Automation with Ansible
The course is part of this learning path
This course looks at the Ansible Automation Platform. We'll look at how it works, looking at all the components like modules, tasks, and playbooks. We're going to show Ansible commands and how to use the command line tool, Ansible Navigator. You'll also learn about variables, templates and playbook basics.
Then we'll move on to the automation controller, the web UI and API, and you'll learn where it fits in and who would be using it. We'll also take a look at some enterprise features like Role-based Access Control and workflows.
- Learn the basics of Ansible including its components including modules, tasks, and playbooks
- Understand Ansible commands and how to use Ansible navigator
- Learn how to use variables and templates
- Use Ansible's web UI and API, known as Automation Controller
- Learn how to build a job template
- Understand how to use Role-based Access Control and workflows
This course is intended for anyone who wants to learn more about the Ansible Automation Platform in order to operationalize and put their Ansible workloads into production.
To get the most out of this course, you should have some knowledge of Linux or Red Hat Enterprise Linux. Existing knowledge of Ansible would be beneficial but not essential.
So next we're going to talk about Self-service IT, specifically with the survey feature. So when you hear that marketing term Self-service, IT, that can be a little bit ambiguous, but what we're talking about specifically is making automation easy enough to use. That someone who's not technically an Ansible expert could use it and execute it and kind of configure some knobs without getting stuck. So surveys are kind of very similar to like SurveyMonkey or Google Surveys. It's just kind of a text field in a pop up. So similar to that prompt on-demand, except we can configure what's in those prompts and use the responses in the playbook itself. These variables that we fill out, it can be a multitude of different options, where you predefine like a drop-down menu, or it's a single select or multiple select, or it's a text field.
So you could actually, like for example, put the message of the day and make it configurable in a survey where someone just types in whatever they want to do. Again, these role-based access control, which we'll talk about in a little bit, allows us to have, like certain groups able to, self drive it and other groups not. You're going to have groups that can edit the job templates while other groups can't. So creating a survey. When we're on the Job template menu, there's a little button where we can create that survey. That's actually a tab, not a button. It's still button to me, but we'll Add the Survey window. You basically kind of get this little pop-up window that allows us to fill out the questions. And if those questions are required and there sometimes if you're creating the survey, you can fill out the default field.
So if someone doesn't really know what they want to choose, you could kind of like say, like hey, use this one instead. It's little toggle switch is highlighted here, might be hard to see on your screen. That little toggle switch allows us to enable that survey on that job template. When you use a survey, when you launch that job, it's going to pop up. So exactly like that prompts on run or check mode that we showed a second ago, except it's going to have all of the questions and it's going to go next, next, next through all the questions and you fill that out before that job, that automation job is run. So with that, let's show a practical example.
So we're going to create a new job template just to make this easy, I'm going to go to, we'll start from the top, so we default to the Dashboard. I will go to Templates. I will add a normal job template. I'm going to see Sean's survey example. I'm going to run it on the Workshop Inventory. I'm going to run it on that same project that we did in the last example. I'm going to use the default execution environment. And the playbook, this time, I'm going to use the apache_role_install. And we can actually look at what that playbook looks like an Ansible. So we go to GitHub Ansible and we type in workshops in here. All the code that we use is online and easy to find. And this role install is right here. It's just that same example we showed before. There's 1 role, role_apache. We go back in here the roles directory, role_ apache ,tasks, main.yml. I will zoom in a bunch to make this easy because it's going to install Apache, firewalld. Make sure that is enabled, permit http service, running. It's going to copy over this configuration file.
And finally, just like we showed before, it's going to template this file out. So just in case you wanted to see exactly where that code was coming from. It's not hidden, it's just right on GitHub. So we have this role install, so we have Inventory, Project, Playbook, we need a Credential. And now we can Save that job. As soon as we save that job, now we can edit it again. We are going to get a survey now, actually, sorry, it's back now survey, surveys is on the tab. So we're going to go we are going to click, survey right here. So you don't have to edit the job anymore. I keep clicking on it because I'm trying to show details. Survey tab, on the Details I can edit the job template here. I kept clicking this; Back to Templates, Survey's where we Add the survey. It used to be kind of one edit window, that's why I got confused for just a second.
So this survey window, we're going to click Add and we're going to make a question. Question is say like, Hey, this is line 1. What do you want? Here is description. blah blah sean rules and the variable name is the most important part. So this has to match within your playbook. So if we go back to this example in here, and we go into that role_apache, we look at the templates file. This is the template. Now this is important. I'm going to zoom in and even more is these variables are what we're going to use in our survey. So when I go back here, I have to do first_line. I'm going to make the text, Answer type Text and Save it. I'm now going to Add another question, we saw back in that template, there's a second_line.
So I'm going to say; THIS IS 2nd LINE. It doesn't really matter. You try want something that looks better than that. sean's description for line 2. And we're going to make the text again. It's just really simple. It's just going to replace, I'm going to click Save. So there's one final thing we need to do. We're going to turn it on. We're not going to Add anymore, and by toggling it On, we're done. There's no Save on this. Soon as I toggled it, it will run. So all we need to do now is launch the job. As soon as we launch it, we get that prompt. So Hey, this is line 1. What do you want? sean is awesome; 2nd line, ansible is also cool, I guess. Click Next and click Launch. What it's going to do, is it's going to run that other playbook that we've created. Up and see we did the same exact error we did last time. So we already know how to fix this? I didn't have Privilege Escalation on. So we click Edit, scroll down to the Options, and here at the bottom left there's Privilege Escalation, so we click Save. I could have just run it from there. Click the little rocket ship again; sean rules, ansible. is also cool, as well.
Next, Launch. Boom, we know it's working now because it got passed the escalation issue. It's still halfway through and it's done. Only takes a few seconds. So what's really cool is we can go back to the command-line here. Not host2, but node 2; a website serves, sean rules, ansible is also cool, as well. So what this is showing is that the survey fields can allow configuration from someone that might not necessarily know what Apache is? They can now configure website through knobs. Now this is a super simple example, but you can imagine those surveys can be as detailed or undetailed as you want. So in this survey, we'll go back to the survey. So I can show a couple other options before the the next section. In here, if I click on the Survey tab, I had the Text as the answer, but there's also Textarea.
So you can have like a whole paragraph instead of a just like a line, Password, which means like you can't see it when I type it in. It's going to be password to access something. Multiple Choice, (single select). So you can put different answers in here, sean is awesome, and then second option, sean is OK, third option and say sean is meh, whatever you want and you can kind of like make that check mark. There's also Multiple Choice (single select), Integers and Floats. You can put some kind of guard rails on the type of stuff that's being input. And there's a bunch of plugins where you can even sanitize this out input after you get it. It's going to be like, okay, I want to make sure it's a number between x and x, or I want to make sure that the number, is an IP address or I want to make sure the number is as particular subnet.
So when we do these kind of like multiple choice (single select) is I can put, it still saving it as that same variable. As I press Save, go back to Details, launch the job and now this has changed. Instead of a text line where I'm filling it out, it's just changing the way that survey does, the prompt. So I kind of say it's like guard rails. It's kind of like the video games where you are on rails, where you're kind of like a set path that you can go on and shoot at the zombies or whatever it happens to be. Is these Self-service IT allows operators to put guard rails on automation that's running on their equipment.
So you can imagine like cool use cases are like okay, I want to make a survey for an auditing security team so they can run an audit of these web servers, but they can only collect information that's relevant to them. Or I want to allow the network team to configure VLANs on my server but only these 5 VLANs. If they need to for some reason turn them on and off. So it becomes really easy to kind of limit what their choices are, but then give them some automations. They don't have to email you or bother you through some ticketing system for everything manually. So again, as we go look at this survey and I curl it again, it says sean is OK, which was the option we chose in the survey. So with that, let's move on to RBAC or role-based access control and show a quick example of that as well.
Jeremy is a Content Lead Architect and DevOps SME here at Cloud Academy where he specializes in developing DevOps technical training documentation.
He has a strong background in software engineering, and has been coding with various languages, frameworks, and systems for the past 25+ years. In recent times, Jeremy has been focused on DevOps, Cloud (AWS, GCP, Azure), Security, Kubernetes, and Machine Learning.
Jeremy holds professional certifications for AWS, GCP, Terraform, Kubernetes (CKA, CKAD, CKS).