Red Hat Ansible for Network Automation
- SectionAnsible in the Enterprise
- Safeguarding Sensitive Data with Ansible Vault
- Guided Exercise: Safeguarding Sensitive Data with Ansible Vault
- Running Plays with Encrypted Data
- Guided Exercise: Running Plays with Encrypted Data
- Protecting Resources with Ansible Vault
- Guided Exercise: Protecting Resources with Ansible Vault
- Creating Inventories Using YAML
- Guided Exercise: Creating Inventories Using YAML
- Generating and Using Dynamic Inventories
- Guided Exercise: Generating and Using Dynamic Inventories
- Centrally Running Ansible with Red Hat Ansible Tower
- Objectives
- Describing Red Hat Ansible Tower
- Identifying Ansible Tower Features
- Additional Ansible Tower Features
- Describing the Automation Ecosystem
- Managing the Elements of Ansible Tower
- Navigating the Ansible Tower Web Interface
- Viewing the Dashboard
- Modifying Settings
- Managing Inventories Dynamically
- Performing Project Operations
- Performing Job Related Operations
- Creating a Job Template
- Launching a Job Template
- Viewing the Status of a Job
- Guided Exercise: Navigating the Red Hat Ansible Tower Web Interface
- Guided Exercise: Creating Inventories in Red Hat Ansible Tower
- Lab: Administering Ansible
Abstract
| Goal | Discuss how Ansible solves administrative challenges faced by enterprises today. |
| Objectives |
|
| Sections |
|
| Lab |
Administering Automation |
After completing this section, you should be able to:
Manage Ansible projects with version control software.
Safeguard information with Ansible Vault.
Use advanced inventory management techniques.
Manage Ansible resources and infrastructure using Red Hat Ansible Tower.
Scaling automation successfully in an enterprise involves more than technology.
What characteristics do we expect a scalable automation solution to exhibit?
Some of these depend on processes and procedures or culture. Others involve technology:
A consistent project architecture: anyone can look at any project and understand how the parts are related to the whole
A consistent coding style: anyone can look at any project and recognize a familiar coding style
Secure storage of credentials
Easy and reliable job scheduling
An API for programmatic job execution
Operation accountability, reporting, auditing, and analytics
What actions make a difference in achieving smooth and successful scalability of automation?
The following actions can help an enterprise scale automation successfully:
Develop a compelling vision of the role of automation in the enterprise.
Translate the vision into a sound plan.
Involve the security team as early as possible.
Communicate effectively to a team that understands the plan and shares the vision.
Foster a culture of effective processes and procedures.
Integrate security practices effectively from first principles: built-in, not bolted-on.
Capitalize on the potential of automation to improve the security posture in the enterprise. That is, take advantage of available controls to reduce risk exposure.
How does Ansible fit as a scalable enterprise automation solution?
Some of the ways that Ansible facilitates scalability in an enterprise are described below:
Ansible is agentless and uses native transports. It integrates with and builds on existing security measures, mechanisms, and safeguards. This makes it the perfect tool for managing network gear, where one rarely has the luxury of installing agent software.
Ansible Vault securely protects credentials. Protecting credentials used to access and manage infrastructure is of paramount importance.
Red Hat Ansible Tower makes the job of security professionals easier, by providing a centrally controlled access platform with built-in audit capabilities.
If access is already carefully controlled with bastion/jump box, multifactor processes, and so forth, there is a relatively simple and seamless transition, because Ansible supports proxy with bastion.
If access is relatively open and uncontrolled, Ansible is an opportunity for improved control and security.
Ansible is designed to work well in conjunction with best practices from DevOps, DevNetOps, and DevSecOps.
Here is a directory structure designed for scalability. It works well with version control software and Red Hat Ansible Tower.
Playbooks are stored at the project root.
ansible-project/
├── ansible.cfg
├── .gitignore ; ignore roles and other things
├── group_vars ; "play" level group_vars
│ ├── all.yml
│ ├── dev.yml
│ └── prod.yml
├── library ; custom modules available across all roles
├── playbook.yml
└── roles
└── requirements.yml ; keep your roles in separate Git repos, not localRoles provide modularity and reusability and repository-based roles are highly scalable.
