use case: cloudstack + ansible -...
TRANSCRIPT
Use case: Cloudstack + Ansible
May, 18th 2017
Sebastian Bretschneider
Cloud Infrastructure Architect
5/1
8/2
017
© 2
017 ite
llig
ence
cla
ssific
ation:
public |
vers
ion:
1.1
https://twitter.com/se_bre
https://www.linkedin.com/in/sebastian-bretschneider-030a72124
https://github.com/se-bre
About Me
2
Sebastian Bretschneider
Since 2011 System Engineer at BIT.Group GmbH – member of intelligence group
Cloudstack
Ansible
Ceph
Linux
Infrastructure
CloudStack Berlin & Dresden, Germanyhttps://www.meetup.com/german-CloudStack-user-group
Ansible Dresden, Germanyhttps://www.meetup.com/Ansible-Dresden
© 2
017 ite
llig
ence
cla
ssific
ation:
public
5/1
8/2
017
Overview BIT.Group GmbH – member of itelligence group
3
350+ employees in Dresden, Bautzen, Hanover and Shanghai
SAP Consulting, Development and Support
SAP partner and service provider for SAP SE
IT Consulting
Development
Cloud IT Infrastructure Management
SAP BASIS
SAP Solution ManagerApplication Lifecycle Management
International
BIT Service Desk
SAP Service & Support
ITIL SAP HANA
Workshops
IT Service Management
SAP partner
© 2
017 ite
llig
ence
cla
ssific
ation:
public
5/1
8/2
017
Since June 2016 BIT.Group GmbH officially part of itelligence and NTT DATA Group
Know-how, flexibility and internationality as part of NTT DATA network
Together internationally leading full IT service provider with:
BIT.Group GmbH as part of itelligence / NTT DATA Group
4
3.500+ active SAP customers
Locations in 40+ countries
$1,5 billion in SAP revenue worldwide
Over 9.000 SAP experts worldwide
© 2
017 ite
llig
ence
cla
ssific
ation:
public
5/1
8/2
017
Content
1. Challenge
2. Environment
3. Ansible
4. Examples
5. Parts
6. Big Picture
7. Results
5/1
8/2
017
© 2
017 ite
llig
ence
cla
ssific
ation:
public
5
Challenge
User friendly interface with all sub-services
All operations changeable by admins
Make cloud–consistent configuration
Use open source
Scalability
Modular design
Simple
6
© 2
017 ite
llig
ence
cla
ssific
ation:
public
5/1
8/2
017
Environment
7
Hypervisor
KVM
Automation
Ansible
Storage
Ceph
NFS
Network
VLAN
Shared networks
Isolated networks
BIT.Cloud
Portal
Ansible Daemon
© 2
017 ite
llig
ence
cla
ssific
ation:
public
5/1
8/2
017
What is Ansible
8
Simple
Get productive quickly Human readable
automation No special coding skills
required Tasks executed in order
Powerful
Orchestrate the app lifecycle
App deployment Configuration
management Workflow orchestration
Agentless
Predictable, reliable and secure
Agentless architecture Use Open SSH & WinRM No agents to exploit or
update
© 2
017 ite
llig
ence
cla
ssific
ation:
public
5/1
8/2
017
Ansible Modules
9
Cloudstack Modules
cs_facts – Gather facts on instances
cs_firewall – Manages firewall rules
cs_ip_address – Manages public IP address associations
cs_volume – Manages volumes
…
cs_domain
cs_cluster
…
36 Cloudstack modules overall (April 2017)
Development/Improvements by BIT.Group
© 2
017 ite
llig
ence
cla
ssific
ation:
public
5/1
8/2
017
Get it working
10
Python module
pip install cs
apt-get install python-cs
Credentials File
.cloudstack.ini home directory
CLOUDSTACK_CONFIG environment variable pointing to .ini file
Cloudstack.ini working directory
cloudstack.ini
[cloudstack] # global or region – passed by arg api_region
endpoint = https://cloudstack-management.server/client/api
key = api key
secret = api secret
Timeout = 60
© 2
017 ite
llig
ence
cla
ssific
ation:
public
5/1
8/2
017
Workflow
11
cs_instance
© 2
017 ite
llig
ence
cla
ssific
ation:
public
5/1
8/2
017
Workflow
12
build
© 2
017 ite
llig
ence
cla
ssific
ation:
public
5/1
8/2
017
Workflow
13
configure
© 2
017 ite
llig
ence
cla
ssific
ation:
public
5/1
8/2
017
Examples: CloudStack VM
14
Playbook
hosts: localhost
roles:
- cs-vm
Role: tasks/main.yml
block:
- include: tasks/create_vm.yml
- include: tasks/add_ansible_host.yml
- include: tasks/ssh_key_rollout.yml
when: vm_action == „create“
[ … ]
© 2
017 ite
llig
ence
cla
ssific
ation:
public
5/1
8/2
017
Examples: CloudStack VM
15
create_vm.yml
name: Creating Virtual Machine
local_action:
module: cs_instance
name: "{{ vm_name }}"
template: "{{ os_template }}"
hypervisor: "{{ cs_hypervisor }}"
project: "{{ cs_project }}"
zone: "{{ cs_zone }}"
service_offering: "{{ cs_service_offering }}"
networks: "{{ cs_networks }}"
domain: "{{ cs_domain }}"
tags:
- { key: CostCenter, value: "{{ vm_costcenter }}" }
state: started
register: cs_vm #get information about VM e.g. root password
© 2
017 ite
llig
ence
cla
ssific
ation:
public
5/1
8/2
017
Examples: Port Forwarding
16
add_portforwarding.yml
name: Forwarding Ports in CloudStack
local_action:module: cs_portforward
domain: "{{ cs_domain }}"
project: "{{ cs_project }}"
ip_address: "{{ cs_public_ipv4 }}"
vm: "{{ vm_name }}"
public_port: "{{ public_port }}"
public_end_port: "{{ public_end_port }}"
private_port: "{{ private_port }}"
private_end_port: "{{ private_end_port }}"
protocol: "{{ proto }}"
open_firewall: "{{ open_firewall }}"
state: present
© 2
017 ite
llig
ence
cla
ssific
ation:
public
5/1
8/2
017
Parts
17
Portal
Communication with Services User/Customer Interface API
© 2
017 ite
llig
ence
cla
ssific
ation:
public
5/1
8/2
017
Parts
18
Daemon
playbook handling – list, run, run command, read metadata
job handling – overview (running jobs), status, notify (Portal)
statistics – failed, queue, running, abort
job scheduling – reschedule failed, delay, cron
REST API via HTTPS
json response
© 2
017 ite
llig
ence
cla
ssific
ation:
public
5/1
8/2
017
All together
19
Portal Cloudstack
Ansible + Daemon
VMs
write
read
© 2
017 ite
llig
ence
cla
ssific
ation:
public
5/1
8/2
017
Use Case
20
Results
UI with integrated Services
CloudStack
Automation
User / Role Management
Tickets, Monitoring, Backup, …
© 2
017 ite
llig
ence
cla
ssific
ation:
public
5/1
8/2
017
Write Operations with Ansible only
Modular Design
OpenSource
API
Scalable
Contact Sebastian BretschneiderCloud Infrastucture ArchitectT +49 3591 [email protected]
BIT.Group GmbH – member of itelligence group
We make the most of SAP® solutions!
Questions?`
5/1
8/2
017
© 2
017 ite
llig
ence
cla
ssific
ation:
public |
auth
or:
Sebastian B
rets
chneid
er
| vers
ion:
1.1
5/1
1/2
017
© 2
017 ite
llig
ence
No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of itelligence AG. The information contained herein may be changed without prior notice.
Some software products marketed by itelligence AG and its distributors contain proprietary software components of other software vendors. All product and service names mentioned and associated logos displayed are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary.
The information in this document is proprietary to itelligence. This document is a preliminary version and not subject to your license agreement or any other agreement with itelligence. This document contains only intended strategies, developments and product functionalities and is not intended to be binding upon itelligence to any particular course of business, product strategy, and/or development. itelligence assumes no responsibility for errors or omissions in this document. itelligence does not warrant the accuracy or completeness of the information, text, graphics, links, or other items contained within this material. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or non-infringement.
itelligence shall have no liability for damages of any kind including without limitation direct, special, indirect, or consequential damages that may result from the use of these materials. This limitation shall not apply in cases of intent or gross negligence.
The statutory liability for personal injury and defective products is not affected. itelligence has no control over the information that you may access through the use of hot links contained in these materials and does not endorse your use of third-party Web pages nor provide any warranty whatsoever relating to third-party Web pages.
Copyright itelligence AG - All rights reserved