Presentation PDF

Running With Scissors
Running With Scissors
Who Am I?
Who Am I?
●
Tom “TBSliver” Bloor
Who Am I?
●
Tom “TBSliver” Bloor
●
Developer at Shadowcat Systems
Who Am I?
●
Tom “TBSliver” Bloor
●
Developer at Shadowcat Systems
●
Helped with the OpenNMS Wiki Improvements
Who Am I?
●
Tom “TBSliver” Bloor
●
Developer at Shadowcat Systems
●
Helped with the OpenNMS Wiki Improvements
●
Broken and Abused OpenNMS
Whats This Talk About?
Whats This Talk About?
●
Ansible
Whats This Talk About?
●
Ansible
●
OpenNMS
What is OpenNMS?
What is OpenNMS?
●
…
What is OpenNMS?
●
…
What is Ansible?
What is Ansible?
●
Deployment Tool
What is Ansible?
●
Deployment Tool
●
Push Based
What is Ansible?
●
Deployment Tool
●
Push Based
●
Python 2.4+
Assumptions
Assumptions
●
Debian 6 (Wheezy)
Assumptions
●
Debian 6 (Wheezy)
●
PostgreSQL 9.1
Assumptions
●
Debian 6 (Wheezy)
●
PostgreSQL 9.1
●
OpenNMS-PRIS
Assumptions
●
Debian 6 (Wheezy)
●
PostgreSQL 9.1
●
OpenNMS-PRIS
●
Config in git
Assumptions
●
Debian 6 (Wheezy)
●
PostgreSQL 9.1
●
OpenNMS-PRIS
●
Config in git
●
Dedicated, bare VM
Ansible Basics
Ansible Basics
●
Roles
Ansible Basics
●
Roles
●
Playbooks
Ansible Basics
●
Roles
●
Playbooks
●
Hosts
Ansible Basics
●
Roles
●
Playbooks
●
Hosts
●
Group Vars
Ansible Basics
●
Roles
●
Playbooks
●
Hosts
●
Group Vars
●
Ad-Hoc Commands
Ansible Basics
●
Roles
●
Playbooks
●
Hosts
●
Group Vars
●
Ad-Hoc Commands
Hosts
Hosts
[opennms]
192.168.2.168 requisition_name=demo \
requisition_url=http://127.0.0.1:8000/requisitions/demo
[opennms:vars]
# choice of: default_wheezy, bytemark_wheezy, office_wheezy
debian_apt_source = office_wheezy
# choice of: default_16, office_16
opennms_apt_source = office_16
Group Vars
Group Vars
--# Main Ansible Worker
ansible_user:
uid: 1050
gid: 1050
name: ansible
group_name: ansible
comment: "Ansible Worker User"
Group Vars
--# Main Ansible Worker
ansible_user:
uid: 1050
gid: 1050
name: ansible
group_name: ansible
comment: "Ansible Worker User"
ansible_ssh_users:
- me
Group Vars
--# Main Ansible Worker
ansible_user:
uid: 1050
gid: 1050
name: ansible
group_name: ansible
comment: "Ansible Worker User"
ansible_ssh_users:
- me
user_list:
- {
uid: 1002,
name: me,
gid: 100,
group_name: users,
extra_groups: sudo,
comment: "Me Myself & I",
password_hash: $6$4j6VfyHybISkDq$EQGm/...
}
Playbooks
Playbooks
●
Pre Install
Playbooks
●
Pre Install
●
User Maintenance
Playbooks
●
Pre Install
●
User Maintenance
●
Install OpenNMS
Playbooks
●
Pre Install
●
User Maintenance
●
Install OpenNMS
●
Change Apt Repo
Playbooks
●
Pre Install
●
User Maintenance
●
Install OpenNMS
●
Change Apt Repo
Playbook Scripts
Playbook Scripts
#! /bin/sh
echo "Starting Install OpenNMS Ansible Playbook at:"
echo `date`
NOW=$(date +"%F-%T")
LOGFILE="log/$NOW.log"
ANSIBLE_LOG_PATH=$LOGFILE ansible-playbook -i hosts \
playbooks/install_opennms.yml
echo "Finishing Install OpenNMS Ansible Playbook at:"
echo `date`
Pre Install
Pre Install
--- name: Pre Install Settings
hosts: all
user: root
sudo: no
roles:
- pre_install/setup_main_debian_repo
- maintenance/flush_handlers
- pre_install/setup_sudo
- pre_install/setup_ansible_user
- maintenance/ansible_ssh_keys
# Changing settings to sshd after keys set up
- pre_install/setup_sshd
Pre Install
pre_install/setup_main_debian_repo
Pre Install
pre_install/setup_main_debian_repo
--- name: Setup Main Debian Apt Sources.list
copy:
src: "debian_apt_{{ debian_apt_source }}"
dest: /etc/apt/sources.list
owner: root
group: root
mode: 0644
notify:
- apt update
Pre Install
pre_install/setup_ansible_user
Pre Install
pre_install/setup_ansible_user
--- name: Create Ansible Group
group:
name: "{{ ansible_user.group_name }}"
gid: "{{ ansible_user.gid }}"
- name: create Ansible User
user:
name: "{{ ansible_user.name }}"
uid: "{{ ansible_user.uid }}"
group: "{{ ansible_user.group_name }}"
password: "*"
comment: "{{ ansible_user.comment }}"
shell: /bin/bash
- name: Grant password-less sudo for Ansible User
template:
src: sudoers_ansible.j2
dest: /etc/sudoers.d/{{ ansible_user.uid }}_ansible
owner: root
group: root
mode: 0440
validate: "visudo -cf %s"
Pre Install
maintenance/ansible_ssh_keys
Pre Install
maintenance/ansible_ssh_keys
–-- name: Install Authorized Keys for Ansible User
authorized_key:
user: "{{ ansible_user.name }}"
key: "{{ lookup( 'file', '../../../../../pubkeys/' + item + '.pub' ) }}"
with_items: ansible_ssh_users
Pre Install
pre_install/setup_sshd
Pre Install
pre_install/setup_sshd
--- name: Disable root SSH access
lineinfile:
dest: /etc/ssh/sshd_config
regexp: "^PermitRootLogin"
line: "PermitRootLogin no"
state: present
notify:
- Restart sshd
- name: Disable password authentication
lineinfile:
dest: /etc/ssh/sshd_config
regexp: "^(#)?PasswordAuthentication"
line: "PasswordAuthentication no"
state: present
notify:
- Restart sshd
User Maintenance
User Maintenance
--- name: User Maintenance
hosts: all
user: ansible
sudo: yes
roles:
- maintenance/ansible_ssh_keys
- maintenance/users
User Maintenance
maintenance/users
User Maintenance
maintenance/users
--- name: Create Required Groups
group:
name: "{{ item.group_name }}"
gid: "{{ item.gid }}"
with_items: user_list
User Maintenance
maintenance/users
--- name: Create Required Groups
group:
name: "{{ item.group_name }}"
gid: "{{ item.gid }}"
with_items: user_list
- name: Setup Required Users
user:
name: "{{ item.name }}"
uid: "{{ item.uid }}"
group: "{{ item.group_name }}"
groups: "{{ item.extra_groups }}"
password: "{{ item.password_hash }}"
comment: "{{ item.comment }}"
shell: /bin/bash
with_items: user_list
User Maintenance
maintenance/users
--- name: Create Required Groups
group:
name: "{{ item.group_name }}"
gid: "{{ item.gid }}"
with_items: user_list
- name: Setup Required Users
user:
name: "{{ item.name }}"
uid: "{{ item.uid }}"
group: "{{ item.group_name }}"
groups: "{{ item.extra_groups }}"
password: "{{ item.password_hash }}"
comment: "{{ item.comment }}"
shell: /bin/bash
with_items: user_list
- name: Install ssh Keys for Users
authorized_key:
user: "{{ item.name }}"
key: "{{ lookup( 'file', '../../../../../pubkeys/' + item.name + '.pub' ) }}"
with_items: user_list
Install OpenNMS
Install OpenNMS
--- name: Install OpenNMS
hosts: opennms
user: ansible
sudo: yes
roles:
- install_tools
- setup_opennms_apt
- maintenance/flush_handlers
- install_oracle_java
- install_postgres
- install_config_repo
- install_opennms
Install OpenNMS
install_tools
Install OpenNMS
install_tools
--- name: Install useful tools
apt:
name: "{{ item }}"
state: latest
install_recommends: no
update_cache: yes
cache_valid_time: 3600
with_items:
- git
- debconf-utils
- vim
Install OpenNMS
setup_opennms_apt
Install OpenNMS
setup_opennms_apt
–-- name: Add OpenNMS Apt Key
apt_key:
url: http://debian.opennms.org/OPENNMS-GPG-KEY
state: present
- name: Add OpenNMS Apt Repo
apt_repository:
repo: "{{ item }}"
state: present
with_items:
- "{{ opennms_apt[ opennms_apt_source ] }}"
notify:
- apt update
Install OpenNMS
setup_opennms_apt - Variables
Install OpenNMS
setup_opennms_apt - Variables
–-opennms_apt:
default_16:
- "deb http://debian.opennms.org opennms-16 main"
- "deb-src http://debian.opennms.org opennms-16 main"
office_16:
- "deb http://192.168.2.127:3142/debian.opennms.org opennms-16 main"
- "deb-src http://192.168.2.127:3142/debian.opennms.org opennms-16 main"
Install OpenNMS
install_oracle_java
Install OpenNMS
install_oracle_java
--- name: Accept Oracle Licence
debconf:
name: oracle-java8-installer
question: 'shared/accepted-oracle-license-v1-1'
# quoted otherwise it ends up as 'True'
value: 'true'
vtype: select
Install OpenNMS
install_oracle_java
--- name: Accept Oracle Licence
debconf:
name: oracle-java8-installer
question: 'shared/accepted-oracle-license-v1-1'
# quoted otherwise it ends up as 'True'
value: 'true'
vtype: select
- name: Install Oracle Java 8
apt:
name: oracle-java8-installer
state: latest
install_recommends: no
update_cache: yes
cache_valid_time: 3600
Install OpenNMS
install_postgres – Part 1
Install OpenNMS
install_postgres – Part 1
--- name: Install postgres
apt:
pkg: postgresql-9.1
state: latest
install_recommends: no
update_cache: yes
cache_valid_time: 3600
Install OpenNMS
install_postgres – Part 2
Install OpenNMS
install_postgres – Part 2
--- name: Setup postgres local access
lineinfile:
dest: /etc/postgresql/9.1/main/pg_hba.conf
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
insertafter: "{{ item.regexp }}"
with_items:
- {
regexp: '^local\s*all\s*all\s*peer$',
line: 'local all all
trust # the default method is peer'
}
- {
regexp: '^host\s*all\s*\s*all\s*127\.0\.0\.1/32\s*md5$',
line: 'host all all 127.0.0.1/32 trust # the default method is md5'
}
- {
regexp: '^host\s*all\s*all\s*::1\/128\s*md5$',
line: 'host all all ::1/128
trust # the default method is md5'
}
notify:
- Restart postgres
Install OpenNMS
install_config_repo – Part 1
Install OpenNMS
install_config_repo – Part 1
--- name: Get config files repo
remote_user: me
sudo: no
git:
repo: https://github.com/TBSliver/OUCE-2015-Config-Files.git
dest: /home/me/config-files
version: master
update: yes
accept_hostkey: yes
- name: Link opennms folder
file:
path: /etc/opennms
src: /home/me/config-files/opennms
state: link
Install OpenNMS
install_config_repo – Part 2
Install OpenNMS
install_config_repo – Part 2
- name: Fetch provisiond-configuration.xml template
fetch:
src: /etc/opennms/provisiond-configuration.xml.template.j2
dest: special/fetched
fail_on_missing: yes
- name: Install provisiond-configuration.xml
template:
src: special/fetched/{{ inventory_hostname }}/etc/ \
opennms/provisiond-configuration.xml.template.j2
dest: /etc/opennms/provisiond-configuration.xml
mode: 0644
owner: me
group: users
Install OpenNMS
install_config_repo – Template
Install OpenNMS
install_config_repo – Template
...
<requisition-def
import-name="{{ requisition_name }}"
import-url-resource="{{ requisition_url }}" >
<cron-schedule>0 * * * * ? *</cron-schedule>
</requisition-def>
...
Install OpenNMS
install_opennms
Install OpenNMS
install_opennms
--- name: Install OpenNMS
apt:
name: opennms
state: latest
install_recommends: no
update_cache: yes
cache_valid_time: 3600
notify:
- Setup opennms java
- Setup opennms db
- Setup opennms iplike
- Start opennms
Install OpenNMS
install_opennms - Handlers
Install OpenNMS
install_opennms - Handlers
--- name: Setup opennms java
command: /usr/share/opennms/bin/runjava -S /usr/bin/java
Install OpenNMS
install_opennms - Handlers
--- name: Setup opennms java
command: /usr/share/opennms/bin/runjava -S /usr/bin/java
- name: Setup opennms db
command: /usr/share/opennms/bin/install -dis
Install OpenNMS
install_opennms - Handlers
--- name: Setup opennms java
command: /usr/share/opennms/bin/runjava -S /usr/bin/java
- name: Setup opennms db
command: /usr/share/opennms/bin/install -dis
- name: Setup opennms iplike
command: /usr/sbin/install_iplike.sh
Install OpenNMS
install_opennms - Handlers
--- name: Setup opennms java
command: /usr/share/opennms/bin/runjava -S /usr/bin/java
- name: Setup opennms db
command: /usr/share/opennms/bin/install -dis
- name: Setup opennms iplike
command: /usr/sbin/install_iplike.sh
- name: Start opennms
service: name=opennms state=started
ignore_errors: yes
Speed
Speed
●
Manually
Speed
●
Manually
–
how long?
Speed
●
Manually
–
●
how long?
Ansible (with local repos/decent bandwidth)
Speed
●
Manually
–
●
how long?
Ansible (with local repos/decent bandwidth)
–
17 minutes
Where to find it?
Where to find it?
Where to find it?
●
https://github.com/TBSliver/OUCE-2015-Ansible-Config
Where to find it?
●
https://github.com/TBSliver/OUCE-2015-Ansible-Config
●
https://github.com/TBSliver/OUCE-2015-Config-Files
Where to find me?
Where to find me?
github.com/TBSliver
Where to find me?
github.com/TBSliver
@TBSliver
Where to find me?
github.com/TBSliver
@TBSliver
#
TBSliver in #opennms
( irc.freenode.net )
And its TBSLIVER not TBSILVER
And its TBSLIVER not TBSILVER