Common use cases with Ansible Automation

• Common applications of Ansible Automation 

• Nothing, use this as a starting point.

Successful automation adoption journeys often follow a progression: teams start small, show value, and expand the range and complexity of their efforts in an iterative manner. It is recommended to create a flowchart of your current processes to help you understand the complexities of your automation project and how to best apply these use cases.

Provisioning cloud resources is a time-consuming, error-prone process for many organizations. You can use Red Hat® Ansible® Automation Platform to simplify virtual machine provisioning in public cloud environments. Create playbooks using Ansible Certified Content to allocate storage, set up networks and subnetworks, and provision virtual machine instances. Add variables for configuration options like instance types, zones, and security groups to make your playbook reusable so you can deploy virtual machines anywhere.

An example task for provisioning cloud resources in public cloud environments could look like the following:

Example: Create a Google Cloud instance with disks and network interfaces

1.–--
2.- name: create a instance
3.  google.cloud.gcp_compute_instance:
4.    name: test_object
5.    machine_type: n1-standard-1
6.    disks:
7.    - auto_delete: ‘true’
8.      boot: ‘true’
9.      source: “{{ disk }}”
10.   - auto_delete: ‘true’
11.     interface: NVME
12.     type: SCRATCH
13      initialize_params:
14.        disk_type: local-ssd
15      labels:
16      environment: production
17.    network_interfaces:
18.    - network: “{{ network }}”
19.      access_configs:
20.      - name: External NAT
21.        nat_ip: “{{ address }}”
22.        type: ONE_TO_ONE_NAT
23.    zone: us-central1-a
24.    project: test_project
25.    auth_kind: serviceaccount
26.    state: present

Tip: Learn more about Red Hat Certified Content for Google Cloud on the Red Hat Ecosystem Catalog.

Deploying virtual machines using manual processes can result in misconfigurations or unexpected issues that lead to downtime and service disruptions. With Ansible Automation Platform, you can automatically create and maintain standardized virtual machine templates that let you provision virtual machines consistently across your VMware vSphere environment. Create a template based on a static virtual machine image using the vmware.vmware_rest.vcenter_vmtemplate_libraryitems module from the VMware collection. Then, use the same module to consistently deploy new virtual machines based on the template. 

1. –--
2. - name: Deploy a new VM based on the template
3.   vmware.vmware_rest.vcenter_vmtemplate_libraryitems:
4.    name: vm-from-template
5.    library: “{{ nfs_lib.id }}”
6.    template_library_item: “{{ my_template_item.id }}”
7.    placement:
8.      cluster: “{{ lookup(‘vmware.vmware_rest.cluster_moid’,
9.                  ‘/my_dc/host/my_cluster’) }}”
10.     folder: “{{ lookup(‘vmware.vmware_rest.folder_moid’, 
11.                 ‘/my_dc/vm’) }}”
12.     resource_pool: “{{ lookup(‘vmware.vmware_rest.resource_pool_moid’, 
13.                       ‘/my_dc/host/my_cluster/Resources’) }}”
14.   state: deploy

Tip:  Access the VMware collection on the Red Hat Ecosystem Catalog.

Known problematic services that require frequent restarts can be challenging to manage. Ansible Automation Platform can help you respond quickly to recurring issues with applications and services. Built-in modules—including ansible.builtin.systemd and ansible.builtin.sysvinit—let you control services on remote hosts via a selection of service managers. The ansible.builtin.service module acts as a proxy to service manager modules so you can manage diverse environments without creating a specific task for each service manager. As a result, you can create simple playbooks that automatically gather information on impacted systems and application layers, and restart services as soon as an issue is reported.

Example: Start services

1. –--
2. - name: Start service httpd, if not started
3.   ansible.builtin.service:
4.    name: httpd
5.    state: started

Example: Stop services

1. –--
2. - name: Stop service httpd, if started
3.   ansible.builtin.service:
4.    name: httpd
5.    state: stopped

Example: Restart services

1. –--
2. - name: Restart service httpd
3.   ansible.builtin.service:
4.    name: httpd
5.    sleep: 60
6.    state: restarted

Most environments contain many different platforms and devices, making manual compliance audits difficult and time consuming. Ansible Automation Platform simplifies and standardizes how you audit resources across your IT environment. Write playbooks using Ansible Certified Content to query, store, and report system configurations with less manual effort. And if a system configuration is not in the expected state, Ansible Automation Platform can automatically log a service ticket and optionally remediate the configuration.

Example: Gather network facts

1. ---
2. - name: Use Cisco IOS facts module
3.   hosts: cisco
4.   gather_facts: false # this is not the cisco facts module
5. 
6.   tasks:
7.    - name: retrieve facts
8.      cisco.ios.ios_facts: 
9.
10.   - name: display version 
11.      ansible.builtin.debug: 
12.        msg: “{{ ansible_net_version }}” 
13.
14.   - name: display serial number 
15.      ansible.builtin.debug: 
16.        msg: “{{ ansible_net_serialnum }}”

Example: Retrieve network resource information

1. ---
2. - name: Retrieve interface information 
3.   hosts: cisco 
4.   gather_facts: false # this is not the cisco facts module
5.
6.   tasks: 
7.    - name: use state gathered 
8.      cisco.ios.ios_interfaces: 
9.       state: gathered 
10.     register: interfaces_info 
11.
12.   - name: print interface information 
13.      ansible.builtin.debug: 
14.        msg: “{{ interfaces_info }}”

Example: Back up network configurations

1. ---
2. - hosts: cisco
3.   gather_facts: false
4.
5.   tasks:
6.  - name: Back up config
7.    cisco.ios.ios_config:
8.      backup: yes

Keeping resources current with the latest security standards helps protect systems and reduce vulnerabilities. Red Hat Enterprise Linux® system roles is a collection of Ansible Certified Content that provides a stable and consistent configuration interface to automate and manage multiple releases of Red Hat Enterprise Linux. Create and review playbooks using these roles to automatically update system configurations whenever security standards change. 

Example: Update kernel settings

1. –--
2. - name: Manage kernel settings
3.   hosts: all
4.   vars:
5.    kernel_settings_sysctl:
6.      - name: fs.epoll.max_user_watches
7.        value: 785592
8.      - name: fs.file-max
9.        value: 379724
10.     - name: kernel.threads-max
11.       state: absent
12.
13.   kernel_settings_sysfs:
14.     - name: /sys/kernel/debug/x86/pti_enabled
15.       value: 0
16.     - name: /sys/kernel/debug/x86/retp_enabled
17.       value: 0
18.     - name: /sys/kernel/debug/x86/ibrs_enabled
19.       value: 0
20.
21.   kernel_settings_systemd_cpu_affinity: “1,3,5,7”
22.   kernel_settings_transparent_hugepages: madvise
23.   kernel_settings_transparent_hugepages_defrag: defer
24. roles:
25.    - linux-system-roles.kernel_settings

Manual application deployment processes can be error-prone and result in increased security risks and decreased application performance. Ansible Automation Platform includes built-in modules that let you write reusable playbooks for installing and configuring applications simply and consistently across your environment. Use certified modules to install web servers using YUM or DNF (recommended), set default home pages, start servers, and configure firewalls, all in a single, easy-to-read playbook.

Example: Deploy a web server

1. ---
2. - name: Setup the web server
3.   hosts: “{{ hosts }}”
4.   become: true
5.   tasks:
6.     - name: httpd installed
7.       ansible.builtin.yum:
8.        name: httpd
9.        state: latest
10.
11.    - name: custom index.html
12.      ansible.builtin.copy:
13.        dest: /var/www/html/index.html
14.        content: | Custom Web Page
15.
16.    - name: httpd service enabled
17.      ansible.builtin.service:
18.        name: httpd
19.        enabled: true
20.        state: started
21.
22.    - name: open firewall
23.      ansible.posix.firewalld:
24.        service: http
26.        state: enabled
27.        immediate: true
28.        permanent: true

Manual approaches to network configuration and updates can be too slow to effectively support modern application and data transfer requirements. Red Hat Ansible Certified Content helps you automate many common network tasks across your hybrid cloud. Playbooks can be used to configure router hostnames and domain name system (DNS) servers, and create and propagate virtual local area network (VLAN) configurations across your environment.

Example: Configure routers

1. ---
2. - name: configure cisco routers
3.   hosts: routers
4.   connection: ansible.netcommon.network_cli
5.   gather_facts: false
6.   vars:
7.     dns: “8.8.8.8 8.8.4.4”
8.
9.   tasks:
10.   - name: configure hostname
11.     cisco.ios.ios_config:
12.       lines: hostname {{ inventory_hostname }}
13.
14.   - name: configure DNS
15.     cisco.ios.ios_config:
16.       lines: ip name-server {{dns}}

Example: Add a VLAN

1. ---
2. - name: add vlans 
3.   hosts: arista 
4.   gather_facts: false 
5.
6.   vars: 
7.    vlans: 
8.      - name: desktops 
9.        vlan_id: 20 
10.     - name: servers 
11.       vlan_id: 30 
12.     - name: DMZ 
13.       vlan_id: 50 
14.
15.  tasks: 
16.   - name: add VLAN configuration 
17.     arista.eos.eos_vlans: 
18.        state: merged 
19.        config: “{{ vlans }}”

Infrastructure maintenance tasks like operating system upgrades often require large teams of IT staff members working outside normal business hours. With Ansible Automation Platform, you can create complex automation workflows to perform Red Hat Enterprise Linux operating system upgrades across your environment. For this purpose, Playbooks can be used to download and install new operating system versions, conditionally reboot virtual machines, and automatically create reports describing the installed services and packages.

Example: Patch a Red Hat Enterprise Linux installation

1. ---
2. - name: Upgrade all packages (yum)
3.  ansible.builtin.yum:
4.   name: ‘*’
5.   state: latest
6.   update_only: true
7.  when: ansible_pkg_mgr == “yum”
8.  register: patchingresult_yum
9.
10.
11. - name: Upgrade all packages (dnf)
12.  ansible.builtin.dnf:
13.    name: ‘*’
14.    state: latest
15.    update_only: true
16.  when: ansible_pkg_mgr == “dnf”
17.  register: patchingresult_dnf
18.
19.
20. - name: Check to see if we need a reboot
21.  ansible.builtin.command: needs-restarting -r
22.  register: result
23.  changed_when: result.rc == 1
24.  failed_when: result.rc > 1
25.  check_mode: false
26.
27.
28. - name: Reboot Server if Necessary
29.  ansible.builtin.reboot:
30.  when:
31.   - result.rc == 1
32.   - allow_reboot == true

• Troubleshoot with Red Hat support