Automate Smart Management Workshop

Automate Smart Management for System Administrators and Operators

What you will learn

▸ Introduction to Automation with Satellite

▸ Workshop setup & walkthrough
▸ Compliance & Vulnerability Management
▸ Patch Management / OS
▸ CentOS to RHEL Conversion w/ App Stack
Introduction
Topics Covered:

● Automation and Smart Management

■ Red Hat Ansible Automation Platform

■ Red Hat Satellite

 Automation happens when
one person meets a problem
they never want to solve again

4
Many organizations share the same challenge
Too many unintegrated, domain-specific tools

Network ops SecOps Devs/DevOps IT ops

Proprietary DIY script Configuration

Ansible in local silos
vendor-supplied, automation management tooling
automation
Break down silos
Different teams a single platform

Consistent governance
Cloud

Edge Datacenter

Line of business

Devs/DevOps IT ops SecOps Network ops

 Automate the deployment and management of automation
Your entire IT footprint

Do this...

Orchestrate Manage configurations Deploy applications Provision / deprovision Deliver continuously Secure and comply

On these...

Firewalls Load balancers Applications Containers Virtualization platforms

Servers Clouds Storage Network devices

 Red Hat named a Leader in The Forrester
Wave™
Infrastructure Automation Platforms, Q3 2020

Received highest possible score in the criteria of:

● Deployment functionality ● Supporting products and services

● Product Vision ● Community support

● Partner Ecosystem ● Planned product enhancements

● “Ansible continues to grow quickly, particularly among

enterprises that are automating networks. The solution excels
at providing a variety of deployment options and acting as a
service broker to a wide array of other automation tools.”

● “Red Hat’s solution is a good fit for customers that want a

holistic automation platform that integrates with a wide array
of other vendors’ infrastructure.”
Source:
Gardner, Chris, Glenn O'Donnell, Robert Perdonii, and Diane Lynch. "The Forrester Wave™: Infrastructure Automation Platforms, Q3 2020." Forrester, 10 Aug. 2020.
DISCLAIMER: The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research, Inc. The Forrester Wave™ is a graphical representation of
Forrester’s call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester
Wave™. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change.
 Manage. Secure. Operate.
Smart!

9
 Gartner: Customers losing $300,000 per
hour on average due to IT downtime

Manage sprawl Reducing risk Limited resourcing

More infrastructure and Lack of proactive Teams are stretched and

complexity than ever to assessment and lacking Linux skills being
manage management of known asked to do more with flat
issues creates exposure or decreasing budgets

Source: The Cost of IT Downtime

 Smart Management enables you to
improve the reliability, availability,
security and compliance of your RHEL
systems, running on any platform, while
reducing TCO and repetitive tasks
 Red Hat Automation and Smart Management
Life-cycle Management, Automated Operations, and Predictive Analytics

Unified life-cycle management Centralized automation governance Proactive, automated resolution

• Content and patch management • Centralized control • Continuous insight
• Small- and large-scale operations • Team and user delegation • Verified knowledge
• Standardized operating environment (SOE) • Audit trail • Proactive resolution

Physical Virtual Private cloud Public cloud

 Working together to manage your Red Hat environment

Satellite can …. AAP can …. Together Satellite and AAP can ...

▸ Manage content repositories ▸ Orchestration across platforms ▸ Orchestrate provisioning

▸ Manage content lifecycles ▸ Automate all the things ▸ Automate patching
▸ Patch RHEL servers ▸ Integrate multiple tools and ▸ Full cross-platform management
▸ Provision RHEL servers workflows ･ continued next slide
physical, virtual or cloud
 Full Cross-Platform Management
- Hybrid Cloud Dynamic Inventory - Application startup/shutdown
- Credential Management - Network Services (FW/LB/DNS)
- Orchestrated Workflows - ITSM Change Management
- Lifecycle Patch Management - Server Reboots
- Production Release Approvals - Kernel Upgrades
- Self Service Automation - Service Catalog Integration
- Role Based Access Control - HA/Cluster Patching
- Red Hat Linux Automation - Backups/Snapshots
- Red Hat Satellite Automation - Multi-OS Patching (Linux\Unix\Windows)
 Automation Journey
OPPORTUNISTIC SYSTEMATIC INSTITUTIONALIZED

How can we simplify a task or How do we centralise How do we orchestrate

set of tasks? our processes? our processes?
Complexity

• Backup & Restore • Scoped Config Management • Operational State Validation

• Dynamic Documentation • System Compliance • Full Automation Workflows

Ansible Automation
 Start Small
Quick automation victories for systems operators

✓ ✓ ✓

Config Backup and Restore Dynamic Documentation Scoped Config Management

Ubiquitous first touch use case Use Ansible facts to gain information Focus on high yield victories
• Gain confidence in automation quickly • Read-only, no production config change • Automate package management and config
• First steps towards infra as code • Dynamic Documentation and reporting • Introduce source of truth concepts
• Quickly recover system state • Understand state of systems • Enforce Configuration policy
 Think Big
✓
Institutionalizing automation into your organization

System Compliance Operational State Validation Automated SysOps

Respond quickly and consistently Going beyond config management Infrastructure as code
• Security and config compliance for systems • Parsing operational state to structured values • Data centric automation
• Remove human error from security responses • Schema validation and verification • Deploy configuration pipelines
• Enforce Configuration policies and hardening • Enhance operational workflows • GitOps for Systems Automation
About Your Lab
Topics Covered:

● Understanding the workshop Infrastructure

● Exercise 0 - Infrastructure as Code

 The lab environment today

Workbench Topology

● Practice what we preach Amazon VPC router

https://github.com/ansible/workshops

● Learn with the real thing

○ Red Hat Ansible Ansible Automation
Platform controller
Satellite

Automation Platform
○ Red Hat Satellite
RHEL Nodes CentOS Nodes

node1 node4
● Red Hat Enterprise Linux
node2 node5

node3 node6

● CentOS Linux
 How does it work?

Provision Configure Manage Setup

Resources Ansible environment Login Website Setup Satellite *

Subnets, gateways, security install Ansible Controller, SSH Dynamically create login Lifecycle Environments,
groups, SSH keys config, user accounts, etc webpage for students Content Views, Activation Keys

Instances Code Server Instructor Inventory Setup Controller

RHEL, Cisco, Arista, Checkpoint, Configure in-browser text editor Provide inventory and login Projects, Templates, Dynamic
Windows, etc and terminal information and master key Inventory

Inventory DNS Log Information Final lab prep

Load and sort newly created Configure DNS names for all Record student count and Publish Content View,
instances for further automation control nodes instructor for statistics Snapshot nodes, Register nodes

Workshop Provisioner Student - exercise 0-setup

* Completed during workshop deployment

 Infrastructure as Code Architecture
Day 1 configuration of Satellite

Activation
Content View Keys
Developer definitions
IDE

Lifecycle Environment Repositories

definitions

Content
Repository definitions Views

SCM Configure Satellite Red Hat Satellite

job execution Lifecycle
Activation Key
Environments
definitions

Build Publish Deliver

 Infrastructure as Code architecture
Day 1 configuration of Automation controller

Inventory
Developer
IDE Inventory definitions
Inventory
Source
Job Template
definitions
Job
Templates

SCM Project definitions Configure Controller Red Hat Ansible

job execution Automation Platform
Projects
cluster

Build Publish Deliver

Lab Time
Begin exercise 0-intro now in your lab environment
~35 minutes
Exercise 1
Compliance / Vulnerability Management

● Create an OpenSCAP compliance policy

● Create an Ansible template and automate

an OpenSCAP scan

● Review ARF reporting in Satellite

 75%
of CIOs are investing to improve
cyber-risk mitigation

https://www.gartner.com/document/3981432
 Compliance management adds complexity

Regulatory and industry standards Compliance and security artifacts creation

• National Institute of Standards and Technology (NIST) • System security plans
• National Cybersecurity Agency of France (ANSSI) • Security compliance audit documentation

• Health Insurance Portability and Accountability Act (HIPAA) • Gap analysis reports
• Audit and remediation baselines
• Federal Risk and Authorization Management Program (FedRAMP)
and more
 Security automation with OpenSCAP
Red Hat’s security scanner is included with Red Hat Enterprise Linux and Red Hat Satellite

Validated and certified tool

National Institute of Standards and Technology (NIST) certified
Security Content Automation Protocol (SCAP) scanner with National
Checklist content

System and container scanning

Known vulnerability and security policy compliance scanning

Automation support
Red Hat® Ansible® Automation remediation Playbooks provided and
supported by Red Hat

Customizable content
Content customization through SCAP Workbench graphical interface
 OpenSCAP Workflow
Using Ansible Automation Platform to automate OpenSCAP in your environment

1 - At scheduled time 2 - Controller job 3 - Satellite provides

scan process is starts, host scan tasks compliance policy for
initiated by Controller initiated node1 host scan

node2

node3
4 - Completed scan
5 - Controller results uploaded to
reports scan process Satellite
completed;
host asset report node4
available on Satellite
Lab Time
Complete exercise 1-openscap now in your lab environment
~35 minutes
Exercise 2
Patch Management

● Automate Patching Prerequisites

● Automate Patch Deployment

 Automate Where Possible

“Using multiple tools for patch

automation is unavoidable and will
improve both execution efficiency
and patching success.”

-Gartner

https://www.gartner.com/document/3981432
Satellite and Ansible Controller Integration
Documented best practices to help optimize use of both products

Dynamic Inventory
Allows Ansible Controller to use Satellite as a dynamic
inventory and source of current systems state

Satellite Content Collection

Ansible modules and roles for automating administrative
tasks in Red Hat Satellite

Post-Provision
Provides systems provisioned via Satellite a means to
“callback” to Ansible Controller for post-provisioning
playbook runs
 Automated Patching Solution
Using Ansible Automation Platform to automate patches through your environment

1 - At scheduled time 2 - Controller job 3 - Satellite provides

patch process is starts, hosts patched content specific to
initiated by Controller in sequential batches node1 host

node2

node3
4 - Controller
reports that “Ansible reduced the time required for
patching has regular patching by 75%”
completed node4
- Global Infrastructure Provider
Lab Time
Complete exercise 2-patching now in your lab environment
~35 minutes
Exercise 3
CentOS to RHEL conversion

● CentOS - current/future state

● Using Satellite + Ansible Automation

Platform w/ existing CentOS

● RHEL Conversion Process

 CentOS - Previous State

● CentOS Linux 8 retired on December 31,

2021

● CentOS Linux 7 will continue to receive

updates until June 30, 2024

● Customers running CentOS Linux 7/8 will

need to migrate to an alternative OS.
 CentOS - “Stream”ing now

• Provides a Continuous Delivery model,

for the development of RHEL

• A rolling preview of the next minor

release of RHEL

• Faster feedback/features in RHEL -- the

upstream community can merge/pull
request against CentOS Stream, tracks
closer to RHEL
CentOS Stream: Moving Upstream

▸ We believe CentOS Stream represents the best way to

further drive Linux innovation by giving customers and the
broader ecosystem a closer connection to the
development of Red Hat Enterprise Linux

▸ Positive interest in CentOS Stream since its introduction in

2019, including public statements from Facebook and Intel

▸ As an open source platform for development, CentOS

Stream will become an innovation hub for Red Hat
Enterprise Linux

▸ Red Hat is offering low- and no-cost options to ease the

transition from CentOS Linux
What was announced

Which Platform is Right for You?

● Operating System development and desktop use cases: Fedora

● Hassle-free and secure OS for your home lab: Red Hat Developer program (developers.redhat.com)
● Dev & CI/CD to ensure RHEL compatibility: Red Hat Developer program (developers.redhat.com)
● Dev & CI/CD to ensure RHEL+1 compatibility: CentOS Stream
● Developing containerized applications: RHEL Universal Base Image (UBI)
● Participate in RHEL development: CentOS Stream
● Running mission critical workloads: RHEL
● Developing software for resale or hardware: Red Hat Partner Connect Program
(connect.redhat.com)
Steps of the migration
 Exercise Details

▸ Our CentOS 7 nodes are registered to the Satellite system via a complete CV/LE/Activation Key
arrangement where we are mirroring what a traditional RHEL7_Dev, RHEL7_QA, RHEL7_Prod env looks like
and doing the same, only backed by custom CentOS repositories underpinning everything. We use
subscription-manager on the CentOS nodes to register the nodes with the Satellite
▸ Utilize the Convert2RHEL tool (Disclaimer: backup, test. backup, test. backup, test...)
▸ Conversion source of RHEL packages:
･ Custom repositories (FTP, mounted ISO, etc.)
･ Red Hat Subscription Manager (CDN or Satellite) -- Satellite utilized for this exercise
▸ Roll back is possible up to the point-of-no-return, but users are advised to perform a complete system
backup prior running the utility (remember the disclaimer?).
▸ All actions accomplished via Ansible roles, providing a greater understanding and following of migration
process, permitting easier customization/specialization for individual conversion/migration requirements via
Ansible Controller workflows on a case-by-case basis.
 Exercise Resources

▸ Knowledge base articles + videos

･ KB Article: How to convert from CentOS or Oracle Linux to RHEL (Jan 2021)
･ Blog: Converting from CentOS to RHEL with Convert2RHEL and Satellite (March 2020)
･ Blog: Convert2RHEL: How to update RHEL-like systems in place to subscribe to RHEL (Jan 2020)
･ YouTube: Converting from CentOS Linux 8 to CentOS Stream (Jan 2021)
Lab Time
Complete exercise 3-convert2rhel now in your lab environment
~45 minutes
Next Steps

GET STARTED JOIN THE COMMUNITY

ansible.com/resources/get-started ansible.com/community

AAP-trial

WORKSHOPS & TRAINING SHARE YOUR STORY

aap2.demoredhat.com/ Follow us @Ansible

Red Hat Training Friend us on Facebook

Next Steps
SATELLITE RESOURCES
Red Hat Satellite Blog - https://satelliteblog.redhat.com/
Red Hat Satellite Product page
Red Hat Satellite Customer Portal
Red Hat Satellite Documentation
Red Hat Consulting offering: Transition to Red Hat Satellite 6

SATELLITE TRAINING AND VIDEOS

NEW COURSE - RH053: Satellite Technical Overview also available on Udemy
RH403: Red Hat Satellite 6 Administration
Satellite 6.5 Reporting Engine Video: https://www.youtube.com/watch?v=sBciejh1G80
 linkedin.com/company/red-hat

Thank you youtube.com/AnsibleAutomation

youtube.com/RedHat

facebook.com/ansibleautomation

twitter.com/ansible
twitter.com/RedHatSatellite

github.com/ansible
github.com/RedHatSatellite