Ansible & CloudStack Cloud Era Configuration Management Paul Angus Cloud Architect paul.angus@shapeblue.com @CloudyAngus @ShapeBlue
Ansible & CloudStack Configuration Management Ansible Using Ansible with CloudStack @ShapeBlue #CloudStack #CCCEU14
About Me Who am I Cloud Architect with ShapeBlue Worked with CloudStack since 2.2.13 Specialising in deployment of CloudStack and supporting infrastructure Orange, TomTom, PaddyPower, Ascenty, BSkyB, SunGard, T ‐ Mobile I view CloudStack from ‘What can cloud consumers practically do with it’ point ‐ of ‐ view @ShapeBlue #CloudStack #CCCEU14
@ShapeBlue #CloudStack #CCCEU14
About ShapeBlue “ShapeBlue are expert builders of public & private clouds. They are the leading global independent CloudStack / CloudPlatform integrator & consultancy” @ShapeBlue #CloudStack #CCCEU14
Ansible & CloudStack What is Configuration Management? @ShapeBlue #CloudStack #CCCEU14
What is Configuration Management? Configuration management is the philosophy of defining the state that a server should be in wrt it’s configuration and using tools that achieve that state CM gives centralisation of configuration data and actions Configuration Management tools should be idempotent @ShapeBlue #CloudStack #CCCEU14
Er, Idempotent? Operations in mathematics and computer science, that can be applied multiple times without changing the result beyond the initial application. (you asked) @ShapeBlue #CloudStack #CCCEU14
Er, Idempotent? CloudStack Example: You need to add the following lines to the default my.cnf: innodb_rollback_on_timeout=1 innodb_lock_wait_timeout=600 max_connections=350 A sed command would add the lines sed ‐ i ‐ e '/symbolic ‐ links=0/ a\innodb_rollback_on_timeout=1' ‐ e '/symbolic ‐ links=0/ a\innodb_lock_wait_timeout=600' ‐ e '/symbolic ‐ links=0/ a\max_connections=350' /etc/my.cnf But if you needed to run your script to update/restore another setting then the addition of these lines would be repeated A configuration management tool would not add these lines again if rerun. @ShapeBlue #CloudStack #CCCEU14
Er, Idempotent? CloudStack Example: In a configuration management you would specify that these lines: innodb_rollback_on_timeout=1 innodb_lock_wait_timeout=600 max_connections=350 should exist in the my.cnf file The configuration management tool would only add these lines if they don’t exist. @ShapeBlue #CloudStack #CCCEU14
What is Configuration Management? I need these services to be installed and running I need this configuration file to contain these lines I need this file to exist in this directory Centralisation of configuration Creation of reusable template configurations i.e. web servers, database servers, DHCP servers, CloudStack management servers @ShapeBlue #CloudStack #CCCEU14
Ansible & CloudStack Ansible @ShapeBlue #CloudStack #CCCEU14
Why Ansible Technical: Client/Server architecture not required Only SSH connectivity required (password or public/private keys) …making it easier to deploy in environments Modules can be in any language capable of returning JSON or key=value text pairs Has an API User: Much shallower learning curve Don’t need to learn a programming language (i.e. Ruby) Not as many pre ‐ existing playbooks (recipes/manifests) about, but improving with Ansible Galaxy @ShapeBlue #CloudStack #CCCEU14
Ansible & CloudStack Where to use Ansible @ShapeBlue #CloudStack #CCCEU14
Where to Use Ansible Building CloudStack RPMs from source Deploying management infrastructure Deploying hosts Configuration changes to hosts and management VMs Patching of hosts and management VMs Deployment & configuration of guest VMs @ShapeBlue #CloudStack #CCCEU14
Ansible & CloudStack How to use Ansible @ShapeBlue #CloudStack #CCCEU14
How to use Ansible Host Inventories Roles Tasks Variables (hosts or groups) Modules Templates Playbooks @ShapeBlue #CloudStack #CCCEU14
Installing Ansible # rpm ‐ ivh http://www.mirrorservice.org/sites/dl.fedoraproject.org/pub/epel/6/i386/epel ‐ release ‐ 6 ‐ 8.noarch.rpm # yum install ‐ y python ‐ pip # pip install ansible Directory /etc/ansible is created @ShapeBlue #CloudStack #CCCEU14
Creating an Ansible ‘Server’ Install git pull Ansible ‘ansible ‐ repo’ @ShapeBlue #CloudStack #CCCEU14
Building of RPMs from Source David Nalley @ke4qqq http://buildacloud.org/blog/312 ‐ building ‐ cloudstack ‐ rpms ‐ with ‐ ansible.html @ShapeBlue #CloudStack #CCCEU14
Ansible & CloudStack Using Ansible with CloudStack @ShapeBlue #CloudStack #CCCEU14
Using Ansible with Guest VMs Use Ansible to create Use Ansible to configure Use Ansible to maintain guest VMs guest VMs guest VMs Create/deploy Ansible •CloudMonkey •Dynamic Inventories •Dynamic Inventories server environment •CloudStack/Ansible module •Call back •Playbooks (WIP) •Roles •EC2 module? •UserData + ansible ‐ pull @ShapeBlue #CloudStack #CCCEU14
Dynamic Inventories Dynamic Inventories: CloudStack – Written by Sebastien Goasguen EC2 Cobbler BSD Jails Digital Ocean Linode OpenShift OpenStack Nova Red Hat's SpaceWalk Vagrant (not to be confused with the provisioner in vagrant) Zabbix AnsibleWorks AWX also provides a database to store inventory results that is both web and REST Accessible. AWX syncs with all Ansible dynamic inventory sources. @ShapeBlue #CloudStack #CCCEU14
Using Ansible with Guest VMs A toolset is required to determine that a new webserver etc is required and to tell Ansible to create and configure it. @ShapeBlue #CloudStack #CCCEU14
Ansible & CloudStack Deploying a CloudStack Management Server @ShapeBlue #CloudStack #CCCEU14
CloudStack Management Server Prereqs Creating roles, templates, tasks & playbooks @ShapeBlue #CloudStack #CCCEU14
Pre ‐ Requisites A CentOS 6.4 host to install CloudStack on and one for Ansible An IP address already assigned on the ACS management host The ACS management host should have a resolvable FQDN (either through DNS or the host file on the ACS management host) Internet connectivity on the ACS management host @ShapeBlue #CloudStack #CCCEU14
CloudStack Management Server Create MySQL role Create CloudStack role Create DB deployment task Create Seed secondary storage task Create Playbook @ShapeBlue #CloudStack #CCCEU14
Create MySQL role /etc/ansible/roles/mysql/tasks/main.yml ‐‐‐ ‐ max_connections=350 ‐ name: Ensure mysql server is installed ‐ log ‐ bin=mysql ‐ bin yum: name=mysql ‐ server state=present ‐ binlog ‐ format = 'ROW' ‐ name: Ensure mysql python is installed ‐ name: Ensure MySQL service is started yum: name=MySQL ‐ python state=present service: name=mysqld state=started ‐ name: Ensure selinux python bindings are installed ‐ name: Ensure MySQL service is enabled at boot yum: name=libselinux ‐ python state=present service: name=mysqld enabled=yes ‐ name: Ensure cloudstack specfic my.cnf lines are present ‐ name: Ensure root password is set lineinfile: dest=/etc/my.cnf regexp='$item' insertafter="symbolic ‐ links=0" mysql_user: user=root password=$mysql_root_password host=localhost line='$item' ignore_errors: true with_items: ‐ skip ‐ name ‐ resolve ‐ name: Ensure root has sufficient privileges ‐ default ‐ time ‐ zone='+00:00' mysql_user: login_user=root login_password=$mysql_root_password ‐ innodb_rollback_on_timeout=1 user=root host=% password=$mysql_root_password priv=*.*:GRANT,ALL state=present ‐ innodb_lock_wait_timeout=600 @ShapeBlue #CloudStack #CCCEU14
Create CS Manger role /etc/ansible/roles/cloudstack ‐ management/tasks/main.yml ‐‐‐ get_url: url=http://download.cloud.com.s3.amazonaws.com/tools/vhd ‐ util dest=/usr/share/cloudstack ‐ common/scripts/vm/hypervisor/xenserver/vhd ‐ ‐ name: Ensure selinux python bindings are installed util mode=0755 yum: name=libselinux ‐ python state=present ‐ name: Ensure the Apache Cloudstack Repo file exists as per template template: src=cloudstack.repo.j2 dest=/etc/yum.repos.d/cloudstack.repo ‐ name: Ensure selinux is in permissive mode command: setenforce permissive ‐ name: Ensure selinux is set permanently selinux: policy=targeted state=permissive ‐ name: Ensure CloudStack packages are installed yum: name=cloudstack ‐ management state=present ‐ name: Ensure vhdutil is in correct location @ShapeBlue #CloudStack #CCCEU14
Create CS Repo Template /etc/ansible/roles/cloudstack ‐ manager/templates/cloudstack.repo.j2 name=cloudstack baseurl=http://${baseurl_cloudstack} enabled=1 gpgcheck=0 @ShapeBlue #CloudStack #CCCEU14
Create DB Deployment Task /etc/ansible/roles/cloudstack ‐ management/tasks/setupdb.yml ‐‐‐ ‐ name: cloudstack ‐ setup ‐ databases command: /usr/bin/cloudstack ‐ setup ‐ databases cloud:{{ mysql_cloud_password }}@{{mysql_vip}} ‐‐ deploy ‐ as=root:{{ mysql_root_password }} ‐ name: Setup CloudStack manager command: /usr/bin/cloudstack ‐ setup ‐ management @ShapeBlue #CloudStack #CCCEU14
Recommend
More recommend