Recently, I have used K5, which is an instance of OpenStack, run by Fujitsu (my employer). To do some of the automation tasks I have played with both python-openstackclient and Ansible. This post is going to cover how to get those tools to work with K5.
I have access to a Linux virtual machine (Ubuntu 16.04) and the Windows Subsystem for Linux in Windows 10 to run “Bash on Ubuntu on Windows”, and both accept the same set of commands.
In order to run these commands, you need a couple of dependencies. Your mileage might vary with other Linux distributions, but, for Ubuntu based distributions, run this command:
sudo apt install python-pip build-essential libssl-dev libffi-dev python-dev
Next, use pip to install the python modules you need:
sudo -H pip install shade==1.11.1 ansible cryptography python-openstackclient
If you’re only ever going to be working with a single project, you can define a handful of environment variables prefixed OS_, like this:
export OS_USERNAME=BloggsF
export OS_PASSWORD=MySuperSecretPasswordIsHere
export OS_REGION_NAME=uk-1
export OS_USER_DOMAIN_NAME=YourProjectName
export OS_PROJECT_NAME=YourProjectName-prj
export OS_PROJECT_ID=baddecafbaddecafbaddecafbaddecaf
export OS_AUTH_URL=https://identity.uk-1.cloud.global.fujitsu.com/v3
export OS_VOLUME_API_VERSION=2
export OS_IDENTITY_API_VERSION=3
But, if you’re working with a few projects, it’s probably worth separating these out into clouds.yml files. This would be stored in ~/.config/openstack/clouds.yml with the credentials for the environment you’re using:
---
clouds:
root:
identity_api_version: 3
regions:
- uk-1
auth:
auth_url: https://identity.uk-1.cloud.global.fujitsu.com/v3
password: MySuperSecretPasswordIsHere
project_id: baddecafbaddecafbaddecafbaddecaf
project_name: YourProjectName-prj
username: BloggsF
user_domain_name: YourProjectName
Optionally, you can separate out the password, username or any other “sensitive” information into a secure.yml file stored in the same location (removing those lines from the clouds.yml file), like this:
---
clouds:
root:
auth:
password: MySuperSecretPasswordIsHere
Now, you can use the Python based Openstack Client, using this invocation:
openstack --os-cloud root server list
Alternatively you can use the Ansible Openstack (and K5) modules, like this:
---
tasks:
- name: "Authenticate to K5"
k5_auth:
cloud: root
register: k5_auth_reg
- name: "Create Network"
k5_create_network:
name: "Public"
availability_zone: "uk-1a"
state: present
k5_auth: "{{ k5_auth_reg.k5_auth_facts }}"
- name: "Create Subnet"
k5_create_subnet:
name: "Public"
network_name: "Public"
cidr: "192.0.2.0/24"
gateway_ip: "192.0.2.1"
availability_zone: "uk-1a"
state: present
k5_auth: "{{ k5_auth_reg.k5_auth_facts }}"
- name: "Create Router"
k5_create_router:
name: "Public"
availability_zone: "uk-1a"
state: present
k5_auth: "{{ k5_auth_reg.k5_auth_facts }}"
- name: "Attach private network to router"
os_router:
name: "Public"
state: present
network: "inf_az1_ext-net02"
interfaces: "Public"
cloud: root
- name: "Create Servers"
os_server:
name: "Server"
availability_zone: "uk-1a"
flavor: "P-1"
state: present
key_name: "MyFirstKey"
network: "Public-Network"
image: "Ubuntu Server 14.04 LTS (English) 02"
boot_from_volume: yes
terminate_volume: yes
security_groups: "Default"
auto_ip: no
timeout: 7200
cloud: root
