open sourcing ansible openmunichopenmunich.eu/pdf/open_sourcing_ansible.pdf · open sourcing...
TRANSCRIPT
3
WHAT IS ANSIBLE AUTOMATION?
---- name: install and start apache hosts: all vars: http_port: 80 max_clients: 200 remote_user: root
tasks: - name: install httpd yum: pkg=httpd state=latest
- name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf
- name: start httpd service: name=httpd state=started
[user@hostname: $] ansible-playbook -i inventory playbook.yml
PLAY [install and start apache] ***********************************
TASK [Gathering Facts] ********************************************
ok: [webserver.local]
TASK [install httpd] **********************************************
changed: [webserver.local]
TASK [write the apache config file] ********************************
changed: [webserver.local]
TASK [start httpd] *************************************************
changed: [webserver.local]
PLAY RECAP *********************************************************
webserver.local : ok=4 changed=3 unreachable=0 failed=0
The Ansible project is an open source community sponsored by Red Hat. It’s also a simple automation language that perfectly describes IT application environments in Ansible Playbooks.
Ansible Engine is a supported product built from the Ansible community project.
Ansible Tower is an enterprise framework for controlling, securing, managing and extending your Ansible automation (community or engine) with a UI and RESTful API.
4
SIMPLE POWERFUL AGENTLESS
App deployment
Configuration management
Workflow orchestration
Network automation
Orchestrate the app lifecycle
Human readable automation
No special coding skills needed
Tasks executed in order
Usable by every team
Get productive quickly
Agentless architecture
Uses OpenSSH & WinRM
No agents to exploit or update
Get started immediately
More efficient & more secure
WHY ANSIBLE?
5
WHAT CAN I DO WITH ANSIBLE?
Automate the deployment and management of your entire IT footprint.
Orchestration
Do this...
Firewalls
Configuration Management
Application Deployment Provisioning Continuous
DeliverySecurity and Compliance
On these...
Load Balancers Applications Containers Clouds
Servers Infrastructure Storage And more...Network Devices
6 CONFIDENTIAL
HOW ANSIBLE WORKS
USERS
ANSIBLE PLAYBOOK
ANSIBLE’S AUTOMATION ENGINE
PLUGINS
API
MODULES
PUBLIC / PRIVATECLOUD
INVENTORY
CMDB PUBLIC / PRIVATE
CLOUD
ANSIBLE’S AUTOMATION ENGINE
CMDB
USERS
INVENTORY
NETWORK DEVICES
PLUGINS
API
MODULES
PUBLIC / PRIVATECLOUD
PUBLIC / PRIVATECLOUD
ANSIBLE PLAYBOOK
HOSTS
Applications
8
HOW DOES THE LANGUAGE LOOK LIKE?---
- name: install and start apache
hosts: web
become: yes
vars:
http_port: 80
tasks:
- name: httpd package is present
yum:
name: httpd
state: latest
- name: latest index.html file is present
copy:
src: files/index.html
dest: /var/www/html/
- name: httpd is started
service:
name: httpd
state: started
---
- name: install and start apache
hosts: web
become: yes
vars:
http_port: 80
tasks:
- name: httpd package is present
yum:
name: httpd
state: latest
- name: latest index.html file is present
copy:
src: files/index.html
dest: /var/www/html/
- name: httpd is started
service:
name: httpd
state: started
---
- name: install and start apache
hosts: web
become: yes
vars:
http_port: 80
tasks:
- name: httpd package is present
yum:
name: httpd
state: latest
- name: latest index.html file is present
copy:
src: files/index.html
dest: /var/www/html/
- name: httpd is started
service:
name: httpd
state: started
---
- name: install and start apache
hosts: web
become: yes
vars:
http_port: 80
tasks:
- name: httpd package is present
yum:
name: httpd
state: latest
- name: latest index.html file is present
copy:
src: files/index.html
dest: /var/www/html/
- name: httpd is started
service:
name: httpd
state: started
---
- name: install and start apache
hosts: web
become: yes
vars:
http_port: 80
tasks:
- name: httpd package is present
yum:
name: httpd
state: latest
- name: latest index.html file is present
copy:
src: files/index.html
dest: /var/www/html/
- name: httpd is started
service:
name: httpd
state: started
---- name: install and start nginx hosts: web become: yes vars: http_port: 80
tasks: - name: nginx package is present package: name: nginx state: latest
- name: config file is present and variable replaced template: src: files/nginx.conf.j2 dest: /etc/nginx/nginx.conf
- name: nginx is started service: name: nginx state: started
9
Ansible is the first automation language that can be read and written across IT.
Ansible is the only automation engine that can automate the entire application lifecycle and continuous delivery pipeline.
From development… …to production.
ANSIBLE PLAYBOOK
DEV/TEST Q/A OPERATIONS MANAGEMENT OUTSOURCERS
FOR WHOM IS THE LANGUAGE FOR?
10
CLOUD
AWS
Azure
CenturyLink
CloudScale
Digital Ocean
Docker
Linode
OpenStack
Rackspace
And more...
WINDOWS
ACLs
Files
Commands
Packages
IIS
Regedits
Shell
Shares
Services
DSC
Users
Domains
And more...
VIRT ANDCONTAINER
Docker
VMware
RHEV
OpenStack
OpenShift
Atomic
CloudStack
And more...
NETWORK
Arista
A10
Cumulus
Big Switch
Cisco
Cumulus
Dell
F5
Juniper
Palo Alto
OpenSwitch
And more...
NOTIFY
HipChat
IRC
Jabber
RocketChat
Sendgrid
Slack
Twilio
And more...
ANSIBLE SHIPS WITH OVER 1250 MODULES
13
CENTRAL INTEGRATION ACCESS
Simple, powerful API
Uses REST for quick adoption
No special agents or lib needed
Integrate with everything
Central place for everyone
Overview of present and past
Create workflows, schedule jobs
Have one common view
Teams and users enable RBAC
Deposit credentials securely
Assign access to unprivileged
Separate access and execution
14
WHAT IS ANSIBLE TOWER?
• Role-based access control
• Deploy entire applications with push-button deployment access
• All automations are centrally logged
Ansible Tower is an enterprise framework for controlling, securing and managing your Ansible automation – with a UI and RESTful API.
15
USE CASES
USERS
ANSIBLEPYTHON CODEBASE
OPEN SOURCE MODULE LIBRARY
PLUGINS
CLOUDAWS,GOOGLE CLOUD,AZURE …
INFRASTRUCTURELINUX,WINDOWS,UNIX …
NETWORKSARISTA, CISCO, JUNIPER …
CONTAINERSDOCKER, LXC …
SERVICESDATABASES, LOGGING,SOURCE CONTROL MANAGEMENT…
TRANSPORT
SSH, WINRM, ETC.
AUTOMATEYOUR
ENTERPRISE
ADMINS
ANSIBLE CLI & CI SYSTEMS
ANSIBLE PLAYBOOKS
….
ANSIBLETOWER
SIMPLE USER INTERFACE TOWER API
ROLE-BASEDACCESS CONTROL
KNOWLEDGE& VISIBILITY
SCHEDULED &CENTRALIZED JOBS
CONFIGURATIONMANAGEMENT
APP DEPLOYMENT
CONTINUOUSDELIVERY
SECURITY &COMPLIANCE
ORCHESTRATIONPROVISIONING
17
THE EARLY DAYS
● Founded in 2012● Feb 1, 2013: 1.0, featuring diff and check● March 4, 2013: AnsibleWorks as company started● June 10, 2013: Roles (1.2)● August 5, 2013: Ansibleworks AWX 1.2 (Tower!)● December 19, 2013: Galaxy● February 28, 2014: Vault (1.5)● August 6, 2014: Brace yourself, Windows is here!● August 19, 2014: Tower 2.0● October 16, 2015: Red Hat acquires Ansible● December 14, 2015: Galaxy 2.0 Beta● January 12, 2106: Ansible 2.0● May 26, 2016: Networking (2.1)● July 20, 2016: Tower 3.0● July 28, 2016: Ansible-Container released
HISTORY
19
PRESENT
Present days
● September 7, 2017: AWX released … open source, upstream Tower projectalso: Ansible Engine
● September 18, 2017: Ansible 2.4● October 2, 2017: Tower 3.2
23
DIFFERENCES
Tower vs AWX
● AWX is the upstream project● frequently released● fast moving● focus: features, features, features
24
DIFFERENCES
Tower vs AWX
● AWX is the upstream project● frequently released● fast moving● focus: features, features, features
● Tower is the product● selected releases, hardened, tested● long term support● services, training, packages, certifications● focus on: stability, security, reliability
It’s like Fedora and RHEL!
26
ENGINE
Ansible Engine
Ansible Engine is a supported product based on Ansible.
Read: CLI with support.
● Selected modules covered by the SLA● Support, fixes, and so on● Additional networking add-on available covering specifc modules
28
UPDATES
Ansible 2.4
● Python >= 2.6 !● multiple inventories, new inventory plugins
Tower 3.2
● Smart Inventories● Instance Groups● Isolated Nodes● Named URLs in API● API v2, btw….
30
THE LEGAL STUFF
The content set forth herein does not constitute in any way a binding or legal
agreement or impose any legal obligation or duty on Red Hat.
This information is provided for discussion purposes only and is subject to change for
any or no reason.
31
FUTURE
Ansible
● New loop technology● Further Python 3 - at some distant point Python 3 only● Better tools for contributors● facts namespaces
33
Have you used Ansible already? Try Tower for free: ansible.com/tower-trial
Would you like to learn Ansible? It’s easy to get started: ansible.com/get-started
Want to learn more?
Videos, webinars, case studies, whitepapers: ansible.com/resources
GETTING STARTED