NWS Cloud and Terraform – does this work?

NWS Cloud and Terraform – does this work?

A few months ago we launched our OpenStack project within our NWS platform. The NWS Cloud was born.
Since then we are trying to increase the performance and the possibilities of the cloud. And nowadays there is no way around Terraform.

So i had a look at the possibilities and had to try them out. One of my first runs should create a virtual machine, create some security rules, attach a public IP to the virtual machine and install a webserver with a customized index.html

And how this works, i want to show now.

 

But first of all, i have to save my credentials in my config file

variables.tf

variable "openstack_user_name" { description = "The username for the Tenant." default = "my-nws-user" } variable "openstack_tenant_name" { description = "The name of the Tenant." default = "my-nws-project" } variable "openstack_password" { description = "The password for the Tenant." default = "my-password" } variable "openstack_auth_url" { description = "The endpoint url to connect to OpenStack." default = "nws-cloud" } variable "openstack_keypair" { description = "The keypair to be used." default = "mgebert" } variable "tenant_network" { description = "The network to be used." default = "my-nws-project" }

With this variables i can now start writing the rest of my files. I had to configure the provider

provider.tf

provider "openstack" { user_name = "${var.openstack_user_name}" tenant_name = "${var.openstack_tenant_name}" password = "${var.openstack_password}" auth_url = "${var.openstack_auth_url}" }

And the “script” which should run on the new virtual machine

bootstrapweb.sh

#!/bin/bash apt update apt install -y apache2 cat <<EOF > /var/www/html/index.html <html> <body> <p>hostname is: $(hostname)</p> </body> </html> EOF chown -R www-data:www-data /var/www/html systemctl apache2 start

But there is still no server right? So i have to write my deploy file.

deploy.tf

resource "openstack_networking_secgroup_v2" "secgroup1" { name = "ALLOW SSH AND HTTP" } resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_1" { direction = "ingress" ethertype = "IPv4" protocol = "tcp" port_range_min = 22 port_range_max = 22 remote_ip_prefix = "0.0.0.0/0" security_group_id = "${openstack_networking_secgroup_v2.secgroup1.id}" } resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_2" { direction = "ingress" ethertype = "IPv4" protocol = "tcp" port_range_min = 80 port_range_max = 80 remote_ip_prefix = "0.0.0.0/0" security_group_id = "${openstack_networking_secgroup_v2.secgroup1.id}" } resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_3" { direction = "ingress" ethertype = "IPv4" protocol = "icmp" remote_ip_prefix = "0.0.0.0/0" security_group_id = "${openstack_networking_secgroup_v2.secgroup1.id}" } resource "openstack_compute_instance_v2" "web" { name = "web01" image_name = "Ubuntu Xenial" availability_zone = "HetznerNBG4" flavor_name = "s2.small" key_pair = "${var.openstack_keypair}" security_groups = ["default","ALLOW SSH AND HTTP"] network { name = "${var.tenant_network}" } user_data = "${file("bootstrapweb.sh")}" } resource "openstack_networking_floatingip_v2" "floating" { pool = "public-network" } resource "openstack_compute_floatingip_associate_v2" "floating" { floating_ip = "${openstack_networking_floatingip_v2.floating.address}" instance_id = "${openstack_compute_instance_v2.web.id}" }

 

In this file i configure first of all the new security group and afterwards 3 rules to allow ICMP, HTTP and SSH. Then we can start the virtual machine with a name, image_name, a flavor_name, security_groups and so on. I could configure more, like a loop which creates me 10 web-servers with the name web-01 to web-10 . But for now, thats fine. When the server is up and running, the deploy will attach a floating IP to it, so i can access it without a VPN.

And thats it, basically. When it is installed, the bootstrapweb.sh will install the apache2 webserver and replace the default index.html with my custom one.

There is almost no setup which can’t be build up with terraform in combination with the NWS Cloud – so just try it yourself

If you want to see the code above in action, have a look at this video!

Marius Gebert
Marius Gebert
Systems Engineer

Marius ist seit 2013 bei NETWAYS. Er hat 2016 seine Ausbildung zum Fachinformatiker für Systemintegration absolviert und ist nun im Web Services Team tätig. Hier kümmert er sich mit seinen Kollegen um die NWS Plattform und alles was hiermit zusammen hängt. 2017 hat Marius die Prüfung zum Ausbilder abgelegt und kümmert sich in seiner Abteilung um die Ausbildung unserer jungen Kollegen. Seine Freizeit verbringt Marius gerne an der frischen Luft und ist für jeden Spaß zu...

10th Foreman Birthday Event

Since 10 years the Foreman is at our sides to improve our lifes and manage our physical and virtual servers. Since 10 years Foreman gives system administrators the power to easily automate repetitive tasks, quickly deploy applications, and proactively manage servers. It’s time to provision your travel luggage and configure your calendars to alert you on July 25, 2019! Save the date for the 10th Foreman Birthday Party organized by NETWAYS, ATIX and the Foreman Project!

We celebrate with

2+ Hours of hands-on Demos and Hacking Space (12:30 – 15:00)

Perfect for your first steps with Foreman. Get help from some of the experienced people present, or just do some in-person hacking. Demo stations will deal with:

  • Orcharhino (Katello based lifecycle management by ATIX)
  • Katello
  • Foreman with Puppet & plugins
  • Foreman with Ansible & plugins

Technial Talks (15:00 – 18:00)

Get to know about the latest developments and integrations.

Good conversations, Pizza and Drinks (18:00 – Open End)

Now, that’s a party!

Confirmed speakers and project members

Flying in from India, Israel and the USA
Rahul Bajaj and Ori Rabin, the Foreman project community team will be presenting the status of the project
Dana Singleterry and Richard Jerrido, Product Managers of the Red Hat Satellite
Ohad Levy, the founder of the Foreman project 

From the Red Hat office in Dusseldorf and Brno
Evgeni Golov and Ewoud Kohl van Wijngaarden, developers at Red Hat and Foreman project members. Evgeni will talk about writing Ansible modules for Foreman and Katello. 

Coming over from Munich
Mark Hlawatschek, CEO at ATIX, and Bernhard Suttner, Head of Development at ATIX

Welcoming you in Nuremberg
Dirk Götz and Lennart Betz, Senior Consultants at NETWAYS

When? July 25, 2019

Where? The famous Kesselhaus at NETWAYS, Deutschherrnstr. 15-19, 90429 Nuremberg

Admission free!

Want to join? Register here

Want to talk? Contact dirk.goetz@netways.de

Julia Hornung
Julia Hornung
Marketing Manager

Julia ist seit Juni 2018 Mitglied der NETWAYS Family. Vor ihrer Zeit in unserem Marketing Team hat sie als Journalistin und in der freien Theaterszene gearbeitet. Ihre Leidenschaft gilt gutem Storytelling, klarer Sprache und ausgefeilten Texten. Privat widmet sie sich dem Klettern und ihrer Ausbildung zur Yogalehrerin.

New and Next in Automation: Notes on OSCamp Berlin

„The pig go. Go is to the fountain. The pig put foot. Grunt. Foot in what? Ketchup. (…)“

A beautiful crowd of people learned this poem thanks to Felix Frank‘s talk at OSCamp on Ansible in Berlin. That’s it? For sure not! OSCamp conveyed all that’s new and next in automation.

“Ansibuild your system”, was the plea made by Toshaan Bharvani. Ansible code is CODE, as we learned in Klaus Franken‘s talk about Automated Tests of Ansible code with GitLab, Vagrant, VirtualBox and Ansible.

Is that an Ansible?

Is that an Ansible? Stop holding it like a puppet, claimed Felix Frank. Later on he put AWX in a nutshell („A service that runs your Ansible code from one central place. Comes with a web UI and a REST API.“) and proved some of it’s most convincing advantages ­ with his live demo.

Nikhil Kathole from Red Hat showed how Ansible and Foreman integrate with one another and got everone into demo mode. In „Directing the Director“ Martin Schurz from T-Systems shared how they designed their new central monitoring system based on Icinga 2.

And as Felix, Adam Ruzicka from Red Hat pleased us with two talks, first introducing the Foreman Project and later on demonstrating two primary approaches of using Ansible from Foreman.

We want to thank everyone, who took part in Open Source Camp in Berlin! It was a great event!

We hope to see you soon!

Next Open Source Camp will be on Foreman. Right after OSMC. In Nuremberg.
Save the date: Nov 07, 2019!

 

Julia Hornung
Julia Hornung
Marketing Manager

Julia ist seit Juni 2018 Mitglied der NETWAYS Family. Vor ihrer Zeit in unserem Marketing Team hat sie als Journalistin und in der freien Theaterszene gearbeitet. Ihre Leidenschaft gilt gutem Storytelling, klarer Sprache und ausgefeilten Texten. Privat widmet sie sich dem Klettern und ihrer Ausbildung zur Yogalehrerin.

You missed out OSDC? — Sign up for OSCamp!

Hey folks!

The OSDC 2019 is in full swing! You didn’t get to be part of the happy DevOps crowd meeting in Berlin?

Here‘s your chance to find some relief by participating in the next big Open Source thing happening in Berlin this week: Be part of our OSCamp on Ansible!

But you gotta be really fast to grab one of the few remaining seats at opensourcecamp.de

To get a glimpse of how it feels to be one of the OSDC guys, just take a look at the photos published so far on our Twitter channel. And start getting excited what’s coming up at the OSCamp…

See you in Berlin on Thursday!

Pamela Drescher
Pamela Drescher
Head of Marketing

Pamela hat im Dezember 2015 das Marketing bei NETWAYS übernommen. Sie ist für die Corporate Identity unserer Veranstaltungen sowie von NETWAYS insgesamt verantwortlich. Die enge Zusammenarbeit mit Events ergibt sich aus dem Umstand heraus, dass sie vor ein paar Jahren mit Markus zusammen die Eventsabteilung geleitet hat und diese äußerst vorzügliche Zusammenarbeit nun auch die Bereiche Events und Marketing noch enger verknüpft. Privat ist sie Anführerin einer vier Mitglieder starken Katzenhorde, was ihr den absolut...

Ansible can talk to your favorite API

Ansible is a powerful opensource config management and deployment tool, which can manage nearly any situtation. In many “DevOp” scenarios we come across multiple platforms, which we need to combine. Mostly applications provide an REST Api or web connectors to manage resources, jobs and deployments within the product.
Ansible provides various modules which can execute commands at specific APIs, such as the vmware-guest-module to create virtual machines or the jenkins-job-module to manage jobs over the Jenkins API.
In cases where no module is available, we can use the module “uri”.

The module takes several parameters, of which the “url” is the only required one. For this example I picked an example online API “http://dummy.restapiexample.com/”.
To get a list of all employees we use the method GET on http://dummy.restapiexample.com/api/v1/employees, the header Accept: application/json and register the content.


- name: Make requests to example api
  hosts: localhost
  connection: local
  tasks:
    - name: list employees
      uri:
        method: GET
        url: "http://dummy.restapiexample.com/api/v1/employees"
        return_content: yes
        headers:
          Accept: application/json
      register: response

    - debug:
        msg: "{{ response.content }}"

# Result
TASK [list employees] *************************************************************************
ok: [localhost]

TASK [debug] **********************************************************************************
ok: [localhost] => {
    "msg": [
        {
            "employee_age": "23",
            "employee_name": "test",
            "employee_salary": "46000",
            "id": "12008",
            "profile_image": ""
        }
    ]
}

Now we create a new user in our application, for this we talk to a different url http://dummy.restapiexample.com/api/v1/create and send a body with our user to create.
When the api accepts JSON I use a little trick to generate a valid json body out of yaml variables with the Ansible filter to_json

For this we create a variable with the same key value structure as the API expects it, in this case the structure looks like this {“name”:”test”,”salary”:”123″,”age”:”23″}.


- name: Make requests to example api
  hosts: localhost
  connection: local
  vars:
    data:
      chris:
        name: chris
        salary: 46000
        age: 27
      jessy:
        name: jessy
        salary: 70000
        age: 30
  tasks:
    - name: create employee
      uri:
        method: POST
        url: "http://dummy.restapiexample.com/api/v1/create"
        return_content: yes
        headers:
          Accept: application/json
        body_format: json
        body: "{{ item.value | to_json }}" //Render valid json from each dictionary in the variable data.
      with_dict: "{{ data }}"
      register: post_content

    - debug:
        msg: "{{ item.content }}"
      with_items: "{{ post_content.results }}"

# Result
ansible-playbook create_user.yaml

PLAY [Make requests to example api] ********************************************************************

TASK [Gathering Facts] *********************************************************************************
ok: [localhost]

TASK [create employee] *********************************************************************************
ok: [localhost] => (item={'value': {u'salary': 46000, u'age': 27, u'name': u'chris'}, 'key': u'chris'})
ok: [localhost] => (item={'value': {u'salary': 70000, u'age': 30, u'name': u'jessy'}, 'key': u'jessy'})

With this information given, you can now explore your own favorite API and hopefully reduce your daily tasks as simple Ansible playbooks.

Check out our Blog for more awesome posts and if you need help with Ansible send us a message!

Thilo Wening
Thilo Wening
Senior Consultant

Thilo hat bei NETWAYS mit der Ausbildung zum Fachinformatiker, Schwerpunkt Systemadministration begonnen und unterstützt nun nach erfolgreich bestandener Prüfung tatkräftig die Kollegen im Consulting. In seiner Freizeit ist er athletisch in der Senkrechten unterwegs und stählt seine Muskeln beim Bouldern. Als richtiger Profi macht er das natürlich am liebsten in der Natur und geht nur noch in Ausnahmefällen in die Kletterhalle.

Sign up for ANSIBLE Automation

Get your OSCamp badge now to Ansibuild your Automation skills!

Meet Anton Vorobiev and learn how to reuse your existing Ansible roles for your Kubernetes apps. Anton will show you how to combine them with the K8s’ operators.

Learn all about Automated Tests of Ansible code with GitLab, Vagrant, VirtualBox and Ansible from Klaus Franken. The Engineer at ING Germany will introduce you to the triple-A concept! Curious? Join his talk at OSCAMP!

Ansibuild your systems! Don’t miss Toshaan Bharvani showing how roles can build a virtual machine or containers for deployment and much more.

You want to provide End-to-End Automation for the Enterprise?
Check out Nikhil Kathole‘s presentation. The Quality Engineer at Red Hat and upstream contributor demonstrates how Ansible and Foreman integrate!

Get to know how to automate your things and learn best practices, tips and tricks with Ansible!

Find out more at opensourcecamp.de & register now!

Pamela Drescher
Pamela Drescher
Head of Marketing

Pamela hat im Dezember 2015 das Marketing bei NETWAYS übernommen. Sie ist für die Corporate Identity unserer Veranstaltungen sowie von NETWAYS insgesamt verantwortlich. Die enge Zusammenarbeit mit Events ergibt sich aus dem Umstand heraus, dass sie vor ein paar Jahren mit Markus zusammen die Eventsabteilung geleitet hat und diese äußerst vorzügliche Zusammenarbeit nun auch die Bereiche Events und Marketing noch enger verknüpft. Privat ist sie Anführerin einer vier Mitglieder starken Katzenhorde, was ihr den absolut...