automating the enterprise with ansible … · automating the enterprise with ansible chris saunders...
TRANSCRIPT
AUTOMATING THEENTERPRISE with ANSIBLE
Chris SaundersSr. Cloud Solutions Architect
Automation is impacting every aspect of life and is undergoing a shift from
discrete, disconnected to holistic and integrated
NAVIGATION SYSTEMSTell us where to turn
REAR CAMERASGuide us to places we can’t easily see
BACKUP SENSORSAlert us when to stop
BUT THIS IS WHAT WE REALLY WANTSystems that don’t just talk to us,
but talk to each otherPhoto via Volvo
EVEN MORE INTERESTING
Systems of self-driving cars
Photo via Google
TODAY’S IT ARCHITECTURES are rapidly changing and business demands infinite flexibility.
LINE OF BUSINESS
DEVELOPERS
IT OPERATIONS
CEO
IT OPERATIONS BEARS THE BURDEN
DYNAMIC ENVIRONMENTS DEMAND NEW MANAGEMENT TOOLS
GOVERNANCE, RISK, COMPLIANCEAN
ALYTICS, OPTIM
IZATION
AWSAZURE GCPOPENSTACK
ORCHESTRATION & AUTOMATION
RHV
SELF-SERVICE PORTALS, SERVICE CATALOGS, DASHBOARDS
FIN
ANCI
AL M
ANAG
EMEN
T
PUBLIC CLOUDPRIVATE CLOUD
VSPHERESCVMM
No matter where you are on your path to digital transformation, you can make an impact with automation.
How are you thinking about management?
What is your automation strategy?
SERVERS CLOUD NETWORK
APPS
CONTAINERS
AUTOMATION IN ENTERPRISE IT TODAY
AUTOMATED SILOS ARE
SILOS
STILL
AUTOMATION IN ENTERPRISE IT TODAY
Milind Govekar, Research VP Gartner
“Most current use of automation in IT involves scripting. Scripts are more fragile than agile. What you end up with is
disconnected islands of automationwith spaghetti code throughout the organization when what you need is a systematic, enterprise-wide lasagne.”
ReferenceSmarter with Gartner: Automation: The Next Frontier for IT May 18, 2016 Contributor Susan Moore http://www.gartner.com/smarterwithgartner/automation-the-next-frontier-for-it-2/
AUTOMATESORGANIZATIONS
Isolated scripts
AUTOMATES FUNCTIONS
Integratedautomation
Ansible solves these problems where no other technology has been able to do so.
SIMPLE AGENTLESS EXTENSIBLE
DEV QA/SECURITY IT OPERATIONSBUSINESS
ANSIBLE IS THE UNIVERSAL LANGUAGE
CLOUD VIRT & CONTAINER WINDOWS NETWORK CHAT MONITORING
ANSIBLE AUTOMATES TECHNOLOGIES YOU USE1000+ INTEGRATIONS
AWSAzureCenturyLinkDigital OceanDockerGoogleOpenStackRackspace+more
DockerVMwareRHEVOpenStackOpenShiftAtomicCloudStack+more
ACLsFilesPackagesIISRegeditsSharesServicesConfigsUsersDomains+more
AristaA10CumulusBigswitchCiscoCumulusDellF5JuniperPalo AltoOpenSwitch+more
HipChatIRCJabberEmailRocketchatSendgridSlackTwilio+more
AirbrakeBigPandaDatadogLogicMonitorMonitNagiosNew RelicPagerDutySensuStackDriverZabbix+more
20 CONFIDENTIAL
WHAT CAN I DO WITH ANSIBLE?
Automate the deployment and management of your entire IT footprint.
Orchestration
Do this...
Firewalls
Configuration Management
Application Deployment Provisioning Continuous
DeliverySecurity and Compliance
On these...
Load Balancers Applications Containers Clouds
Servers Infrastructure Storage And more...Network Devices
21 CONFIDENTIAL
CROSS PLATFORM
Agentless support for all major OS variants, physical, virtual, cloud and network devices.
HUMAN READABLE
Perfectly describe and document every aspect of your application environment.
PERFECT DESCRIPTION OF APPLICATION
Every change can be made by Playbooks, ensuring everyone is on the same page.
VERSION CONTROLLED
Playbooks are plain-text. Treat them like code in your existing version control.
DYNAMIC INVENTORIES
Capture all the servers 100% of the time, regardless of infrastructure, location, etc.
ORCHESTRATION PLAYS WELL WITH OTHERS
Every change can be made by Playbooks, ensuring everyone is on the same page.
THE ANSIBLE WAY
22 CONFIDENTIAL
WHAT IS ANSIBLE AUTOMATION?
---- name: install and start apache hosts: all vars: http_port: 80 max_clients: 200 remote_user: root
tasks: - name: install httpd yum: pkg=httpd state=latest
- name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf
- name: start httpd service: name=httpd state=started
[user@hostname: $] ansible-playbook -i inventory playbook.yml
PLAY [install and start apache] ***********************************
TASK [Gathering Facts] ********************************************
ok: [webserver.local]
TASK [install httpd] **********************************************
changed: [webserver.local]
TASK [write the apache config file] ********************************
changed: [webserver.local]
TASK [start httpd] *************************************************
changed: [webserver.local]
PLAY RECAP *********************************************************
webserver.local : ok=4 changed=3 unreachable=0 failed=0
Ansible Tower is an enterprise framework for controlling, securing and managing your Ansible automation with a UI and RESTful API.
Ansible is an open source community project sponsored by Red Hat. It’s a simple automation language that can perfectly describe IT application environments in Ansible Playbooks.
23 CONFIDENTIAL
HOW ANSIBLE WORKS
USERS
ANSIBLE PLAYBOOK
ANSIBLE’S AUTOMATION ENGINE
HOSTS
NETWORK DEVICES
PLUGINS
API
MODULES
PUBLIC / PRIVATECLOUD
INVENTORY
CMDB PUBLIC / PRIVATE
CLOUD
24 CONFIDENTIAL
PLAYBOOK EXAMPLE---
- name: install and start apache
hosts: web
become: yes
vars:
http_port: 80
tasks:
- name: httpd package is present
yum:
name: httpd
state: latest
- name: latest index.html file is present
copy:
src: files/index.html
dest: /var/www/html/
- name: httpd is started
service:
name: httpd
state: started
---
- name: install and start apache
hosts: web
become: yes
vars:
http_port: 80
tasks:
- name: httpd package is present
yum:
name: httpd
state: latest
- name: latest index.html file is present
copy:
src: files/index.html
dest: /var/www/html/
- name: httpd is started
service:
name: httpd
state: started
---
- name: install and start apache
hosts: web
become: yes
vars:
http_port: 80
tasks:
- name: httpd package is present
yum:
name: httpd
state: latest
- name: latest index.html file is present
copy:
src: files/index.html
dest: /var/www/html/
- name: httpd is started
service:
name: httpd
state: started
---
- name: install and start apache
hosts: web
become: yes
vars:
http_port: 80
tasks:
- name: httpd package is present
yum:
name: httpd
state: latest
- name: latest index.html file is present
copy:
src: files/index.html
dest: /var/www/html/
- name: httpd is started
service:
name: httpd
state: started
---
- name: install and start apache
hosts: web
become: yes
vars:
http_port: 80
tasks:
- name: httpd package is present
yum:
name: httpd
state: latest
- name: latest index.html file is present
copy:
src: files/index.html
dest: /var/www/html/
- name: httpd is started
service:
name: httpd
state: started
---
- name: install and start apache
hosts: web
become: yes
vars:
http_port: 80
tasks:
- name: httpd package is present
yum:
name: httpd
state: latest
- name: latest index.html file is present
copy:
src: files/index.html
dest: /var/www/html/
- name: httpd is started
service:
name: httpd
state: started
25 CONFIDENTIAL
RED HAT ANSIBLE TOWER
RED HAT ANSIBLE ENGINE
Scale + operationalize your automation
Support for your Ansible automation
CONTROL KNOWLEDGE DELEGATION
SIMPLE POWERFUL AGENTLESS
FUELED BY AN INNOVATIVE OPEN SOURCE COMMUNITY
26 CONFIDENTIAL
USE CASES
USERS
ANSIBLEPYTHON CODEBASE
OPEN SOURCE MODULE LIBRARY
PLUGINS
CLOUDAWS,GOOGLE CLOUD,AZURE …
INFRASTRUCTURELINUX,WINDOWS,UNIX …
NETWORKSARISTA, CISCO, JUNIPER …
CONTAINERSDOCKER, LXC …
SERVICESDATABASES, LOGGING,SOURCE CONTROL MANAGEMENT…
TRANSPORT
SSH, WINRM, ETC.
AUTOMATEYOUR
ENTERPRISE
ADMINS
ANSIBLE CLI & CI SYSTEMS
ANSIBLE PLAYBOOKS
….
ANSIBLETOWER
SIMPLE USER INTERFACE TOWER API
ROLE-BASEDACCESS CONTROL
KNOWLEDGE& VISIBILITY
SCHEDULED &CENTRALIZED JOBS
CONFIGURATIONMANAGEMENT
APP DEPLOYMENT
CONTINUOUSDELIVERY
SECURITY &COMPLIANCE
ORCHESTRATIONPROVISIONING
Only respects security in place at host user level
No abstraction of remote host or cloud credentials from user
No guarantee of execution parameters or integrity of Playbook as designed by the team
Creates an isolated runtime environment to control execution of Ansible
Abstracts security credentials and specifics from end user
Guarantees execution parameters as designed for the playbook
Ansible solves the problem of automating and orchestrating
Does not address bigger picture security/compliance
Tower spotlights security considerations and provides predictability
Role-based access control and secure credential storage
API integrations, accountability and execution history
DEMO
30 CONFIDENTIAL
Have you used Ansible already? Try Tower for free: ansible.com/tower-trial
Would you like to learn Ansible? It’s easy to get started: ansible.com/get-started
Want to learn more?
Videos, webinars, case studies, whitepapers: ansible.com/resources
GETTING STARTED
THANK YOUplus.google.com/+RedHat
linkedin.com/company/red-hat
youtube.com/user/RedHatVideos
facebook.com/redhatinc
twitter.com/RedHatNews