Your SlideShare is downloading. ×
Ansible & CloudStack - Configuration Management
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Ansible & CloudStack - Configuration Management


Published on

CloudStack European User Group Meetup in London Jan 2014. Presentation by Paul Angus

CloudStack European User Group Meetup in London Jan 2014. Presentation by Paul Angus

Published in: Technology

  • Be the first to comment

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Ansible & CloudStack Configuration Management Paul Angus Cloud Architect @CloudyAngus @ShapeBlue
  • 2. Ansible & CloudStack Configuration Management Ansible Using Ansible with CloudStack
  • 3. About Me Who am I Cloud Architect with ShapeBlue Worked with CloudStack since 2.2.13 Specialising in deployment of CloudStack and surrounding infrastructure Orange, TomTom, PaddyPower, Ascenty, BSkyB I view CloudStack from ‘What can cloud consumers practically do with it’ point-of-view
  • 4.
  • 5. About ShapeBlue “ShapeBlue are expert builders of public & private clouds. They are the leading global independent CloudStack / CloudPlatform integrator & consultancy”
  • 6. Ansible & CloudStack What is Configuration Management?
  • 7. What is Configuration Management? Configuration management is the philosophy of defining the state that a server should be in wrt it’s configuration and using tools that achieve that state CM gives centralisation of configuration data and actions Configuration Management tools should be idempotent
  • 8. Er, Idempotent? Operations in mathematics and computer science, that can be applied multiple times without changing the result beyond the initial application. (you asked)
  • 9. Er, Idempotent? CloudStack Example: You need to add the following lines to the default my.cnf: innodb_rollback_on_timeout=1 innodb_lock_wait_timeout=600 max_connections=350 A sed command would add the lines sed -i -e '/symbolic-links=0/ ainnodb_rollback_on_timeout=1' -e '/symbolic-links=0/ ainnodb_lock_wait_timeout=600' -e '/symbolic-links=0/ amax_connections=350' /etc/my.cnf But if you needed to run your script to update/restore another setting then the addition of these lines would be repeated A configuration management tool would not add these lines again if rerun.
  • 10. Er, Idempotent? CloudStack Example: In a configuration management you would specify that these lines: innodb_rollback_on_timeout=1 innodb_lock_wait_timeout=600 max_connections=350 should exist in the my.cnf file The configuration management tool would only add these lines if they don’t exist.
  • 11. What is Configuration Management? I need these services to be installed and running I need this configuration file to contain these lines I need this file to exist in this directory Centralisation of configuration Creation of reusable template configurations i.e. web servers, database servers, DHCP servers, CloudStack management servers
  • 12. Ansible & CloudStack Ansible
  • 13. Why Ansible Technical: Client/Server architecture not required Only SSH connectivity required (password or public/private keys) …making it easier to deploy in environments Modules can be in any language capable of returning JSON or key=value text pairs Has an API User: Much shallower learning curve Don’t need to learn a programming language (i.e. Ruby) Not as many pre-existing playbooks (recipes/manifests) about, but improving with Ansible Galaxy
  • 14. Ansible & CloudStack Where to use Ansible
  • 15. Where to Use Ansible Building CloudStack RPMs from source Deploying management infrastructure Deploying hosts Configuration changes to hosts and management VMs Patching of hosts and management VMs Deployment & configuration of guest VMs
  • 16. Ansible & CloudStack How to use Ansible
  • 17. How to use Ansible Host Inventories Roles Tasks Variables (hosts or groups) Modules Templates Playbooks
  • 18. Installing Ansible # rpm -ivh # yum install -y python-pip # pip install ansible Directory /etc/ansible is created
  • 19. Creating an Ansible ‘Server’ Install Ansible git pull ‘ansible-repo’
  • 20. Building of RPMs from Source David Nalley @ke4qqq
  • 21. Ansible & CloudStack Using Ansible with CloudStack
  • 22. Using Ansible with Guest VMs Use Ansible to create guest VMs Create/deploy Ansible server environment Use Ansible to configure guest VMs Use Ansible to maintain guest VMs •CloudMonkey •CloudStack/Ansible module (WIP) •EC2 module? •Dynamic Inventories •Call back •Roles •UserData + ansible-pull •Dynamic Inventories •Playbooks
  • 23. Dynamic Inventories Dynamic Inventories: EC2 (use for CloudStack?) Cobbler BSD Jails Digital Ocean Linode OpenShift OpenStack Nova Red Hat's SpaceWalk Vagrant (not to be confused with the provisioner in vagrant) Zabbix AnsibleWorks AWX also provides a database to store inventory results that is both web and REST Accessible. AWX syncs with all Ansible dynamic inventory sources.
  • 24. Using Ansible with Guest VMs A toolset is required to determine that a new webserver etc is required and to tell Ansible to create and configure it.
  • 25. Ansible & CloudStack Deploying a CloudStack Management Server
  • 26. CloudStack Management Server Prereqs Creating roles, templates, tasks & playbooks
  • 27. Pre-Requisites A CentOS 6.4 host to install CloudStack on and one for Ansible An IP address already assigned on the ACS management host The ACS management host should have a resolvable FQDN (either through DNS or the host file on the ACS management host) Internet connectivity on the ACS management host
  • 28. CloudStack Management Server Create MySQL role Create CloudStack role Create DB deployment task Create Seed secondary storage task Create Playbook
  • 29. Create MySQL role /etc/ansible/roles/mysql/tasks/main.yml --- name: Ensure mysql server is installed yum: name=mysql-server state=present - max_connections=350 - log-bin=mysql-bin - binlog-format = 'ROW' - name: Ensure mysql python is installed yum: name=MySQL-python state=present - name: Ensure MySQL service is started service: name=mysqld state=started - name: Ensure selinux python bindings are installed yum: name=libselinux-python state=present - name: Ensure MySQL service is enabled at boot service: name=mysqld enabled=yes - name: Ensure cloudstack specfic my.cnf lines are present lineinfile: dest=/etc/my.cnf regexp='$item' insertafter="symbolic-links=0" line='$item' with_items: - skip-name-resolve - default-time-zone='+00:00' - innodb_rollback_on_timeout=1 - innodb_lock_wait_timeout=600 - name: Ensure root password is set mysql_user: user=root password=$mysql_root_password host=localhost ignore_errors: true - name: Ensure root has sufficient privileges mysql_user: login_user=root login_password=$mysql_root_password user=root host=% password=$mysql_root_password priv=*.*:GRANT,ALL state=present
  • 30. Create CS Manger role /etc/ansible/roles/cloudstack-management/tasks/main.yml --- name: Ensure selinux python bindings are installed yum: name=libselinux-python state=present get_url: url= dest=/usr/share/cloudstack-common/scripts/vm/hypervisor/xenserver/vhdutil mode=0755 - name: Ensure the Apache Cloudstack Repo file exists as per template template: src=cloudstack.repo.j2 dest=/etc/yum.repos.d/cloudstack.repo - name: Ensure selinux is in permissive mode command: setenforce permissive - name: Ensure selinux is set permanently selinux: policy=targeted state=permissive - name: Ensure CloudStack packages are installed yum: name=cloudstack-management state=present - name: Ensure vhdutil is in correct location
  • 31. Create CS Repo Template /etc/ansible/roles/cloudstack-manager/templates/cloudstack.repo.j2 name=cloudstack baseurl=http://${baseurl_cloudstack} enabled=1 gpgcheck=0
  • 32. Create DB Deployment Task /etc/ansible/roles/cloudstack-management/tasks/setupdb.yml --- name: cloudstack-setup-databases command: /usr/bin/cloudstack-setup-databases cloud:{{ mysql_cloud_password }}@{{mysql_vip}} --deploy-as=root:{{ mysql_root_password }} - name: Setup CloudStack manager command: /usr/bin/cloudstack-setup-management
  • 33. Create Seed Secondary Storage Task /etc/ansible/roles/cloudstack-manager/tasks/seedstorage.yml --- name: Ensure secondary storage mount exists file: path={{ tmp_nfs_path }} state=directory - name: Ensure NFS storage is mounted mount: name={{ tmp_nfs_path }} src={{ sec_nfs_ip }}:{{ sec_nfs_path }} fstype=nfs state=mounted opts=nolock command: /usr/share/cloudstackcommon/scripts/storage/secondary/cloud-install-sys-tmplt -m {{ tmp_nfs_path }} -u h vmware -F - name: Seed secondary storage command: /usr/share/cloudstackcommon/scripts/storage/secondary/cloud-install-sys-tmplt -m {{ tmp_nfs_path }} -u -h kvm -F command: /usr/share/cloudstackcommon/scripts/storage/secondary/cloud-install-sys-tmplt -m {{ tmp_nfs_path }} -u -h xenserver -F
  • 34. Create Playbook /etc/ansible/deploy-cloudstack.yml --- hosts: acs-manager vars: mysql_vip: localhost mysql_root_password: Cl0ud5tack mysql_cloud_password: Cl0ud5tack tmp_nfs_path: /mnt/secondary sec_nfs_ip: IP_OF_YOUR_SECONDARY_STORAGE sec_nfs_path: PATH_TO_YOUR_SECONDARY_STORAGE_MOUNT baseurl: roles: - mysql - cloudstack-manager - include: /etc/ansible/roles/cloudstack-manager/tasks/seedstorage.yml tasks: - include: /etc/ansible/roles/cloudstack-manager/tasks/setupdb.yml
  • 35. Demonstration
  • 36. XenServer Hotfixes Requires the use of Ansible ‘facts’ (until a XenServer module is written)
  • 37. Ansible Facts Written as ‘modules’ in any language that is present on the client Result should be an output in JSON format
  • 38. Ansible Facts /etc/ansible/roles/xenserver/tasks/updatexenserver.yml #!/bin/bash # create a JSON compatible Ansible 'Fact' of patches installed on a XenServer uuid=$uploaded_patch --minimal` ]]; then XENVERSION=`cat /etc/redhat-release | awk -F ' ' '{print $3}' | awk -F '-' '{print $1}'` VER=${XENVERSION//./_} THIS_HOST=`xe host-list --minimal name-label=$HOSTNAME` listUploadedPatches=`xe patch-list --minimal` # output opening section of JSON output echo '{ "ansible_facts": {' # output XenServer version echo " echo ' echo " "`xe patch-param-get param-name=name-label uuid=$uploaded_patch`": "installed"," >> /tmp/ansi_answ_file else echo " "`xe patch-param-get param-name=name-label uuid=$uploaded_patch`": "uploaded"," >> /tmp/ansi_answ_file fi done # remove training comma on last entry in file (then output contents) sed '$s/.$//' /tmp/ansi_answ_file "ansible_xenserver_version": "$VER"," "ansible_xenserver_patches": {' if [ -n "$listUploadedPatches" ]; then # split comma separated list into an array UploadedPatches=${listUploadedPatches//,/$'n'} # remove file rm -f /tmp/ansi_answ_file fi # loop through uploaded patches and output to a temp file for uploaded_patch in $UploadedPatches do if [[ -n `xe patch-list hosts=$THIS_HOST # output closing part of JSON output echo " } }" }
  • 39. Facts [root@XS62-2 tmp]# /root/ { "ansible_facts": { "ansible_xenserver_version": "6_2_0", "ansible_xenserver_patches": { "XS62E004": "uploaded", "XS62E001": "installed", "XS62E002": "installed" } } }
  • 40. Create Update XenServer Task /etc/ansible/group_vars baseurl_cloudstack: pkg_server_datapath: http://fileserver.angusnet.local ss_servers: - - hotfixes-6_2_0: - XS62E001 - XS62E002 - XS62E004 /etc/ansible/hosts [xenserver_hosts] xs62-1.angusnet.local hostname=xs62-1 mgmt_ip= storage_nic_ip= macaddr=d8:9d:67:14:20:f0 pxemac=01-d8-9d-67-14-20-f0 xs62-2.angusnet.local hostname=xs62-2 mgmt_ip= storage_nic_ip= macaddr=d8:9d:67:14:2b:14 pxemac=01-d8-9d-67-14-2b-14
  • 41. Create Update XenServer Task /etc/ansible/roles/xenserver/tasks/update_xenserver.yml --- name: Determine updated and installed patches action: get_xenserver_facts - name: Determine updated and installed patches action: get_xenserver_facts - name: Uploading patch $item to XenServer pool - name: Copying xsupdate files to host shell: "/opt/xensource/bin/xe patch-upload file-name=/tmp/$item.xsupdate" copy: src={{ pkg_server_datapath }}/xenupdates/{{ ansible_xenserver_version }}/{{ with_items: item }}.xsupdate dest=/tmp/ - ${hotfixes-{{ ansible_xenserver_version }}} with_items: only_if: "{{ item not in ansible_xenserver_patches }}" - ${hotfixes-{{ ansible_xenserver_version }}} only_if: "{{ item not in ansible_xenserver_patches }}" - name: Determine updated and installed patches action: get_xenserver_facts - name: Copying '-src-pkgs.tar.bz2' files to host if they exist action: copy src="{{ pkg_server_datapath }}/xenupdates/{{ ansible_xenserver_version }}/{{ item }}-src-pkgs.tar.bz2" dest=/tmp/ with_items: - ${hotfixes-{{ ansible_xenserver_version }}} only_if: "{{ item not in ansible_xenserver_patches }}" ignore_errors: true - name: Applying $item shell: "/opt/xensource/bin/xe patch-apply host-uuid=`xe host-list --minimal namelabel=$HOSTNAME` uuid=`xe patch-list name-label=$item --minimal`" with_items: - ${hotfixes-{{ ansible_xenserver_version }}} only_if: "'{{ ansible_xenserver_patches[item] }}' != 'installed'"
  • 42. Questions ?
  • 43. Resources Slides: Blogs: Email: Twitter: @CloudyAngus Web:
  • 44. Ansible & CloudStack Configuration Management Paul Angus Cloud Architect @CloudyAngus @ShapeBlue