on
Ansible and OpenStack introduction
Ansible is a configuration management tool. It can take a YAML file describing how the result should look like (e.g. list of installed sotware or given config options) called playbook and perform steps to make it happen. It uses SSH for connection to the target machines (called inventory), so no agent or other special software is needed on controlled machines.
One of very nice features of Ansible is idempotency - if the playbook runs multiple times on already configured machine, nothing is changed. There is a huge amount of modules which allow control various types of services.
Ansible playbook can executed locally in console or using Tower which is a web interface providing more automation and dashboard features.
Check https://www.ansible.com/overview/how-ansible-works for more details and a get started guide.
Ansible and OpenStack
There are two main areas where Ansible interacts with OpenStack.
- Installation / deployment (e.g. TripleO)
- Day 2 management operations (like booting VMs or creating Volumes)
This article will focus on management operations on already running OpenStack which is provided by OpenStack Cloud module.
Credentials for OpenStack
A typical way to pass OpenStack credentials (endpoint url, username, password, domain_id, etc.) is to set expected shell environment variables. E.g. by sourcing a file with a content similar to following example:
export OS_USERNAME=admin
export OS_TENANT_NAME=admin
export NOVA_VERSION=1.1
export OS_PROJECT_NAME=admin
export OS_PASSWORD=<SOME_PASSWORD_OC>
export OS_AUTH_URL=http://10.0.0.107:5000/v2.0
Even Ansible OpenStack modules can use these environment variables, it is more flexible to use a clouds.yaml file.
OpenStack credentials with clouds.yaml
There is a specific yaml file which can be generated by OpenStack installer software or maintained manually. Its name is clouds.yaml and it can contain credentials and configuration for mutliple cloud providers. See example with OpenStack Undercloud and Overcloud access:
#BEGIN HEADER
clouds:
#END HEADER
#BEGIN undercloud PARAMETERS
undercloud:
auth:
auth_url: http://192.168.24.1:5000/v2.0
password: <SOME_PASSWORD_UC>
project_name: admin
username: admin
#END undercloud PARAMETERS
#BEGIN overcloud PARAMETERS
overcloud:
auth:
auth_url: http://10.0.0.107:5000/v3
password: <SOME_PASSWORD_OC>
project_domain_name: Default
project_name: admin
user_domain_name: Default
username: admin
identity_api_version: '3'
#END overcloud PARAMETERS
This file structure is supported by Ansible and if clouds.yaml file is in one of expected locations, Ansible OpenStack modules will use.
Using Ansible playbook to get the clouds.yaml
The clouds.yaml file should be created by OpenStack installer tool, so it is easy to utilize Ansible playbook to get the credentials locally. A directory expected to contain clouds.yaml file is ~/.config/openstack (it might be needed to provide a full path, if the playbook doesn't expand it automatically).
Following code ensures that the local directory exists and downloads the file from remote OpenStack machine (a SSH alias lab was used to connect to the machine).
- name: Fetch OpenStack credentials from lab
hosts: lab
tasks:
- name: Check local openstack config directory
file:
path: ~/.config/openstack
state: directory
- name: Fetch clouds.yaml file from lab machine
fetch:
src: clouds.yaml
dest: ~/.config/openstack/clouds.yaml
Execute the playbook
The playbook execution requires a file name which contains YAML mentioned in previous step and name of the machine where the clouds.yaml is stored.
$ ansible-playbook osp_lab_auth_playbook.yml -i lab,
Finally, there should be clouds.yaml file present on the local machine and ready for use!
Conclusion
This article introduced Ansible tool and showed how to run the playbook to get OpenStack credentials. Next article will focus on working with the OpenStack like creating Flavor, uploading Image and booting a VM.