5 use cases for automating your infrastructure with Ansible Automation Platform
Infrastructure automation is an area where systems administrators and IT operations teams can see some of the biggest benefits from automation, including time savings, reducing tedious manual work, and improving the overall health of their systems. In this blog, I've identified the top 5 infrastructure automation use cases for Ansible Automation Platform that you can deploy in your own environment, and I've incorporated new capabilities like Event-Driven Ansible to make managing your infrastructure even easier.
- Provisioning Red Hat Enterprise Linux with Ansible Automation Platform
Before you get started with any automation project, we typically recommend using automation analytics to plan and predict the potential cost savings to help prioritize which automation projects will deliver the biggest time and cost savings.
Then you can use Ansible Automation Platform to create a workflow to build or configure a cloud or datacenter instance for RHEL, while using surveys to gather additional user input to enable further customization to meet any system requirements. You can even introduce an IT service management ticketing option, then review the job success and confirm service availability.
Watch this video to see it in action:
- Managing Configuration and Drift with Ansible Automation Platform
Ongoing Continue reading
Fact-Gathering with Event-Driven Ansible for Microsoft Windows ITSM
The use of Event-Driven Ansible to enable fact gathering from events is considered a “Getting Started” type of use case, but it can be extremely powerful. This use case is simple and it is what we consider a “Read Only” type of action, meaning that we are not making any changes, but we are using the event to trigger a fact gathering process which we can later publish to the IT Service Management system.
The benefit with this is we are able to provide consistent automated troubleshooting and fact gathering which is used to enrich the ticketing systems, so when our engineers have a look at the incident, they have all the information they need to decide on the next steps to resolve the issue or situation. This can potentially save many hours of toil and ultimately save an organization money from reduced down time and faster resolutions. But, we are assuming that our technical teams will know what to do with this event data.
What if we could assist with filling the gap when an incident takes place, and we could receive information or even options on how to resolve the issues? This is where we could use Continue reading
Ansible can help with the Cisco IOS XE Software Web UI Privilege Escalation Vulnerability
CVE-2023-20198
Reference: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
Overview
Cisco recently published an advisory pertaining to an active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system.
Recommendations using Red Hat Ansible Automation Platform
In this blog, I will discuss a simple playbook that can help network admins quickly identify and remediate affected devices. To add additional capabilities for a large production environment, Red Hat Ansible Automation Platform could enhance the playbook run with additional capabilities (ticketing integrations, roles based access, workflow, self service, etc.).
Vulnerable Products
All Cisco IOS-XE based products are potentially at risk. The example playbook is located here.
In the example playbook we will explore its functionality using one of the Cisco Sandbox always-on routers
Determine the HTTP Server Configuration
The following portion of the playbook will determine the HTTP Server Configuration and print the results.
Cisco strongly recommends that customers disable the HTTP Continue reading
NEW!!! Getting started landing page for Ansible Automation Platform on Azure
This blog is co-authored by Tomas Znamenacek and Hicham (he-sham) Mourad
Introduction
We’re so excited to introduce you to the newest addition to Red Hat Ansible Automation Platform on Microsoft Azure – The new landing page! Now with new deployments, a single web page that consolidates all you need to know about Ansible Automation Platform on Azure, how to get started, as well as links to the Ansible Automation Platform applications, is now accessible.
Upon arriving at this getting started landing page, you will see three tiles on the overview page. You have the ability to launch each of the following Ansible applications from the tiles: automation controller, private automation hub, and automation analytics, as well as a direct link to the managed Azure product documentation.
The bottom portion of the overview page sets you up for success by providing links to all the enablement content you need. It specifically provides links to Ansible Automation Platform on Azure Knowledge Base articles, documentation, and how to contact and request support.
Another important area is the “Managed Azure Maintenance and Feature Updates” that provides the link to the maintenance updates and feature releases to Ansible Automation Platform on Azure. Stay Continue reading
Guest Post: Moving Secrets Where They Belong
by Simen A.W. Olsen
Pulumi recently shipped Pulumi ESC, which adds the “Environment” tab to Pulumi Cloud. For us at Bjerk, this means we can move secrets into a secrets manager like Google Secrets Manager. Let me show you how we did it!
We are already rotating secrets with our own CLI tool, which works fine, meaning we are getting notifications in our Slack channel—which everyone tends to ignore until something real breaks. If you are curious how we are handling it today, we are using our own NPM package that throws an exception if a secret has expired. To ensure everything works smoothly, we utilize a GitHub Actions workflow that is scheduled to run daily for drift checking.
The secrets are shared between stacks using StackReferences, which has served us well.
Improving security
One issue with our current setup is that we publicly store encrypted secrets in our repository. Previously, we’ve thought of using Google Secrets Manager with the GetSecret function. That comes with its own territory, such as permissions to the secret and managing those permissions—not to mention that we already use multiple secret managers/vaults.
Now, with Pulumi ESC, it’s time to pick this Continue reading
Red Hat Insights Collection for Event-Driven Ansible
Event-Driven Ansible became generally available in Ansible Automation Platform 2.4. As part of the release, Red Hat Insights and Ansible teams collaborated to implement and certify a Red Hat Insights collection integrating Insights events as a source of events for Ansible Automation Platform. This provides a consistent way to receive and handle events triggered from Insights to drive and track automation within the Ansible Automation Platform. The collection is available for installation on Ansible automation hub.
In this article, we explore how to get, configure and use the Red Hat Insights collection for Event-Driven Ansible, and provide an end-to-end example of an automation flow using Ansible Automation Platform and its Event-Driven Ansible functionality. Our goal is to automate the creation of a ServiceNow incident ticket with all relevant information when malware is detected by Insights on one of our Red Hat Enterprise Linux (RHEL) systems. We show how we can track and audit all automation from the Event-Driven Ansible controller as part of Ansible Automation Platform.
Introducing a new certified collection for Event-Driven Ansible
In a previous article, we looked at exposing and consuming Insights events to drive automation with Event-Driven Ansible. We validated that events triggered Continue reading
Seeding Ansible Automation Platform Content At Installation Time
In a previous blog, I announced the tech preview of containerized Red Hat Ansible Automation Platform. With that we introduced a new feature to enable you to pre-seed configuration and content at installation time. This blog will take you through how that works.
At Red Hat, we are very lucky to have some super talented people. Some of these great folks have worked tirelessly on producing Ansible Content Collections for managing configuration within the platform. Using this as the foundation, we have wrapped enablement around that to provide a fully automated way of doing this, in a seamless fashion.
The Benefits
Many people today already use a configuration-as-code (CaC) approach to managing the platform and laying down standards for their users. If that’s your case, then this simply extends and simplifies this capability.
If this is a new concept to you, then these examples may be of interest:
- Standardize your user’s out of the box (OOTB) experience, in one go, at installation time.
- Are there platform artifacts that you always need to apply to each and every installation? Define those as code and simply point the installation at that code and it will pre-configure the platform
- The ability Continue reading
Importing Ansible Validated Content into Private Automation Hub
Introduction
Ansible validated content is a set of collections containing pre-built YAML content (such as playbooks or roles) to address the most common automation use cases. You can use Ansible validated content out-of-the-box or as a learning opportunity to develop your automation skills. It's a trusted starting point to bootstrap your automation: use it, customize it and learn from it!
This content is curated by experts like the Red Hat Automation Community of Practice so:
- Use cases are based on successfully deployed customer examples
- Content creators are trusted and verified subject matter experts
- Content itself adheres to the latest best practices and guidelines issued by Red Hat’s engineering team
- Ansible validated content is tested against supported versions of Red Hat Ansible Automation Platform
Ansible Automation Platform is a trusted delivery system to access and leverage Ansible validated content in your organization.
How can I get this Ansible validated content into my Ansible Automation Platform on clouds (AWS, Azure, Google Cloud) deployment?
To do this there are a few short steps. Let’s walk through these together.
As part of your Ansible Automation Platform on cloud, you will also have a private automation hub. This is your own internal automation content Continue reading
Now serving: Event-Driven Ansible with a dash of durability
In the realm of automation, the ability to respond to events in real-time is a game-changer. At Red Hat, we've been pioneering in this space with Event-Driven Ansible, which can consume messages from various sources like AWS Simple Queue Service (SQS), Azure Service Bus, and Kafka to trigger automated actions. Today, we're excited to delve into a powerful integration pattern involving AWS Lambda, AWS SQS, and Event-Driven Ansible.
Imagine this: A SaaS application sends a webhook POST request. This request triggers a Lambda function, which validates an API key or other payload data, filters the payload, and sends a message to SQS. Event-Driven Ansible subscribes to the queue, consumes the message and triggers an automated action. Let's explore this workflow in detail.
The Workflow
Here's a visual representation of the workflow with AWS Lambda and AWS SQS:
Ideally, in this model, webhook POSTs should selectively be sent to the SQS queue. Rulebooks within Event-Driven Ansible have the ability to validate that a key within the header contains the specified value – but that means the message is already on my queue. I want to stop that from happening. In this case, my Lambda function should be able to validate Continue reading
Ansible Contributor Summit, Durham 2023
Ansible Contributor Summit, Durham 2023
The Ansible Contributor Summit is a full day working session for community contributors to interact with one another and meet with the Ansible development teams behind the projects like AWX, Galaxy NG, Molecule, Ansible Lint and Event-Driven Ansible. We will discuss important issues affecting the Ansible Community and help shape the future of collaboration.
We are happy to have the opportunity to do a second Contributor Summit this year, and this time it will be part of DjangoCon US 2023 in Durham, NC. Our previous experience co-locating the Contributor Summit with another related event was in February in Ghent, Belgium as part of CfgMgmtCamp 2023. It was so successful, we wanted to do it again with another great match.
Hello, Durham!
We will be meeting in the "Bull City", the home of Ansible itself and the inspiration for our beloved mascot, Ansibull. In case you didn't know, the Ansible office overlooks the Durham Bulls Athletic Park, and this mixed with Ansible word play is why you might see mentions of bulls and Ansibulls in Ansible land.
If you can't attend the event in person in Durham, worry not! Ansible Contributor Summit is a hybrid event, Continue reading
Announcing Containerized Ansible Automation Platform
Everything you know and love about Ansible Automation Platform in containerized form
We’re excited to announce something that we’ve been working on for a while now, the technical preview of a containerized Red Hat Ansible Automation Platform solution.
Currently, this will allow you to install and run containerized automation controller, Ansible automation hub, and the Event-Driven Ansible controller services on just one or more underlying RHEL hosts on x86_64 and ARM64 architectures. This does not require a kubernetes-based platform, as it just uses native RHEL podman on top of a RHEL host.
The rationale behind containerized Ansible Automation Platform
As Ansible Automation Platform evolved, we added more services and components into the stack. Over time, the increasing complexity and inter-dependencies between these components have introduced new challenges in terms of maintenance, installation, and support. They have also opened up opportunities for growth and innovation.
Containerized Ansible Automation Platform is the first step towards a more streamlined and improved platform management experience, incorporating our future vision and strategy.
The benefits
Just containerizing existing services was not enough for us, so we set some goals to provide:
- a slimmed down installation experience
- a layered installation approach
- a containerized Continue reading
New Ansible Galaxy
For awhile, the Red Hat Ansible team behind the components Ansible automation hub and Ansible cloud automation hub at console.redhat.com have been on a special ops mission to enhance the galaxy_ng code base that serves the aforementioned components to also serve galaxy.ansible.com, with the intention of replacing galaxy.ansible.com with a fresh code base.
Galaxy, a legacy far far away…
The current Galaxy service has been running at galaxy.ansible.com for many years and is hugely successful in the community. It drives and nurtures Ansible adoption by sharing prebuilt Ansible content that solves many automation challenges.
One of the statistics we are most proud of are the contributions of 33,965 individual automation answers by the community in either Ansible Content Collections or Ansible Roles. Some of the top ranking automation content includes AWS, VMware, Linux, and Windows. Community users are able to download content for free, self-supported and interact with authors via GitHub for any further help or enhancements.
- We are excited to announce that the galaxy.ansible.com code base is being updated with a host of exciting new features that the Ansible community can look forward to. Brought to Continue reading
New Ansible Galaxy
New Ansible Galaxy
For awhile, the Red Hat Ansible team behind the components Ansible automation hub and Ansible cloud automation hub at console.redhat.com have been on a special ops mission to enhance the galaxy_ng code base that serves the aforementioned components to also serve galaxy.ansible.com, with the intention of replacing galaxy.ansible.com with a fresh code base.
Galaxy, a legacy far far away…
The current Galaxy service has been running at galaxy.ansible.com for many years and is hugely successful in the community. It drives and nurtures Ansible adoption by sharing prebuilt Ansible content that solves many automation challenges.
One of the statistics we are most proud of are the contributions of 33,965 individual automation answers by the community in either Ansible Content Collections or Ansible Roles. Some of the top ranking automation content includes AWS, VMware, Linux, and Windows. Community users are able to download content for free, self-supported and interact with authors via GitHub for any further help or enhancements.
- We are excited to announce that the galaxy.ansible.com code base is being updated with a host of exciting new features that the Ansible community can look forward to. Brought to Continue reading
Ansible Contributor Summit, Durham 2023
The Ansible Contributor Summit is a full day working session for community contributors to interact with one another and meet with the Ansible development teams behind the projects like AWX, Galaxy NG, Molecule, Ansible Lint and Event-Driven Ansible. We will discuss important issues affecting the Ansible Community and help shape the future of collaboration.
We are happy to have the opportunity to do a second Contributor Summit this year, and this time it will be part of DjangoCon US 2023 in Durham, NC. Our previous experience co-locating the Contributor Summit with another related event was in February in Ghent, Belgium as part of CfgMgmtCamp 2023. It was so successful, we wanted to do it again with another great match.
Hello, Durham!
We will be meeting in the "Bull City", the home of Ansible itself and the inspiration for our beloved mascot, Ansibull. In case you didn't know, the Ansible office overlooks the Durham Bulls Athletic Park, and this mixed with Ansible word play is why you might see mentions of bulls and Ansibulls in Ansible land.
If you can't attend the event in person in Durham, worry not! Ansible Contributor Summit is a hybrid event, so you will Continue reading
Welcome to the new Ansible Community Forum
Today, we're delighted to announce the launch of the new Ansible Community Forum - a single starting point for questions and help, development discussions, events, and much more. Everyone is invited, whether you are an Ansible user, contributor or developer, we are all community! Register here to join us!
Hello Discourse!
Screenshot of the forum's main page
For those who are familiar with forums, we hope you'll feel right at home. For those who may be new, please don't worry! We have a list of tips & tricks here, and you're always welcome to check the guides and post in the feedback section to help us shape our online community.
Forums are only successful if they are used. To make that happen, the Ansible Community Team is looking to make this the real home of the Ansible Community - a place for users to get help, to find an event or local meetup, and a jumping-off point for development and contribution discussions. That means we need you to come and participate! Tell us what you're up to, post your thoughts or your questions, sign up for an event or two.
The Ansible Community is global, Continue reading
Assigning Tags by Default on AWS with Pulumi
Appropriately tagging resources on AWS is an important part of effectively managing infrastructure resources for many organizations. As such, an infrastructure as code (IaC) solution for AWS must have the ability to ensure that resources are always created with the appropriate tags. (Note that this is subtly different from a policy mechanism that prevents resources from being created without the appropriate tags.) In this post, I’ll show you a couple of ways to assign tags by default when creating AWS resources with Pulumi. Code examples are provided in Golang.
There are at least two ways (perhaps more) of handling this with Pulumi:
- Adding the default tags to the stack configuration
- Adding the default tags to an explicit provider
Each approach has its advantages and disadvantages, so there isn’t—in my opinion, at least—a definitive “best way” to doing this. The best way for you will depend on your specific circumstances.
In both cases, the solution involves modifying the configuration of the resource provider Pulumi uses to provision AWS resources. Pulumi supports the notion of both default providers and explicit providers. The former are created automatically and are configured via the stack configuration. (In fact, using stack configuration is currently the Continue reading
Welcome to the new Ansible Community Forum
Welcome to the new Ansible Community Forum
Today, we're delighted to announce the launch of the new Ansible Community Forum - a single starting point for questions and help, development discussions, events, and much more. Everyone is invited, whether you are an Ansible user, contributor or developer, we are all community! Register here to join us!
Hello Discourse!
Here is a screenshot of the forum's main page:
For those who are familiar with forums, we hope you'll feel right at home. For those who may be new, please don't worry! We have a list of tips & tricks here, and you're always welcome to check the guides and post in the feedback section to help us shape our online community.
Forums are only successful if they are used. To make that happen, the Ansible Community Team is looking to make this the real home of the Ansible Community - a place for users to get help, to find an event or local meetup, and a jumping-off point for development and contribution discussions. That means we need you to come and participate! Tell us what you're up to, post your thoughts or your questions, sign up for an Continue reading
Technology Short Take 170
Welcome to Technology Short Take #170! I had originally intended to get this published before the long Labor Day weekend, but didn’t quite have it ready. So, here you go—here’s your latest collection of links from around the internet focused on data center and cloud-related technologies. I hope that you find something useful here.
Networking
- Brent Salisbury shares some code intended to help you “ChatGPT your project documentation.” What does that mean, exactly? It’s about indexing your project documentation so as to expose it—and the information within it—via a user-friendly natural language model.
- This is a slightly older article (from January of this year) in which Josh Saul of Hedgehog pays homage to the achievements of Cumulus Networks in the open networking movement.
- Michael Kashin has a good post on source IP address selection in Linux.
- Amit Gupta shows how to install Cilium in Azure Kubernetes Service (AKS) without
kube-proxy. - Here are some design considerations for Wi-Fi 6E (6GHz) networks.
Servers/Hardware
- I must admit that I always wanted to have a Sun workstation, and I’ve had an interest in SunOS/Solaris for years (check out this link if you don’t believe me). So, it’s natural that this post on reliving Continue reading
Automate OpenShift with Red Hat Ansible Automation Platform
OpenShift meets Ansible
We have seen many organizations compare themselves on how agile they are in the innovation journeys. When we talk about innovation, there are several aspects around it, like optimizing the existing IT, integrating apps/data/processes, adding and managing cloud infrastructure or modernizing the applications. But in order to partner with lines of business to better compete, there is a need to introduce automation.
If someone asks, “What can we automate?” Below is my answer:
"Every non-interruptive CLI command or any UI which exposes a REST-API is an opportunity to automate."
Whether it be orchestrating configurations, deploying applications or managing infrastructure, etc.
Red Hat Ansible Automation Platform does all that!
Whether managing cloud or cloud-native systems, there is no difference. In this article, I’ll go through integrating an OpenShift cluster with Ansible Automation Platform to help automating Day 0 and Day 2 activities.
Tying OpenShift with Ansible Automation Platform
When it comes to container orchestration, Red Hat OpenShift has emerged as the leading enterprise level solution, providing a robust platform to manage and scale complex applications with ease. However, manual deployment and management of these applications can be labor intensive and prone to issues.
Event-Driven Ansible – ChatOps – From Chat to Action
Like any well-rounded individual, in times of intense concentration, you will find me talking to myself in search of some hidden knowledge that I might have received in a dream, or perhaps quoting something from a fantasy novel about wizards and creatures in an attempt to fix a problem. Unfortunately, wearing a robe and shouting “Repairo Network!” while pointing my pen toward the device has yet to help in any situation.
At the 2023 AnsibleFest, as part of the main stage demonstration, I used the magic of Event-Driven Ansible to integrate ChatOps in our fictional infrastructure drama. ChatOps is not new, but I think it's a pretty cool way to make changes or interact with your infrastructure.
We know that Event-Driven Ansible requires a source for events, a list of conditions which we call rulesets, and ultimately an action to match those conditions, which makes it perfect to use as a chatbot-type system.
For me to have a heart-to-heart with my beloved network, I will need to configure my chat as a source of events for Event-Driven Ansible, and to do this, I will use the webhook source plugin, which is part of the ansible.eda collection. Continue reading