summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNishant Kumar <nk613n@att.com>2019-01-03 16:56:54 +0000
committerNishant Kumar <nk613n@att.com>2019-02-27 21:31:41 +0000
commit9ddbb75601282aa047b64f3ff73e535b6b228d41 (patch)
tree665ad28f7c7b4c5efa42ce313dba60b01fc3e948
parent1b5f9fa9e2d020f7ddd36f72fa55181f9a4c34c5 (diff)
(divingbell) Ansible framework
Notes
Notes (review): Code-Review+2: Scott Hussey <sthussey@att.com> Code-Review+2: Bryan Strassner <strassner.bryan@gmail.com> Workflow+1: Roman Gorshunov <roman.gorshunov@att.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Mon, 04 Mar 2019 13:40:06 +0000 Reviewed-on: https://review.openstack.org/628221 Project: openstack/airship-specs Branch: refs/heads/master
-rw-r--r--specs/approved/divingbell_ansible_framework.rst154
1 files changed, 154 insertions, 0 deletions
diff --git a/specs/approved/divingbell_ansible_framework.rst b/specs/approved/divingbell_ansible_framework.rst
new file mode 100644
index 0000000..6658382
--- /dev/null
+++ b/specs/approved/divingbell_ansible_framework.rst
@@ -0,0 +1,154 @@
1..
2 This work is licensed under a Creative Commons Attribution 3.0 Unported
3 License.
4
5 http://creativecommons.org/licenses/by/3.0/legalcode
6
7.. index::
8 single: Divingbell
9 single: Ansible
10
11============================
12Divingbell Ansible Framework
13============================
14
15Ansible playbooks to achieve tasks for making bare metal changes
16for Divingbell target use cases.
17
18Links
19=====
20
21The work to author and implement this spec will be tracked under this `Storyboard Story`_
22
23Problem description
24===================
25
26Divingbell uses DaemonSets and complex shell scripting to make bare metal
27changes. This raises 2 problems:
28- Increasing number of DaemonSets on each host with increasing Divingbell
29usecases
30- Reinventing the wheel by writing complex shell scripting logic to make
31bare metal changes.
32
33Impacted components
34===================
35
36The following Airship components will be impacted by this solution:
37
38#. Divingbell: Introducing Ansible framework to make bare metal changes
39
40Proposed change
41===============
42
43This spec intends to introduce Ansible framework within Divingbell which is
44much simpler to make any bare metal configuration changes as compared to
45existing approach of writing complex shell scripting to achieve the same
46functionality.
47
48Adding playbook
49---------------
50
51Ansible playbooks should be written for making any configuration changes
52on the host.
53
54Existing shell script logic for making bare metal changes lives under
55``divingbell/templates/bin``, wherever applicable these should be replaced
56by newly written Ansible playbooks as described in the sections below.
57Ansible playbooks would be part of the Divingbell image.
58
59A separate directory structure needs to be created for adding the playbooks.
60Each Divingbell config can be a separate role within the playbook structure.
61
62::
63 - playbooks/
64 - roles/
65 - systcl/
66 - limits/
67 - group_vars
68 - all
69 - master.yml
70
71Files under ``group_vars`` should be loaded as a Kubernetes ``ConfigMap`` or
72``Secret`` inside the container. Existing entries in ``values.yaml`` for
73Divingbell should be used for populating the entries in the file under
74``group_vars``.
75
76This PS `Initial commit for Ansible framework`_ should be used as a reference
77PS for implementing the Ansibile framework.
78
79Ansible Host
80------------
81
82With Divingbell DaemonSet running on each host mounted at ``hostPath``,
83``hosts`` should be defined as given below within the ``master.yml``.
84
85::
86 hosts: all
87 connection: chroot
88
89Ansible chroot plugin should be used for making host level changes.
90`Ansible chroot plugin_`
91
92Divingbell Image
93----------------
94
95Dockerfile should be created containing the below steps:
96
97 - Pull base image
98 - Install Ansible
99 - Define working directory
100 - Copy the playbooks to the working directory
101
102Divingbell DaemonSets
103---------------------
104
105All the Divingbell DaemonSets that follow declarative and idempotent models
106should be replaced with a single DaemonSet. This DaemonSet will be
107responsible for populating required entries in ``group_vars`` as
108``volumeMounts``. Ansible command to run the playbook should be invoked from
109within the ``DaemonSet`` spec.
110
111The Ansible command to run the playbook should be invoked from within
112the ``DaemonSet`` spec.
113
114The Divingbell DaemonSet for ``exec`` module should be left out from this framework
115and it should keep functioning as a separate DaemonSet.
116
117Ansible Rollback
118----------------
119
120Rollback should be achieved via the ``update_site`` action i.e. if a playbook
121introduces a bad change into the environment then the recovery path would be to
122correct the change in the playbooks and run ``update_site`` with new changes.
123
124Security impact
125---------------
126
127None - No new security impacts are introduced with this design.
128
129Performance impact
130------------------
131
132As this design reduces the number of DaemonSets being used within Divingbell,
133it will be an improvement in performance.
134
135Implementation
136==============
137
138This implementation should start off as a separate entity and not make
139parallel changes by removing the existing functonality.
140
141New Divingbell usecases can be first targetted with the Ansible framework
142while existing framework can co-exist with the new framework.
143
144Dependencies
145============
146
147Adds new dependency - Ansible framework.
148
149References
150==========
151
152.. _Storyboard Story: https://storyboard.openstack.org/#!/story/2004690
153.. _Initial commit for Ansible framework: https://review.openstack.org/#/c/639186/
154.. _Ansible chroot plugin: https://docs.ansible.com/ansible/latest/plugins/connection/chroot.html