-
Hardening ssh connections to managed hosts with Ansible Automation Platform
Ansible Automation Platform (AAP), as a platform for implementing enterprise-wide automation, is a central point in many organizations. From there, AAP can access any host for automation purposes. Security has many layers (see Zero Trust architecture), and this article focuses on one specific security layer: mitigate the ssh base attacks on managed hosts. We cannot eliminate all the security risks, but we can harden our managed hosts for eliminating some of them (brute force attack), and mitigating others (allowing ssh connections only from authorized hosts, setting up sudo password). Although this article’ s use case is around AAP, most of the hardening configuration is applied to the managed hosts (editing…
-
Running Ansible Jobs in AAP 2.4+ with EDA watching OpenShift events
In the article Kubernetes Meets Event-Driven Ansible (EDA), Andrew Block explained how Automation and Kubernetes go hand in hand and how Ansible already plays a role within this ecosystem. When the article was written, EDA was not included in Ansible Automation Platform (AAP) yet, and the rulebooks had to be executed in the CLI or packaged within custom solutions. With the release of AAP 2.4, EDA is now part of AAP, and the Ansible Rulebooks can be executed in AAP. In this article, I will describe the use case of running Ansible Jobs in AAP 2.4 with EDA watching OpenShift events: Register/unregister OpenShift machines in Service Now watching machine-api events…