Ansible DevOps Toolbox

A collection of high quality roles and playbooks that follow current best practices, a common style and have detailed documentation and User Stories reflecting the use cases.

Roles can be used individually or combined in playbooks to solve common problems such as Cloud Image Factory, Discovery, Migration, Continuous Patching and Compliance, Cloud Provisioning, and Kubernetes/OpenShift deployment and management.

All roles are tested (yamllint, ansible, molecule, goss) and set up with CI/CD (TravisCI) and published on Ansible Galaxy - and cookiecutter templates and development guids are provided in the Lab and DevOps sections.

Document Control

TODO:

Overall structure.
Presentation decks in Google Docs

Problem Description and Solution

Problems

Cloud: Building and managing virtual and cloud environments across DEV, TEST, STAGING and PRODUCTION requires a lot of manual steps that cannot be easily shared and re-used across platforms. Building and maintaing master golden images is expensive, and is not easily re-used.
Security and Compliance: DEV and PRODUCTION environments are built differently and don't usually share the same compliance or security settings.
Migration across platforms is difficult and re-install or re-platform approaches are time consuming.
Container Builds: are inconsistent and not aligned with OS security baselines.
Security: Update and maintain SSL and Certificate Authority configuration.
Modernization and Migration: how can I re-platform to a modern system that uses automation and configuration management? Ex: move from manually managed runbooks to runbook automation.

Solution

End-to-end automation that is modular, extensible and easily integrated with Continuous Deployment systems.
Automated image build system that creates modular images that target all virtual and cloud platforms, and can be extended / combined as part of a CI/CD pipeline to create tailored images (ex: PCI compliant PS images that target IBM Cloud VCS and Azure / AWS / VMware that share the same build systems and tools as the local images used for DEV/TEST that might run on VirtualBox, KVM, OpenStack or RHV platforms).
Security and compliance are built in, from day 1. Images are updated as part of the build process, and daily / continuous builds and automated testing allow for images to always be provisioned using a secure baseline.
Discovery scripts used for OS migration. Modular images used as landing platforms.
Modern, two-stage container builds that use buildah to package applications for container platforms.

Technical description

Collection of Ansible roles, playbooks, plugins, and modules
OS image build systems (packer, virsh and kickstart)

Example Workflow

An example workflow for using the master golden images

start=>start: Packer Build Spec|past
end=>end: End|future

packer_kickstart=>operation: Kickstart
Install RHEL
packer_ansible=>operation: Post Install
Ansible Baseline
Security Profile
packer_container=>operation: Container Build

packer_image=>operation: Golden OS Image
ansible_provision=>operation: Ansible Provision
(VM/Cloud/Container)
ansible_middleware=>operation: Ansible
Middleware Install
ansible_app=>operation: Ansible
Application Deploy
ansible_maintain=>operation: Ansible
Maintenance

cond=>condition: Virtual
Machine

start->cond
cond(no,left)->packer_container->packer_image
cond(yes)->packer_kickstart->packer_ansible->packer_image

packer_image->ansible_provision
ansible_provision(right)->ansible_middleware->ansible_app->ansible_maintain

Role Development Workflow

Init a new role from the Cookiecutter Template
Lint code with yamllint and ansible-lint
Install role with molecule on Docker and KVM
Unit test role with goss
Push to Github
Trigger automatic CI/CD using Travis-CI (test matrix against supported Operating Systems). Runs molecule / goss tests.

Personas Served

Developer: writes code, sets up static analysis, runs builds.
Image Architect / Migration Engineer: migrate and convert virtual machines. Discover applications and systems. Install middleware.
CI/CD/Build Engineer/Delivery Engineer: sets up CI/CD, automates builds.
Cloud Architect: uses multiple cloud providers, APIs, SDKs and toolkits. Provision entire landscapes.
SRE Engineer / Linux and UNIX Systems Administrator: Install various server roles, configure and secure systems.
Ansible Developer: Writes ansible playbooks and roles.
Kubernetes Engineer: sets up Kubernetes / OpenShift environments. Creates container builds.
Linux Desktop User: sets up Linux desktop environments and configures dotfiles.
Compliance Officer: sets up compliance and security rules.

Use Cases and User Stories

Use cases include Provisioning, Configuration Management and Configuring Operating Systems, Application Deployment Continuous Delivery, Security and Compliance Automation, Orchestration, and Migration.

As a (user)	I want to (feature)	So that (benefit)
Developer	install my Development Environment and tools	save time and maintain consistency within the team
Image Architect	automate all OS image builds across private and public cloud, with CI/CD	maintain a single set of master golden images, and fully automate the image build and post-install steps.
Build Engineer	setup CI/CD pipelines and tools	setup pipelines as code and apply DevOps principles
Delivery Engineer	Continuous Delivery	perform continuous deliver and application lifecycle management
Cloud Architect	define my Cloud Environment using Code	setup architecture as code and easily provision cloud environments
Operations Engineer	Continuous Patching	apply security fixes to my system
Operations Engineer	Security Configuration	apply security configuration changes to my systems
Compliance Officer	Continuous Compliance	apply security profiles to server and workstations (HIPAA, PCI, ISO 27001, etc).
Automation Engineer	Ansible Templates and Starters	easily get started with Ansible, or refactor existing code while applying best practices from Day 1.
Automation Engineer	Ansible Reference and Best Practices	broaden my knowledge, and have a quick reference to best pratices or a way to train my team.
Migration Engineer	Facts Discovery and Display	Discover operating systems facts and easily browse / export them (excel, webpage)
SRE Architect	CMDB Integration	I can manage systems part of my CMDB

Playbooks

Fedora Workstation
Python Development
HA Wordpress
Patching
Continuous Compliance
Jetson Nano
Raspberry Pi
Windows
FreeBSD
OpenBSD
MacOS
AWS Sandbox
IBM Cloud Sandbox
Backup

Tested Operating Systems

Most roles are supported on:

CentOS / RHEL 7
CentOS / RHEL 8
Fedora 31
Debian 10
Ubuntu 18.04

Roles that manage AIX, Windows or Cloud instances are described as such.

Roles

Basic Roles

Area	Role	Description
Bootstrap	bootstrap	Install python (raw module)
User Setup	bootstrap	Install bootstrap
User Setup	users	Install users
User Setup	profile	Install profile
Virtualization	docker	Install docker
Virtualization	podman	Install podman
Virtualization	kvm	Install kvm
Virtualization	virtualbox	Install virtualbox
Virtualization	vvmware	Install vvmware
Virtualization	vmtools	Install vmtools
Development	anaconda	Install anaconda
Development	npm	Install npm
Development	atom	Install atom
Development	vscode	Install vscode
Development	hashicorp	Install hashicorp
Development	cloudcli	Install cloudcli
Software Installation	packages	Install packages
Software Installation	localbin	Install localbin
Software Installation	flatpak	Install flatpak
Software Installation	snap	Install snap
Software Installation	nvidia	Install nvidia
Software Installation	ati	Install ati
Software Installation	intelgpu	Install intelgpu
Software Installation	microcode	Install microcode
Configuration	subscription-manager	Install subscription-manager
Configuration	hostname	Install hostname
Configuration	mountiso	Install mountiso
Configuration	lvm	Install lvm
Configuration	gnome	Install gnome
Configuration	cleanup	Install cleanup
Configuration	secure	Install secure

Server Roles

Area	Role	Description
Management Tools	cockpit	Install cockpit
Management Tools	foreman	Install foreman
Management Tools	openssh	Install openssh
Management Tools	xrdp	Install xrdp
Management Tools	superset	Install superset
Web Servers	apache	Install apache
Web Servers	haproxy	Install haproxy
Web Servers	php	Install php
Web Servers	vsftpd	Install vsftpd
Database Servers	postgresql	Install postgresql
Database Servers	mariadb	Install mariadb
DevOps Tools	awx	Install awx
DevOps Tools	sonarqube	Install sonarqube
DevOps Tools	jenkins	Install jenkins
DevOps Tools	rundeck	Install rundeck
DevOps Tools	zuul	Install zuul
DevOps Tools	gerrit	Install gerrit
Linux Administration	packages	Install packages
Linux Administration	services	Install services
Linux Administration	firewalld	Install firewalld
Linux Administration	cron	Install cron
Linux Administration	ntp	Install ntp
Linux Administration	kdump	Install kdump
Linux Administration	selinux	Install selinux
Linux Administration	tuned	Install tuned
Linux Administration	time	Install time
Linux Administration	network	Install network
Linux Administration	storage	Install storage
Linux Administration	mandb	Install mandb
Linux Administration	locatedb	Install locatedb
Linux Administration	syslog	Install syslog
MacOS	macos-packages	Install macos-packages
AIX	aix-packages	Install aix-packages
Windows	windows-packages	Install windows-packages

Cloud Roles

Area	Role	Description
Private Cloud	virtualbox	Install virtualbox
Private Cloud	vmware	Install vmware
Private Cloud	rhv	Install rhv
Private Cloud	kvm	Install kvm
Private Cloud	openstack	Install openstack
AWS	provision-virtual-server	Install provision-virtual-server
IBM Cloud	provision-virtual-server	Install provision-virtual-server
IBM Cloud	provision-bare-metal	Install provision-bare-metal
IBM Cloud	provision-iks	Install provision-iks
IBM Cloud	provision-roks	Install provision-roks
Azure	provision-virtual-server	Install provision-virtual-server

Ansible Playbooks

Ansible Playbooks

Code Repository and Links

Github and Ansible Galaxy

Presentations and Talks:

Lines of Code

───────────────────────────────────────────────────────────────────────────────
Language                 Files     Lines   Blanks  Comments     Code Complexity
───────────────────────────────────────────────────────────────────────────────
YAML                       448     15202      854       686    13662          0
Markdown                   217     13253     4072         0     9181          0
Shell                       74      1256      209        98      949         67
HTML                        38      3692     1517        61     2114          0
CSS                         32      1212      177        14     1021          0
Jinja                       32      1074      120         0      954         48
gitignore                   26       165       26        29      110          0
JavaScript                  17       814       64       228      522         95
XML                          8       406       83         0      323          0
JSON                         3        69        0         0       69          0
License                      3        97       20         0       77          0
TOML                         3        96        7         7       82          2
Plain Text                   2        15        0         0       15          0
Python                       1        71       11        11       49          9
SVG                          1        18        0         0       18          0
Systemd                      1        27        2         0       25          0
───────────────────────────────────────────────────────────────────────────────
Total                      906     37467     7162      1134    29171        221
───────────────────────────────────────────────────────────────────────────────
Estimated Cost to Develop $932,812
Estimated Schedule Effort 14.942132 months
Estimated People Required 7.394968
───────────────────────────────────────────────────────────────────────────────

Last update: 2020-02-02