AAP 2.3 Introducing Remote Execution Mesh Nodes for Openshift
Last year Ansible Automation Platform (AAP) 2 introduced major changes around the mechanics on how automation is run. The main focus was to enhance the foundational pieces of the platform while providing flexibility and simplicity for automators to automate at enterprise scale. One of those foundational pieces introduced was automation mesh.
Automation mesh provides a simple, flexible and reliable way to scale automation of large inventories across diverse network topologies, platforms and teams. It was important to evolve how the platform was developed, managed, operated to meet business demands and needs, for the large majority of customers.
Pre 2.3 Automation Mesh in OCP
Prior to AAP 2.3, the automation mesh was mostly a VM deployment base option and feature. I’ve tried to highlight the main differences between platform choices in this diagram:
We are now starting to level up the feature parity, and this brings remote mesh execution nodes to non-VM supported deployments. Before we look more at the new feature, let’s look at the options that were available before:
For VM based deployments, the automation mesh introduced horizontal scaling, the ability to scale your automation needs out, whether locally or globally. We did this by Continue reading
Addressing NetOps issues with Event-Driven Ansible
A simple example - No Shut, No Problem
Since the announcement of Event-Driven Ansible, I cannot stop thinking about potential use cases. Can I get events to automate scaling? Could I use a filesystem event to trigger filesystem integrity checks? Could I get a slackbot to trigger my choice of heavy metal playlist based on a “mood” event? It's all possible! But let’s not go too crazy, not yet.
I started having a look at the fantastic work that one of our engineers, Nilashish Chakraborty has been doing around network telemetry and Ansible. This led me down the path to explore network events and what I could potentially do with something like Event-Driven Ansible. So let’s start with a super simple interface example.
Reaching out to the team at Arista, we started discussing and looking at the mechanisms they are using to get telemetry data. With Arista we are able to use gNMI, gNMI is an open source protocol specification created by the OpenConfig working group that is used to stream data to and from network devices. The OpenConfig working group operates as an open source project with contributions from network operators, equipment vendors in providing vendor-neutral Continue reading
The Top 10 Ansible Blogs of 2022
Introduction
If you're looking to brush up on the most popular Ansible information from 2022 (or just grasping at any excuse to break away from your relatives for a few minutes during the holidays), you've come to the right place. What follows are the top 10 blogs that have captured the most attention from Ansible.com readers in 2022.
10. Introducing the Event-Driven Ansible developer preview
One of the buzzworthy announcements at AnsibleFest 2022 was Event-Driven Ansible, released as Developer Preview by Red Hat. In this blog, Joe Pisciotta, Ansible Product Manager, describes Event-Driven Ansible's integration with 3rd-party event sources and support for establishing rules using "if-then" scenarios. Discover why Event-Driven Ansible makes remediating issues simple and removes the time-consuming customization usually required with "self-healing" approaches.
9. What's new in Ansible Automation Platform 2.3
Several new features and enhancements were announced as part of Ansible Automation Platform 2.3, such as more flexibility and control over execution nodes in automation mesh, the launch of Ansible validated content to help you get started automating operational tasks, support for LDAP with RBAC, and much more. Sean Cavanaugh, Ansible Technical Marketing Manager, outlines the capabilities of these new Continue reading
Creating Custom Rules for Ansible Lint
What is Ansible Lint?
Ansible Lint is a command-line tool (part of the ansible-lint upstream community project) for linting of Ansible Playbooks, Roles, and Collections. Ok, so what exactly is “linting?” Its fundamental objective is to promote proven behaviors, patterns, and practices while avoiding typical traps that can quickly result in errors or make code more difficult to maintain. That is - leverage community recommendations and opinions in writing Ansible content by means of a tool to help ensure what you’re writing is generally valid.
Additionally, Ansible Lint is designed to assist users in updating their code to function with more recent Ansible versions. Even though the version of Ansible being used in production can be an older version of ansible-core, we advise utilizing it with the most recent version.
Ansible Lint is opinionated just like any other linter. However, because community members contributed to its rules, each user has the option to enable or disable them on an individual or category basis.
Why should I use Ansible Lint?
The goal of Ansible Lint is to flag programming errors, bugs, stylistic errors and suspicious constructs and also ensure that content created by different people has Continue reading
Red Hat Ansible Automation Platform now available in AWS Marketplace
At AnsibleFest 2022 in the “windy city” Chicago, Red Hat announced Ansible Automation Platform’s upcoming availability in AWS Marketplace. That day is here!
I’d like to take a few moments to provide some more details about this offering and why you should be considering Ansible Automation Platform in AWS Marketplace.
As organization’s hybrid cloud environments continue to grow in complexity, so does the need to increase efficiency and speed. The solution is to leverage an automation platform that can help any organization create, manage, and scale their automation efforts across the entire IT infrastructure. Ansible Automation Platform is the glue that can coordinate and scale automation across all IT domains.
AWS Marketplace deployment
Ansible Automation Platform deploys directly from the AWS Marketplace as a self-managed application. There are many benefits of deploying Ansible Automation Platform in AWS Marketplace.
- It deploys into your environment, where you have total control over the solution.
- Ongoing upgrades will be simpler because of this deployment model, so while this is a self-managed solution, it’s still simpler to maintain than if you had started from scratch yourself.
- The ability to scale out the Ansible Automation Platform environment using extension nodes. (I’ll write a blog Continue reading
Crank up your automation with Ansible validated content
“Dear Aunt Automation,
At Suncavanaugh Corp., we just got this super cool automation platform. It's called Red Hat Ansible Automation Platform. Now, I'm really excited about all this and I have used Ansible before, but I'm worried about getting it working in our environments. How do I even get started with automation that needs to be production ready? What if I need help building what we need? How do I know what I build is good enough for production? This is pretty scary…
Love,
~ Chagrining in Chapel Hill “
We can understand these concerns, as this is something that many customers experience when they start their journey into automation. Red Hat Ansible Automation Platform has many tools to assist organizations from savings planner to Red Hat Insights, however, actually getting started still requires you to jump into some YAML and build your first production-ready playbook. You want to start automating, but you don’t know where to start. At AnsibleFest 2022, we announced a new addition to the content ecosystem offered through the platform. Drumroll please….. this is Ansible validated content.
Ansible validated content is expert-built automation content packaged as Collections that contain Ansible Continue reading
Project signing and verification
Project signing is a new feature developed for Red Hat Ansible Automation Platform that came out in the latest 2.3 release. It enables users to sign project-based content (think playbooks, workflows, inventories, etc.) and verify whether or not that content has remained secure. It also features a new CLI tool, ansible-sign. This blog post will explain how it works, illustrate how to implement it, and highlight a few scenarios.
Why we need signing capabilities
Organizations need to make sure their automation is tested and performing the intended tasks. However, what if someone deploys untested automation, or worse yet, someone intentionally tries to automate something nefarious? It might not even be intentional, but can simply be an organization using a community collection whose author removes a feature that they were using.
When organizations start adopting automation at the enterprise level, there may be hundreds to thousands of tasks being performed every hour across thousands of infrastructure nodes. How do you make sure the automation content that is being executed can be trusted? How do you know your automation is doing what you think it is? Is your organization pulling content from various sources outside of Continue reading
Keep the learning pace! A Holiday recap about network automation sessions
AnsibleFest in October was an amazing experience; the best part was meeting and chatting about multiple network automation use cases with our customers and partners.
In case you want to review the most relevant sessions, here is a summary on the abridged network automation related sessions that you can check on-demand for the next 5 months:
Why unified network automation and why now?
Bob Laliberte, Principal Analyst, ESG covers the complexity of modern networks which span across multi-domain teams including campus, branches, data centers, WAN networks and now edge across distributed locations.
Network automation, when implemented as an end to end solution, can unify teams and make it faster and more efficient to deliver network services.
IT decision makers and managers will be able to have a better insight on network automation challenges and KPIs.
Noor Shadid, Wells Fargo | theCUBE at Red Hat AnsibleFest 2022
In this interview, Wells Fargo Senior Vice President, Noor Shadid, describes their cultural change with automation and how Wells Fargo positioned itself as a technology company.
Journey to Automated NetOps in Financial Services
John Teixido from Truist and Tony Dubiel from Red Hat cover this amazing session. You Continue reading
What’s new in Ansible Automation Platform 2.3
We are thrilled to announce the general availability of Red Hat Ansible Automation Platform 2.3. If you didn’t get the opportunity to attend AnsibleFest 2022 in Chicago, or get time to watch the keynotes on the AnsibleFest content hub, I am the lucky Ansiblite (or is it Ansi-Bull) who will walk you through all the new, cool and exciting features coming with our new release. Ansible Automation Platform 2.3 introduces a number of new features and capabilities that deliver simpler, security-focused automation at scale. Ansible Automation Platform 2.3 is compatible with the Developer Preview of Event-Driven Ansible, a new set of capabilities that empower true end-to-end automation.
You can download the latest version directly from the Red Hat Customer Portal, or sign up for a free trial at red.ht/try_ansible. If you want to skip right to the documentation and release notes, check out the official Product Documentation page.
If you are new to Ansible Automation Platform 2 and wondering what automation execution environments, automation mesh, and automation content navigator all are, I highly recommend watching the video tour that our technical marketing team put together. If you prefer reading, I recommend checking out Continue reading
Walking on Clouds with Ansible
Today is a good day, and when it's a day like this we often feel like we are walking on clouds. With this latest announcement for the newest Red Hat Ansible Certified Collections available to our customers on the 28th of November, I am sure many cloud practitioners will be anticipating what the future will bring for their cloud automation.
Over the last few months, there has been a fair amount of activity in the Ansible team showing how Red Hat Ansible Automation Platform can extend and connect different technologies. This has been a crucial component of Ansible’s success in cloud automation for many customers.
Cloud automation requires the ability to perform many different complicated tasks and cover just as many domains. Often, organizations have different technologies to meet specific requirements and needs. One of the technologies widely used is Terraform.
We have done a number of blogs recently on the topic, ranging from a simple example of using Terraform with Ansible Automation Platform - Terraforming Clouds with Ansible, to in-depth looks at the differences between the tools - Ansible vs Terraform Demystified and Ansible vs Terraform, clarified. AnsibleFest 2022 even featured a lab where we Continue reading
Importing/Exporting Collections in automation hubs
This article discusses how to export and import Collections from one automation hub to another.
Ansible automation hub stores Collections within repositories and the Collections are versioned by the curator, so therefore many versions of the same Collection can exist in the same or different repositories at the same time.
Ansible automation hub repositories store Collections as TAR files, as created by ansible-galaxy during the curation and publishing process. This makes for easy downloading and transportation, especially during import and export workflows. You can be assured that the Collection you are importing to the new repository is the same one that was exported, or originally created by ansible-galaxy (assuming nothing malicious has happened to it; for that level of protection we have digital collection signing and can discuss that in a future article).
There are many reasons why you may wish to export or import Collections from one automation hub to another, so here are some common use cases.
Your production automation hub is on a disconnected network
This scenario means that you need to move content from an internet connected automation hub to another automation hub over an air gap. This could be done using a USB Continue reading
3 new Ansible automation hub updates
Beyond the buzz at AnsibleFest 2022 around event-driven automation, availability of Ansible in AWS and Azure marketplaces, and Project Wisdom, some important changes were happening within Ansible automation hub, so let's take a closer look at the latest developments.
Content signing for enhanced security
Content signing is a new feature currently available in technology preview in Ansible Automation Platform 2.2 and will be generally available with the release of 2.3. Content signing provides the framework to establish a secure chain-of-custody so you can consume, publish, and share Ansible content with more confidence that it is less vulnerable to tampering and malicious code. With content signing, you now have more control over compliance and your organization's internal security requirements.
In addition, we have completed signing all of Red Hat Ansible Certified Collections available in Ansible automation hub, and we will work with our partners to sign any new content as it's released.
Private automation hub is your internal content repository for automation execution environments as well as Ansible content you create or download from Ansible automation hub. In a future release, we hope to enable signing both content and execution environments Continue reading
Assessing Red Hat Ansible Automation Platform vulnerabilities
What your security scanner isn’t telling you
Security, more than ever, needs to move with speed, and we hear much about “shifting security left” and DevSecOps as methods to help achieve this. As this new paradigm gains momentum, so does the reliance on automated security tools to identify and mitigate software vulnerabilities at scale.
But what if these security tools aren’t telling you the full story?
Often, our customers reach out to us saying their security scanners flag Red Hat Ansible Automation Platform as insecure, or that it contains unpatched vulnerabilities. Rest assured, our products are security-hardened and battle-tested. Red Hat's long-standing track record of upstream contributions extends to improving upstream projects' security and contributing to industry standards. The real culprit here is your security scanner!
In this blog, we’ll cover:
- Red Hat’s approach to product security, including Ansible Automation Platform.
- Why security scanners generate false positives for Red Hat products.
- Available resources you can use to make informed product security decisions.
Note
Several links in this blog point you to resources in the Red Hat Customer Portal, which requires a user account. You and members of your team can register online or reach out to your Continue reading
Find and delete ServiceNow records en masse with the updated Ansible Content Collection
Have you ever had to query and remove a long list of ServiceNow records? Yeah, neither have I until recently. Nobody broke into my instance, and this isn't a one-time operation, I just happen to maintain an instance that we use to test our Red Hat Ansible Certified Content Collection for ServiceNow ITSM.
To set up the environment, I use a demo system and another workflow to create a random user and then allow a learner to progress through some challenges using full Red Hat Ansible Automation Platform deployments and a shared ServiceNow instance. Because this is a real live instance, there's no telling what sort of records learners will create. For this reason, I recently had to develop some automation to clean up records created by these demo user accounts.
Although my use-case was to clean up demo user accounts, this could just as well have been a critical ServiceNow instance that had erroneous records that needed cleaning up. This Collection can be leveraged to create, update, modify, or delete just about anything on ServiceNow.
If you’re following along, make sure you install a version of the servicenow.itsm Collection equal to or greater than 2.0.0 Continue reading
Introducing the Ansible API for ServiceNow ITSM
One of the most popular platform integrations available to Ansible Automation Platform subscribers in Ansible automation hub is the Red Hat Ansible Certified Content Collection for ServiceNow ITSM. This collection helps you create new automation workflows faster based on ServiceNow ITSM while establishing a single source of truth in the ServiceNow configuration management database (CMDB). You can help free teams from hours of manual effort and have greater data integrity within your ServiceNow ITSM instance.
For ServiceNow users, we've launched a new native ServiceNow application, the API for Red Hat® Ansible® Automation Platform Certified Content Collection, available exclusively through the ServiceNow store to enhance and support the integration between the two platforms.
What is the Ansible API for ServiceNow ITSM?
The API for Red Hat Ansible Automation Platform Certified Content Collection integrates Ansible’s certified content with your ServiceNow instance. Prior to the launch of ServiceNow's Rome API, Ansible users could download the Red Hat Ansible Certified Content Collection for ServiceNow ITSM from the Ansible automation hub and directly manage ServiceNow resources using their REST API.
With the release of Rome, the REST API no longer provided all of the support needed to automate ServiceNow using Continue reading
Let Ansible keep an eye on your AWS environment
In a cloud model, the security of the environment and compliance becomes the responsibility of both the end users and the cloud provider. This is what we call the shared responsibility model in which every part of the cloud, including the hardware, data, configurations, access rights, and operating system, are protected. Depending on the local legislation and the origin of the data that is handled (for instance laws like HIPAA, the GDPR in Europe, or the Californian CCPA), you may have to enforce strict rules on your environment and log events for audit purposes. AWS CloudTrail will help you to achieve this goal. The service can collect and record any kind of information coming from your environment and store or send the events to a destination for audit. In addition to security and compliance, this service helps keep track of resource consumption.
Ansible’s CloudTrail module is used to leverage the various features of the CloudTrail service to monitor and audit user activities and API calls in the AWS environment. A trail is a configuration that lets us describe an event filter and decide where the matching entries should be sent. The recent 5.0.0 release of the Amazon.aws Continue reading
Edge Automation: A Paradigm Shift
Introduction
Red Hat Ansible Automation Platform has seen wide-scale adoption in a variety of automation domains, however with edge use cases becoming more mainstream, the thought process around automation must shift from “complete a task immediately” to being able to run automation now and later, and respond to incoming automation requests from devices that are yet unmanaged.
Automation in a hybrid cloud environment
In today’s hybrid cloud environment, automation exists in a tightly controlled and predictable space, meaning it’s easy to determine what endpoints are reachable and available for connection. In practice, this manifests as inventory syncs from our various management planes (think AWS/Azure/GCP/VMware) and then targeting the devices brought into Controller via those inventory syncs with automation. Cross connectivity shouldn’t be an issue: If we can see the device in a management plant, we can contact and automate against it. In addition, if there are exceptions to the “connectivity everywhere” model, Red Hat Ansible Automation Platform has features and functionality to help address more complex connectivity circumstances.
We can even take this automation approach one step further by pulling those management planes under the management of our automation, giving us the ability to really automate end-to-end. For example, Continue reading
Best of Fest 2022
At AnsibleFest 2022, the power of automation was on full display. Through sessions, workshops, labs and more, we explored how to transform enterprise and industry through automation. There were a lot of exciting announcements made on both days, and in case you missed it, we are going to dive into what is new!
Ansible + AWS
We are thrilled to also announce a new AWS Marketplace offering, Red Hat Ansible Automation Platform. By offering Ansible Automation Platform as a pre-integrated service that can be quickly deployed from cloud marketplaces, we are meeting our customers where they are, while giving them the flexibility to deliver any application, anywhere, without additional overhead or complexity. Whether you are automating your hybrid cloud or multi-cloud environments, Ansible Automation Platform acts as a single platform. This platform provides consistency, visibility, and control to help you manage these environments at scale. Ansible is the IT automation “glue” for bringing your cloud, network, bare-metal and cloud-native infrastructure together. This provides the functionality to coordinate and manage across hybrid cloud environments in a simple and efficient way. Interested in learning more? Check out the press release.
Automation at the Edge
Ansible Automation Platform provides a Continue reading
Introducing the Event-Driven Ansible developer preview
Today at AnsibleFest 2022, Red Hat announced an exciting new developer preview for Event-Driven Ansible. Most customers are on a journey toward full end-to-end automation and there are many paths you take along this journey. Event-Driven Ansible is a new way to enhance and expand automation. It improves IT speed and agility, while enabling consistency and resilience.
By fully automating necessary but routine tasks, you and your team will have more time to focus on interesting engineering challenges and new innovations. For example, what if you no longer needed to pause critical work to manually add technical detail to a service ticket? Or address a user password reset request? Or reset a router as a first troubleshooting step? With Event-Driven Ansible, the friction in your day can be dramatically reduced, leaving more time to work on important projects, with some added work-life balance.
Why a developer preview?
The Event-Driven Ansible technology was developed by Red Hat and is available on GitHub as a developer preview. Community input is essential. Since we are building a solution to best meet your needs, we’re providing an opportunity for you to advocate for those needs. We ask that Continue reading
Getting Started with Event-Driven Ansible
As one technology advances, it expands the possibilities for other technologies and offers the solutions of tomorrow for the challenges we face today. AnsibleFest 2022 brings us new advances in Ansible automation that are as bright as they are innovative. I am talking about the Event-Driven Ansible developer preview.
Automation allows us to give our systems and technology speed and agility while minimizing human error. However, when it comes to trouble tickets and issues, we are often left to traditional and manual methods of troubleshooting and information gathering. We inherently slow things down and interrupt our businesses. We have to gather information, try our common troubleshooting steps, confirm with different teams, and eventually, we need to sleep.
Support lifecycle diagram with many manual steps and hand-offs.
One application of Event-Driven Ansible is to remediate technology issues before near real-time, or at least trigger troubleshooting and information collection in an attempt to find the root cause of an outage while your support teams handle other issues.
Event driven automation used in the support lifecycle: fewer steps, faster Mean-Time-To-Resolution.
Event-Driven Ansible has the potential to change the way we respond to issues and illuminates many new automation Continue reading