This repo shows a demo to showcase event driven automation using ansible and rulebooks.
The rulebook instantiates one listener: Red Hat Insights events covering two different use cases, CVE remediation and malware detection and ticket creation in Service Now.
Each of those listeners react to events, trying to remediate an alert triggered by the application via playbooks that are part of the demo.
Events are generated by a Red Hat Insights service, listening on port 5002 on localhost, that exposes the following endpoints
/insights
To run the demo, podman and podman-compose should be installed in your system. Yes, nothing more! :)
Follow the instructions to install them, based on your system.
The stack is composed by one container:
- Ansible EDA container image, running the ansible bits
The eda-ansible directory, all rulebooks and playbooks are present.
The playbooks directory, where the playbooks containing the actions to be taken to an event are, in this case:
- eda-playbook-insights-cve.yml
- eda-playbook-insights-fix.yml
- eda-playbook-insights-malware.yml
- eda-playbook-insights-telegram.yml
- eda-playbook-insights-simple.yml
You can find a brief guide to configure Red Hat Insights to emit event notifications in this blog post.
I will sum up the needed steps bellow, but please do read Jerome's blog for further understanding.
You do need to integrate EDA with Insights, in order to do that, your EDA machine (the one processing the events) needs to have connection to internet and be reachable from the exterior. In my case, I don't have that (using a machine on my home lab behind NAT router) so the solution is to use ngrok.
The best way to configure ngrok in your EDA machine is as a service.
The most important thing to configure here, is the configuration file, here's a basic example that works with this demo:
[root@eda ~]# cat ngrok.yml
# in ngrok.yml
authtoken: Abd2M6FgBt7k87204757BSEdMm3uGFGVdfd935V
log_level: info
log_format: term
log: stdout
region: eu
version: 2
tunnels:
insights:
proto: http
addr: 5002
Then you should log into your Red Hat Insights console and go to integrations:
Now, you need to add the ‘Insights EDA’ endpoint so that it can be used as an action in a behavior group notification in Settings > Notifications, for example:
Once your setup is in place, you need to generate a token, that will be used by EDA Controller to connect to the Automation Controller. To do so, you can go in the Users -> admin -> Token section in the controller and ADD a new token.
Save the token and open the EDA Controller URL, go in the Users -> admin -> Token section and Create controller token
Then, you need to configure your project, in my case, my project files are in github. For that, go to **Resources -> Projects ** section and Create project
Then, you will also need to configure a rulebook activation, that is the listener. Go to **Views -> Rulebook Activations ** section and Create rulebook activation
Once your objects are in place, you can go to **Views -> Rulebook Activations ** section and Your rulebook activation -> History and you will see the events coming:
Decision environments are a container image to run Ansible rulebooks. They create a common language for communicating automation dependencies, and provide a standard way to build and distribute the automation environment. The default decision environment is found in the Ansible-Rulebook.
You can create your own decision environment to use with EDA. More information can be found in the official documentation.
This demo uses a custom DE, you can learn more about it at kubealex' gh.