Ansible and OpenStack introduction

Ansible is a configuration management tool. It can take a YAML file describing how the result should look like (e.g. list of installed sotware or given config options) called playbook and perform steps to make it happen. It uses SSH for connection to the target machines (called inventory), so no agent or other special software is needed on controlled machines.

One of very nice features of Ansible is idempotency - if the playbook runs multiple times on already configured machine, nothing is changed. There is a huge amount of modules which allow control various types of services.

Ansible playbook can executed locally in console or using Tower which is a web interface providing more automation and dashboard features.

Check for more details and a get started guide.

Ansible and OpenStack

There are two main areas where Ansible interacts with OpenStack.

  1. Installation / deployment (e.g. TripleO)
  2. Day 2 management operations (like booting VMs or creating Volumes)

This article will focus on management operations on already running OpenStack which is provided by OpenStack Cloud module.

Credentials for OpenStack

A typical way to pass OpenStack credentials (endpoint url, username, password, domain_id, etc.) is to set expected shell environment variables. E.g. by sourcing a file with a content similar to following example:

export OS_USERNAME=admin
export OS_TENANT_NAME=admin
export NOVA_VERSION=1.1
export OS_PROJECT_NAME=admin
export OS_AUTH_URL=

Even Ansible OpenStack modules can use these environment variables, it is more flexible to use a clouds.yaml file.

OpenStack credentials with clouds.yaml

There is a specific yaml file which can be generated by OpenStack installer software or maintained manually. Its name is clouds.yaml and it can contain credentials and configuration for mutliple cloud providers. See example with OpenStack Undercloud and Overcloud access:

        password: <SOME_PASSWORD_UC>
        project_name: admin
        username: admin
#END undercloud PARAMETERS
        password: <SOME_PASSWORD_OC>
        project_domain_name: Default
        project_name: admin
        user_domain_name: Default
        username: admin
    identity_api_version: '3'

This file structure is supported by Ansible and if clouds.yaml file is in one of expected locations, Ansible OpenStack modules will use.

Using Ansible playbook to get the clouds.yaml

The clouds.yaml file should be created by OpenStack installer tool, so it is easy to utilize Ansible playbook to get the credentials locally. A directory expected to contain clouds.yaml file is ~/.config/openstack (it might be needed to provide a full path, if the playbook doesn't expand it automatically).

Following code ensures that the local directory exists and downloads the file from remote OpenStack machine (a SSH alias lab was used to connect to the machine).

- name: Fetch OpenStack credentials from lab
  hosts: lab
  - name: Check local openstack config directory
      path: ~/.config/openstack
      state: directory
  - name: Fetch clouds.yaml file from lab machine
      src: clouds.yaml
      dest: ~/.config/openstack/clouds.yaml

Execute the playbook

The playbook execution requires a file name which contains YAML mentioned in previous step and name of the machine where the clouds.yaml is stored.

$ ansible-playbook osp_lab_auth_playbook.yml -i lab,

Finally, there should be clouds.yaml file present on the local machine and ready for use!


This article introduced Ansible tool and showed how to run the playbook to get OpenStack credentials. Next article will focus on working with the OpenStack like creating Flavor, uploading Image and booting a VM.

#openstack #ansible