The document discusses using Ansible and Vagrant together to easily test and deploy OpenStack. Ansible allows writing idempotent infrastructure scripts, while Vagrant allows testing them by booting reproducible virtual machines. The document provides an example of using Ansible plays to install NTP and using Vagrant to define VMs for an OpenStack controller and compute node.

1. Vagrant, Ansible and OpenStack
on your laptop
Lorin Hochstein
Nimbis Services
Email: lorin@nimbisservices.com
Twitter: lhochstein

2. Setting up OpenStack for production is
complex and error-prone
2012-08-04 12:31:56 INFO nova.rpc.common [-] Reconnecting to AMQP server on localhost:5672
2012-08-04 12:31:56 ERROR nova.rpc.common [-] AMQP server on localhost:5672 is unreachable:
[Errno 111] ECONNREFUSED. Trying again in 30 seconds.
2012-08-04 12:31:56 TRACE nova.rpc.common Traceback (most recent call last):
2012-08-04 12:31:56 TRACE nova.rpc.common File "/usr/lib/python2.7/dist-
packages/nova/rpc/impl_kombu.py", line 446, in reconnect
2012-08-04 12:31:56 TRACE nova.rpc.common self._connect()
2012-08-04 12:31:56 TRACE nova.rpc.common File "/usr/lib/python2.7/dist-
packages/nova/rpc/impl_kombu.py", line 423, in _connect
2012-08-04 12:31:56 TRACE nova.rpc.common self.connection.connect()
2012-08-04 12:31:56 TRACE nova.rpc.common File "/usr/lib/python2.7/dist-
packages/kombu/connection.py", line 154, in connect
2012-08-04 12:31:56 TRACE nova.rpc.common return self.connection
2012-08-04 12:31:56 TRACE nova.rpc.common File "/usr/lib/python2.7/dist-
packages/kombu/connection.py", line 560, in connection
2012-08-04 12:31:56 TRACE nova.rpc.common self._connection = self._establish_connection()
2012-08-04 12:31:56 TRACE nova.rpc.common File "/usr/lib/python2.7/dist-
packages/kombu/connection.py", line 521, in _establish_connection
2012-08-04 12:31:56 TRACE nova.rpc.common conn = self.transport.establish_connection()
2012-08-04 12:31:56 TRACE nova.rpc.common File "/usr/lib/python2.7/dist-
packages/kombu/transport/pyamqplib.py", line 255, in establish_connection
2012-08-04 12:31:56 TRACE nova.rpc.common connect_timeout=conninfo.connect_timeout)
2012-08-04 12:31:56 TRACE nova.rpc.common File "/usr/lib/python2.7/dist-
packages/kombu/transport/pyamqplib.py", line 52, in __init__
2012-08-04 12:31:56 TRACE nova.rpc.common super(Connection, self).__init__(*args,

3. You're looking for better ways to do
deployment

4. Shell scripts are painful, Puppet & Chef
have steep learning curves
if [[ $EUID -eq 0 ]]; then
ROOTSLEEP=${ROOTSLEEP:-10}
echo "You are running this script as root."
echo "In $ROOTSLEEP seconds, we will create a user 'stack' and run as that
user"
sleep $ROOTSLEEP
# since this script runs as a normal user, we need to give that user
# ability to run sudo
if [[ "$os_PACKAGE" = "deb" ]]; then
dpkg -l sudo || apt_get update && install_package sudo
else
rpm -qa | grep sudo || install_package sudo
fi
if ! getent passwd stack >/dev/null; then
echo "Creating a user called stack"
useradd -U -s /bin/bash -d $DEST -m stack
fi
Source: devstack/stack.sh

5. You want an easy way to write & debug
deployment scripts

6. Use Ansible to write OpenStack
deployment scripts, Vagrant to test
them inside of VMs

7. Ansible big idea: very simple syntax,
SSH for communication

8. Example Ansible play: install ntp
---
- hosts: controller
tasks:
- name: ensure ntp packages is installed
action: apt pkg=ntp
- name: ensure ntp.conf file is present
action: copy src=files/ntp.conf dest=/etc/ntp.conf
owner=root group=root mode=0644
- name: ensure ntp service is restarted
action: service name=ntp state=restarted

9. Specify hosts in an inventory file
[controller]
192.168.206.130
[compute]
192.168.206.131
192.168.206.132
192.168.206.133
192.168.206.134

10. Run the playbook
$ ansible-playbook ntp.yaml
PLAY [controller] *********************
GATHERING FACTS *********************
ok: [192.168.206.130]
TASK: [ensure ntp packages is installed] *********************
ok: [192.168.206.130]
TASK: [ensure ntp.conf file is present] *********************
ok: [192.168.206.130]
TASK: [ensure ntp service is restarted] *********************
ok: [192.168.206.130]
PLAY RECAP *********************
192.168.206.130 : ok=4 changed=3
unreachable=0 failed=0

11. What did Ansible just do?
1. Made SSH connections to remote host
2. Copied over Python modules and arguments
parsed from playbook file
3. Executed modules on remote machine

12. Can run a single action using
ansible command
$ ansible controller –m apt –a "pkg=ntp"
192.168.206.130 | success >> {
"changed": false,
"item": "",
"module": "apt"
}

13. Ansible scripts are idempotent: can
run multiple times safely
$ ansible-playbook ntp.yaml
PLAY [controller] *********************
GATHERING FACTS *********************
ok: [192.168.206.130]
TASK: [ensure ntp packages is installed]
*********************
ok: [192.168.206.130]
TASK: [ensure ntp.conf file is present] *********************
ok: [192.168.206.130]
TASK: [ensure ntp service is restarted] *********************
ok: [192.168.206.130]
PLAY RECAP *********************
192.168.206.130 : ok=4 changed=1
unreachable=0 failed=0

14. Use handlers if action should only
occur on a state change
---
- hosts: controller
tasks:
- name: ensure glance database is present
action: mysql_db name=glance
notify:
- version glance database
handlers:
- name: version glance database
action: command glance-manage version_control 0

15. Use templates to substitute variables
in config file
keystone.conf:
[DEFAULT]
public_port = 5000
admin_port = 35357
admin_token = {{ admin_token }}
keystone.yaml:
hosts: controller
vars:
admin_token: 012345SECRET99TOKEN012345
tasks:
- name: ensure keystone config script is present
action: template src=keystone.conf dest=/etc/keystone/
keystone.conf owner=root group=root mode=0644

16. Ansible supports multiple modules,
can also do arbitrary shell commands
• apt & yum packages
• Stop/start/restart services
• users & groups
• Add SSH public keys
• MySQL & PostgreSQL users & databases
• VMs managed by libvirt
• Git checkouts

17. Vagrant big idea: redistributable VMs,
run with config files & commands

18. Import a new virtual machine
(Ubuntu 12.04 64-bit)
$ vagrant box add precise64
http://files.vagrantup.com/
precise64.box

19. Make a Vagrantfile
Vagrant::Config.run do |config|
config.vm.box = "precise64"
end
Vagrant can also generate this for you: “vagrant init precise64”

20. Boot it and connect to it
$ vagrant up
[default] Importing base box 'precise64'...
[default] Matching MAC address for NAT networking...
[default] Clearing any previously set forwarded ports...
[default] Fixed port collision for 22 => 2222. Now on port 2200.
[default] Forwarding ports...
[default] -- 22 => 2200 (adapter 1)
[default] Creating shared folders metadata...
[default] Clearing any previously set network interfaces...
[default] Booting VM...
[default] Waiting for VM to boot. This can take a few minutes.
[default] VM booted and ready for use!
[default] Mounting shared folders...
[default] -- v-root: /vagrant
$ vagrant ssh
Welcome to Ubuntu 12.04 LTS (GNU/Linux 3.2.0-23-generic x86_64)
* Documentation: https://help.ubuntu.com/
Welcome to your Vagrant-built virtual machine.
Last login: Thu Jun 7 00:49:30 2012 from 10.0.2.2
vagrant@precise64:~$

21. Boot multi-VMs: configure IPs,
memory, hostname
Vagrant::Config.run do |config|
config.vm.box = "precise64”
config.vm.define :controller do |controller_config|
controller_config.vm.network :hostonly, "192.168.206.130"
controller_config.vm.host_name = "controller"
end
config.vm.define :compute1 do |compute1_config|
compute1_config.vm.network :hostonly, "192.168.206.131"
compute1_config.vm.host_name = "compute1"
compute1_config.vm.customize ["modifyvm", :id,
"--memory", 1024]
end
end

22. Openstack-ansible: Ansible scripts for
OpenStack Compute
Links to OpenStack
Install & Deploy Guide

23. Config: controller, one compute host,
QEMU, FlatDHCP
controller compute1
.130 .131
eth1 eth1
192.168.206.*
.130 .131
eth2 eth2
eth0 192.168.100.* eth0
NAT NAT

24. Vagrantfile describes this setup
Vagrant::Config.run do |config|
config.vm.box = "precise64"
config.vm.define :controller do |controller_config|
controller_config.vm.network :hostonly, "192.168.206.130”
controller_config.vm.host_name = "controller"
end
config.vm.define :compute1 do |compute1_config|
compute1_config.vm.network :hostonly, "192.168.206.131”
compute1_config.vm.host_name = "compute1"
compute1_config.vm.customize ["modifyvm", :id, "--memory",
1024]
compute1_config.vm.customize ["modifyvm", :id, "--
nicpromisc3",
"allow-all"]
end
end

25. If all goes well…
$ make all
. . .
-------------------------------------+--------------------------------------+
| Property | Value |
+-------------------------------------+--------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-SRV-ATTR:host | None |
| OS-EXT-SRV-ATTR:hypervisor_hostname | None |
| OS-EXT-SRV-ATTR:instance_name | instance-00000001 |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| accessIPv4 | |
| accessIPv6 | |
| adminPass | CJ8NNNa4dc6f |
| config_drive | |
| created | 2012-08-09T02:51:14Z |
| flavor | m1.tiny |
| hostId | |
| id | 8e9238b8-208d-46a8-8f66-c40660abacff |
| image | cirros-0.3.0-x86_64 |
| key_name | mykey |
| metadata | {} |
| name | cirros |

26. Links
• Vagrantfile & Ansible playbooks for OpenStack:
http://github.com/lorin/openstack-ansible
• Ansible: http://ansible.github.com
• Vagrant: http://vagrantup.com
• Ansible playbook examples:
https://github.com/ansible/ansible/tree/devel/examples
/playbooks
• Vagrant boxes: http://vagrantbox.es

27. Image sources
• http://vagrantup.com
• http://ansible.github.com
• http://openstack.org
• http://en.wikipedia.org/wiki/File:Rack001.jpg
• http://en.wikipedia.org/wiki/File:Easy_button.JPG
• http://hezik.nl/enable-ssh-server-on-backtrack-5-r2/