0

Learn about Event-Driven Ansible at Red Hat Summit and AnsibleFest 2023

As you may have heard, AnsibleFest will be taking place at Red Hat Summit in Boston May 23-25. This change will allow you to harness everything that Red Hat technology has to offer in a single place and give you even more tools to address your automation needs. Join Ansible and automation-focused audiences to hear from Red Hat and Ansible leaders, customers, and partners while getting the latest on future Ansible product updates, community projects, and what’s coming in IT automation. 

Event-Driven Ansible is a key component to address the complexities of managing varying assets at scale. We announced this product feature as a developer preview last October at AnsibleFest 2022, and we are excited to talk even more about it.  So what can you expect to see about Event-Driven Ansible at AnsibleFest and Red Hat Summit this year? 

• Red Hat Summit keynote with a customer story around their use of Event-Driven automation
• AnsibleFest keynote about why the next wave of automation will be event-driven 
• Breakout sessions from Ansible experts and customers
• Hands on labs
• Discovery Theater mini sessions in the expo hall

Do you have questions about Event-Driven Ansible? Bring them to AnsibleFest and take advantage Continue reading

0

Take Ansible validated content to the next level with Event-Driven Ansible

Cloud computing has become an essential factor in IT transformation and business innovation. The highly dynamic nature of cloud environments, where new resources are constantly being added and removed, poses new challenges. One of the main challenges organizations face is the lack of visibility into the cloud environment. As cloud computing continues to grow in complexity, it can be challenging to keep track of all the different resources and applications that make up the infrastructure. This lack of visibility can make it difficult to maintain security policies and configurations, making the infrastructure vulnerable to attacks.

In this context, another challenge is the need to maintain compliance with industry regulations and standards. Depending on the industry and location, there may be specific regulations that organizations must comply with when storing and processing sensitive data in the cloud. Ensuring compliance can be a time-consuming and costly process.

Without automation and proactive monitoring, cloud environments are difficult and complex to manage. In this context, Ansible offers a plethora of tools, such as Ansible validated content and Event-Driven Ansible, that can help you to successfully mitigate security threats while also streamlining your operations and reducing costs.

In this blog post, we will show you Continue reading

0

IBM Starts Walking The Hybrid Cloud And AI Talking

If Big Blue is going to talk the hybrid cloud and AI talk, as it seems to do incessantly, then the company has to walk it. …

IBM Starts Walking The Hybrid Cloud And AI Talking was written by Timothy Prickett Morgan at The Next Platform.

0

Streamline Your Ansible Module Development with Content Builder

Photo by Hush Naidoo Jade Photography on Unsplash

Are you tired of manually creating Ansible modules for every new tool, cloud service, or appliance you need to manage? Look no further than the Ansible Content Builder. This powerful Python tool can generate Ansible modules for any appliance or service with a network CLI, NETCONF, or OpenAPI. In this blog post, we'll show you how to use the Content Builder to scaffold your Ansible modules to create good, consistent content for your cloud platform of choice. We'll also explore how the Content Builder can help you onboard new tools and services into the Ansible ecosystem with ease. So if you're looking to supercharge your Ansible workflow and automate any cloud platform, this post is for you!

The Ansible Content Collections for hybrid cloud automation house multiple modules. These modules handle the creation, deletion, modification (and more) of cloud resources. While developing individual modules for different resources of the cloud platform can lead to modularity and ease of use, reinventing the wheel can be error-prone and time-consuming. Standardizing the common steps that are similar but differ based on limited parameters can solve many problems encountered while developing these modules. This is achieved Continue reading

0

BGP Management with Ansible Validated Content using the network.bgp collection

At AnsibleFest 2022, we announced a new addition to the content ecosystem offered through the platform which is Ansible validated content. Ansible validated content is use cases-focused automation content that is packaged as Collections that contain Ansible plugins, roles and playbooks that you can use as an automation job through Red Hat Ansible Automation Platform.

Now that we understand what Ansible validated content is, we still have  to see what it brings to  network automation practices. We have already talked about a generic Ansible validated content for network automation which is network.base.

Network Border Gateway Protocol (BGP) is more focused  on very specific use cases –  managing BGP resources and neighborship,  platform-agnostic network automation and enhancing the experience of BGP management by providing production ready -content.

 

Network BGP Use Cases

The network.bgp Collection enables users to manage the BGP resources independent of platforms, as well as performing BGP health checks. It includes the following capabilities: 

• Build Brownfield Inventory. The `persist` action enables users to be able to get the BGP global and address family facts  and store it as inventory host_vars. The idea is to have this dynamic inventory as a single source of truth for Continue reading

0

Technology Short Take 167

Welcome to Technology Short Take #167! This Technology Short Take is a tad shorter than the typical one; I’ve been busy recently and my intake volume of content has gone down, thus resulting in fewer links to share with all of you! I opted to go ahead and publish a shorter Technology Short Take instead of making everyone wait around for a longer one. In any case, here’s hoping that I’ve included something useful for you!

Networking

• Jeff McLaughlin discusses what he calls the “war on expertise.”
• Ivan Pepelnjak has some very useful and very applicable information on VRF-aware DHCP relaying.
• Michał Iwańczuk shares some information on EVPN inline mode in NSX-T.
• Harikrishnan T wraps up a 4-part series on stateful active-active gateways in NSX. Links to the previous three posts are embedded in the article.

Servers/Hardware

• Manoj Kumar provides a beginner’s guide to Trusted Platform Module (TPM).

Security

• GitHub recently had to change their RSA SSH host key; be sure to check out the details.
• Google warns users about exploitable flaws in popular Android phones.
• Rory McCune examines some container security fundamentals that arise from the fact that “containers are just processes.”

Cloud Computing/Cloud Management

• Laurent Continue reading

0

What’s New: Cloud Automation with amazon.cloud 0.3.0

Last year, we made available an experimental alpha Ansible Content Collection of generated modules using the AWS Cloud Control API to interact with AWS services. Although the Collection is not intended for production, we are constantly trying to improve and extend its functionality and achieve its supportability in the future.

In this blog post, we will go over what else has changed and highlight what’s new in the 0.3.0 release of this Ansible Content Collection.

 

Forward-looking Changes

Much of our work in release 0.3.0 focused on releasing several new enhancements, clarifying supportability policies, and extending the automation umbrella by generating new modules. Let’s deep dive into it!

 

New boto3/botocore Versioning

The amazon.cloud Collection has dropped support for botocore<1.28.0 and boto3<1.25.0. Most modules will continue to work with older versions of the AWS Software Development Kit (SDK), however, compatibility with older versions of the AWS SDK is not guaranteed and will not be tested. 

 

New Ansible Support Policy

This Collection release drops support for  ansible-core<2.11. In particular, Ansible Core 2.10 and Ansible 2.9 are not supported. For more information, visit Ansible release documentation.

 

Continue reading

0

Ansible Automation Platform … You’re using it wrong.

5 things you didn’t know your Red Hat Ansible Automation Platform could do

When we think about automation, we tend to focus on efficiency. Automating simple or even complex tasks to streamline our processes - It’s one of the reasons organizations adopt and implement Red Hat Ansible Automation Platform. 

But what if we can take our automation abilities to the next level?

In this blog post, I’m going to highlight 5 things you didn’t know your Ansible Automation Platform could do.

 

Callback Plugins

Ever need a job to notify you, log events, or capture the performance of a playbook?

Say hello to callback plugins. These plugins provide a way for Ansible to respond to particular events. In order to enable callback plugins, you'll need to tweak your job settings and supply the directory location in the Ansible callback plugins section. 

For example, the log_plays callback plugin records playbook events to a log file, while the mail callback plugin can send emails on playbook failures. 

A list of available callback plugins can be found within the Ansible documentation. 

 

JSON Output

Looking for an easy way to view your Ansible output in JSON format? Take advantage Continue reading

0

Creating a Talos Linux Cluster on Azure with Pulumi

A little over a month ago I published a post on creating a Talos Linux cluster on AWS with Pulumi. Talos Linux is a re-thinking of your typical Linux distribution, custom-built for running Kubernetes. Talos Linux has no SSH access, no shell, and no console; instead, everything is managed via a gRPC API. This post is something of a “companion post” to the earlier AWS post; in this post, I’ll show you how to create a Talos Linux cluster on Azure with Pulumi.

The program I’ll share with you in this post is written in Go, but the process outlined in this post and the accompanying code is equally applicable in other languages supported by Pulumi. (TypeScript is a popular choice for lots of folks.) The code is available in this GitHub repository. It’s based on this documentation from Sidero Labs, and I also found this blog post to be helpful as well.

The Pulumi program follows this overall flow:

1. First, the program creates the base infrastructure objects that are required—a resource group, a virtual network, some subnets, and a network security group.
2. Next, it creates a load balancer, gets a public IP address for the load Continue reading

0

Ansible Validated Content: Introduction to infra.osbuild Collection

Introduction to the Image builder use case

During the last year we met with multiple edge customers, covering the automation needs for IT Linux infrastructure at scale across remote locations where there is often no IT staff on site. Think about retail stores, dark stores and warehouses where self-checkout, handhelds and POS devices hosting RHEL are distributed everywhere. 

For industrial setups and manufacture, this could be the scenario for small factor servers and storage hosting logging monitoring to gather information about operational activities, which are located in secure facilities. 

One of the recurrent needs for our customers with distributed devices is the ability to upgrade Linux devices faster, at scale, mostly due to regulations or security risks. Ideally, you should be able to patch at scale as soon as a vulnerability is identified. 

The main challenge with the traditional RPM patching model is that it is incremental, and frequently some Linux devices might have slight differences. That is why there are new edge-focused capabilities and models that start with the premise that you could and should test a whole base image, and once it passes your validations, it should be deployed into all the target devices that Continue reading

0

A Deeper Look: Red Hat Named a Leader in the Forrester Wave

This week, we announced that Red Hat has been named a leader in The Forrester Wave™ Infrastructure Automation, Q1 2023. In an effort to help explain this result from our point of view, the following blog answers some of the most frequently asked questions.

 

What is The Forrester Wave?

“The Forrester Wave™ is a guide for buyers considering their purchasing options in a technology marketplace and is based on our analysis and opinion. To offer an equitable process for all participants, Forrester follows a publicly available methodology, which we apply consistently across all participating vendors.” [source] 

Forrester has been a mainstay throughout people’s automation journeys, and Red Hat is proud to be recognized as a leader in the results of this Q1 2023 report.

 

What were the results?

Red Hat, specifically focused on Ansible Automation Platform, has been named a leader in the Q1, 2023 Forrester Wave™ Infrastructure Automation report. 

Refer to the following graphic, that can be viewed in the final report:

 

Download the Final Report

 

Why is this significant to us?

We believe Forrester is one of the most recognized technology analyst firms in the IT space, and Continue reading

0

New reference architecture: Deploying Ansible Automation Platform 2 on Red Hat OpenShift

It has arrived! The latest reference architecture showcasing the best practices for deploying Red Hat Ansible Automation Platform 2.3 on Red Hat OpenShift! 

 

Why are you going to love it?

With Ansible Automation Platform running on top of Red Hat OpenShift, you get the best of both worlds. You can now focus on what really matters - automation - while taking advantage of Red Hat Ansible Automation Platform Operator to do the heavy lifting of deploying, managing, scaling and upgrading your Ansible Automation Platform environment.

This reference architecture not only focuses on the step-by-step to deploy Red Hat Ansible Automation Platform 2.3 on Red Hat OpenShift, but focuses on key aspects including:

• Sizing your automation controller: Learn how to size your automation controller by understanding its control capacity and how many automation jobs can run concurrently.

• Resource management: Discover how to set resource requests and limits for the Ansible Automation Platform, ensuring that your deployment has enough resources to run smoothly and efficiently.

• Installation guidance: Understand key considerations prior to your deployment of Red Hat Ansible Automation Platform.
  

• Monitoring your Ansible Automation Platform: Learn how to use Prometheus and Grafana to monitor your Ansible Continue reading

0

Providing Terraform with that Ansible Magic

Late last year, we introduced a Red Hat Ansible Certified Collection Collection for Terraform. This was an important step in automation, as these two tools really are great together and leveraging Ansible's ability to orchestrate other tools in the enterprise made this a no-brainer. Terraform with its infrastructure as code (IaC) provisioning and Ansible’s strength in configuration as code are a synergy that cannot be ignored - we are better together! Organizations are now in the position to utilize their existing infrastructure as code manifests and extend their automation with Terraform and Ansible together.  

Now, we are back  with help from our partners at Kyndryl and XLAB and adding more value and magic to infrastructure as code - This time we have some extra muscle with an addition to the Red Hat Ansible Certified Content Collection: The Ansible provider for Terraform.

So what does the provider help us with?

Without a provider, we would need to rely on inventory plugins for the different cloud platforms and use filters to grab instance information from our freshly "Terraformed" infrastructure. This allows us to update our inventory so we can run automated tasks against these hosts. This is pretty smooth in Continue reading

0

Kubernetes Meets Event-Driven Ansible

In today’s fast paced world, every second counts and the ability to react to activities in a timely fashion can mean the difference between satisfying the needs of consumers and meeting Service-Level Agreements. Each are goals of Event-Driven Ansible, which seeks to further the reach of Ansible based automation by responding to events that meet certain criteria. These events can originate from a variety of sources, such as from an HTTP endpoint, messages on a queue or topic, or from public cloud resources. Kubernetes has become synonymous with managing infrastructure and applications in cloud native architectures and many organizations are reliant on these systems for running their business critical workloads. Automation and Kubernetes go hand in hand and Ansible already plays a role within this ecosystem. A new capability leveraging the Event-Driven Ansible framework is now available that extends the integration between both Ansible and Kubernetes so that Ansible automation activities can be triggered based on events and actions occurring within a Kubernetes cluster.

Event-Driven Ansible is designed using a concept called Rulebooks which consists of three main components:

• Actions - Triggering the execution of assets including an Ansible Playbook or module 
• Rules - Determination of whether received events Continue reading

0

Enhancing/Maximizing your Scaling capability with Automation Controller 2.3

Red Hat Ansible Automation Platform 2 is the next generation automation platform from Red Hat’s trusted enterprise technology experts. We are excited to announce that the Ansible Automation Platform 2.3 release includes automation controller 4.3.

In the previous blog, we saw that automation controller 4.1 provides significant performance improvements as compared to Red Hat Ansible Tower 3.8. Automation controller 4.3 is taking that one step further. We will elaborate on an important change with callback receiver workers in automation controller 4.3 and how it can have an impact on the performance.

 

Callback Receiver

The callback receiver is the process in charge of transforming the standard output of Ansible into serialized objects in the automation controller database. This enables reviewing and querying results from across all your infrastructure and automation.  This process is I/O and CPU intensive and requires performance considerations.

Every control node in automation controller has a callback receiver process. It receives job events that result from Ansible jobs. Job events are JSON structures, created when Ansible calls the runner callback plugin hooks. This enables Ansible to capture the result of a playbook run. The job event data structures contain Continue reading

0

Technology Short Take 166

Welcome to Technology Short Take #166! I’ve been collecting links for the last few weeks, and now it’s time to share them with all of you. There are some familiar names in the links below, but also some newcomers—and I’m really excited to see that! I’m constantly on the lookout for new sources (if you have a site you think I should check out, hit me up—my contact info is at the bottom of this post!). But enough of that, let’s get on with the content. Enjoy!

Networking

• Kevin Jin’s post on the APNIC blog about network automation tools is a great read. He discusses Netmiko, NAPALM, and Nornir in some detail, and provides some guidance around which network automation tool may be right for you.
• Rob Novak shares his experience in replacing Meraki with TP-Link Omada.
• Anton Kuliashov writes about why Palark uses Cilium for Kubernetes networking.
• Nick Buraglio discusses IPv6 Unique Local Addressing (ULA).
• Given how frequently I include content from Ivan, you can probably tell that I’m a big fan. This time I’m including two of his articles. In the first, he discusses the relationships between Layer 2 (VLAN) and Layer 3 (subnet) segments. In the Continue reading

0

Datacenter System Makers Leary But Not Weary

The central banks of the world, led by the European Central Bank and the US Federal Reserve, want to curb inflation and they are willing to cause a small recession or at least get very close to one to shock us all into controlling the acquisitive habits we developed during the lockdowns of the early years of the coronavirus pandemic. …

Datacenter System Makers Leary But Not Weary was written by Timothy Prickett Morgan at The Next Platform.

0

Troubleshoot RDS connectivity issues with Ansible validated content

The Ansible validated content cloud.aws_troubleshooting introduces a role named troubleshoot_rds_connectivity. This role helps you troubleshoot AWS Relational Database Service (RDS) connectivity issues from an EC2 instance.

The role diagnoses connectivity issues between an EC2 instance and an Amazon Relational Database Service instance by ensuring that the RDS instance is available and checking the associated security group rules, network access control lists, and route tables for potential connectivity issues.

To do this, the role will need the EC2 instance identifier to test connectivity from the RDS instance identifier to connect to.

Let's see how this can be used with the following example.

 

Configuration

We have an RDS instance and an EC2 instance running in the same VPC (virtual private cloud) with the CIDR block 10.1.0.0/16.

The RDS instance is running on two subnets with the following CIDR blocks 10.1.1.0/24 and 10.1.2.0/24.

The EC2 instance is running in another subnet in the VPC with the CIDR block 10.1.10.0/24. The EC2 instance has been assigned the following private IP address 10.1.10.41.

In the initial configuration, a security group is attached to the VPC with the following Continue reading

0

Maximize your hybrid cloud mastery with the Ansible validated content

Image Source

Image Source

In today's environment, mastering the hybrid cloud has become a key factor in IT transformation and business innovation. In this context, network complexity can be a nightmare, especially as organizations expand their infrastructure and embrace hybrid cloud and multi-cloud strategies. Without automation, monitoring and controlling network routing, infrastructure, and security in a hybrid and multi-cloud environment are difficult to manage. Furthermore, identifying and resolving network performance issues in these infrastructures are quite challenging.

In one of the previous blogs, titled  “Crank up your automation with Ansible validated content”, Nuno Martins highlighted the Ansible validated content included in Red Hat Ansible Automation Platform 2.3.

In this blog post, we will show you how to leverage the amazon.aws_troubleshooting Collection for hybrid cloud to troubleshoot network performance issues and maximize your hybrid cloud mastery. In particular, we’ll use the aws_troubleshooting.connectivity_troubleshooter role.

First, let’s take a look at  the amazon.aws_troubleshooting Collection.

 

Deep dive on cloud.aws_troubleshooting

Let’s take a deep look at  the amazon.aws_troubleshooting Collection. This Collection includes a variety of Ansible Roles to help troubleshoot AWS resources. The Collection includes the following roles:

• cloud.aws_troubleshooting.troubleshoot_rds_connectivity - A role to troubleshoot RDS Continue reading

0

Creating a Talos Linux Cluster on AWS with Pulumi

Talos Linux is a Linux distribution purpose-built for running Kubernetes. The Talos web site describes Talos Linux as “secure, immutable, and minimal.” All system management is done via an API; there is no SSH access, no shell, and no console. In this post, I’ll share how to use Pulumi to automate the creation of a Talos Linux cluster on AWS.

I chose to write my Pulumi program in Go, but you could—of course—choose to write it in any language that Pulumi supports (JavaScript/TypeScript, Python, one of the .NET languages, Java, or even YAML). I’ve made the Pulumi program available via this GitHub repository. It’s based on these instructions for standing up Talos Linux on AWS.

The Pulumi program has four major sections:

1. First, it creates the underlying base infrastructure needed for a Talos Linux cluster to run. This includes a VPC (and all the assorted other pieces, like subnets, gateways, routes, and route tables) and a load balancer. The load balancer is needed for the Kubernetes control plane, which we will bootstrap later in the program. This portion also creates the EC2 instances for the control plane.
2. Next, it uses the Talos Pulumi provider to generate the Talos Continue reading