Project signing is a new feature developed for Red Hat Ansible Automation Platform that came out in the latest 2.3 release. It enables users to sign project-based content (think playbooks, workflows, inventories, etc.) and verify whether or not that content has remained secure. It also features a new CLI tool, ansible-sign. This blog post will explain how it works, illustrate how to implement it, and highlight a few scenarios.
Organizations need to make sure their automation is tested and performing the intended tasks. However, what if someone deploys untested automation, or worse yet, someone intentionally tries to automate something nefarious? It might not even be intentional, but can simply be an organization using a community collection whose author removes a feature that they were using.
When organizations start adopting automation at the enterprise level, there may be hundreds to thousands of tasks being performed every hour across thousands of infrastructure nodes. How do you make sure the automation content that is being executed can be trusted? How do you know your automation is doing what you think it is? Is your organization pulling content from various sources outside of Continue reading
AnsibleFest in October was an amazing experience; the best part was meeting and chatting about multiple network automation use cases with our customers and partners.
In case you want to review the most relevant sessions, here is a summary on the abridged network automation related sessions that you can check on-demand for the next 5 months:
Bob Laliberte, Principal Analyst, ESG covers the complexity of modern networks which span across multi-domain teams including campus, branches, data centers, WAN networks and now edge across distributed locations.
Network automation, when implemented as an end to end solution, can unify teams and make it faster and more efficient to deliver network services.
IT decision makers and managers will be able to have a better insight on network automation challenges and KPIs.
In this interview, Wells Fargo Senior Vice President, Noor Shadid, describes their cultural change with automation and how Wells Fargo positioned itself as a technology company.
John Teixido from Truist and Tony Dubiel from Red Hat cover this amazing session. You Continue reading
We are thrilled to announce the general availability of Red Hat Ansible Automation Platform 2.3. If you didn’t get the opportunity to attend AnsibleFest 2022 in Chicago, or get time to watch the keynotes on the AnsibleFest content hub, I am the lucky Ansiblite (or is it Ansi-Bull) who will walk you through all the new, cool and exciting features coming with our new release. Ansible Automation Platform 2.3 introduces a number of new features and capabilities that deliver simpler, security-focused automation at scale. Ansible Automation Platform 2.3 is compatible with the Developer Preview of Event-Driven Ansible, a new set of capabilities that empower true end-to-end automation.
You can download the latest version directly from the Red Hat Customer Portal, or sign up for a free trial at red.ht/try_ansible. If you want to skip right to the documentation and release notes, check out the official Product Documentation page.
If you are new to Ansible Automation Platform 2 and wondering what automation execution environments, automation mesh, and automation content navigator all are, I highly recommend watching the video tour that our technical marketing team put together. If you prefer reading, I recommend checking out Continue reading
Today is a good day, and when it's a day like this we often feel like we are walking on clouds. With this latest announcement for the newest Red Hat Ansible Certified Collections available to our customers on the 28th of November, I am sure many cloud practitioners will be anticipating what the future will bring for their cloud automation.
Over the last few months, there has been a fair amount of activity in the Ansible team showing how Red Hat Ansible Automation Platform can extend and connect different technologies. This has been a crucial component of Ansible’s success in cloud automation for many customers.
Cloud automation requires the ability to perform many different complicated tasks and cover just as many domains. Often, organizations have different technologies to meet specific requirements and needs. One of the technologies widely used is Terraform.
We have done a number of blogs recently on the topic, ranging from a simple example of using Terraform with Ansible Automation Platform - Terraforming Clouds with Ansible, to in-depth looks at the differences between the tools - Ansible vs Terraform Demystified and Ansible vs Terraform, clarified. AnsibleFest 2022 even featured a lab where we Continue reading
This article discusses how to export and import Collections from one automation hub to another.
Ansible automation hub stores Collections within repositories and the Collections are versioned by the curator, so therefore many versions of the same Collection can exist in the same or different repositories at the same time.
Ansible automation hub repositories store Collections as TAR files, as created by ansible-galaxy during the curation and publishing process. This makes for easy downloading and transportation, especially during import and export workflows. You can be assured that the Collection you are importing to the new repository is the same one that was exported, or originally created by ansible-galaxy (assuming nothing malicious has happened to it; for that level of protection we have digital collection signing and can discuss that in a future article).
There are many reasons why you may wish to export or import Collections from one automation hub to another, so here are some common use cases.
This scenario means that you need to move content from an internet connected automation hub to another automation hub over an air gap. This could be done using a USB Continue reading
Beyond the buzz at AnsibleFest 2022 around event-driven automation, availability of Ansible in AWS and Azure marketplaces, and Project Wisdom, some important changes were happening within Ansible automation hub, so let's take a closer look at the latest developments.
Content signing is a new feature currently available in technology preview in Ansible Automation Platform 2.2 and will be generally available with the release of 2.3. Content signing provides the framework to establish a secure chain-of-custody so you can consume, publish, and share Ansible content with more confidence that it is less vulnerable to tampering and malicious code. With content signing, you now have more control over compliance and your organization's internal security requirements.
In addition, we have completed signing all of Red Hat Ansible Certified Collections available in Ansible automation hub, and we will work with our partners to sign any new content as it's released.
Private automation hub is your internal content repository for automation execution environments as well as Ansible content you create or download from Ansible automation hub. In a future release, we hope to enable signing both content and execution environments Continue reading
Security, more than ever, needs to move with speed, and we hear much about “shifting security left” and DevSecOps as methods to help achieve this. As this new paradigm gains momentum, so does the reliance on automated security tools to identify and mitigate software vulnerabilities at scale.
Often, our customers reach out to us saying their security scanners flag Red Hat Ansible Automation Platform as insecure, or that it contains unpatched vulnerabilities. Rest assured, our products are security-hardened and battle-tested. Red Hat's long-standing track record of upstream contributions extends to improving upstream projects' security and contributing to industry standards. The real culprit here is your security scanner!
In this blog, we’ll cover:
Have you ever had to query and remove a long list of ServiceNow records? Yeah, neither have I until recently. Nobody broke into my instance, and this isn't a one-time operation, I just happen to maintain an instance that we use to test our Red Hat Ansible Certified Content Collection for ServiceNow ITSM.
To set up the environment, I use a demo system and another workflow to create a random user and then allow a learner to progress through some challenges using full Red Hat Ansible Automation Platform deployments and a shared ServiceNow instance. Because this is a real live instance, there's no telling what sort of records learners will create. For this reason, I recently had to develop some automation to clean up records created by these demo user accounts.
Although my use-case was to clean up demo user accounts, this could just as well have been a critical ServiceNow instance that had erroneous records that needed cleaning up. This Collection can be leveraged to create, update, modify, or delete just about anything on ServiceNow.
If you’re following along, make sure you install a version of the servicenow.itsm Collection equal to or greater than 2.0.0 Continue reading
One of the most popular platform integrations available to Ansible Automation Platform subscribers in Ansible automation hub is the Red Hat Ansible Certified Content Collection for ServiceNow ITSM. This collection helps you create new automation workflows faster based on ServiceNow ITSM while establishing a single source of truth in the ServiceNow configuration management database (CMDB). You can help free teams from hours of manual effort and have greater data integrity within your ServiceNow ITSM instance.
For ServiceNow users, we've launched a new native ServiceNow application, the API for Red Hat® Ansible® Automation Platform Certified Content Collection, available exclusively through the ServiceNow store to enhance and support the integration between the two platforms.
The API for Red Hat Ansible Automation Platform Certified Content Collection integrates Ansible’s certified content with your ServiceNow instance. Prior to the launch of ServiceNow's Rome API, Ansible users could download the Red Hat Ansible Certified Content Collection for ServiceNow ITSM from the Ansible automation hub and directly manage ServiceNow resources using their REST API.
With the release of Rome, the REST API no longer provided all of the support needed to automate ServiceNow using Continue reading
In a cloud model, the security of the environment and compliance becomes the responsibility of both the end users and the cloud provider. This is what we call the shared responsibility model in which every part of the cloud, including the hardware, data, configurations, access rights, and operating system, are protected. Depending on the local legislation and the origin of the data that is handled (for instance laws like HIPAA, the GDPR in Europe, or the Californian CCPA), you may have to enforce strict rules on your environment and log events for audit purposes. AWS CloudTrail will help you to achieve this goal. The service can collect and record any kind of information coming from your environment and store or send the events to a destination for audit. In addition to security and compliance, this service helps keep track of resource consumption.
Ansible’s CloudTrail module is used to leverage the various features of the CloudTrail service to monitor and audit user activities and API calls in the AWS environment. A trail is a configuration that lets us describe an event filter and decide where the matching entries should be sent. The recent 5.0.0 release of the Amazon.aws Continue reading
Red Hat Ansible Automation Platform has seen wide-scale adoption in a variety of automation domains, however with edge use cases becoming more mainstream, the thought process around automation must shift from “complete a task immediately” to being able to run automation now and later, and respond to incoming automation requests from devices that are yet unmanaged.
In today’s hybrid cloud environment, automation exists in a tightly controlled and predictable space, meaning it’s easy to determine what endpoints are reachable and available for connection. In practice, this manifests as inventory syncs from our various management planes (think AWS/Azure/GCP/VMware) and then targeting the devices brought into Controller via those inventory syncs with automation. Cross connectivity shouldn’t be an issue: If we can see the device in a management plant, we can contact and automate against it. In addition, if there are exceptions to the “connectivity everywhere” model, Red Hat Ansible Automation Platform has features and functionality to help address more complex connectivity circumstances.
We can even take this automation approach one step further by pulling those management planes under the management of our automation, giving us the ability to really automate end-to-end. For example, Continue reading
At AnsibleFest 2022, the power of automation was on full display. Through sessions, workshops, labs and more, we explored how to transform enterprise and industry through automation. There were a lot of exciting announcements made on both days, and in case you missed it, we are going to dive into what is new!
We are thrilled to also announce a new AWS Marketplace offering, Red Hat Ansible Automation Platform. By offering Ansible Automation Platform as a pre-integrated service that can be quickly deployed from cloud marketplaces, we are meeting our customers where they are, while giving them the flexibility to deliver any application, anywhere, without additional overhead or complexity. Whether you are automating your hybrid cloud or multi-cloud environments, Ansible Automation Platform acts as a single platform. This platform provides consistency, visibility, and control to help you manage these environments at scale. Ansible is the IT automation “glue” for bringing your cloud, network, bare-metal and cloud-native infrastructure together. This provides the functionality to coordinate and manage across hybrid cloud environments in a simple and efficient way. Interested in learning more? Check out the press release.
Ansible Automation Platform provides a Continue reading
Today at AnsibleFest 2022, Red Hat announced an exciting new developer preview for Event-Driven Ansible. Most customers are on a journey toward full end-to-end automation and there are many paths you take along this journey. Event-Driven Ansible is a new way to enhance and expand automation. It improves IT speed and agility, while enabling consistency and resilience.
By fully automating necessary but routine tasks, you and your team will have more time to focus on interesting engineering challenges and new innovations. For example, what if you no longer needed to pause critical work to manually add technical detail to a service ticket? Or address a user password reset request? Or reset a router as a first troubleshooting step? With Event-Driven Ansible, the friction in your day can be dramatically reduced, leaving more time to work on important projects, with some added work-life balance.
The Event-Driven Ansible technology was developed by Red Hat and is available on GitHub as a developer preview. Community input is essential. Since we are building a solution to best meet your needs, we’re providing an opportunity for you to advocate for those needs. We ask that Continue reading
As one technology advances, it expands the possibilities for other technologies and offers the solutions of tomorrow for the challenges we face today. AnsibleFest 2022 brings us new advances in Ansible automation that are as bright as they are innovative. I am talking about the Event-Driven Ansible developer preview.
Automation allows us to give our systems and technology speed and agility while minimizing human error. However, when it comes to trouble tickets and issues, we are often left to traditional and manual methods of troubleshooting and information gathering. We inherently slow things down and interrupt our businesses. We have to gather information, try our common troubleshooting steps, confirm with different teams, and eventually, we need to sleep.
Support lifecycle diagram with many manual steps and hand-offs.
One application of Event-Driven Ansible is to remediate technology issues before near real-time, or at least trigger troubleshooting and information collection in an attempt to find the root cause of an outage while your support teams handle other issues.
Event driven automation used in the support lifecycle: fewer steps, faster Mean-Time-To-Resolution.
Event-Driven Ansible has the potential to change the way we respond to issues and illuminates many new automation Continue reading
Event-driven automation is increasingly being adopted because of the strong benefits it delivers in managing huge amounts of complexity across multi-clouds, a multi-device remote workforce, and growing edge implementations. In a digital world, maintaining resilience and reliability is essential and event driven automation helps teams meet these needs while working around resource and skills gaps.
This advanced automation technique can be used to address festering problems before there is a full-blown outage, improve agility and resilience to meet the demands of the business, and maintain consistency to avoid downtime and meet governance requirements. It also frees time spent on routine tasks so IT teams can focus on the innovations that matter.
For independent software vendors (ISVs), solution providers and service partners, this is a great opportunity to create easy-to-implement solutions for your customers and help them work with modern automation techniques that will truly make an operational impact. Event-driven technologies – including network, security, monitoring tools, observability solutions and workload optimization tools – must be cooperative players in a larger ecosystem.
Today, we invite ISVs and consulting/service partners to create event driven automation content that makes it easy for Continue reading
Red Hat Ansible Automation Platform can help you orchestrate, operationalize and govern your hybrid cloud deployments. In my last public cloud blog, I talked about Two Simple Ways Automation Can Save You Money on Your AWS Bill and similarly to Ashton’s blog Bringing Order to the Cloud: Day 2 Operations in AWS with Ansible, we both wanted to look outside the common public cloud use-case of provisioning and deprovisioning resources and instead look at automating common operational tasks. For this blog post I want to cover how the Technical Marketing team for Ansible orchestrates a pipeline for demos and workshops with Ansible and how we integrate that with custom AMIs (Amazon Machine Images) created with Packer. Packer is an open source tool that allows IT operators to standardize and automate the process of building system images.
For some of our self-paced interactive hands-on labs on Ansible.com, we can quickly spin up images in seconds. In an example automation pipeline we will:
One common challenge our customers face is the need to track hosts from multiple sources: LDAP, cloud providers, and enterprise CMDB systems. Using a dynamic inventory allows users to integrate with these systems and update the Ansible inventory as it varies over time, with hosts spinning up and shutting down in response to business demands.
Ansible supports two ways to connect with external inventory: Inventory plugins and inventory scripts.
Today we are going to cover dynamic inventory plugins as a Collection for network device management through an /etc/hosts file. This same type of setup can be used for creating any dynamic inventory using different items from /etc/hosts files to ini files or even csv’s.
We are going to start by figuring out the source of truth of the inventory we want to import.
If you want to test and use this inventory plugin you can find the code in this Github repository:
Azure Arc is becoming the default Microsoft Azure service for connecting non-Azure infrastructure into Azure monitoring and administration. Azure has also issued a deprecation notice for the Azure Log Analytics Agents; Microsoft Monitoring Agent and Log Analytics (OMS). Azure Monitor Agent replaces these agents, introducing a simplified, flexible method of configuring collection configuration called Data Collection Rules. To leverage Azure Monitor Agent with their non-Azure servers, customers will need to onboard their machines to Azure Arc-enabled servers.
This article covers how to use Red Hat Ansible Automation Platform to migrate servers that are currently using Azure Log Analytics Agent to Azure Monitor Agent on Azure Arc using Ansible Automation Platform. When you have completed the configuration in this blog, you will be able to run a workflow against an automation controller inventory that performs the following tasks:
Since the example workflow in this blog post is modular, you may also implement the Continue reading
Life comes down to moments. These events are often how we define our achievements, successes, and failures throughout life. Just like our daily lives, IT organizations and teams can also have these defining moments, where you will often hear phrases like the "great database crash of '98." Many of these memorable IT moments occur from limiting ourselves to a reactive approach when it comes to managing our IT assets. This is where event-driven automation can help us move from reactive to proactive IT management – well before we have the next great issue or moment in our IT teams.
In an IT context, events come from monitoring or other tools to tell us when something needs attention. With this event data, we are able respond faster with automated tasks, resolving issues or enhancing observation where needed, often so we can identify and address festering issues before they are full blown problems. A byproduct of this means teams are now able to spend more time innovating, and are able to realize greater work-life balance because troubleshooting patterns and remediation approaches are automatically initiated based on an initial event in your environments.
Consider Continue reading
Since connectivity is critical to all types of business applications including cloud apps, managing and maintaining the network often falls into the overnight hours. This is great for the business, but it puts a large wrinkle in your work-life balance. Luckily, AnsibleFest is here to help you get more sleep!
Continued use of an overnight network management work model can leave you wondering what other technology career options are available… which may mean that your team is smaller than it used to be due to turnover. Search LinkedIn jobs for “Ansible engineer” and you will find as many as 166,000 roles that ask for some form of Ansible skills. Udemy published the 2020 Workplace Learning Trends Report: The Skills of the Future that describes increased enthusiasm for learning technologies such as automation (page 20) and Cisco cites market research showing nearly 23% growth in network automation from 2022 to 2028. If you are in networking, automation can be very important to boost your career.
Across networking domains, automation plays a key role in helping to balance working hours, so Ansible skills can be good to develop. Red Hat Ansible Automation Platform makes management and other tasks faster and Continue reading