automated ucs configuration with ansible

Download Automated UCS configuration with Ansible

If you can't read please download the document

Upload: univention-gmbh

Post on 08-Feb-2017

199 views

Category:

Software


0 download

TRANSCRIPT

Klicken Sie, um die Formate des Gliederungstextes zu bearbeiten Zweite Gliederungsebene Dritte Gliederungsebene Vierte Gliederungsebene Fnfte Gliederungsebene Sechste Gliederungsebene Siebente Gliederungsebene

Headline

Klicken Sie, um die Formate des Gliederungstextes zu bearbeitenZweite GliederungsebeneDritte GliederungsebeneVierte GliederungsebeneFnfte GliederungsebeneSechste GliederungsebeneSiebente Gliederungsebene

Ansible Modules

Manage UCS with Ansible Configuration Management

Tobias RueetschiAdfinis SyGroup [email protected]

- Welcome

Person

Work at Adfinis SyGroup AG

Linux System Engineer

Experience with Ansible and Python

- Adfinis SyGroup- Linux System Engineer- Programming skills- Python, ...- Configuration Management- e.g. Ansible- Task > 30s => automation

Adfinis => Project SIP21

SIP21

Schul Informatik Platform 21

Univention Corporate Server as base

Small individual schools

Standardised school corporate serversSamba

Squid

Mediatomb

Terminalserver

...

- Schul Infrastructure Server- Small individual schools- Standard Setup- Fileshare (Samba, SFTP, OwnCloud, )- Internet-Steuerung- Mediensharing (MediaTomb)- Virtual Desktop (NX)

SIP21 - Goals

Easy to scale

Fully automated installation and configurationPreseeding installation

Automated configuration

- easy skalierbar- automated installation, configuration- one-click- preseeding- configuration => ansible (Erfahrung)

Configuration => Ansible

Ansible

Free and Open Source

Simple IT automation platform

Ansible loves the repetitive work your people hate

Configuration management

RedHat since 2015Q4

- Simple - Human readable - no special coding skills - tasks executed in order- Powerful - App/Website deployement - Configuration management

Ansible

Using OpenSSH for communication

Agentless architecture

Written in Python

Configured in YAML

Low learning curve

- Agentless- OpenSSH- Written in Python- YAML 4all- Easy to extend

Ansible structure

ProjectPlaybookPlaybookPlaybookRole

RoleRoleRoleRole

TaskModule

TaskModule

TaskModule

TaskModule

TaskModule

TaskModule

- Project beinhaltet 1.. Playbooks- Playbooks referenziert 1.. Roles- Roles beinhaltet 1.. Tasks- Tasks referenziert 1 Module

750+ Modules

Ansible Modules

Can be written in Python

A module does something, likeCreate a configuration out of a template

Install a package

Create a MySQL database

750+ Ansible Modules

- Do something- copy files, render templates- create POSIX users, groups- create MySQL users, database

- Python UCS API

udm_groupEquivalent to udm groups/group

udm_userEquivalent to udm users/user

Ansible UCS Modules User & Group management

- create update delete operations- No moving- support all udm parameters

Ansible UCS Modules User & Group management

- name: create group udm_group: name: admins

- name: create users udm_user: name: SheldonCooper firstname: Sheldon lastname: Cooper password: Bazinga

Group & User creationudm_user parameter groups

udm_dns_zoneEquivalent toudm dns/forward_zone

udm dns/reverse_zone

udm_dns_recordEquivalent toudm dns/*_record

udm dns/alias

Ansible UCS Modules DNS management

- create update delete operations- No moving- support all udm parameters

Ansible UCS Modules DNS management

- name: create dns zone udm_dns_zone: zone: example.com type: forward_zone nameserver: ns1.example.com interfaces: 192.0.2.1

Create a dns zoneNameserver und interface of UCS system

Create dns RR equivalent

udm_shareEquivalent to udm shares/share

Ansible UCS Modules Samba & NFS share management

- create update delete operations- No moving- support all udm parameters - NFS - samba - ACL

Ansible UCS Modules Samba & NFS share management

- name: create a new share udm_share: name: documents host: {{ ansible_fqdn }} path: /home/documents samba_name: Documents

ansible_fqdn = UCS FQDN

Upstream (ansible-modules-extras)

Source on GitHubhttps://github.com/ansible/ansible-modules-extras/tree/devel/univention

Documentation http://docs.ansible.com/ansible/list_of_cloud_modules.html

Feel free to contribute

Ansible UCS Modules

- Univention Directory Manager- UCS Developer API- Upstream

Example (1/2)

Variables:---user_list: - name: LeonardoDaVinci passwd: MonaLisa - name: VincentVanGogh passwd: Sunflowers - name: Rembrandt passwd: TheJewishBride

- grsseres Beispiel- mehrere User- anzahl irrelevant

Example (2/2)

Task:---- name: create users udm_user: name: {{ item.name }} firstname: {{ item.name }} lastname: {{ item.name }} password: {{ item.passwd }} with_items: {{ user_list }}

- user aus variable anlegen

Conclusion

Automation of UCS is time costly

Ansible makes it much easier

5 Ansible modules exists, more are needed

- Frher Bash Scripts- Ansible schneller- Ansible Module erstellen => Aufwand- Alle UDM Module mit Ansible abdecken

Thanks for listening

Contact

Tobias RueetschiAdfinis SyGroup [email protected]://www.adfinis-sygroup.ch/

- Danke fr Aufmerksamkeit