Use Case: Cloudstack + Ansible

May, 18th 2017 Sebastian Bretschneider Cloud Infrastructure Architect

Use case: Cloudstack + Ansible

classification: classification: | version: public 1.1

About Me

. Sebastian Bretschneider

. Since 2011 System Engineer at BIT.Group GmbH – member of intelligence group

. Cloudstack . Ansible

. Ceph https://twitter.com/se_bre https://www.linkedin.com/in/sebastian-bretschneider-030a72124 . Linux https://github.com/se-bre . Infrastructure

CloudStack Berlin & Dresden, Germany classification: classification: public https://www.meetup.com/german-CloudStack-user-group Ansible Dresden, Germany

https://www.meetup.com/Ansible-Dresden

Overview BIT.Group GmbH – member of itelligence group

. 350+ employees in Dresden, Bautzen, Hanover and Shanghai . SAP Consulting, Development and Support . SAP partner and service provider for SAP SE

SAP BASIS Workshops BIT Service Desk IT Consulting IT Service Management Application Lifecycle Management SAP Solution Manager

SAP partner SAP Service & Support classification: public Cloud IT Infrastructure Management Development International

ITIL SAP HANA

BIT.Group GmbH as part of itelligence / NTT DATA Group

. Since June 2016 BIT.Group GmbH officially part of itelligence and NTT DATA Group . Know-how, flexibility and internationality as part of NTT DATA network

. Together internationally leading full

IT service provider with: classification: public

SAP customers 40+ countries in SAP revenue worldwide SAP experts worldwide 5/18/2017 5

Content

1. Challenge 2. Environment 3. Ansible 4. Examples 5. Parts 6. Big Picture

7. Results

classification: classification: public

Challenge

. User friendly interface with all sub-services

. All operations changeable by admins

. Make cloud–consistent configuration

. Use open source

. Scalability classification: classification: public

. Simple 5/18/2017 7

Environment

. Hypervisor . Automation . Storage . KVM . Ansible . Ceph . NFS

. Network . BIT.Cloud . VLAN . Portal . Shared networks . Ansible Daemon

. Isolated networks classification: public

What is Ansible

Agentless

Simple . Predictable, reliable and secure . Get productive quickly . Agentless architecture . Human readable . Use Open SSH & WinRM automation . No agents to exploit or . No special coding skills update required . Tasks executed in order

. Workflow orchestration 5/18/2017 9

Ansible Modules

. Cloudstack Modules . cs_facts – Gather facts on instances . cs_firewall – Manages firewall rules . cs_ip_address – Manages public IP address associations . cs_volume – Manages volumes . …

. cs_domain . cs_cluster

. … classification: classification: public . 36 Cloudstack modules overall (April 2017)

. Development/Improvements by BIT.Group

Get it working

. Python module . pip install cs . apt-get install python-cs

. Credentials File . .cloudstack.ini home directory . CLOUDSTACK_CONFIG environment variable pointing to .ini file . Cloudstack.ini working directory

. cloudstack.ini

[cloudstack] # global or region – passed by arg api_region classification: classification: public endpoint = https://cloudstack-management.server/client/api key = api key

Timeout = 60 5/18/2017 11

Workflow

cs_instance

classification: classification: public

Workflow

build

classification: classification: public

Workflow

configure

classification: classification: public

Examples: CloudStack VM

. Playbook . hosts: localhost roles: - cs-vm

. Role: tasks/main.yml . block: - include: tasks/create_vm.yml - include: tasks/add_ansible_host.yml - include: tasks/ssh_key_rollout.yml

when: vm_action == „create“ classification: public

[ … ]

Examples: CloudStack VM

. create_vm.yml . name: Creating Virtual Machine local_action: module: cs_instance

name: "{{ vm_name }}" template: "{{ os_template }}" hypervisor: "{{ cs_hypervisor }}" project: "{{ cs_project }}" zone: "{{ cs_zone }}" service_offering: "{{ cs_service_offering }}" networks: "{{ cs_networks }}" domain: "{{ cs_domain }}" tags:

- { key: CostCenter, value: "{{ vm_costcenter }}" } classification: public

state: started

Examples: Port Forwarding

. add_portforwarding.yml . name: Forwarding Ports in CloudStack local_action: module: cs_portforward domain: "{{ cs_domain }}" project: "{{ cs_project }}" ip_address: "{{ cs_public_ipv4 }}" vm: "{{ vm_name }}" public_port: "{{ public_port }}" public_end_port: "{{ public_end_port }}" private_port: "{{ private_port }}" private_end_port: "{{ private_end_port }}" protocol: "{{ proto }}" open_firewall: "{{ open_firewall }}"

state: present classification: public

Parts

. Portal

. API . Communication with Services . User/Customer Interface

classification: classification: public

Parts

. Daemon

. playbook handling – list, run, run command, read metadata . job handling – overview (running jobs), status, notify (Portal) . statistics – failed, queue, running, abort . job scheduling – reschedule failed, delay, cron

. REST API via HTTPS

. json response

classification: classification: public

All together

Portal Cloudstack

write

read

VMs classification: classification: public

Ansible + Daemon

Use Case

. Results . UI with integrated Services . CloudStack . Automation . User / Role Management . Tickets, Monitoring, Backup, …

. Write Operations with Ansible only

. Modular Design classification: classification: public . OpenSource

. Scalable 5/18/2017 Questions?`

Contact Sebastian Bretschneider Cloud Infrastucture Architect T +49 3591 5253-1214

[email protected] classification: classification: | author:public 1.1 Sebastian| version: Bretschneider

We make the most of SAP® solutions! 5/18/2017 endorse your use third of Thestatutory for personal injuryanddefective liability products notaffected. is over hascontrol itelligenceno infor the cases or intent gross of negligence. direct,withoutlimitation damagesfor special, includingindirect, have or liability noof any kind shall itelligenceconseq provided withouta warranty warrantiesanytheeither to express notimplied limited of kind, but of me or implied,including for responsibility errors this document. or omissions does warrantitelligencein not theaccuracy or completeness infof the strategies,intended anypartito itelligence developments upon intended be andtoproduct bindingnot and functionalitiesis documentthis proprietary Theis information in Thisto documentaitelligence. preliminary is version andnotsubject to you trademarks theirrespective of companies. Data documentcontainedthis inserves informationalpurposes only.Nationalproduc Some software products marketed by andAG itelligenceits distributors containproprietary software components other of softw part may No be publicationreproduced of this or transmittedany or form anypurpose infor withoutthe express permission of Copyright itelligence AG itelligence Copyright - party Web pages nor provide anywarranty whatsoever relatingto third - All rights reservedrights All - party Web pages. uen mat tial damagestial thatmay result thefrom theseuse of materials.not apply shall inThis limitation orm ionthat you may access these containedmaterialshotinuselinksthrough the of anddoes not r r l rch cul icense agreementicense or anyother agreement itelligence.Thiswithdocument contains only ation,text, graphics, or other links,itemsthismaterial. containedwithin document This is ar ar course of business, product strategy, and/or development. assumes itelligence no antability, afitness for particular purpose, or non it are t s elligence AG. containedTheinformationherein may elligence be changed notice.withoutprior pecifications may vary. vendors. product All and service names mentionedandassociated logos displayed are the - infringement.