Nalee와 함께 떠나는 IT이야기

Hello, everyone~!!

How was your day? In my case, I went to Gwangju for OpenStack with NFV Project last Sunday. At that time, it was rain a lot. So I used train. In that day, I contracted small apartment to stay Gwangju for 5 months. I will stay here for 5 months from now.

And I have an episode one more. Last Thursday, OpenStack Korea User Group held "OpenInfra Days Korea 2018" event with OpenStack Foundation, CNCF Foundation and other technical communities during 2 days.

So many people attended to the event. And, many companies attended and supported also. So I was delighted to meet people who is I know. 

The First day, I presented about OpenStack Automation with Ansible. Many people attended to my presentation. So I would like to post about my presentation in this time. 

Actually, I made that the original presentation material's language is Korean. But I want to post in English. So I translated language from Korean to English like below slide.  

The agenda that I prepared is like following.

- Work Life of IT Engineer

- Cloud! OpenStack!

- Not Easy! Iterative Work!

- Automation for Iterative Work

- What is Ansible?

- OpenStack Automation with Ansible

Before I speak about Automation with Ansible, I wanted to look about IT engineer's work life. Today's IT engineers have to know about lots of technologies like infrastructures, OS, program languages and various development tools. So They need to work hard. and they try to solve the faced problems again and again.

Nowadays, many IT engineers have to know about cloud computing technical. 

Cloud computing technical started by Amazon Web Services before 10 years ago. And OpenStack started by NASA and Rackspace at June, 2010 as IaaS. A few years ago, open source cloud compute projects were like apache cloudstack, OpenNebula, Eucalyptus and OpenStack. But Now famous public cloud services are Google cloud, Microsoft Azure and Amazon Web Service. And the OpenStack became famous private cloud service.

Many companies are introduced OpenStack for their private cloud. And operators are operating OpenStack.  But they have to work iterative tasks every time. 

Let us see case about IT process! 

1. General department users requested to create instance

2. Operation team reviewed the request.

3. Operator create project and user account.

4. Operator create network

5. Operator create flavor

6. Operator create security group

7. Operator create ssh key-pair

8. Operator create instance

9. Operator associate floating ip to instance

They have to work above iterative task every time or frequently.  How do we exit from iterative work? I think the answer is to make automation. Popular automation methods are OpenStack Heat and Ansible.

Ansible is IT automation tool. It can configure systems, deploy software, and orchestrate more advanced IT tasks.

so How do I make OpenStack automation using Ansible?

First, we need to prepare OpenStack environment like git repository, ansible, ansible tower, openstack director, controller and compute nodes. And then we will design roughly process for automation. After finish to design process, we need to design playbook roles architecture and detailed role process like below.

- Register Glance Image

- Creating network

- Creating SSH key

- Create Security Group

- Create Flavor

- Create Instance

After finish role process design, we have to develop playbook refer to ansible document. 

And we push ansible playbook of your local directory to git repository. And You create a project using git authentication in your andible tower web UI. You create job template from projects. After create job template, you click rocket icon button for executing playbook.

Finally, I want to show the some photos of OpenInfra Days Korea 2018 event. I was happy because I could attend to the event and I could enjoy to the event. I will remember the days for a long time.

Hello.

How was your days?

In my case, I developed Ansible Playbook and test playbook execution nowadays. 10 years ago, I was a developer. I could use Java, C, Basic, Python, Javascript, Shellscript and etc. And I am a system engineer now.

When I code Ansible Playbook, I am sometimes confused playbook grammar. I think my logic or code can run well, but the code is not working. If I have problem about playbook, I usually used ask it in Facebook Ansible Korea user group or timeline. So some people give answers to my asking.

I like technical communities. I like this culture of communities. I like these people who can share there knowledge and experiences. I also try to share my experience.

Anyway, today's preface was long. In this posting, I would like to write a episode about my AWS ec2 instance. 

One month ago, I was testing playbook that create AWS EC2 instance. Because this was my homework of Ansible training in China. Of course, it was provide training environment. But at the time, my environment was deleted already. So I decided to use my AWS account.

• I coded playbook that create AWS ec2 instance and upload it to my github's repository.

• And then I registered my github's repository to Ansible Tower. 

• And I made job template using the playbook of github's repository.

• Of course, I configured environment for accessing AWS in my workstation.

• I clicked rocket shape's button. And Ansible Tower started to create ec2 instance in AWS.

Below picture is a flow about above describing. 

After click rocket shape's button, I started to monitor AWS dashboard for checking instance.

Suddenly it started to look lots of unknown instances in my AWS dashboard. I was embarrassed as soon as discover unknown instances. So I deleted the unknown instances in my AWS dashboard. 

After a few minutes, I could not create instance anymore. In that night, I got a mail that have title like "Your AWS account is compromised" from AWS. The next day, I opened a case that have title like "Who did provision instance in my account?" in AWS support center page. Then, I knew that my AWS account hacked from someone. The hacker created a lot of instances in the each region. The 1 day's charge was almost $3K. 

AWS was answered "An agent from our billing team will reach out to you when your case has been reviewed. " to me. And I have waited their review. But after a few days, they billed by registered credit card. I felt shocked and angry about this case because they billed without any notice. So I inquired it to AWS support center in many times. But I could not get any answers from AWS.

I talked this case to my co-workers. My co-worker gave a guide to me about chargeback application.

As soon as got guide, I called at credit card call center. And I talked my case to agent of call center.

I have worried about it. Because the credit card was company card. And I thought that was unreasonable to charge for unknown instances.

After 2 weeks, I got a message from AWS. The message was that they will refund my bill about unauthorized resources. At last, I could throw my worry. 

I am still afraid to use AWS account. And I learned a lot of things by this case. 

Finally, I would like to talk to my co-workers and AWS team thanks. 

Hello,

It's rain in out of the office. My office building elevator is not working. I walked up the stairs to the 14th floor. It's so hot. How is your day?

Anyway, 

In this blog, I would like to post about how to provision OpenStack Instance using Ansible. Before develop Ansible playbook, we need to prepare test environment like below.

• Github repository : There are OpenStack provisioning Playbook.

• Ansible Tower : It will makes Job Template using playbook of Github repository and It will plays.

• OpenStack Director : I will install Shade OpenStack module for Ansible

• OpenStack Controller Node : The Ansible playbook will call OpenStack API of this node.

• OpenStack Compute Node : It will create OpenStack Instance in this node.

This Job flow is like below. If your test environment preparing is done, you need to develop playbook and upload it to the your github repository first. And then,  you need to configure github repository information and OpenStack director credential. And you make Job Template for provisioning OpenStack instance using your github playbook.

To develop ansible playbook, we need to design provisioning task process.

Before OpenStack instance create, OpenStack needs OS image, network, keypiar, flavor and security group. We can express these process like below.

Above each task process can make role process.

OSP-Image

When upload OS image to glance, we need to download OS image first. And then downloaded image can upload to glance.

OSP-Network

Openstack needs to create Public network and Tenant network for providing network ip to instance.

If you use Tenant network, you need to create Router for connecting each public and tenant network. 

OSP-Keypair

Keypair needs when we connect Instance more safely. First, it generate ssh key and register public key file.

OSP-Security Group

Security Group is firewall for instances. If your instance is for web service, you would create "web security group" and add http service port to the created web security group.

OSP-Flavor

Flavor is spec of instance like cpu, memory and hard disk.

Create Instance

After it makes all resources without instances, you can create instance. If creating instance is done, floating ip add to created instance. And you would wait for being available instance status.

Playbook Architecture

Right now, it's time to develop ansible playbook. You would make git directory for developing playbook like below.

When we develop playbook, we need sample playbook code. Below code is example codes for provisiong instance.

# Create a new instance with 4G of RAM on a 75G Ubuntu Trusty volume
- name: launch a compute instance
  hosts: localhost
  tasks:
    - name: launch an instance
      os_server:
        name: vm1
        state: present
        cloud: mordred
        region_name: ams01
        image: Ubuntu Server 14.04
        flavor_ram: 4096
        boot_from_volume: True
        volume_size: 75

Following urls are included example codes that you need for developing playbook. You can develop playbook as refer below url.

• http://docs.ansible.com/ansible/latest/modules/os_image_module.html
• http://docs.ansible.com/ansible/latest/modules/os_network_module.html
• http://docs.ansible.com/ansible/latest/modules/os_subnet_module.html
• http://docs.ansible.com/ansible/latest/modules/os_nova_flavor_module.html
• http://docs.ansible.com/ansible/latest/modules/os_keypair_module.html
• http://docs.ansible.com/ansible/latest/modules/os_security_group_module.html
• http://docs.ansible.com/ansible/latest/modules/os_server_module.html

Actually this blog's contents is part of my ansible training lesson in China. After came back to Korea, I wanted to summarize about my training. Finally I am so happy cause I summarize this.

Hello, my blog visitors~!!

In this article, 

I will try to post about my first ansible code. Actually, I drew some architecture for posting an article because I hope that you can understand my ansible code well.

My first ansible project code exist on my github repository like below. 

Github URL: https://github.com/naleejang/Ansible_Project

If you don't know about Cobbler well, you need to study Cobbler and Kickstart before looking this blog. You can study Cobbler following site. (http://cobbler.github.io/)

What is Cobbler?

According to Cobbler, Cobbler is a Linux installation server that allows for rapid setup of network installation environments.

Cobbler with Ansible Architecture

When I developed ansible playbook about cobbler, I didn't know cobbler's process well. so I had found cobbler information on the internet like google. Most blog's posting described only text and codes. so I found cobbler architecture on the internet. but I couldn't understand cobbler architecture and process. I created 3 VMs via KVM and configured test environment like below architecture.

The 3 VM's role are like below.

• Cobbler Server : This is installation server. It needs dhcp, rsync, tftp, createrepo and apache packages for configuring Cobbler server.

• Ansible Tower: This is ansible server with web ui. It needs credential for connecting target host via SSH, playbook codes for making Cobbler tasks automatically.

• Test Server : This is empty bare metal server or VM using Network boot. 

After create 3 VMs, I deployed Cobbler server as refer Cobbler Quickstart Guide. 

(http://cobbler.github.io/manuals/quickstart/)

and then I deployed Ansible and Ansible Tower as refer Ansible document.

(http://docs.ansible.com/ansible-tower/latest/html/quickinstall/index.html) 

I booted test server using network boot. As soon as start to boot the test server, I could look screen like above blue picture.

Ansible Playbook Architecture

After configure test bed, I started to develop ansible playbook code as refer other people's cobbler playbook. My playbook architecture is like below.

• add_iso_cobbler.yml : It calls cobbler-addISO's main tasks of roles if this playbook called by ansible tower.
  

• remove_iso_cobbler.yml : It calls cobbler-removeISO's main tasks of roles if this playbook called by ansible tower.

• roles : Roles are ways of automatically loading certain vars_files, tasks, and handlers based on a known file structure. Grouping content by roles also allows easy sharing of roles with other users.

• cobbler-addISO : It includes tasks and vars for importing ISO image information to cobbler

• tasks : process for importing ISO image to cobbler.

• vars : variables about ISO image

• cobbler-removeISO : It includes tasks and vars for deleting ISO image information from cobbler.

• tasks : process for deleting ISO image information.

• vars : variables about ISO image

Ansible Playbook Task Process

My playbook's code of cobbler-addISO task process is like below. If I don't use Ansible and Ansible Tower, I have to execute commands like following tasks everytime maybe. 

Some cobbler playbooks that I found on the ansible galaxy includes from configure cobbler server to import ISO images.

You can look my playbook code in my github repository. If you don't understand after you read this article, I recommend to study about cobbler an kickstart first.

Hello, 

Today, I try to write an article in English in my tistory blog. 

I think my English skill is not good and my English expression is also not good.

However one of my dreams was to write article in English. So I have decided to practice writing article in English today. 

So Please understand my English expression.

Last month, I started to study Ansible. Because I want to provide high quality service when I deploy OpenStack or CloudForms to customer's DataCenter. Actually, I don't like to work same process like provision instance, configure development environment and set up basic system configuring. 

Almost during 2 weeks, I had studied Ansible alone through online learning system. At that time, I didn't understand about ansible functions, how to develop playbook and playbook's programming rule. anyway, I just studied Ansible continue.

At 3rd week of April, I went to Beijing, China Red Hat office for Ansible training. 

All trainees were man, All trainees were Chinese. and Trainer was a man also. Woman was only me.

At first day, I couldn't understand trainer's words. So second day, I moved my seat near the trainer. And I tried to listen his voice and looked his class materials. I started to understand his words and I started to interest the class. And I studied how to develop playbook and how to use ansible and ansible tower through his class materials.

As soon as came back Korea office, I needed to prepare first Ansible job for a weekend. Next Monday, I deployed Ansible and Ansible Tower to customer's server. After came back home, I developed Ansible playbook till late night. It was about baremetal OS provisioning using cobbler and Ansible. While I worked with Ansible, I have liked Ansible more. I fell into Ansible's attractiveness. Because Ansible can make automate numerous repetitive tasks. This is my github site that have my playbook codes. https://github.com/naleeJang/Ansible_Project You can refer the url.

If I have any opportunity, I will try to describe my Ansible codes.