What's next for Ansible @ Red Hat and whereit's being used currently

Ken ThompsonSenior Cloud Solution ArchitectMelbourne Ansible Meetup - December 2015

ANSIBLE @ RED HAT

Ansible Meetup - Melbourne - December 20152

ANSIBLE @ RED HATHow Does Ansible Fit Red Hat's Management Strategy

Ansible Meetup - Melbourne - December 20153

WHERE IS RED HAT USING ANSIBLE?OpenShift-Ansible Installer

Best fit as the base technology onan installer for a complex platformspanning multiple hosts

V2 Installer was complex: ruby+ puppet + shell scripts

Ansible simplifies this,provides true multi-hostorchestration

Same tooling for installation,adding additional nodes &platform upgrades

Ansible Meetup - Melbourne - December 20154

OPENSHIFT ANSIBLE INSTALLER

Installs required packages

Performs required hosts preparation steps

Create required config files for OpenShiftservices:

/etc/openshift/master/master-config.yaml

/etc/openshift/master/policy.json

/etc/openshift/master/scheduler.json

/etc/openshift/node/node-config.yaml

Cluster authentication config(kubeconfig files)

/etc/sysconfig/docker (configurered hat and internal registry)

Create and distributes required certificates

Enable required services on each node

Configure virtual networking

Enable and assign labels to nodes

When installer is finished , OpenShiftconsole will be available in:

https://:8443/

https://github.com/openshift/openshift-ansible

Ansible Meetup - Melbourne - December 20155

OPENSHIFT ANSIBLE INSTALLER

Improved Installer experience (HA)

3 main deployment options: All-in-one (PoCs), Minimal HA, Recommended HA

https://trello.com/c/8TANbwTx/122-5-improved-installer-experience-ha

Support for redeploying certificates

Ability to fix common certificate errors, update certificates, update CA etc.

https://trello.com/c/NsT6f1HL/38-8-atomic-openshift-installer-support-for-redeploying-certificates

Improve outages for 3.x Upgrades

Orchestrate rolling updates of platform to improve application availability

https://trello.com/c/qtriZsUU/121-3-upgrade-reduce-outages-for-3-2-upgrade

Road Map

https://trello.com/c/NsT6f1HL/38-8-atomic-openshift-installer-support-for-redeploying-certificateshttps://trello.com/c/NsT6f1HL/38-8-atomic-openshift-installer-support-for-redeploying-certificateshttps://trello.com/c/qtriZsUU/121-3-upgrade-reduce-outages-for-3-2-upgrade

Ansible Meetup - Melbourne - December 20156

BEYOND THE INSTALLERhttps://github.com/2015-Middleware-Keynote/demo-ansible

But wait...there's more! (sorry, no steak knives)...

Build an end to end OpenShift environment on AWS using Ansible! Requires:

AWS Account, route53 public hosted zone

Builds: AWS VPC

AWS Networking

AWS Instances

OpenShift Pre-requisites (docker storage setup etc.)

OpenShift Environment Build (OpenShift-Ansible Installer)

Ansible Meetup - Melbourne - December 20157

ANSIBLE TOWER 2.4What's new

OAuth authentication viaGitHub and Google

Enterprise authenticationsupport for SAML 2.0 andRADIUS

Configurable Session Limitsand Timeouts

Custom Branding

Ansible Meetup - Melbourne - December 20158

ANSIBLE 2.0What's coming...early 2016

Improved error messages Blocks Execution Strategy Plugins Execution-time evaluation of

include tasks Extended inheritance of

blocks/roles Improved variable

management Better use of OOP 100% Backwards compatible

Ansible Meetup - Melbourne - December 2015

9

APPENDIX

Ansible Meetup - Melbourne - December 201510

ANSIBLE 2.0Improved Error Messages

Playbook errors not related to syntax will (in most cases) still show the filealong with the line and column where the error occurred.

Ansible Meetup - Melbourne - December 201511

ANSIBLE 2.0Blocks

Provides a method for catching errors during task execution, as wellas an option to always execute some set of task regardless of whetheran exception occurred or not.

Allows for easier grouping of related tasks.

Ansible Meetup - Melbourne - December 201512

ANSIBLE 2.0Blocks (further examples, nested & grouping)

Ansible Meetup - Melbourne - December 201513

ANSIBLE 2.0Execution Strategy Plugins

linear -traditional Ansible, which waits for all hosts to complete a taskbefore continuing

free - allows each host to process tasks as fast as possible, withoutwaiting for other hosts

And anything else people can conceive -just write a new plugin for it!

Ansible Meetup - Melbourne - December 201514

ANSIBLE 2.0Execution-time Evaluation of Include Tasks

Previously, include statements acted like pre-processor statementsand were evaluated/expanded before any tasks started running.

Should allow the return use of include + with* actions.

Ansible Meetup - Melbourne - December 201515

ANSIBLE 2.0Extended Inheritance of Blocks/Roles

Values like 'become*' and others are now settable on blocks and roles,which are then inherited by all tasks contained within

Should allow the return use of include + with* actions.

Ansible Meetup - Melbourne - December 201517

RED HAT MANAGEMENT PRINCIPLES AND DIFFERENTIATORS

Ansible Meetup - Melbourne - December 201518

ANSIBLE IS FRICTIONLESS

Ansible Meetup - Melbourne - December 201519

ANSIBLE IS MODULAR

Ansible Meetup - Melbourne - December 201520

ANSIBLE IS A VERY POPULAR OPEN SOURCE PROJECT

Ansible Meetup - Melbourne - December 201521

ANSIBLE SUPPORTS MULTI-TIER DEPLOYMENTS

Ansible Meetup - Melbourne - December 201522

ANSIBLE BRINGS CONSISTENCY AT MULTIPLE LAYERS OF THE ARCHITECTURE

Ansible Meetup - Melbourne - December 201523

ANSIBLE SUPPORTS HETEROGENEOUS IT ENVIRONMENTS

Template: Closing Structure PhotoSlide 2Slide 3Template: Two Columns, TextSlide 5Slide 6Slide 7Slide 8Slide 9Slide 10Slide 11Slide 12Slide 13Slide 14Slide 15Slide 16Slide 17Slide 18Slide 19Slide 20Slide 21Slide 22Slide 23