Upload
others
View
12
Download
0
Embed Size (px)
Citation preview
Automate everything with Ansible
Pat HarrisonSpecialist Solution Architect15th October 2019
2
WHAT IS ANSIBLE AUTOMATION?
Ansible Automation is the enterprise framework for automating across IT operations.
Ansible Engine runs Ansible Playbooks, the automation language that can perfectly describe an IT application infrastructure.
Ansible Tower allows you scale IT automation, manage complex deployments and speed productivity.
RED HAT ANSIBLE TOWEROperationalize your automation
RED HAT ANSIBLE ENGINESimple command line automation
CONTROL DELEGATION SCALE
SIMPLE POWERFUL AGENTLESS
FUELED BY AN INNOVATIVE OPEN SOURCE COMMUNITY
3
WHY ANSIBLE?
SIMPLE POWERFUL AGENTLESS
App deployment
Configuration management
Workflow orchestration
Network automation
Orchestrate the app lifecycle
Human readable automation
No special coding skills needed
Tasks executed in order
Usable by every team
Get productive quickly
Agentless architecture
Uses OpenSSH & WinRM
No agents to exploit or update
Get started immediately
More efficient & more secure
4
“This is what Ansible was written to do: Manage complex multi-tier deployments.
We don’t just stop at configuration management or application deployment. To really do orchestration, you must do all of those well AND be an outstanding workflow engine. Real world app stacks involve lots of different classes of systems all working in concert.”
Michael DeHaanAnsible project founder
THE PURPOSE OF AUTOMATION
5
500
2000
1500
1000
September 2018
November 2017
June 2017
January 2017
August 2016
April 2018
March 2016
MODULE GROWTH
6
THE MIGHTY MODULE
$ date +%x
04/10/18
$ ansible --version
2.7.0
$ ansible-doc -l | wc -l
2146
$ date +%x
16/05/19
$ ansible --version
2.8.0
$ ansible-doc -l | wc -l
2834
7
WHAT CAN YOU DO WITH ANSIBLE?
Automate the deployment and management of your entire IT footprint.
Orchestration
Do this...
Firewalls
Configuration Management
Application Deployment Provisioning Continuous Delivery Security and
Compliance
On these...
Load Balancers Applications Containers Clouds
Servers(Linux, Windows) Infrastructure Storage Network Devices
LINUX AUTOMATION
8
ansible.com/get-started
AUTOMATE EVERYTHING LINUXRed Hat Enterprise Linux, BSD,
Debian, Ubuntu and many more!
ONLY REQUIREMENTS:Python 2 (2.6 or later)
or Python 3 (3.5 or later)
150+ Linux
Modules
LINUX AUTOMATION
9
- name: ensure selinux is enforcing and targeted selinux: policy: targeted state: enforcing
- name: disable ip forwarding sysctl: name: net.ipv4.ip_forward value: 0
71%of networks are stilldriven manually via CLI
Source: Gartner, Look Beyond Network Vendors for Innovation. January 2018
ANSIBLE NETWORK AUTOMATION
ansible.com/for/networksgalaxy.ansible.com/ansible-network
1000+ NetworkModules
65+ Network
Platforms
15* Galaxy
Network Roles
*Roles developed and maintained by Ansible Network Engineering
11
12
NETWORK INTEGRATIONS
https://www.ansible.com/integrations/networks
NETWORKING - COMMON USE CASES
13
● Schedule backups ● Restore from any
timestamp● Build workflows that
rollback
Backup and Restore
● Check configuration standards
● Track configuration drift ● Enforce configuration
policy
Configuration Compliance
● Build reports● Grab software versions,
MTU, interfaces status● Audit system services and
other common config
Dynamic Documentation
✓
✓ ✓ ✓
NETWORK DEVICE REPORTING
14
https://github.com/network-automation/
FIREWALL EXAMPLE
15
- name: create checkpoint access rule
checkpoint_access_rule:
layer: Network
name: “Drop Attacker”
position: top
source: attacker
destination: Any
action: Drop
16
+ =
WINDOWS AUTOMATION
17
ansible.com/windows
1,300+ Powershell
DSC resources
100+ Windows Modules
18
Package Management
Install and uninstall MSIsEnable and disable Windows Features
Manage Windows packagesManage and install Windows updates
Configuration Management
Manage Windows ServicesEdit Windows Registry
Active Directory ManagementWindows Firewall
Re-Use
Execute PowerShellCall Windows DSC
WINDOWS AUTOMATION
WINDOWS EXAMPLE
19
---
- name: security updates and reboot
hosts: windows_servers
tasks:
- name: ensure security updates are current and reboot if needed
win_updates:
reboot: yes
categories:
- SecurityUpdates
- CriticalUpdates
CLOUD AUTOMATION
20
CLOUD AUTOMATION
21
ansible.com/cloud
30+ Cloud
Platforms
800+ Cloud
Modules
ANSIBLE FOR CLOUD
22
23
- name: create aws security group
ec2_group:
name: my_security_group
purge_rules: true
rules:
- proto: tcp
from_port: 22
to_port: 22
cidr_ip: 192.168.100.0/24
- proto: tcp
from_port: 443
to_port: 443
cidr_ip: 192.168.100.0/24
AWS EXAMPLE
24
Triage Of Suspicious Activities
Enabling programmatic access to log configurations such as
destination, verbosity, etc.
Threat Hunting
Automating alerts, correlation searches and signature
manipulation
Incident Response
Creating new security policies to whitelist, blacklist or quarantine a machine
SECURITY AUTOMATION
AUTOMATION FOR THE ENTERPRISE
WHAT IS ANSIBLE TOWER?Ansible Tower is a UI and RESTful API allowing you to scale IT automation, manage complex deployments and speed productivity.
• Role-based access control
• Deploy entire applications with push-button deployment access
• All automations are centrally logged
• Powerful workflows match your IT processes
27
CENTRALISED PLATFORM
ScaleHigh Availability Self Service Automation
28
GOVERNANCE
Role BasedAccess Control
CredentialManagement
Auditing & Logging
29
TOWER WORKFLOWS
INTEGRATIONS
31
VAULTS
Credential Plugins
Use credentials from your corporate standard password and key storage directly from Tower.
● HashiCorp Vault● CyberArk AIM● CyberArk Conjur● Microsoft Azure Key Vault
32
DevOps Tools
33
Automation CatalogCreate/Update/CloseTickets
Dynamic Inventory
34
ServiceNow
35