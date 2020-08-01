Successfully reported this slideshow.
HKOSCon x COSCUP 2020 Special Track Ansible: From VM to Kubernetes Edison Wong 2020-08-01
By using Ansible for DevOps, we could manage both VM, Docker image provision, Kubernetes and CephFS provision, or even Kubernetes Pod runtime management.

  1. 1. HKOSCon x COSCUP 2020 Special Track Ansible: From VM to Kubernetes Edison Wong 2020-08-01
  2. 2. Wong Hoi Sing, Edison ● 2005 - Drupal Developer & Contributor – https://drupal.org/user/33940 ● 2008 - HKDUG Co-founder – https://groups.drupal.org/drupalhk ● 2010 - CEO, PantaRei Design – hswong3i@pantarei-design.com HKOSCon x COSCUP 2020 Special Track
  3. 3. Wong Hoi Sing, Edison (cont.) ● 2018 - HKOSCON – Containerized High Availability Virtual Hosting Deplo yment with Kubernetes, Docker and Ansible ● 2019 - HKOSCON – DevOps with Ansible, From Native to Kubernetes ● 2020 - HKOSCON – Ansible: From VM to Kubernetes ● 2020 - HKOSCon x COSCUP
  4. 4. PantaRei Design ● Everything Changes and Nothing Remains Still ● Reinvent Enterprise with Open Source Software and Cloud Computing ● Hong Kong based FOSS service provider – Content Management System (CMS) with Drupal – Cloud Hosting Solution with Amazon Web Services (AWS) – Team collaborate solution with Atlassian ● Business Partner with industry leaders – 2012, AWS Consulting Partner – 2013, Acquia Partner – 2013, Atlassian Experts – 2014, Rackspace Hosting Partner ● http://pantarei-design.com
  5. 5. Outline ● HKOSCON 2019 ● Why DevOps with Ansible? ● Ansible with VM ● Ansible with Docker ● Ansible with Kubernetes ● Tips & Tricks ● Roadmap ● Q&A
  6. 6. HKOSCON 2019 ● Ansible Role with Molecule + LXD ● Docker Build with Ansible ● Kubernetes with Molecule + Vagrant + VirtualBox
  7. 7. Ansible Role with Molecule + LXD ● Molecule LXD driver + Travis CI ● Could mock up 80% use cases ● Lack of cgroup/network/device support ● (2020) Improved with Vagrant + Libvirt + Travis CI
  8. 8. Docker Build with Ansible ● Ansible playbook drive by Dockerfile, inside target container ● Reduce custom bash shell scripting ● (2020) Improved with Molecule Docker driver + `docker commit`
  9. 9. Kubernetes with Molecule + Vagrant + VirtualBox ● Molecule Vagrant driver + VirtualBox for local test ● Slow, limited OS, no Travis CI ● (2020) Improved with Vagrant + Libvirt + Travis CI
  10. 10. Why DevOps with Ansible? ● SysAdmin Daily Difficulties ● Why DevOps? ● Why Ansible?
  11. 11. SysAdmin Daily Difficulties ● Different deployment target ● Test logic before deploy ● Complex cluster management ● Documentation ● No time for learning
  12. 12. SysAdmin Daily Difficulties (cont.) ● Write-once for all cases – Native/Bare Metal/VM – Docker/LXD/Vagrant – OpenStack/AWS/GCE/Azure – Kubernetes/OpenShift/AKS/GKE/EKS
  13. 13. Why DevOps? ● Manual install – Non-repeatable ● Manual install with document – Difficult to manage (Docs to Action) – Always async with production ● Manual scripting – Difficult for everything: learn, write, error detection, debug, etc…
  14. 14. Why DevOps? (cont.) ● DevOps – Deployment logic as code (i.e. revision with GIT) – With error detection and debug tools – Manage multiple deployment target at once (e.g. data center, clustering)
  15. 15. Why Ansible? ● Writing “tasks” in YAML – Human readable == minimize documentation – Easy to learn, when compare with Ruby for Chef or Puppet
  16. 16. Why Ansible? (cont.) A lot of reusable modules – Simplify complicated logic with error detection – Or running “shell” command directly
  17. 17. Why Ansible? (cont.) ● Simple requirement – Python and Password-less SSH – Agent-less for managed node
  18. 18. Ansible with VM ● Ansible CLI ● Ansible Playbook ● Ansible Role ● Molecule + Delegate ● Demo: ansible-role-sshd
  19. 19. Ansible CLI ● Running command on remote guest is simple – ansible -i guest1,guest2, -m ping – ansible -i guest1,guest2, -m apt -a ‘name=vim state=present’ – ansible -i guest1,guest2, -m shell -a ‘uname -a’
  20. 20. Ansible Playbook ● Running multiple “task” once together ● Finer control than running with CLI ● Define your inventory then play with it – ansible-playbook -i inventory/all/hosts playbooks/setup-everything.yml
  21. 21. Ansible Role ● Not just “Tasks”, but also: – Default over-writable variables – Internal static variables – Static files for copy – Template files – Event handlers ● A basic build block for complex architecture – Use Playbook to include different Roles
  22. 22. Ansible Role (cont.) ● Create a new role with ansible-galaxy – mkdir ~/.ansible/roles – cd ~/.ansible/roles – ansible-galaxy init dummy ● You could now test it (run via your localhost) – cd ~/.ansible/roles/dummy – ansible-playbook -i tests/inventory tests/test.yml ● Limited functionality
  23. 23. Ansible Role (cont.) ● Molecule – Testing framework for Ansible – Written in Ansible and Python style – Write your test case in standard Ansible style – Manage test environment life-cycle for you – Code lint – Idempotence (i.e. run twice to confirm no extra changes)
  24. 24. Ansible Role (cont.) ● Create a new Role with molecule – cd ~/.ansible/roles – molecule init role -r dummy2 -d docker – molecule init role -r dummy3 -d lxd – molecule init role -r dummy4 -d vagrant ● Now you could run test inside Docker – cd ~/.ansible/roles/dummy2 – molecule test
  25. 25. Molecule + Delegate (cont.) ● Molecule + Delegate = Ansible Role Installer – Roles dependency management – No custom wrapper playbook – Install into localhost
  26. 26. Demo: ansible-role-sshd ● https://github.com/alvistack/ansible-role -sshd – mkdir ~/.ansible/roles && cd ~/.ansible/roles – git clone https://github.com/alvistack/ansible-role- sshd.git sshd && cd sshd – molecule converge
  27. 27. Ansible with Docker ● Why NOT Dockerfile? ● Why NOT ansible-bender? ● Molecule + Docker ● Demo: docker-jira
  28. 28. Why NOT Dockerfile? ● Back to the origin: why still custom shell scripting? – Difficult for everything: learn, write, error detection, debug, etc…
  29. 29. Why NOT ansible-bender? ● https://github.com/ansible-commu nity/ansible-bender – Build Docker Image with standard Ansible Playbook – Podman + Buildah based – Just need basic Python support inside target container
  30. 30. Why NOT ansible-bender? (cont.) ● PROS – Push image to DockerHub once build successful ● CONS – Could NOT integrate with Travis CI – Only support Podman + Buildah – Not compatible with Molecule
  31. 31. Molecule + Docker ● Molecule + Docker = Docker image creator ● Support both Docker and Podman ● Run as standard Molecule test case ● `docker commit` during destroy phase ● Push result Docker image to remote registry
  32. 32. Molecule + Docker (cont.) ● molecule/*/Dockerfile.j2 – Just define meta data (e.g. FROM, EXPOSE, ENTRYPOINT, CMD, etc) – Minimal RUN (e.g. groupadd, useradd, etc)
  33. 33. Molecule + Docker (cont.) ● molecule/*/create.yml – Create initial base image with meta data as Dockerfile.j2 – Override CMD with `base -c “sleep infinity”` on-the-fly for running test
  34. 34. Molecule + Docker (cont.) ● molecule/*/destroy.yml – Fetch base image meta data – Commit running Docker instance with base image’s CMD/ENTRYPOINT
  35. 35. Demo: docker-jira ● https://github.com/alvistack/docker-jira – Docker Image packaging for Atlassian JIRA – Molecule + Docker – All used Roles are Vagrant + Libvirt tested – Push to DockerHub once Travis CI passed
  36. 36. Ansible with Kubernetes ● Molecule + Vagrant + Libvirt ● Demo: ansible-collection- kubernetes
  37. 37. Molecule + Vagrant + Libvirt ● In case of Ceph OSD, truth block device is required – Not support file-based loop device ● In case of Weave, each Kubernetes node must have unique machine ID – With LXD all instance get the same host machine ID
  38. 38. Molecule + Vagrant + Libvirt (cont.) ● Molecule + Vagrant + Libvirt = 100% mock up ● Support Travis CI ● Support multiple instances for cluster test ● Support multiple OS ● Fully support cgroup/network/block/etc
  39. 39. Demo: ansible-collection- kubernetes ● Ansible + Ceph + Kubernetes + Addon – All Roles tested with Vagrant + Libvirt individually – Simply clone-and-play ● Multiple OS Support – Ubuntu 18.04/20.04 – RHEL/CentOS 7/8 – openSUSE Leap 15.1 – Debian 10 – Fedora 32 ● https://github.com/alvistack/ansible-collection-kubernetes
  40. 40. Demo: ansible-collection- kubernetes (cont.) ● Support different deployment style – Single All-in-One – (Kubernetes + Ceph) x3 – Kubernetes x3 + Ceph x3 – Kubernetes xN + Ceph xN
  41. 41. Demo: ansible-collection- kubernetes (cont.) ● Kubernetes 1.18.3 – CRI-O – CNI: Weave – CSI: CephFS – Ingress Nginx ● Ceph 15.2.3
  42. 42. Demo: ansible-collection- kubernetes (cont.) ● Support individual application deployment per namespace, e.g. – Drupal + Apache + PHP-FPM + MariaDB – Jira + Apache + PostgreSQL ● Support HTTPS with Let’s Encrypt
  43. 43. Demo: ansible-collection- kubernetes (cont.) ● Fetch source – git clone https://github.com/alvistack/ ansible-collection-kubernetes.git && cd ansible-collection-kubernetes – git submodule update --init –recursive
  44. 44. alvistack/ansible-collection- kubernetes (cont.) ● Setup inventory – cp -rfp inventory/default inventory/all – vi inventory/all/hosts
  45. 45. alvistack/ansible-collection- kubernetes (cont.) ● Run the playbook – ansible-playbook -i inventory/all/hosts playbooks/coverge.yml
  46. 46. Tips & Tricks ● Always Start Development with Test Cases ● Simple Deployment Goes Molecule + Delegate ● Complex Test Cases Always Goes Molecule + Vagrant + Libvirt + Travis CI ● Create Docker Image After Molecule Test Case by Docker Commit
  47. 47. Tips & Tricks (cont.) ● Install Packages – Official / PPA – Distribution Repo – Official Static Binary – Compile from Source Code
  48. 48. Tips & Tricks (cont.) ● Official Static Binary – CRI-O/Podman/Buildah/Skopeo official repo lack of multiple OS and multiple package version support – Compile from source take too long time on each machine – No official static binary, yet
  49. 49. Tips & Tricks (cont.) ● Nix Static Binary – Pre-compile CRI-O/Podman/Buildah/Skopeo static binary with nix ● https://github.com/cri-o/cri-o/pull/3804 – Upload nix static binary to GitHub fork ● https://github.com/alvistack/cri-o/releases/tag/v1.18.3 – Install nix static binary with Ansible Role ● https://github.com/alvistack/ansible-role-cri_o/blob/devel op/vars/main.yml
  50. 50. Roadmap ● Migrate everything from Docker to Podman/Buildah/Skopeo ● Handle Kubernetes Addons with Ansible Operator
  51. 51. Q&A
  52. 52. Contact Us ● Address: Unit 326, 3/F, Building 16W, No.16 Science Park West Avenue, Hong Kong Science Park, Shatin, N.T. ● Phone: +852 3576 3812 ● Fax: +852 3753 3663 ● Email: sales@pantarei-design.com ● Web: http://pantarei-design.com

