IAC on OpenStack (feat. ansible) 김용기부장 Sr. Solution Architect Red Hat

Similar documents
MULTI CLOUD AS CODE WITH ANSIBLE & TOWER

AUTOMATION FOR EVERYONE Accelerating your journey to the Hybrid Cloud with Ansible Tower

OPEN SOURCING ANSIBLE

ANSIBLE AUTOMATION AT TJX

AUTOMATING THE ENTERPRISE WITH ANSIBLE. Dustin Boyd Solutions Architect September 12, 2017

Ansible Hands-on Introduction

Getting Started with Ansible - Introduction

Ansible and Ansible Tower by Red Hat

ANSIBLE TOWER OVERVIEW AND ROADMAP. Bill Nottingham Senior Principal Product Manager

Ansible. -- Make it so

AUTOMATION ACROSS THE ENTERPRISE

Enhancing Secrets Management in Ansible with CyberArk Application Identity Manager

WHAT IS ANSIBLE AND HOW CAN IT HELP ME?

Sanjay Shitole, Principle Solutions Engineer

IN DEPTH INTRODUCTION ARCHITECTURE, AGENTS, AND SECURITY

Ansible - Automation for Everyone!

Cloud and Devops - Time to Change!!! PRESENTED BY: Vijay

Automation: Making the Best Choice for Your Organization

Automation and configuration management across hybrid clouds with CloudForms, Satellite 6, Ansible Tower

SELF-SERVICE IT WITH ANSIBLE TOWER & MICROSOFT AZURE. Chris Houseknecht Dave Johnson. June #redhat #rhsummit

We are ready to serve Latest IT Trends, Are you ready to learn?? New Batches Info

Housekeeping. Timing Breaks Takeaways

An introduction to ANSIBLE. Anand Buddhdev RIPE NCC

Building and Managing Clouds with CloudForms & Ansible. Götz Rieger Senior Solution Architect January 27, 2017

ANSIBLE ALL THE THINGS

Contents. Prerequisites 1. Linux 1. Installation 1. What is Ansible? 1. Basic Ansible Commands 1. Ansible Core Components 2. Plays and Playbooks 8

Modern Provisioning and CI/CD with Terraform, Terratest & Jenkins. Duncan Hutty

Button Push Deployments With Integrated Red Hat Open Management

ansible-workshop Documentation

mastering ansible A622DFD780311BCF8921DE033F8C7977 Mastering Ansible 1 / 6

Get Automating with Infoblox DDI IPAM and Ansible

Ansible F5 Workshop +

Terraform & Infrastructure as Code. Ben Higginbottom (kind of a big deal) ((seriously - I ve helped hijack a spacecraft))

Infrastructure as Code CS398 - ACC

HASHICORP TERRAFORM AND RED HAT ANSIBLE AUTOMATION Infrastructure as code automation

Red Hat Ansible Workshop. Lai Kok Foong, Kelvin

Automate Patching for Oracle Database in your Private Cloud

Malaysian Open Source Conference (The) Multi Facets of the Open Source Tools. Muhammad Najmi Ahmad Zabidi

Infoblox and Ansible Integration

INTRODUCTION CONTENTS BEGINNER S GUIDE: CONTROL WITH RED HAT ANSIBLE TOWER

Ansible: Server and Network Device Automation

TACKLING BIG-IP BLUE-GREEN DEPLOYMENTS IN PRIVATE CLOUD USING F5 & VMWARE ANSIBLE MODULES

Managing Microservices using Terraform, Docker, and the Cloud

Study Guide. Expertise in Ansible Automation

Managing Microservices Using Terraform, Docker, and the Cloud

Ansible + Hadoop. Deploying Hortonworks Data Platform with Ansible. Michael Young Solutions Engineer February 23, 2017

DevOPS, Ansible and Automation for the DBA. Tech Experience 18, Amsersfoot 7 th / 8 th June 2018

ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security CSPI GmbH OpenRheinRuhr 2015

Ansible Essentials 5 days Hands on

ANSIBLE SERVICE BROKER Deploying multi-container applications on OpenShift Todd Sanders John Matthews OpenShift Commons Briefing.

Webserver deployment on. Amazon Web Services using IAC tool Terraform

Getting started with Ansible and Oracle

Ansible Tower Quick Setup Guide

Tools for the Vagabonding Samba Developer

Infrastructure at your Service. Setup Oracle Infrastructure with Vagrant & Ansible

Zabbix Ansible Module. Patrik Uytterhoeven

Ansible in Depth WHITEPAPER. ansible.com

Ansible at Scale. David Melamed Senior Research Engineer, CTO Office, CloudLock

Zero Touch Provisioning of NIOS on Openstack using Ansible

GIVING POWER TO THE PEOPLE With General Mills

Ansible and Firebird

Ansible Tower Quick Setup Guide

Ansible Tower Quick Install

Ansible in Operation. Bruce Becker: Coordinator, SAGrid

Introduction to Ansible

AGENTLESS ARCHITECTURE

Ansible. Go directly to project site 1 / 36

INTRODUCTION WHY CI/CD

RED HAT TECH EXCHANGE HOUSE RULES

ANSIBLE EVERYTHING. From traditional to unorthodox, Ansible for Everything. Adam Miller Principal Software Engineer

Rapid Deployment of Bare-Metal and In-Container HPC Clusters Using OpenHPC playbooks

Ansible Tower on the AWS Cloud

From Docker les to Ansible Container

Ansible. For Oracle DBAs. Alexander Hofstetter Trivadis GmbH

Ask an Expert: Ansible Network Automation

Ansible Bootcamp. Bruce Becker: Coordinator, Africa-Arabia ROC

ANSIBLE TOWER IN THE SOFTWARE DEVELOPMENT LIFECYCLE

Managing 15,000 network devices with Ansible. Landon Holley & James Mighion May 8, 2018

introducing Haid-und-Neu-Str. 18, Karlsruhe Germany

(Almost) Instant monitoring

The Foreman. Doina Cristina Duma, cristina.aiftimiei<at>cnaf.infn.it Diego Michelotto, diego.michelotto<at>cnaf.infn.it INFN-CNAF

OpenStack Summit Austin

Henry Stamerjohann. Apfelwerk GmbH & Co. #macadmins

Introduction to Ansible. yench

Splunk and Ansible. Joining forces to increase implementation power. Rodrigo Santos Silva Head of Professional Services, Tempest Security Intelligence

ANSIBLE ALL THE THINGS

Ansible Tower Quick Install

Choosing an orchestration tool: Ansible and Salt. Ken Wilson Opengear. Copyright 2017 Opengear, Inc. 1

Ansible for DevOps. Server and configuration management for humans. Jeff Geerling ISBN Jeff Geerling

Terraform: Konfigurationsmanagement für Wolkendienste

Introduction to CLI Automation with Ansible

Dominating Your Systems Universe with Ansible Daniel Hanks Sr. System Administrator Adobe Systems Incorporated

Database Operations at Groupon using Ansible. Mani Subramanian Sr. Manager Global Database Services Groupon

Be smart. Think open source.

The recommended way for deploying a OSS DC/OS cluster on GCE is using Terraform.

Ansible. Systems configuration doesn't have to be complicated. Jan-Piet

FMW Automatic install using cloning

J, K, L. Each command, 31. Fully qualified domain name (FQDN), 116

Network Automation with Ansible. Jason Edelman

Socially conscious software at scale. Ram Mehta, CTO Propel Inc

Transcription:

IAC on OpenStack (feat. ansible) 김용기부장 Sr. Solution Architect Red Hat

31,000+ Stars on GitHub 2 1900+ Ansible modules 500,000+ Downloads a month

WHY ANSIBLE? SIMPLE POWERFUL AGENTLESS 읽기쉽고코딩을아주잘할필요없이순서대로실행모든팀에유용 Get productive quickly 애플리케이션배포설정관리워크플로우오케스트레이션네트워크자동화 Orchestrate the app lifecycle 에이전트없이 OpenSSH & WinRM 사용보안강화즉시사용가능 More efficient & more secure 3

4 Ansible 아키텍처

PLAYBOOK EXAMPLE --- - name: install and start apache - hosts: name: web install and start apache become: yes hosts: web http_port: 80 become: yes vars: yum: http_port: 80 vars: tasks: - name: httpd package is present name: httpd state: latest tasks: copy: - name: httpd package is present src: files/index.html dest: yum: /var/www/html/ name: httpd service: state: latest - name: latest index.html file is present - name: httpd is started name: httpd state: started declarative, 선언형방식 5

ANSIBLE SHIPS WITH OVER 1250 MODULES CLOUD VIRT AND CONTAINER WINDOWS NETWORK NOTIFY AWS Docker ACLs Arista HipChat Azure VMware Files A10 IRC CenturyLink RHEV Commands Cumulus Jabber CloudScale OpenStack Packages Big Switch Email Digital Ocean OpenShift IIS Cisco RocketChat Docker Atomic Regedits Cumulus Sendgrid Google CloudStack Shell Dell Slack Linode And more... Shares F5 Twilio OpenStack Services Juniper And more... Rackspace DSC Palo Alto And more... Users OpenSwitch Domains And more... And more... 6

WHAT CAN I DO WITH ANSIBLE? Automate the deployment and management of your entire IT footprint. Do this... Orchestration Configuration Management Application Deployment Provisioning Continuous Delivery Security and Compliance On these... Firewalls Load Balancers Applications Containers Clouds Servers Infrastructure Storage Network Devices And more... 7

Open Stack Management by Code 8

기본 인프라 생성 인프라 생성도 9 https://medium.com/@michalmedvecky/managing-your-openstack-infrastructure-with-hashicorp-terraform-8c93ade214b4

기본인프라설정 Network/Subnet/Router 매뉴얼작업경우 테넌트별별도생성 입력값이부정확할때통신에러발생 작업자동화경우 코드를통해기존설정확인 신속한신규네트워크생성 10

기본인프라설정 Security Group Security Group 매뉴얼작업경우 기존보안그룹을복사하여생성불가 새로운 SG 마다신규로규칙입력필요 작업자동화경우 코드를복사 / 편집하여 SG 생성 11

기본인프라설정 Flavor Flavor 매뉴얼작업경우 기존 flavor 편집불가 편집필요시, 기존스펙을확인하고재생성필요 작업자동화경우 코드를복사 / 편집하여생성 12

인스턴스배포 인스턴스생성코드예제 Heat 사용시 Terraform 사용시 Ansible 사용시 13

인스턴스배포 Heat 코드 YAML 형식 stack 을통한서비스구동 ceilometer와연동하여 auto scale 가능 필요파일 : - template.yaml - environment.yaml 14

인스턴스배포 Terraform 코드 테라폼전용언어인 tf 형식 선언형언어 쉬운코드및적용 참고 : https://github.com/terraform-providers/terraform-provider-openstack/blob/master/examples/app-with-networking/main.tf 15

인스턴스배포 Ansible 코드 YAML 형식 선언형언어 상대적으로간단한코드 인스턴스배포이후, OS 및 APP 관련설정까지일원화 16

인스턴스설정 표준 OS 환경설정 cron 등록 systemctl 설정 ulimit 설정 ntp 설정 repo 등록 추가패키지설치 등등 17

인스턴스설정 OpenScap +Ansible 을통한보안점검 18 https://medium.com/@jackprice/ansible-openscap-for-compliance-automation-14200fe70663

인스턴스설정 애플리케이션별환경설정 Service Network :1.1.x.x standalone.xml.template controller Cinder Glance Neutron automate project ansible_ssh keypair ansible user automate network Openstack Storage Network :172.3.0.0/24 OSD nodes mysqlvol eap7-vol Volumes Compute Nova Network web1 was1 web2 db1 1GB WEB1-2 httpd.conf 자동설정변경 mod_jk.conf workers.properties httpd 서비스실행 WAS1 standalone.xml 의 DB 연결 module.xml 에서 jdbc 등록 jboss eap 서비스실행 my.conf 수정 DB1 mariadb 서비스실행 <datasource jta="false" jndiname="java:jboss/postgresds" pool-name="postgresds" enabled="true" use-javacontext="true" useccm="false"> <connectionurl>jdbc:postgresql://{{ hostvars['director']['dblb'] }}:{{ dbport }}/{{ dbsid upper }}</connection-url> <driverclass>org.postgresql.driver</d river-class> <driver>postgresql</driver> 19

애플리케이션설정 Ansible Galaxy 를통한패키지설치구성자동화 https://galaxy.ansible.com/ 20

애플리케이션배포 git 과 jenkins 를연동하여 App 자동배포 21

22 IAC Best Practices

IAC Best Practices How to be up to date Limited Direct Console Access Self-Documentation Code Versioning Continuous Test & Process Keep Services Available 23

IAC Best Practices Limited Direct Console Access 코드를통해서만시스템제어 SSH/Telnet 24

IAC Best Practices Self-Documentation 25

IAC Best Practices Code Versioning 장점 : 변경히스토리관리 원복가능 가시성증대 26

IAC Best Practices Continuous Test & Process 테스트시나리오현실화 테스트자동화 프로세스표준화 사람간섭최소화 27

PLAYBOOK EXAMPLES 이문서에서사용한예제사용코드 : HatSAri Github https://github.com/hatsari/ LAMP + HAPROXY + NAGIOS github.com/ansible/ansible-examples/tree/master/lamp_haproxy WINDOWS github.com/ansible/ansible-examples/tree/master/windows SECURITY COMPLIANCE github.com/ansible/ansible-lockdown NETWORK github.com/privateip/network-demo MORE... galaxy.ansible.com github.com/ansible/ansible-examples 28

29 감사합니다

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback