ccc14 - ansible · ansible & cloudstack cloud era configuration management paul angus cloud...

Ansible & CloudStackCloud Era Configuration Management

Paul AngusCloud Architect

[email protected]@CloudyAngus@ShapeBlue

@ShapeBlue #CloudStack #CCCEU14

Configuration Management

Ansible

Using Ansible with CloudStack

Ansible & CloudStack


Who am I

Cloud Architect with ShapeBlueWorked with CloudStack since 2.2.13Specialising in deployment of CloudStack and supporting infrastructureOrange, TomTom, PaddyPower, Ascenty, BSkyB, SunGard, T‐MobileI view CloudStack from ‘What can cloud consumers practically do with it’ point‐of‐view

About Me


“ShapeBlue are expert builders of public & private clouds. They are the leading global independent CloudStack / CloudPlatform

integrator & consultancy”

About ShapeBlue



What is ConfigurationManagement?


Configuration management is the philosophy of defining the state that a server should be in wrt it’s configuration and using tools that achieve that state

CM gives centralisation of configuration data and actions

Configuration Management tools should be idempotent

What is Configuration Management?


Operations in mathematics and computer science, that can be applied multiple times without changing the result beyond the initial application.

(you asked)

Er, Idempotent?


CloudStack Example:

You need to add the following lines to the default my.cnf:innodb_rollback_on_timeout=1innodb_lock_wait_timeout=600max_connections=350

A sed command would add the linessed ‐i ‐e '/symbolic‐links=0/ a\innodb_rollback_on_timeout=1' ‐e '/symbolic‐links=0/ a\innodb_lock_wait_timeout=600' ‐e '/symbolic‐links=0/ a\max_connections=350' /etc/my.cnf

But if you needed to run your script to update/restore another setting then the addition of these lines would be repeated

A configuration management tool would not add these lines again if rerun.

Er, Idempotent?


CloudStack Example:

In a configuration management you would specify that these lines:

innodb_rollback_on_timeout=1innodb_lock_wait_timeout=600max_connections=350

should exist in the my.cnf file

The configuration management tool would only add these lines if they don’t exist.

Er, Idempotent?


I need these services to be installed and runningI need this configuration file to contain these linesI need this file to exist in this directoryCentralisation of configuration Creation of reusable template configurationsi.e. web servers, database servers, DHCP servers, CloudStack management servers

What is Configuration Management?



Ansible


Technical:Client/Server architecture not requiredOnly SSH connectivity required (password or public/private keys)…making it easier to deploy in environmentsModules can be in any language capable of returning JSON or key=value text pairsHas an API

User:Much shallower learning curveDon’t need to learn a programming language (i.e. Ruby)

Not as many pre‐existing playbooks (recipes/manifests) about, but improving with Ansible Galaxy

Why Ansible



Where to use Ansible


Building CloudStack RPMs from source

Deploying management infrastructureDeploying hosts

Configuration changes to hosts and management VMsPatching of hosts and management VMs

Deployment & configuration of guest VMs

Where to Use Ansible



How to use Ansible


Host InventoriesRolesTasksVariables (hosts or groups)ModulesTemplatesPlaybooks

How to use Ansible


# rpm ‐ivhhttp://www.mirrorservice.org/sites/dl.fedoraproject.org/pub/epel/6/i386/epel‐release‐6‐8.noarch.rpm

# yum install ‐y python‐pip

# pip install ansible

Directory /etc/ansible is created

Installing Ansible


Install Ansible

git pull ‘ansible‐repo’

Creating an Ansible ‘Server’


David Nalley @ke4qqq

http://buildacloud.org/blog/312‐building‐cloudstack‐rpms‐with‐ansible.html

Building of RPMs from Source



Using Ansible with CloudStack


Create/deploy Ansible server environment

Use Ansible to create guest VMs•CloudMonkey•CloudStack/Ansible module (WIP)•EC2 module?

Use Ansible to configure guest VMs•Dynamic Inventories•Call back•Roles•UserData + ansible‐pull

Use Ansible to maintain guest VMs•Dynamic Inventories•Playbooks

Using Ansible with Guest VMs


Dynamic Inventories:CloudStack – Written by Sebastien GoasguenEC2 CobblerBSD JailsDigital OceanLinodeOpenShiftOpenStack NovaRed Hat's SpaceWalkVagrant (not to be confused with the provisioner in vagrant)Zabbix

AnsibleWorks AWX also provides a database to store inventory results that is both web and REST Accessible. AWX syncs with all Ansible dynamic inventory sources.

Dynamic Inventories


A toolset is required to determine that a new webserver etcis required and to tell Ansible to create and configure it.

Using Ansible with Guest VMs



Deploying a CloudStack Management Server


Prereqs

Creating roles, templates, tasks & playbooks

CloudStack Management Server


A CentOS 6.4 host to install CloudStack on and one for Ansible

An IP address already assigned on the ACS management host

The ACS management host should have a resolvable FQDN (either through DNS or the host file on the ACS management host)

Internet connectivity on the ACS management host

Pre‐Requisites


Create MySQL roleCreate CloudStack roleCreate DB deployment taskCreate Seed secondary storage taskCreate Playbook

CloudStack Management Server


‐‐‐‐ name: Ensure mysql server is installedyum: name=mysql‐server state=present

‐ name: Ensure mysql python is installedyum: name=MySQL‐python state=present

‐ name: Ensure selinux python bindings are installedyum: name=libselinux‐python state=present

‐ name: Ensure cloudstack specfic my.cnf lines are presentlineinfile: dest=/etc/my.cnf regexp='$item' insertafter="symbolic‐links=0" line='$item'with_items:‐ skip‐name‐resolve‐ default‐time‐zone='+00:00'‐ innodb_rollback_on_timeout=1‐ innodb_lock_wait_timeout=600

‐max_connections=350‐ log‐bin=mysql‐bin‐ binlog‐format = 'ROW'

‐ name: Ensure MySQL service is startedservice: name=mysqld state=started

‐ name: Ensure MySQL service is enabled at bootservice: name=mysqld enabled=yes

‐ name: Ensure root password is setmysql_user: user=root password=$mysql_root_password host=localhostignore_errors: true

‐ name: Ensure root has sufficient privilegesmysql_user: login_user=root login_password=$mysql_root_passworduser=root host=% password=$mysql_root_password priv=*.*:GRANT,ALL state=present

Create MySQL role/etc/ansible/roles/mysql/tasks/main.yml


‐‐‐‐ name: Ensure selinux python bindings are installedyum: name=libselinux‐python state=present

‐ name: Ensure the Apache Cloudstack Repo file exists as per templatetemplate: src=cloudstack.repo.j2 dest=/etc/yum.repos.d/cloudstack.repo

‐ name: Ensure selinux is in permissive modecommand: setenforce permissive

‐ name: Ensure selinux is set permanentlyselinux: policy=targeted state=permissive

‐ name: Ensure CloudStack packages are installedyum: name=cloudstack‐management state=present

‐ name: Ensure vhdutil is in correct location

get_url: url=http://download.cloud.com.s3.amazonaws.com/tools/vhd‐util dest=/usr/share/cloudstack‐common/scripts/vm/hypervisor/xenserver/vhd‐util mode=0755

Create CS Manger role/etc/ansible/roles/cloudstack‐management/tasks/main.yml


name=cloudstackbaseurl=http://${baseurl_cloudstack}enabled=1gpgcheck=0

Create CS Repo Template/etc/ansible/roles/cloudstack‐manager/templates/cloudstack.repo.j2


‐‐‐

‐ name: cloudstack‐setup‐databasescommand: /usr/bin/cloudstack‐setup‐databases cloud:{{ mysql_cloud_password }}@{{mysql_vip}} ‐‐deploy‐as=root:{{ mysql_root_password }}

‐ name: Setup CloudStack managercommand: /usr/bin/cloudstack‐setup‐management

Create DB Deployment Task/etc/ansible/roles/cloudstack‐management/tasks/setupdb.yml


‐‐‐‐ name: Ensure secondary storage mount existsfile: path={{ tmp_nfs_path }} state=directory

‐ name: Ensure NFS storage is mountedmount: name={{ tmp_nfs_path }} src={{ sec_nfs_ip }}:{{ sec_nfs_path }} fstype=nfs state=mounted opts=nolock

‐ name: Seed secondary storage command: /usr/share/cloudstack‐common/scripts/storage/secondary/cloud‐install‐sys‐tmplt ‐m {{ tmp_nfs_path }} ‐u http://download.cloud.com/templates/4.2/systemvmtemplate‐2013‐06‐12‐master‐kvm.qcow2.bz2 ‐h kvm ‐Fcommand: /usr/share/cloudstack‐common/scripts/storage/secondary/cloud‐install‐sys‐tmplt ‐m {{ tmp_nfs_path }} ‐u http://download.cloud.com/templates/4.2/systemvmtemplate‐2013‐07‐12‐master‐xen.vhd.bz2 ‐h xenserver ‐F

command: /usr/share/cloudstack‐common/scripts/storage/secondary/cloud‐install‐sys‐tmplt ‐m {{ tmp_nfs_path }} ‐u http://download.cloud.com/templates/4.2/systemvmtemplate‐4.2‐vh7.ova ‐h vmware ‐F

Create Seed Secondary Storage Task/etc/ansible/roles/cloudstack‐manager/tasks/seedstorage.yml


‐‐‐‐ hosts: acs‐managervars:mysql_vip: localhostmysql_root_password: Cl0ud5tackmysql_cloud_password: Cl0ud5tacktmp_nfs_path: /mnt/secondarysec_nfs_ip: IP_OF_YOUR_SECONDARY_STORAGEsec_nfs_path: PATH_TO_YOUR_SECONDARY_STORAGE_MOUNTbaseurl: cloudstack.apt‐get.eu/rhel/4.2/roles:‐mysql‐ cloudstack‐manager

tasks:

‐ include: /etc/ansible/roles/cloudstack‐manager/tasks/setupdb.yml

‐ include: /etc/ansible/roles/cloudstack‐manager/tasks/seedstorage.yml

Create Playbook/etc/ansible/deploy‐cloudstack.yml


Demonstration


Requires the use of Ansible ‘facts’ (until a XenServer module is written)

XenServer Hotfixes


Written as ‘modules’ in any language that is present on the clientResult should be an output in JSON format

Ansible Facts


#!/bin/bash# create a JSON compatible Ansible 'Fact' of patches installed on a XenServer

XENVERSION=`cat /etc/redhat‐release | awk ‐F ' ' '{print $3}' | awk ‐F '‐' '{print $1}'`VER=${XENVERSION//./_}THIS_HOST=`xe host‐list ‐‐minimal name‐label=$HOSTNAME`listUploadedPatches=`xe patch‐list ‐‐minimal`

# output opening section of JSON outputecho '{

"ansible_facts": {'

# output XenServer versionecho " \"ansible_xenserver_version\": \"$VER\","echo ' "ansible_xenserver_patches": {'

if [ ‐n "$listUploadedPatches" ]; then# split comma separated list into an arrayUploadedPatches=${listUploadedPatches//,/$'\n'}

# loop through uploaded patches and output to a temp filefor uploaded_patch in $UploadedPatchesdo

if [[ ‐n `xe patch‐list hosts=$THIS_HOST

uuid=$uploaded_patch ‐‐minimal` ]]; thenecho "

\"`xe patch‐param‐get param‐name=name‐label uuid=$uploaded_patch`\": \"installed\"," >> /tmp/ansi_answ_file

elseecho "

\"`xe patch‐param‐get param‐name=name‐label uuid=$uploaded_patch`\": \"uploaded\"," >> /tmp/ansi_answ_file

fidone

# remove training comma on last entry in file (then output contents)sed '$s/.$//' /tmp/ansi_answ_file

# remove filerm ‐f /tmp/ansi_answ_file

fi

# output closing part of JSON outputecho " }

}}"

Ansible Facts/etc/ansible/roles/xenserver/tasks/updatexenserver.yml


[root@XS62‐2 tmp]# /root/facts.sh{

"ansible_facts": {"ansible_xenserver_version": "6_2_0","ansible_xenserver_patches": {

"XS62E004": "uploaded","XS62E001": "installed","XS62E002": "installed"

}}

}

Facts


baseurl_cloudstack: cloudstack.apt‐get.eu/rhel/4.2/pkg_server_datapath: http://fileserver.angusnet.localss_servers:‐ 10.0.100.5‐ 10.0.100.6

hotfixes‐6_2_0: ‐ XS62E001‐ XS62E002‐ XS62E004

Create Update XenServer Task/etc/ansible/group_vars

[xenserver_hosts]

xs62‐1.angusnet.local hostname=xs62‐1 mgmt_ip=10.34.149.190 storage_nic_ip=10.78.234.3 macaddr=d8:9d:67:14:20:f0 pxemac=01‐d8‐9d‐67‐14‐20‐f0xs62‐2.angusnet.local hostname=xs62‐2 mgmt_ip=10.34.149.191 storage_nic_ip=10.78.234.4 macaddr=d8:9d:67:14:2b:14 pxemac=01‐d8‐9d‐67‐14‐2b‐14

/etc/ansible/hosts


‐‐‐

‐ name: Determine updated and installed patchesaction: get_xenserver_facts

‐ name: Copying xsupdate files to hostcopy: src={{ pkg_server_datapath }}/xenupdates/{{ ansible_xenserver_version }}/{{ item }}.xsupdate dest=/tmp/with_items: ‐ ${hotfixes‐{{ ansible_xenserver_version }}}only_if: "{{ item not in ansible_xenserver_patches }}"

‐ name: Copying '‐src‐pkgs.tar.bz2' files to host if they existaction: copy src="{{ pkg_server_datapath }}/xenupdates/{{ ansible_xenserver_version }}/{{ item }}‐src‐pkgs.tar.bz2" dest=/tmp/with_items: ‐ ${hotfixes‐{{ ansible_xenserver_version }}}only_if: "{{ item not in ansible_xenserver_patches }}"ignore_errors: true


‐ name: Uploading patch $item to XenServer poolshell: "/opt/xensource/bin/xe patch‐upload file‐name=/tmp/$item.xsupdate"with_items: ‐ ${hotfixes‐{{ ansible_xenserver_version }}}only_if: "{{ item not in ansible_xenserver_patches }}"


‐ name: Applying $itemshell: "/opt/xensource/bin/xe patch‐apply host‐uuid=`xe host‐list ‐‐minimal name‐label=$HOSTNAME` uuid=`xe patch‐list name‐label=$item ‐‐minimal`"with_items: ‐ ${hotfixes‐{{ ansible_xenserver_version }}}only_if: "'{{ ansible_xenserver_patches[item] }}' != 'installed'"

Create Update XenServer Task/etc/ansible/roles/xenserver/tasks/update_xenserver.yml


Questions


Slides: www.slideshare.net/shapeblueBlogs: http://shapeblue.com/blog/Email: [email protected]: @CloudyAngusWeb: http://shapeblue.com

http://cloudstack.apache.org/

Resources

Ansible & CloudStackConfiguration Management

Paul AngusCloud Architect

[email protected]@CloudyAngus@ShapeBlue

ccc14 - ansible · ansible & cloudstack cloud era configuration management paul angus cloud...

Documents