Ansible is a simple and powerful automation tool. We can automate any kind of workflow using Ansible but if we increase complexity in automation, we decrease efficiency, which kills productivity. When you design an automated solution or use case, you must consider multiple factors, such as the capability of the tool and flexibility in adjusting the automation’s flow or scalability.

For example, it is possible to write simple playbooks to monitor the service status in a system or to check the health of an application. But this is not efficient as you need other arrangements such as job schedulers to execute the job at regular intervals and monitor the execution. Instead of using Ansible natively for complex automation tasks, we can utilize the integration capabilities of the Ansible automation controller and other systems. We can use the existing tools for monitoring, logging, and security control, and use Ansible for remediation actions...

The following are the technical requirements for this chapter:

• Basic knowledge of monitoring and logging platforms
• General knowledge about security platforms
• Basic knowledge about IT Service Management (ITSM) tools (Jira and ServiceNow)
• Access to the Ansible Automation Platform (AAP) environment

All the Ansible artifacts, commands, and snippets for this chapter can be found in this book’s GitHub repository at https://github.com/PacktPublishing/Ansible-for-Real-life-Automation/tree/main/Chapter-14.

In Chapter 8, Helping the Database Team with Automation, you learned the advantages of integrating Jira service management with Ansible to automate database operations. Instead of copying the input details from the Jira ticket to the Ansible automation controller, you learned how to integrate with Jira and pass the variables automatically. This enables zero-touch integration without needing to input the details for the automation job, such as the database name, server name, database username, or database tables.

You learned about similar samples in Chapter 12, Integrating Jenkins with Ansible Automation Platform, where Jenkins calls the Ansible automation controller API to execute the job template. From the Ansible automation controller, you used survey fields and elegant forms to pass such information:

Figure 14.1 – Survey form for the PostgreSQL – Create Database and User Access job template

When we...

Because Ansible is flexible and can automate most of your day-to-day jobs, it is a common practice to automate every possible use case, even if it is not efficient. One of the so-called non-standard use cases we have learned from the community is using Ansible for monitoring purposes, as follows:

• Monitoring the service or application status in a system
• Running health checks on endpoints (applications, web services, or clusters)
• Monitoring network and security device rules or status

The following diagram shows a typical scenario where Ansible automation jobs are scheduled to run health checks on managed nodes or applications. These jobs can be either running as cron jobs from an Ansible control node or as a scheduled job in an Ansible automation controller:

Figure 14.3 – Using scheduled automation jobs for monitoring

This method is possible and easy to implement but is not efficient. It...

Security hardening is the practice of securing the hosts, networking devices, and applications by reducing the attack surface. There are multiple ways to implement security hardening, such as configuring the system appropriately, installing the latest version of the software (or firmware), or disabling unwanted configurations. Organizations use different security benchmarking methods and standards based on the requirements. Center for Internet Security (CIS) is one of the well-known organizations that provides the necessary enterprise standard benchmarks and CIS controls (https://www.cisecurity.org/about-us).

Log in and download the benchmark documents for operating systems or platforms for free, as shown in the following screenshot:

Figure 14.11 – CIS Benchmark download page for Kubernetes

It is not easy to configure the systems based on these benchmarks as hundreds of rules and configuration items must be executed...

It is possible to create any number of tasks in a single playbook and make it a long workflow. For example, a Linux operating system job template can include the following tasks:

1. Create a VM snapshot before you start patching.
2. Save the configuration file backups.
3. Stop the services inside the system.
4. Perform various Linux operating system patching tasks.
5. Reboot the system.
6. Wait for the system to boot up and start the necessary services.
7. Handle the VM snapshot restore operation in the same job if the VM reboot is not successful.

Note that most of the tasks can be reused as individual jobs for creating snapshots, stopping services, or configuration backup.

Instead of developing long, complex job templates, utilize the workflow templates in the automation controller to create modular job workflows and handle tasks based on success/failure status. Workflow templates are created by stitching multiple job templates together...

In this chapter, you learned about the importance of simplifying Ansible automation. You explored the advantages of survey features in the automation controller and soft coding opportunities to accept parameters dynamically. This method helps you reuse the same playbook and job templates for different devices and scenarios.

Then, you learned about the integration options between Ansible and other monitoring and alerting tools to implement zero-touch incident fixes. It is possible to utilize the existing ITSM tools and workflows to trigger Ansible automation controller jobs based on the rules and conditions. By utilizing the power of monitoring tools and the automation capabilities of Ansible, an efficient monitoring and remediation system can be implemented.

After that, you explored similar integration opportunities within the security domain for automating threat detection and automated remediation using an automation controller. The security modules and collections...