WIXLIB

Ansible Linux Automation WorkshopIntroduction to Ansible for Red Hat Enterprise Linux Automationfor System Administrators and Operators

What you will learn Overview of public cloud provisioning Converting shell commands into Ansible commands Retrieving information from hosts Deploying applications at scale Self-service IT via surveys Overview of System Roles for Red Hat Enterprise Linux Overview of Red Hat Insights integration2

IntroductionTopics Covered: What is the Ansible Automation Platform? What can it do?3

Automation happens when one person meets aproblem they never want to solve again

Ad-hoc Automation is happening in silosAnsible used in siloDevelopersDIY scripting automationSecurityOpen source configmanagement toolInfrastructureProprietary vendor suppliedautomationNetworkIs organicautomation enough?

Teams are automating.Lines Of ructure

Why Ansible?SimplePowerfulAgentlessHuman readable automationApp deploymentAgentless architectureNo special coding skills neededConfiguration managementUses OpenSSH & WinRMTasks executed in orderWorkflow orchestrationNo agents to exploit or updateUsable by every teamNetwork automationGet started immediatelyGet productive quicklyOrchestrate the app lifecycleMore efficient & more secure

What can I do using Ansible?Automate the deployment and management of your entire IT footprint.Do onDeploymentProvisioningContinuousDeliverySecurity andComplianceOn these.FirewallsLoad tructureStorageNetwork DevicesAnd more.

When automation crosses teams,you need an automation platformNetworkDevelopersLines Of BusinessInfrastructureSecurityOperations

A platform can help you:CreateScaleEngage

Red Hat Ansible Automation PlatformNetworkLines sible Hosted Services: Engage users with an automation focused experienceScaleAnsible Tower: Operate & control at scaleCreateAnsible Engine: Universal language of automationFueled by an open source communityDevelopers

Ansible automates technologies you useTime to automate is measured in minutesCloudVirt & igital OceanGoogleOpenStackRackspace moreDockerVMwareRHVOpenStackOpenShift igsUsersDomains F5LenovoMikroTikJuniperOpenSwitch o AltoSnort moreDynatraceDatadogLogicMonitorNew RelicSensu moreOperatingSystemsRHELLinuxWindows moreStorageNetappRed Hat StorageInfinidat moreDevopsJiraGitHubVagrantJenkinsSlack more

Red Hat Ansible Towerby the numbers:94%Reduction in recovery time followinga security incident84%Savings by deploying workloadsto generic systems appliancesusing Ansible Tower67%Reduction in man hours requiredfor customer deliveriesFinancial summary:146%ROI on Ansible Tower 3MONTHSPayback on Ansible TowerSOURCE: "The Total Economic Impact Of Red Hat Ansible Tower, a June 2018 commissioned study conducted by Forrester Consulting on behalf of Red sible-tower-20180710

CloudTopics Covered: Understanding the Ansible Infrastructure Check the prerequisites14

The lab environment today Drink our own champagne.Provisioned by, configured by, andmanaged by Red Hat AnsibleWorkbench TopologyAmazon VPC routerAutomation Platform.https://github.com/ansible/workshops Learn with the real thingEvery student will have their own fullylicensed Red Hat Ansible Tower controlnode. No emulators or simulators here.Web Serversnode1 Red Hat Enterprise LinuxAll four nodes are enterprise Linux,showcasing real life use-cases to helpspark ideas for what you can automatetoday.ansiblenode2node3

How does it work?ProvisionConfigureManageResourcesAnsible environmentLogin WebsiteSubnets, gateways, securitygroups, SSH keysinstall Ansible Tower, SSH config,user accounts, etcDynamically create loginwebpage for studentsInstancesCode ServerInstructor InventoryRHEL, Cisco, Arista, Checkpoint,Windows, etcInventoryLoad and sort newly createdinstances for further automationConfigure in-browser text editorand terminalDNSConfigure DNS names for allcontrol nodesProvide inventory and logininformation and master keyLog InformationRecord student count andinstructor for statistics

Exercise 1Topics Covered: Understanding the Ansible Infrastructure Check the prerequisites17

PUBLIC / PRIVATECLOUDPUBLIC / PRIVATECLOUDCMDBANSIBLE AUTOMATION NSHOSTSNETWORKDEVICES

PUBLIC / PRIVATECLOUDPUBLIC / PRIVATECLOUDCMDBANSIBLE AUTOMATION ENGINEUSERSANSIBLEPLAYBOOKPLAYBOOKS ARE WRITTEN IN YAMLTasks are executed sequentiallyInvoke Ansible ES

--- name: install and start apachehosts: webbecome: yestasks:- name: httpd package is presentyum:name: httpdstate: latest- name: latest index.html file is presenttemplate:src: files/index.htmldest: /var/www/html/- name: httpd is startedservice:name: httpdstate: started

PUBLIC / PRIVATECLOUDPUBLIC / PRIVATECLOUDCMDBANSIBLE AUTOMATIONMODULESENGINEARE “TOOLS IN THE TOOLKIT”USERSANSIBLEPLAYBOOKPython, Powershell, or any languageExtend Ansible simplicity to the entire - name: latest index.html file is presenttemplate:src: files/index.htmldest: /var/www/html/

PUBLIC / er2.example.comPUBLIC / PRIVATECLOUDINVENTORYList of systems in your infrastructure thatautomation is executed againstANSIBLE AUTOMATION ES

LINUX AUTOMATION150 Linux ModulesAUTOMATE EVERYTHINGLINUXRed Hat Enterprise Linux, BSD,Debian, Ubuntu and many more!ONLY REQUIREMENTS:Python 2 (2.6 or later)or Python 3 (3.5 or later)ansible.com/get-started

Lab TimeComplete exercise 1-setup now in your lab environment

Exercise 2Topics Covered: Ansible inventories Main Ansible config file Modules and ad-hoc commands Example: Bash vs. Ansible25

Inventory 26Ansible works against multiple systems in an inventoryInventory is usually file basedCan have multiple groupsCan have variables for each group or even host

Understanding Inventory - Basicnode1node2node3ansible10.20.30.40

Understanding Inventory - Basic[web]node1 ansible host 3.22.77.141node2 ansible host 3.15.193.71node3 ansible host 3.15.1.72[control]ansible ansible host 18.217.162.148

Understanding Inventory - Variables[all:vars]ansible user student1ansible ssh pass ansible1234ansible port 22[web]node1 ansible host 3.22.77.141node2 ansible host 3.15.193.71node3 ansible host 3.15.1.72[control]ansible ansible host 18.217.162.148

First Ad-Hoc Command: ping Single Ansible command to perform a task quickly directly oncommand line Most basic operation that can be performed Here: an example Ansible ping - not to be confused with ICMP ansible all -m ping30

Ad-Hoc Commandsping# Check connections (submarine ping, not ICMP)[user@ansible] ansible all -m pingnode1 SUCCESS {"ansible facts": {"discovered interpreter python":"/usr/bin/python" Groups can be nested},"changed": false,"ping": "pong"}31

Bash vs. Ansibleecho Running mssql-conf setup.sudoMSSQL SA PASSWORD MSSQL SA PASSWORD \MSSQL PID MSSQL PID \/opt/mssql/bin/mssql-conf -n setup accept-eula- name: Run mssql-conf setupcommand: /opt/mssql/bin/mssql-conf -n setupaccept-eulaenvironment:- MSSQL SA PASSWORD: "{{ MSSQL SA PASSWORD }}"- MSSQL PID: "{{ MSSQL PID }}"when: install is changedecho 'export PATH " PATH:/opt/mssql-tools/bin"' /.bash profileecho 'export PATH " PATH:/opt/mssql-tools/bin"' /.bashrcsource /.bashrc- name: Add mssql-tools to PATHlineinfile:path: "{{ item }}"line: export PATH " PATH:/opt/mssql-tools/bin"loop:- /.bash profile- /.bashrc

Lab TimeComplete exercise 2-adhoc now in your lab environment

Exercise 3Topics Covered: Playbooks basics Running a playbook34

An Ansible Playbook--- name: install and start apachehosts: webbecome: yesA playtasks:- name: httpd package is presentyum:name: httpdstate: latest- name: latest index.html file is presenttemplate:src: files/index.htmldest: /var/www/html/- name: httpd is startedservice:name: httpdstate: started

An Ansible Playbook--- name: install and start apachehosts: webbecome: yesA tasktasks:- name: httpd package is presentyum:name: httpdstate: latest- name: latest index.html file is presenttemplate:src: files/index.htmldest: /var/www/html/- name: httpd is startedservice:name: httpdstate: started

An Ansible Playbook--- name: install and start apachehosts: webbecome: yesmoduletasks:- name: httpd package is presentyum:name: httpdstate: latest- name: latest index.html file is presenttemplate:src: files/index.htmldest: /var/www/html/- name: httpd is startedservice:name: httpdstate: started

Running an Ansible Playbook:The most important colors of AnsibleA task executed as expected, no change was made.A task executed as expected, making a changeA task failed to execute successfully38

Running an Ansible Playbook[user@ansible] ansible-playbook apache.ymlPLAY [webservers] *************************TASK [Gathering Facts] ********************ok: [web2]ok: [web1]ok: [web3]TASK [Ensure httpd package is present] ****changed: [web2]changed: [web1]changed: [web3]TASK [Ensure latest index.html file is present] ed: [web2]changed: [web1]changed: [web3]TASK [Restart httpd] **********************changed: [web2]changed: [web1]changed: [web3]39PLAY RECAP ********************************web2: ok 1changed 3 unreachable 0 failed 0web1: ok 1changed 3 unreachable 0 failed 0web3: ok 1changed 3 unreachable 0 failed 0

Lab TimeComplete exercise 3-playbooks now in your lab environment

Exercise 4Topics Covered: Working with variables What are facts?41

An Ansible Playbook Variable Example--- name: variable playbook testhosts: localhostvars:var one: awesomevar two: ansible isvar three: "{{ var two }} {{ var one }}"tasks:- name: print out var threedebug:msg: "{{var three}}"

An Ansible Playbook Variable Example--- name: variable playbook testhosts: localhostvars:var one: awesomevar two: ansible isvar three: "{{ var two }} {{ var one }}"tasks:- name: print out var threedebug:msg: "{{var three}}"ansible is awesome

Facts Structured data in the form of Ansible variables Information is capture from the host Ad-hoc command setup will show facts"ansible facts": {"ansible default ipv4": {"address": "10.41.17.37","macaddress": "00:69:08:3b:a9:16","interface": "eth0",.44

Ansible Variables and Facts--- name: Output facts within a playbookhosts: alltasks:- name: Prints Ansible factsdebug:msg: ”The default IPv4 address of {{ ansible fqdn }}is {{ ansible default ipv4.address }}”

Ansible Inventory - Managing Variables In Files tree ansible-files/ 46deploy index html.ymlfiles dev web.html prod web.htmlgroup vars web.ymlhost vars node2.yml

Ansible Inventory - Managing Variables In Files deploy index html.yml files dev web.html prod web.html group vars web.yml host vars node2.yml47 cat group vars/web.yml--stage: dev cat host vars/node2.yml--stage: prod- name: copy web.htmlcopy:src: "{{ stage }} web.html"dest: /var/www/html/index.html

Lab TimeComplete exercise 4-variables now in your lab environment

Exercise 5Topics Covered: Surveys49

SurveysTower surveys allow you to configure howa job runs via a series of questions,making it simple to customize your jobs ina user-friendly way.An Ansible Tower survey is a simplequestion-and-answer form that allowsusers to customize their job runs.Combine that with Tower's role-basedaccess control, and you can build simple,easy self-service for your users.

Creating a Survey (1/2)Once a Job Template is saved, the Add Survey Button will appearClick the button to open the Add Survey window.

Creating a Survey (2/2)The Add Survey window allows the Job Template to prompt users for one or more questions.The answers provided become variables for use in the Ansible Playbook.

Using a SurveyWhen launching a job, the user will now be prompted with the Survey. The user canbe required to fill out the Survey before the Job Template will execute.

Lab TimeComplete exercise 5-surveys now in your lab environment

Exercise 6Topics Covered: Red Hat Enterprise Linux System Roles55

Automation Hub and Ansible GalaxyAnsible ContentRoles & CollectionsPhysical SItePhysical SIte

Linux System Roles Consistent user interface to provide settings to a givensubsystem that is abstract from any particular syncfirewall

An Ansible Playbook Variable Example--- name: example system roles playbookhosts: webtasks:- name: Configure Firewallinclude role:name: linux-system-roles.firewall- name: Configure Timesyncinclude role:name: linux-system-roles.timesync