Scribd Logo
Upload

Welcome to Scribd!

  • Ansible From CLI To TOWER

    Uploaded by

    Judson Borges
    276 views26 pages
    This document discusses Ansible Tower and how it expands Ansible automation capabilities for enterprises. It provides role-based access control, centralized management of jobs, and visibility into compliance through integrated logging. Tower abstracts security considerations like secure credential storage and execution isolation compared to using Ansible from the command line alone. It allows non-technical users to safely deploy applications through push-button jobs while ensuring repeatability, consistency, and auditability of automations.

    Original Description:

    Ansible Red Hat Command Line

    Original Title

    Ansible From CLI to TOWER

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses Ansible Tower and how it expands Ansible automation capabilities for enterprises. It provides role-based access control, centralized management of jobs, and visibility into compliance through integrated logging. Tower abstracts security considerations like secure credential storage and execution isolation compared to using Ansible from the command line alone. It allows non-technical users to safely deploy applications through push-button jobs while ensuring repeatability, consistency, and auditability of automations.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    276 views26 pages

    Ansible From CLI To TOWER

    Uploaded by

    Judson Borges
    This document discusses Ansible Tower and how it expands Ansible automation capabilities for enterprises. It provides role-based access control, centralized management of jobs, and visibility into compliance through integrated logging. Tower abstracts security considerations like secure credential storage and execution isolation compared to using Ansible from the command line alone. It allows non-technical users to safely deploy applications through push-button jobs while ensuring repeatability, consistency, and auditability of automations.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 26

    ANSIBLE FROM CLI TO TOWER

    Flávio Andrade
    Platform Technical Account Manager
    fandrade@redhat.com
    Aug/2018
    Ansible Super Powers

    2 RED HAT TAM WEBINAR


    Why companies are adopting Ansible?

    Ansible is the smoothest way to automate your IT!

    SIMPLE POWERFUL AGENTLESS

    3 RED HAT TAM WEBINAR


    Ansible Playbooks
    ---
    - hosts: webservers
    vars:
    http_port: 80
    max_clients: 200
    remote_user: root
    tasks:
    - name: ensure apache is at the latest version
    yum: name=httpd state=latest
    - name: write the apache config file
    template: src=/srv/httpd.j2 dest=/etc/httpd.conf
    notify:
    - restart apache
    - name: ensure apache is running (and enable it at
    boot)
    Simple and powerful
    service: name=httpd state=started enabled=yes automation tool!
    handlers:
    - name: restart apache
    service: name=httpd state=restarted

    4 RED HAT TAM WEBINAR


    TOWER EXPANDS AUTOMATION TO YOUR ENTERPRISE.

    CONTROL KNOWLEDGE DELEGATION


    Scheduled and Visibility and Role-based access
    centralized jobs compliance and self-service

    SIMPLE POWERFUL AGENTLESS


    Designed for Predictable,
    Everyone speaks
    Multi-tier reliable,
    the same
    deployments and secure
    language

    AT ANSIBLE’S CORE IS AN OPEN-SOURCE AUTOMATION ENGINE.

    5 RED HAT TAM WEBINAR


    WHAT IS ANSIBLE TOWER?
    Ansible tower is an enterprise
    framework for controlling, securing
    and managing your Ansible automation
    – with a UI and RESTful API.

    • Role-based access control keeps


    environments secure, and teams efficient.

    • Non-privileged users can safely deploy entire


    applications with push-button deployment
    access.

    • All Ansible automations are centrally logged,


    ensuring complete auditability and
    compliance.

    6 RED HAT TAM WEBINAR


    WHAT PROBLEMS DOES IT SOLVES?

    RED HAT TAM WEBINAR


    Ansible solves the problem Tower spotlights security
    of automating considerations and
    and orchestrating provides predictability

    Does not address bigger Role-based access control and


    picture security/compliance secure credential storage

    API integrations, accountability and


    execution history

    8 RED HAT TAM WEBINAR


    Only respects security in place at
    host user level

    No abstraction of remote host or Abstracts security from the user


    cloud credentials from user

    No guarantee of execution
    parameters or integrity of Playbook
    as designed by the team

    9 RED HAT TAM WEBINAR


    ANSIBLE TOWER FEATURES

    RED HAT TAM WEBINAR


    DELEGATE ANSIBLE TO ANYONE
    EMPOWER YOUR TEAMS INSIDE AND OUTSIDE OF OPERATIONS

    ● Connect to your LDAP, AD, SAML and other directories


    ● Full role-based access control engine
    ● Store credentials for use without exposure
    ● Enable users to automate without previous Ansible knowledge
    ● Find relevant information more quickly
    ● Simple surveys configure automation at run-time
    ● Workflows chain together automations to orchestrate more of your infrastructure
    ● REST API allows integration into your existing processes and tools
    ● Add capacity with by adding more Tower front end instances to cluster

    11 RED HAT TAM WEBINAR


    KNOWLEDGE IS KEY
    ENSURE ENVIRONMENT CONSISTENCY

    ● All automation securely logged in Tower


    ● Use Tower’s activity stream for auditing
    ● Notifications automatically alert the channel of your choice
    ● Enterprise Logging Support automatically pushes results to external
    aggregators

    12 RED HAT TAM WEBINAR


    CLI and the Tower Equivalent - RBAC
    ● UI login accounts do not mean you execute in your own shell account
    (No matter the auth integrations used)
    ○ Execution environment is built based on everything configured,
    but ultimately is done as the awx user on the command-line
    level.

    ● Repeatability and Consistency are the Goal of Security Abstraction

    ● Ability to use, but not expose, credentials/inventory/playbooks and


    secure vars key to allocation of a user’s role within the organization.

    13 RED HAT TAM WEBINAR


    CLI and the Tower Equivalent - Credentials
    From CLI to Tower - Credentials from both:

    ● ~/.ssh/id_rsa (SSH keys, or username/password etc.)


    ● Windows usernames/passwords
    ● Cloud credentials/API credentials (like ~/.boto )
    ● Networking devices username/password
    ● SCM (Usually also an SSH key, but possibly username/password)

    14 RED HAT TAM WEBINAR


    CLI and the Tower Equivalent - Inventory

    $ ls ~/inventory/cloud/
    openstack.ini openstack.py group_vars hosts

    ● CLI and Tower can both mix dynamic and static sources
    ● Group_vars and host_vars can also be static or dynamic
    ● Like CLI:
    ○ Var and namespace is collapsed at run time, similar scripts
    overwrite each other

    15 RED HAT TAM WEBINAR


    INVENTORY CONSIDERATIONS
    Groups are not hierarchies they are Venn diagrams
    • “Type” groups can overlap with “location” groups
    • Bare groups (not groups of groups) should be specific as possible
    • Groups of groups should not have overlapping variables to bare
    groups

    Group variables can overstep each other in unpredictable ways

    Variable precedence is key to knowing where to put your variables

    16 RED HAT TAM WEBINAR


    ORGANIZATION AND RBAC
    CONSIDERATIONS
    Multiple Inventories may be needed
    • Network automation may not need to have app/cache/db
    hosts in their inventory
    • Multiple Cloud Dynamic Sources will overwrite each other

    Things that “just work” for CLI may need consideration in Tower
    • Execution isolation means config files at ~/.* need to be placed
    for AWX user in Tower
    • Bubblewrap isolates Tower runs to project/Playbook directory
    (can’t write to /tmp locally, etc.)

    SCM is to your advantage:


    • Playbook projects for different teams/orgs can utilize forks, branch tags
    • Roles don’t need one monolithic repository

    RED HAT TAM WEBINAR


    CLI and the Tower Equivalent - Projects

    $ ls lamp-playbooks/ Projects are:


    ● A directory containing your
    playbook.yml playbooks and roles
    site.yml ● Local disk or remote SCM
    roles/ ● Able to be assigned via RBAC
    uninstall.yaml

    RED HAT TAM WEBINAR


    CLI and the Tower Equivalent - Job Templates
    Job Templates are the UI representation of each option of the
    ansible-playbook command, including:
    ● Connection information
    ● Playbook to run
    ● Inventory specifications (inventory and target groups)
    ● Privilege escalation
    ● General options under “man ansible-playbook”

    $ ansible-playbook site.yml \
    -e “var=extra” --ask-vault-pass -i inventory -b \
    --private-key=~/.ssh/id_rsa -u user1 \
    -t tag1 --skip-tags=SKIP_TAGS

    19 RED HAT TAM WEBINAR


    Red Hat Ansible Tower Integration
    INTEGRATED INTO TOOLS YOU ALREADY USE

    Ansible Tower could be integrate with:

    ● Red Hat Satellite

    ● Red Hat Cloud Forms

    ● Red Hat Openstack

    ● Red Hat OpenShift

    20 RED HAT TAM WEBINAR


    RED HAT Ansible Tower benefits
    IMPROVE SECURITY, AUDITING, AND WORKFLOW CI/CD

    Red Hat Ansible addresses key business concerns to help IT quickly and effectively address
    Provisioning and orchestration with CI/CD and auditing

    Avoid Correct issues — such as security vulnerabilities and configuration errors — faster
    downtime than a manually intervention, who could impact business operations

    Boost Maintain control of configuration files, and versions of tools installed on a system,
    security With auditing of actions and comparative dashboards

    Workflow
    Automation Take advantage of idempotence of playbooks with Workflow automation, granting
    & a continuous integration and a continuous delivery
    CI/CD

    21 RED HAT TAM WEBINAR


    RED HAT ANSIBLE TOWER
    BENEFITS SUMMARY

    With Red Hat Ansible Tower could configure, orchestrate and automatize all infrastructure in a single
    dashboard, and integrating with another Red Hat Tools Ansible Tower coulçd be even more powerfull

    Faster provisioning
    Grant automation in a Increased
    avoiding human
    single dashboard efficiency
    intervation

    22 RED HAT TAM WEBINAR


    RED HAT ANSIBLE TOWER
    OFFERING CHOICE BASED ON CUSTOMER NEEDS

    ● Single Dashboard
    ● Real time jobs status update
    ● Multi-playbook workflow
    ● Who run what job when
    ● Scale capacity with tower cluster
    ● Integrating notifications
    ● Schedule Ansible job
    ● Manage and Track your entire inventory
    ● Simplified self service
    ● Remote command execution
    ● Comprehensive REST API
    ● Tower CLI tool
    23 RED HAT TAM WEBINAR
    RED HAT ANSIBLE TOWER

    DEMO SESSION

    RED HAT TAM WEBINAR


    RED HAT ANSIBLE TOWER
    ADDITIONAL REFERENCES

    Learn more:
    https://access.redhat.com/products/ansible-tower-red-hat

    Get Started:
    https://access.redhat.com/products/ansible-tower-red-hat#getstarted

    Red Hat Ansible Tower product:


    https://www.ansible.com/products/tower

    Red Hat Ansible Tower & Red Hat Products integration::


    https://www.ansible.com/integrations/infrastructure/red-hat

    Ansible Tower Product documentation::


    https://docs.ansible.com/ansible-tower/

    Red Hat Ansible Tower API reference guide:


    https://docs.ansible.com/ansible-tower/latest/html/towerapi/index.html

    25 RED HAT TAM WEBINAR


    THANK YOU
    plus.google.com/+RedHat facebook.com/redhatinc

    linkedin.com/company/red-hat twitter.com/RedHatNews

    youtube.com/user/RedHatVideos

    RED HAT TAM WEBINAR

    You might also like