Workshop

Automatización
Lucas Aiello
Engineer Sales
laiello@licenciasonline.com
 WIFI
Red: LOL Guests
Pass: JuanaM1800

2
 Agenda
1. ¿Qué es la automatización?
2. Ansible
3. Arquitectura
4. Casos de uso
5. Lab time
3
 ¿Qué es la
automatización?

4
¿Qué es la automatización?
¿Qué es la automatización?

▪ Tareas repetitivas ▪ Tareas repetitivas

▪ Consumen Tiempo ▪ Menos tiempo en resolver.
▪ Se pueden cometer errores ▪ Se disminuye considerablemente el riesgo
▪ No es tan escalable ▪ Escalable a diferentes áreas
La automatización ocurre
cuando una persona se
encuentra con un problema
que no quiere volver a
resolver
Scripts Aislados Cultura de
automatización

Automatiza Automatiza
funciones organizaciones
 Ciclo de vida típico de IT

Maintenance

App
System Admin Security Delivery Security
Manager Team Manager

Security Security
Baseline report deploy Validation
Provision Patch Configure

Virtual Configured Approved App-Ready Pool of

Server OS Image
Machine Server Server Server Running Servers
 ¿Qué es Ansible
Automation
Platform?
10
Ciclo de vida automatizado
 La capacidad necesaria para todo IT.

Applications Network Cloud Security Infrastructure Edge

▸ DevOps ▸ Configuration ▸ Orchestration ▸ Investigation ▸ Deployment ▸ Extend security

management enrichment
▸ CI/CD ▸ Operationalisation ▸ Provisioning ▸ Scalability
▸ Infrastructure ▸ Threat hunting
▸ GitOps ▸ Governance ▸ Management ▸ Interoperability
awareness
▸ Incident response
▸ Network validation

12
¿Por qué Ansible?

Powerful Simple Agentless

Organice procesos Simplifique la creación Integre fácilmente con
complejos a escala y gestión de la entornos híbridos.
empresarial. automatización en
múltiples dominios.
 ¿Por qué Ansible?

Velocidad Consistencia Innovación

Reduzca la cantidad de pasos Minimice los riesgos con flujos de Innovar a niveles más avanzados de
manuales, habilite la orquestación de trabajo automatizados, evite errores automatización y productividad libre para
múltiples herramientas y acelere la humanos y utilice procesos auditables la innovación y proyectos de mayor nivel
interacción entre herramientas y verificables.
Sea más ágil Asegure la resiliencia Transforme IT

14
 ¿Por qué Ansible?

140+
Colecciones certificadas
Infrastructure Cloud Network Security Edge

55+
Partners tecnológicos

15
https://www.ansible.com/integrations
 Arquitectura

16
Hub de automatización privado

Developer IDE

Custom
enterprise content

Automation Hub
console.redhat.com

Private
Ansible Galaxy Automation Hub

Build Collaborate, sign, and publish Trust

 Ansible Core (ansible-core)

What is it?
▸ The main building block for Ansible ---
- name: Shutdown VM guest
▸ Simple YAML syntax to develop Ansible
hosts: localhost
Playbooks gather_facts: false
▸ Provides CLI tools to develop, test and run tasks:
- name: Turn off specified VM guest
playbooks
vmware.vmware_rest.vcenter_vm_guest_power:
▸ Pluggable architecture that allows state: shutdown
extensions through Content Collections vm: 1021343
vcenter_hostname: vcenter.demoredhat.com
vcenter_username: admin
vcenter_password: tedlasso

18
 What is Red Hat Ansible Automation Platform?

Ansible playbooks
---
- name: Install and start apache
hosts: web
become: true

tasks:
- name: Ensure the httpd package is installed
v ansible.builtin.yum:
name: httpd
state: present

- name: Create the index.html file

ansible.builtin.template:
src: files/index.html
dest: /var/www/html/

- name: Start the httpd service if needed

ansible.builtin.service:
name: httpd
state: started
19
 Ansible Colors

Running Playbooks
The most important colors of Ansible

A task executed as expected, no change was made.

A task executed as expected, making a change

A task failed to execute successfully

44
 What makes up an Ansible playbook?

= + +

Plays Modules Plugins

Playbook

21
 Ansible plays. What am I automating?

What are they?

▸ Top level specification for a ---
group of tasks - name: Ensure the httpd package is installed
hosts: web
▸ Will tell that play which hosts it will execute
become: true
on and control behavior such as fact
gathering or privilege level

Building blocks for playbooks

▸ Multiple plays can exist within an
Ansible playbook

22
 Ansible modules. The “tools in the toolkit”.

What are they?

▸ Parametrized components with - name: Create the index.html file
internal logic, representing a single ansible.builtin.template::
step to be done src: files/index.html
dest: /var/www/html/log
▸ The modules “do” things in Ansible

Language
▸ Usually created in Python, or Powershell for
Windows setups, but can be developed in
any language

23
 Ansible plugins. The “extra bits”.

What are they?

▸ Plugins are pieces of code that augment Example become plugin:
Ansible’s core functionality ---
- name: Install and start apache
▸ Ansible uses a plugin architecture to enable
hosts: web
a rich, flexible, and expandable feature set become: true

Example filter plugins:

{{ some_variable | to_nice_json }}
{{ some_variable | to_nice_yaml }}

24
 Ansible Roles. Reusable automation actions.

What are they?

▸ Group tasks and variables of your ---
automation in a reusable structure - name: Install and start apache
hosts: web
▸ Write roles once, and share them with ansible.builtin.roles:
others who have similar challenges in front - common
of them - webservers

25
 Content Collections.
Simplified, consistent content delivery.

What are they?

▸ Contains automation content, including
modules, multiple roles ,and playbooks

▸ Portable, reusable, and versioned enabling

better collaboration

26
 Automation hub. Trusted automation content.
console.redhat.com

What is it?
▸ Hosted source of trusted Red Hat and
Certified Partner Content Collections
▸ Integrated documentation and examples
▸ Configurable as primary content collection
source for your
automation environment
▸ Access to hosted automation hub and
content Included in subscription

27
 Ansible VS Code extension.
Simplifying content creation.

What is it?
▸ Syntax highlighting of keywords such
as module names
▸ Live validation of your code while
you type
▸ Integration with ansible-lint*
▸ Autocompletion on play, block or
task contents etc
▸ Documentation references as you code

28

* ansible-lint is fully supported in Ansible Automation Platform version 2.3

 Execution environment builder. Build.
ansible-builder

What is it? $ ansible-builder build --tag repo/custom_ee:latest

▸ Easily build custom execution environments
with the exact Ansible content needed
▸ Manage, track and version execution
environments
▸ Share execution environment build artifacts
with other teams

29
 Red Hat Ansible Automation Platform technical deck | Create

Ansible content navigator (ansible-navigator).

What is it?
It is a command line utility and text-based user $ ansible-navigator run playbook.yml -i inventory.ini
interface (TUI) for running, testing and
developing Ansible automation content

▸ Review EEs

▸ Develop collections

▸ Develop playbooks

▸ Troubleshoot problems

30
 Red Hat Ansible Automation Platform technical deck | Create

Ansible lint (ansible-lint).

Fully supported (AAP 2.3)

What is it?
Command-line tool for linting playbooks, roles $ ansible-lint playbook.yml
and collections aimed towards any Ansible
users.

▸ Promote best practices and and patterns.

▸ Develop consistent code across teams and

scale using an opinionated strategy.

▸ Integrate into larger development workflows

and CI tools.

▸ Helps upgrade playbooks to later Ansible

Core versions.

31
 Automation controller. Define, operate, and delegate.

What is it?
Automation controller is the Ansible Automation
Platform control plane which enables users to define,
operate, and delegate automation across their
enterprise
Automation controller

Automation controller provides:

WebUI
▸ WebUI and API
▸ Role-based access control
API
▸ Powerful workflows
▸ Centralized logging
RBAC Workflows Audit
▸ Credential management
▸ Push-button automation

32
 Red Hat Ansible Automation Platform technical deck | Manage

Defining how your content runs in automation controller.

Automation controller
Repository

Credentials
Playbooks Data center

Content Execution
Collections environments
Private automation hub

Projects Job template

Cloud

Execution Content
environments Collections Inventories
Edge

33
 Red Hat Ansible Automation Platform technical deck | Manage

Using execution environments in automation controller.

How do I add execution environments (EE)?

EEs can be added via the controller WebUI, API
or command line
▸ Specify the EE image source
▸ Pull policy determines when and how EEs are downloaded
when running automation
▸ Assign registry credentials to pull the EEs

How do I use execution environments?

▸ Select the EE you want to use in your automation job
▸ The default EE is used if none is specified

34
 Red Hat Ansible Automation Platform technical deck | Manage

Projects. Adding your automation content to controller.

What is it?
Logical collection of your playbooks:

▸ Multiple source types supported

▸ Source Control Management (SCM) integration and update

strategies

▸ Red Hat Insights integration

▸ Role-based access control (RBAC) and schedules

35
 Red Hat Ansible Automation Platform technical deck | Manage

Inventories. What do I want to run my automation on?

What is it?
Collection of endpoints against which jobs
may be launched

▸ Multiple inventory sources supported

▸ Dynamic endpoint discovery

▸ Logically group endpoints by metadata or user-defined

filters

▸ Granular RBAC permissions

36
 Red Hat Ansible Automation Platform technical deck | Manage

Credentials. Securing resource and endpoint access.

What is it?
▸ Securely manage credentials needed
for automation resources
▸ Multiple credential types supported
▸ Integrate external secret management systems
▸ Create custom credential types and plugins
▸ Use RBAC to govern access
▸ Actual credential never exposed

37
 Red Hat Ansible Automation Platform technical deck | Manage

Job Templates. Bringing it all together.

What is it?
▸ Define and standardize running automation
▸ Reusable and shareable
▸ Leverage agile practices, such as GitOps and event-driven
automation

38
 Red Hat Ansible Automation Platform technical deck | Manage

Workflows. Solve complex problems.

What is it?
▸ Workflows enable the creation of powerful
holistic automation, chaining together multiple
pieces of automation and events
▸ Simple logic inside these workflows can trigger
automation depending on the success or failure
of previous steps
▸ Add approvals to your workflows to
enhance governance
▸ Integrate other systems, such as ITSM to fit with
your existing controls and processes

39
 Red Hat Ansible Automation Platform technical deck | Manage

Automation jobs. Executing your defined automation.

What is it?
▸ Controller launching an instance of
defined automation
▸ Relaunch automation jobs
▸ Use Job Details to view job outputs
▸ Troubleshoot automation execution using
filtered views

40
 Red Hat Ansible Automation Platform technical deck | Manage

Automation controller API.

Integrate and elevate your automation.

What is it?
▸ The API provides programmatic access
to the automation via a defined interface
▸ Underneath it is still powered by the same bits
and pieces which are at the core: workflows,
inventories, etc
▸ It offers simple integration into
other tools like ITSM, SOAR, etc

41
 Red Hat Ansible Automation Platform technical deck | Scale

Automation controller approvals. Integrate and govern.

What is it?
▸ Adds human interaction to the automation for
administration and governance
▸ Available at the operational level on the
Automation controller UI

42
 Casos de uso

43
 Red Hat Ansible Automation Platform technical deck | Use cases

Ansible security automation. Response and remediation.

Investigation enrichment
Investigation Threat Incident Enabling programmatic access to log configurations such
enrichment hunting response
as destination, verbosity, etc
Response and remediation

Threat hunting
Automating alerts, correlation searches, and
Automated security operations
signature manipulation
EPP SIEM IDPS PAM Firewalls SOAR

Incident response
Creating new security policies to whitelist,
blacklist, or quarantine a machine
Physical Virtual Cloud Edge

44
 Red Hat Ansible Automation Platform technical deck | Use cases

Ansible network automation. Next-gen network operations.

Configuration accuracy
Configuration Operational state Compliance and ▸ Config backup and restore
accuracy management traceability
▸ Scoped configuration management
Network orchestration
Operational state management
▸ Dynamic documentation
▸ Automated NetOps
Automated network operations

Compliance and traceability

▸ Operational state validation
▸ Network compliance
Physical Virtual Cloud Edge

45
 Red Hat Ansible Automation Platform technical deck | Use cases

Ansible hybrid cloud automation. Tame your clouds.

Orchestrate
▸ Deployment and retirement
Orchestrate Operationalize Govern
▸ Infrastructure coordination
Automated troubleshooting ▸ Cloud migration

Operationalize
▸ Infrastructure visibility
Automated cloud operations
▸ Cloud operations
▸ Automated troubleshooting

Govern
▸ Business continuity
Public Cloud Cloud native Private Cloud
▸ Cost management
▸ compliance
46
 Red Hat Ansible Automation Platform technical deck | Use cases

Ansible Automation Platform for ServiceNow solution.

IT Service Management (ITSM)

Configuration ▸ Create and update records
Process Source of truth
accuracy
• Incident, problem, problem task, change request
▸ Assign items to user accounts
▸ Attach files to records
▸ Advanced queries of record types
▸ Support for custom mappings (modified choice lists)

Configuration Management Database (CMDB)

▸ Advanced queries of configuration items
▸ Update configuration items after automated changes
ITSM CMDB ▸ CMDB as inventory source for automation
▸ Batch modifications of configuration items

47
 Red Hat Ansible Automation Platform technical deck | Use cases

Ansible Automation Platform for Windows.

Day 1 configuration
▸ Install and uninstall MSIs, .exes
▸ Chocolatey package manager integration
▸ Start, stop, and manage Windows services
▸ Template and apply registry updates
▸ Flexible authentication support

Day 2 operations
▸ Manage and install Windows updates across reboots
▸ Create and manage local users
▸ Create and manage domain controller/member server state
▸ Manage certificates
Cloud Network Security Infrastructure Edge ▸ Fetch files from remote hosts
▸ Push and execute Powershell scripts
48 ▸ Leverage Powershell DSC resources
 Red Hat Ansible Automation Platform technical deck | Use cases

Ansible Automation Platform for Linux.

Provisioning
▸ Work seamlessly with bare metal, virtualized and cloud infrastructure
Configuration Application ▸ Easily patch, upgrade and maintain Linux servers
Provisioning
management Deployment
▸ Automation can handle reboots and ad-hoc changes
Configuration Management
▸ Built-in support for Linux file and user management
▸ Full integration of Jinja2 templating library
▸ Support for Idempotence across numerous Linux modules
Application Deployment
▸ Full support of dnf, yum and apt packaging tools
▸ Start, stop, and manage Linux services

Cloud Network Security Infrastructure Edge

▸ Check operational state and verify application deployments

49
 Red Hat Ansible Automation Platform technical deck | Use cases

Everything as code. Everything is possible.

Infrastructure and configuration as code

▸ Ansible creates infrastructure manifests and triggers the provisioning and
deprovisioning of infrastructure.
▸ Dynamic inventory management provides access to newly provisioned
infrastructure without manual intervention.
▸ Combine tool chains to deliver infrastructure as code and configuration as
code. Allowing for complete management of infrastructure life cycles with
post-provisioning tasks.

Cloud Network Security Infrastructure Edge

50
 Red Hat Ansible Automation Platform technical deck | Use cases

Event-Driven Ansible. Observe Evaluate Act

Developer Preview

Remediation and Observation from events

Event sources Rules Actions ▸ Source plugins provide Event-Driven Ansible the ability to listen for events
which can be processed through rulebooks.
▸ Rules in the form of Rulebooks allow us to create event conditions which
once met will trigger an action.
▸ Actions give us the ability to trigger playbooks, modules, notifications and
Event Decision Automation further event triggers based on the conditions that have been met by a
specific event.

Cloud Network Security Infrastructure Edge

51
 Red Hat Ansible Automation Platform technical deck | Use cases

Ansible Automation Platform and DevOps.

Deliver consistently, reliably, and rapidly.
Accelerate DevOps throughout your IT ecosystem
▸ Align to business goals with outcome-based IT process
Code management Build systems automation.
Development automation ▸ Orchestrate and integrate using the API and webhooks
▸ Simple, pervasive automation language used across the IT ecosystem.
▸ Extend capabilities using Ansible Content Collections.
Process
IT ecosystem automation
People ▸ Improve CI/CD security and governance with approvals, auditing, and RBAC
▸ Speed up development cycles with consistent dev, test,
and prod environments

Cloud Network Security Infrastructure Edge

52
 Write your first playbook
https://www.redhat.com/en/interactive-labs/write-your-first-playbook

Lab Time
 Network automation basics: First playbook
https://www.redhat.com/en/interactive-labs/network-automation-basics-first-playbook

Lab Time
Resolve issues with Insights advisor functionality
https://www.redhat.com/en/interactive-labs/resolve-issues-red-hat-insights-advisor-
functionality

Lab Time
Remediating vulnerabilities with Red Hat Insights
https://www.redhat.com/en/interactive-labs/remediating-vulnerabilities-with-red-hat-insights

Lab Time
 Muchas Gracias!
Lucas Aiello
Engineer Sales
laiello@licenciasonline.com