Ansible & CloudStack Cloud Era Configuration Management Paul - - PowerPoint PPT Presentation

ansible cloudstack
SMART_READER_LITE
LIVE PREVIEW

Ansible & CloudStack Cloud Era Configuration Management Paul - - PowerPoint PPT Presentation

Sep 06, 2023 925 likes •1.39k views

Ansible & CloudStack Cloud Era Configuration Management Paul Angus Cloud Architect paul.angus@shapeblue.com @CloudyAngus @ShapeBlue Ansible & CloudStack Configuration Management Ansible Using Ansible with CloudStack @ShapeBlue

slide-1
SLIDE 1

Ansible & CloudStack

Cloud Era Configuration Management

Paul Angus Cloud Architect paul.angus@shapeblue.com @CloudyAngus @ShapeBlue

slide-2
SLIDE 2

@ShapeBlue #CloudStack #CCCEU14

Configuration Management Ansible Using Ansible with CloudStack

Ansible & CloudStack

slide-3
SLIDE 3

@ShapeBlue #CloudStack #CCCEU14

Who am I Cloud Architect with ShapeBlue Worked with CloudStack since 2.2.13 Specialising in deployment of CloudStack and supporting infrastructure Orange, TomTom, PaddyPower, Ascenty, BSkyB, SunGard, T‐Mobile I view CloudStack from ‘What can cloud consumers practically do with it’ point‐of‐ view

About Me

slide-4
SLIDE 4

@ShapeBlue #CloudStack #CCCEU14

slide-5
SLIDE 5

@ShapeBlue #CloudStack #CCCEU14

“ShapeBlue are expert builders of public & private clouds. They are the leading global independent CloudStack / CloudPlatform integrator & consultancy”

About ShapeBlue

slide-6
SLIDE 6

@ShapeBlue #CloudStack #CCCEU14

Ansible & CloudStack

What is Configuration Management?

slide-7
SLIDE 7

@ShapeBlue #CloudStack #CCCEU14

Configuration management is the philosophy of defining the state that a server should be in wrt it’s configuration and using tools that achieve that state CM gives centralisation of configuration data and actions Configuration Management tools should be idempotent

What is Configuration Management?

slide-8
SLIDE 8

@ShapeBlue #CloudStack #CCCEU14

Operations in mathematics and computer science, that can be applied multiple times without changing the result beyond the initial application. (you asked)

Er, Idempotent?

slide-9
SLIDE 9

@ShapeBlue #CloudStack #CCCEU14

CloudStack Example:

You need to add the following lines to the default my.cnf:

innodb_rollback_on_timeout=1 innodb_lock_wait_timeout=600 max_connections=350

A sed command would add the lines

sed ‐i ‐e '/symbolic‐links=0/ a\innodb_rollback_on_timeout=1' ‐e '/symbolic‐links=0/ a\innodb_lock_wait_timeout=600' ‐e '/symbolic‐links=0/ a\max_connections=350' /etc/my.cnf

But if you needed to run your script to update/restore another setting then the addition of these lines would be repeated A configuration management tool would not add these lines again if rerun.

Er, Idempotent?

slide-10
SLIDE 10

@ShapeBlue #CloudStack #CCCEU14

CloudStack Example:

In a configuration management you would specify that these lines:

innodb_rollback_on_timeout=1 innodb_lock_wait_timeout=600 max_connections=350

should exist in the my.cnf file The configuration management tool would only add these lines if they don’t exist.

Er, Idempotent?

slide-11
SLIDE 11

@ShapeBlue #CloudStack #CCCEU14

I need these services to be installed and running I need this configuration file to contain these lines I need this file to exist in this directory Centralisation of configuration Creation of reusable template configurations i.e. web servers, database servers, DHCP servers, CloudStack management servers

What is Configuration Management?

slide-12
SLIDE 12

@ShapeBlue #CloudStack #CCCEU14

Ansible & CloudStack

Ansible

slide-13
SLIDE 13

@ShapeBlue #CloudStack #CCCEU14

Technical:

Client/Server architecture not required Only SSH connectivity required (password or public/private keys) …making it easier to deploy in environments Modules can be in any language capable of returning JSON or key=value text pairs Has an API

User:

Much shallower learning curve Don’t need to learn a programming language (i.e. Ruby)

Not as many pre‐existing playbooks (recipes/manifests) about, but improving with Ansible Galaxy

Why Ansible

slide-14
SLIDE 14

@ShapeBlue #CloudStack #CCCEU14

Ansible & CloudStack

Where to use Ansible

slide-15
SLIDE 15

@ShapeBlue #CloudStack #CCCEU14

Building CloudStack RPMs from source Deploying management infrastructure Deploying hosts Configuration changes to hosts and management VMs Patching of hosts and management VMs Deployment & configuration of guest VMs

Where to Use Ansible

slide-16
SLIDE 16

@ShapeBlue #CloudStack #CCCEU14

Ansible & CloudStack

How to use Ansible

slide-17
SLIDE 17

@ShapeBlue #CloudStack #CCCEU14

Host Inventories Roles Tasks Variables (hosts or groups) Modules Templates Playbooks

How to use Ansible

slide-18
SLIDE 18

@ShapeBlue #CloudStack #CCCEU14

# rpm ‐ivh http://www.mirrorservice.org/sites/dl.fedoraproject.org/pub/epel/6/i386/epel‐ release‐6‐8.noarch.rpm # yum install ‐y python‐pip # pip install ansible Directory /etc/ansible is created

Installing Ansible

slide-19
SLIDE 19

@ShapeBlue #CloudStack #CCCEU14

Install Ansible git pull ‘ansible‐repo’

Creating an Ansible ‘Server’

slide-20
SLIDE 20

@ShapeBlue #CloudStack #CCCEU14

David Nalley @ke4qqq

http://buildacloud.org/blog/312‐building‐cloudstack‐rpms‐with‐ ansible.html

Building of RPMs from Source

slide-21
SLIDE 21

@ShapeBlue #CloudStack #CCCEU14

Ansible & CloudStack

Using Ansible with CloudStack

slide-22
SLIDE 22

@ShapeBlue #CloudStack #CCCEU14

Create/deploy Ansible server environment Use Ansible to create guest VMs

  • CloudMonkey
  • CloudStack/Ansible module

(WIP)

  • EC2 module?

Use Ansible to configure guest VMs

  • Dynamic Inventories
  • Call back
  • Roles
  • UserData + ansible‐pull

Use Ansible to maintain guest VMs

  • Dynamic Inventories
  • Playbooks

Using Ansible with Guest VMs

slide-23
SLIDE 23

@ShapeBlue #CloudStack #CCCEU14 Dynamic Inventories:

CloudStack – Written by Sebastien Goasguen EC2 Cobbler BSD Jails Digital Ocean Linode OpenShift OpenStack Nova Red Hat's SpaceWalk Vagrant (not to be confused with the provisioner in vagrant) Zabbix

AnsibleWorks AWX also provides a database to store inventory results that is both web and REST Accessible. AWX syncs with all Ansible dynamic inventory sources.

Dynamic Inventories

slide-24
SLIDE 24

@ShapeBlue #CloudStack #CCCEU14

A toolset is required to determine that a new webserver etc is required and to tell Ansible to create and configure it.

Using Ansible with Guest VMs

slide-25
SLIDE 25

@ShapeBlue #CloudStack #CCCEU14

Ansible & CloudStack

Deploying a CloudStack Management Server

slide-26
SLIDE 26

@ShapeBlue #CloudStack #CCCEU14

Prereqs Creating roles, templates, tasks & playbooks

CloudStack Management Server

slide-27
SLIDE 27

@ShapeBlue #CloudStack #CCCEU14

A CentOS 6.4 host to install CloudStack on and one for Ansible An IP address already assigned on the ACS management host The ACS management host should have a resolvable FQDN (either through DNS or the host file on the ACS management host) Internet connectivity on the ACS management host

Pre‐Requisites

slide-28
SLIDE 28

@ShapeBlue #CloudStack #CCCEU14

Create MySQL role Create CloudStack role Create DB deployment task Create Seed secondary storage task Create Playbook

CloudStack Management Server

slide-29
SLIDE 29

@ShapeBlue #CloudStack #CCCEU14

‐‐‐ ‐ name: Ensure mysql server is installed yum: name=mysql‐server state=present ‐ name: Ensure mysql python is installed yum: name=MySQL‐python state=present ‐ name: Ensure selinux python bindings are installed yum: name=libselinux‐python state=present ‐ name: Ensure cloudstack specfic my.cnf lines are present lineinfile: dest=/etc/my.cnf regexp='$item' insertafter="symbolic‐links=0" line='$item' with_items: ‐ skip‐name‐resolve ‐ default‐time‐zone='+00:00' ‐ innodb_rollback_on_timeout=1 ‐ innodb_lock_wait_timeout=600 ‐ max_connections=350 ‐ log‐bin=mysql‐bin ‐ binlog‐format = 'ROW' ‐ name: Ensure MySQL service is started service: name=mysqld state=started ‐ name: Ensure MySQL service is enabled at boot service: name=mysqld enabled=yes ‐ name: Ensure root password is set mysql_user: user=root password=$mysql_root_password host=localhost ignore_errors: true ‐ name: Ensure root has sufficient privileges mysql_user: login_user=root login_password=$mysql_root_password user=root host=% password=$mysql_root_password priv=*.*:GRANT,ALL state=present

Create MySQL role

/etc/ansible/roles/mysql/tasks/main.yml

slide-30
SLIDE 30

@ShapeBlue #CloudStack #CCCEU14

‐‐‐ ‐ name: Ensure selinux python bindings are installed yum: name=libselinux‐python state=present ‐ name: Ensure the Apache Cloudstack Repo file exists as per template template: src=cloudstack.repo.j2 dest=/etc/yum.repos.d/cloudstack.repo ‐ name: Ensure selinux is in permissive mode command: setenforce permissive ‐ name: Ensure selinux is set permanently selinux: policy=targeted state=permissive ‐ name: Ensure CloudStack packages are installed yum: name=cloudstack‐management state=present ‐ name: Ensure vhdutil is in correct location get_url: url=http://download.cloud.com.s3.amazonaws.com/tools/vhd‐util dest=/usr/share/cloudstack‐common/scripts/vm/hypervisor/xenserver/vhd‐ util mode=0755

Create CS Manger role

/etc/ansible/roles/cloudstack‐management/tasks/main.yml

slide-31
SLIDE 31

@ShapeBlue #CloudStack #CCCEU14

name=cloudstack baseurl=http://${baseurl_cloudstack} enabled=1 gpgcheck=0

Create CS Repo Template

/etc/ansible/roles/cloudstack‐manager/templates/cloudstack.repo.j2

slide-32
SLIDE 32

@ShapeBlue #CloudStack #CCCEU14

‐‐‐ ‐ name: cloudstack‐setup‐databases command: /usr/bin/cloudstack‐setup‐databases cloud:{{ mysql_cloud_password }}@{{mysql_vip}} ‐‐deploy‐as=root:{{ mysql_root_password }} ‐ name: Setup CloudStack manager command: /usr/bin/cloudstack‐setup‐management

Create DB Deployment Task

/etc/ansible/roles/cloudstack‐management/tasks/setupdb.yml

slide-33
SLIDE 33

@ShapeBlue #CloudStack #CCCEU14

‐‐‐ ‐ name: Ensure secondary storage mount exists file: path={{ tmp_nfs_path }} state=directory ‐ name: Ensure NFS storage is mounted mount: name={{ tmp_nfs_path }} src={{ sec_nfs_ip }}:{{ sec_nfs_path }} fstype=nfs state=mounted opts=nolock ‐ name: Seed secondary storage command: /usr/share/cloudstack‐ common/scripts/storage/secondary/cloud‐install‐sys‐tmplt ‐m {{ tmp_nfs_path }} ‐u http://download.cloud.com/templates/4.2/systemvmtemplate‐2013‐06‐12‐ master‐kvm.qcow2.bz2 ‐h kvm ‐F command: /usr/share/cloudstack‐ common/scripts/storage/secondary/cloud‐install‐sys‐tmplt ‐m {{ tmp_nfs_path }} ‐u http://download.cloud.com/templates/4.2/systemvmtemplate‐2013‐07‐12‐ master‐xen.vhd.bz2 ‐h xenserver ‐F command: /usr/share/cloudstack‐ common/scripts/storage/secondary/cloud‐install‐sys‐tmplt ‐m {{ tmp_nfs_path }} ‐u http://download.cloud.com/templates/4.2/systemvmtemplate‐4.2‐vh7.ova ‐ h vmware ‐F

Create Seed Secondary Storage Task

/etc/ansible/roles/cloudstack‐manager/tasks/seedstorage.yml

slide-34
SLIDE 34

@ShapeBlue #CloudStack #CCCEU14

‐‐‐ ‐ hosts: acs‐manager vars: mysql_vip: localhost mysql_root_password: Cl0ud5tack mysql_cloud_password: Cl0ud5tack tmp_nfs_path: /mnt/secondary sec_nfs_ip: IP_OF_YOUR_SECONDARY_STORAGE sec_nfs_path: PATH_TO_YOUR_SECONDARY_STORAGE_MOUNT baseurl: cloudstack.apt‐get.eu/rhel/4.2/ roles: ‐ mysql ‐ cloudstack‐manager tasks: ‐ include: /etc/ansible/roles/cloudstack‐manager/tasks/setupdb.yml ‐ include: /etc/ansible/roles/cloudstack‐manager/tasks/seedstorage.yml

Create Playbook

/etc/ansible/deploy‐cloudstack.yml

slide-35
SLIDE 35

@ShapeBlue #CloudStack #CCCEU14

Demonstration

slide-36
SLIDE 36

@ShapeBlue #CloudStack #CCCEU14

Requires the use of Ansible ‘facts’ (until a XenServer module is written)

XenServer Hotfixes

slide-37
SLIDE 37

@ShapeBlue #CloudStack #CCCEU14

Written as ‘modules’ in any language that is present on the client Result should be an output in JSON format

Ansible Facts

slide-38
SLIDE 38

@ShapeBlue #CloudStack #CCCEU14

#!/bin/bash # create a JSON compatible Ansible 'Fact' of patches installed on a XenServer XENVERSION=`cat /etc/redhat‐release | awk ‐F ' ' '{print $3}' | awk ‐F '‐' '{print $1}'` VER=${XENVERSION//./_} THIS_HOST=`xe host‐list ‐‐minimal name‐label=$HOSTNAME` listUploadedPatches=`xe patch‐list ‐‐minimal` # output opening section of JSON output echo '{ "ansible_facts": {' # output XenServer version echo " \"ansible_xenserver_version\": \"$VER\"," echo ' "ansible_xenserver_patches": {' if [ ‐n "$listUploadedPatches" ]; then # split comma separated list into an array UploadedPatches=${listUploadedPatches//,/$'\n'} # loop through uploaded patches and output to a temp file for uploaded_patch in $UploadedPatches do if [[ ‐n `xe patch‐list hosts=$THIS_HOST uuid=$uploaded_patch ‐‐minimal` ]]; then echo " \"`xe patch‐param‐get param‐name=name‐label uuid=$uploaded_patch`\": \"installed\"," >> /tmp/ansi_answ_file else echo " \"`xe patch‐param‐get param‐name=name‐label uuid=$uploaded_patch`\": \"uploaded\"," >> /tmp/ansi_answ_file fi done # remove training comma on last entry in file (then output contents) sed '$s/.$//' /tmp/ansi_answ_file # remove file rm ‐f /tmp/ansi_answ_file fi # output closing part of JSON output echo " } } }"

Ansible Facts

/etc/ansible/roles/xenserver/tasks/updatexenserver.yml

slide-39
SLIDE 39

@ShapeBlue #CloudStack #CCCEU14

[root@XS62‐2 tmp]# /root/facts.sh { "ansible_facts": { "ansible_xenserver_version": "6_2_0", "ansible_xenserver_patches": { "XS62E004": "uploaded", "XS62E001": "installed", "XS62E002": "installed" } } }

Facts

slide-40
SLIDE 40

@ShapeBlue #CloudStack #CCCEU14

baseurl_cloudstack: cloudstack.apt‐get.eu/rhel/4.2/ pkg_server_datapath: http://fileserver.angusnet.local ss_servers: ‐ 10.0.100.5 ‐ 10.0.100.6 hotfixes‐6_2_0: ‐ XS62E001 ‐ XS62E002 ‐ XS62E004

Create Update XenServer Task

/etc/ansible/group_vars

[xenserver_hosts] xs62‐1.angusnet.local hostname=xs62‐1 mgmt_ip=10.34.149.190 storage_nic_ip=10.78.234.3 macaddr=d8:9d:67:14:20:f0 pxemac=01‐d8‐9d‐67‐14‐20‐f0 xs62‐2.angusnet.local hostname=xs62‐2 mgmt_ip=10.34.149.191 storage_nic_ip=10.78.234.4 macaddr=d8:9d:67:14:2b:14 pxemac=01‐d8‐9d‐67‐14‐2b‐14

/etc/ansible/hosts

slide-41
SLIDE 41

@ShapeBlue #CloudStack #CCCEU14

‐‐‐ ‐ name: Determine updated and installed patches action: get_xenserver_facts ‐ name: Copying xsupdate files to host copy: src={{ pkg_server_datapath }}/xenupdates/{{ ansible_xenserver_version }}/{{ item }}.xsupdate dest=/tmp/ with_items: ‐ ${hotfixes‐{{ ansible_xenserver_version }}}

  • nly_if: "{{ item not in ansible_xenserver_patches }}"

‐ name: Copying '‐src‐pkgs.tar.bz2' files to host if they exist action: copy src="{{ pkg_server_datapath }}/xenupdates/{{ ansible_xenserver_version }}/{{ item }}‐src‐pkgs.tar.bz2" dest=/tmp/ with_items: ‐ ${hotfixes‐{{ ansible_xenserver_version }}}

  • nly_if: "{{ item not in ansible_xenserver_patches }}"

ignore_errors: true ‐ name: Determine updated and installed patches action: get_xenserver_facts ‐ name: Uploading patch $item to XenServer pool shell: "/opt/xensource/bin/xe patch‐upload file‐name=/tmp/$item.xsupdate" with_items: ‐ ${hotfixes‐{{ ansible_xenserver_version }}}

  • nly_if: "{{ item not in ansible_xenserver_patches }}"

‐ name: Determine updated and installed patches action: get_xenserver_facts ‐ name: Applying $item shell: "/opt/xensource/bin/xe patch‐apply host‐uuid=`xe host‐list ‐‐minimal name‐ label=$HOSTNAME` uuid=`xe patch‐list name‐label=$item ‐‐minimal`" with_items: ‐ ${hotfixes‐{{ ansible_xenserver_version }}}

  • nly_if: "'{{ ansible_xenserver_patches[item] }}' != 'installed'"

Create Update XenServer Task

/etc/ansible/roles/xenserver/tasks/update_xenserver.yml

slide-42
SLIDE 42

@ShapeBlue #CloudStack #CCCEU14

Questions

slide-43
SLIDE 43

@ShapeBlue #CloudStack #CCCEU14

Slides: www.slideshare.net/shapeblue Blogs: http://shapeblue.com/blog/ Email: paul.angus@shapeblue.com Twitter: @CloudyAngus Web: http://shapeblue.com http://cloudstack.apache.org/

Resources

slide-44
SLIDE 44

Ansible & CloudStack

Configuration Management

Paul Angus Cloud Architect paul.angus@shapeblue.com @CloudyAngus @ShapeBlue