Ansible Network Resource Purge parameter

Red Hat Ansible Network Automation continues to be a popular domain for Red Hat Ansible Automation Platform. We have continually developed additional resource modules to make automating network appliances easier, and more approachable, for novices and experts alike. These resource modules provide a consistent experience across multiple network vendors. There are seven main state parameters for resource modules: merged, replaced, overridden, deleted, gathered, rendered and parsed. The Ansible network team is adding one more parameter, purged, to this tool chest for resource modules. This blog will cover the purged parameter and show use-cases through a practical example.

network purge blog

For this example, we will be using two BGP resource modules to configure a Cisco network device. We will be using the bgp_global module, which was covered in Rohit’s blog post, and the bgp_address_family module. The BGP configuration is split between these two separate modules to simplify configuration and data models associated with them.

Let’s start with a data model:

bgp_global:
    as_number: '65000'
    bgp:
        log_neighbor_changes: true
        router_id:
            address: 192.168.1.1
    neighbor:
    -   activate: true
        address: 10.200.200.2
        remote_as: 65001
bgp_address_family:
    address_family:
    -   afi: ipv4
        neighbor:
        -   activate: true
            address: 10.200.200.2
        network:
        -   address: 10.25. Continue reading

Monitoring as code with Sensu + Ansible

A comprehensive infrastructure as code (IaC) initiative should include monitoring and observability. Incorporating the active monitoring of the infrastructure under management results in a symbiotic relationship in which failures are detected automatically, enabling event-driven code changes and new deployments.

In this post, I’ll recap a webinar I hosted with Tadej Borovšak, Ansible Evangelist at XLAB Steampunk (who we collaborated with on our certified Ansible Content Collection for Sensu Go). You’ll learn how monitoring as code can serve as a feedback loop for IaC workflows, improving the overall automation solution and how to automate your monitoring with the certified Ansible Content Collection for Sensu Go (with demos!).

Before we dive in, here’s a brief overview of Sensu.

About Sensu

Sensu is the turn-key observability pipeline that delivers monitoring as code on any cloud — from bare metal to cloud native. Sensu provides a flexible observability platform for DevOps and SRE teams, allowing them to reuse their existing monitoring and observability tools, and integrates with best-of-breed solutions — like Red Hat Ansible Automation Platform.

With Sensu, you can reuse existing tooling, like Nagios plugins, as well as monitor ephemeral, cloud-based infrastructure, like Red Hat OpenShift. Sensu helps you Continue reading

Handling OOB Network Changes

In this blog I would like to showcase the power of Ansible Content Collections to build powerful abstractions. Collections are a distribution format for Ansible content that can include playbooks, roles, modules and plugins. For this blog post, let us address an Infrastructure as Code(IaC) use case for network configuration management of BGP. We will walk through examples for both Cisco IOS and Arista EOS devices.

First, let us define a data-model that encapsulates the vendor-agnostic configuration.

bgp_global:
    as_number: '65000'
    bgp:
        log_neighbor_changes: true
        router_id:
            address: 192.168.1.1
    neighbor:
    -   activate: true
        address: 10.200.200.2
        remote_as: 65001
bgp_address_family:
    address_family:
    -   afi: ipv4
        neighbor:
        -   activate: true
            address: 10.200.200.2
        network:
        -   address: 10.25.25.0
            mask: 255.255.255.0
        -   address: 10.25.26.0
            mask: 255.255.255.0
        -   address: 10.100.100.0
            mask: 255.255.255.0
        -   address: 10.200.200.0
            mask: 255.255.255.0
        -   address: 172.16.0.0
        -   address: 192.168.1.1
            mask: 255.255.255.255

As you might have observed, this data-model matches exactly the input expected by the <vendor>.bgp_global and bgp_address_family modules within the IOS and EOS Continue reading

Network MOP’s as automated workflows

What does successful network automation look like? What are the metrics that can measure the effectiveness of this practice and its business value?

Some will say we should look at time and cost savings, but we should not forget about driving consistency and a simpler operation to reduce risk. In this context, what are the use-cases that will get us there?

Network MOP blog 1

https://pixabay.com/illustrations/bot-cyborg-automation-helper-robot-4877977/

While there are generic use-cases, the real value of automation is truly uncovered when you are able to translate your existing processes into automated workflows that need no human intervention in order to be executed.

If your current processes are too complex, you can start by breaking them down into smaller chunks of work that will become the building blocks of your workflows. The simpler these units of work are, the more reliable/reusable they become. This blog post will walk through several use-cases for network automation, and show examples of data validation and functional testing to automate Methods of Procedure (MOP). We can then combine these building blocks into an overall workflow to gradually increase our time savings and reap more benefits from our automation as we add more building blocks.

“Do something Continue reading

Deep dive into Trend Micro Deep Security integration modules

At AnsibleFest 2020, we announced the extension of our security automation initiative to support endpoint protection use cases. If you have missed it, check out the recording of the talk “Automate your endpoint protection using Ansible” on the AnsibleFest page.

Today, following this announcement we release the supported Ansible Content Collection for Trend Micro Deep Security. We will walk through several examples and describe the use cases and how we envision the Collection being used in real world scenarios.

If you want to refresh your memory about our endpoint protection support with Ansible in general, head over to the the introducing blog post Automating Endpoint Protection with Ansible.

About Trend Micro Deep Security

Trend Micro Deep Security is one of the latest additions to the Ansible security automation initiative. As an endpoint protection solution it secures services and applications in virtual, cloud and container environments. It provides automated security policies and consolidates the security aspects across different environments in a single platform.

How to install the Certified Ansible Content Collection for Trend Micro Deep Security

The Trend Micro Deep Security Collection is available to Red Hat Ansible Automation Platform customers at Automation Hub, our software-as-a-service offering on Continue reading

Automating Endpoint Protection with Ansible

Screenshot from 2021-04-30 16-08-39

Enterprise security isn’t a homogeneous entity; it’s a portfolio of multi-vendor solutions run by disparate and often siloed teams. With so many different layers, automation proved to be effective in helping security operations teams to integrate and share accountability.

Automated processes and workflows simplify and accelerate shared processes, like investigation & response and, if enabled with a platform with the right characteristics, encourage a more open culture of collaboration.

Red Hat Ansible Automation Platform caters to this growing importance of security with Ansible security automation: our answer to the lack of integration across the IT security industry. If you are new to the topic, a good place to start is our investigation enrichment blog. A good follow up is our blog post about threat hunting, extending the application of Ansible security automation to multiple teams across the IT department.

The Ansible security automation initiative grew significantly over the last two years, adding more partners and covering additional domains and use cases. If you want to know more about what is available, have a look at the supported Collections that can be accessed via cloud.redhat.com for more details. The most recent addition to our security automation initiative was Continue reading

Automating ServiceNow with Red Hat Ansible Automation Platform

IT service management (ITSM) is a collection of policies and processes for the management and support of IT services. The main focus of ITSM is increasing the value of the customers’ service chain. But without the proper automation support, providing IT services can quickly become a major time-sink.

This is where the Red Hat Ansible Automation Platform and the Red Hat Ansible Certified Content Collection for ServiceNow come into play. Ansible Automation (with some help from existing Ansible content) can automate just about any task, while the modules from this Certified Collection allow us to keep the ServiceNow information up to date.

This Collection was designed and developed by the XLAB Steampunk team in close collaboration with Red Hat Ansible, specifically keeping end-users in mind. ServiceNow modules have an intuitive user interface backed by a robust implementation, offering support for things Ansible users expect (e.g., check mode and change detection).

In this post, we will look at a few sample Ansible Playbooks that take care of essential tasks such as:

Updating incidents, problems, and change requests
Updating the ServiceNow configuration management database (CMDB)
Using the CMDB as an inventory source

Installing the Certified Content Collection for ServiceNow

We Continue reading

Automating a RHEL 8 Installation Using the VMware REST Ansible Collection

Managing virtual machines in an IT infrastructure is often a common task, specifically VMware virtualization technology has been around for over 20 years. VMware administrators spend a lot of their time in automating the creation, management, and removal of virtual instances that contain various operating systems. One operating system that often resides on VMware infrastructure is Red Hat Enterprise Linux.

With the introduction of VMware REST APIs, we recently announced the initial release of the vmware.vmware_rest Collection, for production use. As opposed to the community.vmware Collection, the vmware.vmware_rest Collection is based on next generation VMware REST APIs. This new Collection no longer requires any third party Python bindings to communicate with VMware infrastructure. A large part of the new Collection that has been introduced is support for automating virtual machine operations.

In this blog post I will show you how VMware users can automate the installation of Red Hat Enterprise Linux 8 (RHEL 8) using the vmware.vmware_rest.vcenter_vm module and a valid Kickstart file.

Scenario requirements

For this scenario, we will assume following requirements:

vCenter 7.0.1 or latest with at least one ESXi
RHEL 8 installation DVD
Ansible
vmware.vmware_rest Continue reading

Getting Started With BGP Global Resource Modules

With the increasing size and complexity of modern enterprise networks, the demand on simplifying the networks management becomes more intense. The introduction of resources modules with Ansible Engine 2.9 provide a path to users to ease the network management, especially across multiple different product vendors.

In the past, we’ve already covered resource modules for OSPF management and for ACLs. However, simplifying network management is not limited to rather local network setups or intra domain routing only. “Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information between autonomous systems (AS) on the internet. The protocol is often classified as a path vector protocol but is sometimes also classed as a distance-vector routing protocol.” It is used in larger network setups, as the NetworkWorld so aptly observes:

BGP has been called the glue of the Internet and the postal service of the internet. One comparison likens BGP to GPS applications on mobile phones.

Managing BGP manually for a network device can be a very difficult and tedious task, and more often this needs to be performed carefully, as the manual process is more prone to human error.

This blog post goes Continue reading

A Tale of Two Network Automation Surveys

The 2020 results of the NetDevOps Survey are out! This was the third time the survey was conducted and was targeted to the network automation community. But first, a huge shout out to the team that led this effort again (Damien Garros and Francois Caen). The survey was 100% community-driven, and I thank them for allowing me to be a part of the team, and to provide feedback to existing and new questions.

This survey is a good representation of how network operators and network engineers are utilizing automation to get their jobs done, but largely without management buy-in or a proactive automation strategy. This blog is largely my hot take on the results, as seen through the lens of my history at Red Hat as an Ansible Product Manager helping to get network automation as an official commercial use case off the ground. I’m going to compare and contrast the survey questions and results between the most recent NetDevOps survey and the Enterprise Management Associates (EMA) Enterprise Network Automation for 2020 and Beyond results that Red Hat sponsored back in 2019.

Here are the main ideas I gleaned:

Ansible continues to be the de-facto network (and more) automation language.
Continue reading

Announcing the Red Hat Enterprise Linux Certified Ansible Collection

Today we're thrilled to announce that the RHEL System Roles Collection is now certified with Ansible Automation Platform and is being delivered to organizations through Ansible Automation Hub. Starting with the forthcoming RHEL 8.4, this means that the system roles Collection is immediately available under technology preview support and planned to be fully supported by both RHEL and Ansible Automation Platform product support experts.

What is it, why use it

Red Hat Enterprise Linux (RHEL) is the world's leading enterprise Linux platform. System administrators expect features and improvements to deliver on the agility demanded by their end users. In order to abstract away tedious, error-prone manual administration and configuration, RHEL system roles offer a path towards a repeatable and predictable operating system configuration. Under the hood, these Ansible roles and modules are now packaged, provided via an Ansible Content Collection.

For customers with both RHEL and Ansible Automation Platform subscriptions, this means that the automation platform gains new certified content to predictably drive the configuration of RHEL, wherever it may be deployed, to ensure the stability that Red Hat customers expect from an enterprise Linux operating system. Finally, continuing the commitment for upstream community development and Continue reading

What’s New in the Ansible Content Collection for Kubernetes – 1.2

Businesses continue to have a high demand for automation. This is not limited to infrastructure components, but stretches across the entire IT, including the platforms supporting application deployments. Here often Kubernetes is the way to go - and why in November we released the first Certified Content Collection for deploying and managing Kubernetes applications and services. Since then, the development and work in this area has only increased. That is why we recently released kubernetes.core 1.2.

In this blog post, we’ll go over what’s new and what’s changed in this release of our Kubernetes Collection.

New Modules

We continue to build on our existing support for Helm 3, the Kubernetes package manager: we added the new helm_template module, which opens up access to Helm’s template command.

Scenario: Examine a chart's content for further processing

There are times when you may need to take an existing chart and do something with its content. For example, there might be existing objects that you would like to bring under Helm's control and you need to compare what's deployed with what's in the chart. The newly added helm_template module gives you access to the rendered YAML of a chart. Continue reading

Automating Red Hat Virtualization with Red Hat Ansible Automation Platform

Red Hat Virtualization (RHV) is a complete, and fully supported enterprise virtualization platform that is built upon a foundation of Red Hat Enterprise Linux (RHEL), oVirt virtualization management projects, and Kernel-based Virtual Machine (KVM) technology in order to virtualize resources, processes and applications.

With RHEL as the compute provider, RHV addsan intuitive web interface with a robust API including SDKs for Java, Ruby, Python, JavaScript and Go for management of virtualization instances and resources that comprise a typical datacenter.

Interacting with an API through a full fledged SDK may present a barrier to datacenter automation due to requisite knowledge of a programming language before getting started. This also means that collaboration may be stifled due to a lack of resources proficient in one of the available SDKs. Standardizing on Ansible for automating RHV allows for all teams and individuals to create and maintain automation without knowledge of a programming language.

Red Hat Ansible Automation Platform allows for interacting with datacenter services in a cleanly formatted and human readable markup language that offers an on-ramp to automating the datacenter. By leveraging the newly released Ansible Content Collection for RHV, this gentle on-ramp to automation becomes more powerful by Continue reading

Automating Red Hat Virtualization with Red Hat Ansible Automation Platform

Introduction to ansible-test

As automation becomes crucial for more and more business cases, there is an increased need to test the automation code itself. This is where ansible-test comes in: developers who want to test their Ansible Content Collections for sanity, unit and integration tests can use ansible-test to achieve testing workflows that integrate with source code repositories.

Both ansible-core and ansible-base come packaged with a cli tool called ansible-test, which can be used by collection developers to test their Collection and its content. The ansible-test knows how to perform a wide variety of testing-related tasks, from linting module documentation and code to running unit and integration tests.

We will cover different features of ansible-test in brief below.

How to run ansible-test?

With the general availability of Ansible Content Collections with Ansible-2.9, a user can run ansible-test inside a collection to test the collection itself. ansible-test needs to be run from the collection root or below in order for ansible-test to run tests on the Collection.

If you try to run ansible-test from outside the above directory norms, it will throw an error like below:

root@root ~/.ansible/collections ansible-test sanity
ERROR: The current working directory must be at or below:
                                                                                                                                                                                                                                            
 Continue reading

Introduction to ansible-test

We will cover different features of ansible-test in brief below.

How to run ansible-test?

If you try to run ansible-test from outside the above directory norms, it will throw an error like below:

root@root ~/.ansible/collections ansible-test sanity
ERROR: The current working directory must be at or below:
                                                                                                                                                                                                                                            
-  Continue reading

Ansible 3.0.0 Q&A

The Ansible community team has announced the release of Ansible 3.0.0 and here are the questions about the release that we’ve heard from community members so far. If you have a question that is not answered below, let us know on the mailing lists or IRC.

How can I stay up to date with changes in the Ansible community?

Subscribe to the ansible-announce mailing list for release announcements and to the Bullhorn newsletter for community news. The Bullhorn is distributed every two weeks with key dates and updates. You may also consider registering for the Ansible contributor summit on March 9, 2021.

About the Ansible community package and ansible-base/ansible-core

Are there any changes to the Ansible language in 3.0.0?

There are no significant changes since the Ansible 3.0.0 package depends on the same version of ansible-base as Ansible 2.10.x.

Why are the versions of ansible-base/ansible-core packages diverging from the Ansible package?
- When the Ansible Community Team set out to restructure the Ansible project, Ansible was split into the following components:
  - The core engine, modules and plugins
  - Community and partner supported Ansible Collections of modules and plugins

The former became known as Continue reading

Red Hat Ansible Automation Platform Product Status Update

The Red Hat Ansible Product Team wanted to provide an update on the status and progress of Ansible’s foundational role as it pertains to the product, specifically as a deliverable for implementing automation as a language. That is, Ansible as provided by aggregated low-level command line binary executables leveraging Python, with a YAML-based user abstraction. Specifically, the packaged deliverable is currently named Ansible Base, but will soon be named Ansible Core later this year. When people often generally refer to “Ansible,” this largely describes what people use directly as part of their day-to-day development efforts.

As an Ansible Automation Platform user, you may have noticed changes over the last year and a half to the Ansible open source project and downstream product in order to provide targeted solutions for each customer persona, focusing on enhancements to packaging, release cadence, and content development.

We’ve seen the community and enterprise user bases of Ansible continue to grow as different groups adopt Ansible due to its strengths and its ability to automate a broad set of IT domains (such as Linux, Windows, network, cloud, security, storage, etc.). But with this success it became apparent that there is no one size Continue reading

Announcing the Community Ansible 3.0.0 Package

Version 3.0.0 of the Ansible community package marks the end of the restructuring of the Ansible ecosystem. This work culminates what began in 2019 to restructure the Ansible project and shape how Ansible content was delivered. Starting with Ansible 3.0.0, the versioning and naming reflects the new structure of the project in the following ways:

The versioning methodology for the Ansible community package now adopts semantic versioning, and begins to diverge from the versions of the Ansible Core package (which contains the Ansible language and runtime)
The forthcoming Ansible Core package will be renamed from ansible-base in version 2.10 to ansible-core in version 2.11 for consistency

First, a little history. In Ansible 2.9 and prior, every plugin and module was in the Ansible project (https://github.com/ansible/ansible) itself. When you installed the "ansible" package, you got the language, runtime, and all content (modules and other plugins). Over time, the overwhelming popularity of Ansible created scalability concerns. Users had to wait many months for updated content. Developers had to rely on Ansible maintainers to review and merge their content. These obvious bottlenecks needed to be addressed.

During the Ansible 2.10 development Continue reading

Ansible 3.0.0 Q&A

How can I stay up to date with changes in the Ansible community?

Subscribe to the ansible-announce mailing list for release announcements and to the Bullhorn newsletter for community news. The Bullhorn is distributed every two weeks with key dates and updates. You may also consider registering for the Ansible contributor summit on March 9, 2021.

About the Ansible community package and ansible-base/ansible-core

Are there any changes to the Ansible language in 3.0.0?

There are no significant changes since the Ansible 3.0.0 package depends on the same version of ansible-base as Ansible 2.10.x.

Why are the versions of ansible-base/ansible-core packages diverging from the Ansible package?
- When the Ansible Community Team set out to restructure the Ansible project, Ansible was split into the following components:
  - The core engine, modules and plugins
  - Community and partner supported Ansible Collections of modules and plugins

The former became known as Continue reading

« Previous 1 … 9 10 11 12 13 … 33 Next »

Archive

About Sensu

About Trend Micro Deep Security

How to install the Certified Ansible Content Collection for Trend Micro Deep Security

Installing the Certified Content Collection for ServiceNow

Scenario requirements

What is it, why use it

New Modules

Scenario: Examine a chart's content for further processing

How to run ansible-test?

How to run ansible-test?

About the Ansible community package and ansible-base/ansible-core

About the Ansible community package and ansible-base/ansible-core