Developing Advanced Automation with Red Hat Ansible Automation Platform
Abstract
| Goal |
Explain what automation controller is and demonstrate how to use it to run playbooks that you developed with automation content navigator. |
| Objectives |
|
| Sections |
|
| Lab |
|
Describe the architecture and use cases of the automation controller component of Red Hat Ansible Automation Platform.
Red Hat Ansible Automation Platform 2 includes a component called automation controller, which was called Red Hat Ansible Tower in earlier versions of Ansible Automation Platform. Automation controller provides a centralized hub that you can use to run your Ansible automation code.
Enterprise IT organizations need a way to define and embed automation workflows for other tools and processes. They also need reliable and scalable automation execution, and a centralized system that supports auditing.
With automation controller, companies can automate with confidence and reduce automation drift and variance across the enterprise by standardizing how automation deploys in one centralized location.
Automation controller provides a framework for running and managing Ansible efficiently on an enterprise scale. Automation controller maintains organization security by introducing features such as a centralized web UI for playbook management, role-based access control (RBAC), and centralized logging and auditing. You can integrate an enterprise's existing workflows and tool sets, such as enabling continuous integration and deployment, by using the automation controller REST API. Automation controller provides mechanisms to enable the centralized use and control of machine credentials and other secrets without exposing the credentials or secrets to the end users of automation controller.
The introduction of automation execution environments in Red Hat Ansible Automation Platform 2 decouples the automation controller control plane from its execution environment.
Red Hat Ansible Tower 3.8 and earlier tightly coupled the execution environment to the system that ran Ansible Tower. Sometimes, this tight coupling required you to manage the dependencies of various modules needed to run Ansible Playbooks. If two playbooks required different environments, then you needed to create one or more Python virtual environments on the Ansible Tower system to manage the different dependencies and requirements. Some enterprises ended up with tens or hundreds of Python virtual environments.
Automation controller improves this architecture significantly. Instead of using the system executables and Python installation or virtual environment, automation controller uses automation execution environments. These environments are container images that you can pull from a central container registry, install on automation controller, and manage through a web UI. If needed, then you can create custom automation execution environments. After confirming that a custom automation execution environment works with your automation code, you can publish the container image to a container registry and then make the new or updated automation execution environment available to automation controller. Using the same automation execution environment helps ensure that automation code runs consistently on both your system and in automation controller.
Compare the previous Red Hat Ansible Tower architecture shown in Figure 3.1 to the updated automation controller architecture shown in Figure 3.2.
 |
Centralized, monolithic application
Control node contains the control plane and the execution plane
Poor scalability from a rigid architecture
 |
Decentralized, modular application
Control plane and execution plane decoupled
Containerized virtual environments
Scale as needed, on-demand by using container orchestrators
This design enables automation controller to run the control plane (with the web UI and API) on the automation controller system, and run automation execution environments on other machines closer to the managed systems, enabling increased efficiency and scaling.
Automation controller offers many features for controlling, securing, and managing Ansible in an enterprise environment, such as:
- Visual Dashboard
The automation controller web UI displays a dashboard that provides a summary of an enterprise's entire Ansible environment. You can use the automation controller dashboard to review the current status of hosts and inventories, and the results of recent job executions. Automation controller's upgraded web UI provides better security and performance and improves observability with new filtering capabilities and distinct views.
- Role-based Access Control (RBAC)
Automation controller uses a role-based access control (RBAC) system, which maintains security when streamlining user access management. You can assign access to automation controller objects, such as organizations, projects, and inventories.
- Graphical Inventory Management
You can use the automation controller web UI to create inventories and then add host groups and hosts to the inventories. Alternatively, you can update inventories from an external inventory source such as public cloud providers, local virtualization environments, an organization's custom configuration management database (CMDB), or content in a Git repository.
- Task Manager and Job Scheduling
Use automation controller to schedule playbook execution and updates from external data sources either on a one-time or recurring basis. This means that routine tasks can run unattended, and is especially useful for tasks such as backup routines, which are ideally executed during operational off-hours.
- Real-time and Historical Job Status Reporting
When you initiate a playbook run in automation controller, the web UI displays the playbook output and execution results in real time. The results of previously executed jobs and scheduled job runs are also available from automation controller for auditing or review.
- User-triggered Automation
Users with appropriate permissions can launch job templates or workflow job templates with a single click of an icon.
- Credential Management
Automation controller centrally manages authentication credentials. This means that you can run Ansible plays on managed hosts, synchronize information from dynamic inventory sources, and import Ansible project content from version control systems.
Automation controller encrypts the passwords or keys provided so that automation controller users cannot retrieve them. Even if a user has privileges to use or edit a credential, automation controller does not expose the current values of the credential passwords or keys.
- Centralized Logging and Auditing
Automation controller logs all playbook and remote command execution. This provides the ability to audit when each job was executed and by whom. In addition, automation controller can integrate its log data into third-party logging aggregation solutions, such as Splunk and Sumologic.
- Integrated Notifications
Automation controller can notify you when job executions start and whether the job succeeds or fails. Automation controller can deliver notifications to many applications, including email, Grafana, IRC, Mattermost, Slack, Rocket.Chat, Twilio, and Webhooks.
- Multiplaybook Workflows
Complex operations often involve the serial execution of multiple playbooks. Automation controller multiplaybook workflows can chain together numerous playbooks to facilitate the implementation of complex routines involving provisioning, configuration, deployment, and orchestration. An intuitive workflow editor also helps model multiplaybook workflows.
- Browsable RESTful API
The automation controller's RESTful API exposes every automation controller feature available through the web UI. The browsable format of the API makes it self-documenting and lets you look up information on how to use the API.
References
Automation Controller User Guide v4.2.1
What Is Automation Controller?
For more information, refer to What's New in Ansible Automation Controller 4.0 at https://access.redhat.com/articles/6184841
