ansible_tower resource

Since the ansible_tower resource does much of the work for this template, it is de- scribed in this separate section.

. . . ansible_tower: type: "OS::Nova::Server" properties:

config_drive: "true" # required for wait_condition user_data_format: RAW # required for wait_condition key_name: { get_resource: ssh_key }

flavor: { get_param: flavor } image: { get_param: image } name: { get_param: server_name } metadata:

rax-heat: { get_param: "OS::stack_id" } user_data: str_replace: template: | #!/bin/bash -v set -e # Install dependencies apt-get update

apt-get install python-dev python-yaml python-paramiko python- jinja2 python-pip -y

pip install ansible

# Pull and extract the installer wget -ct0 %ansible_tower_tarball%

tar xzf ansible-tower-setup-latest.tar.gz cd ansible-tower*

# Write out options file

echo "admin_password: %ansible_admin_pass% database: internal

munin_password: %munin_admin_pass% pg_password: %postgres_admin_pass% primary_machine: localhost

redis_password: %redis_admin_pass%" > tower_setup_conf.yml # Write out the inventory file

echo "[primary] localhost [all:children] primary" > inventory

# Copy everything to working directory and install ./setup.sh

ufw allow 443

wc_notify --data-binary '{"status": "SUCCESS"}'

params:

"%ansible_tower_tarball%": { get_param: ansible_tower_tarball } "%ansible_admin_pass%": { get_attr: [ansible_admin_pass, value] } "%postgres_admin_pass%": { get_attr: [postgres_admin_pass,

value] }

"%redis_admin_pass%": { get_attr: [redis_admin_pass, value] } "%munin_admin_pass%": { get_attr: [munin_admin_pass, value] } "%server_name%": { get_param: server_name }

wc_notify: { get_attr: ['wait_condition_handle', 'curl_cli'] } The resource type is OS::Nova::Server, which provides a Nova Cloud Server for in- stalling Ansible Tower.

The properties for the resource are as follows: •config_drive

When set to True, this property enables the configuration drive on the server.

This setting enables OpenStack to write metadata to a special configuration drive that attaches to the instance when it boots. The instance can mount this drive and read files from it to get information that is normally available through the metadata service.

•user_data_format

This property specifies how the user_data should be formatted for the server. Setting the property to RAW passes the user_data to Nova unmodified.

•key_name

This property specifies the name of the keypair to inject into the server.

The value is set by calling the get_resource function on the ssh_key resource. •flavor

This property represents a hardware configuration for a server. Each flavor is a unique combination of disk space and memory capacity.

The value is set by calling the get_param function on the flavor parameter. •image

This property represents the Operating System image to install on the server. The value is set by calling the get_param function on the image parameter. •name

This property represents the hostname of the server.

The value is set by calling the get_param function on the server_name parameter. •metadata

This property sets arbitrary key/value metadata to store for this server.

The value for the rax-heat metadata key is set by calling the get_param function on the OS::stack_id parameter to store the stack ID in the metadata.

•user_data

This property sets a user data bash script to be executed by cloud-init. This property en- ables a user to configure the new server as desired by providing this script to be run by cloud-init when the server is being initialized. For information and examples for using cloud-init, see http://cloudinit.readthedocs.org/en/latest/topics/capabilities.html.

The str_replace function enables dynamically constructing strings by providing a tem- plate string with placeholders and a list of mappings (specified by params) to assign val- ues to those placeholders at runtime. This is used to dynamically configure the user da- ta script. For more information about the str_replace function, see Section 3.2.8.4, “str_replace” [14].

The script performs the following: •#!/bin/bash -v

This comment causes the script to be executed by the bash shell with the verbose flag set.

•set -e

This shell command causes the script to exit immediately if a command exits with a non-zero status.

•# Install dependencies

Comment that package dependencies will be installed (in the next line). •apt-get update

Downloads the package lists from the repositories and "updates" the lists with informa- tion on the newest versions of packages and their dependencies.

•apt-get install python-dev python-yaml python-paramiko python- jinja2 python-pip -y

Installs the package dependencies for Ansible Tower. •pip install ansible

Use pip to install Ansible.

•# Pull and extract the installer

Comment that the Ansible installer will be downloaded and extracted (in the next lines).

•wget -ct0 %ansible_tower_tarball%

Downloads the Ansible installer (whose location is specified by the parm %ansible_tower_tarball%).

The %variable% notation is used here because of the string replace function explained earlier. Variables are wrapped with %% to have a higher probability that the variable name being replaced doesn't accidentally appear in other places. For example, if a vari- able were named "test" instead of "%test%", the word "test" would be acted on in the string replace if it appeared anywhere in the script.

•tar xzf ansible-tower-setup-latest.tar.gz Extract the Ansible installer.

•cd ansible-tower*

Change directory to the ansible-tower* directory. •# Write out options file

Comment to write out the options file (in the next lines). •echo "admin_password: %ansible_admin_pass%

Begin writing out the values for the options file, starting with the ansible_admin_pass (Ansible Administrator Password), set to the value of the %ansible_admin_pass% param.

•database: internal

Set the database option to be internal. •munin_password: %munin_admin_pass%

Set the munin_password option to the value of the %munin_admin_pass% param. •pg_password: %postgres_admin_pass%

Set the pg_password option to the value of the %postgres_admin_pass% param. •primary_machine: localhost

Set the primary_machine option to the value localhost.

•redis_password: %redis_admin_pass%" > tower_setup_conf.yml Set the redis_password option to the value of the %redis_admin_pass% re- source, and write the options to the tower_setup_conf.yml configuration file. •# Write out the inventory file

Comment to write out the inventory file.

This is an inventory file required by the Ansible Tower installer. The Ansible Tower in- staller runs a series of Ansible playbooks, and the inventory file determines the host where those scripts run. The template writes out this file manually using the multi-line echo command, as follows:

•echo "[primary] •localhost

•[all:children]

•primary" > inventory

This completes writing out the inventory file.

•# Copy everything to working directory and install Comment to copy and install in the next line

•./setup.sh

Execute the setup script to copy and install Ansible Tower. •ufw allow 443

Tells the firewall to allow port 443 (since SSL is enabled for our clients' security). •wc_notify --data-binary '{"status": "SUCCESS"}'

Signals success by adding the option --data-binary '{"status": "SUC- CESS"}'.

This success message tells the Swift Signal handler resource to complete successful- ly, allowing the stack to successfully complete and the stack_status field to show CREATE_COMPLETE.

If the script reached this line without exiting, the script succeeded. Notice that wc_notify is a param that is replaced in the script (see the params section below) by calling the get_attr function on the wait_condition_handle resource, spec- ifying the curl_cli attribute. The curl_cli attribute provides the curl CLI com- mand prefix, which is then used for signalling handle completion using the –da- ta-binary ‘{“status”: “SUCCESS”}’ option. Otherwise, the script did not exe- cute this line because it exited and was not successful.

The params section specifies the values for each of the replacement mappings in the template section for str_replace:

•"%ansible_tower_tarball%": { get_param: ansible_tower_tarball } Sets the value for the %ansible_tower_tarball% placeholder to the value re- turned from calling the function get_parm on the ansible_tower_tarball pa- rameter.

•"%ansible_admin_pass%": { get_attr: [ansible_admin_pass, val- ue] }

Sets the value for the %ansible_admin_pass% placeholder to the value returned from calling the function get_attr to get the value of the ansible_admin_pass attribute.

•"%postgres_admin_pass%": { get_attr: [postgres_admin_pass, val- ue] }

Sets the value for the %postgres_admin_pass% placeholder to the val- ue returned from calling the function get_attr to get the value of the postgres_admin_pass attribute.

•"%redis_admin_pass%": { get_attr: [redis_admin_pass, value] } Sets the value for the %redis_admin_pass% placeholder to the value returned from calling the function get_attr to get the value of the redis_admin_pass at- tribute.

•"%munin_admin_pass%": { get_attr: [munin_admin_pass, value] } Sets the value for the %munin_admin_pass% placeholder to the value returned from calling the function get_attr to get the value of the munin_admin_pass at-

•"%server_name%": { get_param: server_name }

Sets the value for the %server_name% placeholder to the value returned from calling the function get_parm on the server_name parameter.

•wc_notify: { get_attr: ['wait_condition_handle', 'curl_cli'] } Sets the value for the wc_notify placeholder to the value returned from calling the function get_attr function for the resource wait_condition_handle, specifying the curl_cli attribute. This attribute provides the curl CLI command prefix, which can be used for signalling the wait condition handle completion or failure.