Overview

As a quick intro on Red Hat® Ansible Automation Platform… here are some notable recent industry reports:

State of the Cloud Report 2019: Ansible breaks out as the leader…

…And according to Forrester Wave Q3 2020, Red Hat is the only “leader” 100% based on open source.

Also, take a look at the current CNCF landscape. It shows Ansible standing out in a crowded and sometimes confusing space for customers, with the biggest market cap and the most GitHub stars.

Why Ansible? Because it’s easy to read, there’s nothing to install on remote nodes, it’s push-based, and it has many, many built-in modules. It’s declarative and version controllable. Ansible is also very friendly to developer self-service, and it integrates nicely with your existing CI/CD pipelines. We should also mention that its straightforward YAML-based syntax makes quick ramp-up for Infra/Network teams in learning how to write their infrastructure code playbooks. And it’s a Top 10 project by contributors on GitHub.

Why Red Hat Ansible Tower? Because everything you get from Ansible Core is in the gray box below, and Ansible Tower is everything else!

Schedule an Ansible Tower demo with Level UpRegister for an upcoming Ansible Tower workshop presented by Level UpDownload a free 60-day eval of Ansible Automation Platform via redhat.com

WinRM Setup

In recent versions of Ansible Automation Platform, it’s only gotten easier to start managing Windows systems, primarily because it’s able to leverage your existing credentials and the WinRM transport. These days all we really have to do is run a PowerShell script that’s publicly available and maintained by the Ansible team, and then apply a couple of Ansible connection-related changes to our Ansible Tower job templates or underlying code:

---
ansible_port: 5986
ansible_connection: winrm

Schedule an Ansible Tower demo with Level UpRegister for an upcoming Ansible Tower workshop presented by Level UpDownload a free 60-day eval of Ansible Automation Platform via redhat.com

Ad Hoc Commands

Ad hoc commands allow us to quickly work with Ansible modules, but without having to write any infrastructure code in the first place. A good example is restarting Windows services. After selecting the win_service module, we apply saved credentials and then pass module arguments such as “name=spooler state=restarted”. Ad hoc commands are great for sysadmin tasks like quick reports and post-change sanity checks.

And here’s another example on the command line:

$ ansible -i inventory all -m win_ping

Schedule an Ansible Tower demo with Level UpRegister for an upcoming Ansible Tower workshop presented by Level UpDownload a free 60-day eval of Ansible Automation Platform via redhat.com

Users and Groups

The Ansible Automation Platform can help us configure things like local and domain Windows user accounts and groups with ease. (And it may be helpful to note that Ansible Tower thinks of both domain and local users as “Machine” credentials.) Here’s an example task for adding a local user with the win_user module:

- name: "Add user {{ username }}"
   win_user:
    name: "{{ username }}"
    password: "{{ password }}"
    state: present

Schedule an Ansible Tower demo with Level UpRegister for an upcoming Ansible Tower workshop presented by Level UpDownload a free 60-day eval of Ansible Automation Platform via redhat.com

Services

In our experience, service management is often one of the very first tasks sysadmins automate on Windows. By leveraging the win_service module, we can control not just whether or not a service is started, but also things like how the service should behave the next time its host is rebooted. Here’s an example task for starting the Print Spooler service and ensuring it’s set to have an automatic start type:

- name: "Start Print Spooler"
   win_service:
    name: "spooler"
    start_mode: auto
    state: started

Schedule an Ansible Tower demo with Level UpRegister for an upcoming Ansible Tower workshop presented by Level UpDownload a free 60-day eval of Ansible Automation Platform via redhat.com

Packages

Chocolatey is a popular package manager for Windows. It’s well-supported via multiple Ansible modules. By combining Ansible Tower and Chocolatey, installing your apps and utilities becomes easier than ever. Here’s an example task for installing Google Chrome via the win_chocolatey module:

- name: "Install Google Chrome"
   win_chocolatey:
    name: googlechrome
    state: present

Schedule an Ansible Tower demo with Level UpRegister for an upcoming Ansible Tower workshop presented by Level UpDownload a free 60-day eval of Ansible Automation Platform via redhat.com

Windows Updates

In our opinion, too many Windows sysadmins are keeping legacy products like SCCM around these days just for patching! Ansible Tower can automate so much more for you… but yes, it also automates Windows Updates. Primarily using the win_updates module, Ansible Tower can manage simple (or not-so-simple) monthly OS update schedules across your entire Windows and Linux inventories in a true “single pane of glass”. Here’s an example task for installing a number of categories of updates, including reboot:

- name: Install Windows Updates
   win_updates:
    category_names:
    - SecurityUpdates
    - CriticalUpdates
    - UpdateRollups
    reboot: yes

Schedule an Ansible Tower demo with Level UpRegister for an upcoming Ansible Tower workshop presented by Level UpDownload a free 60-day eval of Ansible Automation Platform via redhat.com

Windows Features

Question: When is a Windows Feature NOT a Windows Feature?

Answer: When other competing automation products expect you to install IIS like it’s 2003!

Some of the other automation products don’t really “get” Windows. In contrast, Ansible Tower gives you a native-like MS experience, from thought to action.

Here’s an example task for installing IIS via the win_feature module:

- name: "Install IIS"
   win_feature:
    name: "Web-Server"
    state: present
Schedule an Ansible Tower demo with Level UpRegister for an upcoming Ansible Tower workshop presented by Level UpDownload a free 60-day eval of Ansible Automation Platform via redhat.com

PowerShell

Ansible Tower doesn’t require you to “start over” with its automation framework. You can bring your legacy PowerShell scripts with you and then later refactor toward native Ansible patterns– but on YOUR timeline and given YOUR priorities.

Here’s an example task showing how easy it is to run a “Hello World!” PowerShell script via the win_shell module:

- name: Run PowerShell script
   win_shell: C:\Windows\Temp\hello.ps1
Schedule an Ansible Tower demo with Level UpRegister for an upcoming Ansible Tower workshop presented by Level UpDownload a free 60-day eval of Ansible Automation Platform via redhat.com

Registry

Active Directory Group Policy Objects (GPO’s) have been around over 20 years… But they’ve never been great at confirming you actually applied that zero-day exploit-related computer policy registry change you just (hopefully?) filtered correctly to be set on hundreds of systems on a Friday at 4pm (aka the background refresh blues).

Enter: Ansible Tower.

Here’s an example task for adding a Registry key via the win_regedit module:

- name: "Add a Registry key"
   win_regedit:
    path: HKLM:\Software\ACME
    name: require_tls13
    data: 1
Schedule an Ansible Tower demo with Level UpRegister for an upcoming Ansible Tower workshop presented by Level UpDownload a free 60-day eval of Ansible Automation Platform via redhat.com

Ansible Tower Workflow Templates

Workflow templates wire together multiple job templates and enable outcomes like concurrent job runs (go faster!). They also let you drag-and-drop your success vs. failure logic. Workflow templates are great for use cases like App Deployment; Provisioning; and Orchestration.

Schedule an Ansible Tower demo with Level UpRegister for an upcoming Ansible Tower workshop presented by Level UpDownload a free 60-day eval of Ansible Automation Platform via redhat.com

Ansible Tower Comparisons

Microsoft requires multiple products to accomplish the same things Red Hat is solving with one: Ansible Automation Platform. (While also being a true “single pane of glass” for your Linux workloads and Network devices!)

Ansible was born in the Cloud Era (2012). It’s agentless (nothing to install, configure or update on your managed hosts). It orchestrates across playbooks and hosts (this enables highly complex deployments when you need them).

Schedule an Ansible Tower demo with Level UpRegister for an upcoming Ansible Tower workshop presented by Level UpDownload a free 60-day eval of Ansible Automation Platform via redhat.com

Where to Go From Here

Level Up is helping customers become cloud native via Red Hat solutions like Ansible Automation Platform. How can we help you on your automation journey?

We’re a Red Hat Advanced Partner, with recognized expertise in Red Hat Ansible Automation Platform; OpenShift Container Platform; and beyond. We’re also proud to say that we are a Red Hat North American Partner Award Winner: Customer-centric Partner of the Year for State and Local Government (2020).

How we help customers get started with Ansible:

Workshops: We’ve led 10 public Ansible, OpenShift workshops in the last 9 months (internal workshops are also available).

Proofs of concept: We can support for these ranging from 2 days to 2 months.

We also offer customized professional services engagements.

Schedule an Ansible Tower demo with Level UpRegister for an upcoming Ansible Tower workshop presented by Level UpDownload a free 60-day eval of Ansible Automation Platform via redhat.com

Spread the word. Share this post!