Suppose that you have a RDO/Openstack cloud already in place, but that you'd want to automate some operations : what can you do ? On my side, I already mentioned that I used puppet to deploy initial clouds, but I still prefer Ansible myself when having to launch ad-hoc tasks, or even change configuration[s]. It's particulary true for our CI environment where we run "agentless" so all configuration changes happen through Ansible.
The good news is that Ansible has already some modules for Openstack but it has some requirements and a little bit of understanding before being able to use those.
First of all, all the ansible os_ modules need "shade" on the host included in the play, and that will be responsible of all os_ modules launch. At the time of writing this post, it's not yet available on mirror.centos.org, (a review is open so that will be soon available directly) but you can find the pkg on our CBS builders
Once installed, a simple os_image task was directly failing, despite the fact that auth: was present, and that's due to a simple reason : Ansible os_ modules still want to use v2 API, while it's now defaulting to v3 in Pike release. There is no way to force ansible itself to use v3, but as it uses shade behind the scene, there is a way to force this through os-client-config
That means that you just have to use a .yaml file (does that sound familiar for ansible ?) that will contain everything you need to know about specific cloud, and then just in ansible declare which cloud you're configuring.
That clouds.yaml file can be under $current_directory, ~/.config/openstack or /etc/openstack so it's up to you to decide where you want to temporary host it, but I selected /etc/openstack/ :
- name: Ensuring we have required pkgs for ansible/openstack
yum:
name: python2-shade
state: installed
- name: Ensuring local directory to hold the os-client-config file
file:
path: /etc/openstack
state: directory
owner: root
group: root
- name: Adding clouds.yaml for os-client-config for further actions
template:
src: clouds.yaml.j2
dest: /etc/openstack/clouds.yaml
owner: root
group: root
mode: 0700
Of course such clouds.yaml file is itself a jinja2 template distributed by ansible on the host in the play before using the os_* modules :
clouds:
{{ cloud_name }}:
auth:
username: admin
project_name: admin
password: {{ openstack_admin_pass }}
auth_url: http://{{ openstack_controller }}:5000/v3/
user_domain_name: default
project_domain_name: default
identity_api_version: 3
You just have to adapt to your needs (see doc for this) but the interesting part is the identity_api_version to force v3.
Then, you can use all that in a simple way through ansible tasks, in this case adding users to a project :
- name: Configuring OpenStack user[s]
os_user:
cloud: "{{ cloud_name }}"
default_project: "{{ item.0.name }}"
domain: "{{ item.0.domain_id }}"
name: "{{ item.1.login }}"
email: "{{ item.1.email }}"
password: "{{ item.1.password }}"
with_subelements:
- "{{ cloud_projects }}"
- users
no_log: True
From a variables point of view, I decided to just have a simple structure to host project/users/roles/quotas like this :
cloud_projects:
- name: demo
description: demo project
domain_id: default
quota_cores: 20
quota_instances: 10
quota_ram: 40960
users:
- login: demo_user
email: demo@centos.org
password: Ch@ngeM3
role: admin # can be _member_ or admin
- login: demo_user2
email: demo2@centos.org
password: Ch@ngeMe2
Now that it works, you can explore all the other os_* modules and I'm already using those to :
- Import cloud images in glance
- Create networks and subnets in neutron
- Create projects/users/roles in keystone
- Change quotas for those projects
I'm just discovering how powerful those tools are, so I'll probably discover much more interesting things to do with those later.