Ansible Playbook to manage servers on a pre-existent OpenStack cloud
The recipes contain an openstack role that creates and deletes virtual machines on a OpenStack platform.
This is reached with the OpenStack API and Ansible OS Modules (os_server, os_port, os_volume) and needs the OpenStack Client to perform the operations on OpenStack platform.
In our production environment, we decided to install the OpenStack Client on the "localhost" machine and use inventory group_vars to provide the needed variables.
- Ansible - Tested with Ansible v2.4.0.0
- OpenStack Client
-
Be sure that the OpenStack Client is installed and works when you'll run this Playbook (on localhost in our case)
-
Become ROOT:
sudo su -
-
Retrieve GIT repository of the project:
apt-get install gitcd /opt ; git clone https://github.com/[malavolti|ConsortiumGARR|GEANT]/ansible-openstack.gitcd /opt/ansible-openstack ; git clone https://github.com/[malavolti|ConsortiumGARR|GEANT]/ansible-openstack-inventories.git inventories
-
Create your
.vault_pass.txtthat contains the encryption password (this is needed ONLY when you use Ansible Vault):cd /opt/ansible-openstackopenssl rand -base64 64 > .vault_pass.txt
-
Create the Openstack Client configuration file by copying/filling the templates:
/opt/ansible-openstack/#_environment_#/group_vars/all.yml-template/opt/ansible-openstack/#_environment_#/group_vars/openstack-client.yml-template
into proper
/opt/ansible-openstack/#_environment_#/group_vars/all.ymland/opt/ansible-openstack/#_environment_#/group_vars/openstack-client.ymlfiles. These files will provide to Ansible all variables needed to instance (or delete) virtual machines on Openstack Cloud by its CLI. -
Encrypt the Openstack configuration files with Ansible Vault (Optional: this is needed ONLY when you need Ansible Vault):
cd /opt/ansible-openstackansible-vault encrypt inventories/#_environment_#/group_vars/all.yml --vault-password-file .vault_pass.txtansible-vault encrypt inventories/#_environment_#/group_vars/openstack-client.yml --vault-password-file .vault_pass.txt
-
Execute this command to run Ansible on production inventory and to instance new virtual machine:
ansible-playbook site.yml -i inventories/production/production.ini --vault-password-file .vault_pass.txt
--- development.ini ---
[openstack-client]
localhost
-----------------------
--- production.ini ----
[openstack-client]
localhost
-----------------------
------ test.ini -------
[openstack-client]
localhost
-----------------------
-
Test that the connection with the server(s) is working:
ansible all -m ping -i /opt/ansible-openstack/inventories/#_environment_#/#_environment_#.ini -u debian("debian" is the user used to perform the SSH connection with the client to synchronize)
-
Get the facts from the server(s):
ansible GROUP_NAME -m setup -i /opt/ansible-openstack/inventories/#_environment_#/#_environment_#.ini -u debian
Examples:
- without encrypted files:
ansible GROUP_NAME -m setup -i /opt/ansible-openstack/inventories/#_environment_#/#_environment_#.ini -u debian - with encrypted files:
ansible GROUP_NAME -m setup -i /opt/ansible-openstack/inventories/#_environment_#/#_environment_#.ini -u debian --vault-password-file .vault_pass.txt
("
.vault_pass.txt" is the file you have created that contains the encryption password) -
Encrypt files:
ansible-vault encrypt inventories/#_environment_#/group_vars/all.yml --vault-password-file .vault_pass.txtansible-vault encrypt inventories/#_environment_#/group_vars/openstack-client.yml --vault-password-file .vault_pass.txt
-
Decrypt Encrypted files:
ansible-vault decrypt inventories/#_environment_#/group_vars/all.yml --vault-password-file .vault_pass.txtansible-vault decrypt inventories/#_environment_#/group_vars/openstack-client.yml --vault-password-file .vault_pass.txt
-
View Encrypted files:
ansible-vault view inventories/#_environment_#/group_vars/all.yml --vault-password-file .vault_pass.txtansible-vault view inventories/#_environment_#/group_vars/openstack-client.yml --vault-password-file .vault_pass.txt
- Marco Malavolti ([email protected])