Introduction to Ansible Engine and

Ansible Tower

Markus Koch
Partner Enablement Manager SAP
 INSTALL; CONFIGURE - REPEAT
AUTOMATE

2
 THE GOOD OLD DAYS...

It’s hard to run IT

operations this way
Create VM
Virtual Machine and deliver flexible
System Admin
and agile IT services.
Kickstart OS

System Admin Or being the Ops in

Server
DevOps.
Install Patches

System Admin
OS Image And yes, you can work
The Cloud in the same
Deploy Configured Baseline
old way...
System Admin
Configured Server

Security Baselining

Information
Assurance Approved Server
App Delivery Team

3
 NOTHING ROUTINE SHOULD BE DONE MANUALLY

System Admin add Playbook

Security
Create Validation
Security
Baseline
Maintenance
Provision
push the button
App
Security
Delivery
Configure Manager
Team
Patch
report deploy

Virtual Configured Approved App-Ready Pool of

Server OS Image
Machine Server Server Server Running Servers

4
 WHAT IS ANSIBLE AUTOMATION?

---
- name: install and start apache
hosts: web
become: yes
vars:
http_port: 80

The Ansible project is an open source community tasks:

- name: httpd package is present
sponsored by Red Hat. It’s also a simple yum:
name: httpd
automation language that perfectly describes IT state: latest

application environments in Ansible Playbooks. - name: latest index.html file is present

copy:
src: files/index.html

Ansible Engine is a supported product built from dest: /var/www/html/

the Ansible community project. - name: httpd is started

service:
name: httpd
state: started

5
 24,000+ 950+ 400,000+
Stars on GitHub Ansible modules Downloads a month

6
 WHY ANSIBLE?

SIMPLE POWERFUL AGENTLESS

Human readable automation App deployment Agentless architecture

No special coding skills needed Configuration management Uses OpenSSH & WinRM

Tasks executed in order Workflow orchestration No agents to exploit or update

Usable by every team Network automation Get started immediately

Get productive quickly Orchestrate the app lifecycle More efficient & more secure

7
 THE ANSIBLE WAY

CROSS PLATFORM HUMAN READABLE PERFECT DESCRIPTION

OF APPLICATION

Agentless support for all major OS Perfectly describe and document Every change can be made by
variants, physical, virtual, cloud and every aspect of your application Playbooks, ensuring everyone is on
network devices. environment. the same page.

VERSION CONTROLLED DYNAMIC INVENTORIES ORCHESTRATION PLAYS

WELL WITH OTHERS

Playbooks are plain-text. Treat them Capture all the servers 100% of the Every change can be made by
like code in your existing version time, regardless of infrastructure, Playbooks, ensuring everyone is on
control. location, etc. the same page.

8
 WHAT CAN I DO WITH ANSIBLE?

Automate the deployment and management of your entire IT footprint.

Do this...

Configuration Application Continuous Security and

Orchestration Provisioning
Management Deployment Delivery Compliance

On these...

Firewalls Load Balancers Applications Containers Clouds

Servers Infrastructure Storage Network Devices And more...

9
 HOW ANSIBLE WORKS

CMDB

PUBLIC / PRIVATE
CLOUD
PUBLIC / PRIVATE
CLOUD

ANSIBLE’S AUTOMATION ENGINE

USERS
HOSTS

INVENTORY API

APPS & SERVICES

MODULES PLUGINS
ANSIBLE PLAYBOOK
NETWORK
DEVICES

10
 PLAYBOOK EXAMPLE: INSTALL & CONFIGURE APACHE
---
- name: install and start apache
hosts: all
vars:
http_port: 80
max_clients: 200
become_user: root
tasks:
- name: install httpd
yum: pkg=httpd state=latest
- name: write the apache config file
template: src=/https/www.scribd.com/srv/httpd.j2 dest=/etc/httpd.conf
- name: start httpd
service: name=httpd state=running

11
 PLAYBOOK EXAMPLE: AWS CLOUD DEPLOYMENT
- hosts: localhost
connection: local
gather_facts: False
tasks:
- name: Provision a set of instances
ec2:
key_name: my_key
group: test
instance_type: t2.micro
image: "{{ ami_id }}"
wait: true
exact_count: 5
count_tag:
Name: Demo
instance_tags:
Name: Demo
register: ec2

- name: Add all instance public IPs to dynamic host group

add_host: hostname={{ item.public_ip }} groups=ec2hosts
with_items: "{{ ec2.instances }}"

12
 PLAYBOOK EXAMPLE: AWS CLOUD DEPLOYMENT
- hosts: ec2hosts
name: configuration play
user: ec2-user
gather_facts: true
tasks:
- name: Check NTP service
service:
name: ntpd
state: started

13
SAP HANA DEPLOYMENT WITH ANSIBLE

yum install @base xfsprogs libaio net-tools bind-utils gtk2 libicu xulrunner tcsh
sudo libssh2 expect cairo graphviz iptraf-ng krb5-workstation krb5-libs libpng12
ntp ntpdate nfs-utils lm_sensors rsyslog openssl098e openssl
PackageKit-gtk3-module libcanberra-gtk2 libtool-ltdl xorg-x11-xauth numactl

- name: install required packages

yum: state=latest name={{ item }}
with_items:
- chrony
- xfsprogs
- libaio
- net-tools
- bind-utils
...
- numactl
- tuned-profiles-sap-hana
SAP HANA DEPLOYMENT WITH ANSIBLE

systemctl stop numad

systemctl disable numad
systemctl status numad

- name: disable numad

service: name=numad state=stopped enabled=no
SAP HANA DEPLOYMENT WITH ANSIBLE

setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config
sestatus

- name: disable selinux

selinux: state=disabled
SAP HANA DEPLOYMENT WITH ANSIBLE

echo "@sapsys soft nproc unlimited" > /etc/security/limits.d/99-sapsys.conf

echo "@sapsys hard nproc unlimited" > /etc/security/limits.d/99-sapsys.conf

- name: set number of process to unlimited for sapsys group

pam_limits:
domain: "@sapsys"
limit_item: nproc
limit_type: “{{ item }}”
value: unlimited
with_items:
- soft
- hard
SAP HANA DEPLOYMENT WITH ANSIBLE

echo never > /sys/kernel/mm/transparent_hugepage/enabled

sed -i '/^GRUB_CMDLINE_LINUX*./ s/\"$/ transparent_hugepage=never\"/'
/etc/default/grub
grub2-mkconfig -o /boot/grub2/grub.cfg

- name: disable transparent hugepages in grub config

lineinfile:
dest: /etc/default/grub
line: GRUB_CMDLINE_LINUX_DEFAULT="transparent_hugepage=never"
notify: regenerate grub2 conf

...

handlers:
- name: regenerate grub2 conf
shell: grub2-mkconfig -o /boot/grub2/grub.cfg
SAP HANA DEPLOYMENT WITH ANSIBLE

echo "vm.swappiness=60" >> /etc/sysctl.d/90-sap_hana.conf

echo "kernel.msgmni=32768" >> /etc/sysctl.d/90-sap_hana.conf
...
sysctl -p /etc/sysctl.d/90-sap_hana.conf

- name: setting kernel tunables

sysctl: name={{ item.name }} value={{ item.value }} state=present
sysctl_set=yes reload=yes
with_items:
- { name: kernel.msgmni, value: 32768 }
...
- { name: vm.swappiness, value: 60 }
...
SAP HANA DEPLOYMENT WITH ANSIBLE

lvcreate -L 1G -n lv_usr_sap /dev/vg00

lvcreate -l +100%FREE -n lv_hana /dev/vg01
mkfs.xfs /dev/vg01/lv_hana
mkfs.xfs /dev/vg00/lv_usr_sap
mkdir /usr/sap
mount /dev/vg00/lv_usr_sap /usr/sap/
mkdir /hana
mount /dev/vg01/lv_hana /hana

- name: create logical volumes - name: mount and make fstab entries
lvol: state=present vg=vg00 \ mount:
lv=lv_hana size=”100%FREE” name: "/hana"
fstype: xfs
- name: create filesystems opts: defaults
filesystem: passno: 4
dev: /dev/vg01/lv_hana src: "/dev/vg01/lv_hana"
fstype: xfs state: mounted
force: no
 ANSIBLE SHIPS WITH OVER 1250 MODULES
(THIS IS WHERE THE MAGIC HAPPENS)
VIRT AND
CLOUD WINDOWS NETWORK NOTIFY
CONTAINER

AWS Docker ACLs Arista HipChat

Azure VMware Files A10 IRC

CenturyLink RHEV Commands Cumulus Jabber

CloudScale OpenStack Packages Big Switch Email

Digital Ocean OpenShift IIS Cisco RocketChat

Docker Atomic Regedits Cumulus Sendgrid

Google CloudStack Shell Dell Slack

Linode And more... Shares F5 Twilio

OpenStack Services Juniper And more...

Rackspace Configs Palo Alto

And more... Users OpenSwitch

Domains And more...

And more...

21
 ANSIBLE GALAXY CONTAINS MANY READY TO USE ROLES
http://galaxy.ansible.com

22
 HOW & WHERE TO GET ANSIBLE?

Install Ansible Engine on Red Hat Enterprise Linux 7 with any of the following methods:

If you have a Red Hat Ansible Engine Subscription, subscribe the system and enable
the Ansible Engine repository rhel-7-server-ansible-2.4-rpms.

If you are a RHEL only Customer enable the RHEL Extras repository. The Extras repo
release cycle may not update on the same cycle as the Ansible Engine repo.

RPMs of Ansible Engine releases are available from releases.ansible.com.

https://access.redhat.com/articles/3174981

23
 AUTOMATION FOR TEAMS
Ansible Tower technical introduction and overview

24
 SIMPLE POWERFUL AGENTLESS

What is Missing?

25
 CENTRAL INTEGRATION ACCESS

Central place for everyone Simple, powerful API Teams and users enable RBAC

Overview of present and past Uses REST for quick adoption Deposit credentials securely

Schedule jobs No special agents or lib needed Assign access to unprivileged

Have one common view Integrate with everything Separate access and execution

26
 WHAT IS ANSIBLE TOWER?

Ansible Tower is an enterprise framework for

controlling, securing and managing your Ansible
automation – with a UI and RESTful API.

• Role-based access control

• Deploy entire applications with

push-button deployment access

• All automations are centrally logged

27
 …. ANSIBLE CLI & CI SYSTEMS
ANSIBLE PLAYBOOKS
ADMINS
ROLE-BASED KNOWLEDGE SCHEDULED &
ANSIBLE ACCESS CONTROL & VISIBILITY CENTRALIZED JOBS
TOWER
SIMPLE USER INTERFACE TOWER API

USERS

OPEN SOURCE MODULE LIBRARY

ANSIBLE
PLUGINS PYTHON CODEBASE

TRANSPORT

SSH, WINRM, ETC.

INFRASTRUCTURE NETWORKS CONTAINERS CLOUD SERVICES

AUTOMATE LINUX, ARISTA, DOCKER, AWS, DATABASES,
YOUR WINDOWS, CISCO, LXC … GOOGLE CLOUD, LOGGING,
ENTERPRISE UNIX … JUNIPER … AZURE … SOURCE CONTROL
MANAGEMENT…

USE
CASES
PROVISIONING CONFIGURATION APP CONTINUOUS SECURITY & ORCHESTRATION
MANAGEMENT DEPLOYMENT DELIVERY COMPLIANCE

28
 ANSIBLE TOWER

JOB STATUS UPDATE

Heads-up NOC-style automation

dashboard displays everything going
on in your Ansible environment.

29
 ANSIBLE TOWER

ACTIVITY STREAM

Securely stores every Job that runs, and

enables you to view them later, or export
details through Tower’s API.

30
 ANSIBLE TOWER

SCALE-OUT CLUSTERING

Connect multiple Tower nodes into a Tower

cluster to add redundancy and capacity to your
automation platform.

Add reserved capacity and capacity by

organization, and deploy remote execution nodes
for additional local capacity.

31
 ANSIBLE TOWER

SCHEDULE JOBS

Enables you to any Job now, later, or forever.

32
 ANSIBLE TOWER

MANAGE AND TRACK YOUR INVENTORY

Tower’s inventory syncing and provisioning

callbacks allow nodes to request configuration
on demand, enabling autoscaling.

Smart Inventories allow you to organize and

automate hosts across all your providers based
on a powerful host fact query engine.

See alerts from Red Hat Insights directly from

Tower, and use Insights-provided Playbook
Remediation to fix issues in your infrastructure.

33
 ANSIBLE TOWER

SELF-SERVICE IT

Tower lets you launch Playbooks with just a

single click. It can prompt you for variables,
let you choose from available secure credentials
and monitor the resulting deployments.

34
 ANSIBLE TOWER

REMOTE COMMAND EXECUTION

Run simple tasks on any hosts with Tower's

remote command execution. Add users or
groups, reset passwords, restart a malfunctioning
service or patch a critical security issue, quickly.

35
 ANSIBLE TOWER

MULTI-PLAYBOOK WORKFLOWS

Tower’s multi-Playbook workflows chains any

number of Playbooks together to create a single
workflow. Different Jobs can be run depending on
success or failure of the prior Playbook.

36
 ANSIBLE TOWER

INTEGRATED NOTIFICATIONS

Stay informed of your automation status

via integrated notifications. Connect
Slack, Hipchat, SMS, email and more.

37
 Leverage Ansible from CloudForms

38
 http://people.redhat.com/mkoch

39
THANK YOU
plus.google.com/+RedHat facebook.com/redhatinc

linkedin.com/company/red-hat twitter.com/RedHatNews

youtube.com/user/RedHatVideos