AnsiblePilot — Master Ansible Automation

AnsiblePilot is the leading resource for learning Ansible automation, DevOps, and infrastructure as code. Browse over 1,400 tutorials covering Ansible modules, playbooks, roles, collections, and real-world examples. Whether you are a beginner or an experienced engineer, our step-by-step guides help you automate Linux, Windows, cloud, containers, and network infrastructure.

Popular Topics

About Luca Berton

Luca Berton is an Ansible automation expert, author of 8 Ansible books published by Apress and Leanpub including "Ansible for VMware by Examples" and "Ansible for Kubernetes by Example", and creator of the Ansible Pilot YouTube channel. He shares practical automation knowledge through tutorials, books, and video courses to help IT professionals and DevOps engineers master infrastructure automation.

Event-Driven Ansible (EDA): Automate Responses to Events Guide

By Luca Berton · Published 2024-01-01 · Category: installation

Complete guide to Event-Driven Ansible (EDA). Configure rulebooks, event sources, conditions, and actions to automate incident response and operations.

Event-Driven Ansible (EDA): Automate Responses to Events Guide

Event-Driven Ansible: Revolutionizing IT Automation

Event-Driven Ansible (EDA) represents a significant leap forward in the realm of IT automation, offering a dynamic and responsive approach to managing IT environments. This article delves into what Event-Driven Ansible is, its components, benefits, and practical applications.

See also: Ansible Reboot Module: Restart Remote Hosts & Wait for Recovery (Guide)

What is Event-Driven Ansible?

Event-Driven Ansible is a feature within the Red Hat Ansible Automation Platform that enables automation to be triggered by specific events. This allows IT operations to become more responsive and efficient by automating the response to changes, alerts, and conditions within the IT environment. The core of Event-Driven Ansible is the Ansible Rulebook, a YAML document that defines the rules and actions for automation .

Key Components of Event-Driven Ansible

Event Sources: These are the origins of events that trigger automation. Event sources can include webhook events, changes in file status, messages from Kafka topics, or alerts from monitoring tools like Alertmanager . Rules: Each event is evaluated against a set of rules defined in the Ansible Rulebook. A rule includes a condition that, when met, triggers an action. This condition could be anything from receiving a specific HTTP status code to a file change event . Actions: Actions are the tasks that are executed when the conditions of a rule are met. These can range from running an Ansible playbook to executing specific modules or tasks to remediate an issue or update a configuration . Ansible Rulebook: This is the heart of Event-Driven Ansible, where the event sources, rules, and actions are defined. The syntax of a rulebook is similar to an Ansible playbook, making it easy for those familiar with Ansible to adapt to EDA .

See also: Conditional Ansible Role Execution in Playbooks

Benefits of Event-Driven Ansible

Agility: EDA allows for rapid adjustments to infrastructure and applications in response to real-time events. This agility is crucial for maintaining service levels and responding to operational changes quickly . Efficiency: By automating responses to common events and alerts, EDA reduces the need for manual intervention, freeing up IT staff to focus on more strategic tasks . Consistency: EDA ensures that responses to events are standardized, reducing the risk of human error and ensuring that best practices are followed every time an event occurs . Scalability: EDA can scale to handle a large number of events, making it suitable for environments with high demands and complex infrastructure .

Practical Applications

Event-Driven Ansible can be applied in various scenarios to enhance IT operations: Infrastructure Scaling: Automatically scale resources up or down in response to demand spikes or drops, ensuring optimal resource utilization and performance . Security Responses: Trigger automated security responses to alerts, such as applying patches, updating firewall rules, or isolating affected systems to mitigate threats quickly . Continuous Deployment: Implement continuous deployment pipelines that automatically roll out updates to applications when new code is committed, reducing downtime and speeding up the release cycle . Configuration Drift Management: Detect and correct configuration drift in real-time, ensuring that systems remain compliant with predefined configurations and reducing the risk of issues caused by inconsistent environments .

See also: Ansible troubleshooting - Error meta-runtime

Example: Automating Network Remediation

Consider a scenario where an observability tool detects an unresponsive network router. With EDA, this event can trigger a predefined action in the Ansible Rulebook to reapply the router's configuration or reset the device. This automatic response can restore network functionality without requiring manual intervention, even during off-hours, Playbooknstrating the power and efficiency of Event-Driven Ansible .

Conclusion

Event-Driven Ansible is transforming how IT operations are managed by introducing real-time, event-triggered automation. Its ability to react swiftly to changes, automate repetitive tasks, and maintain consistency across environments makes it an invaluable tool for modern IT infrastructure management. As organizations continue to evolve and grow, the agility, efficiency, and scalability offered by Event-Driven Ansible will be essential in maintaining robust and responsive IT operations.

For more detailed information on setting up and using Event-Driven Ansible, refer to the Red Hat Ansible Automation Platform documentation .

What is EDA?

Event-Driven Ansible (EDA) automatically triggers automation in response to events — alerts from monitoring, webhook calls, log patterns, or infrastructure changes.

Install

pip install ansible-rulebook
ansible-galaxy collection install ansible.eda

First Rulebook

# rulebook.yml
---
- name: Respond to webhook events
  hosts: all
  sources:
    - ansible.eda.webhook:
        host: 0.0.0.0
        port: 5000

rules:
    - name: Handle deploy request
      condition: event.payload.action == "deploy"
      action:
        run_playbook:
          name: deploy.yml
          extra_vars:
            version: "{{ event.payload.version }}"

ansible-rulebook --rulebook rulebook.yml -i inventory.yml

Event Sources

# Webhook
sources:
  - ansible.eda.webhook:
      host: 0.0.0.0
      port: 5000

# File watch
sources:
  - ansible.eda.file_watch:
      path: /var/log/myapp/
      recursive: true


# Kafka
sources:
  - ansible.eda.kafka:
      host: kafka.internal:9092
      topic: alerts


# Alertmanager
sources:
  - ansible.eda.alertmanager:
      host: 0.0.0.0
      port: 8000

Conditions

rules:
  # Simple match
  - name: High CPU alert
    condition: event.alert.labels.alertname == "HighCPU"
    action:
      run_playbook:
        name: remediate-cpu.yml

# Multiple conditions
  - name: Critical production alert
    condition:
      all:
        - event.alert.labels.severity == "critical"
        - event.alert.labels.environment == "production"
    action:
      run_playbook:
        name: incident-response.yml


# Pattern matching
  - name: Disk space alert
    condition: event.alert.labels.alertname is match("Disk.*")
    action:
      run_playbook:
        name: disk-cleanup.yml

Actions

# Run playbook
action:
  run_playbook:
    name: remediate.yml
    extra_vars:
      target_host: "{{ event.payload.host }}"

# Run module directly
action:
  run_module:
    name: ansible.builtin.debug
    module_args:
      msg: "Event received: {{ event }}"


# Print for debugging
action:
  print_event:
    pretty: true


# Multiple actions
actions:
  - run_playbook:
      name: fix.yml
  - run_playbook:
      name: notify.yml

Self-Healing Example

---
- name: Auto-remediate common issues
  hosts: all
  sources:
    - ansible.eda.alertmanager:
        host: 0.0.0.0
        port: 8000

rules:
    - name: Restart crashed service
      condition: event.alert.labels.alertname == "ServiceDown"
      action:
        run_playbook:
          name: restart-service.yml
          extra_vars:
            service_name: "{{ event.alert.labels.service }}"


- name: Clean disk space
      condition: event.alert.labels.alertname == "DiskFull"
      action:
        run_playbook:
          name: disk-cleanup.yml


- name: Scale up on high load
      condition: event.alert.labels.alertname == "HighCPU" and event.alert.labels.value | int > 90
      action:
        run_playbook:
          name: scale-up.yml

EDA Architecture

| Component | Role | |-----------|------| | Rulebook | Defines sources, conditions, actions | | Event Source | Ingests events (webhook, Kafka, etc.) | | Rule Engine | Evaluates conditions against events | | Action Runner | Executes playbooks/modules | | EDA Controller | Web UI (part of AAP) |

FAQ

EDA vs AWX webhooks?

AWX webhooks trigger specific job templates. EDA has a full rule engine — it can filter, match patterns, and route different events to different playbooks.

Can I use EDA without AAP?

Yes — ansible-rulebook runs standalone. AAP's EDA Controller adds UI, RBAC, and scalability.

How do I test rulebooks?

Use the webhook source and send test events with curl:

curl -X POST http://localhost:5000/endpoint -H "Content-Type: application/json" -d '{"action": "deploy", "version": "2.0"}'

What is EDA?

Event-Driven Ansible (EDA) automatically triggers Ansible actions in response to events from monitoring tools, webhooks, message queues, and other sources. Instead of running playbooks on a schedule, EDA reacts to what's happening in real time.

Install ansible-rulebook

pip install ansible-rulebook

# Verify
ansible-rulebook --version

Basic Rulebook

# rulebook.yml
---
- name: Respond to webhook events
  hosts: all
  sources:
    - ansible.eda.webhook:
        host: 0.0.0.0
        port: 5000

rules:
    - name: Handle deployment request
      condition: event.payload.action == "deploy"
      action:
        run_playbook:
          name: deploy.yml

Run a Rulebook

ansible-rulebook --rulebook rulebook.yml -i inventory.yml

Event Sources

# Webhook
sources:
  - ansible.eda.webhook:
      host: 0.0.0.0
      port: 5000

# Kafka
sources:
  - ansible.eda.kafka:
      topic: alerts
      host: kafka.example.com
      port: 9092


# File watch
sources:
  - ansible.eda.file.watch:
      path: /var/log/myapp/error.log
      recursive: false


# Alertmanager
sources:
  - ansible.eda.alertmanager:
      host: 0.0.0.0
      port: 8080

Conditions

rules:
  # Simple match
  - name: CPU alert
    condition: event.alert.labels.alertname == "HighCPU"
    action:
      run_playbook:
        name: remediate-cpu.yml

# Multiple conditions (AND)
  - name: Critical production alert
    condition:
      all:
        - event.alert.labels.severity == "critical"
        - event.alert.labels.environment == "production"
    action:
      run_playbook:
        name: critical-response.yml


# OR conditions
  - name: Any restart trigger
    condition:
      any:
        - event.payload.action == "restart"
        - event.alert.labels.alertname == "ServiceDown"
    action:
      run_playbook:
        name: restart-service.yml

Actions

# Run a playbook
action:
  run_playbook:
    name: remediate.yml
    extra_vars:
      target_host: "{{ event.payload.host }}"

# Run a module directly
action:
  run_module:
    name: ansible.builtin.debug
    module_args:
      msg: "Event received: {{ event }}"


# Print for debugging
action:
  print_event:

EDA with AAP (Controller)

# Trigger a job template in AAP
action:
  run_job_template:
    name: "Remediate CPU"
    organization: Default
    job_args:
      extra_vars:
        host: "{{ event.payload.host }}"

FAQ

EDA vs cron?

Cron runs on a schedule. EDA reacts to events in real time. Use cron for periodic tasks, EDA for event-driven responses.

Can I use EDA without AAP?

Yes — ansible-rulebook is open source. AAP adds enterprise features like EDA Controller UI and RBAC.

What events can trigger EDA?

Any event source: webhooks, Kafka, file changes, Alertmanager, CloudEvents, custom plugins. You can also write custom event source plugins.

Related Articles

how Ansible become works under the hood

Category: installation

Browse all Ansible tutorials · AnsiblePilot Home