1. ANSIBLE OVERVIEW
Raul Leite
rleite@redhat.com
SR SA Cloud/Platform

2. AGENDA
ANSIBLE CORE
ANSIBLE TOWER
ANSIBLE AND WINDOWS
ANSIBLE AND SATELLITE

3. ANSIBLE CORE

4. WHAT IS ANSIBLE?
​​Simple Automation Language
Automation Engine

5. WHAT IS ANSIBLE USED FOR?
Provisioning Configuration
Management
Application
Deployment
Security &
Compliance
Continuous
Delivery
Orchestration

6. HOW DOES ANSIBLE WORK?

7. PLAYBOOK
---
- name: install and start apache
hosts: all
vars:
http_port: 80
max_clients: 200
remote_user: root
tasks:
- name: install httpd
yum: pkg=httpd state=latest
- name: write the apache config file
template: src=/srv/httpd.j2 dest=/etc/httpd.conf
- name: start httpd
service: name=httpd state=running

8. PLAYBOOK
---
# Create a new VM on an ESX server
- name: launch instances
hosts: localhost
connection: local
# gather_facts: False
tasks:
- vsphere_guest:
vcenter_hostname: 162.223.13.228
guest: demo-dj-from-template
from_template: yes
template_src: demo-dj-template
# cluster: MainCluster
resource_pool: "/Resources"
- vsphere_guest:
guest: demo-dj-from-template
state: powered_on
vm_extra_config:
vcpu.hotadd: yes
mem.hotadd: yes
notes: This is a test VM
vm_disk:
disk1:
size_gb: 10
type: thin
datastore: storage001
vm_nic:
nic1:

9. MODULES
cloudformation - Create or delete an AWS CloudFormation stack
cloudtrail (E) - manage CloudTrail creation and deletion
dynamodb_table (E) - Create, update or delete AWS Dynamo DB tables.
ec2 - create, terminate, start or stop an instance in ec2
ec2_ami - create or destroy an image in ec2
ec2_ami_copy (E) - copies AMI between AWS regions, return new image id
ec2_ami_find - Searches for AMIs to obtain the AMI ID and other information
ec2_ami_search (D) - Retrieve AWS AMI information for a given operating system.
ec2_asg - Create or delete AWS Autoscaling Groups
ec2_eip - associate an EC2 elastic IP with an instance.
ec2_elb - De-registers or registers instances from EC2 ELBs
ec2_elb_facts (E) - Gather facts about EC2 Elastic Load Balancers in AWS
ec2_elb_lb - Creates or destroys Amazon ELB.
ec2_eni (E) - Create and optionally attach an Elastic Network Interface (ENI) to an instance
ec2_eni_facts (E) - Gather facts about ec2 ENI interfaces in AWS
ec2_facts - Gathers facts about remote hosts within ec2 (aws)
ec2_group - maintain an ec2 VPC security group.
ec2_key - maintain an ec2 key pair.
ec2_lc - Create or delete AWS Autoscaling Launch Configurations
ec2_metric_alarm - Create/update or delete AWS Cloudwatch ‘metric alarms’
ec2_remote_facts (E) - Gather facts about ec2 instances in AWS
ec2_scaling_policy - Create or delete AWS scaling policies for Autoscaling groups
ec2_snapshot - creates a snapshot from an existing volume
ec2_snapshot_facts (E) - Gather facts about ec2 volume snapshots in AWS
ec2_tag - create and remove tag(s) to ec2 resources.
ec2_vol - create and attach a volume, return volume id and device map
ec2_vol_facts (E) - Gather facts about ec2 volumes in AWS
ec2_vpc - configure AWS virtual private clouds
ec2_vpc_dhcp_options (E) - Manages DHCP Options, and can ensure the DHCP options for the given VPC
ec2_vpc_igw (E) - Manage an AWS VPC Internet gateway

10. RUN ANSIBLE COMMAND
ansible atlanta -m copy -a "src=/etc/hosts dest=/tmp/hosts"

11. HOW DOES ANSIBLE WORK?

12. WHY ANSIBLE?
EASE OF USE
NON-DISRUPTIVE
CROSS-PLATFORM

13. EASE OF USE
HUMAN READABLE
NO PROGRAMMING EXPERTISE
BATTERIES INCLUDED

14. NON-DISRUPTIVE
AGENTLESS
OPENSSH & WINRM

15. CROSS-PLATFORM
LINUX, UNIX, WINDOWS
PHYSICAL, VIRTUAL, CLOUD, CONTAINER
NETWORK DEVICES

16. ANSIBLE TOWER

17. WHAT IS ANSIBLE TOWER?
Ansible Tower is an enterprise framework for controlling, securing
and managing your Ansible automation - with a UI and restful API

18. ANSIBLE TOWER FEATURES
Role-based access control keeps environments secure and teams
efficient
Non-privileged users can safely deploy entire applications with
push-button deployment access
All Ansible automations are centrally logged, ensuring complete
auditing and compliance capability

19. ANSIBLE TOWER FEATURES
Compare and contrast machines over time with system tracking
Network and enterprise account integration allows users and
teams to managed via SAML, Active Directory, RADIUS and more
Configure active/passive high availability through an intuitive
wizard

20. ANSIBLE AND WINDOWS

21. WINDOWS CAPABILITY
WINDOWS MODULES
NT LAN MANAGER
KERBEROS DELEGATION
WIN_REBOOT
MANAGE WINDOWS REGISTRY

22. WINDOWS MODULES
win_acl (E) - Set file/directory permissions for a system user or group.
win_acl_inheritance (E) - Change ACL inheritance
win_chocolatey (E) - Installs packages using chocolatey
win_copy - Copies files to remote locations on windows hosts.
win_dotnet_ngen (E) - Runs ngen to recompile DLLs after .NET updates
win_environment (E) - Modifies environment variables on windows hosts.
win_feature - Installs and uninstalls Windows Features
win_file - Creates, touches or removes files or directories.
win_file_version (E) - Get DLL or EXE file build version
win_firewall_rule (E) - Windows firewall automation
win_get_url - Fetches a file from a given URL
win_group - Add and remove local groups
win_iis_virtualdirectory (E) - Configures a virtual directory in IIS.
win_iis_webapplication (E) - Configures a IIS Web application.
win_iis_webapppool (E) - Configures a IIS Web Application Pool.
win_iis_webbinding (E) - Configures a IIS Web site.
win_iis_website (E) - Configures a IIS Web site.
win_lineinfile - Ensure a particular line is in a file, or replace an existing line using a back-r
win_msi - Installs and uninstalls Windows MSI files
win_nssm (E) - NSSM - the Non-Sucking Service Manager
win_owner (E) - Set owner
win_package (E) - Installs/Uninstalls a installable package, either from local file system or url
win_ping - A windows version of the classic ping module.
win_reboot - Reboot a windows machine
win_regedit (E) - Add, Edit, or Remove Registry Keys and Values
win_regmerge (E) - Merges the contents of a registry file into the windows registry
win_robocopy (E) - Synchronizes the contents of two directories using Robocopy.
win_scheduled_task (E) - Manage scheduled tasks
win_service - Manages Windows services
win_share (E) - Manage Windows shares
win_stat - returns information about a Windows file

23. EXAMPLE PLAYBOOK
---
# This playbook installs and enables IIS on Windows hosts
- name: Install IIS
hosts: all
gather_facts: false
tasks:
- name: Install IIS
win_feature:
name: "Web-Server"
state: present
restart: yes
include_sub_features: yes
include_management_tools: yes

24. EXAMPLE PLAYBOOK
---
# This playbook uses the win_get_url module to download a simple HTML file for IIS
- name: Download simple web site
hosts: windows
gather_facts: false
tasks:
- name: Download simple web site to 'C:inetpubwwwrootansible.html'
win_get_url:
url: 'https://raw.githubusercontent.com/thisdavejohnson/mywebapp/master/index.html'
dest: 'C:inetpubwwwrootansible.html'

25. INTEGRATING ANSIBLE