29,99 €
Mehr erfahren.
- Herausgeber: Packt Publishing
- Kategorie: Fachliteratur
- Sprache: Englisch
While you can use any automation software to simplify task automation, scaling automation to suit your growing business needs becomes difficult using only a command-line tool. Ansible Automation Platform standardizes how automation is deployed, initiated, delegated, and audited, and this comprehensive guide shows you how you can simplify and scale its management.
The book starts by taking you through the ways to get Ansible Automation Platform installed, their pros and cons, and the initial configuration. You’ll learn about each object in the platform, how it interacts with other objects, as well as best practices for defining and managing objects to save time. You’ll see how to maintain the created pieces with infrastructure as code. As you advance, you’ll monitor workflows with CI/CD playbooks and understand how Ansible Automation Platform integrates with many other services such as GitLab and GitHub.
By the end of this book, you’ll have worked through real-world examples to make the most of the platform while learning how to manipulate, manage, and deploy any playbook to Ansible Automation Platform.
Das E-Book können Sie in Legimi-Apps oder einer beliebigen App lesen, die das folgende Format unterstützen:
Seitenzahl: 329
Veröffentlichungsjahr: 2022
Ähnliche
Demystifying Ansible Automation Platform
A definitive way to manage Ansible Automation Platform and Ansible Tower
Sean Sullivan
BIRMINGHAM—MUMBAI
Demystifying Ansible Automation Platform
Copyright © 2022 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
Group Product Manager: Rahul Nair
Publishing Product Manager: Preet Ahuja
Senior Editor: Shazeen Iqbal
Content Development Editor: Romy Dias
Technical Editor: Nithik Cheruvakodan
Copy Editor: Safis Editing
Project Coordinator: Ashwin Dinesh Kharwa
Proofreader: Safis Editing
Indexer: Hemangini Bari
Production Designer: Joshua Misquitta
Marketing Coordinator: Nimisha Dua
First published: September 2022
Production reference: 1090922
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham
B3 2PB, UK.
ISBN 978-1-80324-488-4
www.packt.com
This book is dedicated to my family, friends, and coworkers. I could not have done this without your help.
Contributors
About the author
Sean Sullivan works as a consultant for Red Hat and attended Purdue University, where he focused on networking. He has helped both small and large companies manage their Ansible deployments for the past five years, specializing in configuration as code and Ansible Automation Platform. He is a keen contributor to Red Hat’s GitHub repository and an avid board gamer whose favorite game is Brass: Birmingham.
I want to thank those who have helped me along the way. Thank you to my parents, grandparents, and the rest of my family, who have always encouraged me to follow my path in life. Thank you to my friends, who are always there for me. Thank you to Tom Page, who has helped as a technical reviewer in this book and helps to maintain the redhat_cop collections with me. Thank you to Bianca Henderson and John Westcott, who put up with me and were instrumental in my understanding of the awx.awx collection modules. Thank you to David Danielsson, for all your help maintaining and contributing to the redhat_cop collections. Thank you to Kedar Kulkarni, for your help in starting the controller configuration.
About the reviewer
Tom Page has worked for Red Hat as a consultant for the past five years, with a key focus on working with customers to implement Ansible automation solutions. He is a co-maintainer of several AAP collections produced by Red Hat’s Community of Practice, with the aim of delivering configuration as code as an end-to-end approach.
Table of Contents
Preface
Part 1: Getting Ansible Automation Platform Up and Running
1
Introduction to Ansible Automation Platform
Technical requirements
AAP overview
Automation controller (Red Hat Ansible Tower)
Automation execution environments
Automation hub
Automation services catalog
Red Hat Insights for Red Hat AAP
Ansible content tools
Key differences between upstream and official Red Hat products
Overview of the methods that will be used in this book
Introduction to the roles and modules that will be used in this book
The manual approach
Using Ansible to manage the configuration
Execution environments and Ansible Navigator
Summary
2
Installing Ansible Automation Platform
Technical requirements
Getting a trial version of Ansible Automation Platform
Planning an installation on a machine
The distinct types of nodes
High availability
Installation methods
Setting variables for the automation mesh and node types
Installing Galaxy NG on a machine
Backing up and restoring the installation
Backing up
Secret key redistribution
Restore
Issues that can arise when using the installer
Summary
3
Installing Ansible Automation Platform on OpenShift
Technical requirements
Installing AWX on minikube
Installing CodeReady Containers
Installing the Red Hat Ansible Automation Platform operator on an OpenShift cluster
Exploring the Automation controller and Automation hub on OpenShift
Learning about Automation controller specifics on OpenShift
Secret fields
Learning Automation hub specifics
Backing up and restoring a backup for Automation hub and the Automation controller on OpenShift
Summary
4
Configuring Settings and Authentication
Technical requirements
Getting a trial version of Ansible Automation Platform
Configuring Automation controller settings
Registering the Automation controller with a subscription manifest
Updating Automation controller settings
Configuring the RH-SSO server SAML
Getting values from a Windows AD server
Configuring the RH-SSO server
Setting Automation hub administrators with RH-SSO
Integrating the Automation controller with RH-SSO
Troubleshooting the SAML configuration
Integrating LDAP with Microsoft AD
Automation controller LDAP bind and user variables
Automation controller LDAP group variables
Automation controller LDAP miscellaneous variables
Troubleshooting
Setting up other authentication methods
Adding users and teams to the Automation controller without an IdP
Adding users and groups to the Automation hub without an IdP
Summary
Part 2: Configuring AAP
5
Configuring the Basics after Installation
Technical requirements
Dashboard introduction
Creating organizations – the root of all objects in the controller
Creating an organization using the GUI
Creating an organization using modules
Creating an organization using roles
Using credential types and credentials
Credential types
Credentials
The creation of credential types and credentials using various methods
Importing and exporting objects into the controller
Summary
6
Configuring Role-Based Access Control
Technical requirements
Assigning RBAC to the Automation controller
Approval permissions for workflows
Practically using the RBACs
Assigning RBAC to the Automation hub
Setting roles in the GUI
Practically using the RBACs
Summary
7
Creating Inventory, and Other Inventory Pieces
Technical requirements
Creating an inventory
Creating and populating an inventory using the GUI
Creating and populating an inventory with modules
Creating and populating an inventory with roles
Using inventory sources
Creating and synchronizing an inventory source with the GUI
Creating and populating an inventory source with modules
Creating and populating an inventory source with roles
Using base Ansible inventory plugins
Pre-installed Ansible plugins
Using built-in Automation controller inventory plugins
AWS EC2
GCE
Microsoft ARM
VMware vCenter
Red Hat Satellite 6
Red Hat Insights
OpenStack
RHV
Red Hat Ansible Automation Platform
Using other popular inventory plugins
Overview of using custom inventory plugins
NetBox
ServiceNow
Writing your own inventory plugin
Ansible configuration changes
Custom inventory plugin script
Summary
Further reading
8
Creating Execution Environments
Technical requirements
What are execution environments?
What is inside the execution environment?
Seeing what is in a specific execution environment
How to use execution environments
Running a simple job in an execution environment
Creating and modifying your execution environments
Creating a definition file
Creating the execution environment
Using roles to create execution environments
Creating an execution environment using the builder role
Converting Python virtual environments from older Tower installations
Summary
9
Automation Hub Management
Technical requirements
Overview of Automation hub and its content sources
Synchronizing certified and community collections
Publishing custom collections
Managing execution environments and registries
How to add a remote EE registry
How to synchronize an EE registry
How to add a remote or local EE to Automation hub
Best practices for maintaining execution environments
Connecting Automation hub to the Automation controller
Using credentials to pull collections
Adding execution environments to the Automation controller with the GUI
Adding execution environments to the Automation controller with modules
Adding execution environments to the Automation controller with roles
Summary
10
Creating Job Templates and Workflows
Technical requirements
Creating projects
The structure and files of a playbook directory
Project options on the Automation controller and creating projects in the GUI
Creating projects on the Automation controller using modules
Creating projects on the Automation controller using roles
Creating job templates
Job template options for the GUI, modules, and roles
Creating job templates using the GUI
Creating job templates using modules
Creating job templates using roles
Surveys for job templates and workflows, and how to use them
Survey definitions
Using surveys
Creating workflows
Workflow basics
Workflow job template options for the GUI, modules, and roles
Workflow node list options and creation in the GUI
Creating workflows using roles
Using job slicing to slice a job template into multiple jobs
Summary
Part 3: Extending Ansible Tower
11
Creating Advanced Workflows and Jobs
Technical requirements
Creating advanced workflows
Using workflow artifacts and variables
Creating nodes for user review
Using workflow approval nodes
Marking a workflow as failed or successful
Using and configuring notifications
Understanding the basics of notifications
Notification options for the GUI, modules, and roles
Creating a notification template using modules
Creating a notification template using roles
Adding notifications to activities
Summary
12
Using CI/CD to Interact with Automation Controller
Technical requirements
A brief introduction to CI/CD pipelines and webhooks
Maintaining an Automation controller and hub through infrastructure as code paired with CI/CD
Launching jobs, monitoring, and interacting with workflows using CI/CD playbooks
Ad hoc commands
Backup and restore options using CI/CD playbook
Summary
Further reading
13
Integration with Other Services
Technical requirements
Logging services
Creating an event collector on Splunk
Connecting the Automation controller to Splunk
Troubleshooting with the log aggregator
Splunk search queries
Splunk dashboards
Automation Analytics for Red Hat AAP
Automation Analytics configuration
Configuring the insights settings with roles/modules
Charts and other information accessible from the dashboard
Automation calculator
Prometheus metrics logging
Installation and configuration
Prometheus Graphs
Summary
14
Automating at Scale with Automation Mesh
Technical requirements
Overview of Automation mesh
The distinct types of nodes
Using instance groups with Automation mesh
Creating instance groups
Examples of various use cases and how to use Automation mesh
Global Automation mesh example
Summary
15
Using Automation Services Catalog
Technical requirements
What is Automation services catalog?
Configuring the ASC
Configuring the SSO for access to the ASC
Approvals inside ASC
Summary
Afterword
Index
Other Books You May Enjoy
Preface
A few years ago during college, a friend introduced me to Ansible. I was taking networking classes at the time, and it opened my eyes to the future of automation. I was able to take a six-week lab that was coordinated between teams and simplify it as an Ansible deployment. Since then, I’ve spent years learning the ins and outs of using Ansible and Ansible Automation Platform (AAP).
This book focuses on AAP and its many parts. The most popular part is the Automation controller, previously known as Tower. This book covers the different parts of AAP and how to utilize them. We’ll focus on the Automation controller, which centralizes everything needed to run an Ansible playbook, using role-based access control, logging, and other features that are useful when doing automation in an enterprise.
In addition to the Automation controller, this book covers the Automation hub, the Automation services catalog, and Red Hat Single Sign-On and how they integrate and interact with the other services.
Also in this book is a collection of best practices around AAP. We will cover a variety of ways to interact with AAP. If you’ve ever had any interest in going beyond the command line of Ansible and scaling your automation, this book is a great first step in understanding AAP on that journey.
Disclaimer
The information and opinions provided in this work are solely those of the author and do not reflect the views of his employer.
Who this book is for
Many people I’ve encountered are familiar with Ansible or are able to get up to speed with Ansible quickly. However, few have taken to the idea of automating their automation. Most have written some playbooks and dabbled with Ansible Tower. Even if you have been using Ansible and parts of AAP for years, you will likely find new knowledge in this book.
If you are interested in diving into the nuances and stepping up to an intermediate-to-expert level in your understanding of Ansible Tower and AAP to integrate them into your infrastructure, then this book is for you.
In addition, there are multiple ways of interacting with the platform, including manually interacting with the web interface and using Ansible modules and roles to configure different parts of the platform. These roles can be used to implement Configuration as Code (CaC).
What this book covers
Chapter 1, Introduction to Ansible Automation Platform, is an introduction to the AAP. It goes over the details of the different services that make up the platform and their upstream counterparts. In addition, this chapter goes into detail about the various methods used in this book and how to use execution environments.
Chapter 2, Installing Ansible Automation Platform, covers the installation of AAP on servers. This covers planning and scoping an installation, how to install Galaxy NG on a machine, how to backup and restore an installation, and a brief overview of troubleshooting installations.
Chapter 3, Installing Ansible Automation Platform on OpenShift, explores the installation of AAP with operators on an OpenShift cluster. This includes installing AWX on minikube in a development setup, installing the Red Hat OpenShift Local (formerly, CodeReady Containers) service for development testing, and how to backup and restore installations on OpenShift.
Chapter 4, Configuring Settings and Authentication, goes into detail about configuring automation controller settings, Red Hat Single Sign-On server configuration, integrating Lightweight Directory Access Protocol (LDAP) from Microsoft AD, how to add users and teams to the Automation controller without LDAP, and how to add users and groups to the Automation Hub without an identity provider.
Chapter 5, Configuring the Basics after Installation, deals with the basics of creating organizations, creating and configuring credential types and credentials, and exporting configurations from the automation controller.
Chapter 6, Configuring Role-Based Access Control, focuses on configuring role-based access control settings for the automation controller and Automation Hub. This involves setting various permissions for all objects and types in the AAP.
Chapter 7, Creating Inventory, and Other Inventory Pieces, covers creating and configuring inventories, and using and configuring inventory sources. It also includes an overview of popular inventory plugins, the use of inventory plugins from collections, and goes into detail about creating custom inventory plugins.
Chapter 8, Creating Execution Environments, looks at what execution environments (EEs) are, how they are used, how to create and modify your own EE, and how to use roles to create EEs using CaC.
Chapter 9, Automation Hub Management, delves into Automation Hub management. This includes going into detail about different content sources, how to set up and synchronize certified and community collections, publishing custom collections, managing execution environments and registries, and connecting the Automation Hub to the automation controller.
Chapter 10, Creating Job Templates and Workflows, goes into detail about creating projects, job templates, and workflows. It also goes into detail about using surveys with job templates and workflows, workflow creation using modules and roles, and how to utilize job slicing.
Chapter 11, Creating Advanced Workflows and Jobs, goes into detail about designing playbooks and jobs in a workflow to take advantage of workflows. This includes creating nodes that contain information so that users do not need to hunt in a playbook, and using approval nodes to gain user input to allow a workflow to continue. Additionally, this chapter will go into detail about creating and using notifications.
Chapter 12, Using CI/CD to Interact with Automation Controller, is all about using continuous integration/continuous deployment (CI/CD) and Webhooks. This goes into detail about maintaining AAP with CaC with CI/CD, how to launch jobs, monitoring and interacting with workflows, how to launch ad hoc commands, and the use of backup and restore for the AAP using CI/CD.
Chapter 13, Integration with Other Services, focuses on integration with other services, such as Red Hat Insights, Splunk, and Prometheus. These different services each focus on a different aspect of information generated by the platform. This includes job and event logs and metrics. Having a searchable log of this information can be invaluable for detecting problems and trends as your automation grows.
Chapter 14, Automating at Scale with Automation Mesh, teaches you how to automate at scale with automation mesh. This chapter goes into detail about using instance groups to set where automation runs, the use of different node types to scale AAP, and how to design an installation that works across disparate networks.
Chapter 15, Using Automation Services Catalog, explores what exactly the Automation services catalog is, how to configure the various parts of it, how to create orders and products for users to consume, and how to use approval workflows.
To get the most out of this book
This book assumes you know the basics of Ansible and are able to install and use it on your preferred operating system. In addition, as this book covers AAP, it assumes that you are able to set up one of the following virtual machines, OpenShift, or a minikube instance.
The majority of the chapters assume you are using AAP. Instructions are provided on how to get a limited trial license for use in following along with the book, and there are also some instructions on how to install the developer versions of some software.
If you are using the digital version of this book, we advise you to type the code yourself or access the code from the book’s GitHub repository (a link is available in the next section). Doing so will help you avoid any potential errors related to the copying and pasting of code.
If you have found any issues or corrections, or if you have any suggestions or other feedback, feel free to open an issue in this book’s repository! I will strive to be present there and to maintain and update the code provided so that it continues to be useful, working, and accurate.
Download the example code files
You can download the example code files for this book from GitHub at https://github.com/PacktPublishing/Demystifying-Ansible-Automation-Platform. If there’s an update to the code, it will be updated in the GitHub repository.
We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!
Download the color images
We also provide a PDF file that has color images of the screenshots and diagrams used in this book. You can download it here: https://packt.link/USfpC.
Conventions used
There are a number of text conventions used throughout this book.
Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: “Each list item can contain options, such as extra_data and job_tags listed in the previous section, but additional fields are also used.”
A block of code is set as follows:
workflow_nodes: - identifier: Inventory Update related: unified_job_template: all_parents_must_converge: false extra_data: {}When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:
related: always_nodes: [] credentials: [] failure_nodes: [] success_nodes: - identifier: Template 1Any command-line input or output is written as follows:
$ ansible-galaxy collection install awx.awx redhat_cop.controller_configuration
$ ansible-navigator run demo.yml -m stdout
Bold: Indicates a new term, an important word, or words that you see onscreen. For instance, words in menus or dialog boxes appear in bold. Here is an example: “Select System info from the Administration panel.”
Tips or Important Notes
Appear like this.
Current published book version information
This book references Ansible and several collections in Galaxy. As is bound to happen, updates and improvements will be made. For reference, these are the versions this book uses at the time of publication:
Current Ansible Core version at the time of publication: 2.13Current AAP version at the time of publication: 2.2Current awx.awx collection version at the time of publication: 21.3.0Current redhat_cop.controller_configuration version at the time of publication: 2.1.6Current redhat_cop.ah_configuration version at the time of publication: 0.8.1Current redhat_cop.aap_utilities version at the time of publication: 2.1.0Current redhat_cop.ee_utilities version at the time of publication: 1.0.2Get in touch
Feedback from our readers is always welcome.
General feedback: If you have questions about any aspect of this book, email us at [email protected] and mention the book title in the subject of your message.
Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata and fill in the form.
Piracy: If you come across any illegal copies of our works in any form on the internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.
If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com
Share your thoughts
Once you’ve read Demystifying the Ansible Automation Platform, we’d love to hear your thoughts! Please click here to go straight to the Amazon review page for this book and share your feedback.
Your review is important to us and the tech community and will help us make sure we’re delivering excellent quality content.
Part 1: Getting Ansible Automation Platform Up and Running
There are a few ways to get Ansible Automation Platform installed, and this section will go through the various installation options, their pros and cons, and some initial configuration.
The following chapters are included in this section:
Chapter 1, Introduction to Ansible Automation PlatformChapter 2, Installing Ansible Automation PlatformChapter 3, Installing Ansible Automation Platform on OpenShiftChapter 4, Configuring Settings and Authentication1
Introduction to Ansible Automation Platform
Ansible Automation Platform (AAP) has many parts, with its most popular part being the Automation controller, previously known as Tower. First, we will cover the different parts of AAP and how they interact with each other.
In addition, there are multiple ways of interacting with the platform, including manually interacting with the web interface, and using Ansible modules and roles to configure different parts of the platform. These roles can be used to implement Configuration as Code (CaC).
In this chapter, we will cover the following topics:
AAP overviewKey differences between upstream and official Red Hat productsOverview of the methods that will be used in this bookExecution environments and Ansible NavigatorTechnical requirements
In this chapter, we will cover the platform and methods that will be used in this book. In the Overview of the methods that will be used in this book section, the code that will be referenced can be found at https://github.com/PacktPublishing/Demystifying-Ansible-Automation-Platform/tree/main/ch01. It is assumed that you have Ansible installed to run the code provided. Additional Python packages will be referenced for installation.
AAP overview
This book will mainly focus on the Ansible Automation controller, which is the largest part of AAP. Most of these components have upstream projects that they relate to and allow you to report issues, look at the code, and even contribute.
The platform is made up of the following parts:
Automation controller (formerly Red Hat Ansible Tower)Automation execution environments Automation hubAutomation services catalogRed Hat Insights for Red Hat AAPAnsible content toolsThis chapter will provide a brief description of each of these parts and how they relate to the Automation controller. A model of these relationships can be seen in the following diagram:
Figure 1.1 – AAP relationship model
In the next section, we will provide an overview of AAP, as shown in the preceding diagram.
Automation controller (Red Hat Ansible Tower)
The Automation controller is the workhorse of AAP. It is the central place for users to run their Ansible automation. It provides a GUI, Role-Based Access Control (RBAC), and an API. It allows you to scale and schedule your automation, log events, link together playbooks in workflows, and much more. Later in this book, we will look at the functions of the controller in more detail.
Up until recently, the Automation controller was referred to as Ansible Tower until it was split to be the Automation controller and various execution environments. This removed the reliance on Python virtual environments and allowed the platform and the command line to use execution containers.
Note
This book will refer to the Ansible Automation controller, though 90% of the time, it will still apply to the older versions of Tower.
But what does the Automation controller have to do with Ansible? The short answer is that the controller runs Ansible. It provides an environment that allows jobs to be repeated in an idempotent fashion – in other words, a repeatable way that does not change the final state. It does so by storing inventories, credentials, jobs, and other related objects in a centralized place. Add in RBAC, credential management, logging, schedules, and notifications and you can execute Ansible so that it's more like a service, rather than a script.
The upstream version of the Automation controller is AWX. It can be found at https://galaxy.ansible.com/awx/awx. AWX is an unsupported version of the controller and was built to be installed inside a Kubernetes cluster of some kind. It is frequently updated, and upgrades between versions are not tested. Fixes are not backported to previous AWX versions as they are with the Automation controller and Tower. For these reasons, it's recommended for enterprise users to use the Automation controller.
The Automation controller will pull collections and roles from Ansible Galaxy or a configured Automation hub. It will also pull container images from an image repository or Automation hub if none are specified.
Automation execution environments
The Automation execution environments are something new that was introduced with AAP 2.0. Previously, Ansible Tower relied on Python virtual environments to execute everything. This was not portable and sometimes made development difficult. With the introduction of execution environments, Ansible can now be run inside portable containers called execution environments. These containers are built from base images provided by Ansible that can be customized. Details of that customization will be covered in Chapter 8, Creating Execution Environments.
Execution environments can be built using the ansible-builder CLI tool, which takes definition files to describe what to add to a base image. They then can be executed using the ansible-navigator CLI/TUI tool to execute local playbooks. These same containers can be used inside the Ansible controller to execute playbooks as well, decreasing the difference between executing something locally and on the controller.
Automation hub
The Automation hub is an on-premises deployment of Ansible Galaxy (https://galaxy.ansible.com/). It can host collections and container images. It can be configured to get certified collections from Red Hat's Content Collections of certified content that reside on their Automation hub at https://console.redhat.com/ansible/automation-hub, from the public Ansible Galaxy, or any valid collection that's been uploaded by an administrator. It is also a place for users to go to discover collections that have been created by other groups inside an organization. The upstream repository of the Automation hub is Galaxy_ng (https://github.com/ansible/galaxy_ng). It is based on pulp and has much of the same features as the Automation hub.
Collections have replaced roles in terms of a form of distributing content. They contain playbooks, roles, modules, and plugins. They should be used so that code can be reused across playbooks. Automation hub was built so that users could store and curate collections on-premises without resorting to storing tarballs in a Git repository or a direct connection to Ansible Galaxy.
When you're installing Automation hub, it is possible to set up an image repository as well to host execution environment container images. This is not present when you're using the OpenShift operator as it is assumed that if you have an OpenShift cluster, you should already have an image repository.
Automation services catalog
The Automation services catalog provides a frontend for users to run automation using a simplified GUI that is separate from the Ansible Automation controller. It allows for multiple controllers to be linked to it, and for users to order products that will launch jobs. It also allows users to approve jobs through the services catalog. It is an extension of the Automation controller. A good example of this service can be found at https://www.youtube.com/watch?v=Ry_ZW78XYc0.
Red Hat Insights for Red Hat AAP
Red Hat Insights provides a dashboard that contains health information and statistics about jobs and hosts. It can also calculate savings from automation to create reports. Go to the following website to access the Insights dashboard: https://console.redhat.com/ansible/ansible-dashboard.
This includes the following:
Monitoring the Automation controller's cluster health Historical job success/failure over timeAn automation calculator to approximate time and money that's been saved by using automationAnsible content tools
While not directly related to the Ansible controller, Ansible has tools that assist in creating and developing playbooks and execution environments. These include the CLI/TUI tool known as ansible-navigator, which allows users to run playbooks in an execution environment, the ansible-builder CLI tool, which can be used to create execution environments, and ansible-lint, a linter that you can use to check your code to make sure it follows best practices and conventions, as well as identifying errors in code.
Another tool is the Ansible VS Code Extension for Visual Studio Code at https://marketplace.visualstudio.com/items?itemName=redhat.ansible. This is an IDE extension for syntax highlighting, keywords, module names, and module options. While there are several code editors out there, including Visual Studio Code, Atom, and PyCharm, to name a few, the Ansible Visual Studio Code Extension is a great way to double-check your Ansible work.
That concludes our overview of AAP. Now, let's address how this book goes about interacting with the different parts of the platform.
Key differences between upstream and official Red Hat products
Earlier, we briefly mentioned upstream projects. The key ones are AWX and Galaxy_ng. These projects are built to be bleeding edge regarding rapid changes as developers from both the public and Red Hat make changes and improvements. Things are expected to break, and the upgrade path from one version to another is not guaranteed or tested. Bug fixes are also not backported to previous versions. However, their downstream versions, such as the Automation controller and Automation hub, go through rigorous testing, including testing on upgrading from one version to another. Not all the changes that are made upstream make it to the next release of the downstream product. In addition, most bug fixes do get backported to previous versions.
For these reasons, it is not recommended to use upstream products in production. Because of these caveats, they are fine for a home lab, proof of concept, and development, but not production.
Overview of the methods that will be used in this book
This book is built around defining CaC. What this means is that along with showing you how to define something in the GUI, a more Ansible approach will be presented. Ansible is a method of automation, and time and time again I have seen folks manually creating and setting their automation through manual processes. In that vein, this will serve as a guide to automating your automation through code.
The benefits of CaC are as follows:
Standardized settings across multiple instances, such as development and production.Version control is inherent to storing your configuration in a Git repository. Easy to track changes and troubleshoot problems caused by a change.Ability to use CI/CD processes to keep deployments up to date and prevent drift.A best practice is that you create a development environment to make changes, initial deployments, and run tests. Nothing ever runs perfectly the first time – it is through iteration that things improve, including your automation. Through the methods described here, using this method helps prevent drift and allows you to keep multiple instances of an Automation controller configured and synced, such as development and production, which should be a simple process.
There are three approaches you can take to managing the services as part of AAP: the manual approach and managing the configuration through Ansible modules or roles.
Introduction to the roles and modules that will be used in this book
Throughout this book, various roles and modules will be referred to that belong to collections. Collections are a grouping of modules, roles, and plugins that can be used in Ansible.
awx.awx, ansible.tower, and ansible.controller are module collections that can be used interchangeably. These are all built off of the same code base. Each is built to be used with their respective product – that is, AWX, Tower, and the Automation controller.
redhat_cop.controller_configuration is a role-based collection. This means that it is a set of roles that's been built to use one of the three aforementioned collections to take definitions of objects and push their configurations to the Automation controller/Tower/AWX.
The redhat_cop.ah_configuration collection is built to manage the Automation hub. It contains a combination of modules and roles that are designed to manage and push configuration to the hub. It is built on the code from both of the previous collections, but specifically is tailored to the Automation hub.
redhat_cop.ee_utilties is built to help build execution environments. Its role is to help migrate from Tower to the Automation controller and build execution environments from definition variables.
The last one we will mention is redhat_cop.aap_utilities. This is a collection that was built to help with installing a backup and restore of the Automation controller and other useful tools that don't belong with the other controller collections.
The manual approach
Nearly everything after the installer can be set manually through the GUI. This involves navigating to the object page, making a change, and saving it, which works fine if you are only managing a handful of things, or making one small change. For example, to create an organization using the Ansible controller web interface, follow these steps:
Navigate to the Ansible controller web interface; for example, https://10.0.0.1/.Log in using your username and password.On the home page in the left-hand section, select Organizations | Add.Fill in the name, description, and any other pertinent sections.Click Save.The following screenshot shows an example of the page where you can add an organization:
Figure 1.2 – Create New Organization
This method can be repeated for all the objects in the Automation controller. Although it is prone to mistakes, it can be useful for making quick changes when you're testing before committing the changes to code.
Using Ansible to manage the configuration
The best method is using Ansible to automate and define your deployment. The Ansible team has created a collection of modules that you can use to interact with the Automation controller. Upstream, this is known as awx.awx, and the official collection is named ansible.controller. The code is roughly the same between the two, but the latter has gone through additional testing and is supported by Red Hat. ansible-galaxy will need to be used to install the collections. You can use either of the two commands to do so:
ansible-galaxy collection install awx.awx redhat_cop.controller_configuration
ansible-galaxy collection install -r requirements.yml
This file can be found in /ch01/requirements.yml in this book's GitHub repository: https://github.com/PacktPublishing/Demystifying-Ansible-Automation-Platform.
There is a module for each object in the Automation controller. For example, the following module is used to create an organization:
// create_organization_using_module.yml --- - name: Create Organization hosts: localhost connection: local gather_facts: false collections: - ansible.controller tasks: - name: Create Organization ansible.controller.organization: name: Satellite controller_host: https://10.0.0.1 controller_username: admin controller_password: password validate_certs: false ...These modules do the heavy lifting of finding object IDs and creating the related links between various objects. This especially simplifies the creation of an object such as a job template.
Alongside this collection of modules, consultants at Red Hat, and a few other people working with the Ansible Automation controller, came up with the redhat_cop.controller_configuration collection. A series of roles was created to wrap around either the awx.awx or ansible.controller collection, to make it easier to invoke the modules and define a controller instance, as well as several other collections to help manage other parts of AAP. This book will assume you are using one of these two collections in conjunction with the redhat_cop collections.
The basic idea of the controller configuration collection is to have a designated top-level variable to loop over and create each object in the controller. The following is an example of using the controller configuration collection:
// create_organization_using_role.yml --- - name: Playbook to push organizations to controller hosts: localhost connection: local vars: controller_host: 10.0.0.1 controller_username: admin controller_password: password controller_validate_certs: false controller_organizations: - name: Satellite - name: Default collections: - awx.awx - redhat_cop.controller_configuration roles: - redhat_cop.controller_configuration.organizations ...This allows you to define the objects as variables, invoke the roles, and have everything created in the controller. It is often easier to import a folder full of variable files, such as the following task:
// create_objects_using_role_include_files.yaml --- - name: Playbook to push objects to controller hosts: localhost connection: local collections: - awx.awx - redhat_cop.controller_configuration pre_tasks: - name: Include vars from configs directory include_vars: dir: ./configs extensions: ["yml"] roles: - redhat_cop.controller_configuration.organizations - redhat_cop.controller_configuration.projects ...The included files define the organizations exactly like the previous task, but the projects are defined as follows:
configs/projects.yaml --- controller_projects: - name: Test Project scm_type: git scm_url: https://github.com/ansible/tower-example.git scm_branch: master scm_clean: true description: Test Project 1 organization: Default wait: true update: true - name: Test Project 2 scm_type: git scm_url: https://github.com/ansible/ansible-examples.git description: Test Project 2 organization: Default ...Because the GUI, modules, and roles are all the same information in different forms, each section will contain details about creating the YAML definitions and how to use them.
Using these methods is the primary way to interact with AAP as a whole. The focus will be on CaC since it is the recommended way of interacting with the Automation services. Like most tasks in Ansible, it is one of many ways to do the same thing.
Execution environments and Ansible Navigator
A newer feature of Ansible is the addition of execution environments. These are prebuilt containers that are made to run Ansible playbooks. These replace using Python virtual environments as the standard way of using different versions of Python and Python packages. The Ansible controller takes advantage of these environments to scale and run job templates as well. They solve the issue of it works for me, maintaining different environments across all nodes, and other problems that arose from the previous solution. They also double as a simplified developmental version of the Automation controller for testing a job template when you're using the same container as the controller:
Figure 1.3 – Ansible Navigator inputs
ansible-navigator was built to replace ansible-playbook; it allows you to run playbooks in a container in the command line, similar to how jobs are run inside the controller. To install ansible-navigator, use the pip3 install 'ansible-navigator[ansible-core]' command on your desired machine. Afterward, you can run the demo.yml playbook in the ch01 folder:
//demo.yml --- - name: Demo Playbook hosts: localhost gather_facts: false tasks: - debug: msg: Hello world ...To run this playbook in a container, use the ansible-navigator run demo.yml-m stdout command. It should output a Hello world message. Using the –ee or –eei option, the execution environment can be specified. This allows the user to use the same execution environment that was used in the controller for testing and development.
Additional Python libraries and collections can be added to an execution environment, which will be covered in Chapter 8, Creating Execution Environments. Additional information can also be found at https://ansible-builder.readthedocs.io/en/stable/.
Summary
Now that you know how AAP interacts with services and have been introduced to the methods that will be used in this book, you are armed with the information you need to go further.
