Ansible2018.06.01 00:15

Hello.


How was your days?

In my case, I developed Ansible Playbook and test playbook execution nowadays. 10 years ago, I was a developer. I could use Java, C, Basic, Python, Javascript, Shellscript and etc. And I am a system engineer now.


When I code Ansible Playbook, I am sometimes confused playbook grammar. I think my logic or code can run well, but the code is not working. If I have problem about playbook, I usually used ask it in Facebook Ansible Korea user group or timeline. So some people give answers to my asking.

I like technical communities. I like this culture of communities. I like these people who can share there knowledge and experiences. I also try to share my experience.



Anyway, today's preface was long. In this posting, I would like to write a episode about my AWS ec2 instance. 


One month ago, I was testing playbook that create AWS EC2 instance. Because this was my homework of Ansible training in China. Of course, it was provide training environment. But at the time, my environment was deleted already. So I decided to use my AWS account.


  • I coded playbook that create AWS ec2 instance and upload it to my github's repository.

  • And then I registered my github's repository to Ansible Tower. 

  • And I made job template using the playbook of github's repository.

  • Of course, I configured environment for accessing AWS in my workstation.

  • I clicked rocket shape's button. And Ansible Tower started to create ec2 instance in AWS.


Below picture is a flow about above describing. 


After click rocket shape's button, I started to monitor AWS dashboard for checking instance.

Suddenly it started to look lots of unknown instances in my AWS dashboard. I was embarrassed as soon as discover unknown instances. So I deleted the unknown instances in my AWS dashboard. 


After a few minutes, I could not create instance anymore. In that night, I got a mail that have title like "Your AWS account is compromised" from AWS. The next day, I opened a case that have title like "Who did provision instance in my account?" in AWS support center page. Then, I knew that my AWS account hacked from someone. The hacker created a lot of instances in the each region. The 1 day's charge was almost $3K. 


AWS was answered "An agent from our billing team will reach out to you when your case has been reviewed. " to me. And I have waited their review. But after a few days, they billed by registered credit card. I felt shocked and angry about this case because they billed without any notice. So I inquired it to AWS support center in many times. But I could not get any answers from AWS.


I talked this case to my co-workers. My co-worker gave a guide to me about chargeback application.

As soon as got guide, I called at credit card call center. And I talked my case to agent of call center.

I have worried about it. Because the credit card was company card. And I thought that was unreasonable to charge for unknown instances.


After 2 weeks, I got a message from AWS. The message was that they will refund my bill about unauthorized resources. At last, I could throw my worry. 


I am still afraid to use AWS account. And I learned a lot of things by this case. 

Finally, I would like to talk to my co-workers and AWS team thanks. 

'Ansible' 카테고리의 다른 글

AWS EC2 with Ansible Episode  (0) 2018.06.01
OpenStack Instance auto provisioning with Ansible  (0) 2018.05.16
My First Ansible Project Episode II  (0) 2018.05.08
My First Ansible Project Episode I  (0) 2018.05.04
Posted by 나리 짱!!! naleejang
Ansible2018.05.16 10:00

Hello,


It's rain in out of the office. My office building elevator is not working. I walked up the stairs to the 14th floor. It's so hot. How is your day?


Anyway, 

In this blog, I would like to post about how to provision OpenStack Instance using Ansible. Before develop Ansible playbook, we need to prepare test environment like below.


  • Github repository : There are OpenStack provisioning Playbook.

  • Ansible Tower : It will makes Job Template using playbook of Github repository and It will plays.

  • OpenStack Director : I will install Shade OpenStack module for Ansible

  • OpenStack Controller Node : The Ansible playbook will call OpenStack API of this node.

  • OpenStack Compute Node : It will create OpenStack Instance in this node.


This Job flow is like below. If your test environment preparing is done, you need to develop playbook and upload it to the your github repository first. And then,  you need to configure github repository information and OpenStack director credential. And you make Job Template for provisioning OpenStack instance using your github playbook.



To develop ansible playbook, we need to design provisioning task process.

Before OpenStack instance create, OpenStack needs OS image, network, keypiar, flavor and security group. We can express these process like below.



Above each task process can make role process.


OSP-Image

When upload OS image to glance, we need to download OS image first. And then downloaded image can upload to glance.


OSP-Network

Openstack needs to create Public network and Tenant network for providing network ip to instance.

If you use Tenant network, you need to create Router for connecting each public and tenant network. 


OSP-Keypair

Keypair needs when we connect Instance more safely. First, it generate ssh key and register public key file.



OSP-Security Group

Security Group is firewall for instances. If your instance is for web service, you would create "web security group" and add http service port to the created web security group.


OSP-Flavor

Flavor is spec of instance like cpu, memory and hard disk.


Create Instance

After it makes all resources without instances, you can create instance. If creating instance is done, floating ip add to created instance. And you would wait for being available instance status.


Playbook Architecture

Right now, it's time to develop ansible playbook. You would make git directory for developing playbook like below.



When we develop playbook, we need sample playbook code. Below code is example codes for provisiong instance.


# Create a new instance with 4G of RAM on a 75G Ubuntu Trusty volume
- name: launch a compute instance
  hosts: localhost
  tasks:
    - name: launch an instance
      os_server:
        name: vm1
        state: present
        cloud: mordred
        region_name: ams01
        image: Ubuntu Server 14.04
        flavor_ram: 4096
        boot_from_volume: True
        volume_size: 75



Following urls are included example codes that you need for developing playbook. You can develop playbook as refer below url.



Actually this blog's contents is part of my ansible training lesson in China. After came back to Korea, I wanted to summarize about my training. Finally I am so happy cause I summarize this.

'Ansible' 카테고리의 다른 글

AWS EC2 with Ansible Episode  (0) 2018.06.01
OpenStack Instance auto provisioning with Ansible  (0) 2018.05.16
My First Ansible Project Episode II  (0) 2018.05.08
My First Ansible Project Episode I  (0) 2018.05.04
Posted by 나리 짱!!! naleejang
Ansible2018.05.08 18:55

Hello, my blog visitors~!!



In this article, 

I will try to post about my first ansible code. Actually, I drew some architecture for posting an article because I hope that you can understand my ansible code well.


My first ansible project code exist on my github repository like below. 


Github URL: https://github.com/naleejang/Ansible_Project


If you don't know about Cobbler well, you need to study Cobbler and Kickstart before looking this blog. You can study Cobbler following site. (http://cobbler.github.io/)




What is Cobbler?


According to Cobbler, Cobbler is a Linux installation server that allows for rapid setup of network installation environments.




Cobbler with Ansible Architecture


When I developed ansible playbook about cobbler, I didn't know cobbler's process well. so I had found cobbler information on the internet like google. Most blog's posting described only text and codes. so I found cobbler architecture on the internet. but I couldn't understand cobbler architecture and process. I created 3 VMs via KVM and configured test environment like below architecture.



The 3 VM's role are like below.


  • Cobbler Server : This is installation server. It needs dhcp, rsync, tftp, createrepo and apache packages for configuring Cobbler server.

  • Ansible Tower: This is ansible server with web ui. It needs credential for connecting target host via SSH, playbook codes for making Cobbler tasks automatically.

  • Test Server : This is empty bare metal server or VM using Network boot. 


After create 3 VMs, I deployed Cobbler server as refer Cobbler Quickstart Guide. 

(http://cobbler.github.io/manuals/quickstart/)

and then I deployed Ansible and Ansible Tower as refer Ansible document.

(http://docs.ansible.com/ansible-tower/latest/html/quickinstall/index.html) 

I booted test server using network boot. As soon as start to boot the test server, I could look screen like above blue picture.



Ansible Playbook Architecture


After configure test bed, I started to develop ansible playbook code as refer other people's cobbler playbook. My playbook architecture is like below.



  • add_iso_cobbler.yml : It calls cobbler-addISO's main tasks of roles if this playbook called by ansible tower.

  • remove_iso_cobbler.yml : It calls cobbler-removeISO's main tasks of roles if this playbook called by ansible tower.

  • roles : Roles are ways of automatically loading certain vars_files, tasks, and handlers based on a known file structure. Grouping content by roles also allows easy sharing of roles with other users.

    • cobbler-addISO : It includes tasks and vars for importing ISO image information to cobbler

      • tasks : process for importing ISO image to cobbler.

      • vars : variables about ISO image

    • cobbler-removeISO : It includes tasks and vars for deleting ISO image information from cobbler.

      • tasks : process for deleting ISO image information.

      • vars : variables about ISO image


Ansible Playbook Task Process


My playbook's code of cobbler-addISO task process is like below. If I don't use Ansible and Ansible Tower, I have to execute commands like following tasks everytime maybe. 


Some cobbler playbooks that I found on the ansible galaxy includes from configure cobbler server to import ISO images.




You can look my playbook code in my github repository. If you don't understand after you read this article, I recommend to study about cobbler an kickstart first.

'Ansible' 카테고리의 다른 글

AWS EC2 with Ansible Episode  (0) 2018.06.01
OpenStack Instance auto provisioning with Ansible  (0) 2018.05.16
My First Ansible Project Episode II  (0) 2018.05.08
My First Ansible Project Episode I  (0) 2018.05.04
Posted by 나리 짱!!! naleejang
Ansible2018.05.04 17:08

Hello, 


Today, I try to write an article in English in my tistory blog. 

I think my English skill is not good and my English expression is also not good.

However one of my dreams was to write article in English. So I have decided to practice writing article in English today. 


So Please understand my English expression.


Last month, I started to study Ansible. Because I want to provide high quality service when I deploy OpenStack or CloudForms to customer's DataCenter. Actually, I don't like to work same process like provision instance, configure development environment and set up basic system configuring. 


Almost during 2 weeks, I had studied Ansible alone through online learning system. At that time, I didn't understand about ansible functions, how to develop playbook and playbook's programming rule. anyway, I just studied Ansible continue.


At 3rd week of April, I went to Beijing, China Red Hat office for Ansible training. 

All trainees were man, All trainees were Chinese. and Trainer was a man also. Woman was only me.


At first day, I couldn't understand trainer's words. So second day, I moved my seat near the trainer. And I tried to listen his voice and looked his class materials. I started to understand his words and I started to interest the class. And I studied how to develop playbook and how to use ansible and ansible tower through his class materials.



As soon as came back Korea office, I needed to prepare first Ansible job for a weekend. Next Monday, I deployed Ansible and Ansible Tower to customer's server. After came back home, I developed Ansible playbook till late night. It was about baremetal OS provisioning using cobbler and Ansible. While I worked with Ansible, I have liked Ansible more. I fell into Ansible's attractiveness. Because Ansible can make automate numerous repetitive tasks. This is my github site that have my playbook codes. https://github.com/naleeJang/Ansible_Project You can refer the url.


If I have any opportunity, I will try to describe my Ansible codes. 

'Ansible' 카테고리의 다른 글

AWS EC2 with Ansible Episode  (0) 2018.06.01
OpenStack Instance auto provisioning with Ansible  (0) 2018.05.16
My First Ansible Project Episode II  (0) 2018.05.08
My First Ansible Project Episode I  (0) 2018.05.04
Posted by 나리 짱!!! naleejang