linux, Ubuntu, Debian,PLAYBOOKCisco routers, Arista switches, Juniper routers,Windows hosts, Checkpoint firewalls and moreHOSTSNETWORKDEVICES
CONFIDENTIAL DesignatorAnsible is a great tool forconfiguration managementBut it is so much more!18
ANSIBLE BACKGROUNDCONFIDENTIAL DesignatorNot all of those modules are for Linux configurationmanagement, ppAnd many, many more!19Source: me, browsing through docs.ansible.com and the modules directory of my git clone of Ansible
ANSIBLE BACKGROUNDCONFIDENTIAL DesignatorNot all of those modules are for Linux configurationmanagement, obviouslyWHICH ONES ARE YOU nd many, many more!20Source: me, browsing through docs.ansible.com and the modules directory of my git clone of Ansible
ANSIBLE BACKGROUND* Based on my totally non-scientific research of checking out git tags, running various find commands and piping the output to wc21CONFIDENTIAL Designator
ANSIBLE BACKGROUNDCONFIDENTIAL DesignatorAnsible automates technologies you useTime to automate is measured in minutesCloudVirt & ital OceanGoogleOpenStackRackspace moreDockerVMwareRHVOpenStackOpenShift ��gsUsersDomains iperPalo AltoOpenSwitch ionSlackHipchat giosNew RelicPagerDutySensuStackDriverZabbix moreOperating SystemsRHEL and LinuxUnixWindows more22StorageNetappRed Hat StorageInfinidat more
CONFIDENTIAL DesignatorSo, we automated all thethings now do we maintain thishuge playbook together?23
GOING WALL TO WALLCONFIDENTIAL DesignatorWell, first of all, you don’tKeep it simpleComplexity kills productivityAnsible should not be like Perl!Optimize for readability, no write-only code!Think declarativelyActually, no “code” at all. We are describing state.Keep it smallIf you keep the bricks small, you can build great things!24
GOING WALL TO WALLCONFIDENTIAL DesignatorRe-use, share, and if you have to, steal ;)If you have written a great playbook once, use it again!There is no merit in re-inventing the wheelIf you have written a great role, share it on Galaxy!Be a good open source citizen ;)If you need functionality, check GalaxyOdds, are what you need already existsSplit off functionality into separate playbooks and chainthemTower is great for this, but Ansible core can do it, too25
GOING WALL TO WALLCONFIDENTIAL DesignatorA couple of tips to get you goingSplit off provisioning from configurationThat makes it easy to move to another platformIf you use Ansible Tower, learn to love the set stats modulePass around that informationIn your playbooks, mention all variables in the vars sectionMakes it easier for your successor (and yourself!)Use dynamic groups and / or dynamic inventories(On some platforms, groups tags)26
CONFIDENTIAL DesignatorShall I do a littledemo at thispoint?27
CONFIDENTIAL DesignatorThank youRed Hat is the world’s leading provider of user/RedHatVideosopen source software solutions. Award-winningsupport, training, and consulting services makefacebook.com/redhatincRed Hat a trusted adviser to the Fortune 500.twitter.com/RedHat28
CMDB USERS INVENTORY HOSTS NETWORK PLUGINS DEVICES CLI MODULES ANSIBLE PLAYBOOK PUBLIC / PRIVATE PUBLIC / PRIVATE CLOUD CLOUD. ANSIBLE AUTOMATION ENGINE CMDB USERS . Be a good open source citizen ;) If you need functionality, check Galaxy Odds, are what you need already exists Split off functionality into separate playbooks and chain