DevOps With Ansible, Chef and PowerVC

DevOps with Ansible, Chef and PowerVC
Vess Natchev
[email protected]
Power Cloud Team Leader
IBM Systems Lab Services
© Copyright IBM Corporation 2017. Technical University/Symposia materials may not be reproduced in whole or in 0
IBM Systems Technical Events | ibm.com/training/events © Copyright
part without the prior IBMofCorporation
written permission IBM. 2017. Technical University/Symposia materials
may
not be reproduced in whole or in part without the prior written permission of IBM.
Agenda
• Ansible
• Overview
• Ansible and Power
• How does it work?
• PowerVC-managed environment
• Creating VM images
• Managing deployed VMs
• Ad hoc commands
• Playbooks & Roles
• Chef
• Overview
• Updating AIX with Chef
• Integration with PowerVC
• Resources
may
Ansible - Why Is It So Popular?
• Released 3/2012
• Very fast adoption rate
• Shipped with Fedora
• Available on github
• Open source
• RHEL, Ubuntu, SLES, AIX & more, Python
• Growing community
• Simple!
• Easy Install
• Infrastructure
• SSH
• Quick configuration: “Agentless”
• Registration not required
• No client to install/update/secure
• No ports (SSH)
may
Ansible - Why Is It So Popular?
• Time to value
• Useful
• Don’t have to know how it works
• No scripting required
• Powerful
• Playbooks/Scripting
• Over 400 integrating “modules” including
• Cloud (OpenStack, AWS, KVM, Cloudstack, Softlayer, …)
• Containers (Docker)
• Networks (Open vSwitch, …)
• Write and publish roles
• Ansible Galaxy
• https://galaxy.ansible.com/intro#share
may
Ansible Architecture
• Controller
• RHEL 7.3, Ubuntu, others
• Python 2.6 or later
RHEL 7.3 Ansible
• SSH connection Controller module
• Uses “modules” to configure the desired end state of a server “inventory” SSH Key
• Example: module to copy file or run a shell command
• Modules handle the “state” of the inventory Managed through
RHEL 7.2 server SSH
• Example: file module does not create a directory if directory is there RHEL 7.2 Deployed
RHEL Public
Client?)
7.2 SSH Key
Deployed
• Managed LPARs/VMs “inventory” Client?)
Public SSH Key
• RHEL, Ubuntu, SLES, AIX, others Public SSH Key
• Python 2.6 or later
• Controller SSH public key
• Agentless
• Can be added or removed from inventory (simple IP “file registration”)
may
How Does It Work? (On Power)
• Install Ansible “controller”

• Login RHEL 7.3 LPAR as root
• Python 2.7
• # python
• Mount .ppc RHEL .iso (or RHEL .ppc via satellite)
• Install git
• # yum install git
• Get with github
• # git clone git://github.com/ansible/ansible.git --recursive
may
• Install Ansible “controller”

• # cd ./ansible
• # git pull –rebase
• # git submodule update --init –recursive
• Started?
• # ansible --version
• Start it
• # cd ./ansible
• # source ./hacking/env-setup
may
• Push controller OS’s SSH public key to client(s)
• Set up (client) inventory file
• # export ANSIBLE_INVENTORY=~/ansible_hosts
• Example with two client IPs

• cat ~/ansible_hosts
[managedClients]
10.150.100.6
10.150.100.7
• And then manage clients in inventory from controller CLI

• For example…
# ansible all -m ping
may
Ansible and PowerVC Environment
• Can set up images so that deployed VMs are manageable by controller

• Controller public SSH key captured in image
• cloud-init exit script
• Captured in image
• Script sets up controller public SSH key on deploy
RHEL 7.3 PowerVC RHEL 7.2 Ansible

(x86 or ppc) Controller (LPAR)
SSH Key
Managed through
Deploy
SSH
RHEL 7.2 image
Controller SSH Public RHEL 7.2 Deployed
Key RHEL VM7.2 Deployed
Client?)
RHEL 7.2 Deployed
Client?)Public SSH Key
Public SSH Key
Public SSH Key
may
Managing deployed VMs with Ansible
• Controller can be installed on RHEL 7.3 LPAR
• Controller SSH public key set up on client OS
• Push key to client (post deploy)
• (Or) set up in test client, capture as image, and deploy
• Add deployed VM’s IP to client inventory on controller
• # export ANSIBLE_INVENTORY=~/ansible_hosts
• (example adding third IP)
• cat ~/ansible_hosts
[managedClients]
9.5.110.116
9.5.110.120
9.5.110.112
• And manage clients…

• # ansible all -m ping
may
Ansible “Ad Hoc” Commands
• No script needed
• Examples
• Ping everything in inventory
# ansible all -m ping
• List out adapter config on inventory

# ansible all -m shell –a ‘ifconfig –a’
• Copy file to inventory

# ansible all -m copy -a "src=/mycopytest.txt dest=/mycopytest.txt”
• List RHEL release on inventory (works only on RHEL)

# ansible all -m shell -a 'cat /etc/redhat-release'
may
Playbooks
• Scripted sequential tasks

• .yml files
• Run against inventory
• AIX may not work with all modules so public playbooks may be limited to Linux
• Example run playbook /logAnsible.yml
ansible-playbook -i ~/ansible_hosts /logAnsible.yml
may
Example Playbook
# cat /logAnsible.yml
---
- name: Log time in /ansible/run.log when this playbook is run on the hosts
hosts: all
become: yes
tasks:
- name: Create directory /ansible
file: path=/ansible state=directory
- name: echo line in /ansible/run.log
shell: echo '--------------------------' >> /ansible/run.log
- name: save system time in /ansible/run.log
shell: date >> /ansible/run.log
- name: echo comment in /ansible/run.log
shell: echo 'Running ansible playbook /logAnsible.yml from' $(hostname --long) >> /ansible/run.log
- name: echo line in /ansible/run.log
shell: echo '--------------------------' >> /ansible/run.log
IBM Systems Technical © Copyright IBMofCorporation 2017. Technical University/Symposia materials
may
IBM Systems Lab Services — ProvenEvents | ibm.com/training/events
IT Infrastructure Expertise part without the prior written permission IBM.
[email protected] |
12
Ansible Roles
• Allow reuse of playbooks, tasks, and other resources
• Provides structure for orchestrating playbooks based on a role:
tasks - contains the main list of tasks to be executed by the role

handlers - contains handlers, which may be used by this role
defaults - default variables for the role
vars - other variables for the role
files - contains files which can be deployed via this role
templates - contains templates which can be deployed via this role
meta - defines some meta data for this role
may
[email protected] |
13
Ansible Example of Roles
may
[email protected] |
14
Ansible Example of Roles
Execution on
Webservers
Execution on
Fileservers
may
[email protected] |
15
AIX and Ansible
• AIX LPARs (VMs) manageable by Ansible deployed with PowerVC
• Same as Linux, Ansible controller’s public SSH key stored in AIX image
• Ad-hoc management commands via SSH work well
• Originally, few Ansible modules worked on AIX but more now such as:
setup, command, script, fetch, file, group, user, stat
• In 2017, AIX development team has been creating and testing AIX playbooks
https://github.com/aixoss/ansible-playbooks
https://github.com/kairoaraujo/ansible-aix-support
• Similar to existing Chef work for AIX (suma, nim, flrtvc, altdisk)
may
What Is Chef?
• Automation platform (like Ansible, Puppet, Saltstack)

• Automate how systems/applications (we’ll talk here about systems only) are:
• Deployed (ie. build time)
• Configured (ie. post-install time)
• Managed (the life of the system after its installation)
• Client/Server architecture:
• Chef Server : Available on RHEL or Ubuntu for ppc64/x86 and SUSE for x86 (https://downloads.chef.io/chef-server/)
• Chef Client : Most all OS’s…AIX Client is available (https://downloads.chef.io/chef-client/aix/)
• Based on Ruby
• Available for free (without premium features)
• Hosted server and support available provided by Chef/Opscode (https://www.chef.io/chef/)
may
Chef Overview
• Supported client available on AIX
(https://www.chef.io/blog/2014/12/08/announcing-chef-client-for-ibm-aix/)
• Available since December 8, 2014
• IBM and Chef work together !
• AIX cookbook with multiple resources available from IBM on official Chef
supermarket – https://supermarket.chef.io/cookbooks/aix
• Multiple examples available at chmod666.org (Benoit Creau’s site)

– E.g., http://chmod666.org/index.php/updating-tl-and-sp-using-chef/
• Wealth of additional docs and education available from Chef; e.g.,

https://docs.chef.io/chef_overview.html
may
Advantages
• Automation (build, deploy, manage)

• Your infrastructure becomes:
• Versionable (chef-repo build over a git repo)
• Testable
• Repeatable
• Chef turns infrastructure into code
• Use it for:
• Patch Management
• Post-installation
• Configuration management
may
Chef Components
may
Updating AIX with Chef
• What do you do when updating ?

• Checking with lppchk there are no broken filesets (lppchk)
• Committing all uncommitted filesets (installp)
• Remove any installed efix (emgr)
• Make a backup of your system (alt_disk_copy)
• Run the update:
• While doing the alt_disk_copy
• In the case mount a remote directory from your nim server
• Using nimclient
• The nimclient must be configured
• Using multibos
• In this case there is no need to make a backup of your system
• Umount all mounted directory
• Check with lppchk there are no broken filesets
• http://chmod666.org/index.php/updating-tl-and-sp-using-chef/
may
Updating AIX with Chef
• Providers available: multibos, emgr, nimclient, niminit, alt_disk_copy

• The recipes available:
• update_by_multibos
• Do a multibos and update it
• update_by_altdisk
• Do an alt_disk_copy and update it
• update_by_nimclient
• Create an alt_disk_copy (to backup your server)
• Use nimclient to do the update
• The nimclient providers needs a special naming convention of your nim lpp_source to determine with sp/tl to apply
# nimclient -l -t lpp_source | grep 7100

7100-03-00-0000-lpp_source resources lpp_source
may
Updating AIX with Chef: update_by_multibos
Recipe
Execution
may
Updating AIX with Chef: update_by_altdisk
may
Updating AIX with Chef: nimclient
may
Resources in AIX Cookbook
• https://supermarket.chef.io/cookbooks/aix
• Resources currently available:
• inittab • fixes
• subserver (inetd) • volume_group
• tcpservice • logical_volume
• toolboxpackage (install packages from AIX Toolbox for Linux) • filesystem
• chdev • wpar
• pagingspace
• no (network tunables)
• tunables (other tunables like vmo)
• multibos
• chsec
• etchosts
• niminit
• nimclient
• bootlist
• altdisk
may
Integrating Chef with PowerVC
• What is the problem we are trying to solve?
• Automate and reliably repeat post-installation tasks – installing or updating filesets, changing
configuration files, accessing remote resources
• Tasks that would previously be executed via Korn or Bash shell scripts; or via NIM scripts on AIX
• How are we solving the problem?

• We are automating registering with the Chef server for a new VM and executing a specific role (which
is associated with cookbooks and recipes)
• We are doing so via cloud-init, so that the admin or user is still using the PowerVC UI to deploy the VM
(server, storage, network automation) and perform post-install tasks (Chef automation)
• Note that there are 2 ways to integrate Chef and PowerVC:

• Some clients will ask, can I trigger PowerVC deployments from Chef; that is, Chef à PowerVC
• The answer is, ”yes,” via custom Chef recipe
• Here we are focusing on the other scenario – integrating Chef’s capabilities into a PowerVC
environments; that is, PowerVC à Chef
may
Requirements and Automation Sequence
• What is required?
• Standard Chef server and Chef workstation configuration (not shown)
• Specific roles, cookbooks and recipes created for AIX VMs (see later slides)
• Operational PowerVC environment that can provision AIX (not shown)
• Includes base cloud-init configuration
• AIX image in PowerVC that has chef-client installed (not shown)
• Chef-specific cloud-init configuration (see later slides)
• What is the sequence of events?

• PowerVC provisions image that has AIX and cloud-init installed and configured for Chef
• cloud-init runs at first boot and executes chef module (along with rest)
• chef-client registers with Chef server with a specific role
• Cookbooks and recipes configured for role on Chef server execute on VM
may
Chef Server Configuration
• “aix71” role has been created

• Correct directory structure for cookbooks and recipes has been created within /chef-repo
• Test recipe has been created
may
PowerVC Configuration
• Image that has AIX, cloud-init, chef-client install and configured has been captured
may
AIX Configuration
• Make sure the chef module is set to run in the config

stage
• Add a Chef-specific stanza at the end that contains:
• The Chef server URL and validation name
• The Chef server validation private key
• The list of roles that should be executed on the
deployed VM
may
End Result
• Once a standard PowerVC deploy has been performed, the test recipe defined for the role
executes on the new VM
may
IBM Systems Lab Services — Power Systems
Automation for DevOps Implementation
Overview Key Features
• IBM will implement a DevOps solution on Power Systems based on a jointly • Install DevOps central server
developed plan with the client. • Configure automation settings
• Integrate DevOps solution with PowerVC (if applicable)
Demonstrate automation of:
Target Audience •
• System configuration
• Clients using AIX, IBM i or Linux on Power that want to implement cloud
• Software packages
• Clients using or investigating DevOps solutions – Chef, Ansible, Puppet
• Patches or fixes
• Security settings
Benefits • Compliance settings
• Get started with lifecycle automation on Power Systems
• Gain experience with DevOps on Power Systems Deliverables
• Quantify the benefits DevOps automation for your IT environment • After the implementation, the details of Automation for DevOps implementation are
documented and skills transfer is provided to the client.
Qualifying Questions Duration

• Are you using or looking at DevOps solutions – Chef, Ansible, Puppet?
• Are you investigating cloud on Power Systems? The service varies depending on the size and complexity of the implementation, but
can be customized to specific client requirements.
Team Contacts Resources

Vess Natchev, [email protected] Learn more about Power cloud solutions at
Jeff Benson, [email protected] www.ibm.com/systems/power/solutions/cloud/?link=infr_prod
Find a Lab Services Opportunity Manager in your area -> https://ibm.biz/Bd4sLP Part of Power to
Cloud Rewards
written permission IBM. 2017. Technical University/Symposia materials may
Future Made |
ibm.com/systems/services/labservices Contact
not be reproduced in whole or in part without us: [email protected]
the prior written permission of IBM.
1
0
IBM Systems Lab Services
Proven expertise to help leaders design, build, and deliver
IT infrastructure expertise for the cognitive era
Call on our team of 1100+ consultants engaging worldwide for:
§ Power Systems
§ Storage and Software Defined Infrastructure
§ z Systems and LinuxONE
§ Systems Consulting
§ Migration Factory
§ Technical Training and Events
Company
[email protected]
www.ibm.com/systems/services/labservices
may

DevOps With Ansible, Chef and PowerVC

Uploaded by

Copyright:

Available Formats

DevOps With Ansible, Chef and PowerVC

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

DevOps With Ansible, Chef and PowerVC

Uploaded by

Copyright:

Available Formats

DevOps with Ansible, Chef and PowerVC

• Install Ansible “controller”

• Install Ansible “controller”

• Example with two client IPs

• And then manage clients in inventory from controller CLI

• Can set up images so that deployed VMs are manageable by controller

RHEL 7.3 PowerVC RHEL 7.2 Ansible

• And manage clients…

• List out adapter config on inventory

• Copy file to inventory

• List RHEL release on inventory (works only on RHEL)

• Scripted sequential tasks

ansible-playbook -i ~/ansible_hosts /logAnsible.yml

• Allow reuse of playbooks, tasks, and other resources

• Provides structure for orchestrating playbooks based on a role:

tasks - contains the main list of tasks to be executed by the role

• Ad-hoc management commands via SSH work well

• Automation platform (like Ansible, Puppet, Saltstack)

• IBM and Chef work together !

• Multiple examples available at chmod666.org (Benoit Creau’s site)

• Wealth of additional docs and education available from Chef; e.g.,

• Automation (build, deploy, manage)

• What do you do when updating ?

• Providers available: multibos, emgr, nimclient, niminit, alt_disk_copy

# nimclient -l -t lpp_source | grep 7100

• How are we solving the problem?

• Note that there are 2 ways to integrate Chef and PowerVC:

• What is the sequence of events?

• “aix71” role has been created

• Make sure the chef module is set to run in the config

Qualifying Questions Duration

Team Contacts Resources

You might also like