use case: cloudstack and ansible
TRANSCRIPT
Use case: Cloudstack + Ansible
November, 21th 2017Sebastian BretschneiderCloud Infrastructure Architect
5/18
/201
7©
201
7 ite
llige
nce
clas
sific
atio
n: p
ublic
| v
ersi
on:
1.1
https://twitter.com/se_bre
https://www.linkedin.com/in/sebastian-bretschneider-030a72124
https://github.com/se-bre
About Me
2
§ Sebastian Bretschneider
§ Since 2011 System Engineer at BIT.Group GmbH – member of intelligence group
§ Cloudstack
§ Ansible
§ Ceph
§ Linux
§ InfrastructureCloudStack Berlin & Dresden, Germanyhttps://www.meetup.com/german-CloudStack-user-groupAnsible Dresden, Germanyhttps://www.meetup.com/Ansible-Dresden
© 2
017
itelli
genc
ecl
assi
ficat
ion:
pub
lic5/
18/2
017
Overview BIT.Group GmbH – member of itelligence group
3
§ 350+ employees in Dresden, Bautzen, Hanover and Shanghai
§ SAP Consulting, Development and Support
§ SAP partner and service provider for SAP SE
IT Consulting
DevelopmentCloud IT Infrastructure Management
SAP BASIS
SAP Solution ManagerApplication Lifecycle Management
International
BIT Service Desk
SAP Service & Support
ITIL SAP HANA
Workshops
IT Service Management
SAP partner
© 2
017
itelli
genc
ecl
assi
ficat
ion:
pub
lic5/
18/2
017
§ Since June 2016 BIT.Group GmbH officially part of itelligence and NTT DATA Group
§ Know-how, flexibility and internationality as part of NTT DATA network
§ Together internationally leading full IT service provider with:
BIT.Group GmbH as part of itelligence / NTT DATA Group
4
3.500+ active SAP customers
Locations in 40+ countries
$1,5 billion in SAP revenue worldwide
Over 9.000 SAP experts worldwide
© 2
017
itelli
genc
ecl
assi
ficat
ion:
pub
lic5/
18/2
017
Content
1. Challenge
2. Environment
3. Ansible
4. Examples
5. Parts
6. Big Picture
7. Results
5/18
/201
7©
201
7 ite
llige
nce
clas
sific
atio
n: p
ublic
5
Challenge
§ User friendly interface with all sub-services
§ All operations changeable by admins
§ Make cloud–consistent configuration
§ Use open source
§ Scalability
§ Modular design
§ Simple
6
© 2
017
itelli
genc
ecl
assi
ficat
ion:
pub
lic5/
18/2
017
Environment
7
§ Hypervisor
§ KVM
§ Automation
§ Ansible§ Storage
§ Ceph
§ NFS
§ Network
§ VLAN
§ Shared networks
§ Isolated networks
§ IT.Cloud
§ Portal
§ Ansible Daemon
© 2
017
itelli
genc
ecl
assi
ficat
ion:
pub
lic5/
18/2
017
What is Ansible
8
Simple
§ Get productive quickly§ Human readable
automation§ No special coding skills
required§ Tasks executed in order
Powerful
§ Orchestrate the app lifecycle
§ App deployment§ Configuration
management§ Workflow orchestration
Agentless
§ Predictable, reliable and secure
§ Agentless architecture§ Use Open SSH & WinRM§ No agents to exploit or
update
© 2
017
itelli
genc
ecl
assi
ficat
ion:
pub
lic5/
18/2
017
Ansible Modules
9
§ Cloudstack Modules§ cs_facts – Gather facts on instances
§ cs_firewall – Manages firewall rules
§ cs_ip_address – Manages public IP address associations
§ cs_volume – Manages volumes
§ …
§ cs_domain
§ cs_cluster
§ …
§ 42 Cloudstack modules overall (November 2017)
§ Development/Improvements by BIT.Group
© 2
017
itelli
genc
ecl
assi
ficat
ion:
pub
lic5/
18/2
017
Get it working
10
§ Python module§ pip install cs
§ apt-get install python-cs
§ Credentials File§ .cloudstack.ini home directory
§ CLOUDSTACK_CONFIG environment variable pointing to .ini file
§ Cloudstack.ini working directory
§ cloudstack.ini[cloudstack] # global or region – passed by arg api_region
endpoint = https://cloudstack-management.server/client/api
key = api key
secret = api secret
Timeout = 60
© 2
017
itelli
genc
ecl
assi
ficat
ion:
pub
lic5/
18/2
017
Workflow
11
cs_instance
© 2
017
itelli
genc
ecl
assi
ficat
ion:
pub
lic5/
18/2
017
Workflow
12
build
© 2
017
itelli
genc
ecl
assi
ficat
ion:
pub
lic5/
18/2
017
Workflow
13
configure
© 2
017
itelli
genc
ecl
assi
ficat
ion:
pub
lic5/
18/2
017
Examples: CloudStack VM
14
§ Playbook§ hosts: localhost
roles:
- cs-vm
§ Role: tasks/main.yml§ block:
- include: tasks/create_vm.yml
- include: tasks/add_ansible_host.yml
- include: tasks/ssh_key_rollout.yml
when: vm_action == „create“
[ … ]
© 2
017
itelli
genc
ecl
assi
ficat
ion:
pub
lic5/
18/2
017
Examples: CloudStack VM
15
§ create_vm.yml§ name: Creating Virtual Machine
local_action:
module: cs_instance
name: "{{ vm_name }}"template: "{{ os_template }}"hypervisor: "{{ cs_hypervisor }}"project: "{{ cs_project }}"zone: "{{ cs_zone }}"service_offering: "{{ cs_service_offering }}"networks: "{{ cs_networks }}"domain: "{{ cs_domain }}"tags:
- { key: CostCenter, value: "{{ vm_costcenter }}" }
state: started
register: cs_vm #get information about VM e.g. root password
© 2
017
itelli
genc
ecl
assi
ficat
ion:
pub
lic5/
18/2
017
Examples: Port Forwarding
16
§ add_portforwarding.yml§ name: Forwarding Ports in CloudStack
local_action:module: cs_portforwarddomain: "{{ cs_domain }}"project: "{{ cs_project }}"ip_address: "{{ cs_public_ipv4 }}"vm: "{{ vm_name }}"public_port: "{{ public_port }}"public_end_port: "{{ public_end_port }}"private_port: "{{ private_port }}"private_end_port: "{{ private_end_port }}"protocol: "{{ proto }}"open_firewall: "{{ open_firewall }}"state: present
© 2
017
itelli
genc
ecl
assi
ficat
ion:
pub
lic5/
18/2
017
Parts
17
§ Portal
§ Communication with Services § User/Customer Interface§ API
© 2
017
itelli
genc
ecl
assi
ficat
ion:
pub
lic5/
18/2
017
Parts
18
§ Daemon
§ playbook handling – list, run, run command, read metadata
§ job handling – overview (running jobs), status, notify (Portal)
§ statistics – failed, queue, running, abort
§ job scheduling – reschedule failed, delay, cron
§ REST API via HTTPS
§ json response
© 2
017
itelli
genc
ecl
assi
ficat
ion:
pub
lic5/
18/2
017
All together
19
Portal Cloudstack
Ansible + Daemon
VMs
write
read
© 2
017
itelli
genc
ecl
assi
ficat
ion:
pub
lic5/
18/2
017
Use Case
20
§ Results§ UI with integrated Services
§ CloudStack
§ Automation
§ User / Role Management
§ Tickets, Monitoring, Backup, …
© 2
017
itelli
genc
ecl
assi
ficat
ion:
pub
lic5/
18/2
017
§ Write Operations with Ansible only§ Modular Design
§ OpenSource
§ API§ Scalable
Contact Sebastian BretschneiderCloud Infrastucture ArchitectT +49 3591 [email protected]
BIT.Group GmbH – member of itelligence group
We make the most of SAP® solutions!
Questions?`
5/18
/201
7©
201
7 ite
llige
nce
clas
sific
atio
n: p
ublic
| a
utho
r: S
ebas
tian
Bret
schn
eide
r |
vers
ion:
1.1
11/2
9/17
© 2
017
itelli
genc
e
No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of itelligence AG. The information contained herein may be changed without prior notice.
Some software products marketed by itelligence AG and its distributors contain proprietary software components of other software vendors. All product and service names mentioned and associated logos displayed are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary.
The information in this document is proprietary to itelligence. This document is a preliminary version and not subject to your license agreement or any other agreement with itelligence. This document contains only intended strategies, developments and product functionalities and is not intended to be binding upon itelligence to any particular course of business, product strategy, and/or development. itelligence assumes no responsibility for errors or omissions in this document. itelligence does not warrant the accuracy or completeness of the information, text, graphics, links, or other items contained within this material. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or non-infringement.
itelligence shall have no liability for damages of any kind including without limitation direct, special, indirect, or consequential damages that may result from the use of these materials. This limitation shall not apply in cases of intent or gross negligence.
The statutory liability for personal injury and defective products is not affected. itelligence has no control over the information that you may access through the use of hot links contained in these materials and does not endorse your use of third-party Web pages nor provide any warranty whatsoever relating to third-party Web pages.
Copyright itelligence AG - All rights reserved