Red Hat Ansible Engine 2.7 is now available, featuring improved stability, speed and performance.
Ansible Engine 2.7 continues to improve compatibility with modern versions of Python. As a result of changes to support newer versions of Python, support for running Ansible Engine with Python 2.6 has been removed. Management of systems with Python 2.6 installed is still possible, though the system Ansible Engine is running from must have Python 2.7 or Python 3.5 or later. This means if ansible-pull is being used the system running ansible-pull will need Python 2.7 or Python 3.5 or later.
A new file locking feature is designed to prevent race conditions when delegating to a central resource. For example, if a play calls for several hosts to write to a single file on a remote host it is likely multiple hosts would attempt to write to the file at the same time. This can now be done in Ansible Engine 2.7.
Deprecating use of features is often a challenging task. This task can be even more challenging when it involves multiple Ansible core modules. In Ansible Engine 2.7, several modules have Continue reading
Rebooting Linux systems with Ansible has always been possible, but was often tricky and error-prone. In Ansible 2.7, I am happy to say that rebooting Linux hosts with Ansible is now easier and can be done with a single task using the newly minted reboot plugin.
The win_reboot
module was written by Matt Davis and included with Ansible 2.1. Rebooting Windows hosts is a much more common occurrence than rebooting Linux hosts. Necessity is the mother of invention, so it made sense that win_reboot
appeared before the equivalent for Linux. And while less than elegant, it is possible to reboot Linux hosts using shell
and wait_for
or wait_for_connection
[1].
Rebooting Linux systems with Ansible never felt right to me — much too error prone and finicky. It finally bugged me enough that I refactored win_reboot
into reboot
so Linux hosts could join the reboot party with their Windows counterparts.
When I set out to make the reboot
plugin[2], the goal was to create a common class that win_reboot
(and potentially others) could easily subclass to override specific parts of the reboot process. I was also working in reverse, deconstructing win_reboot
into a new Continue reading
Since starting my journey using Ansible in 2013, I've built Ansible Playbooks to automate many things: SaaS products, a cluster of Raspberry Pi's, a home automation system, even my own computers!
In the years since, I've learned a lot of tricks to help ease the maintenance burden for my work. It's important to me to have maintainable projects, because many of my projects—like Hosted Apache Solr—have been in operation for over a decade! If it's hard to maintain the project or it's hard to make major architecture changes, then I can lose customers to more nimble competitors, I can lose money, and—most importantly—I can lose my sanity!
I'm presenting a session at AnsibleFest Austin this year, Make your Ansible Playbooks flexible, maintainable, and scalable, and I thought I'd summarize some of the major themes here.
I love photography and automation, and so I spend a lot of time building electronics projects that involve Raspberry Pis and cameras. Without the organization system I use (part of it pictured above), it would be very frustrating putting together the right components for my project.
Similarly, in Ansible, I like to have my tasks organized so I can compose them more Continue reading
This has been the Ansible messaging since the journey began. As time has gone on, the definition of simple we’re talking about may have been misunderstood...
The Ansible simplicity is about being easy to understand, learn and share. It’s about people. The often peddled notion that “Ansible doesn’t scale past 500 hosts” is shadowed by the customers we have with over 100,000 nodes under management. But the idea that scale is purely about the number of hosts isn’t recognising the greater relevance. Scale is so much more, scale is about the context in your business.
What is scale?
When it comes to IT, conclusions about ‘scale’ usually equate to numbers of something technical. A frequent customer ask might go something like "We need Ansible to scale to 70,000 hosts".
Once we look into that number though, the reality is no technical operation will happen across them all at once. The jeopardy to a business of this size is too great to chance a failure of every system. Operations at large scale happen piecemeal for safety reasons – rolling updates are not only a safer way to operate, we see the results faster.
Business function, geography, application and Continue reading
Smart Inventory is a feature that was added to Red Hat Ansible Tower 3.2. The feature allows you to generate a new Inventory that is made of up hosts existing in other Inventory in Ansible Tower. This inventory is always-up-to-date and is populated using what we call a host filter. The host filter is a domain specific query language that is a mix of Django Rest Framework GET query language with a JSON query syntax added in. Effectively, this allows you create an Inventory of Hosts and their relational fields as well as related JSON structures.
The ansible_facts field is a related field on a Host that is populated by Job Template runs (Jobs) that have fact caching enabled. Ansible Tower bolts on an Ansible fact cache plugin with Job Template that have fact caching enabled. Job Templates of this kind that run playbooks that invoke Ansible gather_facts will result in those facts being saved to the Ansible Tower database when the Job finishes.
A limitation of the Smart Inventory filter is that it only allows equality matching on ansible_fact JSON data. In this blog post I will show you how to overcome this limitation and add Continue reading
I’ve always enjoyed listening to how customers are solving their business challenges using Red Hat Ansible Automation. From the simple to the uniquely creative solutions, they’re always fun to hear. So every time AnsibleFest comes around, I get especially excited knowing that I’ll have the chance to hear far more than one or two stories.
This year’s AnsibleFest in Austin is expected to be the biggest ever. To cater for the many different interests of attendees, we’ve created six specific tracks with curated content sure to interest. I’ve managed to “bag” the Business Solutions track, which will contain ten talks in total.
Sifting through the hundreds of submissions (the job gets harder every year!) I’ve picked out three talks which I’m really looking forward to listening to.
1. Upgrading the backend database of a £3 billion business website on a Friday afternoon
However that panned out, it’s sure to be a great story! I’m grabbing some popcorn for this one :)
2. Using Ansible to Satisfy Compliance Controls
Security automation is a big topic these days, and the security community has come to realise the power in Ansible to help them get things done. I’ve lost count of the Continue reading
We're happy to announce that Red Hat Ansible Tower 3.3 is now generally available. In this release, there are a number of enhancements that can help improve the automation in any organization. The team has been hard at work adding functionality with Red Hat OpenShift Container Platform, more granular permissions, scheduler improvements, support for multiple Ansible environments, and many other features.
Here are a few we are excited about!
Push-button Ansible Tower deployment for Red Hat OpenShift Container Platform users is now here! Ansible Tower 3.3 is now a supported offering on Red Hat OpenShift Container Platform. The new Ansible Tower pod service in Red Hat OpenShift makes it easy to add capacity to Ansible Tower by adding additional pods. This enables users to scale at runtime as needed. Best of all, Ansible Tower is configurable directly from Red Hat OpenShift Container Platform.
All configurable directly from the Red Hat OpenShift Container Platform UI, CLI, and API.
Ansible Tower now allows for even easier configuration of jobs for use Continue reading
Hello, and welcome to another Getting Started blog post… though this one is a bit different. I’d like to tell you about AnsibleFest 2018 in Austin, TX, where for the first time there will be a dedicated Getting Started section at this annual event!
Participants who visit our area will be able to meet some members of the Getting Started team as well as attend presentations. The scheduled talks include Ansible Essentials (similar to the monthly webinars) and Writing Your First Playbook, based on our most popular blog post.
In addition to the two scheduled talks each day, there will also be a lounge area where attendees can ask questions and get answers from Ansible experts in person! Come stop by to learn about what makes Ansible different, how it works, and get a quick overview of Ansible Tower. No experience is required, which means this is going to be a great chance for you or perhaps a teammate who is new to Ansible to learn about it from the ground up.
Make sure to register soon so that we can see you in Austin this October!
AnsibleFest is fast approaching! We couldn’t be more excited to be holding our 13th AnsibleFest in Austin, TX. This year's AnsibleFest is on track to be the biggest one ever. Ansible is the proverbial Swiss Army knife in the office desk drawer. The Ansible Integrations track will highlight the combined power of Ansible when used with other technologies. Combining Ansible with other technologies enables organizations to reach new heights with their automation.
As someone who has worked in the DevOps space for years, I'm looking forward to this track. It's filled with talks from speakers that have improved their existing tooling with Ansible. There are a few sessions you might find me standing in the back of (time permitting, of course) that I’d like to highlight here:
1. Ansible and HashiCorp: Better together from Sean Carolan, HashiCorp and Dylan Silva, Red Hat
Automation tools don’t have to be competitive. Great things can be achieved when you combine great tools together and collaborate. Come along and learn how Ansible users can leverage HashiCorp tools/products to achieve their goals of an automated enterprise through complimentary security, image management, post provisioning configuration and integrated end-to-end automation solutions. Read more here.
Having used Ansible Continue reading
I am getting super excited about my first ever AnsibleFest! Despite using Ansible for more than five years now, I have never had the opportunity to attend this famed event. I had coworkers from previous employers attend, and they were always excited and invigorated after the conference. October is fast approaching and the energy around the event is growing every day.
I’m especially excited for AnsibleFest 2018 because it will have an entire track dedicated to my favorite subject: Network Automation. Join us for two days (October 2-3) as Ansible network developers, Ansible experts from around the world, partners and community members showcase new functionality, use cases, stories and paths to production. You will hear from the developers who design, create, test and distribute the code. You’ll also hear from industry experts and network operators who create and deploy Ansible Playbooks to manage a variety of network gear and situations.
I’ll highlight two talks I’m especially excited about, to give you an idea of what you’ll learn in the Network Automation track at AnsibleFest 2018.
First up is one of my favorite coworkers, Trishna Guha, talking about the Network-Engine role. Trishna will highlight how Network-Engine extracts data from network devices Continue reading
AnsibleFest is fast approaching! We couldn’t be more excited to be holding our 13th AnsibleFest in Austin, TX. It must be true that everything is bigger in Texas, because this year's AnsibleFest is on track to be the biggest one ever. We have more sessions, more content, and more opportunities to learn from Ansible, from partners, and from each other. So much more in fact, we have made AnsibleFest a multi-day event for the first time ever.
This year, we have so much content that we’ve created six tracks. Plus, we have a new Getting Started Hub for those of you beginning on your automation journey with Ansible or Red Hat Ansible Tower. If you want to get a deeper dive, we will be offering onsite Ansible Automation and Ansible Network Automation Technical Workshops.
This year’s breakout sessions are split into six tracks of content:
To give you more insight into what to expect, we will be blogging about each track in the coming weeks. We will highlight some of the most exciting, interesting, and useful content for attendees (although, let’s be honest it’s Continue reading
The Total Economic Impact of Red Hat Ansible Tower is a Red Hat commissioned Forrester Consulting study published in June 2018. This study demonstrates the cost savings and business benefits enabled by Ansible. Let’s dive into the what Ansible Tower enables, the efficiencies gained, the acceleration of revenue recognition, and other tangible benefits.
Revenue recognition is a critical aspect of business operations. Quickening the pace of revenue recognition is something every organization has their eye on. Forrester’s TEI of Ansible Tower observed a company cutting delivery lead times by 66%. Imagine the pace of feature deployment an organization experiences when cutting lead times from days to hours!
System reconfiguration times fell as well. Automating changes due to new bugs or policy changes across systems helps mitigate the costly impact of reconfiguration. This company found that the total time savings of being able to reconfigure a fleet of systems through Ansible automation reduced staff hours by 94% for this type of work.
The TEI also measured the security and compliance gains of Ansible Tower. Ansible Tower reduced staff hours spent patching systems by 80%. This also meant that patching systems could occur more often. This helped reduce the Continue reading
Hello, and welcome to another Getting Started with Ansible + Windows post! In this article we’ll be exploring what Desired State Configuration is, why it’s useful, and how to utilize it with Ansible to manage your Windows nodes.
So what exactly is Desired State Configuration? It’s basically a system configuration management platform that uses the declarative model; in other words, you tell DSC the “what”, and it will figure out the “how”. Much like Ansible, DSC uses push-mode execution to send configurations to the target hosts. This is very important to consider when delivering resources to multiple targets.
This time-saving tool is built into PowerShell, defining Windows node setup through code. It uses the Local Configuration Manager (which is the DSC execution engine that runs on each node).
Microsoft fosters a community effort to build and maintain DSC resources for a variety of technologies. The results of these efforts are curated and published each month to the Powershell Gallery as the DSC Resource Kit. If there isn't a native Ansible module available for the technology you need to manage, there may be a DSC resource.
DSC Resources are distributed as Continue reading
Over the years many things have contributed to the success of Ansible, including the flexibility of the tool itself, and a vibrant community that has contributed nearly 1,700 modules to the Ansible project, and imported nearly 17,000 roles to Ansible Galaxy. Not sure where to start or need an example of how to automate a thing? There’s probably a module for that and a few roles on Galaxy to get you started. This is all thanks to the community!
Since its inception, the Galaxy website hasn’t really changed much. There’s been a few minor releases with bug fixes here and there, but nothing big and exciting. For much of its existence, Galaxy has been maintained by the community team to keep it humming along as an open hub for the publishing of shared Ansible roles. In this way, Galaxy helps to facilitate the community’s enthusiasm for sharing Ansible roles.
Now, we’re changing up the status quo, with some big, cool updates planned for Galaxy. The goal is to make it an even better place for the community and partners to find and share Ansible content. Today, the expanded and dedicated Galaxy team is pleased to announce the release of an Continue reading
We condensed the Python Kubernetes/OpenShift client from 400,000 lines of code to 500, while adding features and closing nearly all known bugs. The new Kubernetes modules shipping in Ansible 2.6 support all resources the Kubernetes server supports, and fix nearly all the bugs that were in the 2.5 k8s_raw and openshift_raw modules. If you want to control your Kubernetes infrastructure with Ansible, now is a very good time to give it a try.
For anyone who has not followed the process of adding Kubernetes support to Ansible, this is actually our third attempt. With this iteration, we have finally worked out a lot of the kinks that made the modules difficult to use. Here’s a brief synopsis of the history of the project:
Generated client, generated modules
Our first iteration was backed by a generated OpenShift Python client, based on the existing Kubernetes Python client. This Python client ingested the OpenAPI spec for the OpenShift/Kubernetes API and generated one or more modules per resource type. Due to the size of the API, this resulted in ~400,000 lines of generated code.
The Ansible Kubernetes modules were in turn generated from the generated client, so for Continue reading
Hello! My name is Rémy Léone and I am a Cloud Developer Evangelist at Scaleway. I’ve written this post to let you know that support for Scaleway services are now available natively in the Ansible Project with the release of Ansible version 2.6.
Scaleway’s goal is to help developers get cloud resources as easily as possible. Developing support for our services using well-known tools such as Ansible is one of our top priorities for user engagement. In this article, I’ll discuss the different Scaleway modules and demonstrate how to natively manage your Scaleway resources in your Ansible Playbooks.
---
Connection to Scaleway Compute nodes use Secure Shell. SSH keys are stored at the account level, which means that you can re-use the same SSH key in multiple nodes. The first step to configure Scaleway compute resources is to have at least one SSH key configured.
scaleway_sshkeys
is an Ansible module that manages SSH keys on your Scaleway account. You can add an SSH key to your account by including the following task in a playbook:
- name: "Add SSH key"
scaleway_sshkey:
ssh_pub_key: "ssh-rsa AAAA..."
state: "present"
The ssh_pub_key
parameter contains Continue reading
Welcome to another post in the Getting Started series! Today we’re going to get into the topic of Workflow Job Templates. If you don’t know what regular Job Templates are in Red Hat Ansible Tower, please read the previously published article that describes them. It’ll provide you with some technical details that’ll be a useful jumping-off point for the topic of workflows.
Once you’re familiar with the basics, read on! We’ll be covering what exactly Workflow Job Templates are, what makes them useful, how to generate/edit one, and a few extra pointers as well as best practices to make the most out of this great tool.
The word “workflow” says it all. This particular feature in Ansible Tower (available as of version 3.1) enables users to create sequences consisting of any combination of job templates, project syncs, and inventory syncs that are linked together in order to execute them as a single unit. Because of this, workflows can help you organize playbooks and job templates into separate groups.
By utilizing this feature, you can set up ordered structures for different teams to use. For example, two different environments (i. Continue reading
Guess what!? Another release has come upon us! Your time has come to upgrade to Ansible 2.6-”Heartbreaker.” Utilize some great updates to automate to your heart’s desire, and avoid being heartbroken. See what I did there?
Let’s dive right into some of the changes.
One little bit of house cleaning before getting into the rest of the fun. The deprecated task option always_run
has been removed, please use check_mode: no
instead.
For any more information on behavioural changes from Ansible 2.5 to Ansible 2.6, please check out the Porting Guide.
In the development cycle of 2.6, we started to tackle a memory utilization problem that some of our users experienced in Dynamic Includes. In some cases, we have seen “roughly a drop of 50% memory consumption,” and in one scenario we had seen execution times of 21 seconds down to 8 seconds after the change was applied. Cool little bit, a bunch of these fixes were also back-ported to Ansible 2.5 as well as Ansible 2.4! In a future blog post, we plan to go into more detail of what was done to improve upon Dynamic Includes. Also, Continue reading
Welcome to another Getting Started blog post! Previously, we did a four-part series on Ansible and Windows automation.
In this post, we are going to talk about how you can modify and use the Python virtual environment that is built when Red Hat Ansible Tower is installed. Before we get started, if you would like a dive deeper into the virtual environment you can find our documentation on it here .No, it is not. But one can dream, right? Before we get into this, let’s talk about what is created when you install Ansible Tower in regards to virtual environments.
Ansible Tower 3.0 and later uses virtualenv. Virtualenv creates isolated Python environments to avoid problems caused by conflicting dependencies and differing versions.
Ansible Tower creates two virtualenvs during installation–one is used to run Ansible Tower, while the other is used to run Ansible. This allows Ansible Tower to run in a stable environment and allows you to make changes to your Ansible environment.
The next topic we are going to talk about is modifying the Ansible virtualenv. But first, a warning to the adventurous. Modifying the virtualenv used by Ansible Tower is unsupported Continue reading
Welcome to another installment of our Windows-centric Getting Started Series! In the prior posts we talked about connecting to Windows machines, gave a brief introduction on using Ansible with Active Directory, and discussed package management options on Windows with Ansible. In this post we’ll talk a little about applying security methodologies and practices in relation to our original topics.
In order to discuss security issues in relation to Ansible and Windows, we’ll be applying concepts from the popular CIA Triad: Confidentiality, Integrity, and Availability.
Confidentiality is pretty self-evident — protecting confidentiality helps restrict private data to only authorized users and helps to prevent non-authorized ones from seeing it. The way this is accomplished involves several techniques such as authentication, authorization, and encryption. When working with Windows, this means making sure the hosts know all of the necessary identities, that each user is appropriately verified, and that the data is protected (by, for example, encryption) so that it can only be accessed by authorized parties.
Integrity is about making sure that the data is not tampered with or damaged so that it is unusable. When you’re sending data across a network you want to make sure that it arrives Continue reading