Abstract
The purpose of this article is to provide insight on an alternative approach to provisioning virtual machines aside from VMware. The target audience includes, but is not limited to, software developers who deal with virtual machine automation. Due to the high expense of VMware’s service provider license and its infrastructure that supports vRealize, vCenter, and other tools, we utilized our resources to put together a cost effective, alternative approach that accomplishes the same tasks. Our solution is an approach that makes use of open-source technologies that have DevOps methodologies using Ansible Tower® to interact with OpenStack®, which are implemented via playbooks to provision virtual machines. We integrated this technology in our Cyber Range™ software, described as a case study in this article to prove this methodology a success.
Introduction
This article covers how Ansible Tower is one of the easiest ways to create, deploy, and configure virtual machines from OpenStack using playbooks. System performance, IT automation, deployments of complex systems, and speed productivity are the key criteria in software development in regard to interacting with virtual machines. All these features are available in Ansible Tower, which have REST APIs to easily embed it into existing tools and processes. A secure portal where users can request new IT services and manage specific cloud and IT resources can be achieved using Ansible Tower as an open-source tool for automating application deployment and upgrades, as well as the configuration of software for networking and security.
Why Ansible?
Ansible® is a simple automation tool that can perfectly describe an IT application infrastructure. It’s easy-to-learn, self-documenting, and doesn’t require a grad-level computer science degree to read. Automation shouldn’t be more complex than the tasks it’s replacing.
- Simple
- Human readable automation
- No special coding skills needed
- Tasks executed in order
- Become productive quickly
- Powerful
- App deployment
- Configuration management
- Workflow orchestration
- Orchestrate the app life cycle
- Agentless
- Agentless architecture
- Uses OpenSSH and WinRM
- No agents to exploit or update
- Predictable, reliable, and secure
What Is Ansible Tower?
Ansible Tower is a web-based user interface for managing Ansible. It centralizes and controls Ansible infrastructure with a visual dashboard. It can be referred to as the hub for automation tasks.
Ansible Tower
- Web-based user interface for managing Ansible
- Centralizes and controls Ansible infrastructure with a visual dashboard
- Provides REST API for Ansible
- Ansible
- Is an open-source automation tool
- Designed to be easy for anyone to understand and learn
- Does not require custom scripting or code
- Provides automation engine
- Manages networks, infrastructure, operating systems
- Provides prebuilt modules for managing and configuring of hosts (over 450)
- Provides an API based on Python®
- Uses OpenSSH
- Provides automation and orchestration through playbooks.
What Is OpenStack?
OpenStack is a cloud operating system that controls large pools of compute, storage, and networking resources throughout a data center, all managed through a dashboard that gives administrators control while empowering their users to provision resources through a web interface. It is an open-source project that provides an infrastructure-as-a-service platform to build cloudaware applications, and it supports multiple hypervisors for provisioning and orchestrating the cloud. It can run multi-tier workloads or open-source development tools. End users can easily provision resources and support almost all the hypervisors including VMware ESXi, Xen, and KVM.
Why OpenStack?
OpenStack easily integrates with Ansible Tower, VMware hypervisor, and Hyper-V to utilize existing infrastructure. OpenStack and KVM hypervisor are free, but require configuration by skilled administrators. OpenStack is an open-source platform for deploying, developing, and building cloud platforms. It is a command line interface and it is powerful, with administration, APIs, and RESTful web services as well as web-based control panel controls. This open-source cloud software is used for managing computing (Nova), block volume storage (Cinder), virtual machine image service (Glance), and networking constructs (Neutron). OpenStack is a foundation that simplifies not only the deployment process, but also the development, storage, networking, monitoring, management, and applications.
OpenStack
- Open source: the technology is supported by a large community of developers
- Provides clients with value, efficiency, and agility
- Comprised of modular, scalable, and flexible set of utilities
- Tried and tested by large businesses
- Interoperability and open-source APIs allow admins to manage hybrid IT environments without the additional overhead layer
Ansible Playbooks
A playbook is a YAML file which describes a list of tasks to be performed against a set of hosts, which are defined in the Ansible inventory. A playbook is made up of one or more plays, which are used to group the tasks. It defines virtual machine names, the VMDK file, networking, IP addresses, and scenario information. Playbooks are the basis for a really simple configuration management and multimachine deployment system. Playbooks can declare configurations, but they can also orchestrate steps of any manual ordered process.
Playbooks
- Define tasks to be performed on hosts
- Tasks are executed in the order in the playbook
- YAML format
Interaction of OpenStack with Ansible
An Ansible playbook defines a series of tasks and configuration on the OpenStack environment. Examples of tasks include provisioning instances of virtual machines, defining the IP of the virtual machines, and a switch to network the virtual machines.
Case Study: Cyber Range a Real-Life Software
The Cyber Range provides customers with an extensible virtualized platform for cyber security training, modeling, simulation, and advanced analytics. We offer our solution to multiple customers which include the U.S. Department of Defense, the Singapore Cyber Security Agency (CSA/SITSA), and the Kyushu University at Japan.
- User clicks the start button to start an exercise (hands-on cyber security training).
- The Cyber Range software calls the training scenario name and user name via the REST API to Ansible Tower using a POST request.
- Ansible Tower executes the exercise playbook tasks and provides configuration information to OpenStack. This information includes the virtual machine images and networking information.
- OpenStack provisions the virtual machine image and configures the network.
- OpenStack returns the status back to Ansible Tower and Ansible Tower returns back the status to the web application.
- If status is successful, Cyber Range software displays the Windows or Linux icon that enables a hyperlink to open the console.
Summary
With the integration of the Ansible Tower with OpenStack to the Cyber Range software, we are able to build an application that provides ondemand training and real-world scenarios to our customers throughout the globe. The integration with the Ansible REST API with the playbooks has greatly leveraged many of the codes required for provisioning to a more systemized automated process. We can summarize the key point of this article as follows:
- Ansible can automate a variety of IT tasks, including system provisioning, software package installation, network configuration, and security, as well as instance provisioning of a cloud service.
- The approach of using playbooks, which simplify the tasks of orchestrating and configuring the virtual machines, as well deployment of complex scenarios that may contain multiple virtual machines in a custom network, may need to run custom scripts during deployment.
- The unit of the process in which commands are executed one-by-one using a playbook is called task.
- To implement OpenStack automation with Ansible, one needs OpenStack, Ansible, Ansible Tower, and a source control (for example, Git repository).
We recommend Ansible and OpenStack be considered for automation and cloud infrastructure deployment on other cloud projects of Analog Devices.