open sourcing ansible openmunichopenmunich.eu/pdf/open_sourcing_ansible.pdf · open sourcing...

33
OpenMunich December 1, 2017 OPEN SOURCING ANSIBLE Roland Wolters Senior Product Manager, Red Hat GmbH

Upload: voliem

Post on 26-Jul-2018

292 views

Category:

Documents


1 download

TRANSCRIPT

OpenMunichDecember 1, 2017

OPEN SOURCINGANSIBLE

Roland WoltersSenior Product Manager, Red Hat GmbH

2

AUTOMATE REPEAT IT

3

WHAT IS ANSIBLE AUTOMATION?

---- name: install and start apache hosts: all vars: http_port: 80 max_clients: 200 remote_user: root

tasks: - name: install httpd yum: pkg=httpd state=latest

- name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf

- name: start httpd service: name=httpd state=started

[user@hostname: $] ansible-playbook -i inventory playbook.yml

PLAY [install and start apache] ***********************************

TASK [Gathering Facts] ********************************************

ok: [webserver.local]

TASK [install httpd] **********************************************

changed: [webserver.local]

TASK [write the apache config file] ********************************

changed: [webserver.local]

TASK [start httpd] *************************************************

changed: [webserver.local]

PLAY RECAP *********************************************************

webserver.local : ok=4 changed=3 unreachable=0 failed=0

The Ansible project is an open source community sponsored by Red Hat. It’s also a simple automation language that perfectly describes IT application environments in Ansible Playbooks.

Ansible Engine is a supported product built from the Ansible community project.

Ansible Tower is an enterprise framework for controlling, securing, managing and extending your Ansible automation (community or engine) with a UI and RESTful API.

4

SIMPLE POWERFUL AGENTLESS

App deployment

Configuration management

Workflow orchestration

Network automation

Orchestrate the app lifecycle

Human readable automation

No special coding skills needed

Tasks executed in order

Usable by every team

Get productive quickly

Agentless architecture

Uses OpenSSH & WinRM

No agents to exploit or update

Get started immediately

More efficient & more secure

WHY ANSIBLE?

5

WHAT CAN I DO WITH ANSIBLE?

Automate the deployment and management of your entire IT footprint.

Orchestration

Do this...

Firewalls

Configuration Management

Application Deployment Provisioning Continuous

DeliverySecurity and Compliance

On these...

Load Balancers Applications Containers Clouds

Servers Infrastructure Storage And more...Network Devices

6 CONFIDENTIAL

HOW ANSIBLE WORKS

USERS

ANSIBLE PLAYBOOK

ANSIBLE’S AUTOMATION ENGINE

PLUGINS

API

MODULES

PUBLIC / PRIVATECLOUD

INVENTORY

CMDB PUBLIC / PRIVATE

CLOUD

ANSIBLE’S AUTOMATION ENGINE

CMDB

USERS

INVENTORY

NETWORK DEVICES

PLUGINS

API

MODULES

PUBLIC / PRIVATECLOUD

PUBLIC / PRIVATECLOUD

ANSIBLE PLAYBOOK

HOSTS

Applications

7

ANSIBLETHE LANGUAGE OF DEVOPS

8

HOW DOES THE LANGUAGE LOOK LIKE?---

- name: install and start apache

hosts: web

become: yes

vars:

http_port: 80

tasks:

- name: httpd package is present

yum:

name: httpd

state: latest

- name: latest index.html file is present

copy:

src: files/index.html

dest: /var/www/html/

- name: httpd is started

service:

name: httpd

state: started

---

- name: install and start apache

hosts: web

become: yes

vars:

http_port: 80

tasks:

- name: httpd package is present

yum:

name: httpd

state: latest

- name: latest index.html file is present

copy:

src: files/index.html

dest: /var/www/html/

- name: httpd is started

service:

name: httpd

state: started

---

- name: install and start apache

hosts: web

become: yes

vars:

http_port: 80

tasks:

- name: httpd package is present

yum:

name: httpd

state: latest

- name: latest index.html file is present

copy:

src: files/index.html

dest: /var/www/html/

- name: httpd is started

service:

name: httpd

state: started

---

- name: install and start apache

hosts: web

become: yes

vars:

http_port: 80

tasks:

- name: httpd package is present

yum:

name: httpd

state: latest

- name: latest index.html file is present

copy:

src: files/index.html

dest: /var/www/html/

- name: httpd is started

service:

name: httpd

state: started

---

- name: install and start apache

hosts: web

become: yes

vars:

http_port: 80

tasks:

- name: httpd package is present

yum:

name: httpd

state: latest

- name: latest index.html file is present

copy:

src: files/index.html

dest: /var/www/html/

- name: httpd is started

service:

name: httpd

state: started

---- name: install and start nginx hosts: web become: yes vars: http_port: 80

tasks: - name: nginx package is present package: name: nginx state: latest

- name: config file is present and variable replaced template: src: files/nginx.conf.j2 dest: /etc/nginx/nginx.conf

- name: nginx is started service: name: nginx state: started

9

Ansible is the first automation language that can be read and written across IT.

Ansible is the only automation engine that can automate the entire application lifecycle and continuous delivery pipeline.

From development… …to production.

ANSIBLE PLAYBOOK

DEV/TEST Q/A OPERATIONS MANAGEMENT OUTSOURCERS

FOR WHOM IS THE LANGUAGE FOR?

10

CLOUD

AWS

Azure

CenturyLink

CloudScale

Digital Ocean

Docker

Google

Linode

OpenStack

Rackspace

And more...

WINDOWS

ACLs

Files

Commands

Packages

IIS

Regedits

Shell

Shares

Services

DSC

Users

Domains

And more...

VIRT ANDCONTAINER

Docker

VMware

RHEV

OpenStack

OpenShift

Atomic

CloudStack

And more...

NETWORK

Arista

A10

Cumulus

Big Switch

Cisco

Cumulus

Dell

F5

Juniper

Palo Alto

OpenSwitch

And more...

NOTIFY

HipChat

IRC

Jabber

Email

RocketChat

Sendgrid

Slack

Twilio

And more...

ANSIBLE SHIPS WITH OVER 1250 MODULES

11

AUTOMATION FOR TEAMSAnsible Tower technical introduction and overview

12

SIMPLE POWERFUL AGENTLESS

WHAT IS MISSING?

13

CENTRAL INTEGRATION ACCESS

Simple, powerful API

Uses REST for quick adoption

No special agents or lib needed

Integrate with everything

Central place for everyone

Overview of present and past

Create workflows, schedule jobs

Have one common view

Teams and users enable RBAC

Deposit credentials securely

Assign access to unprivileged

Separate access and execution

14

WHAT IS ANSIBLE TOWER?

• Role-based access control

• Deploy entire applications with push-button deployment access

• All automations are centrally logged

Ansible Tower is an enterprise framework for controlling, securing and managing your Ansible automation – with a UI and RESTful API.

15

USE CASES

USERS

ANSIBLEPYTHON CODEBASE

OPEN SOURCE MODULE LIBRARY

PLUGINS

CLOUDAWS,GOOGLE CLOUD,AZURE …

INFRASTRUCTURELINUX,WINDOWS,UNIX …

NETWORKSARISTA, CISCO, JUNIPER …

CONTAINERSDOCKER, LXC …

SERVICESDATABASES, LOGGING,SOURCE CONTROL MANAGEMENT…

TRANSPORT

SSH, WINRM, ETC.

AUTOMATEYOUR

ENTERPRISE

ADMINS

ANSIBLE CLI & CI SYSTEMS

ANSIBLE PLAYBOOKS

….

ANSIBLETOWER

SIMPLE USER INTERFACE TOWER API

ROLE-BASEDACCESS CONTROL

KNOWLEDGE& VISIBILITY

SCHEDULED &CENTRALIZED JOBS

CONFIGURATIONMANAGEMENT

APP DEPLOYMENT

CONTINUOUSDELIVERY

SECURITY &COMPLIANCE

ORCHESTRATIONPROVISIONING

16

YESTERDAY

17

THE EARLY DAYS

● Founded in 2012● Feb 1, 2013: 1.0, featuring diff and check● March 4, 2013: AnsibleWorks as company started● June 10, 2013: Roles (1.2)● August 5, 2013: Ansibleworks AWX 1.2 (Tower!)● December 19, 2013: Galaxy● February 28, 2014: Vault (1.5)● August 6, 2014: Brace yourself, Windows is here!● August 19, 2014: Tower 2.0● October 16, 2015: Red Hat acquires Ansible● December 14, 2015: Galaxy 2.0 Beta● January 12, 2106: Ansible 2.0● May 26, 2016: Networking (2.1)● July 20, 2016: Tower 3.0● July 28, 2016: Ansible-Container released

HISTORY

18

TODAY

19

PRESENT

Present days

● September 7, 2017: AWX released … open source, upstream Tower projectalso: Ansible Engine

● September 18, 2017: Ansible 2.4● October 2, 2017: Tower 3.2

20

AWX

21

WHY?

Q: Why is Red Hat doing this?

22

WHY?

Q: Why is Red Hat doing this?

Because this is what Red Hat does.

23

DIFFERENCES

Tower vs AWX

● AWX is the upstream project● frequently released● fast moving● focus: features, features, features

24

DIFFERENCES

Tower vs AWX

● AWX is the upstream project● frequently released● fast moving● focus: features, features, features

● Tower is the product● selected releases, hardened, tested● long term support● services, training, packages, certifications● focus on: stability, security, reliability

It’s like Fedora and RHEL!

25

ENGINE

Ansible Engine

Ansible Engine is a supported product based on Ansible.

26

ENGINE

Ansible Engine

Ansible Engine is a supported product based on Ansible.

Read: CLI with support.

● Selected modules covered by the SLA● Support, fixes, and so on● Additional networking add-on available covering specifc modules

27

UPDATES

Ansible 2.4

● Python >= 2.6 !● multiple inventories, new inventory plugins

28

UPDATES

Ansible 2.4

● Python >= 2.6 !● multiple inventories, new inventory plugins

Tower 3.2

● Smart Inventories● Instance Groups● Isolated Nodes● Named URLs in API● API v2, btw….

29

TOMORROW

30

THE LEGAL STUFF

The content set forth herein does not constitute in any way a binding or legal

agreement or impose any legal obligation or duty on Red Hat.

This information is provided for discussion purposes only and is subject to change for

any or no reason.

31

FUTURE

Ansible

● New loop technology● Further Python 3 - at some distant point Python 3 only● Better tools for contributors● facts namespaces

32

FUTURE

AWX / Tower

● Containerizing (on OpenShift, for example)● Scaling

33

Have you used Ansible already? Try Tower for free: ansible.com/tower-trial

Would you like to learn Ansible? It’s easy to get started: ansible.com/get-started

Want to learn more?

Videos, webinars, case studies, whitepapers: ansible.com/resources

GETTING STARTED