Author Archives: Ajay Chenampara
Author Archives: Ajay Chenampara
Ansible for security automation
Per NASCIO, the top priority for state CIOs is cybersecurity and risk management. A key focus for this initiative is to leverage the Continuous Diagnostics and Mitigation (CDM) framework provided by the Cybersecurity and Infrastructure Security Agency (CISA). In this blog post we will explore a high level view of the CDM framework, review Ansible’s role in security automation and finally understand how Ansible can help agencies with Day 0 through Day 2 tasks while working with the CDM framework.
Today more than ever, cyber threats mean that securing and defending our networks are of utmost importance. A recent report published by the National League of Cities revealed that an astonishing 44% of local governments report they experience a cyberattack daily or even hourly. So it is not surprising to see that cybersecurity and risk management is the number one priority for our state CIOs. With that background, let’s understand the CDM program.
The CDM framework is defined by CISA. CDM provides capabilities and tools that help identify Continue reading
In this blog I would like to showcase the power of Ansible Content Collections to build powerful abstractions. Collections are a distribution format for Ansible content that can include playbooks, roles, modules and plugins. For this blog post, let us address an Infrastructure as Code(IaC) use case for network configuration management of BGP. We will walk through examples for both Cisco IOS and Arista EOS devices.
First, let us define a data-model that encapsulates the vendor-agnostic configuration.
bgp_global: as_number: '65000' bgp: log_neighbor_changes: true router_id: address: 192.168.1.1 neighbor: - activate: true address: 10.200.200.2 remote_as: 65001 bgp_address_family: address_family: - afi: ipv4 neighbor: - activate: true address: 10.200.200.2 network: - address: 10.25.25.0 mask: 255.255.255.0 - address: 10.25.26.0 mask: 255.255.255.0 - address: 10.100.100.0 mask: 255.255.255.0 - address: 10.200.200.0 mask: 255.255.255.0 - address: 172.16.0.0 - address: 192.168.1.1 mask: 255.255.255.255
As you might have observed, this data-model matches exactly the input expected by the <vendor>.bgp_global and bgp_address_family modules within the IOS and EOS Continue reading
Ansible Collections are the new way to distribute and manage content. Ansible content can be modules, roles, plugins and even Ansible Playbooks. In my previous blog I provide a walkthrough of using Ansible Collections from Ansible Galaxy and Automation Hub. Ansible Galaxy is the upstream community for sharing Ansible Collections. Any community user can create a namespace and share content with anyone. Access to Automation Hub is included with a Red Hat Ansible Automation Platform subscription. Automation Hub only contains fully supported and certified content from Red Hat and our partners.
In this blog post we'll walk through using Ansible Collections with Ansible Tower, part of the Red Hat Ansible Automation Platform. There are a few differences between using command-line Ansible for syncing with Ansible Galaxy or the Automation Hub versus using Ansible Tower. However, it is really easy and I will show you how!
If the Ansible Collections are included in your project you do not need to authenticate to Automation Hub. This method is where you are downloading dynamically using a requirements file as outlined in my blog post. In general there are Continue reading
Ansible collections have been introduced previously through two of our blogs Getting Started with Ansible Content Collections and The Future of Ansible Content Delivery. In essence, Ansible Automation content is going to be delivered using the collection packaging mechanism. Ansible Content refers to Ansible Playbooks, modules, module utilities and plugins. Basically all the Ansible tools that users use to create their Ansible Automation. Content is divided between two repositories:
Ansible Galaxy is the upstream community for sharing Ansible Collections. Any community user can create a namespace and share content with anyone. Access to Automation Hub is included with a Red Hat Ansible Automation Platform subscription. Automation Hub only contains fully supported and certified content from Red Hat and our partners. This makes it easier for Red Hat customers to determine which content is the official certified, and importantly supported, content. This includes full content from partners such as Arista, Cisco, Checkpoint, F5, IBM, Microsoft and NetApp.
In this blog post we'll walk through a use case wherein, the user would like to use a Red Hat certified collection from Automation Hub Continue reading