Archive

Category Archives for "Systems"

Inside Ansible Automation Platform’s Automation Services Catalog

Automation services catalog blog

Red Hat Ansible Automation Platform 2.2 introduces a technical preview of automation services catalog. 

Automation services catalog was first developed in the cloud at console.redhat.com, with capabilities for fast, agile development and feature release. Over time, Red Hat continually adapted features  to meet customer requirements and incorporate their feedback. As customers became more familiar with the benefits, they’ve since requested the ability to access these catalog components within their firewalled infrastructure with direct access to the Ansible clusters and their corporate identity services. We continue to listen and are providing a private version of automation services catalog, installed by the platform installer alongside automation controller and private automation hub.

 

Products, Portfolios and Platforms

As far as catalogs go, there is a fairly standard pattern to follow. Here is the first glimpse of the user interface.

This image shows what are known as “products”. Products reside within “portfolios,” which allow the administrator to group products into sharable, access controlled folders. Products are simply references to a job template or workflow. 

What I really like about having this new level of abstraction is that I can reference the same job template in a product multiple times. Continue reading

Making Flatpak Firefox use Private Browsing by Default

In April 2021 I wrote a post on making Firefox use Private Browsing by default, in which I showed how to modify the GNOME desktop file so that Firefox would open private windows by default without restricting access to normal browsing windows and functionality. I’ve used that technique on all my Fedora-based systems since that time, until just recently. What happened recently, you ask? I switched to the Flatpak version of Firefox. Fortunately, with some minor tweaks, this technique works with the Flatpak version of Firefox as well. In this post, I’ll share with you the changes needed to make the Flatpak version of Firefox also use private browsing by default.

When working with the non-Flatpak version of Firefox, the GNOME desktop file installed with the Firefox package is found at /usr/share/applications. In my earlier article, I suggested editing that file to add the --private-window parameter to the Exec line. Unfortunately, that change gets overwritten every time the Firefox package is updated. It’s better, actually, to use a locally customized desktop file placed in ~/.local/share/applications instead, which will take precedence over the shared desktop file.

With the Flatpak version of Firefox, there is still a shared Continue reading

Released: Automation content navigator 2.0

content navigator blog

Automation content navigator releases with Ansible Automation Platform 2.2

 

What is it?

Automation content navigator was released alongside Red Hat Ansible Automation Platform 2.0 and changed the way content creators build and test Ansible automation. Navigator 1.0 drew together multiple Ansible command line tools like ansible-playbook, ansible-doc, ansible-config, etc. and continues to accrue seriously useful new features to help deliver greater flexibility to automation creators.

Coinciding with the release of Ansible Automation Platform 2.2, navigator 2.0 introduces improvements to existing functionality alongside additional features to aid in the development of automation content.

Within navigator 2.0, you will find:

  • Automation execution environment image build support 
  • Ability to interact in real-time with automation execution environments 
  • Settings subcommand to view active configuration of local environment 
  • Generate a sample configuration file that can be used for new projects
  • Automatic mode selection (stdout vs. interactive) 
  • Technology preview lint support, UI improvements, Collections view support for Ansible built-ins, time zone support, color enhancements, and more!

Looking closer

Image builder support

Before the release of navigator 2.0, a separate command line application (ansible-builder)  was needed to build execution environment images from human readable YAML files. With this release, ansible-navigator Continue reading

Automating multi-vendor network prefix-lists

multi-vendor prefix-lists blog

To keep the networks healthy, cause connectivity matters

I love being a network engineer, even though I struggled to explain to non-networking people about the utmost relevance of network administration. However, during the last two years of the COVID-19 pandemic, the world could see the relevance of having connectivity. Networks are the highways of information. Data, applications, entertainment, and factories need the network connectivity roads to make the world run. It’s interesting that even network models to estimate traffic behavior use algorithms that are similar to the ones to estimate transportation.

To enable this communication, networks have to interconnect through routing protocols. There are many ways to configure routing; you can permit or restrict traffic to certain networks to leave some sectors isolated, and propagate routes to allow connectivity only to specific segments of your network.

When you configure routing settings to allow this interconnection, you not only want to reach the ultimate purpose of configuring connectivity, but you want to do this in an efficient manner. 

The use of prefix-lists is one mechanism to permit a better use of resources in your routers. In this blog we are going to briefly cover why prefix-lists configuration is relevant, and Continue reading

Git Difftool and Meld as a Flatpak

I’ve recently started migrating many of the applications on my Fedora 36 laptop to their Flatpak versions. For the most part, this has been pretty straightforward, although there isn’t really any method for migrating configuration and data. Today I ran into a problem with Meld, a graphical diff utility, and using it with the git difftool command. Below I’ll share how I worked around this problem.

Normally, the integration between Git and Meld—which is what enables you to run git difftool and have the results show up in Meld—would look something like this (this is from ~/.gitconfig):

[merge]
    tool = meld
[diff]
    tool = meld
[difftool]
    prompt = no
[difftool "meld"]
    cmd = /usr/bin/meld "$LOCAL" "$REMOTE"
[mergetool "meld"]
    cmd = /usr/bin/meld "$LOCAL" "$REMOTE"

However, when Meld is installed as a Flatpak, /usr/bin/meld doesn’t exist. In order to continue using Meld with the git difftool command, you must change the Git configuration to look like this instead:

[merge]
    tool = meld
[diff]
    tool = meld
[difftool]
    prompt = no
[difftool "meld" Continue reading

Technology Short Take 155

Welcome to Technology Short Take #155, just in time for the 2022 Memorial Day holiday weekend! (Here in the US, at least.) I mean, don’t you want to spend this weekend catching up on some technology-related articles instead of cooking on the grill and gathering with friends and family? I certainly hope not! Still, for those who need a little technology fix over the weekend, hopefully I’ve included something useful in the list of articles below. Enjoy!

Networking

  • Isovalent—the company behind the Cilium project—has been talking a lot about how the use of eBPF will transform things, including the architecture of a service mesh. Along those lines, one of their latest articles discusses how to achieve identity-based mutual authentication leveraging eBPF. If I’m understanding the article correctly (and feel free to correct me if I am mistaken) it looks as if Cilium Service Mesh will leverage/does leverage a combination of certificate-based mTLS for identity at the workload level and node-based transport encryption (via WireGuard) for data confidentiality. Even though I know that the underlying mechanisms are different, subjectively this feels a lot like using tunnels to connect workloads on different compute nodes (i.e., network virtualization). Is the Continue reading

What’s new in Ansible Automation Platform 2.2

 

aap2.2

The Ansible product team at Red Hat is thrilled to announce the general availability of Red Hat Ansible Automation Platform 2.2, which includes numerous features and bug fixes that further solidify Ansible Automation Platform as the de facto enterprise IT automation solution for developers to operations teams in data centers, clouds, and at the edge. A few of the most noteworthy features in this release include:

  • New automation topology viewer in automation controller

  • Red Hat Ansible Certified Content Collections to be digitally signed in Ansible automation hub

  • Updated Ansible developer and creator tooling: ansible-navigator, ansible-lint, and VSCode language server support

  • Enhanced network automation Collections

  • Automation services catalog now available on-premise

  • Reporting and analytics of automation data are now further integrated and streamlined

  • Red Hat Enterprise Linux 9 support

Don’t forget to check out the product documentation including the release notes!

Automation topology viewer

Let’s face it, automating at enterprise scale is really hard. Although many features were added for the content creator and developer in Ansible Automation Platform 2, the automation operations teams are typically responsible for making sure automation is up and running as it should across all inventories, worldwide, with 24/7 availability and uptime. As enterprise Continue reading

Exploring New Possibilities with the AWS Cloud Control Collection

AWS control blog

We recently made available an experimental alpha Collection of generated modules using the AWS Cloud Control API for interacting with AWS Services. This content is not intended for production in its current state. We are making this work available because we thought it was important to share our research and get your feedback. 

In this post, we’ll highlight how to try out this alpha release of the new amazon.cloud content Collection.

 

The AWS Cloud Control API

Launched in September 2021 and featured at AWS re:Invent, AWS Cloud Control API is a set of common application programming interfaces (APIs) that provides five operations for developers to create, read, update, delete, and list (CRUDL) resources and make it easy for developers and partners to manage the lifecycle of AWS and third-party services in a standard way.

The Cloud Control API provides support for hundreds of AWS resources today with support for more existing AWS resources across services such as Amazon Elastic Compute Cloud (Amazon EC2) and Amazon Simple Storage Service (Amazon S3) in the coming months. 

AWS delivers a broad and deep portfolio of cloud services. It started with Amazon Simple Storage Service (Amazon S3) and grew over Continue reading

Uplevel your automation skills with Red Hat training for Ansible Automation Platform

uplevel skills blog

Red Hat Ansible Automation Platform 2 includes major features that allow customers to onboard more easily with even more flexible automation architectures and use cases. Ansible Automation Platform enables IT professionals to automate at enterprise scale more easily and flexibly. This means that everything you know and love about writing Ansible Playbooks is largely unchanged, but what is evolving is the underlying implementation of how automation is developed, managed, and operated in large complex environments.

Ansible Automation Platform now includes new automation creator tools such as ansible-lint, ansible-navigator and ansible-builder, a new architecture using container-based automation execution environments and automation mesh, and new tools such as private automation hub and automation services catalog to help operationalize teams to work together. For a complete list of everything included in your subscription, check out the knowledge base article: What is included in Red Hat Ansible Automation Platform subscription? If you prefer to consume our content via videos, check out my blog and YouTube video: Ansible Automation Platform - A video tour.

That is a lot of cool new stuff that is included in your Red Hat subscription! You might be thinking that your Ansible knowledge is really good, but you are unsure Continue reading

Automation at the Edge – Summit 2022

As some of you may know, Red Hat Summit was back in person in Boston last week. For those who are not familiar, Red Hat Summit is the premier enterprise open source event for IT professionals to learn, collaborate, and innovate on technologies from the datacenter and public cloud to the edge and beyond. Red Hat made a lot of exciting announcements, with several that included Red Hat Ansible Automation Platform. If you could not make the event or would like to revisit some of the content, you can access any session on demand

One of the big announcements at Summit was the unveiling of new levels of security from the software supply chain to the edge. In Ansible Automation Platform 2.2, Red Hat is introducing a technical preview of Ansible content signing technology. The new capability helps with software supply chain security by enabling automation teams to validate that the automation content being executed in their enterprise is verified and trusted. 

With the announcement of this new edge capability, we showcased a session for Ansible and edge that is available on demand. The session “GitOps your distributed edge computing model with Red Hat Ansible Automation Platform” Continue reading

Ask me Anything Recap – April

ask me anything

I recently had the opportunity to emcee an Ask me Anything webinar in April 12, These sessions are a good opportunity for the community, customers, partners and more to talk directly to Red Hat employees about what is happening on Red Hat Ansible Automation Platform and beyond. For this webinar, we had an awesome group of individuals with a diverse talent range across multiple skill sets from Product Management, Technical Marketing and Engineering:

  • Richard Henshall - based in England, Richard is head of Product Management for Ansible Automation Platform
  • Hicham Mourad - based in Canada, Hicham is a Technical Marketing manager for Ansible Automation Platform on Microsoft Azure 
  • Anshul Behl - also in Canada, Anshul is a Technical Marketing manager for Ansible Automation Platform
  • Mike Graves - joining us from North Carolina, Mike is a senior software engineer working on Ansible for public clouds and Ansible for cloud native
  • Shane McDonald - senior principal software engineer working on automation controller, automation execution environments and Podman as well as Kubernetes and Red Hat OpenShift Integration

To watch the webinar on-demand check it out here

As it turns out, we can’t get to every question that comes in, so we had Continue reading

Fine-Tuning Control Plane Access with Cluster API

When Cluster API creates a workload cluster, it also creates a load balancing solution to handle traffic to the workload cluster’s control plane. This is necessary so that the control plane endpoint is decoupled from the underlying control plane nodes (which facilitates scaling the control plane, among other things). On AWS, this mean creating an ELB and a set of security groups. For flexibility, Cluster API provides a limited ability to customize this control plane load balancer. In this post, I’ll show you how to use this functionality to fine-tune access to a workload cluster’s control plane when using Cluster API with AWS.

If you’re not familiar with Cluster API (hereafter just referred to as “CAPI”), then my introduction to CAPI article may be useful. Keep in mind that article was written in 2019, while the project was still in its early stages. The high-level concepts are correct, but some of the details may have shifted slightly over the last three years as the project progressed from v1alpha1 APIs to the now-current v1beta1 APIs.

The key here is the controlPlaneLoadBalancer object, which is part of the AWSCluster object (see details here in the code or here via pkg.go.dev Continue reading

Introducing a brand new way to automate your Azure Cloud

In December of 2021, Red Hat and Microsoft announced the Red Hat Ansible Automation Platform on Microsoft Azure

This year during Red Hat Summit 2022, Red Hat announced the General Availability of the Red Hat Ansible Automation Platform on Microsoft Azure in North America with global availability coming soon.  

I’d like to spend some time providing some more details about this offering and why you should be considering Ansible Automation Platform on Azure.



Azure Marketplace deployment

Ansible Automation Platform on Azure (AAP on Azure) deploys from the Azure Marketplace as a managed application.  It deploys directly into your Azure Subscription, but Red Hat as the publisher of the application has access to a shared and secured managed resource group to support, maintain, and upgrade your deployment. More specifically, a dedicated Red Hat SRE team deals with all the ongoing management of AAP on Azure, while you focus on expanding your automation strategy within your organization across the hybrid cloud.

 

 

Azure Integrations

For many organizations using Azure today, there’s a huge benefit in taking advantage of AAP on Azure.  It runs in your Azure subscription.  It integrates seamlessly with many of the Azure services, Continue reading

Continuous Detection and Mitigation (CDM)

Overview

What is CDM?

The CDM model

Ansible for security automation

Ansible for the CDM use case

Summary

Where to go next

Overview

Per NASCIO, the top priority for state CIOs is cybersecurity and risk management. A key focus for this initiative is to leverage the Continuous Diagnostics and Mitigation (CDM) framework provided by the Cybersecurity and Infrastructure Security Agency (CISA). In this blog post we will explore a high level view of the CDM framework, review Ansible’s role in security automation and finally understand how Ansible can help agencies with Day 0 through Day 2 tasks while working with the CDM framework.

What is CDM?

Today more than ever, cyber threats mean that securing and defending our networks are of utmost importance. A recent report published by the National League of Cities revealed that an astonishing 44% of local governments report they experience a cyberattack daily or even hourly. So it is not surprising to see that cybersecurity and risk management is the number one priority for our state CIOs. With that background, let’s understand the CDM program.

Source: https://www.cisa.gov/cdm-training

 

The CDM framework is defined by CISA. CDM provides capabilities and tools that help identify Continue reading

Automating Applications and Servers at the Edge with Red Hat Ansible Automation Platform

Screen Shot 2022-05-03 at 10.32.12 AM

In my previous blog, Why 2022 will be the year for edge automation, we discussed the objective of edge solutions to bring resources closer to the end user or data source.

As edge expands its IT footprint and becomes an extension of the data center, bare-metal, virtual environments, private cloud and public cloud start to coexist as part of the infrastructure. 

While our customers move forward with their own automation journey, they are adding edge computing to the puzzle, with common automation challenges such as:

How to automate disparate architectures at scale

How do we reduce the operational burden, if the IT teams do not grow exponentially? 

What is needed to foster a collaborative automation practice?

As part of this blog we will go through a hybrid edge computing automation scenario. But let's start with the fundamental question: Why is hybrid cloud critical for edge computing?

 

Hybrid cloud to solve edge computing challenges

At the edge, geography matters

The fundamental need is to allocate resources closer to where the data is generated to pre-process the information before forwarding it to the data centers. The reason for this architectural change is to increase Continue reading

Technology Short Take 154

Welcome to Technology Short Take #154! My link of links and articles from around the Internet is a bit light on networking and virtualization this time around, but heftier in the security, cloud, and OS/application sections. I hope that I’ve managed to include something that you’ll find useful. Enjoy the content!

Networking

  • Lucas Pardue and Christopher Wood share a primer on proxies. (Hat tip to Matt Oswalt for putting this on my Twitter timeline.)
  • Ivan Pepelnjak talks about the 1.2.1 release of netsim-tools in this blog post.

Servers/Hardware

  • It seems like silicon photonics is something the industry has been talking about for years, but something that never seems to come to fruition. The Next Platform recently chatted with Andy Bechtolsheim about it; you can read the results of that discussion here.

Security

Event-driven remediation with systemd and Red Hat Ansible Automation Platform

Over the many years of working as an engineer and architect with a particular interest in storage, I have learned that donuts and energy drinks can really bring you some joy in trying situations. When it seems that your infrastructure is on fire and you need an exorcist to help you find the ghost in the machine, a humble box of glazed donuts can give you and your team a much-needed break and allow you to refocus. 

Now, the issue with this habit is that it might help you in the moment, but over time this can become a real health issue. Configuration drift, technical issues, and technical debt can all have similar effects on your health, increasing your heart rate and causing sleepless nights. Red Hat Ansible Automation Platform can assist you here with not only keeping your infrastructure in check, but also giving your teams the peace of mind that systems are running as they should. 

Being able to schedule compliance checks on your systems with Ansible Automation Platform enables you to preserve configuration and system states, and keep them running the way you prefer. But sometimes this is not proactive enough. What if you have Continue reading

New reference architecture: Red Hat Ansible Automation Platform 1.2 to 2 Migration Guide

 

Side-by-Side migration to Ansible Automation Platform 2

 

The release of Red Hat Ansible Automation Platform 2.1 comes with a re-imagined architecture that delivers exciting features such as automation mesh and automation execution environments among an entire suite of tools and components that enable enterprises to scale automation across their organizations.

With the importance of enterprise automation and taking advantage of the latest Ansible Automation Platform, we created a simple reference architecture to help guide you migrate from Ansible Automation Platform 1.2 to Ansible Automation Platform 2.

It consists of using a side-by-side methodology for the migration process via using the Ansible Automation Platform installer to do the migration and restoring a Database backup from a Ansible Automation Platform 1.2 cluster.  

 

Why are you going to love it?


Say goodbye to the guessing game of how you’ll migrate to the latest and greatest. Our goal is to simplify the migration planning, considerations and, most importantly, the step-by-step on how to do it. 

 

What will I find inside this reference architecture?

Inside this reference architecture you’ll find:

  • Migration considerations
  • Prerequisites
  • Infrastructure migration
  • Migrating virtual environments to automation execution environments

The migration considerations focus Continue reading

Deep dive on Ansible VScode extension

Ansible as part of the Red Hat Ansible Automation Platform continues to grow and mature. Recent enhancements include Ansible Content Collections, automation execution environments, and an increasing list of integrations using plugins and modules. It is more important than ever that both new and experienced content creators have access to tools that help them write better content faster. The newly created Ansible Devtools initiative focuses on developing and enhancing tools like ansible-navigator, Ansible VScode extension, ansible-lint and so on to help ease the Ansible automation content creator experience. In this blog, we will do a deep dive into the Ansible VSCode extension, giving an overview of how it works and the initial setup required to get it working after installation.

 

Evolution

The Ansible VSCode extension was initially a fork of Tomasz Maciążek’s VSCode extension. After the fork, the server and client-side code were decoupled into their own separate repositories to allow independent releases for both server and client.

  1. Ansible language server
  2. Ansible VSCode extension 

The Ansible Language Server is released as a node module on the npm repository, allowing it to be reused by other editors supporting language server protocol, while Continue reading

Technology Short Take 153

Welcome to Technology Short Take #153! My personal and professional life has kept me busy over the last couple of months, so things have been quiet here on the blog. I’ve still been collecting links to share with you, though, and here’s the latest collection. I hope you’re able to find something useful here!

Networking

  • This article contains some good information on IPv6 for those who are just starting to get more familiar with it, although toward the end it turns into a bit of an advertisement.
  • Want to understand kube-proxy, a key part of Kubernetes networking, a bit better? Start here. Arthur Chiao’s post on cracking kube-proxy is also an excellent resource—in fact, there’s so much information packed in there you may need to read it more than once.
  • Xavier Avrillier walks readers through using Antrea (a Kubernetes CNI built on top of Open vSwitch—a topic I’ve touched on a time or two) to provide on-premise load balancing in Kubernetes.

Servers/Hardware

  • Cabling is hardware, right? What happens to submarine cables when there are massive events, like a volcanic eruption? Ulrich Speidel shares some of the findings after the volcanic eruption in Tonga.

Security

1 9 10 11 12 13 125