| date | draft | weight | title |
|---|---|---|---|
2016-05-09 |
false |
14 |
Lab 14 - Ansible |
| Mon | Mon | Mon | Mon | Tue | Tue | Tue | Tue | Wed | Wed | Wed | Thur | Thur | Thur | Thur |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 00 | 01 | 02 | 03 | 04 | 05 | 06 | 07 | 08 | 09 | 10 | 11 | 12 | 13 |  |
The objective of this lab is to introduce you to the basics of ansible. You will learn the syntax and mechanisms for one-off commands, inventories to reach multiple hosts, and playbooks to accomplish complex and multi-part tasks.
An appropriate ssh environment amiable to ansible has been setup for you inside this lab environment. This is usually a non-trivial amount of work which involves setting up passwordless sudoers and distributing public keys.
The final portion of this lab will focus on using ansible to fix a specific OpenStack configuration issue.
Ansible documentation is found here: http://devdocs.io/ansible/
-
SSH into the root user on your controller
-
De-elevate your privileges to the normal user
centos[root@controller ~]#su centos[centos@controller ~]#cd -
Ensure ansible is installed. Warning, the first RedHat mirror is down and the system S-L-O-W-L-Y advances to the next mirror. control-c will immediately advance you to the next mirror. We will use ansible to fix this!
[centos@controller ~]$sudo yum install ansible[centos@controller ~]$ansible -h | lessIf the above hangs: control-c will advance you to the next mirror and let it run!
When the install is complete, enter the lower case "y" to say yes to the installIt's always useful to check out the help file. Take a second and look for some key words which should be familiar from the lecture.
-
Create a simple
hostsfile with the following content:[centos@controller ~]$vim hostsEnter:
ilower case i to enter INSERT mode.Enter this content:
192.168.0.10Enter:
Escape:wq -
Use the ping ansible module to test connectivity to the controller
[centos@controller ~]$ansible all -i hosts -m ping192.168.0.10 | success >> { | "changed": false, | "ping": "pong" | }The above text will be GREEN.
Refer back to the help command and read what each of these flags represent. -
Gather Facts about controller with ansible
[centos@controller ~]$ansible all -i hosts -m setup | lessSkim through these facts and look for interesting values. How many processor cores does this node have? Which Linux kernel? Which release of CentOS is it running? All of these variables are available to your playbooks, these can be very useful for eliminating many repetitive information gathering tasks in your environments!
-
Now lets replace what is in our hosts file with the following content. Type the following command:
[centos@controller ~]$vim hostsEnter:
ilower case i to enter INSERT mode.Enter this content:
[openstack] controller ansible_ssh_host=192.168.0.10 neutron ansible_ssh_host=192.168.0.11 compute1 ansible_ssh_host=192.168.0.12 compute2 ansible_ssh_host=192.168.0.13Enter:
Escape:wq -
Confirm that you did NOT forget to make [openstack] the fist entry in your hosts file!
cat hosts -
Ping all your hosts
[centos@controller ~]$ansible all -i hosts -m pingThe "all" pattern targets all hosts in the inventory -i specifies a certian inventory file (a listing of hosts) "hosts" is the traditional inventory filename. -m specifies a certian module, in this case "ping"
-
Try different
host-patterns and modules[centos@controller ~]$ansible openstack -i hosts -m command -a 'hostname'[centos@controller ~]$ansible controller -i hosts -m command -a 'whoami'[centos@controller ~]$ansible openstack -i hosts -m command -a '/usr/sbin/ip addr'Read about modules [HERE] (http://docs.ansible.com/ansible/list_of_all_modules.html) Check out the custom Open Stack modules while you are at this link!
-
Red ink - this command will fail
[centos@controller ~]$ansible openstack -i hosts -m yum -a 'name=htop state=installed'NOTE: This step may take a moment to complete.
In the playbook we will implement later in this lab, take notice how we turn this red ink to green. -
Gather some information about our compute nodes
[centos@controller ~]$ansible compute1 -i hosts -m setup | grep vcpus[centos@controller ~]$ansible compute2 -i hosts -m setup | grep vcpus
At this point you now know how to run ansible one-off commands. These can be very useful for making changes and gathering information from your systems quickly and efficiently from a central location. Next we will use an ansible playbook to accomplish an ordered list of tasks.
Ansible playbooks are an efficient way to organize a list of ordered tasks. These tasks are grouped into a play which specify which hosts will be configured. In this section we will make a simple playbook that installs a new program to our controller.
-
Download the
sl.ymlplaybook, inspect it, and run it[centos@controller ~]$curl https://alta3.com/labs/files/sl.yml[centos@controller ~]$curl https://alta3.com/labs/files/sl.yml > sl.yml[centos@controller ~]$less sl.yml[centos@controller ~]$ansible-playbook -i hosts sl.ymlNote that we did not need to enumerate the host-pattern in this command! My fingers feel less tired already!
-
Run it again and see how the
PLAY RECAPis different[centos@controller ~]$ansible-playbook -i hosts sl.yml -
Use the new application (don't forget to read the man page!)
[centos@controller ~]$sl[centos@controller ~]$man sl
First we will see what is broken. There is a configuration issue with Nova VNC Proxy service. This service allows a user to view and interact with an instance console from the web browser, a super useful feature! In order to configure this service correctly the controller and the compute nodes need to know the external ip address of the controller in order to correctly direct the browser to the vnc proxy resource. Because your lab environment was stood up just for you, your external ip address is not predictable. As a result this service is incorrectly configured and pointing to an incorrect public ip address.
In this section we will read and run a playbook that fixes this issue.
-
Clone the
ansible-novncrepository[centos@controller ~]$git clone https://github.com/bryfry/ansible-novnc.git[centos@controller ~]$cd ansible-novnc -
Read the
novnc.ymland confguration template file[centos@controller ansible-novnc]$less novnc.yml[centos@controller ansible-novnc]$less files/nova-controller.conf.j2[centos@controller ansible-novnc]$less files/nova-compute.conf.j2 -
We actually care about the
vncrelated parameters, let's filter on that[centos@controller ansible-novnc]$grep vnc files/nova-controller.conf.j2[centos@controller ansible-novnc]$grep vnc files/nova-compute.conf.j2 -
Run the
novnc.ymlplaybook[centos@controller ansible-novnc]$ansible-playbook -i hosts novnc.yml -
Match up each
PLAYandTASKwith the corresponding portion of the playbook below -
Let's go use the vnc service! Open the OpenStack Horizon interface (log in as admin / alta3)
-
Launch an instance or navigate to a launched instance
-
Click the console tab
-
Open the console in a separate window
-
Accept the privacy exception, we're using a self signed certificate
-
View and interact with the console
-
Refresh the page the console tab page, it should also work now
This is only a very small subset of the use cases for ansible. Like any tool you can customize and utilize it to fit your environments needs. Especially reccomended is to use ansible in combination with a revision control system (like git). This allows for a succinct and manageable orchestration of your environments throughout time. The sky is definitely the limit!