We have put a lot of effort in making it easy to install and manage CipherMail Gateway and Webmail installations. Still, installing and updating these installations is a manual task, and the amount of work needed is multiplied by the number of CipherMail installations the customer is operating. A customer operating both a three-node Gateway and a three-node Webmail installation (like we do ourselves) needs to install and maintain at least six machines, possibly more when using load balancers and mail servers in front of the clusters. Managing that in the traditional way is a lot of manual work. In our previous blog post we briefly mentioned that we were working on automating these tasks. I am happy to say that we managed to get there, and since CipherMail Gateway 5.0 and Webmail Messenger 4.0, the installation and update mechanisms are highly automated using the Ansible automation framework.
Ansible was the logical choice for us. Ansible is supported by Red Hat, and our virtual appliance images are based on Red Hat Enterprise Linux. We are even a Red Hat Independent Software Vendor! We have been using Ansible since version 2.7 for managing our IT infrastructure, and since our infrastructure is based on the Debian GNU/Linux operating system, we have been using the DebOps roles and playbooks from the start. DebOps is an awesome collection of highly integrated Ansible roles and playbooks for Debian-based server farms. You should check it out! It has greatly helped us automate virtually everything in our IT infrastructure and continues to be actively maintained by a dedicated community.
The roles and playbooks we wrote for automating CipherMail deployments are not based on DebOps, however. The most important reasons for this are license incompatibilities and the fact that DebOps was made for Debian-based systems, not Red Hat Enterprise Linux. So we did everything ourselves. It is now possible to take a clean RHEL 8 installation, set up the CipherMail RPM repository and install the packages, and run the playbook. Ansible handles the rest. Installing a cluster is now many times simpler and faster than before: just add all cluster nodes to the Ansible inventory and run the playbook on just one of the hosts. Ansible will configure the others over SSH. Updates are even easier, just update any CipherMail package using DNF/YUM and the playbook will kick off automatically.
If you are interested in a demonstration of the new automation system, don't hesitate to contact us.