This week learning Ansible has also in many respects been a week learning some Linux basics, specifically Ubunut Server as the chosen Linux Distro. It has been thoroughly rewarding in developing some basic skills in an OS I had always just considered to be too hard.
The Cisco DevNet track has been very good for it’s purpose, however I found I wanted and needed to get a little bit deeper training to understand & clarify a few things. I then begun using YouTube, blogs and especially the great tool – CBT Nuggets.
Also this week, I spent time continuing my studies into the CCNA in Security. It is amazing that actually both of these two things I am studying last week crossed over. They didn’t cross over in the traditional sense, but they crossed over in their application. Ansible is simply a tool, and the CCNA Security (or Security, so to speak) treats Confidentiality, Integrity & Availability (CIA) very highly at this level of training. Whilst Security is so big and encompassing today, I am going to limit to this facet within this post and my limited knowledge.
With that in mind, the IT professional industry is quite aware that creating or maintaining systems with these 3 things nowadays is extremely hard with any small team. How does then a team or an engineer provide this level of security whilst maintaining sanity and the ability to complete all other assigned work? Of course there are highly regarded and important tools (or software), companies that offer to increase security through their excellent knowledge and experience.
However, suppose I didn’t have access to any of this.
Armed with just little knowledge of this tool, I am starting to see that I can through Ansible (though I suspect direct Python interaction with a network device API could be a better/suitable way as well) create some ways to check and then deploy changes that can increase security and I can deploy them to many devices very quickly rather than it taking me up to a month to do it all manually.
I will concede I have nothing to share in regards to this from my own work as of yet. However over this next week I have one simple project I am going to look into how I can achieve it on Ansible. I believe this simple project will be a launchpad for some future projects, projects with which would have more real world value within a business context or personal development context. I am a firm believer in studying and doing thus allowing it to soak into the memory that we have been given.
Ansible Project 1
Ansible Project 1 – Isolated Network Creator
There is a requirement at times for an isolated network to exist to transfer large amounts of data regularly, ie: backups or replication jobs. The network will be a secondary network for the devices that it will be connected to and thus the network is purposeful and is limited in it its use. It is to only be able to transfer Data to hosts within this network. Also for the sake of simplicity no specific ports or protocols are being specified.
The creation of this network and the attachment of the networks to the respective Linux hosts should all be automated. The Linux hosts will have the data transfer configured and executed manually so the script will not take into account this part of the process. Finally the network and removal of networks from the Linux hosts and network devices should also be automated.