HPE-CIHT (1) - PowerPoint PPT Presentation

About This Presentation
Title:

HPE-CIHT (1)

Description:

Plagiarism Checking – PowerPoint PPT presentation

Number of Views:0
Slides: 29
Provided by: ravisasu
Category:
Tags:

less

Transcript and Presenter's Notes

Title: HPE-CIHT (1)


1
(No Transcript)
2
Terraform cloud
  • Terraform Cloud is a managed service offered by
    HashiCorp that allows you to use Terraform to
    manage your infrastructure in the cloud.
  • It provides features such as
  • A web-based UI for collaborating on and reviewing
    infrastructure changes.
  • A private Terraform module registry for sharing
    and reusing infrastructure code.
  • Integration with version control systems (VCS)
    such as Git to track and manage infrastructure
    changes.
  • The ability to run Terraform operations, such as
    apply and destroy, remotely.
  • A backend for storing Terraform state, which can
    be shared with other team members and used to
    track infrastructure changes.
  • Collaboration and governance features, such as
    the ability to set up approval workflows for
    infrastructure changes.

3
VCS
  • A version control system (VCS) is a tool that
    allows you to track changes to your code over
    time and collaborate with other developers on
    projects. Terraform is a tool for building,
    changing, and versioning infrastructure
    safely and efficiently.
  • There are several ways you can use a VCS with
    Terraform to manage your infrastructure?
  • Store Terraform configuration files in a VCS?
  • Use Terraform to manage VCS repositories?
  • Use a VCS to store Terraform state?
  • Use a VCS as a backend for Terraform

4
VCS Workflow
  • A VCS-driven workflow provided by Terraform Cloud
    automatically initiates runs in response to
    changes to your VCS repositories. ?
  • While the VCS-driven workflow promotes team
    collaboration by designating your shared
    repositories as the source of truth
    for infrastructure configuration, the CLI-driven
    workflow enables you to quickly iterate on your
    setup and work locally.

5
Vault Integration
  • Vault is a tool for securely storing and
    accessing secrets, such as API keys, passwords,
    and certificates. It can be integrated into a
    variety of systems and applications to provide
    secure access to sensitive information.
  • There are several ways to integrate Vault into
    your system or application?
  • Using the Vault API?
  • Using the Vault CLI?
  • Using Vault integrations?
  • Using Vault plugins

6
Case study Vault integration
  • HCP Vault
  • The managed Vault service from HashiCorp, known
    as HashiCorp Cloud Platform Vault (HCP Vault),
    gives users all the strength and security of
    Vault without the hassle and cost of
    administering it themselves. With this choice,
    users can concentrate on maximising the value of
    Vault Enterprise capabilities rather than
    worrying about downtime, maintenance, or the
    environment. HCP Vault was an easy candidate for
    the integration use case because TCB and
    ServiceNow both operate in the cloud.  
  • Terraform Cloud Business (TCB)
  • AHEAD and HashiCorp decided to use TCB to host
    the Terraform modules that are in charge of
    creating the Vault Environment and the workload
    during the design phase. This was a logical
    choice for our demo setting given TCB's
    connectivity with ServiceNow. In addition to
    spinning up modules that could automatically
    generate HCP Vault namespaces and configure
    secrets engines (in our instance, the GCP
    engine), we divided our demo environment into a
    number of workspaces.

7
Case study cont.
  • To instal the HCP Vault cluster, we used an HCP
    module and the HCP Provider for Terraform created
    by HashiCorp. Following that, we configured the
    admin, namespace, policies, and secrets engine
    using the HashiCorp Vault Provider. As a result,
    we were able to ask HCP Vault for a dynamic
    secret for GCP automatically. We and our clients
    were very interested in demonstrating how dynamic
    secrets might be created, utilised, and removed
    in a predetermined amount of time for
    provisioning infrastructure, and we believe this
    use case will have many applications across cloud
    infrastructure.
  • Finally, using TCB, we can demonstrate how
    Auto-Apply and a manual approval procedure differ
    as well as HashiCorp Sentinel's policy as code
    feature, which looks for prohibited GCP machine
    types.

8
CASE STUDY CONT.
  • ServiceNow Integration

9
CASE STUDY CONT.
  • Creating a custom catalogue item with variables,
    configuring the ServiceNow flow to properly
    transmit the data to the TCB REST API with the
    correct endpoint, and leveraging the Terraform
    Cloud interface for ServiceNow were all steps
    in our ServiceNow workflow. We had to set up the
    flow in the Flow Designer to call the appropriate
    TCB API endpoint in order to configure the
    integration appropriately. We only needed to
    generate a few OAuth tokens and put them on
    the configuration page of the Terraform Cloud
    integration in ServiceNow to handle
    authentication for TCB.
  • TCB generates dynamic credentials for GCP
    authentication using HCP Vault, so our process in
    ServiceNow can just concentrate on the user
    interface and obtaining the necessary data from
    the user. Users can choose regions, zones, and
    environment types freely when using dropdowns in
    the catalogue item, whereas administrators and
    developers of Infrastructure as Code can impose
    restrictions on the types of infrastructure that
    users can provision.

10
CASE STUDY CONT.
  • For instance, the environment choices (Development
    , Test, and Production) align to a machine_types m
    ap variable in the Terraform module, which looks
    like this
  • Users in ServiceNow dont need to know exactly
    how the environments map to the GCP machine
    types, and administrators are free to add or
    update machine type options in TCB with minimal
    changes to the ServiceNow catalog item.

11
  • Google Cloud Platform Integration
  • The last piece to build was the Terraform module
    for the Google Cloud Platform integration. During
    the Terraform run, the Terraform agent logs into
    HCP Vault to retrieve dynamic credentials for use
    in GCP. Once these credentials are retrieved, the
    business logic in the Terraform module is used to
    provision a VPC Network, Subnet, Firewall, VM
    Instance, SSH keys, and finally, execute a remote
    script on the provisioned machine.
  • Once the apply has completed successfully,
    Terraform Cloud returns an IP address and
    information for accessing the machine within GCP.
    In our demo environment, we used the
    Terraform remote-exec provisioner to install the
    Apache HTTP Server, kicked off a shell script to
    create a simple HTML page, and spun up the server
    to serve the page when the IP address was
    queried. In an enterprise scenario, configuration
    management might be handled by Chef or Puppet to
    pull down dependencies for business applications.

12
Case study outcome
  • This environment serves as a demonstration of the
    effectiveness of Infrastructure as Code utilizing
    Terraform, the power of TCB, HCP Vault, and the
    simplicity with which users can self-serve
    infrastructure. Simply by establishing additional
    secrets engines in HCP Vault and reusing
    Terraform modules for different environments,
    this environment might be expanded in the future
    to employ other cloud providers or infrastructure
    on-premises. Building a framework for connecting
    services with the aim of delivering a smooth user
    experience for providing and updating
    infrastructure as required.

13
Case study conclusion
  • The scenario's overview and its construction in
    HCP Vault, Terraform Cloud Business, ServiceNow,
    and Google Cloud Platform have now been covered. 
  • Based on business goals and governance standards,
    this notion may be applied to a variety of
    scenarios and enterprise workloads.
  • Without the solid cooperation of
    HashiCorpparticularly the Partner Solution
    Engineering team working with AHEADthis
    architecture and configuration of HCP Vault, TCB,
    ServiceNow, and GCP would not have been
    possible. 
  • No matter where our customers are in their
    business cloud journey, AHEAD can support them,
    from getting started in the cloud to creating an
    Automation Hub similar to the idea we outlined
    above.

14
Multibranch
  • In the context of Terraform, "multi-branch"
    typically refers to a workflow in which different
    branches in a version control system (VCS) are
    used to manage and deploy different environments,
    such as development, staging, and production.
  • Here is an example of how a multi-branch workflow
    might work with Terraform?
  • Create a VCS repository for your infrastructure
    code and configure it to use Terraform.?
  • Create a branch for each environment you want to
    manage with Terraform (e.g., "development",
    "staging", "production").?
  • Write Terraform configuration files for each
    environment and commit them to the appropriate
    branch.?
  • Use Terraform to deploy each environment by
    specifying the appropriate VCS branch as the
    source for the configuration files.?
  • Use the VCS to track and manage changes to the
    infrastructure in each environment.

Lab-Multibranch
15
workspaces
  • Terraform workspaces are a way to organize and
    manage multiple instances of infrastructure
    managed by Terraform. You can use workspaces to
    represent different environments (such as
    development, staging, and production), or
    to represent different components of your
    infrastructure (such as front-end and back-end
    systems).
  • Here are some key points about Terraform
    workspaces?
  • Each workspace is associated with a separate
    Terraform state file, which stores the current
    state of the infrastructure managed by that
    workspace.?
  • You can switch between workspaces by using
    the terraform workspace select command. This
    allows you to easily manage and deploy
    different instances of your infrastructure.?

16
Templates
  • Terraform templates are configuration files
    written in the HashiCorp Configuration Language
    (HCL) that define infrastructure as code. You can
    use Terraform templates to specify the resources
    you want to create, and the dependencies between
    those resources.
  • Here are some key points about Terraform
    templates?
  • Terraform templates use a declarative syntax,
    which means you specify the desired end state of
    your infrastructure and Terraform figures out how
    to create it.?
  • Terraform templates can be used to manage a wide
    range of infrastructure resources, including
    compute instances, networking resources, storage
    resources, and more.?
  • You can use variables in your Terraform templates
    to make them more reusable and flexible. For
    example, you could define a variable for the
    region in which you want to create resources, and
    then use that variable in your template.

17
Ansible tower
  • Ansible Tower is the enterprise version of
    Ansible. It allows sysadmins to deploy all the
    benefits of Ansible at scale. 
  • Ansible Tower is a web-based application that
    provides a centralized platform for managing and
    automating Ansible infrastructure. 
  • It is designed to help organizations automate
    their infrastructure and application deployments,
    as well as manage and monitor the status of their
    environments. 

18
Projects
  • One of the key features of Ansible Tower is the
    ability to create and manage projects. 
  • A project in Ansible Tower is a collection of
    Ansible playbooks, variables, and other related
    content. 
  • It is used to organize and manage the resources
    needed to run your Ansible playbook tasks. You
    can use projects to group your playbooks and
    other content by functionality, environment, or
    any other criteria that makes sense for your
    organization. 

19
Playbooks
  • Ansible playbooks are files that contain a set of
    instructions or tasks that are executed in order.
  • They are written in the YAML language and are
    used to automate complex workflows and manage
    infrastructure and applications. 
  • Playbooks consist of a series of tasks that are
    executed sequentially.
  • Each task can be a single Ansible module or a set
    of modules that perform a specific action, such
    as installing software, configuring systems, or
    deploying applications. 
  • Playbooks can be used to manage a wide range of
    environments, including servers, virtual
    machines, cloud instances, and network devices.
  • They can be run on a single host or on a group of
    hosts, and they can be scheduled to run at a
    specific time or on a regular basis. 

20
jobs
  • In Ansible, a job refers to a task or a set of
    tasks that are executed on one or more managed
    hosts. Jobs can be used to automate a variety of
    tasks, including installing software, configuring
    systems, and deploying applications. 
  • There are a few different ways to create and run
    jobs in Ansible, including ?
  • Using the "ansible" command ?
  • Using playbooks ?
  • Using the Ansible Tower web interface

Lab- Creating Projects and managing playbooks
21
Inventory
  • In Ansible Tower, an inventory is a collection of
    hosts (i.e., devices or systems) that are managed
    by Ansible. These hosts can be physical servers,
    virtual machines, or cloud instances, and they
    can be managed individually or as part of a
    group.
  • Ansible Tower allows you to manage your inventory
    in several ways, including?
  • Static inventory?
  • Dynamic inventory?
  • Cloud inventory
  • Ansible Tower allows you to manage your inventory
    in several ways, including?
  • Static inventory?
  • Dynamic inventory
  • ?
  • Cloud inventory

22
Dynamic inventory
  • Static inventory A static inventory is a list of
    hosts that is stored in a file (e.g., a CSV or
    INI file) and does not change unless the file is
    updated manually. 
  • Dynamic inventory A dynamic inventory is a list
    of hosts that is generated dynamically by a
    script or API. This allows you to manage a large
    number of hosts without having to update the
    inventory manually. 
  • Cloud inventory Ansible Tower can integrate with
    cloud providers (e.g., Amazon Web Services,
    Microsoft Azure, Google Cloud Platform) and
    automatically discover and manage hosts in those
    environments.

23
  • This tab displays a list of the inventories that
    are currently available. The inventory list may
    be sorted and searched by Name or Organization,
    and filtered by inventories with external
    sources, inventories with external sources that
    have failed to update, and inventories whose
    hosts have failed jobs. 

24
  • The list of inventories includes 
  • Status This includes the status of inventory
    synchronization for inventories configured with
    cloud sources, and the status of recent jobs for
    this inventory. 
  • Name The inventory name. Clicking the Inventory
    name navigates to the properties screen for the
    selected inventory, which shows the
    inventorys groups and hosts. (This view is also
    accessible from the Action menu.) 
  • Organization The organization to which the
    inventory belongs. 
  • Actions The following actions are available for
    the selected inventory 
  • Edit Edit the properties for the
    selected inventory 
  • Delete Delete the selected inventory. This
    operation cannot be reversed! 

25
Job templates
  • In Ansible Tower, a job template is a pre-defined
    configuration for running a job. 
  • It specifies the details of the job, such as the
    playbook that should be run, the hosts or groups
    of hosts that the playbook should be applied to,
    and any extra variables or options that should be
    used. 
  • Job templates can be created and managed from the
    Ansible Tower web interface.
  • They allow you to define the parameters of your
    jobs in a centralized location, making it easier
    to run and manage your jobs on an ongoing basis.

26
  • There are a few key benefits to using job
    templates in Ansible Tower?
  • Simplified job management?
  • Improved efficiency?
  • Improved collaboration

Lab- adding a new inventory and scanning job
templates
27
Parallel exec
  • Parallel execution in Ansible refers to the
    ability to run multiple tasks or playbooks
    concurrently, rather than sequentially. This can
    be useful for improving the efficiency of your
    Ansible workflow and reducing the time it takes
    to complete tasks.
  • There are a few different ways to achieve
    parallel execution in ansible, including?
  • Using the "async" and "poll" options?
  • Using the "parallel" option?
  • Using the "delegate_to" option?
  • Using the "run_once" option

28
  • Using the "async" and "poll" options These
    options allow you to run a task asynchronously
    and check its status later. This can be useful
    for running tasks in parallel, as you can launch
    multiple tasks at the same time and then check
    their status later. 
  • Using the "parallel" option This option allows
    you to specify the number of tasks that should be
    run concurrently. For example, you can use the
    "parallel" option to run three tasks at the same
    time. 
  • Using the "delegate_to" option This option
    allows you to specify that a task should be run
    on a specific host. By using the "delegate_to"
    option, you can run tasks on multiple hosts
    concurrently. 
  • Using the "run_once" option This option allows
    you to specify that a task should only be run
    once, regardless of how many hosts it is being
    applied to. By using the "run_once" option, you
    can run tasks on multiple hosts concurrently, as
    each task will only be run once. 
Write a Comment
User Comments (0)
About PowerShow.com