Cloud & Networking
Reader small image

You're reading from  Ansible for Real-Life Automation

Product typeBook
Published inSep 2022
PublisherPackt
ISBN-139781803235417
Edition1st Edition
Concepts
DevOps
Right arrow
Author (1)
Gineesh Madapparambath
Gineesh Madapparambath
author image
Gineesh Madapparambath

Gineesh Madapparambath has over 15 years of experience in IT service management and consultancy with experience in planning, deploying, and supporting Linux-based projects. He has designed, developed, and deployed automation solutions based on Ansible and Ansible Automation Platform (formerly Ansible Tower) for bare metal and virtual server building, patching, container management, network operations, and custom monitoring. Gineesh has coordinated, designed, and deployed servers in data centers globally and has cross-cultural experience in classic, private cloud (OpenStack and VM ware), and public cloud environments (AWS, Azure, and Google Cloud Platform). Gineesh has handled multiple roles such as systems engineer, automation specialist, infrastructure designer, and content author. His primary focus is on IT and application automation using Ansible, containerization using OpenShift (and Kubernetes), and infrastructure automation using Terraform.
Read more about Gineesh Madapparambath

Right arrow

Keeping Automation Simple and Efficient

Ansible is a simple and powerful automation tool. We can automate any kind of workflow using Ansible but if we increase complexity in automation, we decrease efficiency, which kills productivity. When you design an automated solution or use case, you must consider multiple factors, such as the capability of the tool and flexibility in adjusting the automation’s flow or scalability.

For example, it is possible to write simple playbooks to monitor the service status in a system or to check the health of an application. But this is not efficient as you need other arrangements such as job schedulers to execute the job at regular intervals and monitor the execution. Instead of using Ansible natively for complex automation tasks, we can utilize the integration capabilities of the Ansible automation controller and other systems. We can use the existing tools for monitoring, logging, and security control, and use Ansible for remediation actions...

Technical requirements

The following are the technical requirements for this chapter:

  • Basic knowledge of monitoring and logging platforms
  • General knowledge about security platforms
  • Basic knowledge about IT Service Management (ITSM) tools (Jira and ServiceNow)
  • Access to the Ansible Automation Platform (AAP) environment

All the Ansible artifacts, commands, and snippets for this chapter can be found in this book’s GitHub repository at https://github.com/PacktPublishing/Ansible-for-Real-life-Automation/tree/main/Chapter-14.

Utilizing surveys and automated inputs

In Chapter 8, Helping the Database Team with Automation, you learned the advantages of integrating Jira service management with Ansible to automate database operations. Instead of copying the input details from the Jira ticket to the Ansible automation controller, you learned how to integrate with Jira and pass the variables automatically. This enables zero-touch integration without needing to input the details for the automation job, such as the database name, server name, database username, or database tables.

You learned about similar samples in Chapter 12, Integrating Jenkins with Ansible Automation Platform, where Jenkins calls the Ansible automation controller API to execute the job template. From the Ansible automation controller, you used survey fields and elegant forms to pass such information:

Figure 14.1 – Survey form for the PostgreSQL – Create Database and User Access job template

When we...

Integrating Ansible with monitoring tools

Because Ansible is flexible and can automate most of your day-to-day jobs, it is a common practice to automate every possible use case, even if it is not efficient. One of the so-called non-standard use cases we have learned from the community is using Ansible for monitoring purposes, as follows:

  • Monitoring the service or application status in a system
  • Running health checks on endpoints (applications, web services, or clusters)
  • Monitoring network and security device rules or status

The following diagram shows a typical scenario where Ansible automation jobs are scheduled to run health checks on managed nodes or applications. These jobs can be either running as cron jobs from an Ansible control node or as a scheduled job in an Ansible automation controller:

Figure 14.3 – Using scheduled automation jobs for monitoring

This method is possible and easy to implement but is not efficient. It...

Ansible for security automation

Security hardening is the practice of securing the hosts, networking devices, and applications by reducing the attack surface. There are multiple ways to implement security hardening, such as configuring the system appropriately, installing the latest version of the software (or firmware), or disabling unwanted configurations. Organizations use different security benchmarking methods and standards based on the requirements. Center for Internet Security (CIS) is one of the well-known organizations that provides the necessary enterprise standard benchmarks and CIS controls (https://www.cisecurity.org/about-us).

Log in and download the benchmark documents for operating systems or platforms for free, as shown in the following screenshot:

Figure 14.11 – CIS Benchmark download page for Kubernetes

It is not easy to configure the systems based on these benchmarks as hundreds of rules and configuration items must be executed...

Ansible workflow templates

It is possible to create any number of tasks in a single playbook and make it a long workflow. For example, a Linux operating system job template can include the following tasks:

  1. Create a VM snapshot before you start patching.
  2. Save the configuration file backups.
  3. Stop the services inside the system.
  4. Perform various Linux operating system patching tasks.
  5. Reboot the system.
  6. Wait for the system to boot up and start the necessary services.
  7. Handle the VM snapshot restore operation in the same job if the VM reboot is not successful.

Note that most of the tasks can be reused as individual jobs for creating snapshots, stopping services, or configuration backup.

Instead of developing long, complex job templates, utilize the workflow templates in the automation controller to create modular job workflows and handle tasks based on success/failure status. Workflow templates are created by stitching multiple job templates together...

Summary

In this chapter, you learned about the importance of simplifying Ansible automation. You explored the advantages of survey features in the automation controller and soft coding opportunities to accept parameters dynamically. This method helps you reuse the same playbook and job templates for different devices and scenarios.

Then, you learned about the integration options between Ansible and other monitoring and alerting tools to implement zero-touch incident fixes. It is possible to utilize the existing ITSM tools and workflows to trigger Ansible automation controller jobs based on the rules and conditions. By utilizing the power of monitoring tools and the automation capabilities of Ansible, an efficient monitoring and remediation system can be implemented.

After that, you explored similar integration opportunities within the security domain for automating threat detection and automated remediation using an automation controller. The security modules and collections...

lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 18 of 22
Next Chapter
You have been reading a chapter from
Ansible for Real-Life Automation
Published in: Sep 2022Publisher: PacktISBN-13: 9781803235417
© 2022 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at €14.99/month. Cancel anytime

Author (1)

author image
Gineesh Madapparambath

Gineesh Madapparambath has over 15 years of experience in IT service management and consultancy with experience in planning, deploying, and supporting Linux-based projects. He has designed, developed, and deployed automation solutions based on Ansible and Ansible Automation Platform (formerly Ansible Tower) for bare metal and virtual server building, patching, container management, network operations, and custom monitoring. Gineesh has coordinated, designed, and deployed servers in data centers globally and has cross-cultural experience in classic, private cloud (OpenStack and VM ware), and public cloud environments (AWS, Azure, and Google Cloud Platform). Gineesh has handled multiple roles such as systems engineer, automation specialist, infrastructure designer, and content author. His primary focus is on IT and application automation using Ansible, containerization using OpenShift (and Kubernetes), and infrastructure automation using Terraform.
Read more about Gineesh Madapparambath

Personalised recommendations for you

Based on your interests and search pattern

Designing and Implementing Microsoft Azure Networking Solutions

Designing and Implementing Microsoft Azure Networking Solutions

Designing and Implementing Microsoft Azure Networking Solutions Exam Ref AZ-700 is an all-encompassing guide to the AZ-700 exam and contains all the information you need to succeed in the world of virtual networking with Azure. With this book, you will be fully prepared for the exam and the world of cloud networking.

BookAug 2023524 pages
Microsoft 365 Security, Compliance, and Identity Administration

Microsoft 365 Security, Compliance, and Identity Administration

The Microsoft 365 Security, Compliance, and Identity Administration is a comprehensive guide that helps you employ Microsoft 365's robust suite of features and empowers you to optimize your administrative tasks.

BookAug 2023630 pages
Zero Trust Overview and Playbook Introduction

Zero Trust Overview and Playbook Introduction

Get started on Zero Trust with this step-by-step playbook and learn everything you need to know for a successful Zero Trust journey with tailored guidance for every role, covering strategy, operations, architecture, implementation, and measuring success. This book will become an indispensable reference for everyone in your organization.

BookOct 2023240 pages
The Self-Taught Cloud Computing Engineer

The Self-Taught Cloud Computing Engineer

This self-study book helps you master multiple clouds, including AWS, Azure, and GCP, and serves as a roadmap to becoming a certified cloud computing expert. The book will guide you to develop a professional cloud career by helping you build a broad cloud knowledge base, developing hands-on cloud computing skills, and getting cloud certified.

BookSep 2023472 pages
Technology Operating Models for Cloud and Edge

Technology Operating Models for Cloud and Edge

This book will help you build and create ownership of a technology operating model, as well as connect your leadership with engineering and operations, keeping your internal and external customers in mind. It provides practical tips on why, where, and how to make the cloud and edge platform paradigm sing for you, your team, and your organization.

BookAug 2023228 pages
Azure Architecture Explained

Azure Architecture Explained

Azure is the preferred platform to build mission-critical and secure apps. This book provides comprehensive coverage of essential Azure products, services, and solutions vital for every solution architect's success. Elevate your knowledge and master the critical components of Azure to excel in your role with Azure Architecture Explained.

BookSep 2023446 pages
Pentesting Active Directory and Windows-based Infrastructure

Pentesting Active Directory and Windows-based Infrastructure

This practical guide helps you explore the pentesting of Microsoft infrastructure in detail, and enhances your offensive skillset by showing you the different ways to perform security assessment. This book will help blue teamers and IT engineers get up to speed with possible security issues they may encounter in their Windows environments.

BookNov 2023360 pages
Practical Ansible

Practical Ansible

In Practical Ansible, you'll work with the latest release of Ansible and learn to solve complex issues quickly with the help of task-oriented scenarios. You'll start by installing and configuring Ansible to automate monotonous and repetitive IT tasks and get to grips with concepts such as playbooks, inventories, plugins, collections, and network modules.

BookSep 2023420 pages
Windows 11 for Enterprise Administrators

Windows 11 for Enterprise Administrators

Microsoft’s launch of Windows 11 is a step toward satisfying the enterprise administrator’s needs for better management and enhanced user experience customization. This book provides the enterprise administrator with the knowledge needed to fully utilize the advanced feature set of Windows 11 Enterprise.

BookOct 2023286 pages
The Linux DevOps Handbook

The Linux DevOps Handbook

This book is for software and IT professionals seeking knowledge on Linux systems and DevOps practices. This book will provide you with guidance and tools to learn and gain proficiency in managing Linux-based infrastructures and knowledge of DevOps.

BookNov 2023428 pages2