Archive

Category Archives for "Systems"

How to Migrate your Ansible Playbooks to Support AWS boto3

Red Hat Ansible Automation Platform is known for automating Linux, Windows and networking infrastructure. While both the community version of Ansible and our enterprise offering, Red Hat Ansible Automation Platform, are prominently known for configuration management, this is just a small piece of what you can really achieve with Ansible’s automation. There are many other use-cases that Ansible Automation Platform is great at automating, such as your AWS, Azure or Google public cloud. 

Ansible Automation Platform can automate deployments, migrations and operational tasks for your public cloud. This is extremely powerful because you can orchestrate your entire infrastructure workflow, from cloud deployment, to instance configuration, to retirement, rather than requiring a point tool for each separate use-case. This also allows IT administrators to concentrate on automating business outcomes rather than individual technology silos.

Specifically for this blog, I wanted to cover converting your Ansible Playbooks for provisioning an instance on AWS from the unsupported ec2 module to the fully supported ec2_instance module. Amazon has deprecated their Software Development Kit (SDK) Boto in favor of the newer fully supported SDK Boto3. Alina Buzachis announced What's New: The Ansible AWS Collection 2.0 Release back in October 2021, which includes Continue reading

Forecasting and tracking the ROI of automation

Great ideas start with coffee, but business innovation starts with automation. Just like that morning jolt of warm friendly caffeine, Red Hat Ansible Automation Platform has the ability to enhance, optimize and make your technology stack flow like the beloved beverage most of the world consumes on a daily basis.

It is easy to discuss all the technical benefits that Ansible Automation Platform can bring to organizations, but what about the business benefits? How can you observe the state of your automation and return on investment (ROI)? How can you explain the financial impact of automation to key stakeholders? The answer to all of these questions is Red Hat Insights for Red Hat Ansible Automation Platform.

Red Hat Insights is an analytics platform to help you understand your automation efforts. It lets your data work for you by proactively identifying and correcting issues. Included as a hosted service offering with Ansible Automation Platform, Insights provides a visual dashboard to indicate automation performance, health notifications, organizational statistics, and more.

The most relevant features within Insights for IT business leaders and decision makers  who want to validate their automation strategy are Reports, Savings Planner and Automation Calculator

Tracking how automation Continue reading

Technology Short Take 152

Welcome to Technology Short Take #152! Normally I’d publish a Technology Short Take in the morning on a Friday, but I really wanted to get this one out so I’m making it live late in the day on a Monday. Here’s hoping I’ve included some content below that you find useful!

Networking

  • I was (and am) familiar with RFC 1918 and the concept of non-routable address spaces. However, I was not familiar with the term “bogons” to refer to such prefixes that should not be publicly routed. Thanks to this article, that oversight is now corrected. Oh, and the article shares a handy Python script to help implement bogon filtering in NSX-T.
  • Koyeb describes, at a high level, the global networking stack for their serverless platform. Components involved include the open source Kuma service mesh (in turn leveraging Envoy), anycast BGP, and mutual TLS (mTLS).
  • Ivan Pepelnjak does a great job of describing all the things you really shouldn’t do (or don’t really need to do) when trying to deal with migrating container hosts in a data center fabric. In truth, the answer is exactly as Ivan says at the top of the article: when it comes to Continue reading

Performance Improvements in Automation Controller 4.1

Red Hat Ansible Automation Platform 2 is the next generation automation platform from Red Hat’s trusted enterprise technology experts. With the release of Ansible Automation Platform 2.1, users now have access to the latest control plane – automation controller 4.1.

Automation controller helps standardize how automation is deployed, initiated, delegated, and audited, allowing enterprises to automate with confidence while reducing sprawl and variance. Users can manage inventory, launch and schedule workflows, track changes, and integrate into reporting, all from a centralized user interface and RESTful API.

Automation controller 4.1 provides significant performance improvements when compared to its predecessor Ansible Tower 3.8. To put this into context, we used Ansible Tower 3.8 to run jobs, capture various metrics while jobs were running/finished, and compare that with automation controller 4.1. This post highlights the significant performance improvements in automation controller 4.1.

Benchmark framework

In order to deep dive into the prospective performance enhancements with the latest automation controller, we at the performance engineering team at Red Hat created a benchmarking framework consisting of the following workflow:

  • Installation of RHEL 8.3 virtual machines with 4 CPU and 16 GB RAM deployed within the IBM Cloud
  • Continue reading

Edge Automation with NetGitOps on Red Hat Ansible Automation Platform 2

Network edge automation challenges 

As organizations grow and expand geographi cally, they start extending their IT infrastructure into the distributed and far edge layers through opening new branch offices. 

Restaurants, retail stores, and other customer-centric businesses provide differentiated wireless access for their employees, contractors and customers to interconnect within their designated areas. 

Configuring and managing multiple wireless settings via Red Hat Ansible Automation Platform simplifies the deployments at scale.

Network administrators can use GitOps practices to automate wireless infrastructure as a code (IaC).

This case covers a sample use case for a company that uses an SDN (software-defined network) controller with a large network infrastructure, including access points, switches, and firewalls/routers to provide connectivity for thousands of branches across multiple countries. We will show you step by step how to automate wireless network access point settings at scale through a SD-WAN controller, which will be Cisco Meraki for purposes of this demo.  

 

Considerations about using a source of control. Why not scripts?

Typically an SDN controller has an API. Having access to an SDN API is an advantage, since we have a single point of contact with the controller, and we can operate the whole network Continue reading

Five ways to get started with network automation

As many of you know, Red Hat Ansible Automation Platform is a highly flexible IT automation platform that can automate your Linux and Windows instances, your VMware private cloud, your AWS, Azure or Google public cloud, and even your security infrastructure.  Today I want to write about one of my favorite use-cases; using Ansible Automation Platform for network automation. It provides easy, highly customizable automation for your routers and switches so you can automate them just like any other IT infrastructure.

However, even though network automation has become increasingly popular, most organizations are still managing their network infrastructure manually by a CLI or GUI. Why is this? This manual CLI work often means that network engineers are reactive and constantly drowning with break-fix network issues because of manual mis-configurations, or the inability to implement change quickly and efficiently.

Because network engineers are so busy firefighting in their day job, they don’t have time to look at a new activity like automating, even though automation will save them time and money in the long run. I fundamentally believe that network automation is not an all or nothing situation.  You need to adopt network automation in small increments so you Continue reading

Using cert-manager with Kuma for mTLS

When configuring mutual TLS (mTLS) on the open source Kuma service mesh, users have a couple of different options. They can use a “builtin” certificate authority (CA), in which Kuma itself will generate a CA certificate and key for use in creating service-specific mTLS certificates. Users also have the option of using a “provided” CA, in which they must supply a CA certificate and key for Kuma to use when creating service-specific mTLS certificates. Both of these options are described on this page in the Kuma documentation. In this post, I’d like to explore the use of cert-manager as a “provided” CA for mTLS on Kuma.

Currently, Kuma lacks direct integration with cert-manager, so the process is a bit more manual than I’d prefer. If direct cert-manager integration is something you’d find useful, please consider opening an issue to that effect on the Kuma GitHub repository.

Assuming you have cert-manager installed already, the process for using cert-manager as the CA for a “provided” CA mTLS backend looks like this:

  1. Define the root CA in cert-manager.
  2. Prepare the secrets for Kuma.
  3. Configure the Kuma mesh object for mTLS.

I know these steps are really too high level to be useful Continue reading

Migrating from Python virtual environments to automation execution environments in Ansible Automation Platform 2

Red Hat Ansible Tower (included in Ansible Automation Platform 1.x) used Python virtual environments to manage dependencies and implement consistent automation execution across multiple Red Hat Ansible Automation Platform instances. This method of managing dependencies came with its own set of limitations:

  • Managing Python virtual environments across multiple Ansible Tower instances. 
  • Confirming custom dependencies across Ansible Tower instances grew in complexity as more end-users interacted with it.
  • Python virtual environments were tightly coupled to the control plane, resulting in Operations teams bearing the majority of the burden to maintain them.
  • There were no tools supported and maintained by Red Hat to manage custom dependencies across Ansible Automation Platform deployments.

Ansible Automation Platform 2 introduced automation execution environments. These are container images in which all automation is packaged and run, which includes components such as Ansible Core, Ansible Content Collections, a version of Python, Red Hat Enterprise Linux UBI 8, and any additional package dependencies.

 

Why should you upgrade?

Ansible Automation Platform 2, announced at AnsibleFest 2021, comes with a re-imagined architecture that fully decouples the automation control plane and execution plane. The new capabilities enable easier to scale automation across the globe and allow Continue reading

Ansible Automation Platform – A video tour

Many people are familiar with the community version of Ansible, the command line automation tool, but I wanted to elaborate on how our enterprise offering, Red Hat Ansible Automation Platform, and how it expands the possibilities of Ansible for our customers in Red Hat's most recent release.

Red Hat Ansible Automation Platform forges that open source innovation into a single, secure enterprise solution. We released our latest version Ansible Automation Platform 2.1 in December 2021, and there are a ton of new components, features and capabilities. So the technical marketing team put together a video tour of Ansible Automation Platform 2. It’s an 8 minute overview that we hope will provide automators with a useful guide to all of the new tools available to them, and how all the parts of Ansible Automation Platform fit together. 

 

If you’re looking to learn more about a specific component of the platform, you can jump right to it:

Private automation hub – Multi-Hub for resilience

Ansible Content Collections have become the new standard for distributing Ansible content (playbooks, roles, modules, and plugins). Collections have been fully supported since Ansible 2.9 and for the last 2 years, the Ansible community has been on a journey to move to this new way of packaging and consuming Ansible content. With Ansible 2.9, Collections were optional, but as of 2.10 they are a requirement. The ability to be able to install and use Collections as needed is increasingly important.

To help customers manage Collections, private automation hub was released with Red Hat Ansible Automation Platform 1.2. Private automation hub can be deployed in a datacenter or cloud provider and allows users to synchronise and curate content from various sources:

  • Certified and supported content from automation hub hosted on console.redhat.com
  • Self-supported community content from Ansible Galaxy
  • Private content

With private automation hub in place, customers can control the Ansible content that they publish and make available within their organisation. Users can either consume these Collections from the command line or directly from within automation controller. 

With this increased reliance on Collections and therefore private automation hub, Ansible Automation Platform 2.1 introduced the Continue reading

On-Demand execution with Red Hat OpenShift

Being able to dynamically scale infrastructure is no longer a nice-to-have - it is a requirement. The advent of cloud and container platforms have shifted the expectations in terms of consuming IT infrastructure and services. As a result, any tool that is used to manage infrastructure needs to be able to handle this ever-changing landscape. 

Red Hat Ansible Automation Platform provides customers with the tools that they need to build an automation solution. The component automation controller helps enterprises automate and scale with confidence. 

One of the ways we can scale our automation is to leverage container groups. Container groups are part of automation controller, and allow customers to leverage an existing OpenShift cluster to create on-demand execution capacity for Ansible Playbooks. When a job is executed from automation controller, it creates pods on the target OpenShift cluster, which runs the automation job. Once the job is complete, the pods are terminated. This provides a number of benefits:

  • Fewer wasted resources - infrastructure isn’t sitting idle while waiting for automation jobs. Once a job completes, the resources are instantly freed up.
  • Deliver execution capacity quicker - we don’t need to provision infrastructure up front.
  • Less focus on capacity Continue reading

How to Activate Red Hat Insights for Red Hat Ansible Automation Platform

Note: This blog refers to Red Hat Insights using Ansible Automation Platform 2.1. Automation controller is the control plane for Ansible Automation Platform, formerly known as Red Hat Ansible Tower.

An indispensable but sometimes overlooked tool included with an Ansible Automation Platform subscription is the cloud-based service, Red Hat Insights for Ansible Automation Platform.

Insights is a suite of reporting and analytics tools to help you identify, troubleshoot, and resolve operational, business, and security issues across your entire ecosystem. You can also use Insights to track the ROI of your automation investment and plan future automation projects to prioritize your efforts where they will have the biggest impact on your business.

Before you can start using Insights to better understand your automation estate and make data-driven decisions, you need to set up the flow of information from your enterprise into the Red Hat Hybrid Cloud Console.

What you’ll need to activate Insights for Ansible Automation Platform

In order to turn on Insights data collection, you’ll need:

Getting Started with Ansible.utils Collection for Playbook Creators: Part 2

Use Case: Operational state assessment using ansible.utils collection

In ansible.utils, there are a variety of plugins which we can use for operational state assessment of network devices. I overviewed the ansible.utils collection in part one of this two part blog series. If you have not reviewed part one, I recommend you do so, since I will build on this information in this part two blog. We will see how the ansible.utils collection can be useful in operational state assessment as an example use case.

In general, state assessment workflow has following steps:

  • Retrieve (Source of Truth)

  • Collect the current operational state from the remote host. 
  • Convert it into normalized structured data. Structured data can be in json, yaml format or any other format.
  • Store is an inventory variable.

  • Validate 

    • Define the desired state criteria in a standard based format, for example, as defined in a json schema format.
    • Retrieve operational state at runtime.
    • Validate the current state data against the pre-defined criteria to identify if there is any deviation.

  • Remediate 

    •  Implement required configuration changes to correct drift. 
    • Report on the change as an audit trail.

     

    How can ansible.utils collection Continue reading

    Getting Started with Ansible.utils Collection for Playbook Creators: Part 1

    The Ansible ansible.utils collection includes a variety of plugins that aid in the management, manipulation and visibility of data for the Ansible playbook developer. The most common use case for this collection is when you want to work with the complex data structures present in an Ansible playbook, inventory, or returned from modules. See each plugin documentation page for detailed examples for how these utilities can be used in tasks. In this two-part blog we will overview this collection in part one and see an example use case of using the utils collection in detail in part two.

     

    Plugins inside ansible.utils 

    Plugins are code which will augment ansible core functionality. This code executes on control node.it and gives options and extensions for the core features of Red Hat Ansible Automation Platform. This ansible.utils plugin collection includes:

    • Filter plugins
    • Lookup plugins
    • Test plugins
    • Modules

     

    Filter plugins

    Filter plugins manipulate data. With the right filter you can extract a particular value, transform data types and formats, perform mathematical calculations, split and concatenate strings, insert dates and times, and do much more. Ansible Automation Platform uses the standard filters shipped with Jinja2 and adds some specialized filter Continue reading

    Follow Up: Bootstrapping Servers into Ansible

    Seven years ago, I wrote a quick post on bootstrapping servers into Ansible. The basic gist of the post was that you can use variables on the Ansible command-line to specify hosts that aren’t part of your inventory or log in via a different user (useful if the host doesn’t yet have a dedicated Ansible user account because you want to use Ansible to create that account). Recently, though, I encountered a situation where this approach doesn’t work, and in this post I’ll describe the workaround.

    In one of the Slack communities I frequent, someone asked about using the approach described in the original blog post. However, they were having issues connecting. Specifically, this error was cropping up in the Ansible output (names have been changed to protect the innocent):

    fatal: [new-server.int.domain.test]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: [email protected]: Permission denied (publickey,password).", "unreachable": true}

    Now, this is odd, because the Ansible command-line being executed included the parameters I mentioned in the original blog post:

    ansible-playbook bootstrap.yml -i inventory/hosts -K --extra-vars "hosts=new-server.int.domain.test user=john"

    For some reason, though, it was ignoring that parameter and Continue reading

    Technology Short Take 151

    Welcome to Technology Short Take #151, the first Technology Short Take of 2022. I hope everyone had a great holiday season and that 2022 is off to a wonderful start! I have a few more links than normal this time around, although I didn’t find articles in a couple categories. Don’t worry—I’ll keep my eyes peeled and my RSS reader ready to pull in new articles in those categories for next time. And now for the content!

    Networking

    Servers/Hardware

    Getting Certificate Details from HashiCorp Vault

    It seems there are lots of tutorials on setting up a PKI (public key infrastructure) using HashiCorp Vault. What I’ve found missing from most of these tutorials, however, is how to get details on certificates issued by a Vault-driven PKI after the initial creation. For example, someone other than you issued a certificate, but now you need to get the details for said certificate. How is that done? In this post, I’ll show you a couple ways to get details on certificates issued and stored in HashiCorp Vault.

    For the commands and API calls I’ve shared below, I’m using “pki” as the name/path you (or someone else) assigned to a PKI secrets engine within Vault. If you’re using a different name/path, then be sure to substitute the correct name/path as appropriate.

    To use the Vault CLI to see the list of certificates issued by Vault, you can use this command:

    vault list pki/certs

    This will return a list of the serial numbers of the certificates issued by this PKI. Looking at just serial numbers isn’t terribly helpful, though. To get more details, you first need to read the certificate details (note singular “cert” here versus plural “certs” in the previous Continue reading

    Using Test-Driven Development for Kustomize Overlays

    I am by no means a developer (not by a long shot!), but I have been learning lots of development-related things over the last several years and trying to incorporate those into my workflows. One of these is the idea of test-driven development (see Wikipedia for a definition and some additional information), in which one writes tests to validate functionality before writing the code to implement said functionality (pardon the paraphrasing). In this post, I’ll discuss how to use conftest to (loosely) implement test-driven development for Kustomize overlays.

    If you’re unfamiliar with Kustomize, then this introductory article I wrote will probably be useful.

    For the discussion around using the principles of test-driven development for Kustomize overlays, I’ll pull in a recent post I did on creating reusable YAML for installing Kuma. In that post, I pointed out four changes that needed to be made to the output of kumactl install control-plane to make it reusable:

    1. Remove the caBundle value for all webhooks.
    2. Annotate all webhooks so that cert-manager will inject the correct caBundle value.
    3. Add a volume and volume mount to the “kuma-control-plane” Deployment.
    4. Change one of the environment variables for the “kuma-control-plane” Deployment to reference the volume added Continue reading

    Technology Short Take 150

    Welcome to Technology Short Take #150! This is the last Technology Short Take of 2021, so hopefully I’ll close the year out “with a bang” with this collection of links and articles on various technology areas. Bring on the content!

    Networking

    • Ivan Pepelnjak has a post on running network automation tools in a container. In fact, he’s already built some container images, and the post has information on running tools from his prebuilt container image. Well worth reading!
    • Tom Hollingsworth likens networking disaggregation to “cutting the cord” and switching away from cable.

    Servers/Hardware

    Security

    • Nicholas Weaver (no, not that Nick Weaver) discusses the Log4Shell vulnerability.
    • The Log4J vulnerability and associated exploits has been on many folks' minds, so it’s only natural that many security companies have been looking into how to mitigate this attack vector. Aqua Security has a write-up on some of their analysis here.
    • This is an older post, but it doesn’t look like I’ve linked to it before, so I thought I’d include Continue reading

    Review: OWC Thunderbolt 3 Dock

    About six months ago I purchased an OWC Thunderbolt 3 Dock to replace my Anker PowerElite Thunderbolt 3 Dock (see my review here). While there was nothing necessarily wrong with the Anker PowerElite, it lacked a digital audio port that I could use to send audio to a soundbar positioned under my monitor. (I’d grown accustomed to using a soundbar when my 2012 Mac Pro was my primary workstation.) In this post, I’ll provide a brief review of the OWC Thunderbolt 3 Dock.

    Note that I’m posting this as a customer. I paid for the dock with my own money, and I have not received any compensation of any kind from anyone for this review.

    First Impressions

    The OWC Thunderbolt 3 Dock feels well-built, but is larger than the Anker PowerElite. To be frank, I think I prefer the smaller footprint of the Anker PowerElite, but the added ports available on the OWC Thunderbolt Dock sealed the deal for me. Your priorities may be different, of course.

    As one might expect, setup was truly “plug-and-play.” I connected all my peripherals to the dock—see below for the list of what I use on a regular basis—and then plugged Continue reading

    1 11 12 13 14 15 126