The Rick and Morty of Automation: OpenShift and Ansible 

No content

● Originally created by Michael DeHaan ○ Note: recently released vespene.io some kind of build system ● Configuration management system ● Several important design decisions - advantages/disadvantages ○ No agents ○ Runs over SSH ○ Uses YAML ○ Module based ○ Runs in order ○ Not “compiled” ○ Not centralized ○ Does not store state (typically) ○ AWX/Tower is a separate system WHAT IS ANSIBLE? 

https://www.slideshare.net/egg9/kubernetes-introduction * Other docs set 2003/4 as start of Google’s Borg 

KUBERENETES OVERVIEW https://kubernetes.io/docs/concepts/architecture/cloud-controller/ 

https://stratechery.com/2018/ibms-old-playbook/ 

1. Provision resources on which to run OpenShift 2. Deploy OpenShift 3. Build containers with Ansible 4. Use OpenShift with basic modules 5. Use OpenShift Ansible Broker WAYS TO USE OPENSHIFT AND ANSIBLE TOGETHER 

DIFFERENCES BETWEEN OPENSHIFT AND KUBERNETES Differences Between OpenShift/OKD & Kubernetes 

Kubernetes OpenShift / OKD / OpenShift Origin Open Source Project Curated Kubernetes Distribution / Product N/A Project - High level Kubeadm, plus many other distros openshift-ansible Root containers yes by default Root containers no by default Service Catalog Container image registry Helm Charts Template Service Broker Ingress, etc Router Deployment DeploymentConfig N/A Image Streams Most Linuxes RedHat OS / CentOS 

https://medium.com/levvel-consulting/the-differences-between-kubernetes-and-openshift-ae778059a90e 

DEPLOYMENT CONFIG VS DEPLOYMENT https://stackoverflow.com/questions/49916103/what-is-the-different-between-openshift-deploymentconfig-and-kubernetes-deployme 

PROVISION AWS RESOURCES WITH ANSIBLE FOR OPENSHIFT © 2018 Interdynamix Systems Slide 12 Provision AWS Resources with Ansible 

BASIC AWS DIAGRAM Public Subnet Private Subnet Worker 0 Worker 1 Controller 0 Router 0 NAT GW INET GW Apps Wildcard ELB Console ELB Util 0 openshift-ansible NOTE: Note mean to denote best security practices, is simply what was deployed for this demo Worker N AWS Provisioner 

Demo: Provision AWS Infra with Ansible DEMO 

● That depends ○ It’s not really purposely built as a provisioning system ○ Ansible does not store state, so state (usually) ends up being resource names ○ How do you know when a resource needs to change? ○ But you can do it, and at least everything is in Ansible, you don’t have to switch to another tool, or integrate them together ● Terraform ○ A better provisioner ○ Terraform destroy - so much fun ○ But how to integrate with Ansible? ■ Ansible terraform provisioner + terraform inventory script SHOULD YOU PROVISION WITH ANSIBLE? 

{ "Version": "2012-10-17", "Statement": [ { "Action": "ec2:*", "Resource": "*", "Effect": "Allow", "Condition": { "StringEquals": { "ec2:Region": "ca-central-1" } } } ] } AWS PERMISSIONS Could be tightened up considerably, other permissions as well...ELB, Route53, S3 

S3 USED AS IMAGE REPOSITORY 

What to use? ● https://github.com/openshift/openshift-ansible-contrib ● https://github.com/openshift/openshift-ansible/tree/master/playbooks/aws ● https://github.com/aws-quickstart/quickstart-redhat-openshift ● https://github.com/openshift/openshift-ansible/tree/master/playbooks/aws ● https://aws-quickstart.s3.amazonaws.com/quickstart-redhat-openshift/doc/re d-hat-openshift-on-the-aws-cloud.pdf PROVISION AWS INFRASTRUCTURE WITH ANSIBLE 

AWS DIAGRAM https://aws-quickstart.s3.amazonaws.com/quickstart-redhat-openshift/doc/red-hat-openshift-on-the-aws-cloud.pdf 

instance_tags: "{{ {'Name': item.name, 'krole': item.krole, 'kubernetes.io/cluster/' ~ clusterid: clusterid, 'clusterid': clusterid} }}" YAML: WHAT DOES THIS DO? 

DEPLOY KUBERNETES Deploy OpenShift/OKD with Ansible 

“You install OKD by running a series of Ansible playbooks. As you prepare to install your cluster, you create an inventory file that represents your environment and OKD cluster configuration. While familiarity with Ansible might make this process easier, it is not required.” - Docs ● openshift-ansible Github Repo ● Example hosts file from my deployment OPENSHIFT ANSIBLE 

Deploy with openshift-ansible Deploy Jenkins instance with OpenShift/OKD DEMO 

● Kubespray - https://github.com/kubernetes-incubator/kubespray ● Write your own :) ● Others? OTHER ANISIBLE BASED K8S DISTROS 

ANSIBLE CONTAINER ansible-container 

“Ansible Container is an open source project that aims to enable the automation of the entire container build, deployment and management process. Best of all, it uses the same simple, powerful and agentless Ansible automation language that you’re already using, ensuring you can automate the entire application lifecycle.” - Docs ANSIBLE-CONTAINER 

STATUS? https://blog.octo.com/en/ansible-container-chronicle-of-a-death-foretold/ 

DEPLOY APPS TO KUBERNETES WITH ANSIBLE Deploy Apps to k8s with Ansible 

Demo: Using Ansible k8s Module Docs ● https://docs.ansible.com/ansible/2.6/modules/k8s_module.html ● https://docs.ansible.com/ansible/2.5/modules/k8s_scale_module.html ● https://docs.ansible.com/ansible/2.7/modules/k8s_facts_module.html ● https://docs.ansible.com/ansible/2.4/helm_module.html ● https://docs.ansible.com/ansible/2.5/plugins/inventory/k8s.html 

ANSIBLE SERVICE BROKER Ansible Service Broker 

WHY A SERVICE BROKER? https://www.slideshare.net/MichaelCalizo/openshift-service-broker-and-catalog-ocpmeetup-july-2018 

INTEGRATE WITH EXTERNAL RESOURCES https://www.youtube.com/watch?v=hxmuy8TvLd0 

https://www.slideshare.net/MichaelCalizo/openshift-service-broker-and-catalog-ocpmeetup-july-2018 

https://www.slideshare.net/MichaelCalizo/openshift-service-broker-and-catalog-ocpmeetup-july-2018 

https://www.slideshare.net/MichaelCalizo/openshift-service-broker-and-catalog-ocpmeetup-july-2018 

https://www.slideshare.net/MichaelCalizo/openshift-service-broker-and-catalog-ocpmeetup-july-2018 

Demo: Custom Webhook APB Demo: Mediawiki + Postgres APB Code: Webhook APB code DEMOS AND CODE 

No content

Interdynamix Edmonton 620 Manulife Place 10180 – 101 Street NW Edmonton, AB T5J 3S4 780.423.7005 Interdynamix Toronto 140 Yonge St. Suite 200 Toronto, ON M5C 1X6 ● Email [email protected] ● Code: https://github.com/ccollicutt/ansible-and-openshift-demo C © 2018 Interdynamix Systems Slide 39 https://hub.interdynamix.com/insight-report