Using Ansible on OpenStack
Describe it rather than click it!
3rd OpenStackFin User Group meetup, 23/10/2014
<name.surname(without diacritics) at digile.fi>
if you want to check all the links, slides are online at
ow.ly/CMJFD
Ansible
Simplistic tool for automating management of IT infrastructure
Provision.
Configure.
Manage.
Ansible
- no server component, push based
- control machine → SSH → managed nodes
- low requirements for managed nodes: SSH server allowing sudo-capable user, python 2.{4+simplejson,5}+
- no specific DSL
- works extensively with YAML and JSON ⇒ easy to extend and automate
Ansible
How it works
Ansible
How it looks
---
- apt:
name: python-pip
- pip:
name: docker-py
- docker:
name: webapp1
image: training/webapp
command: python app.py
ports: 8001:5000
Provisioning with Ansible on OpenStack
- Creating virtual machines, images, networks, floating IPs.
- {nova,glance,quantum,keystone}_* cloud modules in the Ansible core module set
- nova_compute module improved in 1.8
- can't create security groups
- demo ↓
Provisioning with Ansible on OpenStack: Summary
- The core OpenStack modules are kind of behind
- !!! Very interesting module set for OpenStack!!!, thanks Peter Jenkins from CSC for pointing me to this.
- An alternative to Heat?
Configuration with Ansible on OpenStack
For virtual machines not different than elsewhere.
Management/Orchestration: Ansible Inventory
- What does this mean?
- What is Ansible inventory, static and dynamic
- List of managed nodes and groups of them
mail.example.com
[webservers]
foo.example.com
bar.example.com
[dbservers]
one.example.com
two.example.com
three.example.com
Ansible Inventory on OpenStack
- nova inventory plugin ⇒ gets the list from Nova API with the Python client
- Grouping: cloud, region, tenant, custom hostgroups by metadata (nova boot --meta <key=value>)
- Access over private IP addresses
- I have improved the Nova inventory: pull request
- caching, guessing ssh user based on image name, refering to instances by Nova name, support for more tenants/regions/OpenStack
- demo ↓
Ansible Inventory on OpenStack: Summary
- I use combination of nova, .ssh/config and static alias for localhost: git repo
My workflow
- the whole process: ansible run on a vanilla Linux image
- to properly test the whole process, ansible-playbook toward a dev machine is not enough ← Goes for any conf management tool!
- need to automate from instance boot to ansible run
- OpenStack Python clients, custom scripts
- dependencies in requirements.yml, since 1.8 as good as librarians
- demo ↓
Workflow: summary
- Maybe better off with Vagrant
- Ansible-pull?
Links
- My Ansible wrappers
- My OpenStack wrappers
- This reveal.js presentation
- Awesome book: Taste Test - a comparison of configuration management tools
- Another awesome book: Servers for Hackers