Nalee와 함께 떠나는 IT이야기

Hello my friends that visit my blog. 

How was your Christmas holiday? In my case, I enjoyed that day with my daughter and husband. We had delicious food and watched movie "Aqua Man" in 4D theater. And we took some picture with Christmas tree. This Christmas was really wonderful day.

Today, I thought that I want to look back my life of this year and to post about this year's my story in English for my foreign friends. Because I want what my English writing skill upgrade. 

In this year, I was a lot of work. Dream that I wanted in this year was accomplished great. 

I wanted to post my story about work and technical in English at this blog. so I started to write episode about my Ansible training. First my posting was not good. I didn't knew how to express in English well. So my English sentence was not good. However, I was my best. I think this express still is not good. But If I try and try to express in English, I believe my English skill will improved.  

Below articles are my English postings.

• My First Ansible Project Episode I (http://naleejang.tistory.com/205)
• My First Ansible Project Episode II (http://naleejang.tistory.com/206)
• OpenStack Instance auto provisioning with Ansible (http://naleejang.tistory.com/207)
• AWS EC2 with Ansible Episode (http://naleejang.tistory.com/208)

After writing my Ansible training episodes, I had a opportunity about presenting my ansible story with openstack at Open Infra Days Korea 2018 event.

For I prepare presentation slides, I made test environment in my notebook computer. I installed KVM hypervisor in my rhel notebook. And, I created vm for installing Ansible tower. After installing Ansible tower, I developed playbooks for installing gitlab. I uploaded my playbook sources to gitlab that installed by ansible tower. So I completed Ansible environment for test.

And then I made small Openstack environment on KVM. It was small controller node 1ea, small compute node 1ea. 

When many people built Openstack, they did Openstack function test a lot. It is iterative work. So I developed playbook for iterative work and I executed job templates a lot for presentation demo.

And I made presentation slides. My presentation of Open Infra Days Korea 2018 event was so nice. Many people attended to my sessions. Of course, the language was Korean. But I wanted to share my presentation episode to my friends. So I changed my presentation's language from Korean to English. And I posted it to my blog. Below is the posting.

• My First Ansible Presentation Story (http://naleejang.tistory.com/209)

As soon as finish the event, I went to Gwangju for working Openstack NFV project. And I worked hard for 5 months. I really learned a lot of things through the project. 

Um... at the September, I attended at Red Hat Tech Exchange 2018 APAC as a speaker. While I prepare the presentation, I had to work a lot. Also I had to made presentation slide and I had to practice presentation in English. It was presentation review day. At the day, I was forgetting this. Because I was training about openstack to my client. APEC manager was angry a lot because me. Anyway I made a plan for presentation reviw with apec manager and my manager. My presentation review was a successful.

How was real my presentation?

Of course, It was a successful. Many people attended my session. So many people sent cheering and clapping to me. I was so happy. 

Looking back on 2018, I want to thank to my supporters. So I prepared small gifts. I started to give the gift with a letter.

I have new plans of new year. I want to improve my technical skill, English skill and communication skill. And I want to share my experience about technical to many people in the world.

Policies(정책)

가상 환경을 관리할때 사용하며, 정책 준수와 제어의 두가지 유형을 사용할 수 있다.

Compliance policies(규정준수 정책)

가상 인프라를 강화하고 보안 요구사항을 준수하는지 확인할 때 사용된다.

Control policies(제어정책)

특정 조건을 검사하고 결과에 따라 조치를 수행할 때 사용한다.

예를 들면 다음과 같은 경우가 있다.

• 관리자 계정없이 가상 컴퓨트가 실행되지 않도록 한다.

• 특정 패키지가 적용되지 않으면 가상 컴퓨트가 시작되지 않도록 한다.

• 프로덕션 가상 컴퓨트가 프로덕션 호스트에서 실행중일 경우에만 시작한다.

• 호스트가 클러스터에 추가되거나 제거될때 SmartState 분석을 수행한다.

Control policies(제어 정책)

제어정책은 이벤트(event), 조건(condition), 실행(action)으로 이루어지는데 이것은 가상 환경에서 관리 기능을 제공한다.

• 이벤트(event): 조건을 체크하기 위한 트리거

• 조건(condition): 이벤트에 의해 트리거된 테스트

• 조건이 맞을경우 발생되는 실행들.

** 주의사항

• 정책을 생성하기 전에 정책의 목적을 신중하게 계획해야 한다.

• 정책이 이벤트에 의해 트리거되면 즉시 조건 범위가 적용되어 정책이 실행된다.

• 이때 만일 항목이 범위를 벗어나면 관련된 동작은 실행되지 않는다.

Compliance policies(규정준수 정책)

사용자가 만든 조건을 확인하여 시스템 환경을 보호하도록 특별히 디자인되었다. 이러한 조건은 제어 정책에서 사용하는 동일한 조건이 포함될 수 있으며, 대부분의 절차는 동일하다.

규정준수 정책은 정책이 적용되는 엔티티 유형(예: 가상 시스템 또는 호스트)이 모든 조건을 통과할때 마크를 준수 액션으로 자동 할당한다. 조건 중 하나라도 충족되지 않으면 가상 시스템 또는 호스트가 비규격으로 표시된다. 컴플라이언스 상태는 엔티티 유형 및 비교, 드리프트 화면에 대한 요약 화면에 표시된다.

컴플라이언스 정책은 이벤트와 조치를 자동으로 할당한다. 엔티티 유형(예:VM 및 호스트) 준수 확인 이벤트가 컴플라이언스 정책에 할당되면 가상 시스템 또는 호스트가 모든 조건을 통과할때 준수 동작으로 표시를 실행한다. 조건 중 하나라도 충족되지 않으면 가상 시스템 또는 호스트가 비 규격으로 표시된다.

Hello, everyone~!!

How was your day? In my case, I went to Gwangju for OpenStack with NFV Project last Sunday. At that time, it was rain a lot. So I used train. In that day, I contracted small apartment to stay Gwangju for 5 months. I will stay here for 5 months from now.

And I have an episode one more. Last Thursday, OpenStack Korea User Group held "OpenInfra Days Korea 2018" event with OpenStack Foundation, CNCF Foundation and other technical communities during 2 days.

So many people attended to the event. And, many companies attended and supported also. So I was delighted to meet people who is I know. 

The First day, I presented about OpenStack Automation with Ansible. Many people attended to my presentation. So I would like to post about my presentation in this time. 

Actually, I made that the original presentation material's language is Korean. But I want to post in English. So I translated language from Korean to English like below slide.  

The agenda that I prepared is like following.

- Work Life of IT Engineer

- Cloud! OpenStack!

- Not Easy! Iterative Work!

- Automation for Iterative Work

- What is Ansible?

- OpenStack Automation with Ansible

Before I speak about Automation with Ansible, I wanted to look about IT engineer's work life. Today's IT engineers have to know about lots of technologies like infrastructures, OS, program languages and various development tools. So They need to work hard. and they try to solve the faced problems again and again.

Nowadays, many IT engineers have to know about cloud computing technical. 

Cloud computing technical started by Amazon Web Services before 10 years ago. And OpenStack started by NASA and Rackspace at June, 2010 as IaaS. A few years ago, open source cloud compute projects were like apache cloudstack, OpenNebula, Eucalyptus and OpenStack. But Now famous public cloud services are Google cloud, Microsoft Azure and Amazon Web Service. And the OpenStack became famous private cloud service.

Many companies are introduced OpenStack for their private cloud. And operators are operating OpenStack.  But they have to work iterative tasks every time. 

Let us see case about IT process! 

1. General department users requested to create instance

2. Operation team reviewed the request.

3. Operator create project and user account.

4. Operator create network

5. Operator create flavor

6. Operator create security group

7. Operator create ssh key-pair

8. Operator create instance

9. Operator associate floating ip to instance

They have to work above iterative task every time or frequently.  How do we exit from iterative work? I think the answer is to make automation. Popular automation methods are OpenStack Heat and Ansible.

Ansible is IT automation tool. It can configure systems, deploy software, and orchestrate more advanced IT tasks.

so How do I make OpenStack automation using Ansible?

First, we need to prepare OpenStack environment like git repository, ansible, ansible tower, openstack director, controller and compute nodes. And then we will design roughly process for automation. After finish to design process, we need to design playbook roles architecture and detailed role process like below.

- Register Glance Image

- Creating network

- Creating SSH key

- Create Security Group

- Create Flavor

- Create Instance

After finish role process design, we have to develop playbook refer to ansible document. 

And we push ansible playbook of your local directory to git repository. And You create a project using git authentication in your andible tower web UI. You create job template from projects. After create job template, you click rocket icon button for executing playbook.

Finally, I want to show the some photos of OpenInfra Days Korea 2018 event. I was happy because I could attend to the event and I could enjoy to the event. I will remember the days for a long time.

Hello.

How was your days?

In my case, I developed Ansible Playbook and test playbook execution nowadays. 10 years ago, I was a developer. I could use Java, C, Basic, Python, Javascript, Shellscript and etc. And I am a system engineer now.

When I code Ansible Playbook, I am sometimes confused playbook grammar. I think my logic or code can run well, but the code is not working. If I have problem about playbook, I usually used ask it in Facebook Ansible Korea user group or timeline. So some people give answers to my asking.

I like technical communities. I like this culture of communities. I like these people who can share there knowledge and experiences. I also try to share my experience.

Anyway, today's preface was long. In this posting, I would like to write a episode about my AWS ec2 instance. 

One month ago, I was testing playbook that create AWS EC2 instance. Because this was my homework of Ansible training in China. Of course, it was provide training environment. But at the time, my environment was deleted already. So I decided to use my AWS account.

• I coded playbook that create AWS ec2 instance and upload it to my github's repository.

• And then I registered my github's repository to Ansible Tower. 

• And I made job template using the playbook of github's repository.

• Of course, I configured environment for accessing AWS in my workstation.

• I clicked rocket shape's button. And Ansible Tower started to create ec2 instance in AWS.

Below picture is a flow about above describing. 

After click rocket shape's button, I started to monitor AWS dashboard for checking instance.

Suddenly it started to look lots of unknown instances in my AWS dashboard. I was embarrassed as soon as discover unknown instances. So I deleted the unknown instances in my AWS dashboard. 

After a few minutes, I could not create instance anymore. In that night, I got a mail that have title like "Your AWS account is compromised" from AWS. The next day, I opened a case that have title like "Who did provision instance in my account?" in AWS support center page. Then, I knew that my AWS account hacked from someone. The hacker created a lot of instances in the each region. The 1 day's charge was almost $3K. 

AWS was answered "An agent from our billing team will reach out to you when your case has been reviewed. " to me. And I have waited their review. But after a few days, they billed by registered credit card. I felt shocked and angry about this case because they billed without any notice. So I inquired it to AWS support center in many times. But I could not get any answers from AWS.

I talked this case to my co-workers. My co-worker gave a guide to me about chargeback application.

As soon as got guide, I called at credit card call center. And I talked my case to agent of call center.

I have worried about it. Because the credit card was company card. And I thought that was unreasonable to charge for unknown instances.

After 2 weeks, I got a message from AWS. The message was that they will refund my bill about unauthorized resources. At last, I could throw my worry. 

I am still afraid to use AWS account. And I learned a lot of things by this case. 

Finally, I would like to talk to my co-workers and AWS team thanks.