AnsibleFest 2021 – What it means for Partners
As the weather turns to Fall, the seasons seem to parallel that of the technology cycles. Over the past couple of decades, we have seen various transformations within the high-tech area:
- From mainframe to distributed computing to hybrid cloud and now edge
- From databases to data warehouse to advanced analytics and machine learning
- From the challenges of storing a gigabyte of data, now grown to storing zetabytes+ of data per day.
All of this has moved businesses forward, driving great innovation. When it comes to infrastructure, nothing is more impactful than a core architectural update that fundamentally changes the way enterprises drive their business. Distributed computing, distributed architectures like cloud, hybrid cloud and edge computing reinforce this premise in the era of hybrid cloud computing.
The recent announcement of Red Hat Ansible Automation Platform 2 aligns to this blossoming hybrid cloud model, where automation meets the modern hybrid cloud environment. This represents a great opportunity for our Red Hat Ansible Partner Ecosystem.
AnsibleFest Announcements - Key Partner Takeaways
Red Hat recently held AnsibleFest 2021 which included some fantastic content that is still available on demand. I would like to highlight some of the exciting AnsibleFest news and Continue reading
Using Kustomize Components with Cluster API
I’ve been using Kustomize with Cluster API (CAPI) to manage my AWS-based Kubernetes clusters for quite a while (along with Pulumi for managing the underlying AWS infrastructure). For all the time I’ve been using this approach, I’ve also been unhappy with the overlay-based approach that had evolved as a way of managing multiple workload clusters. With the recent release of CAPI 1.0 and the v1beta1 API, I took this opportunity to see if there was a better way. I found a different way—time will tell if it is a better way. In this post, I’ll share how I’m using Kustomize components to help streamline managing multiple CAPI workload clusters.
Before continuing, I feel it’s important to point out that while the bulk of the Kustomize API is reasonably stable at v1beta1, the components portion of the API is still in early days (v1alpha1). So, if you adopt this functionality, be aware that it may change (or even get dropped).
More information on Kustomize components can be found in the Kustomize components KEP or in this demo document. The documentation on Kustomize components is somewhat helpful as well. I won’t try to rehash information found in those sources here, but Continue reading
Technology Short Take 147
Welcome to Technology Short Take #147! The list of articles is a bit shorter than usual this time around, but I’ve still got a good collection of articles and posts covering topics in networking, hardware (mostly focused on Apple’s processors), cloud computing, and virtualization. There’s bound to be something in here for most everyone! (At least, I hope so.) Enjoy your weekend reading!
Networking
- Chris Parker shares the reason why 65535 is not part of the private autonomous system range. It’s an interesting history lesson and explanation, even if you aren’t a networking nerd.
- Dmytro Shypovalov discusses ARP problems in EVPN. I laughed at his comment regarding people stepping on rakes (read the post).
- Evgeny Khabarov’s part 4 in a series on using Envoy as an API gateway talks about authentication and authorization (aka AuthN/AuthZ). In particular, Khabarov focuses on Envoy’s
ext_authzfilter, which is what allows Envoy to check with an authorization service to see if a request is permitted or denied. - I was having a bit of difficulty fully grokking the Original Destination feature in Envoy, and I found this article to be helpful in understanding how it works and is configured. Another very helpful resource on Continue reading
Boost your cloud-native deployments with Red Hat OpenShift
Cloud-native deployments are becoming the new normal. Being able to keep full control of the application lifecycle (deployment, updates, and integrations) is a strategic advantage. This article will explain how the latest release of the Ansible Content Collection for Red Hat OpenShift takes the redhat.openshift Collection to the next level, improving the performance of large automation tasks.
Red Hat OpenShift collection at a glance
The latest release of the redhat.openshift Collection introduces Ansible Turbo mode. Ansible Turbo mode enhances the performance of Ansible Playbooks when manipulating many Red Hat OpenShift objects. This is done by reusing existing API connections to handle new incoming requests, removing the overhead of creating a new connection for each request.
A real-world scenario
Red Hat OpenShift has become a leading platform that can handle many workloads in large enterprises dealing with multi-tenancy clusters. These are great candidates when different users, teams, and/or organizations are looking to run and operate in a shared environment.
One of the best features of Red Hat OpenShift is the capability to quickly and easily create and destroy resources (e.g., namespace, ConfigMaps, Pod). Even with relatively light usage, deploying each one Continue reading
Ansible for AWS: Introduction to Spot Instance Automation
What are Spot Instance and Spot Instance Requests?
A Spot Instance is an instance that uses spare AWS EC2 capacity that is available for less than the On-Demand price. Because Spot Instances provide the ability to request unused EC2 instances at steep discounts, it can lower your Amazon EC2 costs significantly.
Spot Instances are a cost-effective choice if you can be flexible about when your applications run and whether your applications can be interrupted. For example, Spot Instances are well-suited for data analysis, batch jobs, background processing, and optional tasks.
Managing Spot Instances with Ansible
So you want to manage your Spot Instance Requests with Ansible Automation Platform? When it comes to managing AWS resources, the Ansible Amazon AWS Collection includes a variety of Ansible content to help automate the management of AWS instances. Using Ansible to automate applications in AWS greatly increases the chances that your cloud initiative will be a success.
With the latest addition of new modules to the Ansible Amazon AWS Collection, we have introduced two new modules to help manage Spot Instance Requests efficiently.
The ec2_spot_instance module helps in creating as well as terminating the Spot Instance Requests, while it’s companion module, Continue reading
Influencing Cluster API AMI Selection
The Kubernetes Cluster API (CAPI) project—which recently released v1.0—can, if you wish, help manage the underlying infrastructure associated with a cluster. (You’re also fully able to have CAPI use existing infrastructure as well.) Speaking specifically of AWS, this means that the Cluster API Provider for AWS is able to manage VPCs, subnets, routes and route tables, gateways, and—of course—EC2 instances. These EC2 instances are booted from a set of AMIs (Amazon Machine Images, definitely pronounced “ay-em-eye” with three syllables) that are prepared and maintained by the CAPI project. In this short and simple post, I’ll show you how to influence the AMI selection process that CAPI’s AWS provider uses.
There are a couple different ways to influence AMI selection, and all of them have to do with settings within the AWSMachineSpec, which controls the configuration of an AWSMachine object. (An AWSMachine object is an infrastructure-specific implementation of a logical Machine object.) Specifically, there are these options for influencing AMI selection:
- You can instruct CAPI to use a specific AMI with the
amifield. (If this field is set, the other options do not apply.) - You can modify the lookup format used to Continue reading
What’s New: The Ansible AWS Collection 2.0 Release
When it comes to Amazon Web Services (AWS) infrastructure automation, the latest release of the Ansible amazon.aws Collection brings a set of fresh features to build, manage and govern various public and hybrid cloud use cases while accelerating the process from development to production.
In this blog post, we will go over what else has changed and highlight what’s new in the 2.0 release of this Ansible Content Collection.
Forward-looking Changes
Much of our work in the 2.0 release has been focused in the following areas:
- Enhancing several modules from the upstream community
- Promoting modules to being formally supported by Red Hat
- Releasing various new enhancements and clarifying supportability policies
New boto3/botocore Support Policy
Starting with the 2.0 amazon.aws Collection release, it is now the Collection’s policy to support the versions of botocore and boto3 that were released 12 months prior to the most recent major Collection release, as well as following semantic versioning (for example, 2.0.0, 3.0.0). Individual modules may require a more recent library version to support specific features or require the boto library. Check the amazon.aws Collection documentation for the minimum required version for each module. Continue reading
Creating Reusable Kuma Installation YAML
Using CLI tools—instead of a “wall of YAML”—to install things onto Kubernetes is a growing trend, it seems. Istio and Cilium, for example, each have a CLI tool for installing their respective project. I get the reasons why; you can build logic into a CLI tool that you can’t build into a YAML file. Kuma, the open source service mesh maintained largely by Kong and a CNCF Sandbox project, takes a similar approach with its kumactl tool. In this post, however, I’d like to take a look at creating reusable YAML to install Kuma, instead of using the CLI tool every time you install.
You might be wondering, “Why?” That’s a fair question. Currently, the kumactl tool, unless configured otherwise, will generate a set of TLS assets to be used by Kuma (and embeds some of those assets in the YAML regardless of the configuration). Every time you run kumactl, it will generate a new set of TLS assets. This means that the command is not declarative, even if the output is. Unfortunately, you can’t reuse the output, as that would result in duplicate TLS assets across installations. That brings me to the point of this Continue reading
Using the External AWS Cloud Provider for Kubernetes
In 2018, after finding a dearth of information on setting up Kubernetes with AWS integration/support, I set out to try to establish some level of documentation on this topic. That effort resulted in a few different blog posts, but ultimately culminated in this post on setting up an AWS-integrated Kubernetes cluster using kubeadm. Although originally written for Kubernetes 1.15, the process described in that post is still accurate for newer versions of Kubernetes. With the release of Kubernetes 1.22, though, the in-tree AWS cloud provider—which is what is used/described in the post linked above—has been deprecated in favor of the external cloud provider. In this post, I’ll show how to set up an AWS-integrated Kubernetes cluster using the external AWS cloud provider.
In addition to the post I linked above, there were a number of other articles I published on this topic:
- Setting up the AWS Cloud Provider
- Kubernetes, Kubeadm, and the AWS Cloud Provider
- Using Kubeadm to Add New Control Plane Nodes with AWS Integration
Most of the information in these posts, if not all of it, is found in the latest iteration, but I wanted to include these links here for some additional context. Also, Continue reading
Red Hat Ansible Automation Platform 2: Migration strategy considerations
Red Hat Ansible Automation Platform 2 introduces an updated architecture, new tools and an improved but familiar experience to automation teams. However, there are multiple considerations for your planning and strategy to migrate your current deployment to Ansible Automation Platform 2.
This document provides guidance to all of the stakeholders responsible for planning and executing an Ansible Automation Platform migration guidance with factors to address in your migration strategy.
This document does not provide a one-size-fits-all approach for migration. Various factors unique to your organization will impact the effort required, stakeholders involved and delivery plan.
What to consider before migrating
We understand that many factors specific to your needs affect your migration assessment and planning. This section highlights critical factors to determine your migration readiness and what approach will best suit your organization.
Assess your current environment
There will be configurations unique to your environment, and it’s crucial to perform a thorough technical assessment. We recommend including the following:
- Analyze your current Ansible Automation Platform installation, including current deployment patterns, integrations and any complexities relevant to the migration.
- Determine changes needed in your environment to meet the Ansible Automation Platform 2 technical requirements.
- Assess stakeholders’ readiness to plan and execute Continue reading
Kustomize Transformer Configurations for Cluster API v1beta1
The topic of combining kustomize with Cluster API (CAPI) is a topic I’ve touched on several times over the last 18-24 months. I first touched on this topic in November 2019 with a post on using kustomize with CAPI manifests. A short while later, I discovered a way to change the configurations for the kustomize transformers to make it easier to use it with CAPI. That resulted in two posts on changing the kustomize transformers: one for v1alpha2 and one for v1alpha3 (since there were changes to the API between versions). In this post, I’ll revisit kustomize transformer configurations again, this time for CAPI v1beta1 (the API version corresponding to the CAPI 1.0 release).
In the v1alpha2 post (the first post on modifying kustomize transformer configurations), I mentioned that changes were needed to the NameReference and CommonLabel transformers. In the v1alpha3 post, I mentioned that the changes to the CommonLabel transformer became largely optional; if you are planning on adding additional labels to MachineDeployments, then the change to the CommonLabels transformer is required, but otherwise you could probably get by without it.
For v1beta1, the necessary changes are very similar to v1alpha3, and (for the most part) are Continue reading
Technology Short Take 146
Welcome to Technology Short Take #146! Over the last couple of weeks, I’ve gathered a few technology-related links for you all. There’s some networking stuff, a few security links, and even a hardware-related article. But enough with the introduction—let’s get into the content!
Networking
- Denise Fishburne has a 7-part series on IPv6.
- Alec Muffett writes about DNS over HTTP over Tor, affectionately called DoHoT. As Alec shares in the article, it turns out that adding Tor to a “standard” DoH configuration doesn’t significantly impact performance (as measured by latency).
- Julia Evans recently released a tool named
dnspeepto help folks understand how DNS works. - Russ White shares Russ' rules for network design. I also really enjoyed his post on Keith’s Law.
Servers/Hardware
- Chris Mellor speculates that Cisco UCS may be on the way out; Kevin Houston responds with a “I don’t think so.” Who will be correct? I guess we will just have to wait and see.
Security
- Jimmy Mankowitz talks in some detail about using NSX-T in vSphere with Tanzu to secure applications.
- Here’s a conveniently compiled list of container CVEs.
- Lars Larsson discusses hardening Kubernetes beyond the NSA and CISA guidance.
Cloud Computing/Cloud Management
- Tom Kravitz' Continue reading
VMware resource MOID lookup filter
Are you trying to manage private clouds easily and efficiently using Ansible Automation Platform? When it comes to VMware infrastructure automation, the latest release of the vmware.vmware_rest Collection and new lookup plugins bring a set of fresh features to build, manage and govern various VMware use cases and accelerate the process from development to production.
The modules in the vmware.vmware_rest Collection rely on the resource MOID a lot. This is a design decision that we covered in an earlier blog. Consequently, when the users want to modify a VMware resource, they need to first write Ansible tasks to identify its MOID.
The new 2.1.0 release of vmware.vmware_rest Collection comes with a series of filter plugins dedicated to gathering the resource MOID. In this blog post, we will help you to keep your VMware automation playbooks concise.
But first, What is a MOID?
Internally VMware vSphere manages resources in the form of objects. Every object has a type and an ID. What we are calling MOID stands for Managed Object ID. Using the vSphere UI obfuscates the MOID logic from users and presents the objects in a visible hierarchy, potentially at several different locations.
Continue reading
Installing Cilium via a ClusterResourceSet
In this post, I’m going to walk you through how to install Cilium onto a Cluster API-managed workload cluster using a ClusterResourceSet. It’s reasonable to consider this post a follow-up to my earlier post that walked you through using a ClusterResourceSet to install Calico. There’s no need to read the earlier post, though, as this post includes all the information (or links to the information) you need. Ready? Let’s jump in!
Prerequisites
If you aren’t already familiar with Cluster API—hereafter just referred to as CAPI—then I would encourage you to read my introduction to Cluster API post. Although it is a bit dated (it was written in the very early days of the project, which recently released version 1.0). Some of the commands referenced in that post have changed, but the underlying concepts remain valid. If you’re not familiar with Cilium, check out their introduction to the project for more information. Finally, if you’re not familiar at all with the idea of ClusterResourceSets, you can read my earlier post or check out the ClusterResourceSet CAEP document.
Installing Cilium via a ClusterResourceSet
If you want to install Cilium via a ClusterResourceSet, the process looks something like this:
- Create Continue reading
What’s new in Ansible Automation Platform 2: automation content navigator
With the introduction of Red Hat Ansible Automation Platform 2, several new key components are being introduced as a part of the overall developer experience. This includes automation execution environments, introduced to provide predictable environments during automation runtime. All collection dependencies are contained within the execution environment to make sure that automation created in development environments runs the same as in production environments.
Building execution environments is now easier with the introduction of the execution environment builder (ansible-builder) tool included with Ansible Automation Platform, while the updates to automation controller help IT teams leverage execution environments.
Considering the shift towards containerized execution of automation, the automation development workflow and pre-existing tooling must be reimagined. In short, ansible-navigator replaces ansible-playbook and other ansible-*` command line utilities.
However, ansible-navigator serves a much greater purpose than just a drop in replacement or alias to ansible-playbook. With this release, ansible-navigator is introduced as an application exclusively for developing and executing automation. Ansible-playbook has long been one of the first utilities that is leveraged in an Ansible automated environment. Building on the ease of use, the automation content navigator exposes automation runs in greater detail. Apart from debugging Continue reading
What’s new in Ansible Automation Platform 2: private automation hub
We are excited to announce that the Ansible Automation Platform 2 release includes private automation hub 4.3. Private automation hub provides automation developers the ability to collaborate and publish their own automation content and streamline delivery of Ansible code within their organization.
Private automation hub in Ansible Automation Platform 2 primarily delivers support for automation execution environments. Execution environments are a standardized way to define, build and distribute the environments that the automation runs in. In a nutshell, automation execution environments are container images that allow for easier administration of Ansible by the platform administrator. If you are unfamiliar with execution environments, please refer to this blog written by Technical Marketing manager Anshul Behl.
Private automation hub will serve as the on-premises execution environment container image repository for customers who wish to use this feature, aimed at customers who run the platform on physical or virtual environments. Ansible Automation Platform will seamlessly integrate with private automation hub for publishing and pulling execution environment container images.
Who uses private automation hub?
Private automation hub is intended for curating automation content from creators and making it seamlessly accessible to operators. It makes it easy to share these execution environments, which make Continue reading
What’s new in Ansible Automation Platform 2: automation controller
Red Hat Ansible Automation Platform 2 is the next generation automation platform from Red Hat’s trusted enterprise technology experts. We are excited to announce that the Ansible Automation Platform 2 release includes automation controller 4.0, the improved and renamed Red Hat Ansible Tower.
Automation controller continues to provide a standardized way to define, operate and delegate automation across the enterprise. It also introduces new, exciting technologies and an enhanced architecture that enables automation teams to scale and deliver automation rapidly to meet ever-growing business demand.
Why was Ansible Tower renamed to automation controller?
As Ansible Automation Platform 2 continues to evolve, certain functionality has been decoupled (and will continue to be decoupled in 2.1) from what was formerly known as Ansible Tower. The naming change better reflects these enhancements and the overall position within the Ansible Automation Platform suite.
Who uses automation controller?
All automation team members interact with or rely on automation controller, either directly or indirectly.
- Automation creators develop Ansible Playbooks, roles and modules.
- Automation architects elevate automation across teams to align with IT processes and streamline adoption.
- Automation operators verify that the automation platform and framework are operational.
These roles are not necessarily dedicated to Continue reading
What’s new in Ansible Automation Platform 2: automation execution environments
Red Hat Ansible Automation Platform 2 is now available to customers. This release expands the possibilities of automation across your organization, with a more secure, flexible foundation to build and deploy automation with greater acceleration, orchestration and innovation.
As automation usage/practices/etc. spreads throughout an organization, managing multiple automation environments for different teams and use cases become challenging. This is even more true as automation starts to scale across the IT organization. As automation continues to be part of critical workflows, the following enhancements have been made in Ansible Automation Platform 2:
- Enables the Ansible Automation Platform administrator with the ability to provide and manage automation execution environments (see below) to differing groups, like networking and cloud teams. Each has specific content needs for their roles instead of addressing different environments as an individual.
- Provide the automation developers with a consistent Ansible environment that’s the same as production, so they can stop worrying about the automation environment and dependencies and focus more on the automation content itself.
- Enable automation teams to define, build and update their automation environments without requiring them to contact the platform administrator for changes to the platform.
- Build and distribute automation execution environments via private automation hub, Continue reading
Introducing Ansible Automation Platform 2
For the last two years, the Red Hat Ansible Automation Platform product team has been hard at work developing the next major release. We are incredibly excited to introduce Red Hat Ansible Automation Platform 2, which was just announced at AnsibleFest 2021.
What’s new in Ansible Automation Platform 2?
The main focus was to enhance the foundational pieces of the Ansible Automation Platform and to enable automators to automate at enterprise scale more easily and flexibly. This means everything you know and love about writing Ansible Playbooks is largely unchanged, but what is evolving is the underlying implementation of how automation is developed, managed, and operated in large complex environments. In the end, enterprise automation platforms must be designed, packaged, and supported with container native and hybrid cloud environments in mind.
So how did we get here? It’s been years in the making, which included the following changes:
1. Ansible content was separated from the Ansible executable in the Ansible Project, creating a new construct called an Ansible Content Collections to house Ansible modules, plugins, roles and more in a discrete and atomic form.
The vast majority of time recently has been spent relocating the majority of Ansible Continue readingTechnology Short Take 145
Welcome to Technology Short Take #145! What will you find in this Tech Short Take? Well, let’s see…stuff on Envoy, network automation, network designs, M1 chips (and potential open source variants!), a bevy of security articles (including a couple on very severe vulnerabilities), Kubernetes, AWS IAM, and so much more! I hope that you find something useful here. Enjoy!
Networking
- Adam Kotwasinski walks readers through deploying Envoy and Kafka to collect broker-level metrics.
- Ivan Pepelnjak shares some links and thoughts on configuring the NSX-T firewall with a CI/CD pipeline built on GitHub Actions and Terraform Cloud.
- Author “JulioPDX” (I couldn’t find the author’s real name on any of their online profiles) has an article on integrating Nornir with FastAPI.
- Vincent Bernat provides some feedback on Cisco pyATS and Genie Parser.
- Russ White shares some thoughts on the collapsed spine network design.
- Justin Pietsch talks about simplifying networks and the resulting engineering trade-offs.
Servers/Hardware
- Howard Oakley of The Eclectic Light Company discusses some details on Apple’s M1 chip and what it does differently than other chips. Also included in this post are links to other articles with even more details—very helpful.
- Are open source M1-style chips a possibility? This article Continue reading