Using Ansible on OpenStack

Describe it rather than click it!

3rd OpenStackFin User Group meetup, 23/10/2014

Tomáš Karásek, DIGILE Oy

<name.surname(without diacritics) at digile.fi>

if you want to check all the links, slides are online at

ow.ly/CMJFD

Ansible

Simplistic tool for automating management of IT infrastructure

Provision.

Configure.

Manage.

Ansible

  • no server component, push based
  • control machine → SSH → managed nodes
  • low requirements for managed nodes: SSH server allowing sudo-capable user, python 2.{4+simplejson,5}+
  • no specific DSL
  • works extensively with YAML and JSON ⇒ easy to extend and automate

Ansible

How it works

How Ansible works

Ansible

How it looks


---
- apt:
    name: python-pip

- pip:
    name: docker-py

- docker:
    name: webapp1
    image: training/webapp
    command: python app.py
    ports: 8001:5000
					

Provisioning with Ansible on OpenStack

  • Creating virtual machines, images, networks, floating IPs.
  • {nova,glance,quantum,keystone}_* cloud modules in the Ansible core module set
  • nova_compute module improved in 1.8
  • can't create security groups
  • demo ↓

Provisioning with Ansible on OpenStack: Summary

Configuration with Ansible on OpenStack

For virtual machines not different than elsewhere.

Management/Orchestration: Ansible Inventory

  • What does this mean?
  • What is Ansible inventory, static and dynamic
  • List of managed nodes and groups of them

mail.example.com

[webservers]
foo.example.com
bar.example.com

[dbservers]
one.example.com
two.example.com
three.example.com
					

Ansible Inventory on OpenStack

  • nova inventory plugin ⇒ gets the list from Nova API with the Python client
  • Grouping: cloud, region, tenant, custom hostgroups by metadata (nova boot --meta <key=value>)
  • Access over private IP addresses
  • I have improved the Nova inventory: pull request
  • caching, guessing ssh user based on image name, refering to instances by Nova name, support for more tenants/regions/OpenStack
  • demo ↓

Ansible Inventory on OpenStack: Summary

  • I use combination of nova, .ssh/config and static alias for localhost: git repo

My workflow

  • the whole process: ansible run on a vanilla Linux image
  • to properly test the whole process, ansible-playbook toward a dev machine is not enough ← Goes for any conf management tool!
  • need to automate from instance boot to ansible run
  • OpenStack Python clients, custom scripts
  • dependencies in requirements.yml, since 1.8 as good as librarians
  • demo ↓

Workflow: summary

  • Maybe better off with Vagrant
  • Ansible-pull?

Links

Questions and comments