Automation at scale with Ansible Tower: Challenges and considerations around the automation directive

Many organisations realise that automation is the key to success for maintaining multiple applications, servers, networks, and teams. While the overall concept of automation is easy to grasp, implementing automation requires a set of tools and governance to ensure maintainability and extendibility of not only the automation but the entire IT environment. Here are a few examples of why a defined set of tools and process governance is needed:

  • Teams often use different tools to achieve automation goals, or utilise the same automation tool in different ways.  
  • Within the same team, different versions or approaches to automation lead to different results when the automation is implemented.
  • Different people or processes might execute the same automation twice on the same platform, causing conflicts and producing non-standard results.

Providing effective governance when automating processes and tooling helps organisations achieve a modernised IT environment with efficient implementation, maintenance, and extension of automation.

 

Utilise source control for automation efforts

Using a central source control repository is recommended to allow and encourage multiple users and teams to contribute and submit improvements. Easily available source code control tooling and common testing frameworks allow automation to grow organically within the organisation, and provide versioning and control of automation code and collaboration across teams.

 

Select a single automation tool

Multiple tools can address different pain points, but having a single tool for at least one set of system and application categories avoids troubleshooting conflicts between tools.

NOTE: Because Ansible Tower is agentless, easy to integrate with source control,  recently open-sourced, has a REST API for ease of interaction, and uses SSH to connect to boxes, it is an obvious candidate for automation tooling.

 

Examine automation tooling use cases

Who is the ultimate user for your automation tool? Is it operations, engineering, or application development teams? Does your organisation have separate teams for these functions? If so, consider providing varying levels of access to each of those groups for more granular access. For example, if you use Identity Management tooling for user management and control, think about how to structure user groups by function, since they will likely require similar access privileges to the tool.

Reuse existing code

Rather than writing new code, consider reusing existing automation code and modifying the upstream version to include additional features. Most people learn by example at the beginning of their journey, and it is important to use examples from sources that are widely used. Consider utilising tried and tested roles and playbooks from existing automation repositories that could fit your use case.

NOTE: Ansible Galaxy provides reusable, pre-packaged roles. Roles ensure that no data is maintained as part of the roles, with the exception of a default set of variables. Role content usually resides in GitHub.

 

Structure your code effectively

Your automation code should be independent of your data, including environment variables, server names, and application variables. Consider using inventories and external node classifiers to minimise manual inventory management and ensure that the automation code runs with different input and is tested for different use cases. This facilitates upstream contributions to existing projects and increases your code reusability.

There are many examples of well-structured automation tooling, usually located in the community that is built around it.

 

Enforce quality control for automation implementation

Think about your software development life cycle (SDLC) process and how it applies to automation efforts. Your automated code lifecycle should conform with organisational policies, industry standards, and regulatory requirements. Best practices for application code might also apply for automation code. For example, make sure to conduct peer reviews on pull requests, use new git branches for new releases, and create thorough documentation.

It’s easy to automate basic syntax checks on automation code. If Ansible is the automation tool you choose, very basic lint checkers of YAML files are available as pre-commit hooks. This can save hours of correcting spacing and other silly errors.

Idempotence is paramount. Continuous execution of your automation and making changes only when necessary enables you to identify changes on systems by simply testing the code in no-op mode.

Does your automation meet your functional requirements? Functional testing should be performed in a production-like environment, in which changes can be measured against user stories. For example, if you automated an Apache server, shouldn’t you test to ensure port 80 is accessible from another machine?

 

Engineer a solution

Iterate, re-think, re-design, and aim for a minimum viable product (MVP). Don’t try to deliver everything in a single release. Features will likely be missed, a new feature of a product or an application could be released that motivates you to restructure half your estate, and your teams might not have the necessary skills.  Adoption of an automation lifecycle can require people and processes to change, and this takes time. Aim for small chunks of automation code that is flexible, maintainable, and easy to extend or change. Developing and improving your automation code in small chunks makes it simpler to test and deploy and allows the organisation to adapt to and accept change.

NOTE: Examples of syntax and functional testing of automation with Travis are provided in the openshift-ansible travis integration.

 

What’s next?

Coming soon: a set of automation scenarios that demonstrate setting up Ansible Tower with Ansible automation.


Connect with Red Hat Services

Learn more about Red Hat Consulting
Learn more about Red Hat Training
Learn more about Red Hat Certification
Subscribe to the Training Newsletter
Follow Red Hat Services on Twitter
Follow Red Hat Open Innovation Labs on Twitter
Like Red Hat Services on Facebook
Watch Red Hat Training videos on YouTube
Follow Red Hat Certified Professionals on LinkedIn
Creative Commons License

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s