Developing Advanced Automation with Red Hat Ansible Automation Platform

DO374

Welcome

Course Objectives and Structure

Schedule

Chapter 1: Developing Playbooks with Ansible Automation Platform 2

Goal: Develop Ansible Playbooks with Red Hat Ansible Automation Platform 2 following recommended practices.

Objectives:

• Describe the architecture of Red Hat Ansible Automation Platform 2 and how its new features help with Ansible automation development.

• Install automation content navigator and use it to run an existing playbook with a supported execution environment.

• Create and manage Ansible Playbooks in a Git repository, following recommended practices.

• Demonstrate and describe common recommended practices for developing and maintaining effective Ansible automation solutions.

Quiz: Red Hat Ansible Automation Platform 2

Guided Exercise: Running Playbooks with Automation Content Navigator

Guided Exercise: Managing Ansible Project Materials Using Git

Guided Exercise: Implementing Recommended Ansible Practices

Summary

• Red Hat Ansible Automation Platform 2 simplifies development and use of Ansible Playbooks at scale, by introducing new features such as Ansible Content Collections and automation execution environments.
• Automation content navigator (ansible-navigator) extends and can replace many previous Ansible commands, including ansible-playbook.
• An Ansible Content Collection provides a set of related Ansible modules, roles, and plug-ins that are supported by the same group of software developers.

Summary (continued)

• Automation execution environments are container images that contain a specific version of Ansible Core, Ansible Content Collections, and any Python libraries, executables, or other dependencies needed to run playbooks.
• You should manage your automation content in a version control system, such as Git, which enables you to track and control changes to your automation code.
• Implementing recommended practices facilitates collaboration and reduces potential problems.

Chapter 2: Managing Content Collections and Execution Environments

Goal: Run playbooks that use content collections not included in ansible-core, either from an existing execution environment or by downloading them from automation hub.

Objectives:

• Describe how Ansible Content Collections are used to distribute modules and plug-ins, and create plays that use content from them.

• Search automation hub for Ansible Content Collections, and install them from the command line by name or by using a requirements.yml file.

• Identify the automation execution environments provided by Red Hat and select the correct one for your use case.

Guided Exercise: Reusing Content from Ansible Content Collections

Guided Exercise: Finding and Installing Ansible Content Collections

Guided Exercise: Selecting an Execution Environment

Summary

• You can use the ansible-navigator doc --mode stdout command to access the module documentation provided by Ansible Content Collections that are available to your automation execution environment.
• You can use the ansible-navigator images command to inspect automation execution environments and to list the collections and other resources and collection dependencies provided by an automation execution environment's container image.
• Ansible Playbooks should use fully qualified collection names (FQCNs) to refer to modules, roles, and plug-ins provided by Ansible Content Collections.
• The ansible-galaxy collection install command installs Ansible Content Collections on the local system. The --collections-path (or -p) option specifies the installation directory.

Summary (continued)

• You can use the collections/requirements.yml file to list the Ansible Content Collections that are required for the project.
• Automation execution environments can access the Ansible Content Collections that are installed in the collections/ subdirectory in the directory that contains the playbook.
• The ee-supported-rhel8 automation execution environment is used by default by automation content navigator and automation controller, and includes selected Red Hat Certified Ansible Content Collections in addition to the ansible.builtin collection.
• The ee-minimal-rhel8 automation execution environment only provides the ansible.builtin Ansible Content Collection, but you can also use Ansible Content Collections from your project's collections/ directory.
• You can use the ee-29-rhel8 automation execution environment for playbooks that require Ansible 2.9.

Chapter 3: Running Playbooks with Automation Controller

Goal: Explain what automation controller is and demonstrate how to use it to run playbooks that you developed with automation content navigator.

Objectives:

• Describe the architecture and use cases of the automation controller component of Red Hat Ansible Automation Platform.

• Navigate and describe the automation controller web UI, and successfully launch a job using a job template, project, credential, and inventory.

Quiz: Explaining the Automation Controller Architecture

Guided Exercise: Running Playbooks in Automation Controller

Summary

• Automation controller provides a centralized location that you can use to run your Ansible automation and review the results of automation runs.
• An automation controller project specifies the location of a Git repository that stores Ansible code and, if needed, a source control credential to authenticate to the Git repository.
• An automation controller job template specifies the inventory, machine credentials, execution environment, project, and playbook to use to run your Ansible code on managed hosts.

Summary (continued)

• You can use the automation controller web UI to launch automation jobs from a job template and to review the results of jobs.
• Using ansible-navigator to test Ansible Playbooks in an execution environment can help streamline the process of setting up those playbooks to run successfully on automation controller.

Chapter 4: Working with Ansible Configuration Settings

Goal: Examine and adjust the configuration of Ansible and automation content navigator to simplify development and to troubleshoot issues.

Objectives:

• Browse the current Ansible configuration by using automation content navigator.

• Change configuration settings for automation content navigator with its configuration file, and determine where the configuration file is located.

Guided Exercise: Examining the Ansible Configuration with Automation Content Navigator

Guided Exercise: Configuring Automation Content Navigator

Summary

• The ansible-navigator config command helps you explore and analyze the current configuration used by the ansible-navigator run command.
• Automation content navigator can use only ansible.cfg files that it can see from inside the automation execution environment. These files include the /etc/ansible/ansible.cfg file in the execution environment container and the ansible.cfg file in your project directory.

Summary (continued)

• You can configure automation content navigator settings by using the file defined by the ANSIBLE_NAVIGATOR_CONFIG environment variable, the ansible-navigator.yml configuration file in your current directory, or the ~/.ansible-navigator.yml configuration file in your home directory.
• The ansible-navigator settings --sample command generates a sample ansible-navigator.yml configuration file.
• The ansible-navigator settings --effective command generates a configuration file that reflects your current effective configuration, including options specified on the command line, values of environment variables, and defaults.

Chapter 5: Managing Inventories

Goal: Manage inventories by using advanced features of Ansible.

Objectives:

• Describe what dynamic inventories are, and install and use an existing script or plug-in as an Ansible dynamic inventory source.

• Write static inventory files in YAML format.

• Structure host and group variables by using multiple files per host or group, and use special variables to override the host, port, or remote user that Ansible uses for a specific host.

Guided Exercise: Managing Dynamic Inventories

Guided Exercise: Writing YAML Inventory Files

Guided Exercise: Managing Inventory Variables

Summary

• You can use inventory plug-ins provided by collections to dynamically obtain lists of hosts and groups from sources such as cloud, virtualization, and systems management platforms.
• Dynamic inventory scripts can generate host and group information from sources external to Ansible.
• You can use the yaml inventory plug-in to write static inventory files in YAML format.
• You can use the ansible-navigator inventory command to help you convert an inventory file in INI format into YAML format.

Summary (continued)

• A good practice is to keep most variables out of static inventory files.
• Take advantage of inventory groups and the group_vars/ and host_vars/ directories to improve project maintainability.
• Use the special inventory variables to control connections to hosts and use inventory hostnames to make playbook output more readable.

Chapter 6: Managing Task Execution

Goal: Control and optimize the execution of tasks by Ansible Playbooks.

Objectives:

• Control automatic privilege escalation at the play, role, task, or block level.

• Configure tasks that can run before roles or after normal handlers, and simultaneously notify multiple handlers.

• Label tasks with tags, and run only tasks labeled with specific tags, or start playbook execution at a specific task.

• Optimize your playbook to run more efficiently, and use callback plug-ins to profile and analyze which tasks consume the most time.

Guided Exercise: Controlling Privilege Escalation

Guided Exercise: Controlling Task Execution

Guided Exercise: Running Selected Tasks

Guided Exercise: Optimizing Execution for Speed

Summary

• You can configure privilege escalation at the play, role, block, or task level.
• Privilege escalation uses the become, become_user, become_method, and become_flags directives.
• Ansible runs the play sections in the following order: pre_tasks, roles, tasks, and post_tasks.
• Handlers run in the same order that they appear in the play.
• You can use tags to select or skip tasks during play execution.
• Disabling fact gathering speeds up the execution of playbooks.
• You can use the timer, profile_tasks, and profile_roles callback plug-ins to profile playbooks.

Chapter 7: Transforming Data with Filters and Plug-ins

Goal: Populate, manipulate, and manage data in variables using filters and plug-ins.

Objectives:

• Format, parse, and define the values of variables using filters.

• Populate variables with data from external sources using lookup plug-ins.

• Implement loops using structures other than simple lists by using lookup plug-ins and filters.

• Use filters to inspect, validate, and manipulate variables containing networking information.

Guided Exercise: Processing Variables Using Filters

Guided Exercise: Templating External Data Using Lookups

Guided Exercise: Implementing Advanced Loops

Guided Exercise: Using Filters to Work with Network Addresses

Summary

• You can use filters in Jinja2 expressions and templates to format, transform, and parse data.
• Some filters are native to Jinja2 and some are provided by Ansible or by Ansible Content Collections.
• You can apply multiple filters sequentially in the same Jinja2 expression.
• Lookup plug-ins get data from external sources for plays.
• Lookup plug-ins and filters run in the execution environment, not on the managed host.
• You can combine filters and lookup plug-ins to implement sophisticated loops.
• Ansible provides many supplementary filters for processing networking-related data, such as ansible.utils.ipaddr.

Chapter 8: Coordinating Rolling Updates

Goal: Use advanced features of Ansible to manage rolling updates in order to minimize downtime, and to ensure the maintainability and simplicity of Ansible Playbooks.

Objectives:

• Run a task for a managed host on a different host, and control whether facts gathered by that task are delegated to the managed host or to the other host.

• Tune the number of simultaneous connections that Ansible opens to managed hosts, and how Ansible processes groups of managed hosts through the play’s tasks.

• Tune the behavior of the serial directive when batching hosts for execution, abort the play if it fails for too many hosts, and create tasks that run only once for each batch or for all hosts in the inventory.

Guided Exercise: Delegating Tasks and Facts

Guided Exercise: Configuring Parallelism

Guided Exercise: Managing Rolling Updates

Summary

• The delegate_to keyword can delegate a task to run on a different host.
• The forks parameter in the Ansible configuration file specifies the maximum number of parallel connections to managed hosts.
• The serial keyword configures Ansible to run hosts through a play in multiple batches.
• The max_fail_percentage keyword configures Ansible to abort the play if more than a certain percentage of hosts in the current batch fail.
• The run_once keyword specifies that a task runs once for a batch rather than once for each host in the batch.

Chapter 9: Creating Content Collections and Execution Environments

Goal: Write your own Ansible Content Collections, publish them, embed them in a custom automation execution environment, and run them in playbooks by using automation controller.

Objectives:

• Create content collections and distribute them for reuse.

• Build a custom automation execution environment image by using the ansible-builder command.

• Validate that a custom automation execution environment works as expected by testing it with the ansible-navigator command, and then distribute the automation execution environment for reuse.

• Run a playbook in automation controller that uses a content collection in the project or content provided by a specific automation execution environment.

Guided Exercise: Writing Ansible Content Collections

Guided Exercise: Building a Custom Automation Execution Environment

Guided Exercise: Validating a Custom Execution Environment

Guided Exercise: Using Custom Content Collections and Execution Environments in Automation Controller

Summary

• The ansible-galaxy collection init command creates the directory structure for new Ansible Content Collections.
• Dependencies for a collection are specified in three files: other collections under the dependencies parameter of the galaxy.yml file, Python packages in the requirements.txt file, and RPM packages in the bindep.txt file.
• The ansible-galaxy collection publish command is used to publish collections on private automation hub.
• The ansible-builder command creates custom automation execution environments.
• The execution-environment.yml file is the configuration file for the ansible-builder command. It specifies the collections, Python packages, and RPM packages to include in the new automation execution environment.

Summary (continued)

• The podman images, podman tag, and podman push commands list, tag, and push automation execution environment images to a container registry.
• Automation controller can automatically pull collections and roles specified in an Ansible project's requirements.yml file, but you need to set up stored credentials so that it can authenticate to automation hub.
• Automation controller can use and automatically pull custom automation execution environments, but you need to configure credentials for the container registry and specify the location of the execution environment first.

Chapter 10: Comprehensive Review

Goal: Review the tasks from Developing Advanced Automation with Red Hat Ansible Automation Platform

Objectives:

• Review the tasks from Developing Advanced Automation with Red Hat Ansible Automation Platform

Lab: Managing Inventory Variables to Use with Automation Content Navigator

Lab: Optimizing a Playbook for Large-scale Use

Lab: Creating and Using Ansible Content Collections and Automation Execution Environments