Welcome to another Ansible release! Version 2.5–“Kashmir”–has a lot of great stuff to play around with, and we're excited to get it in your hands so you can try it out.
Some of the items in this release have been covered in depth in previous Feature Spotlights: AWS EC2 Dynamic inventory plugin, the new Loop keyword, and the all-new ec2_instance module. But those are just appetizers for all of the new things that are included in this release.
Fact Namespacing
In 2.5, we are introducing fact namespacing, which makes Ansible facts available under the ansible_facts namespace (i.e. ansible_facts.os_distribution) without the ansible_ prefix.
Facts will continue to be added into the main namespace directly, but there is now a configuration boolean to enable this. Today, it’s ”On” by default, in a future release, we’ll switch that to “Off”.
Module Blacklisting
We have added a configuration file that enables administrators to filter modules that should be excluded from being used in playbook runs. Operationally, this ensures administrators have more control over which Ansible Modules are approved for use.
New magic vars
Magic vars are variables that Ansible provides to playbook runs without having to be requested. In 2.5, we’ve added a handful of new magic variables have been added and can now used in your playbooks.
- ansible_inventory_sources: Display current inventory sources being used
- ansible_limit: Display current limit value for run
- ansible_run_tags: Display current tags “activated” in run
- ansible_forks: Display number of forks for run
- ansible_skip_tags: Display skip_tags applied for run
Windows
To ease the privilege escalation on Windows systems, we’ve expanded become capabilities to include:
- Support to become NT AUTHORITY\System, NT AUTHORITY\LocalService, and NT AUTHORITY\NetworkService
- Updated become to work with async on Windows hosts
- Improved become elevation process to work on standard Administrator users without first disabling UAC on Windows hosts
Cloud
Cloud deployments and automation remains a key strategic area of focus. Ansible 2.5 continues this trend, and adds significant new capabilities for cloud provisioning, ongoing day 2 management, and integrations that help enable hybrid cloud management.
Amazon Web Services (AWS)
We’re continuing our AWS leadership with a handful of new community modules. As I mentioned in my earlier webinar, we’re effectively deprecating the previous ec2 module in favor of a brand-new ec2_instance module. Beyond that, there are a few others coming in this release:
- aws_kms_facts: Manage role/user access to a KMS key. Not designed for encrypting/decrypting
- aws_region_facts: Gather facts about AWS regions.
- ec2_ami_facts: Gather facts about ec2 AMIs
- ec2_instance: Create and manage ec2 instances
- ec2_placement_group: Create or delete a placement group.
- elb_target: - Used to register or deregister a target in a target group
- iam_user: Manage AWS IAM Users
- iam_role_facts: Gathers information about IAM roles
We are also introducing a new EC2 dynamic inventory plugin These inventory plugins have the ability to utilize the newly released Ansible inventory plugin system.
Microsoft Azure
Our friends at Microsoft have been diligent in adding new Azure modules and capabilities in each release. Updates and additions include:
- azure_rm_containerinstance: Create, update and delete an Azure Container Instance.
- azure_rm_containerregistry: Create, update and delete an Azure Container Registry.
- azure_rm_image: Create, delete an image from virtual machine, blob uri, managed disk or snapshot.
- azure_rm_keyvault: Create, update and delete instance of Key Vault.
- azure_rm_keyvaultkey: Create or delete a key within a given keyvault.
- azure_rm_keyvaultsecret: Create or delete a secret within a given keyvault.
- azure_rm_mysqldatabase: Create, update and delete instance of MySQL Database.
- azure_rm_mysqlserver: Create, update and delete instance of MySQL Server.
- azure_rm_postgresqldatabase: Create, update and delete instance of PostgreSQL Database.
- azure_rm_postgresqlserver: Create, update and delete instance of PostgreSQL Server.
- azure_rm_sqldatabase: Create, update and delete instance of SQL Database.
- azure_rm_sqlserver: Create, update and delete instance of SQL Server
- azure_rm_sqlserver_facts: Get facts of SQL Server.
Google Cloud (GCP)
Ansible 2.5 includes the gcp_dns_managed_zone module provided by our Partners at Google.
And in an interesting side-note, this module is one of the first being provided by Google using their module auto-generation tooling that automatically creates GCP modules. We reviewed this tool with the google team, and are confident that it does a great job creating modules in a manner that makes sense; rather than just mirroring an API.
VMware
In the past few months, Red Hat Engineering, coupled with the Ansible community, have established Working Groups in specific areas. One of these new areas of focus is centered around growing Ansible’s VMware automation capabilities. As such, quite a bit of content is available this release:
- vcenter_folder: Used to create, delete, move and rename folder on the given datacenter
- vmware_cfg_backup: Perform various operations related to backup, restore and reset of ESXi host configuration
- vmware_datastore_facts: Used to gather facts about datastores in VMware infrastructure
- vmware_drs_rule_facts: Used to gather facts about DRS VM-VM and VM-HOST rules from the given cluster
- vmware_guest_file_operation: Copy a file to a VM, fetch a file from a VM and create or delete a directory in the guest OS
- vmware_guest_powerstate: Power on / Power off / Restart a virtual machine
- vmware_host_acceptance: Used to manage acceptance level of an ESXi host
- vmware_host_config_facts: Used to gather facts about an ESXi host’s advance configuration information when ESXi hostname or Cluster name is given
- vmware_host_config_manager: Used to manage advance configuration information about an ESXi host when ESXi hostname or Cluster name is given
- vmware_host_datastore: Used to mount/umount datastore on ESXi host
- vmware_host_dns_facts: Used to gather facts about an ESXi host’s DNS configuration information
- vmware_host_facts: Gathers facts about remote vmware host
- vmware_host_firewall_facts: Used to gather facts about an ESXi host’s firewall configuration information
- vmware_host_firewall_manager: Used to manage firewall configurations about an ESXi host
- vmware_host_lockdown: Used to manage administrator permission for the local administrative account for the host
- vmware_host_ntp: Used to manage NTP configuration information about an ESXi host
- vmware_host_package_facts: Used to gather facts about available packages and their status on an ESXi host
- vmware_host_service_facts: Used to gather facts about an ESXi host’s services
- vmware_host_service_manager: Used to manage (start, stop, restart) services on a given ESXi host
- vmware_host_vmnic_facts: Used to gather facts about vmnics available on the given ESXi host
- vmware_local_role_manager: Manage local roles on an ESXi host
- vmware_vm_vm_drs_rule: Used to configure VMware DRS Affinity rule for virtual machine in given cluster
- vmware_vmkernel_facts: Used to gather VMKernel facts about an ESXi host
New Plugins:
In my opinion, Ansible Plugins are one of the most under-appreciated capabilities of our platform. We continue to add capabilities here to enable you to easily pull in external data to playbook runs, alter callback functions, and change the connection type for certain environments (i.e. Networks).
Lookups
- aws_ssm: Query AWS ssm data
- aws_account_attribute: Query AWS account attributes such as EC2-Classic availability
- config: Lookup Ansible settings
- openshift: Return info from Openshift installation
- redis: Look up date from Redis DB, deprecates the redis_kv one
Callbacks
- yaml: Ansible output that can be quite a bit easier to read than the default JSON formatting
Connections
While technically not new plugins, these connection plugins can now be used directly with network-specific modules.
- network_cli: Provides a connection to remote devices over the SSH and implements a CLI shell.
- netconf: Provides a connection to remote devices over the SSH NETCONF subsystem
While neither is technically a new plugin, these connections may now be used directly with network modules. See Network Best Practices for Ansible 2.5 for more details. And read more about the latest networking updates in our Ansible 2.5 Networking features blog post.
Filters
- parse_xml: Convert the XML output of a network device command into structured JSON output
SUMMARY
Of course, this was just a quick summary of some of the great content that’s in Ansible 2.5. For the entire documentation check out our Ansible 2.5 docs page. If you want to learn more about the details, check out the changelog for the full list of updates in 2.5.
Do you already have a bunch of Ansible content, and want details on deprecated modules and other content? Check out the Porting guide for full details, and what steps to take to mitigate any potential issues in your playbooks.
Want to get involved? Reach out to us on Freenode in #ansible, or on the Ansible project list.
Want support for your Ansible installation?
Check out Ansible Engine, and re-use all of your existing playbooks and Roles, but now, with support. Do you want to better manage your Ansible at scale in your organization? Try Ansible Tower.
