Ansible for Real-Life Automation E-Book

Ansible for Real-Life Automation

A complete Ansible handbook filled with practical IT automation use cases

Gineesh Madapparambath

BIRMINGHAM—MUMBAI

Ansible for Real-Life Automation

Copyright © 2022 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author nor Packt Publishing or its dealers and distributors will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Group Product Manager: Rahul Nair

Publishing Product Manager: Meeta Rajani

Senior Content Development Editor: Sayali Pingale

Technical Editor: Shruthi Shetty

Copy Editor: Safis Editing

Project Manager: Neil Dmello

Proofreader: Safis Editing

Indexer: Hemangini Bari

Production Designer: Shyam Sundar Korumilli

Marketing Coordinator: Nimisha Dua

Senior Marketing Coordinator: Sanjana Gupta

First published: September 2022

Production reference: 1020922

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham

B3 2PB, UK.

978-1-80323-541-7

www.packt.com

To my wife, Deepthy, for supporting and motivating me as always. To my son, Abhay, for allowing me to take time away from playing with him to write the book. To my parents and my ever-supportive friends, for their motivation and help.

- Gineesh Madapparambath

Contributors

About the author

Gineesh Madapparambath has over 15 years of experience in IT service management and consultancy with experience in planning, deploying, and supporting Linux-based projects.

He has designed, developed, and deployed automation solutions based on Ansible and Ansible Automation Platform (formerly Ansible Tower) for bare metal and virtual server building, patching, container management, network operations, and custom monitoring. Gineesh has coordinated, designed, and deployed servers in data centers globally and has cross-cultural experience in classic, private cloud (OpenStack and VMware), and public cloud environments (AWS, Azure, and Google Cloud Platform).

Gineesh has handled multiple roles such as systems engineer, automation specialist, infrastructure designer, and content author. His primary focus is on IT and application automation using Ansible, containerization using OpenShift (and Kubernetes), and infrastructure automation using Terraform.

About the reviewers

Vijay Jadhav is a solutions architect based out of Mumbai, India, with over two decades of experience in different roles in the IT industry. For the last 10 years, he has been working as an SME in cloud computing designing cloud-native applications using microservices-based architecture, and automated provisioning and de-provisioning of cloud resources using IaaC tools such as Ansible and Terraform. He currently works as a cloud architect at Cisco driving the innovation and adoption of next-gen technologies.

Vijay is a husband and a dad to an 8-year-old son. He spends his spare time (if such a thing does truly exist) watching popular movies and web series on OTT platforms.

Sean Cavanaugh is a senior principal technical marketing manager for Red Hat Ansible Automation Platform, where he brings over 12 years of experience in building and automating computer networks. Sean previously worked for both Cumulus Networks (acquired by Nvidia) and Cisco Systems where he helped customers deploy, manage, and automate their network infrastructures. He resides in Chapel Hill, NC, with his wife and children, and tweets from @IpvSean.

I’d like to thank my wife, who is truly my partner. She has her own career and workload outside the IT industry but is always committed to helping me succeed in all my endeavors. I have had a really exciting career getting to work with very intelligent people that constantly challenge me and make me a better person. Thank you to all my co-workers past and present that have helped me along my path.

Sreejith Anujan is a cloud technology professional with more than 15 years of experience in on-premises data center solutions and 10 years of experience in working with public cloud providers. He enjoys working with customers on their enablement plans to upskill the technical team on container and automation tooling. In his current role as a principal instructor within Red Hat, Sreejith is responsible for designing and delivering custom and tailored technology training and workshops to strategic customers across the Asia-Pacific region.

I would like to show my gratitude to the free software and open source community volunteers who have helped me in my journey so far. The sense of collaboration and free contribution are two values that make me cherish being part of those communities. A huge shout-out to my family, especially my wife for supporting our kids while I was busy traveling across the APAC region for my professional commitments!

Table of Contents

Preface

Part 1: Using Ansible as Your Automation Tool

1

Ansible Automation – Introduction

Technical requirements

Hello engineers!

What is Ansible? Where should I use this tool?

Prerequisites

Ansible control node requirements

Ansible managed node requirements

Ansible is agentless

Ansible architecture

Ansible inventory

Ansible plugins

Ansible modules

Ansible content collections

Ansible playbook

Ansible use cases

Installing Ansible

Verify dependencies

Installing Ansible using the package manager

Installing Ansible using Python pip

Deploying Ansible

Creating an Ansible inventory

Configuring your managed nodes

Setting up SSH key-based authentication

Multiple users and credentials

Ansible ad hoc commands

Installing a package using Ansible

Summary

Further reading

2

Starting with Simple Automation

Technical requirements

Identifying manual tasks to be automated

Finding the Ansible modules to use

Configuring your text editor for Ansible

Connecting to remote nodes

Summary

Further reading

3

Automating Your Daily Jobs

Technical requirements

Using Ansible to collect server details

Ansible roles

Ansible Jinja2 templates

Collecting system information

System scanning and remediation using Ansible

Ansible --extra-vars

Automated weekly system reboot using Ansible

Automating notifications

Encrypting sensitive data using Ansible Vault

Summary

Further reading

4

Exploring Collaboration in Automation Development

Technical requirements

The importance of version control in IT automation

Selecting a Git server

Where should I keep automation artifacts?

Ansible and Git repositories – best practices

Managing automation content in a Git server

Setting up a GitHub account

Creating your first Git repository

Installing Git on a local machine

Configuring SSH keys in GitHub

Adding content to the Git repository

Collaboration is the key to automation

Using Git branching

Implementing Git branching

Summary

Further reading

Part 2: Finding Use Cases and Integrations

5

Expanding Your Automation Landscape

Technical requirements

Finding your automation use cases in your day-to-day work

Assessing the tasks

Ansible and ITSM

Automation and Information Technology Infrastructure Library compliance

Automation feasibility and usability

How complex is the use case?

Can I reduce human error?

Can I reduce the deployment time and speed up my tasks?

How frequently am I doing this task?

How much time can I save by automating this task?

Can I save some money?

Involving teams in the automation journey

Ansible dynamic inventory

Using the Ansible dynamic inventory with AWS

Summary

Further reading

6

Automating Microsoft Windows and Network Devices

Technical requirements

Ansible remote connection methods

Ansible connection variables

SSH connection parameters

Automating Microsoft Windows servers using Ansible

Supported Microsoft Windows operating systems

Microsoft Windows automation – Ansible control node prerequisites

Microsoft Windows automation – managed node prerequisites

Configuring the user account and WinRM on a Microsoft Windows machine

Configuring Ansible to access the Microsoft Windows machine

Microsoft Windows automation – using Ansible to create a Windows user

Introduction to network automation

Task execution on an Ansible control node

Different connection methods

VyOS information gathering using Ansible

Creating ACL entries in a Cisco ASA device

Summary

Further reading

7

Managing Your Virtualization and Cloud Platforms

Technical requirements

Introduction to Infrastructure as Code

Managing cloud platforms using Ansible

Automating VMware vSphere resources using Ansible

Ansible VMware automation prerequisites

Provisioning VMware virtual machines in Ansible

Using Ansible as an IaC tool for AWS

Installing the Ansible AWS collection

Creating Ansible IaC content for the AWS infrastructure

Completing the IaC life cycle by using a destroy playbook

Creating resources in GCP using Ansible

Prerequisite for Ansible GCP automation

GCP free trial

Configuring GCP credentials

Creating a GCP instance using Ansible

Summary

Further reading

8

Helping the Database Team with Automation

Technical requirements

Ansible for database operations

Installing database servers

Installing PostgreSQL using Ansible

Installing Microsoft SQL Server on Linux

Creating and managing databases using Ansible

Ansible community.postgresql prerequisites

Managing the database life cycle

Automating PostgreSQL operations

Managing PostgreSQL remote access

Database backup and restore

Automating a password reset using ITSM and Ansible

Ansible playbook for resetting passwords

Summary

Further reading

9

Implementing Automation in a DevOps Workflow

Technical requirements

A quick introduction to DevOps

Continuous delivery versus continuous deployment

Ansible inside CI/CD tasks

Using Ansible inside a Jenkins pipeline

Serving applications using a load balancer

Rolling updates using Ansible

Steps involved in an application update

Deploying updates in a batch of managed nodes

Deploying updates on multiple servers without service downtime

Using Ansible as a provisioning tool in Terraform

Using Terraform’s local-exec provisioner with Ansible

Using Terraform’s remote-exec provisioner with Ansible

Summary

Further reading

10

Managing Containers Using Ansible

Technical requirements

Managing the container host

Ansible Docker prerequisites

Installing Docker on the host using Ansible

Ansible, containers, and CI/CD

Managing containers using Ansible

Starting a Docker container using Ansible

Stopping Docker containers using Ansible

Managing container images using Ansible

Configuring Docker Registry access

Building container images using Ansible

Managing multi-container applications using Ansible

Summary

Further reading

11

Managing Kubernetes Using Ansible

Technical requirements

An introduction to Kubernetes

The Kubernetes control plane

Components on the nodes

Managing Kubernetes clusters using Ansible

Configuring Ansible for Kubernetes

Python requirements

Installing the Ansible Kubernetes collection

Connecting Ansible to Kubernetes

Installing the kubectl CLI tool

Verifying the Kubernetes cluster details using Ansible

Deploying applications to Kubernetes using Ansible

Scaling Kubernetes applications

Scaling Kubernetes Deployments using Ansible

Executing commands inside a Kubernetes Pod

Summary

Further reading

12

Integrating Ansible with Your Tools

Technical requirements

Introduction to Red Hat AAP

Features of Red Hat AAP

Red Hat AAP components

Ansible automation controller

Automation execution environments

The automation mesh

Automation Hub

Database management using Red Hat AAP

Accessing the Ansible automation controller

Creating a project in automation controller

Creating the inventory and managed nodes

Creating credentials in the automation controller

Creating a new job template

Executing an automation job from the automation controller

Integrating Jenkins with AAP

Ansible Tower plugin for Jenkins

Multibranch pipelines in Jenkins

Creating a Jenkinsfile

Triggering a build in the Jenkins pipeline

Further enhancements to the Jenkins pipeline

Integrating an automation controller with Slack and notification services

Creating email notifications in the automation controller

Sending Slack notifications from the automation controller

Summary

Further reading

13

Using Ansible for Secret Management

Technical requirements

Handling sensitive data in Ansible

Integrating with Vault services

Interactive input using prompts

Encrypting data using Ansible Vault

Managing secrets using Ansible Vault

Creating Vault files

Encrypting existing files

Adding Vault ID to an encryption

Viewing the content of a Vault file

Editing a Vault file

Decrypting a Vault file

Vault password rotation by rekeying

Encrypting specific variables

Using secrets in Ansible playbooks

Hiding secrets from logs using no_log

Ansible Vault for group_vars and host_vars

Using Vault credentials in the Ansible Automation Platform

Creating Vault credentials

Summary

Further reading

Part 3: Managing Your Automation Development Flow with Best Practices

14

Keeping Automation Simple and Efficient

Technical requirements

Utilizing surveys and automated inputs

Integrating Ansible with monitoring tools

The role of Ansible in monitoring

ServiceNow, Ansible, and zero-touch incident fixes

Ansible for security automation

Ansible workflow templates

Summary

15

Automating Non-Standard Platforms and Operations

Technical requirements

Executing low-down raw commands

Installing Python using the raw module

Using raw commands for network operations

Backup FortiOS configurations

FortiOS software upgrade

Raw commands on Cisco devices

Using API calls for automation

Automating a ToDo app using Ansible

Interacting with the Akamai API

Creating custom modules for Ansible

Facts to check before creating a custom Ansible module

Developing Ansible modules using bash scripts

Developing Ansible modules using Python

Using Ansible collections and contributing back

Summary

Further reading

16

Ansible Automation Best Practices for Production

Technical requirements

Organizing Ansible automation content

Storing remote host information – inventory best practices

Using meaningful hostnames

Storing production, staging, and development hosts separately

Ansible host variables and group variables

Ansible group_vars

Ansible host_vars

Keeping your secret variables in a safe location

Managing group_vars and host_vars in Ansible

Ansible credentials best practices

Avoid using default admin user accounts

Split the login credentials for environments and nodes

Avoid passwords in plain text

Ansible playbook best practices

Always give your tasks names

Use the appropriate comments

Extra lines and whitespaces

Add tags to the tasks

Use explicit declarations

Use native YAML for playbooks

Avoid hardcoding variables and details

Use blocks in Ansible playbooks

Use roles and subtasks

Use meaningful names for variables

Learn playbook optimization

Summary

Further reading

Index

Other Books You May Enjoy

Preface

Automation is the key to IT modernization, and using the right automation tool is a crucial step in the automation journey for organizations. Ansible is an open source automation software that you can use for automating most of your operations with IT and application infrastructure components including servers, storage, network, and application platforms. Ansible is one of the most well-known open source automation tools in the IT world right now and has strong community support, with more than 5,000 active contributors around the world.

Ansible is not a learn-by-reading technology. This book will help you to understand and practice the automation capabilities of Ansible with actual playbooks, configurations, and practical examples. It will help you to understand the basics of Ansible automation and slowly, you will learn how to use Ansible for automating your day-to-day tasks.

You will learn real-life IT automation use cases with practical examples, such as simple system reports, security scanning, and weekly rebooting Linux machines. After that, the book will teach you how to implement collaboration in Ansible automation and how to automate other devices and platforms, such as Microsoft Windows, network devices, VMware, AWS, and GCP. You will also learn how to use Ansible in a DevOps workflow with Jenkins integration and container and application management on Kubernetes. To expand your knowledge further on enterprise automation, the book will also teach you about Red Hat Ansible Automation Platform, secret management, and Ansible integration with other tools, such as Jira and ServiceNow. There are chapters in this book that cover how to automate non-supported devices and platforms using raw commands and API calls using Ansible. Before the book concludes, you will also explore the Ansible best practices for storing managed node information, variables, credentials, and playbooks for production environments.

Upon finishing Ansible for Real-Life Automation, you will have the skills to find automation use cases in your work environment and design and deploy automation solutions using Ansible.

Who this book is for

This book is intended for systems engineers and DevOps engineers who want to use Ansible as their automation tool. The book provides references and practical examples to start IT automation within your work environment.

What this book covers

Chapter 1, Ansible Automation – Introduction, gives you an introduction to Ansible and teaches you how to install and configure Ansible and configure managed nodes.

Chapter 2, Starting with Simple Automation, teaches you how to identify manual tasks to automate, find suitable Ansible modules, and use text editors for Ansible.

Chapter 3, Automating Your Daily Jobs, is the chapter where you started developing Ansible playbooks for real-life use cases, such as system information gathering, system reboot, and security scanning. You will also learn about Ansible collections, secrets in Ansible, and automating notifications.

Chapter 4, Exploring Collaboration in Automation Development, teaches you about the importance of version control in IT automation and the best practices to use source control management for storing Ansible artifacts.

Chapter 5, Expanding Your Automation Landscape, covers the methods to find automation use cases from your workplace and check the feasibility of automation. This chapter also teaches you how to use a dynamic inventory in Ansible.

Chapter 6, Automating Microsoft Windows and Network Devices, is where you discover the possibilities to automate Microsoft Windows and network devices using Ansible. This chapter will cover practical examples for Windows automation, VyOS fact gathering, and access control list creation on a Cisco ASA device.

Chapter 7, Managing Your Virtualization and Cloud Platforms, teaches you about Infrastructure as Code (IaC) and the methods to use Ansible as an IaC tool with practical examples for managing the VMware, AWS, and GCP platforms.

Chapter 8, Helping the Database Team with Automation, covers an introduction to database operations, such as installing the database server and creating databases, tables, and database users.

Chapter 9, Implementing Automation in a DevOps Workflow, is where you will be introduced to DevOps and the usage of Ansible in a DevOps workflow, with practical examples for reducing deployment time and managing application load balancers and rolling updates. The chapter also covers how to integrate Ansible with Terraform.

Chapter 10, Managing Containers Using Ansible, continues the look at Ansible and DevOps by covering the methods to manage application containers using Ansible. This chapter covers practical use cases such as deploying container hosts, using Ansible in CI/CD pipelines, building containers, and managing multi-container applications.

Chapter 11, Managing Kubernetes Using Ansible, goes into more container-based use cases with an introduction to Kubernetes and the method to manage Kubernetes clusters and applications using Ansible. The chapter teaches you how to deploy, manage, and scale containerized applications on the Kubernetes platform.

Chapter 12, Integrating Ansible with Your Tools, covers the introduction to the enterprise automation tool Red Hat Ansible Automation Platform (AAP). This chapter teaches you methods for using AAP for automation with practical examples, such as database management, Jenkins integration, and Slack notification.

Chapter 13, Using Ansible for Secret Management, explains the methods to handle sensitive data in automation using Ansible Vault and how to use encrypted data in Ansible playbooks.

Chapter 14, Keeping Automation Simple and Efficient, teaches you about the survey forms in Ansible automation controller and workflow job templates. This chapter also covers security automation and integrating Ansible with monitoring tools.

Chapter 15, Automating Non-Standard Platforms and Operations, teaches you the automate to handle non-supported platforms using raw commands and API commands. This chapter also teaches you how to develop custom Ansible modules for when there are no modules available.

Chapter 16, Ansible Automation Best Practices for Production, is where you learn the production best practices for Ansible, such as organizing Ansible artifacts, inventories, and variables. This chapter also covers the best practices for credential management and playbook development.

To get the most out of this book

In this book, I will first guide you through the installation and deployment of the Ansible automation tool, and later, I will explain some real IT use cases and methods to use Ansible for automating such operations. Since the focus of the book is on different automation use cases, some of the chapters might have additional technical requirements, such as basic knowledge of a specific technology or access to a lab environment (such as a Kubernetes cluster). For this, I have also covered the methods to arrange the development environment if you want to practice. Always refer to the Ansible documentation at https://docs.ansible.com and other provided links in the chapters for further learning.

For testing and development, you can get no-cost RHEL (https://developers.redhat.com/articles/faqs-no-cost-red-hat-enterprise-linux) subscriptions. It is also possible to replace RHEL8 with other operating systems, such as Fedora, CentOS, or Ubuntu, but you might need to adjust some of the commands and modules in the playbook.

If you are reading a soft copy or digital version of this book, it is advised to type the commands and develop the playbooks by yourself rather than copy-pasting from the book. However, you can access the code, snippets, and playbooks from the book’s GitHub repository (a link is available in the next section) for reference.

Download the example code files

You can download the example code files for this book from GitHub at https://github.com/PacktPublishing/Ansible-for-Real-life-Automation. If there’s an update to the code, it will be updated on the existing GitHub repository. You can point out any problems or issues in the code samples and submit any questions related to the book by raising issue tickets in this GitHub repository.

We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!

Download the color images

We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: https://packt.link/TVh0m.

Conventions used

There are a number of text conventions used throughout this book.

Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: “Configure the KUBECONFIG environment variable as our kubeconfig filename is different (/home/ansible/.kube/minikube-config) from the default filename (/home/ansible/.kube/config).”

A block of code is set as follows:

Some of the code snippets and outputs are displayed as images for better readability and brevity.

Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: “Update your job template and add new vault credentials by going to Job Template | Edit, then clicking on the Search button near Credential.”

Tips or Important Notes

Appear like this.

Get in touch

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, mention the book title in the subject of your message and email us at [email protected].

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.

Piracy: If you come across any illegal copies of our works in any form on the Internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Share Your Thoughts

Once you’ve read Ansible for Real Life Automation, we’d love to hear your thoughts! Please click here to go straight to the Amazon review page for this book and share your feedback.

Your review is important to us and the tech community and will help us make sure we’re delivering excellent quality content.

Part 1: Using Ansible as Your Automation Tool

In this part, you will get a clear idea of how to get started with Ansible automation and automate your basic daily jobs.

This part of the book comprises the following chapters: