Using Red Hat Insights as a source of events for Event-Driven Ansible automation

One of the key announcements at AnsibleFest 2022 was the introduction of the Event-Driven Ansible developer preview. This technology is currently available on GitHub and accessible by technology providers and end users to provide feedback and drive the ecosystem. ISVs and consulting/service partners are specifically invited to create event driven automation content that makes it easy for customers to use in joint solutions.

Red Hat Insights events as a source for Event-Driven Ansible

Red Hat Insights, is a managed service that is included in every Red Hat subscription. It continuously analyzes platforms and applications to help enterprises manage hybrid cloud environments, and can trigger events through its Notifications service. Each account configures how and who can receive these events, with the ability to perform actions depending on the event type. For example, one may want to forward new recommendations found for Red Hat Enterprise Linux (RHEL) system configuration to a specific team by email, and/or create a new ticket in ServiceNow for the Operations team to handle. Others may want to forward all triggered events to Splunk for external analysis and troubleshooting. Through its Integrations service, Insights provides end-point integrations to Splunk, ServiceNow, Slack, as well as any third party application with its generic webhooks integration (HTTP POST requests with optional token authentication). Once configured, these integrations can be used to forward Insights events to third party applications, and include Insights findings as part of the organization's operational workflow.

Event-Driven Ansible connects sources of events with corresponding actions via rules. In this article, we demonstrate how Insights events can become a source of events for Event-Driven Ansible. We use the generic webhook integration type from Insights to illustrate the functionality.

Event-Driven Ansible configuration

Event-Driven Ansible provides webhook and Kafka integration technology. We expose the webhook event source in this example. This creates a listener on the Ansible side that we expose to Insights. Every time we trigger an event from Insights, it gets forwarded to the Ansible webhook event source. Event-Driven Ansible then analyzes whether the event matches a rule in the Ansible Rulebook and runs the corresponding action if it does. 

Before getting started, install the required components and CLI following the installation instructions. We now have ansible-rulebook ready to demonstrate our integration. Below is the webhook-example.yml Ansible Rulebook that we use:

---
- name: Listen for events on a webhook
  hosts: all

  sources:
   - ansible.eda.webhook:
       host: 0.0.0.0
       port: 5000

  rules:
   - name: Handle Red Hat Insights event
     condition: event.payload is defined

     action:
       debug:
         msg: "Received: {{ event.payload }}"

This rulebook exposes a HTTP receiver on port 5000 and waits for incoming HTTP requests. Once received, a request is handled according to the rules section. The above condition checks for the definition of the event (this could be used to filter specific Insights events based on event.payload in future), and simply displays the message payload as a debug action.

One can start the ansible-rulebook from the command line tool with the following command:

# ansible-rulebook --rulebook webhook-example.yml -i inventory.yml --verbose

And validate the rulebook with this simple command:

curl -H 'Content-Type: application/json' -d "{\"payload\": \"Incoming message\"}" localhost:5000/endpoint

Depending on the infrastructure where this runs, you may need to configure a reverse proxy to receive incoming requests from console.redhat.com (hosting Red Hat Insights). An easy solution is the use of the Ngrok service on the machine that runs the rulebook.

Once installed and configured, the following command exposes port 5000 to ngrok service:

# ./ngrok http 5000

Ngrok then provides a publicly accessible URL that can be used by Insights to forward events.

Configuring Red Hat Insights to forward events

Configuring a webhook integration in Insights to forward events to is fully documented in the Configuring notifications and integrations on the Red Hat Hybrid Cloud Console product documentation. The procedure consists of first creating a webhook integration endpoint that informs Insights of the endpoint URL to forward events to. The following is a screenshot of our Settings > Integrations configuration for our registered ngrok URL. 

This ‘Event-Driven Ansible’ endpoint can then be used as an action in a behavior group notification in Settings > Notifications, for example:

Finally, assigning this behavior group to Insights events causes each action to happen when an event gets triggered. Below is an example of our configuration. Whenever an application triggers a specific event, the associated ‘Default behavior group’ behavior is executed, and in turn, forward the event to our ‘Event-Driven Ansible’ webhook endpoint.

End-to-end validation

Now that our Event-Driven Ansible is running and listening in for events, and that Insights is configured to forward all events via webhook, we just need to wait for events to be triggered. A simple way to cause new events is to run insights-client manually on a registered RHEL system and have Policies, Drift, or other application(s) setup. Triggered event history can be checked in Insights using Event Log, which displays previously triggered events as well as the status received for any given action.

On the Event-Driven Ansible side, the event gets received via ngrok and the condition rule is met. This results in the execution of associated actions. In our case, we simply display the event payload on the debug console.

Conclusion

This blog shows how to easily configure Insights to become an event source for Event-Driven Ansible. We provide an end-to-end example of the integration and successfully forward Insights events to a simple Ansible Rulebook. Our minimal demonstration proves that the integration is functional and can be used as a starting point for more advanced filtering and handling. One may, for example, write conditions that check for the content of each received Insights event, and perform different actions, such as running playbooks, according to the event data. We are very excited to see this integration validated, and look forward to full end-to-end automation triggered from Insights.

Call to Action

• Check out the Getting Started with Event-Driven Ansible training.
• Visit the Event-Driven Ansible web page.
• Check out the Event-Driven Ansible playlist on YouTube. 
• Check out the Best of AnsibleFest 2022.
• Try Ansible Automation Platform free for 60 days.