Getting Started with Ansible Tower

My last post on Linux security hardening briefly mentioned Ansible Tower. Ansible itself is very good at configuration management. It is lightweight, agentless and easy to get started with. But once you manage more than a few configuration items, more than a few target systems and work together with other administrators, Ansible as a command line tool doesn’t scale well.

Similar to how Red Hat Satellite replaced yum update in larger environments, Ansible Tower makes Ansible scalable and gives it a Web UI and REST API. The Ansible Tower Web site has a nice 2-minute overview, and below, I’ll walk you through installing and using Ansible Tower 3.

Continue reading

Linux Security Hardening with OpenSCAP and Ansible

In some organizations, Linux systems are audited for security compliance by an external auditor. Remediating the findings and making the systems compliant used to be a matter of manually applying changes or running monolithic scripts. Today, remediation can be fully automated with Ansible, and security compliance can be checked before the auditor arrives with OpenSCAP. Below, we’ll see how to do this for Red Hat Enterprise Linux 6. Continue reading