Week 5 recap¶

Tuesday¶

Ansible Filter Plugins

They are installed from Jinja, Ansible, or custom methods
Accessed via the pipe {{ variable | some_jinja_filter(additional_arg) }}
Custom filters are defined as any available
You create custom filters by completing these conditions
- a class named class FilterModule:
- a method within that class called def filters():
- It returns a key/value of the name of your filter and the value is a callable function
  - e.g. return {expand_interface_name": FilterModule.expand_interface_name}

Ansible Modules

Documentation comes from docstrings, some are seializable, some are simply strings
ANSIBLE_METADATA defines what goes into the version
Module’s Argument Spec defines both what parameters and type casting
- Module Spec options
- Mutually_exclusive
- Required_one_of
How to handle Module Imports
Check Mode
- There common strategy is to check state and perform the action at the end
Diff Mode is based on a dictionary
Provider 53
Generally use absent/present for resource modules
Exit and Fails proper data

Dynamic Inventory

Ansible AWX - Overview

Dashboard shows job status, links, and activity stream
Organization give you
- User and Team Management
- Projects and Inventories Association
- Role-Based Access Control (RBAC)
- Multi-Tenancy
Authentication
- Social Apps compatible
- Provides RBAC

Ansible AWX - Projects

Source Control Management (git)
Playbooks - any accessible the source of your repository is where your Ansible content resides.
Inventory - within a project, specific playbooks can be tied to specific inventories.
SSH and tokens are supported

Ansible AWX - Inventory

Static Inventory (via the UI): This involves manually adding groups and hosts through the Ansible AWX dashboard. It's straightforward but tedious.
From a Project Source: You can also source your inventory from a project from a Git repository based Ansible inventory file.
Dynamic Inventories: Ansible AWX supports dynamic inventories where the inventory is sourced from external systems like AWS, Google Cloud, Azure, VMware, and more.
Hosts and Groups

Ansible AWX - Job Templates

Ansible AWX - Secrets

Providers:
- CyberArk Application Identity Manager (AIM)
- CyberArk Conjur
- HashiCorp Vault Key-Value Store (KV)
- HashiCorp Vault SSH Secrets Engine
- Microsoft Azure Key Management System (KMS)
- Ansible Vault
Credential types consist of two key concepts - "inputs" and "injectors".
- Inputs define the value types that are used for this credential - such as a username, a password, a token, or any other identifier that's part of the credential.
- Injectors describe how these credentials are exposed for Ansible to use - this can be Ansible extra variables, environment variables, or templated file content.

Ansible AWX - Rest API

Data Modeling - 101

Challenges
- Normalized
- Compression
- Usability
- Storage
- Consistency
- Lack of Standards
Types of Data
- Inventory
- DCIM
- IPAM
- Config Management
- Circuits
- Cloud Infrastructure
Aggregate the data
- SoR (System of Record)
- Grab data from those multiple sources
Data Lifecycle
- Before has data not in sync
- During means you can't test it beforehand
- After means it is documentation

Ansible AWX - Workflow Templates

Automation Capabilities: Using Workflow Templates, users can sequence different tasks in a specific order, allowing for the execution of complex operational tasks.
Organizational Benefits: Workflow Templates help encapsulate and represent a sequence of operations that mirror real-world processes. It's like documenting your operations but with the added advantage of direct execution.
What are the differences between a Job Template and a Workflow Template.
- A Job Template is a definition and set of parameters for running an Ansible job. It’s the way to take a playbook and make it easily runnable by your team, at any time, without entering any additional data.
- While a Job Template focuses on a single playbook or operation, a Workflow Template is all about chaining operations or conditional execution of operations.
Nodes: Job Templates, Project Syncs, and Inventory Syncs - Understanding the different types of nodes and their roles.
Edges: Success, Failure, and Always - How to dictate the flow of the workflow based on the outcome of nodes.
Approval Nodes - The concept of manual intervention and approvals in workflows.
Workflow-level Variables vs. Node-level Variables - Differentiate between variables scoped to the entire workflow versus those specific to nodes.

Access Tracking

This is only a NTC standard
Provides a quick way to update status of each individual access requirement and run a script to provide a 1000 ft view.
Aggregated View provides a helpful view for EM as we need to complete each item
General Access continues to be a pain point for our engagements, we must get better at identifying and solving access problems as early as possible in these engagements to allow for maximum ROI for our clients
The intention of the aggregated view is to understand what is left to do and provide both a table and written view (for emails/slack/etc) of the status
“X” in column A is only needed when that item is completed/done. Once that “X” is added to that row it will be removed from the Aggregated View after Script is run
Each time “X”s are added as access has been completed the script must be rerun to keep the Aggregated View up to date.
Rows in the different tabs are meant to be deleted and added as client requirements dictate
Use the “Priority” column to understand what is most important
Remove things that do not pertain to you by deleting that row