Red Hat Ansible: Automation for everyone

Automation is a fundamental mechanism in any digital transformation. Red Hat’s Ansible is an extensive automation tool designed to be powerful and simple to use. Ansible’s popularity continues to rise for several reasons:

Ansible can be extended even further with Red Hat Ansible Automation Platform, which includes Ansible Tower, a visual dashboard for managing inventories, scheduling, notification, etc.

Automating IBM PowerVC with Ansible

IBM PowerVC, built on top of OpenStack technology, is the strategic enterprise virtualization and cloud management solution for Power Systems. It provides several benefits–simplified virtualization management and operations, rapid provisioning and upward integration with other technologies, such as Ansible. Because of its OpenStack heritage, the freely-available OpenStack modules included with Ansible are all you need to get started (note that these Ansible modules are available via the community only–i.e., no enterprise support provided at this time).

Example: Provision a Virtual Machine

As an example, we’ll walk through provisioning a new virtual machine (VM) using the os_server module.

Install Ansible

See Installing Ansible for detailed installation instructions. Everything in this example can be done with the command line interface, but you should also check out Red Hat’s Ansible Tower and the upstream AWX project, which provide a nice GUI interface to manage Ansible at enterprise scale.

Once Ansible is installed onto your control node, create an empty project directory.

$ mkdir ansible-demo
$ cd ansible-demo/
ansible-demo$

Configure Your Inventory

Ansible uses an “inventory” of managed hosts. The inventory can be as simple as a text file with a list of hostnames. In more dynamic environments, a script can be used to generate the host list and associated meta data. Ansible comes with an OpenStack dynamic inventory script that we’ll make use of.

To use the dynamic inventory script we’ll need to define connection and authentication parameters. PowerVC provides an OpenStack RC file with relevant environmental variables (also used for OpenStack CLI clients). Downloading this ‘powervcrc’ file is an easy way to get started. Run the following steps on your Ansible control node:

1. Download the ‘powervcrc’ file from your PowerVC host. Add write permission and update values as directed in the header:

ansible-demo$ export PVC_USER='prod_admin'
ansible-demo$ export PVC_HOST='powervc-demo-server'
ansible-demo$ scp ${PVC_USER}@${PVC_HOST}:/opt/ibm/powervc/powervcrc .
prod_admin@powervc-demo-server's password:
powervcrc                                     100% 1294    23.4KB/s   00:00
ansible-demo$ chmod u+w powervcrc
ansible-demo$ head -n 13 powervcrc
# Copy this file to your user's home directory and edit as necessary.
# In particular, you may wish to set these values:
#    - OS_USERNAME     : Your PowerVC user name
#    - OS_PASSWORD     : Your PowerVC password. If not set, openstack CLIs
#                        will prompt for the password as needed.
#    - OS_PROJECT_NAME : If you have multiple projects, specify which project
#                        you want to access; else you can leave this as
#                        ibm-default.
#
# NOTE: You should not add your password to this file until/unless its file
# permissions prevent other users from reading it. This is one reason to copy
# the file to your home directory and edit it there. Or you may wish to not
# add your password at all and have the CLI prompt you, as noted above.


2.
To use SSL, download the CA certificates file and ensure the OS_CACERT var in ‘powervcrc’ is set to the correct path:

ansible-demo$ scp ${PVC_USER}@${PVC_HOST}:/etc/pki/tls/certs/powervc.crt .
prod_admin@powervc-demo-server's password:
powervc.crt                                   100% 1253    18.8KB/s   00:00
ansible-demo$ grep OS_CACERT powervcrc
export OS_CACERT=./powervc.crt


3.
Create an ‘ansible.cfg’ file, setting the default inventory path and enabling the OpenStack plugin. Check out Ansible Configuration Settings for information on these and many other paramters.

ansible-demo$ cat ansible.cfg
[defaults]
inventory = ./openstack.yml

[inventory]
enable_plugins = host_list, openstack


4.
Finally, source your ‘powervcrc’ file. An easy way to verify that your inventory is working is to use ansible-inventory to list all available hosts:

ansible-demo$ source powervcrc
ansible-demo$ ansible-inventory --list --yaml
all:
  children:
    Default Group:
      hosts:
        ansible-demo-vm-name-test40:
          ansible_host: 10.0.0.185
          ansible_ssh_host: 10.0.0.185
          openstack:
~snip~

 

You can do the same thing in Ansible Tower’s GUI. Input the information contained in the ‘powervcrc’ file as an OpenStack credential:
Ansible Tower OpenStack Credential

Then you can create an inventory, and add a host source using the OpenStack credential.

Retrieve Available Images, Flavors and Networks

You’ll need to specify image, flavor and network values when creating a VM. You can get these from the PowerVC GUI, the openstack CLI tool or by using Ansible modules. Below are a couple of quick playbooks that will retrieve information from your PowerVC server and print an easy to read list.

The Ansible OpenStack modules require the Python ‘openstacksdk’ package. Ansible Tower comes with this installed. If you’re using the Ansible CLI you can easily install it from your Ansible control node using pip: pip install openstacksdk --user.

To run the playbook, write the yaml to file and pass the filename to ‘ansible-playbook’, e.g.: ansible-playbook list_images.yml

Make sure you’re working on your control node in your project directory with ‘ansible.cfg’, and have already run source powervcrc in your shell to define the connection!

The os_image_info module will retrieve image information:

---
- name: List available PowerVC Images
  hosts: localhost
  tasks:
    - name: Retrieve list of all AIX images
      os_image_info:
        properties:
          os_distro: aix  # remove this line to list all images
      register: result

    - name: Print image list
      debug:
        msg: "{{ result | json_query('openstack_image[*].
              {name: name, id: id, os_distro: os_distro, status: status,
              project: location.project.name}') }}"

 

The os_flavor_info module will retrieve flavor information:

---
- name: List available PowerVC Flavors
  hosts: localhost
  tasks:
    - name: Retrieve list of all public flavors
      os_flavor_info:
        vcpus: ">=4"   # Optional filters
        ram: ">16000"  # See module docs for more options
      register: result

    - name: Print flavor list
      debug:
        msg: "{{ result | json_query('openstack_flavors[?is_public==`true`].
              {name: name, id: id, ram: ram, vcpus: vcpus}') }}"

 

The os_networks_info module will retrieve network information:

---
- name: List available PowerVC Networks
  hosts: localhost
  tasks:
    - name: Retrieve list of all networks
      os_networks_info:
      register: result

    - name: Print Network list
      debug:
        var: result.openstack_networks

 

Example flavor list output shown in Ansible Tower:
Ansible Tower Flavor List

Create a Virtual Machine

Finally, use the os_server module to create a VM instance. Write the following playbook to file, update the values with your own and run it!

Other modules used in this playbook:
* os_keypair: Add an SSH public key to the VM.
* debug: Display public IP address assigned to the VM. The debug module can
be used as a “print” statement.
* wait_for: Wait until the VM opens port 22 for SSH connections.
* shell: Use ‘ssh-keyscan’ to add VM host key to ‘known_hosts’ file.

---
- name: Create a PowerVC Virtual Machine
  hosts: localhost
  tasks:
    - name: Create an SSH Key Pair
      os_keypair:
        state: present
        name: ansible-ssh-key
        public_key_file: "{{ ansible_env.HOME }}/.ssh/id_rsa.pub"

    - name: Create a new VM instance
      os_server:
        state: present
        name: my-new-vm
        image: 94333b61-b751-4143-a177-cacdc7fa492d
        flavor: 6c15cce7-0fe2-4c19-a575-bda0027acede
        key_name: ansible-ssh-key
        nics:
          - net-name: Static_Prod_Network
        meta:
          hostname: my-new-vm
          group: ansible-vms
      register: vm

    - name: Print VM's public IP address
      debug:
        var: vm.openstack.public_v4

    - name: Waits for SSH port 22 to open
      wait_for:
        host: "{{ vm.openstack.public_v4 }}"
        port: 22

    - name: Add VM host key to known hosts
      shell: "ssh-keyscan -H {{ vm.openstack.public_v4 }} >> ~/.ssh/known_hosts"

 

Example output of a VM creation job in Ansible Tower:
Ansible Tower Create PowerVC VM

Keep Going: Using Ansible to Automate Tasks on the New Instance

 

You are now ready to leverage the full potential of Ansible configuration management! Run your existing playbooks, develop new content or download from the community using Ansible Galaxy.

A few simple examples:

Ansible ad-hoc commands allow you to run simple host tasks with CLI one-liners. Here’s a quick example:

ansible-demo$ ansible ansible-vms -a "uname -p" --user root
SSH password:
my-new-vm | CHANGED | rc=0 >>
powerpc

 

An example playbook for AIX that downloads and configures yum package manager, and then installs MariaDB.

---
- name: Install MariaDB open source relational database
  hosts: ansible-vms
  tasks:
    - name: Download 'yum.sh' script
      get_url:
        url: https://public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/ezinstall/ppc/yum.sh
        dest: /tmp/yum.sh
        mode: 0755
        validate_certs: False

    - name: Execute the 'yum.sh' script
      shell: /tmp/yum.sh

    - name: Install MariaDB package
      yum:
        name: mariadb-server
        state: latest

Join The Discussion

Your email address will not be published. Required fields are marked *