We are thrilled to announce the general availability of Red Hat Ansible Automation Platform 2.3. If you didn’t get the opportunity to attend AnsibleFest 2022 in Chicago, or get time to watch the keynotes on the AnsibleFest content hub, I am the lucky Ansiblite (or is it Ansi-Bull) who will walk you through all the new, cool and exciting features coming with our new release. Ansible Automation Platform 2.3 introduces a number of new features and capabilities that deliver simpler, security-focused automation at scale. Ansible Automation Platform 2.3 is compatible with the Developer Preview of Event-Driven Ansible, a new set of capabilities that empower true end-to-end automation.

You can download the latest version directly from the Red Hat Customer Portal, or sign up for a free trial at red.ht/try_ansible. If you want to skip right to the documentation and release notes, check out the official Product Documentation page.

If you are new to Ansible Automation Platform 2 and wondering what automation execution environments, automation mesh, and automation content navigator all are, I highly recommend watching the video tour that our technical marketing team put together.  If you prefer reading, I recommend checking out our previous release blogs:

• Introducing Ansible Automation Platform 2
• Introducing Red Hat Ansible Automation Platform 2.1
• What’s new in Ansible Automation Platform 2.2

So what’s new with Ansible Automation Platform 2.3?  In this blog, I will walk you through each of our major release themes, the associated features and how you will benefit from them.

Added trust for your automation supply chain

One of the first questions I received during a public presentation in my automation career was:  “What if I automate a mistake across my infrastructure?” Obviously, organizations need to make sure they’re actually automating the tasks they intend to automate.  However, what if someone tries to automate something nefarious?  Sometimes it might not even be intentional, but say an organization uses a community collection, and its author removes a feature that they were using.

When organizations start adopting automation at the enterprise level, they may perform hundreds to thousands of tasks every hour across thousands of infrastructure nodes.  How do you make sure the automation content that is being executed can be trusted?  How do you know your automation is doing what you think it is?  Is your organization pulling content from various sources outside of your company? Can all of those sources be trusted with equal confidence?

With Ansible Automation Platform 2.3, numerous features have been added that enable your organization to create an end-to-end trusted software supply chain for their automation content.

•  Added project signature verification in automation controller, via a new command-line tool called ansible-sign. Projects are logical arrangements of Ansible Playbooks, represented in automation controller. Project signing adds additional checks for playbooks held in source control.
•  Sign and validate Ansible content via a WebUI. Signing of Ansible Content Collections was first released as Technology Preview supported in Ansible Automation Platform 2.2 through the UI of private automation hub. In version 2.3, private automation hub also now allows administrators to sign automation execution environments. Signed Ansible content can be validated using the command-line to simplify control.

• Added profile support in Ansible Lint allows linting rule sets to be changed based on environments. Ansible Lint is now fully supported in Ansible Automation Platform 2.3 after its inclusion in technology preview in the 2.2 version. Ansible Lint, first included in Ansible Automation Platform 2.2, helps support teams write cleaner Ansible Playbook YAML and follow recommended coding practices.
• Introducing Ansible validated content. Provides highly opinionated Ansible roles that help teams start automating faster.  It complements the existing ecosystem of Ansible community content and Red Hat Ansible Certified Content. Ansible validated content uses a trusted, expert-led path for performing Day-2 operational tasks across public clouds, networks, and even Ansible Automation Platform itself. Initially, customers will have the option to have Ansible validated content preloaded when installing private automation hub.   Read more below to get an overview of all the great Ansible validated content coming in 2.3!

End-to-end trust is paramount in enterprise organizations and this will continue to be a core component of Ansible Automation Platform.  All certified and validated content will be digitally signed from Red Hat so that automation architects can have greater confidence in the automation content that’s executed across their infrastructure.

A simpler, more maintainable infrastructure

One of Ansible’s original slogans, still often used today, is “simple, powerful, agentless.” However, when open source command-line Ansible users begin taking their first steps into enterprise automation, they may be overwhelmed with all the various components and features introduced by Ansible Automation Platform.  Our top priority is to provide features that enterprise customers need, while ensuring that the enterprise experience is as simple and approachable as the day they started.  Ansible Automation Platform 2.3 offers an automation management experience with more simplicity, accessibility, and choice. The simplified infrastructure and control plane makes it easier to create automation content, while allowing your teams to onboard new platforms quickly without waiting for an Ansible Content Collection to be built.

Improvements in the 2.3 release include the following:

• Direct Lightweight Directory Access Protocol (LDAP) support with role-based access control (RBAC). Private automation hub can now directly integrate with your existing LDAP system and provide RBAC similar to automation controller.  This means you can integrate directly with LDAP tools such as OpenLDAPand Microsoft Active Directory.
• Platform installer enhancements. A guided installation wizard (Inventory File Generator) for creating platform inventory files is now included.
  
                                                                    Prior to AAP 2.3
   
                                                                  Screenshot from using VIM to modify inventory file
    
                                                                           Now, with AAP 2.3
  

                                                               Screenshot from Ansible Automation Platform Inventory File Generator 

• Updates to make the installer more fapolicyd aware have been included.  For more information on fapolicyd, refer to the documentation.  This will create an easier experience for system administrators installing Ansible Automation Platform in existing brown-field environments where their firewall policies are already configured.

• The ansible-builder image is now bundled with Red Hat Ansible Certified Content to simplify Day-0 and Day-1 operations activities.  This means that you will already have access to the ansible-builder executable when operating in disconnected environments.

More flexibility and control when scaling automation

One of my favorite big features when Ansible Automation Platform 2 was first announced was the introduction of execution environments. These containerized environments not only allow us to package automation into a simple discrete package, but they also allow us to separate the control plane (i.e. the WebUI and API for automation controller) and the execution plane (where my playbook executes).  This led to one of our “killer features” that makes Ansible Automation Platform indispensable in my mind: automation mesh.  Automation controller and automation mesh allow Ansible Automation Platform to scale for some of the largest enterprises on the planet.  

In our latest release, the automation controller continues to evolve, with numerous performance enhancements to increase both platform resilience and execution efficiency. And there are several new automation mesh features available as Technology Preview for the 2.3 release, including:

•  Simplified addition and removal of execution node capacity. In the tech preview, we have removed requirements for using platform installer to add or remove execution nodes.

•  Enhancements for job utilization on multiple execution nodes. A more efficient task manager can make efficient use of execution nodes, increasing your automation capacity.

•  Support for external execution nodes. Multiple solutions are available, giving you the freedom to run your automation anywhere you need to. Automation mesh now allows you to connect external execution nodes such as your Ansible Automation Platform installation on Red Hat OpenShift®. This new feature provides you more flexibility and agility to deliver automation across the hybrid cloud—physical, virtual, cloud, and to edge locations.  This also means that our cloud offerings such as Red Hat Ansible Automation Platform on Microsoft Azure can now extend to your on-premises and edge locations.
    

                                    Example diagram for deploying mesh nodes across AWS public cloud.

New certified content

While Ansible Content Collections are released asynchronously on Ansible automation hub, separate from the rest of Ansible Automation Platform, this blog is a great opportunity to highlight all the awesome Red Hat Ansible Certified Content that has been released recently.

The cloud.terraform Certified Collection

I am thrilled to announce our new fully supported and certified cloud.terraform content collection.  This Collection enables an Ansible Playbook to initiate a Terraform automation workflow (plan).  The Collection includes two modules, with one module compatible with the current community.general.terraform module for general Terraform functionality.

The cloud.terraform collection is certified to support the following:

• Providers: AWS, Azure, Google Cloud
• Backends: azurerm, gcs, s3

In addition to the cloud.terraform collection, here are eight new Red Hat Partners that have created Ansible automation content since our last release:

Avantra	avantra.core	Collection offers core functions to work with Avantra. You can create, remove servers and SAP systems.
Cohesity	cohesity.dataprotect	Collection for interacting with the Cohesity DataPlatform.
Confluent	confluent.platform	Collection to deploy, manage, and configure the Confluent Platform services.
Delinea	delinea.core	​​Collection for Delinea DevOps Secrets Vault.
Infinidat	infinidat.infinibox	Collection to allow simple, but powerful, idempotent interactions with Infinidat InfiniBoxes.
Kong, Inc.	kong.kong	Collection to automate Kong’s portfolio of products.
Scale Computing	scale_computing.hypercore	Collection for automating the management of Scale Computing HyperCore products.
Virsec Systems	virsec.vsp	Collection for VSP probe Installation.

In addition, our existing partners have released nine new Collections into their namespaces:

Arista	arista.dmf	Collection managing DANZ monitoring Fabric via DMF controllers.
DynaTrace	dynatrace.oneagent_deploy	Collection deploys the Dynatrace OneAgent to systems.
F5 Networks	f5networks.f5os	Collection focusing on managing F5 OS devices through API. The Collection includes key imperative modules for managing Velos chassis and rSeries platform lifecycles as well as F5OS tenant and partition management.
Fortinet	fortinet.fortiswitch	Collection contains modules that are able to configure FortiSwitch.
Pure Storage	purestorage.fusion	Collection of modules to manage Pure Fusion.
SAP	sap.sap_operations	Collection contains modules and plugins to assist in automating SAP day 2 operations with Ansible.

Finally, Red Hat and Ansible have released some new certified content as well:

• ansible.receptor – Installs and configures a Receptor node on RHEL.
• ansible.snmp –  includes plugins for using SNMP on the control node to make SNMP connections to a device.
• redhat.amq – Install and configure AMQ services.

You can check out all the certified and fully supported Collections on Ansible automation hub on console.redhat.com.

Introducing Ansible validated content

Ansible validated content is curated, use-case focused Ansible Content Collections that are distributed through your Ansible Automation Platform product subscription.  Ansible validated content provides content around a variety of domains including infrastructure, network, security, edge and cloud.  This valuable content is pre-installed on your private automation hub node to allow you to quickly get up and start on a variety of different use-cases.

This content goes beyond certified content in that it is focused on “higher order” playbooks and roles versus “low level” modules and plugins.  This content is meant to show examples and demonstrations on how you can get started more quickly and learn how our partners and Red Hat Consulting follow recommended practices for creating Ansible automation content.  This content is shared and pre-installed with your Ansible Automation Platform subscription but not supported.  Ansible Playbooks that use validated content may need to be modified depending on your unique setup and environment.

Collection Name	Domain	Description
infra.controller_configuration	Infrastructure	For automation and configuration of automation controller.
infra.ee_utilities	Infrastructure	For managing automation execution environments.
infra.ah_configuration	Infrastructure	For automation and configuration of private automation hub.
infra.aap_utilities	Infrastructure	Installing and managing Ansible Automation Platform.
network.base	Network	Provides a single platform-agnostic entry point to manage all the resources supported for a given network OS.
network.bgp	Network	Configure BGP and provide capabilities to do operational state/healthchecks.
network.vpn	Network	Build, maintain and validate VPN tunnels across cloud providers and network appliances.
security.firewall_mgmt	Security	For firewall policy automation to take care of firewall policy hygiene.
infra.osbuild	Edge	Management of osbuild-composer to build OSTree-based images for Red Hat Enterprise Linux.
cloud.aws_ops	Cloud	Automate the management of resources on AWS.
cloud.aws_troubleshooting	Cloud	Variety of Ansible roles to help troubleshoot AWS resources.

A preview of Event-Driven Ansible capabilities

NOTE:
Event-Driven Ansible is released as part of Ansible Automation Platform 2.3 in Developer Preview.

Available as Developer Preview, Event-Driven Ansible is a scalable, responsive automation capability that can process events containing discrete, actionable intelligence. It empowers teams to determine the appropriate response to an event, then executes automated actions to address or remediate.

Event-Driven Ansible delivers more responsive and resilient IT services through faster resolution of requests. The Developer Preview includes:

• A set of supported Partner Event Sources including webhooks, Kafka, Azure service bus, file

• A rulebook language and file structure for defining relationships between events and actions.

• EDA Server where you can run or manage multiple Ansible rulebooks.

My technical marketing colleagues Nuno Martins and Colin McNaughton performed on the main stage at AnsibleFest 2022 in an amazing demonstration (at 35:11 in Preparing for the automation of tomorrow) of Event-Driven Ansible.  

Screenshot from Event-Driven Ansible demonstration at AnsibleFest 2022.  These two practical jokers had an entertaining session.

Ansible Automation Platform has always had a robust and powerful API, allowing integrations into all kinds of event-driven workflows. What we did was integrate webhook support with GitHub and GitLab to provide automation into existing GitOps workflows.  However, with the API method, we were limited to devices or applications that have the ability to make a programmatic call to Ansible Automation Platform, and require the user to write that logic that will kick-off the automation.  With webhooks, the support was narrowly scoped to just those two Git platforms.  

With this new Developer Preview of Event-Driven Ansible, we provide an entire framework for event-driven automation that can connect sources of events with corresponding actions via rules. Visit ansible.com/event-driven to learn more about the technology and how you can get involved with shaping Event-Driven Ansible to meet the needs of your organization. If you are ready to get started right away, try our self-paced lab. And you can read this article to learn more about what to expect with the Event-Driven Ansible preview.

What can I do next?

Whether you are beginning your automation journey or a seasoned veteran, there are a variety of resources available to help you get the most out of your automation with Red Hat Ansible.

• If you’re looking for some additional context on the 2.3 release, you can register for our free webinar, “Ansible Automation Platform 2.3: Flexible, trusted automation at scale.”
• Get hands on with on-demand self-paced exercises – We have a variety of interactive in-browser exercises that have been built to help you dive into directly Ansible Automation Platform.
• Trial subscription – Are you ready to install on-premises? Get your own trial subscription for unlimited access to all the components of Ansible Automation Platform.
• Developer license – Did you know that you can get a free developer license to learn in your home lab? Register and get access to all the latest tools, technologies and community that Red Hat has to offer.
• Subscribe to the Red Hat Ansible Automation Platform YouTube channel

• Follow Red Hat Ansible Automation Platform on Twitter – Do you have questions or an automation project you want to show off? Tweet at us!