WavebreakMediaMicro - Fotolia
BOSTON -- Enterprises automate an increasingly broad swath of IT systems and processes to boost efficiency and reduce manual tasks. As they do, Red Hat continues to extend its flagship IT automation and configuration management tool to mirror that trend.
At Red Hat Summit 2019 here this week, the company shared Ansible roadmap details, many of which underscored a prominent and running theme around the tool -- namely, that it's broadening its reach beyond the core IT ops and development domains, and into areas such as IT security, compliance and networking.
In addition, Red Hat unveiled plans to shake up its delivery and distribution model for Ansible content, as well as provide expanded reporting and analytics capabilities in Ansible Tower, the tool's enterprise-level web-based management console.
Ansible roadmap keeps focus on security, compliance
Red Hat continues to expand Ansible capabilities for networking teams via Ansible Network Automation, a set of modules -- more than 570 of them, according to the company -- that network admins can use to automate common tasks, such as to configure and test a network stack, and to discover configuration drift.
Another set of Ansible modules catered toward a conventional IT silo -- security -- is still in the works. Ansible Automation for security was originally slated for general availability in early 2019, but is pushed back until later this year to further incorporate feedback from beta customers, Red Hat said. Upon release, these Ansible modules will aim to integrate and drive automation across diverse sets of security devices and tools, including intrusion detection systems and firewalls.
Alongside security and networking, governance and compliance represent potential areas for extended Ansible automation, said one Ansible user, who leads a DevOps engineering team within a multinational financial and banking firm. His team currently uses a mix of tools, including GitHub and Jenkins, in conjunction with Ansible and Ansible Tower, to ensure proper version control and change approval for their automation builds. GitHub traps any changes to automation playbooks, a member of the DevOps engineering or IT security team reviews and approves any pull requests for those playbooks, and Ansible Tower reads the approved versions. Then, a Tower job is typically triggered as part of a Jenkins pipeline.
Ideally, the team wants to achieve that level of governance with fewer tools, potentially aided by more native options for functions such as version control and approval workflows within Ansible.
"Automation is easy when you don't have all these compliance issues on top," said the user, who requested anonymity.
Certified content program shake-ups
The Ansible Automation Certification Program, which Red Hat debuted last year, aims to quell some compliance concerns. Through the program, Red Hat partners, such as Cisco, F5 Networks and NetApp, submit Ansible modules and plugins to Red Hat for system compatibility and vulnerability checks. Certification assures users that those modules will perform well and securely.
"That definitely is a help, because that's one of my concerns with [Ansible] being more of a collaborative tool," said Lee Kruppa, an Ansible user and systems administrator at national security firm Peraton. "I have to be careful with what I can and can't use."
Red Hat is changing its release cadence for this certified content. Rather than deliver content alongside new releases of the Ansible platform itself, which currently occur about every six months, participating partners can release certified modules and plugins at their own speed.
"Whether [partners are] going at a sprint pace, or at a much more conservative pace than six months, it's really up to them to decide when that content is available, usable and distributed to [users]," said Dylan Silva, principal product manager for Ansible, during an Ansible roadmap session at the Summit.
In addition, Red Hat will introduce Ansible Collections, sets of validated modules and plugins in a shareable and version-controlled package, as part of the Ansible 2.8 release later this month.
"[Collections are a] way for you to version content and share it among yourselves within an organization and say, 'This version of a Collection is certified for our use and we can transition it across the team and share it more freely,'" Silva said.
Red Hat aims to eventually include Ansible roles and playbooks within these Collections as well.
Analytics for automation health
The Ansible roadmap also leads to reporting and analytics features intended to give IT teams more visibility into the health of their automated processes.
The Automation Insights service, which Red Hat plans to launch as a feature in Ansible Tower sometime in fall 2019, will provide information and visual reports about the success rates of playbooks, usage patterns, anomaly detection and other key metrics.
Automation Insights is an extension of Red Hat Insights, the company's SaaS application for infrastructure monitoring and analytics, into Ansible Tower. Capabilities for the current app, which is included in a Red Hat Enterprise Linux subscription, include predictive analytics for physical, virtual and cloud deployments; automated issue resolution; and risk assessment.