Vagrant, Ansible, and OpenStack on your laptop
Download as PPTX, PDF•39 likes•11,244 views
The document discusses using Ansible and Vagrant together to easily test and deploy OpenStack. Ansible allows writing idempotent infrastructure scripts, while Vagrant allows testing them by booting reproducible virtual machines. The document provides an example of using Ansible plays to install NTP and using Vagrant to define VMs for an OpenStack controller and compute node.
![Setting up OpenStack for production is
complex and error-prone
2012-08-04 12:31:56 INFO nova.rpc.common [-] Reconnecting to AMQP server on localhost:5672
2012-08-04 12:31:56 ERROR nova.rpc.common [-] AMQP server on localhost:5672 is unreachable:
[Errno 111] ECONNREFUSED. Trying again in 30 seconds.
2012-08-04 12:31:56 TRACE nova.rpc.common Traceback (most recent call last):
2012-08-04 12:31:56 TRACE nova.rpc.common File "/usr/lib/python2.7/dist-
packages/nova/rpc/impl_kombu.py", line 446, in reconnect
2012-08-04 12:31:56 TRACE nova.rpc.common self._connect()
2012-08-04 12:31:56 TRACE nova.rpc.common File "/usr/lib/python2.7/dist-
packages/nova/rpc/impl_kombu.py", line 423, in _connect
2012-08-04 12:31:56 TRACE nova.rpc.common self.connection.connect()
2012-08-04 12:31:56 TRACE nova.rpc.common File "/usr/lib/python2.7/dist-
packages/kombu/connection.py", line 154, in connect
2012-08-04 12:31:56 TRACE nova.rpc.common return self.connection
2012-08-04 12:31:56 TRACE nova.rpc.common File "/usr/lib/python2.7/dist-
packages/kombu/connection.py", line 560, in connection
2012-08-04 12:31:56 TRACE nova.rpc.common self._connection = self._establish_connection()
2012-08-04 12:31:56 TRACE nova.rpc.common File "/usr/lib/python2.7/dist-
packages/kombu/connection.py", line 521, in _establish_connection
2012-08-04 12:31:56 TRACE nova.rpc.common conn = self.transport.establish_connection()
2012-08-04 12:31:56 TRACE nova.rpc.common File "/usr/lib/python2.7/dist-
packages/kombu/transport/pyamqplib.py", line 255, in establish_connection
2012-08-04 12:31:56 TRACE nova.rpc.common connect_timeout=conninfo.connect_timeout)
2012-08-04 12:31:56 TRACE nova.rpc.common File "/usr/lib/python2.7/dist-
packages/kombu/transport/pyamqplib.py", line 52, in __init__
2012-08-04 12:31:56 TRACE nova.rpc.common super(Connection, self).__init__(*args,](https://image.slidesharecdn.com/openstack-ansible-120810115449-phpapp01/85/Vagrant-Ansible-and-OpenStack-on-your-laptop-2-320.jpg)
![Shell scripts are painful, Puppet & Chef
have steep learning curves
if [[ $EUID -eq 0 ]]; then
ROOTSLEEP=${ROOTSLEEP:-10}
echo "You are running this script as root."
echo "In $ROOTSLEEP seconds, we will create a user 'stack' and run as that
user"
sleep $ROOTSLEEP
# since this script runs as a normal user, we need to give that user
# ability to run sudo
if [[ "$os_PACKAGE" = "deb" ]]; then
dpkg -l sudo || apt_get update && install_package sudo
else
rpm -qa | grep sudo || install_package sudo
fi
if ! getent passwd stack >/dev/null; then
echo "Creating a user called stack"
useradd -U -s /bin/bash -d $DEST -m stack
fi
Source: devstack/stack.sh](https://image.slidesharecdn.com/openstack-ansible-120810115449-phpapp01/85/Vagrant-Ansible-and-OpenStack-on-your-laptop-4-320.jpg)
![Specify hosts in an inventory file
[controller]
192.168.206.130
[compute]
192.168.206.131
192.168.206.132
192.168.206.133
192.168.206.134](https://image.slidesharecdn.com/openstack-ansible-120810115449-phpapp01/85/Vagrant-Ansible-and-OpenStack-on-your-laptop-9-320.jpg)
![Run the playbook
$ ansible-playbook ntp.yaml
PLAY [controller] *********************
GATHERING FACTS *********************
ok: [192.168.206.130]
TASK: [ensure ntp packages is installed] *********************
ok: [192.168.206.130]
TASK: [ensure ntp.conf file is present] *********************
ok: [192.168.206.130]
TASK: [ensure ntp service is restarted] *********************
ok: [192.168.206.130]
PLAY RECAP *********************
192.168.206.130 : ok=4 changed=3
unreachable=0 failed=0](https://image.slidesharecdn.com/openstack-ansible-120810115449-phpapp01/85/Vagrant-Ansible-and-OpenStack-on-your-laptop-10-320.jpg)
![Ansible scripts are idempotent: can
run multiple times safely
$ ansible-playbook ntp.yaml
PLAY [controller] *********************
GATHERING FACTS *********************
ok: [192.168.206.130]
TASK: [ensure ntp packages is installed]
*********************
ok: [192.168.206.130]
TASK: [ensure ntp.conf file is present] *********************
ok: [192.168.206.130]
TASK: [ensure ntp service is restarted] *********************
ok: [192.168.206.130]
PLAY RECAP *********************
192.168.206.130 : ok=4 changed=1
unreachable=0 failed=0](https://image.slidesharecdn.com/openstack-ansible-120810115449-phpapp01/85/Vagrant-Ansible-and-OpenStack-on-your-laptop-13-320.jpg)
![Use templates to substitute variables
in config file
keystone.conf:
[DEFAULT]
public_port = 5000
admin_port = 35357
admin_token = {{ admin_token }}
keystone.yaml:
hosts: controller
vars:
admin_token: 012345SECRET99TOKEN012345
tasks:
- name: ensure keystone config script is present
action: template src=keystone.conf dest=/etc/keystone/
keystone.conf owner=root group=root mode=0644](https://image.slidesharecdn.com/openstack-ansible-120810115449-phpapp01/85/Vagrant-Ansible-and-OpenStack-on-your-laptop-15-320.jpg)
![Boot it and connect to it
$ vagrant up
[default] Importing base box 'precise64'...
[default] Matching MAC address for NAT networking...
[default] Clearing any previously set forwarded ports...
[default] Fixed port collision for 22 => 2222. Now on port 2200.
[default] Forwarding ports...
[default] -- 22 => 2200 (adapter 1)
[default] Creating shared folders metadata...
[default] Clearing any previously set network interfaces...
[default] Booting VM...
[default] Waiting for VM to boot. This can take a few minutes.
[default] VM booted and ready for use!
[default] Mounting shared folders...
[default] -- v-root: /vagrant
$ vagrant ssh
Welcome to Ubuntu 12.04 LTS (GNU/Linux 3.2.0-23-generic x86_64)
* Documentation: https://help.ubuntu.com/
Welcome to your Vagrant-built virtual machine.
Last login: Thu Jun 7 00:49:30 2012 from 10.0.2.2
vagrant@precise64:~$](https://image.slidesharecdn.com/openstack-ansible-120810115449-phpapp01/85/Vagrant-Ansible-and-OpenStack-on-your-laptop-20-320.jpg)
![Boot multi-VMs: configure IPs,
memory, hostname
Vagrant::Config.run do |config|
config.vm.box = "precise64”
config.vm.define :controller do |controller_config|
controller_config.vm.network :hostonly, "192.168.206.130"
controller_config.vm.host_name = "controller"
end
config.vm.define :compute1 do |compute1_config|
compute1_config.vm.network :hostonly, "192.168.206.131"
compute1_config.vm.host_name = "compute1"
compute1_config.vm.customize ["modifyvm", :id,
"--memory", 1024]
end
end](https://image.slidesharecdn.com/openstack-ansible-120810115449-phpapp01/85/Vagrant-Ansible-and-OpenStack-on-your-laptop-21-320.jpg)
![Vagrantfile describes this setup
Vagrant::Config.run do |config|
config.vm.box = "precise64"
config.vm.define :controller do |controller_config|
controller_config.vm.network :hostonly, "192.168.206.130”
controller_config.vm.host_name = "controller"
end
config.vm.define :compute1 do |compute1_config|
compute1_config.vm.network :hostonly, "192.168.206.131”
compute1_config.vm.host_name = "compute1"
compute1_config.vm.customize ["modifyvm", :id, "--memory",
1024]
compute1_config.vm.customize ["modifyvm", :id, "--
nicpromisc3",
"allow-all"]
end
end](https://image.slidesharecdn.com/openstack-ansible-120810115449-phpapp01/85/Vagrant-Ansible-and-OpenStack-on-your-laptop-24-320.jpg)
Vagrant, Ansible, and OpenStack on your laptop
- 1. Vagrant, Ansible and OpenStack on your laptop Lorin Hochstein Nimbis Services Email: lorin@nimbisservices.com Twitter: lhochstein
- 2. Setting up OpenStack for production is complex and error-prone 2012-08-04 12:31:56 INFO nova.rpc.common [-] Reconnecting to AMQP server on localhost:5672 2012-08-04 12:31:56 ERROR nova.rpc.common [-] AMQP server on localhost:5672 is unreachable: [Errno 111] ECONNREFUSED. Trying again in 30 seconds. 2012-08-04 12:31:56 TRACE nova.rpc.common Traceback (most recent call last): 2012-08-04 12:31:56 TRACE nova.rpc.common File "/usr/lib/python2.7/dist- packages/nova/rpc/impl_kombu.py", line 446, in reconnect 2012-08-04 12:31:56 TRACE nova.rpc.common self._connect() 2012-08-04 12:31:56 TRACE nova.rpc.common File "/usr/lib/python2.7/dist- packages/nova/rpc/impl_kombu.py", line 423, in _connect 2012-08-04 12:31:56 TRACE nova.rpc.common self.connection.connect() 2012-08-04 12:31:56 TRACE nova.rpc.common File "/usr/lib/python2.7/dist- packages/kombu/connection.py", line 154, in connect 2012-08-04 12:31:56 TRACE nova.rpc.common return self.connection 2012-08-04 12:31:56 TRACE nova.rpc.common File "/usr/lib/python2.7/dist- packages/kombu/connection.py", line 560, in connection 2012-08-04 12:31:56 TRACE nova.rpc.common self._connection = self._establish_connection() 2012-08-04 12:31:56 TRACE nova.rpc.common File "/usr/lib/python2.7/dist- packages/kombu/connection.py", line 521, in _establish_connection 2012-08-04 12:31:56 TRACE nova.rpc.common conn = self.transport.establish_connection() 2012-08-04 12:31:56 TRACE nova.rpc.common File "/usr/lib/python2.7/dist- packages/kombu/transport/pyamqplib.py", line 255, in establish_connection 2012-08-04 12:31:56 TRACE nova.rpc.common connect_timeout=conninfo.connect_timeout) 2012-08-04 12:31:56 TRACE nova.rpc.common File "/usr/lib/python2.7/dist- packages/kombu/transport/pyamqplib.py", line 52, in __init__ 2012-08-04 12:31:56 TRACE nova.rpc.common super(Connection, self).__init__(*args,
- 3. You're looking for better ways to do deployment
- 4. Shell scripts are painful, Puppet & Chef have steep learning curves if [[ $EUID -eq 0 ]]; then ROOTSLEEP=${ROOTSLEEP:-10} echo "You are running this script as root." echo "In $ROOTSLEEP seconds, we will create a user 'stack' and run as that user" sleep $ROOTSLEEP # since this script runs as a normal user, we need to give that user # ability to run sudo if [[ "$os_PACKAGE" = "deb" ]]; then dpkg -l sudo || apt_get update && install_package sudo else rpm -qa | grep sudo || install_package sudo fi if ! getent passwd stack >/dev/null; then echo "Creating a user called stack" useradd -U -s /bin/bash -d $DEST -m stack fi Source: devstack/stack.sh
- 5. You want an easy way to write & debug deployment scripts
- 6. Use Ansible to write OpenStack deployment scripts, Vagrant to test them inside of VMs
- 7. Ansible big idea: very simple syntax, SSH for communication
- 8. Example Ansible play: install ntp --- - hosts: controller tasks: - name: ensure ntp packages is installed action: apt pkg=ntp - name: ensure ntp.conf file is present action: copy src=files/ntp.conf dest=/etc/ntp.conf owner=root group=root mode=0644 - name: ensure ntp service is restarted action: service name=ntp state=restarted
- 9. Specify hosts in an inventory file [controller] 192.168.206.130 [compute] 192.168.206.131 192.168.206.132 192.168.206.133 192.168.206.134
- 10. Run the playbook $ ansible-playbook ntp.yaml PLAY [controller] ********************* GATHERING FACTS ********************* ok: [192.168.206.130] TASK: [ensure ntp packages is installed] ********************* ok: [192.168.206.130] TASK: [ensure ntp.conf file is present] ********************* ok: [192.168.206.130] TASK: [ensure ntp service is restarted] ********************* ok: [192.168.206.130] PLAY RECAP ********************* 192.168.206.130 : ok=4 changed=3 unreachable=0 failed=0
- 11. What did Ansible just do? 1. Made SSH connections to remote host 2. Copied over Python modules and arguments parsed from playbook file 3. Executed modules on remote machine
- 12. Can run a single action using ansible command $ ansible controller –m apt –a "pkg=ntp" 192.168.206.130 | success >> { "changed": false, "item": "", "module": "apt" }
- 13. Ansible scripts are idempotent: can run multiple times safely $ ansible-playbook ntp.yaml PLAY [controller] ********************* GATHERING FACTS ********************* ok: [192.168.206.130] TASK: [ensure ntp packages is installed] ********************* ok: [192.168.206.130] TASK: [ensure ntp.conf file is present] ********************* ok: [192.168.206.130] TASK: [ensure ntp service is restarted] ********************* ok: [192.168.206.130] PLAY RECAP ********************* 192.168.206.130 : ok=4 changed=1 unreachable=0 failed=0
- 14. Use handlers if action should only occur on a state change --- - hosts: controller tasks: - name: ensure glance database is present action: mysql_db name=glance notify: - version glance database handlers: - name: version glance database action: command glance-manage version_control 0
- 15. Use templates to substitute variables in config file keystone.conf: [DEFAULT] public_port = 5000 admin_port = 35357 admin_token = {{ admin_token }} keystone.yaml: hosts: controller vars: admin_token: 012345SECRET99TOKEN012345 tasks: - name: ensure keystone config script is present action: template src=keystone.conf dest=/etc/keystone/ keystone.conf owner=root group=root mode=0644
- 16. Ansible supports multiple modules, can also do arbitrary shell commands • apt & yum packages • Stop/start/restart services • users & groups • Add SSH public keys • MySQL & PostgreSQL users & databases • VMs managed by libvirt • Git checkouts
- 17. Vagrant big idea: redistributable VMs, run with config files & commands
- 18. Import a new virtual machine (Ubuntu 12.04 64-bit) $ vagrant box add precise64 http://files.vagrantup.com/ precise64.box
- 19. Make a Vagrantfile Vagrant::Config.run do |config| config.vm.box = "precise64" end Vagrant can also generate this for you: “vagrant init precise64”
- 20. Boot it and connect to it $ vagrant up [default] Importing base box 'precise64'... [default] Matching MAC address for NAT networking... [default] Clearing any previously set forwarded ports... [default] Fixed port collision for 22 => 2222. Now on port 2200. [default] Forwarding ports... [default] -- 22 => 2200 (adapter 1) [default] Creating shared folders metadata... [default] Clearing any previously set network interfaces... [default] Booting VM... [default] Waiting for VM to boot. This can take a few minutes. [default] VM booted and ready for use! [default] Mounting shared folders... [default] -- v-root: /vagrant $ vagrant ssh Welcome to Ubuntu 12.04 LTS (GNU/Linux 3.2.0-23-generic x86_64) * Documentation: https://help.ubuntu.com/ Welcome to your Vagrant-built virtual machine. Last login: Thu Jun 7 00:49:30 2012 from 10.0.2.2 vagrant@precise64:~$
- 21. Boot multi-VMs: configure IPs, memory, hostname Vagrant::Config.run do |config| config.vm.box = "precise64” config.vm.define :controller do |controller_config| controller_config.vm.network :hostonly, "192.168.206.130" controller_config.vm.host_name = "controller" end config.vm.define :compute1 do |compute1_config| compute1_config.vm.network :hostonly, "192.168.206.131" compute1_config.vm.host_name = "compute1" compute1_config.vm.customize ["modifyvm", :id, "--memory", 1024] end end
- 22. Openstack-ansible: Ansible scripts for OpenStack Compute Links to OpenStack Install & Deploy Guide
- 23. Config: controller, one compute host, QEMU, FlatDHCP controller compute1 .130 .131 eth1 eth1 192.168.206.* .130 .131 eth2 eth2 eth0 192.168.100.* eth0 NAT NAT
- 24. Vagrantfile describes this setup Vagrant::Config.run do |config| config.vm.box = "precise64" config.vm.define :controller do |controller_config| controller_config.vm.network :hostonly, "192.168.206.130” controller_config.vm.host_name = "controller" end config.vm.define :compute1 do |compute1_config| compute1_config.vm.network :hostonly, "192.168.206.131” compute1_config.vm.host_name = "compute1" compute1_config.vm.customize ["modifyvm", :id, "--memory", 1024] compute1_config.vm.customize ["modifyvm", :id, "-- nicpromisc3", "allow-all"] end end
- 25. If all goes well… $ make all . . . -------------------------------------+--------------------------------------+ | Property | Value | +-------------------------------------+--------------------------------------+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-SRV-ATTR:host | None | | OS-EXT-SRV-ATTR:hypervisor_hostname | None | | OS-EXT-SRV-ATTR:instance_name | instance-00000001 | | OS-EXT-STS:power_state | 0 | | OS-EXT-STS:task_state | scheduling | | OS-EXT-STS:vm_state | building | | accessIPv4 | | | accessIPv6 | | | adminPass | CJ8NNNa4dc6f | | config_drive | | | created | 2012-08-09T02:51:14Z | | flavor | m1.tiny | | hostId | | | id | 8e9238b8-208d-46a8-8f66-c40660abacff | | image | cirros-0.3.0-x86_64 | | key_name | mykey | | metadata | {} | | name | cirros |
- 26. Links • Vagrantfile & Ansible playbooks for OpenStack: http://github.com/lorin/openstack-ansible • Ansible: http://ansible.github.com • Vagrant: http://vagrantup.com • Ansible playbook examples: https://github.com/ansible/ansible/tree/devel/examples /playbooks • Vagrant boxes: http://vagrantbox.es
- 27. Image sources • http://vagrantup.com • http://ansible.github.com • http://openstack.org • http://en.wikipedia.org/wiki/File:Rack001.jpg • http://en.wikipedia.org/wiki/File:Easy_button.JPG • http://hezik.nl/enable-ssh-server-on-backtrack-5-r2/
Editor's Notes
- #9: Ansible scripts are called playbooks, that are organized into individual plays.Ansible plays are collection of tasks. You also need to specify which hosts you’re running on.This play has three tasks: - Install the NTP package - Copy over a local ntp.conf file - Restart the ntp service
- #10: By default, ansible will look in /etc/ansible/hosts for the inventory file, you can override this to specify a different location.
- #14: The items that appear in green did not change state. With a real ansible run, yellow ones would change state.
- #15: Ansible scripts are called playbooks, that are organized into individual plays.Ansible plays are collection of tasks. You also need to specify which hosts you’re running on.This play has three tasks: - Install the NTP package - Copy over a local ntp.conf file - Restart the ntp service
- #17: Arbitrary shell commands are not idempotent, of course
- #19: This will download a “box”, a preconfigured
- #20: This is a bare-bones config file