Saat ini setiap organisasi membutuhkan aplikasi untuk memberikan layanan pada pelanggan mereka. Faktanya, 62% organisasi mengatakan aplikasi itu penting untuk bisnis mereka, dan 36% lebih lanjut ...mengatakan aplikasi memberikan keunggulan kompetitif. Hal ini membuat perusahaan dituntut untuk memberikan inovasi secara cepat demi memberikan kepuasan dan kenyamanan bagi pelanggannya. Untuk merespons tuntutan tersebut, maka organisasi perlu melakukan pengiriman pembaruan aplikasi lebih sering. Dalam proses pengiriman tradisional, setiap proses pengiriman dimulai dengan persyaratan yang ditentukan oleh pelanggan dan berakhir pada produksi. Kelemahan pada pengiriman tradisional adalah lambannya proses pengiriman, dimana proses pengiriman dilakukan secara manual dan berbasis langkah berpotensi menyebabkan titik kegagalan serta kesalahan manusia yang berdampak pada penundaan atau penghentian total sistem. Teknik Countinuous Delivery hadir untuk membantu organisasi mempercepat proses pengiriman aplikasi mereka ke pelanggan. Salah satu perangkat lunak yang dapat digunakan untuk membangun Continuous Delivery dengan zero-downtime adalah Ansible. Berdasarkan hasil pengujian, Ansible berhasil menjaga ketersediaan layanan dengan persentase uptime sebesar 100%. Serta mampu mempercepat waktu deployment sebesar 48%. Dari pengujian beban didapatkan bahwa 1 buah server mampu menangani beban sebesar 2000 user per 5 menit dengan persentase keberhasilan sebesar 99%.
Building on lean and agile practices, DevOps means end-to-end automation in software development and delivery. Hardly anybody will be able to approach it with a cookbook-style approach, but most ...developers will benefit from better connecting the previously isolated silos of development and operations. Many DevOps tools exist that can help them do this.
Network Automation using Ansible for EIGRP Network Mohd Fuzi, Mohd Faris; Abdullah, Khairunnisa; Abd Halim, Iman Hazwam ...
Journal of Computing Research and Innovation,
09/2021, Letnik:
6, Številka:
4
Journal Article
Recenzirano
Odprti dostop
Network automation has evolved into a solution that emphasizes efficiency in all areas. Furthermore, communication and computer networks rely on a platform that provides the necessary technological ...infrastructure for packet transfer through the Internet using routing protocols. The Enhanced Interior Gateway Routing Protocol (EIGRP) is a hybrid routing protocol that combines the properties of both distance-vector and link-state routing methods. The traditional technique to configure EIGRP is inefficient and requires repeated processes compared to the network automation concept. Network automation helps to assist network administrators in automating and verifying the EIGRP configuration using scripting. This paper implemented network automation using Ansible to configure EIGRP routing and advanced configuration in the GNS3 environment. This study is focused on automated scripting to configure IP Addresses to the interfaces, EIGRP routing protocol, a default static route and advanced EIGRP configurations. Ansible ran the scripting on Network Automation Docker and pushed the configurations to the routers. The network automation docker communicated with other routers via SSH. In the testing phase, the running configuration between the traditional approach and automation scripting in the Ansible playbook was compared to verify EIGRP configurations' accuracy. The findings show that Ansible has successfully deployed the configuration to the routers with no errors. Ansible can help network administrators minimized human mistakes, reduce time-consuming and enable device visibility across the network environment. Implementing EIGRP authentication and hardening process can enhance the network security level for future study.
Las herramientas de Infraestructura como código (IaC) permiten automatizar las tareas realizadas por los departamentos de IT de forma rápida y dinámica mediante el uso de lenguajes de programación de ...scripts, que permiten administrar, crear, manipular y distribuir múltiples recursos informáticos a gran escala dentro de una infraestructura de Cloud Computing. Las herramientas de Infraestructura como código Ansible, Terrafom, Chef, Puppet generan una representación virtual de toda la infraestructura física y escalable de una plataforma Cloud Computing y de Centro de Datos, facilitando que esta sea programable y dinámica.
Security Smells in Ansible and Chef Scripts Rahman, Akond; Rahman, Md Rayhanur; Parnin, Chris ...
ACM transactions on software engineering and methodology,
01/2021, Letnik:
30, Številka:
1
Journal Article
Recenzirano
Context:
Security smells are recurring coding patterns that are indicative of security weakness and require further inspection. As infrastructure as code (IaC) scripts, such as Ansible and Chef ...scripts, are used to provision cloud-based servers and systems at scale, security smells in IaC scripts could be used to enable malicious users to exploit vulnerabilities in the provisioned systems.
Goal:
The goal of this article is to help practitioners avoid insecure coding practices while developing infrastructure as code scripts through an empirical study of security smells in Ansible and Chef scripts.
Methodology:
We conduct a replication study where we apply qualitative analysis with 1,956 IaC scripts to identify security smells for IaC scripts written in two languages: Ansible and Chef. We construct a static analysis tool called Security Linter for Ansible and Chef scripts (SLAC) to automatically identify security smells in 50,323 scripts collected from 813 open source software repositories. We also submit bug reports for 1,000 randomly selected smell occurrences.
Results:
We identify two security smells not reported in prior work: missing default in case statement and no integrity check. By applying SLAC we identify 46,600 occurrences of security smells that include 7,849 hard-coded passwords. We observe agreement for 65 of the responded 94 bug reports, which suggests the relevance of security smells for Ansible and Chef scripts amongst practitioners.
Conclusion:
We observe security smells to be prevalent in Ansible and Chef scripts, similarly to that of the Puppet scripts. We recommend practitioners to rigorously inspect the presence of the identified security smells in Ansible and Chef scripts using (i) code review, and (ii) static analysis tools.
Ansible, a popular Infrastructure-as-Code platform, provides reusable collections of tasks called roles. Roles are often contributed by third parties, and like general-purpose libraries, they evolve. ...Therefore, new releases of roles need to be tagged with version numbers, for which Ansible recommends adhering to the semantic versioning format. However, roles significantly differ from general-purpose libraries, and it is not yet known what constitutes a breaking change or the addition of a feature to a role. Consequently, this can cause confusion for clients of a role and new role contributors.
To alleviate this issue, we perform an empirical study on semantic versioning in Ansible roles to uncover the types of changes that trigger certain types of version bumps. Our dataset consists of over 81000 version increments spanning upwards of 8500 Ansible roles. We design a novel structural model for these roles, and implement a domain-specific structural change extraction algorithm to calculate structural difference metrics. Afterwards, we quantitatively investigate the state of semantic versioning in Ansible roles and identify the most commonly changed elements. Then, using the structural difference metrics, we train a Random Forest classifier to predict applicable version bumps for Ansible role releases. Finally, we confirm our empirical findings with a developer survey.
Our observations show that although most Ansible role developers follow the semantic versioning format, it appears that they do not always consistently follow the same rules when selecting the version bump to apply. Moreover, we find that the distinction between patch and minor increments is often unclear. Therefore, we use the gained insights to formulate a number of guidelines to apply semantic versioning on Ansible roles. These guidelines can be used by role developers to ensure a clear interpretation of the version increments.
•Many role releases do not incur any structural change.•Default variables and platforms form the main part of a role’s interface.•Ansible role developers try to adhere to the Semantic Versioning specifications.•Patch and minor increments are often difficult to distinguish on a structural level.•Patch releases often change only one part of a role, major releases change multiple.
Context
Despite being beneficial for managing computing infrastructure at scale, Ansible scripts include security weaknesses, such as hard-coded passwords. Security weaknesses can propagate into ...tasks, i.e., code constructs used for managing computing infrastructure with Ansible. Propagation of security weaknesses into tasks makes the provisioned infrastructure susceptible to security attacks. A systematic characterization of task infection, i.e., the propagation of security weaknesses into tasks, can aid practitioners and researchers in understanding how security weaknesses propagate into tasks and derive insights for practitioners to develop Ansible scripts securely.
Objective
The goal of the paper is to help practitioners and researchers understand how Ansible-managed computing infrastructure is impacted by security weaknesses by conducting an empirical study of task infections in Ansible scripts.
Method
We conduct an empirical study where we quantify the frequency of task infections in Ansible scripts. Upon detection of task infections, we apply qualitative analysis to determine task infection categories. We also conduct a survey with 23 practitioners to determine the prevalence and severity of identified task infection categories. With logistic regression analysis, we identify development factors that correlate with presence of task infections.
Results
In all, we identify 1,805 task infections in 27,213 scripts. We identify six task infection categories: anti-virus, continuous integration, data storage, message broker, networking, and virtualization. From our survey, we observe tasks used to manage data storage infrastructure perceived to have the most severe consequences. We also find three development factors, namely age, minor contributors, and scatteredness to correlate with the presence of task infections.
Conclusion
Our empirical study shows computing infrastructure managed by Ansible scripts to be impacted by security weaknesses. We conclude the paper by discussing the implications of our findings for practitioners and researchers.
The Ansible configuration manager is currently one of the most popular systems for software deployment. However, Ansible is difficult to debug when working with large scenarios and is difficult to ...embed into other systems. We propose the cotea (Python) and gocotea (Golang) tools that allow users to control Ansible execution programmatically, by iterating over the tasks and collecting progress information. We additionally propose gopython — a solution for embedding arbitrary Python code into a Golang application. The approach used was generalized up to the abstract architecture of the software tool, which allows for the control of an arbitrary Python program execution.
The recent improvement in code generation capabilities due to the use of large language models has mainly benefited general purpose programming languages. Domain specific languages, such as the ones ...used for IT Automation, received far less attention, despite involving many active developers and being an essential component of modern cloud platforms. This work focuses on the generation of Ansible YAML, a widely used markup language for IT Automation. We present Ansible Wisdom, a natural-language to Ansible YAML code generation tool, aimed at improving IT automation productivity. Results show that Ansible Wisdom can accurately generate Ansible script from natural language prompts with performance comparable or better than existing state of the art code generation models.
PDF
