Using Ansible on OpenStack

Describe it rather than click it!

3rd OpenStackFin User Group meetup, 23/10/2014

Tomáš Karásek, DIGILE Oy

<name.surname(without diacritics) at>

if you want to check all the links, slides are online at


Simplistic tool for automating management of IT infrastructure





  • no server component, push based
  • control machine → SSH → managed nodes
  • low requirements for managed nodes: SSH server allowing sudo-capable user, python 2.{4+simplejson,5}+
  • no specific DSL
  • works extensively with YAML and JSON ⇒ easy to extend and automate


How it works

How Ansible works


How it looks

- apt:
    name: python-pip

- pip:
    name: docker-py

- docker:
    name: webapp1
    image: training/webapp
    command: python
    ports: 8001:5000

Provisioning with Ansible on OpenStack

  • Creating virtual machines, images, networks, floating IPs.
  • {nova,glance,quantum,keystone}_* cloud modules in the Ansible core module set
  • nova_compute module improved in 1.8
  • can't create security groups
  • demo ↓

Provisioning with Ansible on OpenStack: Summary

Configuration with Ansible on OpenStack

For virtual machines not different than elsewhere.

Management/Orchestration: Ansible Inventory

  • What does this mean?
  • What is Ansible inventory, static and dynamic
  • List of managed nodes and groups of them



Ansible Inventory on OpenStack

  • nova inventory plugin ⇒ gets the list from Nova API with the Python client
  • Grouping: cloud, region, tenant, custom hostgroups by metadata (nova boot --meta <key=value>)
  • Access over private IP addresses
  • I have improved the Nova inventory: pull request
  • caching, guessing ssh user based on image name, refering to instances by Nova name, support for more tenants/regions/OpenStack
  • demo ↓

Ansible Inventory on OpenStack: Summary

  • I use combination of nova, .ssh/config and static alias for localhost: git repo

My workflow

  • the whole process: ansible run on a vanilla Linux image
  • to properly test the whole process, ansible-playbook toward a dev machine is not enough ← Goes for any conf management tool!
  • need to automate from instance boot to ansible run
  • OpenStack Python clients, custom scripts
  • dependencies in requirements.yml, since 1.8 as good as librarians
  • demo ↓

Workflow: summary

  • Maybe better off with Vagrant
  • Ansible-pull?


Questions and comments