La infraestructura com a codi (IAC) es converteix en un dels elements clau de l'equip Agile, ja que permet que la infraestructura deixi de ser el coll d'ampolla en el cicle de la "Continuous Integration / Continuous Delivery" (CI / CD). En aquesta presentació es mostra un cas d'ús d'IAC basat en les últimes eines de la metodologia DevOps (desenvolupament i operacions), com ara Jenkins, Terraform, Ansible i OpenNebula.
Aquesta presentació, duta a terme per Xavier Peralta (administrador de sistemes al CSUC) s'emmarca dins de la setena edició de la OpenNebula Conference celebrada el 12 i 13 de novembre de 2018 a Amsterdam.
5. Why Terraform?
• A provisioning declarative tool that based on Infrastructure as a
Code paradigm
• Helps to evolve you infrastructure, safely and predictably
• Written in golang
• Terraform is a multipurpose composition tool:
• Composes multiple tiers (SaaS/PaaS/IaaS)
7. Terraform is not a cloud agnostic tool
It’s not a magic wand that gives you power
over all clouds and systems.
8. Terraform provider for OpenNebula
https://github.com/runtastic/terraform-provider-opennebula
or
https://github.com/blackberry/terraform-provider-opennebula
10. Terraform provider for OpenNebula: Features
• Leverages OpenNebula's XML/RPC API
• Tested for versions 5.X
This is based on a project started by Runtastic, and has been
enhanced by BlackBerry to allow for definition of these resource
types:
• Virtual Machines
• Images
• VNET Reservations
• Security Groups
As well as data sources for:
• Images
• VNETs
• Security Groups
11. Continuous Integration / Continuous Delivery (CI/CD)
Repository on GitHub or GitLab
DevOps
CommitCommit
Jenkins Build Server
Checkout
14. Jenkins Pipeline: State Terraform Apply
The pipeline use tower-cli to add automatically hosts to the inventory
https://github.com/ansible/tower-cli
15. Jenkins Pipeline: State Run Playbook
Finally launch a Job Template in Ansible AWX or Ansible Tower
https://github.com/ansible/awx
16. AWX Jobs
AWX use the credentials added during the OpenNebula Contextualization
Hello, I’am Xavier Peralta, I work as a SysAdmin on CSUC. My speech is going to be about how are we planning to evolve the managment of our systems but first I would like to talk about what is CSUC and which is our purpose in a nutshell. CSUC stands for Consorci de Serveis Universitaris de Catalunya and is a cosortium formed by this catalan universities. There are other public institutions that can also take profit of our services
At CSUC we provide all of this sort of services. We have an HPC cluster, storage service, we manage the Anella Científica network which is the education network in Catalonia, ans also we provide different kind of repositories among other services.
To provide most of these services we use opennebula as our private cloud platform but also we are able to put our services on public clouds like vcloud or aws. That’s because we were looking for a tool that allows us to manage this stuff in a centralized and automatic way. To achieve this way of managing we use any of these tools like ansible or puppet, etc but also we need to deploy the infraestructure in this same way. This is why we were looking for an Infrastruture as a Code tool like cloudformation, saltstack or Terraform.
We have chosen Terraform because is an Infrastructure as a Code software that allow to define our infraestructure simply by providing a code and launching it. Terraform is written in GO and not only have the IaaS tier but also PaaS and SaaS. This prevent us of doing repetitive work when you want to redeploy a similar service, and also it avoids human errors when do it by hand. In our case is useful to deploy different container clusters for different repository projects
Terraform has a strong and active community behind it. As you can see Terrafomr has 109 releases and more than a thousand contributors. It is created by hashicorp, the same company that owns vagrant and consul
It is important to note that Terrafom is not a magic wand that gives you the power over all clouds, well in fact it is, but you need to download each terraform provider and install it if we want to use it. Each terraform provider uses its own variables and specific code so you have to know every one of these to use it
Ok, so we have a tool that is not cloud agnostic, and we have a OpenNebula that can talk with most of our public providers. And thanks to runtastic and blackberry we have also a terraform provider for OpenNebula. So OpenNebula gives us the freedom to deploy our infrastructure on different cloud providers just choosing the correct templates. That means that for example if we want to deploy the infrastructure on aws we just need to select the aws template on OpenNebula, or if we want to deploy on the local OpenNebula we choose the Template for KVM.
Note what we define in the instance_type aws provider can be defined also in the opennebula template, that’s the freedom I was talking before
Lets see what terraform provider can offer. Well, this provider leverages the OpenNebula XML/RPC API and it’s tested for versions 5. As I mention before is based on a project that was started by runtastic and continued by blackberry and by now allow us to define these resources, Templates, Virtual Machines, Images, Virtual Networks and security groups
We’ve prepared a Demo where we can see what can we do with tools. The Idea is that the DevOps commit the code to github, and from jenkins we can checkout this code, and run terraform to provide the infrastructure, and when the infraestructure is up and running we can launch and ansible playbook to install or configure some stuff inside the new infrastruture created. This is independent wherever we have to deploy the infrastructure, it can be on local KVM, VMware Vcloud, aws, whatever openenbula can talk to
This would be the terraform workflow where the DevOps create the terraform config file, then runs a terraform init to load the providers to terraform after that runs a terraform plan where we can see what is going to be done ans also save the state because in case we want to destroy the plan we know what we have to destroy and finally the terraform apply deploy the infrastructure.
With Jenkins the idea is the same. We’ve tried to automatize the terraform workflow and instead of run stage by stage by hand we permit Jenkins to do the work for us. It will checkout the code form github, the terraform init, plan and apply, and once the terraform finishes and returns the VM attributes will run an ansible job with AWX to make some configs or intalls on the new instance
Jenkins pipeline uses tower-cli to add the new host to the inventory and then we define which role will have in order to install or configurte its specific packages. In this case we are deploying a webserver but we also tested deploying a kubernetes cllusters or a Rancher clusters to host some repository services.
Here you can see the jenkins logs where confirms the webserver has been deployed by ansible.
This is the same ansible logs but from AWX. Is interesting to see that all actions are logged so is usefull to debug is something went wrong.
At the begining we don’t have any VM running, we just have two templates defined, also the AWX inventory is empty, so let’s start setting the parameters of Jenkins pipeline for terraform, defining the Git repository and branch, the opennebula endpoint and tthe AWX URL. Jenkins starts the checkout from github, and runs the init, plan and apply, these are the apply logs with the opennebula template already created. Now the vm is up and running. OpenNebula returns the hosts ip which we is used to add the host to the inventory, and ones added we can apply the ansible playbook to install the apache service.
In addition to this simple Demo we have done some basic tutorials about deplying a kubernetes cluster with terraform and ansible. you can check is this URL.!
And the same but instead of kubernetes this other tutorial is with Rancher. Feel free to check
Last I will like to thank my coleague Miguel Angel who have done this demo and tutorials. A thank you all for your atttention. So if you have some questions feel free to ask or if you want we talk now at the coffee break.