Archive

Category Archives for "Ansible Blog"

Ansible 1.9.1 Released

ANSIBLE_1.9.1_Released

Ansible 1.9.1 fixes several bugs, including:

* Fixed a bug related to Kerberos auth when using winrm with a domain account.

* Fixing several bugs in the s3 module.

* Fixed a bug with upstart service detection in the service module.

* Fixed several bugs with the user module when used on OSX.

* Fixed unicode handling in some module situations (assert and shell/command execution).

* Fixed a bug in redhat_subscription when using the activationkey parameter.

* Fixed a traceback in the gce module on EL6 distros when multiple pycrypto installations are available.

* Added support for PostgreSQL 9.4 in rds_param_group

* Several other minor fixes.

As always, this update is available via PyPi and releases.ansible.com now, and packages for distros will be available as soon as possible.

WINDOWS IS COMING? WINDOWS IS HERE!

WINDOWS...is_here

Back in June, we told you that Windows was coming. We’ve continued to improve the support, with the help of the outstanding Ansible community, and we’d like to highlight some of the improvements in Ansible 1.9. We now offer additional modules, support for domain authentication, and more.

For more information on Ansible’s Windows support, check out our Windows page, or our Ansible Intro to Windows documentation.

As always, we couldn’t do this without our outstanding Ansible community. Thanks to Chris Church, Jon Hawkesworth, Trond Hindenes, Peter Mounce, Chris Hoffman, Paul Durivage, and more!

Ansible and Containers: Why and How

Ansible__Containers_1

Everyone loves the promise of containers.  

More specifically: everyone loves the promise of a world where they can build an application on their laptop, and have that application run exactly the same way in every environment -- from their laptop all the way to production, and at every step in between.

That's still a holy grail, though.  In the meantime, people seem to be looking for practical ways to get all of the advantages of containers -- consistency, lightweight environments, application segregation, and so on -- while still maintaining the flexibility required to work with the many environments that are not amenable to containerization.

Which may explain why so many people... wow, just a lot of people... seem to be talking about Ansible and containers together:

 

ansible-docker-lolwut

So why are people using Ansible with Docker and other container formats?  A few reasons:

* Ansible playbooks are portable. If you build a container with a pure Dockerfile, it means that the only way you can reproduce that application is in a Docker container. If you build a container with an Ansible playbook, you can then reproduce a very similar environment in Vagrant, or in a cloud instance of your choice, Continue reading

AnsibleFest NYC TIckets Now on Sale

ANS-FEST-NYC15_CIR_horiz_onBLK_72dpi

We are excited to announce the date for AnsibleFest NYC 2015

When: June 4th

Where: Conrad Hotel NYC - 102 North End Ave, New York, NY 10282

AnsibleFest is a day-long conference bringing together Ansible users, developers and industry partners to share best-practices, case studies and Ansible news.  If you are a developer, sysadmin, operations director or devops practioner, AnsibleFest is for you.

Past speakers have included Twitter, Google, Rackspace, EdX, HP, Twilio, Cumulus Networks, Telescope.tv and many more - as well as members of the Ansible Team.





SPECIAL OFFER: Buy an Ansible Tower Starter Kit and get 4 free tickets. Simply enter the promo code festnyc at checkout. BUY NOW 

If you are interested in speaking, please contact [email protected]

If you are interested in sponsoring, please email [email protected] for details

Be sure to follow us on Twitter to stay informed of all of the AnsibleFest news. We'll be announcing some special surprises in the weeks leading up to the event.

 

Work Smarter, Not Harder with Security Baseline Configuration Automation

Many security baseline processes are rife with challenges. Whether organizations use scripts to manually brute-force their system-level compliance baseline, or perhaps leverage the all-too-common “Gold Disk” approach, routine security baseline compliance remediation remains largely an unsolved and constant challenge even for the most mature of IT organizations.

Even for organizations that are using an existing management tool to help with their security baselining, issues frequently arise around how to identify systems that require baselining as they come online, and then immediately recognize what needs to be done on those systems in order to verify their compliance.

To add to the challenge, applying a baseline to a newly deployed server or application is one thing, but validating compliance throughout the server and application lifecycle typically requires a separate set of tools or processes, or at very least scripts that are smart enough to smartly change the existing state of a server or application without impacting its availability.

MindPoint Group knew there was a better way. The security folks at MindPoint group are leveraging the power and simplicity of Ansible to bring automation to the problem of security baselines. And thanks to Ansible’s design, the work that MindPoint group has done is Continue reading

Ansible Simplicity Keeps Shining

Less-but-better

When Ansible was first founded three years ago, the underlying premise was to simplify some of the complexity in the existing DevOps tools. The mere idea of needing a strong developer toolset to automate your IT infrastructure was an overwhelming concept for most. I believe this is one of the underlying reasons that the majority of the IT shops are still using home-crafted scripts to automate updates to their infrastructure and shying away from having to add more complexity to an already complex world.

The well known quote from, Dieter Rams, the famous industrial designer, saying: “Less but Better”, has become somewhat of a guiding principle for Ansible. Being able to achieve in few lines of YAML script, during lunch hour what you can’t do in days of writing code with others.  

In fact, not only do we apply that principle to our products in general, but to other operational things we do at Ansible, Inc. -  from our internal communication to the onboarding process of new employees to how we handle customer support tickets. We are building an organization and an enterprise product based on simplicity. In fact, I’ve become a strong believer in the notion that complex Continue reading

Making STIG Automation Possible: A Technical Deep Dive

Ansible architect and craft beer connoisseur Jonathan Davila played a critical role in working with our trusted security partner MindPoint Group to get our joint automated security baseline project off the ground. With our release this week of the DISA STIG for RHEL 6, we’ve immediately improved the lives of Government IT admins that struggle to ensure their systems are compliant.

Merely building the Ansible role for Red Hat Enterprise Linux 6 (And CentOS variants) STIG required more than writing and organizing a collection of playbooks. In order to ensure that the role actually achieved the remediation goal, we needed to validate and verify updates through a continuous integration testing process that leverages the DISA-provided SCAP/OVAL definitions.

You can learn more about the mechanics of how Jonathan and the MindPoint Group built the STIG Role, along with technical details about how to replicate this testing method in your own environment here.

Want to learn more about the how and why? Jonathan also penned a LinkedIn article with his own thoughts about why this is an important step in the right direction for any IT organization that’s concerned about automagically applying and validating security baselines.

Learn more about automated baseline testing.
Continue reading

Ansible Fundamentals Webinar

If you missed our Ansible Training webinar today, or were not able to sign-up before it filled up, we were able to record the session. If you were able to attend, we hope you enjoyed it and learned about how to use Ansible.

We'll be announcing the next session soon, so follow us on Twitter for updates.

Skip ahead to 11:24 to view the training.

We also have an Ansible Tower webinar scheduled for later this month.

Ansible Tower Webinar March 26 - 2PM EST

 

Ansible and MindPoint Group Deliver Automation for Government STIG Compliance

Ansible has teamed with security consultancy MindPoint Group to develop, release, and support a set of Ansible Roles that will save IT organizations considerable amounts of time when applying and maintaining security baselines such as the DISA STIG or CIS benchmark to IT environments.

Why MindPoint Group? That answer is simple. MindPoint Group has a singular focus which has led to an excellent reputation for delivering end-to-end security solutions to commercial and government clients alike.  This focus, coupled with their love of Ansible, made MindPoint Group a natural choice for partnering on the development of free-and-open security baseline roles and playbooks.

The best part? This relationship is already helping Ansible users.

STIG


The first Role is for the DISA STIG on RHEL 6 (and variant systems) and is now available in Ansible Galaxy. This Role enables customers to automate the application and management of STIG-compliant systems in their environments, all the while leveraging Ansible’s agentless management framework.  When applied using Ansible, the RHEL 6 STIG Role automates a significant amount of the manual and redundant scripting and remediation that IT organizations often rely on to ensure they meet the STIG OS requirements.

Releasing this important Role is just the beginning. Continue reading

Cup of Joe with Jon and James

Cup of Joe with Jon and James

Two of Ansible’s very own Solutions architects, James Martin and Jonathan Davilla, will be hanging out at various coffee shops in the Washington, DC metro region in the upcoming weeks.   Stop by during your lunch hour and ask them about automation, DevOps culture, Ansible, and the difference between a latte and a machiatto.  Follow them on twitter for last minute updates @grepless and @defionscode.

3/13 , 11am-2pm   -  Swing’s Coffee 1702 G Street NW

3/27, 11am-2pm  - Chinatown Coffee 475 H St. NW

AnsibleFest New York City SUPER Early Bird Tickets Now Available

We are excited to announce that the next AnsibleFest will be held in New York City!

We are still working out the details, but we wanted to make some tickets available at a huge discount. AnsibleFest NYC is currently being planned for early June and will be at a great venue in New York City. If you are flexible and can plan ahead as well as make changes to your schedule, these tickets are for you!

The SUPER Early Bird price is just $179 (over 30% off the standard price) and is only available until March 23, 2015.

Purchase Super Early Bird AnsibleFest tickets here

We'll be announcing the exact date and location soon!

Managing VMware vSphere guests with Ansible Tower

There are lots of ways to enable self-service VMs within an organisation - what some might call 'a private cloud'. However, these usually require layers and layers of complex software. What if you could leverage your existing hypervisor and 15 lines of code to do the same? And what if those 15 lines became an even simpler single click?

Ansible Core contains a module for managing virtual machines in VMware vSphere environments called vsphere_guest. Using this one module we can talk to an existing vSphere instance to create new VMs, clone VM templates, and control and delete VMs. Couple up a simple playbook with Ansible Tower and we can do some pretty amazing things with very little effort.

Here's our playbook to create a new virtual machine from a template in vSphere:

shot11

The really important bit that's doing the work is the 15 lines associated with the 'Create VM from template' task. Note the extensive use of variables in this play to give us lots of flexibility. We'll make use of this in Tower in just a moment.

Tower 2.1 introduced 'Surveys', which are a great way to create interactive forms for a given play. The form can Continue reading

AnsibleFest NYC 2015

AnsibleFest_NYC_2015

We are in the planning stages of our next stop in the AnsibleFest 2015 tour. We had a our biggest turnout ever at AnsibleFest London and know that our New York event will be even bigger and better!

AnsibleFest NYC is currently scheduled for late May/early June in NYC.

Details are being finalized now and tickets will go on sale soon.

If you are interested in speaking please email [email protected]

If you are interested in sponsoring please email [email protected] 

 

Interview with Ansible CEO

tools

Ansible CEO Saïd Ziouani recently sat down for an interview with Adrian Bridgwater of ToolsAdvisor.net to talk about the past, present and future of Ansible. 

Tools AdvisorAnsible Tower is an opportunity for less technical users to get involved with IT automation by virtue of its role-based access control and dashboard functionality being core extras over and above the command line version of the open source product. Just exactly how 'non-technical' a user do you think should be involved here?
Saïd Ziouani: We strongly believe that IT Automation should be a dull task; your IP competency should be your priority and the main focus for your software developers. Managing your infrastructure must be simple to a point that it's almost boring. Tower takes the simplicity model of Ansible to a new level, allowing easy push button automation at scale, and team role delegation.

Read the full interview here.

AnsibleFest London Presentations

AnsibleFest_(1)-1

We had our biggest and best AnsibleFest last week in London! This was our 1st Ansible event outside of the United States and due to the amazing turnout and great crowd we will definitely include at least one stop overseas in 2016.

If you were not able to attend, or just wanted to see the presentations, we’ve compiled all of them here:

How to automate Big Data with Ansible - Marius Boeru, BigStep

Ansible and Vagrant - Sebastian Göttschkes, wogibtswas.at

The Devs Are Opsing (And It Isn’t Painful) - Ali Asad Lotia, Blue Newt

Ansible, Windows, and Powershell - Jon Hawkesworth, M Modal

How Rackspace Is Deploying OpenStack With Ansible - Walter Bentley, Rackspace

What's New in V2 - James Cammarata, Ansible

Ansible Internals - Brian Coca, Ansible


We’ll be announcing the next stop in the AnsibleFest tour soon (hint: It is New York City) so follow us on Twitter to find out all of the details first!

View our Ansible Tower Video here to learn all about the great features available in Ansible Tower.

Using ansible and dynamic Amazon EC2 inventory management on #AWS

Screenshot_2015-02-03_13.00.10Brandon Chavis, an AWS Partner Solutions Architect, has a great post over on the AWS blog titled "Getting Started with Ansible and Dynamic Amazon EC2 Inventory Management" today.

From the post:

Today, the options for configuration and orchestration management seem nearly endless, making it daunting to find a tool that works well for you and your organization. Here at AWS, we think Ansible, an APN Technology Partner, provides a good option for configuration management due to its simplicity, agentless architecture, and ability to interact easily with your ever-changing, scaling, and dynamic AWS architecture.

Instead of having to push an agent to every new instance you launch via userdata, roll an agent into an AMI, or engage in similarly management-intensive deployments of your config management software, the Ansible framework allows administrators to run commands against Amazon Elastic Compute Cloud (Amazon EC2) instances as soon as they are available, all over SSH. This document intends to examine ways that your Amazon EC2 inventory can be managed with minimal effort, despite your constantly changing fleet of instances.

Read the full post here.

 

Thanks Michael!

3 years ago, Michael DeHaan started the Ansible open source project. Michael has worked tirelessly and done a great job leading the Ansible vision of simple IT automation, and his efforts led to some amazing achievements.  Ansible is now a mature open source project and vibrant community, with over 900 contributors (a new contributor almost every day!), thousands of users and millions of downloads.  Ansible was recently named a Top 10 Open Source project for 2014, alongside projects like Hadoop, Docker, and OpenStack.

As of today, Michael will be transitioning from his daily operational involvement with Ansible, Inc. to an advisory capacity supporting the community and the Ansible team as needed.  You can read more about Michael’s thoughts on the transition here.

As for Ansible, we are grateful for Michael’s vision and efforts and look forward to his continued contributions. He and the Ansible community have set a new standard for simple, agentless automation, and we will continue to build great things on that strong foundation.

5 Reasons to Use Ansible in Government

ANSIBLE-govt

As many US Government programs look to adopt DevOps and agile development methodologies, there’s a need for tools to manage the application lifecycle, and make it easier and more predictable to deploy and manage entire application environments.

So why do Government customers chose Ansible?

Agentless

Ansible does not require a software agent to be running on the remote hosts it manages. Instead, it relies on the trusted management ports you’re already using on a daily basis to log into your servers: secure shell (SSH) on Linux, and Windows Remote Management (WinRM) on Microsoft-based systems. This means that you don’t need to change existing firewall port filtering rules, which removes a large barrier to entry that other tools that run an agent require.

Additionally, agentless management means that there is little likelihood of a library conflict. What happens when a management tool agent requires one version of a library, but your application requires another?

Finally, Ansible’s agentless model does not increase your system’s security footprint or attack profile. Ansible relies on the operating system’s encryption tooling, and ensures that there are no separate agents that require vulnerability patching.

More Than Just CM

Configuration Management in the Government space is nothing new. Continue reading