Ansible Pilot

Ansible News - Ansible Automation Platform 2.3 General Available

Ansible Automation Platform 2.3 is the newest release of the Enterprise-grade Ansible Platform from RedHat. Even if you’re a Community-only user, let me highlight the three major improvements: Trusted Content, Enterprise LDAP, and Event-Driven Automation.

December 3, 2022
Access the Complete Video Course and Learn Quick Ansible by 200+ Practical Lessons

Welcome, Ansible Pilot Community. We are here today to talk about the new Ansible automation platform 2.3. The latest release of that is for enterprise usage of Ansible. Let me remind you that this type of content requires Ansible Subscription, which is something that is an extra service that compensates with money for organizations that include the code but also the support directly from Red Hat.

Okay, cutting things short, the new Ansible Automation Platform 2.3 was released on November 29, 2022. For friends, the Ansible Automation Platform is called AAP. This aligns with the six-month Red Hat release plan because the previous release of AAP 2.2 was released in May 2022. So it makes sense to release it in November, just before the festive season arrives.

Some new features were already presented in October in the latest Ansible Fest 2022, this year in Chicago, USA. Finally, a new event after the pandemic was a face-to-face meeting. So some of the new ideas were already announced said and are very interesting. I’m particularly interested in the newest Event Driven Ansible architecture, but I will talk more later on.

I really like that Red Hat puts a lot of emphasis on the Trusted Automation supply chain. This reflects the hack of Solar Wind that has taught the IT industry: we need to verify our suppliers. And this is very interesting because the Ansible Automation platform relies on some very interesting tools. For example, the Ansible Trusted Collections: the collection that we download from the trusted registry.

In the same way that community content is downloaded by the Ansible Galaxy registry, the corporate world relies on the Ansible Automation Hub to provide Ansible resources and content that you download from it. The content in Automation Hub is now certified and signed via a GPG key. This is a great innovation, it means that all the code that we download in our workstation is actually validated by a key. Previously, it wasn’t. So potentially, we were vulnerable to a man-in-the-middle attack that could alter the content.

Moreover, the new content that we create could be signed and validated using a command line tool. This is called ansible-sign with a new utility that is added to the Ansible toolchain. You can download it as open source, and you can also use it in any open-source projects.

And is great because it allows you to sign the code of a project and also verify it. Underneath is very simple because it relies on the GPG key, and you can specify which file of a project needs to be signed and the one you don’t want; so, it’s very simple to use and maintain.

But it also opens some extra work to do because you need to Validate the code before the execution. This also opens the use case scenarios of tampered files or mismatched signature validation. But the benefits of the feature outrange the extra overhead in the effort. I’m happy with the outcome. A long story short, this is very interesting about so the validated content in Automation Hub and the ability to sign your code.

In AAP 2.3, there are also other enterprise features, such as the Enterprise LDAP, that matches with role-based access control. This feature was requested for a while for enterprise users of the Ansible Automation Platform.

Let me remind you that under the hood, AAP has changed a lot from the previous version. The AAP 2.0 introduces this new container-based architecture.

The new architecture takes a while to be fully working but now is in a refining phase. Some feature around this new concept of developing the street. So, This is a very interesting feature for the Advice users. Also interesting is when a new ansible-builder tool allows you to create the Ansible Execution Environment. The Ansible Execution Environment at this part of this container strategy allow your code to be executed via a container.

This means that Ansible connects to the target node via a container, which container is called Ansible Execution Environment. You can scale your workload in a Kubernetes cluster based on the number of containers needed by your workload. So there are a lot of things under the hood of the Ansible Automation Platform.

I really like this release note. I think that is very clear and allow us to completely understand the powerful, always new features. The Ansible Certified Content is present inside the Automation Hub and using the ansible-sign tool. In the blog, there is a long list of different suppliers that have already adopted this feature.

So basically, each of these Content is signed with a key that you can verify. And every time you download the content, you are sure that it was released by the supplier. So, this is great. It’s like I know that Microsoft and others software producer that is very often there. The key for the application that we run in our workstation and add some extra control.

The last thing on the new release note is the most interesting one. This is a preview of the new Event-Driven Architecture. This is something that I really would like to deep dive, and maybe I will create a video about it.

So basically, in our everyday automation, we trigger the Playbook on on-demand or some scheduling tool. With the Event-Driven Architecture, an event will trigger a so-called “RuleBook” that executes automation only when needed. I think this will open new possibilities for the Infrastructure as Code (IaC) use-case of automation.

Recap

Let’s me let me wrap around the Ansible Automation Platform 2.3. This release is very packed with an enterprise focus, and this type of feature I really like for enterprise users. Ansible Certified Contents adds the ability to sign and verify trusted code and the ability to execute some automation on demand, opening a new level of automation.

Very even automation, all the stuff altogether. Create a very interesting tool for Automation nowadays. I hope Red Hat continues to innovate, and I’m sure that in the upcoming years will become a very interesting tool for our enterprises. I’m happy because this AAP release matches the Red Har multi-cloud strategy.

I think the Ansible Automation Platform will be a very interesting tool to keep an eye on future enterprise users.

Thank you for my so much for watching. Have a great day, and see us on the next adventure of Ansible Pilot. Yay, ciao!

Subscribe to the YouTube channel, Medium, Website, Twitter, and Substack to not miss the next episode of the Ansible Pilot.

Academy

Learn the Ansible automation technology with some real-life examples in my

My book Ansible By Examples: 200+ Automation Examples For Linux and Windows System Administrator and DevOps

BUY the Complete PDF BOOK to easily Copy and Paste the 250+ Ansible code

Want to keep this project going? Please donate

Access the Complete Video Course and Learn Quick Ansible by 200+ Practical Lessons
Trustpilot
Follow me

Subscribe not to miss any new releases

FREE Top 10 Best Practices

Top 10 Best Practices of Ansible Automation: save time, reduce errors and stress