IT Automation has been a hot topic for the last few years. As network engineers, we are no stranger to the disruption known as network automation that has rocked the industry and turned its head upside down.
One of the leading automation frameworks that is quickly becoming the de-facto tool for network automation is Ansible. A quick Google search would reveal the reasons behind its popularity, you can also check out the introduction video of my INE course on Ansible for some of my personal beliefs on why Ansible can work for you. (Spoiler alert: it is simple, powerful, and agentless.)
One confusing point for people who are new to Ansible might be the name itself. Ansible is both the name of the open source community project sponsored by Red Hat as well as the company supporting the framework. (Quick trivia: the tool was named after the fictional faster-than-light communication technology as appeared in the 1977 book Ender’s Games.) Every year, the Ansible company hosts an event, known as AnsibleFest, to talk shop, have fun, and celebrate the awesome people in the community.
This year, AnsibleFest was held in Austin, Texas, in the first week of October. My friend Rich Groves and I were invited to speak at the first network automation breakout session based on our work in the Distributed Denial-of-Service (DDoS) space using Ansible. If you are interested in our session, you can check out our GitHub repository and the videos archive.
5 Lessons Learned
The event was awesome, fun, and exciting. It was a perfect combination of learning new material while still having a good time doing so. In this post, let me share with you the five things I learned from my experience at AnsibleFest 2018.
1. Network Automation is Killing it
I remember it was only about 2.5 years ago that Ansible announced they were extending Ansible to include network automation support. At the time, Ansible did not even include support for Cisco IOS, which severely limited its application for many of the production networks. The AnsibleFest that year had only three tracks: Use Cases, Tech Deep Dives, and Best Practices with some network automation talks sprinkled in.
Fast forward to AnsibleFest 2018, the tracks have greatly expanded to Ansible Integration, Business Solutions, Community & Culture, and of course, Network Automation. There were also focused tutorials and community events with specific focus, such as documentation. The event was the most attended AnsibleFest to date with over 1,200 attendees.
Not only is the framework popular, in a little over two years, Network Automation is now at the front and center of the framework. As Jeff Geerling, author of the very popular book ‘Ansible for DevOps’, puts it:
"If I've learned anything in the past couple years, it's that Ansible is _killing_it in the network automation space. #ansiblefest #ansible"
For users of the framework, there are tangible rewards by virtue of using a framework that is also used by many like-minded people. The bugs are discovered and fixed quickly, features are more likely to get added, and the things you want to do are likely to be shared by other engineers. Also, your investment of time and effort in using and adopting the framework will likely yield a longer return. In technology and in life, it is good to be the popular kid on the block.
2. Network Automation gets support
One of the main concerns of network automation in the enterprise world has always been the support (or lack thereof) from a trusted vendor. After all, nobody gets fired for buying IBM. For big players like Google, Facebook, and Microsoft, they can afford to have a team of engineers handling the development, maintenance, and support of the automation tool of choice. In fact, they often develop in-house tools that are tailored for them because they have such capabilities.
Enterprises, on the other hand, have to deal with a diverse set of technologies with limited usage of each. On a daily basis, an enterprise network engineer might need to deal with email and web servers, networking, active directory, database, and other technologies. To this end, Red Hat has announced an Ansible Certified Content program. It is basically a program where Ansible modules can be submitted to be tested, validated and checked for compatibility in production. It is a new program so the details are still being worked out. To be sure, all Ansible modules have gone through basic automated testing, but this is taking it a bit further.
At launch, the partners include Cisco (ACI, NSO, NX-OS, and UCS), CyberArk, F5 Networks, Infoblox, NetApp, and Nokia. (Did I mention networking is at the front and center of Ansible?)
3. New Security Automation focus
One of the surprise announcements this year in the keynote session is the addition of security automation. To me, it makes sense since Ansible is one framework able to automate everything from servers to networks and everything in-between. A good security coverage is a continuous process that requires locking down all aspects of IT.
The immediate use case for security automation is compliance testing. As anybody who has gone through PCI-DSS, HIPAA, or STIG compliance can tell you, it takes a special person to wake up in the morning and be excited to go through the process. For the rest of us, why not just offload it to Ansible? Perhaps one day we will be able to run a playbook and check off that compliance box without missing a beat in our afternoon inter-department ping-pong tournament.
4. Ansible Network Engine is here
The big push in the network automation track this year, in my opinion, is Ansible Network Engine. Many of us have used Ansible roles before, for some vendors such as Juniper, Juniper.junos Ansible role is their preferred way of Ansible automation with Juniper devices. Basically, Ansible roles are reusable units of code within Ansible to be distributed together. Ansible Network Engine is a set of consumable functions distributed as Ansible Roles. It provides another abstraction layer so the operator or application interacting with it would not need to know the specific network module or plugin underneath. On the vendor side, it provides a faster iteration for adding new functions without waiting for the normal Ansible release cycle.
There are a number of sessions that touch on the operation and inner workings of network engine, including Peter Sprygada’s Wednesday morning session on ‘From Developer to Operator’ and Trishna Guha’s session on ‘Introducing Ansible Network Engine role for Network Automation’. I would encourage you to watch the session recordings when they are available. I know I will be re-watching the sessions to make sure I did not miss anything important.
5. You still need to be a network engineer
As Justin Nemmers, General Manager for Red Hat Ansible, said in his keynote, “Ansible is not about cutting a 10-person team down to 8, it is about making the same 10-person team do the work equivalent of 100-person team. It is about taking the existing domain knowledge and automating the boring tasks so you can focus on the more interesting and challenging work that is harder to automate.”
By the same token, a network automation framework can automate a mistake much faster than non-automation human work. Imagine the last time you jammed your big toe into a desk corner, now imagine doing that ten times faster with a much bigger force. I know, I have been there. You can’t automate something you are not already comfortable with. Ansible is not a silver bullet that can solve all of your problems, you still need to know your network, know your customers, and work with people. It is not here to replace you, but it can upgrade that Cisco device much faster with no mistakes, helping you get home in time to make your kid's soccer practice.
Hopefully I have piqued your interest in Ansible with this post. So what can you do to get started?
1. Start small, start today
There are hundreds of modules in the Ansible framework, chances are there are modules that you can leverage today. Pick something that is low risk and get started immediately. It is a simple tool by design, check out this recent tweet by Michael DeHaan, creator of Ansible:
"Ok that is better, yet: Anyone using ansible for a few months is as good as anyone using ansible for three years. It's a simple tool on purpose. Also a couple of years of ops experience and ten are not that different - we all have to help fight job requirements inflation."
2. Join the community
The Ansible community is big. There are so many educational events, local meetups, workshops, online meetings, and other opportunities to socialize with other users. Go talk to other people about Ansible and learn about the essentials at a meet-up near you.
3. Keep your skills sharp
We have gone over this, but it is worth repeating. You can’t automate what you don’t know. Keep up with your day job and use Ansible as a tool to help you take it to the next level.
Happy network automation!
About the Author:
Eric Chou is a seasoned technologist with over 17 years of experience. He has worked on, and helped manage, some of the largest networks in the industry while working at Amazon Web Services, Microsoft Azure, and other companies. Eric is passionate about network automation, Python, and helping companies build better security postures. Eric is the author of 'Mastering Python Networking' (Packt Publishing, 1st and 2nd edition), and the author of INE video classes on Ansible, Python, and SDN.