Taking Automation to the Next Level: Using Ansible + GitOps to Manage the Lifecycle of a Containerized Application
One of the great advantages of combining GitOps with Ansible is that you get to streamline the automation delivery and the lifecycle of a containerized application.
With the abilities of GitOps we get to:
- Standardize configurations of our applications.
- Inherit the benefits of version control of our configurations.
- Easily track changes of the configuration settings making fixing issues easier.
- Have one source of truth for our applications.
Combine the above with Ansible and you have everything you need to accomplish configuration consistency for a containerized app anywhere that you automate.
That leads us to, “how do we combine Ansible and GitOps to manage the lifecycle of a containerized application?”
Simple. By creating an Ansible workflow that is associated with a Git webhook that is part of my application’s repository.
What is a Git webhook you ask?
Git webhooks are defined as a method to deliver notifications to an external web server whenever certain actions occur on a repository.
For example, when a repository is updated, this could trigger an event that could trigger CI builds, deploy an environment, or in our case, modify the configuration of our containerized application.
A webhook provides the ability to execute specified Continue reading
What’s new: network automation with ansible.netcommon 3.0.0
With the recent release of the ansible.netcommon Collection version 3.0.0, we have promoted two features as standard: libssh transport and import_modules. These features provide increased performance and resiliency for your network automation. These two features, which have been available since July 2020 (libssh) and March 2021 (import_modules), are now turned on by default for playbooks running the latest version of the netcommon Collection, so let's take a look at what makes these changes so exciting!
The road to libssh
Libssh support was formally announced in November 2020 for FIPS mode compatibility and speed. This blog goes into great detail about why we started this change, and it's worth a read if you want to know more about how we use paramiko or libssh in the network_cli connection plugin. I'm going to try not to rehash everything from that post, but I do want to take a little time to revisit security and speed to show what libssh brings to the experience of using ansible with network devices.
FIPS Mode
One of the earliest issues we identified with paramiko, our earlier SSH transport plugin, is that it was not FIPS 140 compliant. This meant that environments Continue reading
Digitally signing Ansible Content Collections using private automation hub
Red Hat Ansible Automation Platform can manage and execute automation made from many different origins, coming from Red Hat product teams, ISV partners, community and private contributors.
Here is a typical makeup of an automation play that is launched from automation controller:
- A job template is executed by automation controller and is a playbook.
- The playbook runs inside of an automation execution environment by the automation controller.
- The automation execution environment is made using the execution environment builder (ansible-builder tool).
- When ansible-builder creates the execution environment, it includes dependencies.
- The dependencies are Ansible Content Collections and their requirements.
- Collections and their dependencies can be private, community-based, or supplied by Red Hat or its ISV partners.
Previously, there was no way to verify that a Collection downloaded from either Ansible automation hub (console.redhat.com) or private automation hub was developed and released by its original Collection maintainer. This is a potential security issue and breaks the supply chain from creator to consumer.
Providing security-focused features in Ansible Automation Platform 2 continues to be a priority, to enable the execution of certified and supported automation anywhere in your hybrid cloud environment. New in Ansible Automation Platform 2.2 is Continue reading
Scaling Automation Controller for API Driven Workloads
When scaling automation controller in an enterprise organization, administrators are faced with more clients automating their interactions with its REST API. As with any web application, automation controller has a finite capacity to serve web requests, and web clients can experience degraded service if that capacity is met or superseded.
In this blog, we will explore methods to:
- Increase the number of web requests an Red Hat Ansible Automation Platform cluster can serve.
- Implement best practices on the client side to reduce the load on the automation controller API to improve performance and uptime.
We will use automation controller 4.2 in our examples, but many of the best practices and solutions described in this blog apply to most versions, including Ansible Tower 3.8.z.
Use cases that cause high-volume API requests
In this section, we will outline some of the use cases that can drive a high volume of API requests. In the recommendations section, we will address options to improve the quality of service at the client, load balancer, and controller levels.
External inventory management
In some use cases, organizations maintain their inventory in an external system. This practice can lead to a pattern Continue reading
Red Hat Ansible Automation Platform on Microsoft Azure – Network Access – blog #2
Thank you to Hicham Mourad and Scott Harwell for co-authoring this blog.
Introduction
In this blog series, we will continue discussing the deployment of Red Hat Ansible Automation Platform on Microsoft Azure.
The first blog covered the deployment process as well as how to access a Red Hat Ansible Automation Platform on Azure deployment that was deployed using the “Public” access option.
This blog we’ll cover how to access the managed application when it’s deployed using the “Private” access option.
Connecting to Red Hat Ansible Automation Platform on Microsoft Azure
There are three ways you can access Red Hat Ansible Automation Platform on Azure if you selected “Private” access.
- An Azure hosted virtual machine (VM)
- Azure VPN or Direct Connect
- SSH Tunnel
Let’s assume that you have already configured network peering between the Red Hat Ansible Automation Platform on Azure deployment, on the Azure network and your existing Azure Virtual Networks. Network peering is an Azure action for connecting two or more networks on Azure that route traffic to resources across those networks. See Microsoft Azure documentation for more information on network peering types.
Access Details
Regardless of whether you selected public or private Continue reading
Red Hat Ansible Automation Platform on Microsoft Azure – Network Access – blog #1
Introduction
In this blog series we will discuss the deployment of Red Hat Ansible Automation Platform on Microsoft Azure, specifically focusing on the deployment access types and what that means for accessing Red Hat Ansible Automation Platform on Azure after deployment completion.
Deployment Access Types
First let’s start by discussing the different deployment access types.
During deployment, Red Hat Ansible Automation Platform on Azure will present an option called “Access” that determines how you will access the user interfaces.
Access Selection at Deploy Time
| Deployment Type |
Details |
| Public |
Public deployments allow ingress to the user interfaces over the public internet. Upon deployment, a domain name is issued to the Red Hat Ansible Automation Platform on Azure instance, and users will be able to navigate to the domain to login. This is the easiest approach to deploy because there is no configuration required to access Red Hat Ansible Automation Platform on Azure. Public Access Architecture Diagram below |
Public Access Architecture Diagram
| Deployment Type |
Details |
| Private |
Private deployments omit access from the public internet. When deployed, Red Hat Ansible Automation Platform on Azure will reside in an isolated Azure VNET with no access from external sources or even other Continue reading |
Pump-Up your ITIL with Automation
In the world of automation and agility, it seems that Information Technology Infrastructure Library (ITIL) doesn’t have a role to play anymore, being marked as an “old school” framework. Can it be the end of the methodology after it served numerous IT organizations for so long as a guideline and blueprint for their processes?
This series of articles shows how automation, and more specifically Red Hat Ansible Automation Platform and the principles of Infrastructure as Code (IaC), can help bring some of the ITIL topics into the agile and automated bliss:
- Configuration management
- Change and release management
- Incident and problem management
So let’s step into the topic of configuration management and what everybody still knows as CMDB (Configuration Management Database) even if ITIL has since long titled it as CMS (Configuration Management System). This name change was meant to highlight the fact that the function can be fulfilled by a combination of multiple databases and tools, but it won’t matter here, so we’ll stick to the infamous CMDB term.
Do you love your CMDB? Probably not, according to my experience with numerous customers. The data is generally outdated and wrong, considered useless, which means that its maintenance is considered a Continue reading
8 private automation hub features about automation execution environments
Red Hat Ansible Automation Platform 2.1 introduced automation execution environments, which is a new way to package automation into a container runtime environment. In addition, private automation hub also joined the party by adding significant support for execution environments.
Let's dive into those features:
Feature 1 - The registry
Private automation hub now ships with the pulp container registry. This means it can store and serve up container images.
We only support the Ansible private automation hub registry serving execution environment images.
Feature 2 - Remote registries
The Ansible private automation hub user interface allows the administrator to define remote registries. This allows for the registry to mirror container images from their source. A good example of remote registries is adding the base execution environment images available at Red Hat.
To access the Red Hat registry, visit registry.redhat.io and use the same username and password that you use for access.redhat.com.
Upon adding the registry, you will see a new remote registry definition.
Feature 3 - Indexing a remote registry
This capability is available after you have added a remote registry as per Feature 2;click the menu on the registry Continue reading
Inside Ansible Automation Platform’s Automation Services Catalog
Red Hat Ansible Automation Platform 2.2 introduces a technical preview of automation services catalog.
Automation services catalog was first developed in the cloud at console.redhat.com, with capabilities for fast, agile development and feature release. Over time, Red Hat continually adapted features to meet customer requirements and incorporate their feedback. As customers became more familiar with the benefits, they’ve since requested the ability to access these catalog components within their firewalled infrastructure with direct access to the Ansible clusters and their corporate identity services. We continue to listen and are providing a private version of automation services catalog, installed by the platform installer alongside automation controller and private automation hub.
Products, Portfolios and Platforms
As far as catalogs go, there is a fairly standard pattern to follow. Here is the first glimpse of the user interface.
This image shows what are known as “products”. Products reside within “portfolios,” which allow the administrator to group products into sharable, access controlled folders. Products are simply references to a job template or workflow.
What I really like about having this new level of abstraction is that I can reference the same job template in a product multiple times. Continue reading
Released: Automation content navigator 2.0
Automation content navigator releases with Ansible Automation Platform 2.2
What is it?
Automation content navigator was released alongside Red Hat Ansible Automation Platform 2.0 and changed the way content creators build and test Ansible automation. Navigator 1.0 drew together multiple Ansible command line tools like ansible-playbook, ansible-doc, ansible-config, etc. and continues to accrue seriously useful new features to help deliver greater flexibility to automation creators.
Coinciding with the release of Ansible Automation Platform 2.2, navigator 2.0 introduces improvements to existing functionality alongside additional features to aid in the development of automation content.
Within navigator 2.0, you will find:
- Automation execution environment image build support
- Ability to interact in real-time with automation execution environments
- Settings subcommand to view active configuration of local environment
- Generate a sample configuration file that can be used for new projects
- Automatic mode selection (stdout vs. interactive)
- Technology preview lint support, UI improvements, Collections view support for Ansible built-ins, time zone support, color enhancements, and more!
Looking closer
Image builder support
Before the release of navigator 2.0, a separate command line application (ansible-builder) was needed to build execution environment images from human readable YAML files. With this release, ansible-navigator Continue reading
Automating multi-vendor network prefix-lists
To keep the networks healthy, cause connectivity matters
I love being a network engineer, even though I struggled to explain to non-networking people about the utmost relevance of network administration. However, during the last two years of the COVID-19 pandemic, the world could see the relevance of having connectivity. Networks are the highways of information. Data, applications, entertainment, and factories need the network connectivity roads to make the world run. It’s interesting that even network models to estimate traffic behavior use algorithms that are similar to the ones to estimate transportation.
To enable this communication, networks have to interconnect through routing protocols. There are many ways to configure routing; you can permit or restrict traffic to certain networks to leave some sectors isolated, and propagate routes to allow connectivity only to specific segments of your network.
When you configure routing settings to allow this interconnection, you not only want to reach the ultimate purpose of configuring connectivity, but you want to do this in an efficient manner.
The use of prefix-lists is one mechanism to permit a better use of resources in your routers. In this blog we are going to briefly cover why prefix-lists configuration is relevant, and Continue reading
What’s new in Ansible Automation Platform 2.2
The Ansible product team at Red Hat is thrilled to announce the general availability of Red Hat Ansible Automation Platform 2.2, which includes numerous features and bug fixes that further solidify Ansible Automation Platform as the de facto enterprise IT automation solution for developers to operations teams in data centers, clouds, and at the edge. A few of the most noteworthy features in this release include:
- New automation topology viewer in automation controller
- Red Hat Ansible Certified Content Collections to be digitally signed in Ansible automation hub
- Updated Ansible developer and creator tooling: ansible-navigator, ansible-lint, and VSCode language server support
- Enhanced network automation Collections
- Automation services catalog now available on-premise
- Reporting and analytics of automation data are now further integrated and streamlined
- Red Hat Enterprise Linux 9 support
Don’t forget to check out the product documentation including the release notes!
Automation topology viewer
Let’s face it, automating at enterprise scale is really hard. Although many features were added for the content creator and developer in Ansible Automation Platform 2, the automation operations teams are typically responsible for making sure automation is up and running as it should across all inventories, worldwide, with 24/7 availability and uptime. As enterprise Continue reading
Exploring New Possibilities with the AWS Cloud Control Collection
We recently made available an experimental alpha Collection of generated modules using the AWS Cloud Control API for interacting with AWS Services. This content is not intended for production in its current state. We are making this work available because we thought it was important to share our research and get your feedback.
In this post, we’ll highlight how to try out this alpha release of the new amazon.cloud content Collection.
The AWS Cloud Control API
Launched in September 2021 and featured at AWS re:Invent, AWS Cloud Control API is a set of common application programming interfaces (APIs) that provides five operations for developers to create, read, update, delete, and list (CRUDL) resources and make it easy for developers and partners to manage the lifecycle of AWS and third-party services in a standard way.
The Cloud Control API provides support for hundreds of AWS resources today with support for more existing AWS resources across services such as Amazon Elastic Compute Cloud (Amazon EC2) and Amazon Simple Storage Service (Amazon S3) in the coming months.
AWS delivers a broad and deep portfolio of cloud services. It started with Amazon Simple Storage Service (Amazon S3) and grew over Continue reading
Uplevel your automation skills with Red Hat training for Ansible Automation Platform
Red Hat Ansible Automation Platform 2 includes major features that allow customers to onboard more easily with even more flexible automation architectures and use cases. Ansible Automation Platform enables IT professionals to automate at enterprise scale more easily and flexibly. This means that everything you know and love about writing Ansible Playbooks is largely unchanged, but what is evolving is the underlying implementation of how automation is developed, managed, and operated in large complex environments.
Ansible Automation Platform now includes new automation creator tools such as ansible-lint, ansible-navigator and ansible-builder, a new architecture using container-based automation execution environments and automation mesh, and new tools such as private automation hub and automation services catalog to help operationalize teams to work together. For a complete list of everything included in your subscription, check out the knowledge base article: What is included in Red Hat Ansible Automation Platform subscription? If you prefer to consume our content via videos, check out my blog and YouTube video: Ansible Automation Platform - A video tour.
That is a lot of cool new stuff that is included in your Red Hat subscription! You might be thinking that your Ansible knowledge is really good, but you are unsure Continue reading
Automation at the Edge – Summit 2022
As some of you may know, Red Hat Summit was back in person in Boston last week. For those who are not familiar, Red Hat Summit is the premier enterprise open source event for IT professionals to learn, collaborate, and innovate on technologies from the datacenter and public cloud to the edge and beyond. Red Hat made a lot of exciting announcements, with several that included Red Hat Ansible Automation Platform. If you could not make the event or would like to revisit some of the content, you can access any session on demand.
One of the big announcements at Summit was the unveiling of new levels of security from the software supply chain to the edge. In Ansible Automation Platform 2.2, Red Hat is introducing a technical preview of Ansible content signing technology. The new capability helps with software supply chain security by enabling automation teams to validate that the automation content being executed in their enterprise is verified and trusted.
With the announcement of this new edge capability, we showcased a session for Ansible and edge that is available on demand. The session “GitOps your distributed edge computing model with Red Hat Ansible Automation Platform” Continue reading
Ask me Anything Recap – April
I recently had the opportunity to emcee an Ask me Anything webinar in April 12, These sessions are a good opportunity for the community, customers, partners and more to talk directly to Red Hat employees about what is happening on Red Hat Ansible Automation Platform and beyond. For this webinar, we had an awesome group of individuals with a diverse talent range across multiple skill sets from Product Management, Technical Marketing and Engineering:
- Richard Henshall - based in England, Richard is head of Product Management for Ansible Automation Platform
- Hicham Mourad - based in Canada, Hicham is a Technical Marketing manager for Ansible Automation Platform on Microsoft Azure
- Anshul Behl - also in Canada, Anshul is a Technical Marketing manager for Ansible Automation Platform
- Mike Graves - joining us from North Carolina, Mike is a senior software engineer working on Ansible for public clouds and Ansible for cloud native
- Shane McDonald - senior principal software engineer working on automation controller, automation execution environments and Podman as well as Kubernetes and Red Hat OpenShift Integration
To watch the webinar on-demand check it out here.
As it turns out, we can’t get to every question that comes in, so we had Continue reading
Introducing a brand new way to automate your Azure Cloud
In December of 2021, Red Hat and Microsoft announced the Red Hat Ansible Automation Platform on Microsoft Azure.
This year during Red Hat Summit 2022, Red Hat announced the General Availability of the Red Hat Ansible Automation Platform on Microsoft Azure in North America with global availability coming soon.
I’d like to spend some time providing some more details about this offering and why you should be considering Ansible Automation Platform on Azure.
Azure Marketplace deployment
Ansible Automation Platform on Azure (AAP on Azure) deploys from the Azure Marketplace as a managed application. It deploys directly into your Azure Subscription, but Red Hat as the publisher of the application has access to a shared and secured managed resource group to support, maintain, and upgrade your deployment. More specifically, a dedicated Red Hat SRE team deals with all the ongoing management of AAP on Azure, while you focus on expanding your automation strategy within your organization across the hybrid cloud.
Azure Integrations
For many organizations using Azure today, there’s a huge benefit in taking advantage of AAP on Azure. It runs in your Azure subscription. It integrates seamlessly with many of the Azure services, Continue reading
Continuous Detection and Mitigation (CDM)
Ansible for security automation
Overview
Per NASCIO, the top priority for state CIOs is cybersecurity and risk management. A key focus for this initiative is to leverage the Continuous Diagnostics and Mitigation (CDM) framework provided by the Cybersecurity and Infrastructure Security Agency (CISA). In this blog post we will explore a high level view of the CDM framework, review Ansible’s role in security automation and finally understand how Ansible can help agencies with Day 0 through Day 2 tasks while working with the CDM framework.
What is CDM?
Today more than ever, cyber threats mean that securing and defending our networks are of utmost importance. A recent report published by the National League of Cities revealed that an astonishing 44% of local governments report they experience a cyberattack daily or even hourly. So it is not surprising to see that cybersecurity and risk management is the number one priority for our state CIOs. With that background, let’s understand the CDM program.
Source: https://www.cisa.gov/cdm-training
The CDM framework is defined by CISA. CDM provides capabilities and tools that help identify Continue reading
Automating Applications and Servers at the Edge with Red Hat Ansible Automation Platform
In my previous blog, Why 2022 will be the year for edge automation, we discussed the objective of edge solutions to bring resources closer to the end user or data source.
As edge expands its IT footprint and becomes an extension of the data center, bare-metal, virtual environments, private cloud and public cloud start to coexist as part of the infrastructure.
While our customers move forward with their own automation journey, they are adding edge computing to the puzzle, with common automation challenges such as:
How to automate disparate architectures at scale?
How do we reduce the operational burden, if the IT teams do not grow exponentially?
What is needed to foster a collaborative automation practice?
As part of this blog we will go through a hybrid edge computing automation scenario. But let's start with the fundamental question: Why is hybrid cloud critical for edge computing?
Hybrid cloud to solve edge computing challenges
At the edge, geography matters.
The fundamental need is to allocate resources closer to where the data is generated to pre-process the information before forwarding it to the data centers. The reason for this architectural change is to increase Continue reading
Event-driven remediation with systemd and Red Hat Ansible Automation Platform
Over the many years of working as an engineer and architect with a particular interest in storage, I have learned that donuts and energy drinks can really bring you some joy in trying situations. When it seems that your infrastructure is on fire and you need an exorcist to help you find the ghost in the machine, a humble box of glazed donuts can give you and your team a much-needed break and allow you to refocus.
Now, the issue with this habit is that it might help you in the moment, but over time this can become a real health issue. Configuration drift, technical issues, and technical debt can all have similar effects on your health, increasing your heart rate and causing sleepless nights. Red Hat Ansible Automation Platform can assist you here with not only keeping your infrastructure in check, but also giving your teams the peace of mind that systems are running as they should.
Being able to schedule compliance checks on your systems with Ansible Automation Platform enables you to preserve configuration and system states, and keep them running the way you prefer. But sometimes this is not proactive enough. What if you have Continue reading