Ansible DevOps Toolbox
A collection of high quality roles and playbooks that follow current best practices, a common style and have detailed documentation and User Stories reflecting the use cases.
Roles can be used individually or combined in playbooks to solve common problems such as Cloud Image Factory, Discovery, Migration, Continuous Patching and Compliance, Cloud Provisioning, and Kubernetes/OpenShift deployment and management.
All roles are tested (yamllint, ansible, molecule, goss) and set up with CI/CD (TravisCI) and published on Ansible Galaxy - and cookiecutter templates and development guids are provided in the Lab and DevOps sections.
Document Control
TODO:
- Overall structure.
- Presentation decks in Google Docs
Problem Description and Solution
Problems
- Cloud: Building and managing virtual and cloud environments across DEV, TEST, STAGING and PRODUCTION requires a lot of manual steps that cannot be easily shared and re-used across platforms. Building and maintaing master golden images is expensive, and is not easily re-used.
- Security and Compliance: DEV and PRODUCTION environments are built differently and don't usually share the same compliance or security settings.
- Migration across platforms is difficult and re-install or re-platform approaches are time consuming.
- Container Builds: are inconsistent and not aligned with OS security baselines.
- Security: Update and maintain SSL and Certificate Authority configuration.
- Modernization and Migration: how can I re-platform to a modern system that uses automation and configuration management? Ex: move from manually managed runbooks to runbook automation.
Solution
- End-to-end automation that is modular, extensible and easily integrated with Continuous Deployment systems.
- Automated image build system that creates modular images that target all virtual and cloud platforms, and can be extended / combined as part of a CI/CD pipeline to create tailored images (ex: PCI compliant PS images that target IBM Cloud VCS and Azure / AWS / VMware that share the same build systems and tools as the local images used for DEV/TEST that might run on VirtualBox, KVM, OpenStack or RHV platforms).
- Security and compliance are built in, from day 1. Images are updated as part of the build process, and daily / continuous builds and automated testing allow for images to always be provisioned using a secure baseline.
- Discovery scripts used for OS migration. Modular images used as landing platforms.
- Modern, two-stage container builds that use buildah to package applications for container platforms.
Technical description
- Collection of Ansible roles, playbooks, plugins, and modules
- OS image build systems (packer, virsh and kickstart)
Example Workflow
An example workflow for using the master golden images
start=>start: Packer Build Spec|past
end=>end: End|future
packer_kickstart=>operation: Kickstart
Install RHEL
packer_ansible=>operation: Post Install
Ansible Baseline
Security Profile
packer_container=>operation: Container Build
packer_image=>operation: Golden OS Image
ansible_provision=>operation: Ansible Provision
(VM/Cloud/Container)
ansible_middleware=>operation: Ansible
Middleware Install
ansible_app=>operation: Ansible
Application Deploy
ansible_maintain=>operation: Ansible
Maintenance
cond=>condition: Virtual
Machine
start->cond
cond(no,left)->packer_container->packer_image
cond(yes)->packer_kickstart->packer_ansible->packer_image
packer_image->ansible_provision
ansible_provision(right)->ansible_middleware->ansible_app->ansible_maintain
Role Development Workflow
- Init a new role from the Cookiecutter Template
- Lint code with
yamllint
andansible-lint
- Install role with
molecule
on Docker and KVM - Unit test role with
goss
- Push to Github
- Trigger automatic CI/CD using Travis-CI (test matrix against supported Operating Systems). Runs molecule / goss tests.
Personas Served
- Developer: writes code, sets up static analysis, runs builds.
- Image Architect / Migration Engineer: migrate and convert virtual machines. Discover applications and systems. Install middleware.
- CI/CD/Build Engineer/Delivery Engineer: sets up CI/CD, automates builds.
- Cloud Architect: uses multiple cloud providers, APIs, SDKs and toolkits. Provision entire landscapes.
- SRE Engineer / Linux and UNIX Systems Administrator: Install various server roles, configure and secure systems.
- Ansible Developer: Writes ansible playbooks and roles.
- Kubernetes Engineer: sets up Kubernetes / OpenShift environments. Creates container builds.
- Linux Desktop User: sets up Linux desktop environments and configures dotfiles.
- Compliance Officer: sets up compliance and security rules.
Use Cases and User Stories
Use cases include Provisioning, Configuration Management and Configuring Operating Systems, Application Deployment Continuous Delivery, Security and Compliance Automation, Orchestration, and Migration.
As a (user) | I want to (feature) | So that (benefit) |
---|---|---|
Developer | install my Development Environment and tools | save time and maintain consistency within the team |
Image Architect | automate all OS image builds across private and public cloud, with CI/CD | maintain a single set of master golden images, and fully automate the image build and post-install steps. |
Build Engineer | setup CI/CD pipelines and tools | setup pipelines as code and apply DevOps principles |
Delivery Engineer | Continuous Delivery | perform continuous deliver and application lifecycle management |
Cloud Architect | define my Cloud Environment using Code | setup architecture as code and easily provision cloud environments |
Operations Engineer | Continuous Patching | apply security fixes to my system |
Operations Engineer | Security Configuration | apply security configuration changes to my systems |
Compliance Officer | Continuous Compliance | apply security profiles to server and workstations (HIPAA, PCI, ISO 27001, etc). |
Automation Engineer | Ansible Templates and Starters | easily get started with Ansible, or refactor existing code while applying best practices from Day 1. |
Automation Engineer | Ansible Reference and Best Practices | broaden my knowledge, and have a quick reference to best pratices or a way to train my team. |
Migration Engineer | Facts Discovery and Display | Discover operating systems facts and easily browse / export them (excel, webpage) |
SRE Architect | CMDB Integration | I can manage systems part of my CMDB |
Playbooks
- Fedora Workstation
- Python Development
- HA Wordpress
- Patching
- Continuous Compliance
- Jetson Nano
- Raspberry Pi
- Windows
- FreeBSD
- OpenBSD
- MacOS
- AWS Sandbox
- IBM Cloud Sandbox
- Backup
Tested Operating Systems
Most roles are supported on:
- CentOS / RHEL 7
- CentOS / RHEL 8
- Fedora 31
- Debian 10
- Ubuntu 18.04
Roles that manage AIX, Windows or Cloud instances are described as such.
Roles
Basic Roles
Area | Role | Description | QA |
---|---|---|---|
Bootstrap | bootstrap | Install python (raw module) | |
User Setup | bootstrap | Install bootstrap | |
User Setup | users | Install users | |
User Setup | profile | Install profile | |
Virtualization | docker | Install docker | |
Virtualization | podman | Install podman | |
Virtualization | kvm | Install kvm | |
Virtualization | virtualbox | Install virtualbox | |
Virtualization | vvmware | Install vvmware | |
Virtualization | vmtools | Install vmtools | |
Development | anaconda | Install anaconda | |
Development | npm | Install npm | |
Development | atom | Install atom | |
Development | vscode | Install vscode | |
Development | hashicorp | Install hashicorp | |
Development | cloudcli | Install cloudcli | |
Software Installation | packages | Install packages | |
Software Installation | localbin | Install localbin | |
Software Installation | flatpak | Install flatpak | |
Software Installation | snap | Install snap | |
Software Installation | nvidia | Install nvidia | |
Software Installation | ati | Install ati | |
Software Installation | intelgpu | Install intelgpu | |
Software Installation | microcode | Install microcode | |
Configuration | subscription-manager | Install subscription-manager | |
Configuration | hostname | Install hostname | |
Configuration | mountiso | Install mountiso | |
Configuration | lvm | Install lvm | |
Configuration | gnome | Install gnome | |
Configuration | cleanup | Install cleanup | |
Configuration | secure | Install secure |
Server Roles
Area | Role | Description | QA |
---|---|---|---|
Management Tools | cockpit | Install cockpit | |
Management Tools | foreman | Install foreman | |
Management Tools | openssh | Install openssh | |
Management Tools | xrdp | Install xrdp | |
Management Tools | superset | Install superset | |
Web Servers | apache | Install apache | |
Web Servers | haproxy | Install haproxy | |
Web Servers | php | Install php | |
Web Servers | vsftpd | Install vsftpd | |
Database Servers | postgresql | Install postgresql | |
Database Servers | mariadb | Install mariadb | |
DevOps Tools | awx | Install awx | |
DevOps Tools | sonarqube | Install sonarqube | |
DevOps Tools | jenkins | Install jenkins | |
DevOps Tools | rundeck | Install rundeck | |
DevOps Tools | zuul | Install zuul | |
DevOps Tools | gerrit | Install gerrit | |
Linux Administration | packages | Install packages | |
Linux Administration | services | Install services | |
Linux Administration | firewalld | Install firewalld | |
Linux Administration | cron | Install cron | |
Linux Administration | ntp | Install ntp | |
Linux Administration | kdump | Install kdump | |
Linux Administration | selinux | Install selinux | |
Linux Administration | tuned | Install tuned | |
Linux Administration | time | Install time | |
Linux Administration | network | Install network | |
Linux Administration | storage | Install storage | |
Linux Administration | mandb | Install mandb | |
Linux Administration | locatedb | Install locatedb | |
Linux Administration | syslog | Install syslog | |
MacOS | macos-packages | Install macos-packages | |
AIX | aix-packages | Install aix-packages | |
Windows | windows-packages | Install windows-packages |
Cloud Roles
Area | Role | Description | QA |
---|---|---|---|
Private Cloud | virtualbox | Install virtualbox | |
Private Cloud | vmware | Install vmware | |
Private Cloud | rhv | Install rhv | |
Private Cloud | kvm | Install kvm | |
Private Cloud | openstack | Install openstack | |
AWS | provision-virtual-server | Install provision-virtual-server | |
IBM Cloud | provision-virtual-server | Install provision-virtual-server | |
IBM Cloud | provision-bare-metal | Install provision-bare-metal | |
IBM Cloud | provision-iks | Install provision-iks | |
IBM Cloud | provision-roks | Install provision-roks | |
Azure | provision-virtual-server | Install provision-virtual-server |
Ansible Playbooks
Code Repository and Links
Github and Ansible Galaxy
Presentations and Talks:
- Automate Everything with Python, Ansible and Kubernetes
- PyCon 2019 Talk: DevOps flows with Ansible, Packer & Kubernetes
Lines of Code
─────────────────────────────────────────────────────────────────────────────── Language Files Lines Blanks Comments Code Complexity ─────────────────────────────────────────────────────────────────────────────── YAML 448 15202 854 686 13662 0 Markdown 217 13253 4072 0 9181 0 Shell 74 1256 209 98 949 67 HTML 38 3692 1517 61 2114 0 CSS 32 1212 177 14 1021 0 Jinja 32 1074 120 0 954 48 gitignore 26 165 26 29 110 0 JavaScript 17 814 64 228 522 95 XML 8 406 83 0 323 0 JSON 3 69 0 0 69 0 License 3 97 20 0 77 0 TOML 3 96 7 7 82 2 Plain Text 2 15 0 0 15 0 Python 1 71 11 11 49 9 SVG 1 18 0 0 18 0 Systemd 1 27 2 0 25 0 ─────────────────────────────────────────────────────────────────────────────── Total 906 37467 7162 1134 29171 221 ─────────────────────────────────────────────────────────────────────────────── Estimated Cost to Develop $932,812 Estimated Schedule Effort 14.942132 months Estimated People Required 7.394968 ───────────────────────────────────────────────────────────────────────────────