Chapter 15. Automating Configuration Tasks using Ansible

Ansible is an automation tool used to configure systems, deploy software, and perform rolling updates. Ansible includes support for Red Hat Virtualization, and Ansible modules are available to allow you to automate post-installation tasks such as data center setup and configuration, managing users, or virtual machine operations.

Ansible provides an easier method of automating Red Hat Virtualization configuration compared to REST APIs and SDKs, and allows you to integrate with other Ansible modules. For more information about the Ansible modules available for Red Hat Virtualization, see the Ovirt modules in the Ansible documentation.

Note

Ansible Tower is a graphically enabled framework accessible through a web interface and REST APIs for Ansible. If you want support for Ansible Tower, then you must have an Ansible Tower license, which is not part of the Red Hat Virtualization subscription.

Ansible is shipped with Red Hat Virtualization. To install Ansible, run the following command on the Manager machine:

# yum install ansible

See the Ansible Documentation for alternate installation instructions, and information about using Ansible.

Note

To permanently increase the verbose level for the Manager when running Ansible playbooks, create a configuration file in /etc/ovirt-engine/engine.conf.d/ with following line:

ANSIBLE_PLAYBOOK_VERBOSE_LEVEL=4

You must restart the Manager after creating the file by running systemctl restart ovirt-engine.

15.1. Ansible Roles

Multiple Ansible roles are available to help configure and manage various parts of the Red Hat Virtualization infrastructure. Ansible roles provide a method of modularizing Ansible code by breaking up large playbooks into smaller, reusable files that can be shared with other users.

The Ansible roles available for Red Hat Virtualization are categorized by the various infrustructure components. For more information about the Ansible roles, see the oVirt Ansible Roles documentation. For the documentation installed with Ansible roles, see Section 15.1.1, “Installing Ansible Roles”.

15.1.1. Installing Ansible Roles

You can install Ansible roles for Red Hat Virtualization from the Red Hat Virtualization Manager repository. Use the following command to install the Ansible roles on the Manager machine:

# yum install ovirt-ansible-roles

By default the roles are installed to /usr/share/ansible/roles. The structure of the ovirt-ansible-roles package is as follows:

  • /usr/share/ansible/roles - stores the roles.
  • /usr/share/doc/ovirt-ansible-roles/ - stores the examples, a basic overview, and the licence.
  • /usr/share/doc/ansible/roles/role_name - stores the documentation specific to the role.

15.1.2. Using Ansible Roles to Configure Red Hat Virtualization

The following procedure guides you through creating and running a playbook that uses Ansible roles to configure Red Hat Virtualization. This example uses Ansible to connect to the Manager on the local machine and create a new data center.

Prerequisites

  • Ensure the roles_path option in /etc/ansible/ansible.cfg points to the location of your Ansible roles (/usr/share/ansible/roles).
  • Ensure that you have the Python SDK installed on the machine running the playbook.

Configuring Red Hat Virtualization using Ansible Roles

  1. Create a file in your working directory to store the Red Hat Virtualization Manager user password:

    # cat passwords.yml
      ---
    engine_password: youruserpassword
  2. Encrypt the user password. You will be asked for a Vault password.

    # ansible-vault encrypt passwords.yml
    New Vault password:
    Confirm New Vault password:
  3. Create a file that stores the Manager details such as the URL, certificate location, and user.

    # cat engine_vars.yml
    ---
    engine_url: https://example.engine.redhat.com/ovirt-engine/api
    engine_user: admin@internal
    engine_cafile: /etc/pki/ovirt-engine/ca.pem
    Note

    If you prefer, these variables can be added directly to the playbook instead.

  4. Create your playbook. To simplify this you can copy and modify an example in /usr/share/doc/ovirt-ansible-roles/examples.

    # cat rhv_infra.yml
    ---
    - name: RHV infrastructure
      hosts: localhost
      connection: local
      gather_facts: false
    
      vars_files:
        # Contains variables to connect to the Manager
        - engine_vars.yml
        # Contains encrypted engine_password variable using ansible-vault
        - passwords.yml
    
      pre_tasks:
        - name: Login to RHV
          ovirt_auth:
            url: "{{ engine_url }}"
            username: "{{ engine_user }}"
            password: "{{ engine_password }}"
            ca_file: "{{ engine_cafile | default(omit) }}"
            insecure: "{{ engine_insecure | default(true) }}"
          tags:
            - always
    
      vars:
        data_center_name: mydatacenter
        data_center_description: mydatacenter
        data_center_local: false
        compatibility_version: 4.1
    
      roles:
        - ovirt-datacenters
    
      post_tasks:
        - name: Logout from RHV
          ovirt_auth:
            state: absent
            ovirt_auth: "{{ ovirt_auth }}"
          tags:
            - always
  5. Run the playbook.

    # ansible-playbook --ask-vault-pass rhv_infra.yml

You have successfully used the ovirt-datacenters Ansible role to create a data center named mydatacenter.