ansible and exadata a perfect symbiosis?€¦ · automation tool for configuration- and...

Timo Giese, UKOUG Techfest 19

Ansible and Exadata –a perfect symbiosis?

© Fiducia & GAD IT AGAnsible and Exadata - A Perfect Symbiosis | Timo Giese | UKOUG Techfest19 | 02.12.19 | Public (C1) 2

Agenda

What is Ansible?2

Ansible Design Principles3

Exadata Architecture4

The Inventory5

Ansible Configuration6

Use Cases7

Conclusion8

Outlook9

About Me1

© Fiducia & GAD IT AG

▪ Oracle DBA since 2005

▪ Oracle High Availability Specialist

▪ Twitter: @mbe7

About Me

Ansible and Exadata - A Perfect Symbiosis | Timo Giese | UKOUG Techfest19 | 02.12.19 | Public (C1) 3


Agenda

About Me1



The Inventory5


Use Cases7

Conclusion8

Outlook9

What is Ansible?2

© Fiducia & GAD IT AG 5

▪ Automation Tool for Configuration- and Systems-Management

▪ Build to manage constantly growing environments

▪ Orchestrate Multi-Tier Applications

▪ Project started in 2012

▪ Written by Michael DeHaan

▪ Open Source Software

▪ Agentless

▪ www.ansible.com | www.github.com/ansible

What is Ansible?

Ansible and Exadata - A Perfect Symbiosis | Timo Giese | UKOUG Techfest19 | 02.12.19 | Public (C1)

http://www.ansible.com/

http://www.github.com/ansible


What is Ansible?


▪ Ansible Releases

−https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html

4.10.18

16.5.19

29.6.18

31.10.19

https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html


Agenda

About Me1

What is Ansible?2


The Inventory5


Use Cases7

Conclusion8

Outlook9



▪ Idempotency

− repeatable run, same result

−no “changed” result of such tasks

− sometimes hard to implement with low level modules: i.e. “command” or ”shell”

▪ SSH

−use public-/private key pair for ansible automation

• can be combined with a passphrase on the private key

• in some rare cases password is needed (details later)

▪ Inventory

− stores hosts and variables

−dynamic and file based possible

− can be in INI-, JSON- or YML-Format, etc.

− could be tricky to design when using many groups and variables

Ansible Design Principles I



▪ Ad-Hoc Commands

−possible for simple tasks

• can be used without “inventory”

• Simple connect test: ansible all -i myserver, -m ping

• get host details: ansible all -i myserver, -m setup

▪ scripts are written in yaml notation

− executed with ansible-playbook command

Ansible Design Principles II



Agenda

About Me1

What is Ansible?2


The Inventory5


Use Cases7

Conclusion8

Outlook9



Exadata Architecture I


EXADATA X6-2

DA

TA

BA

SE

IN-M

EM

OR

YE

XA

DA

TA

DC1

1/8

X6

-2 +

1/8

X7

-2

DC2

1/8

X6

-2 +

1/8

X7

-2

Primary Standby

EXADATA X6-2

DA

TA

BA

SE

IN-M

EM

OR

YE

XA

DA

TA

Active Dataguard

EXADATA X6-2

DA

TA

BA

SE

IN-M

EM

OR

YE

XA

DA

TA

1/8

X6

-2

1/8

X6

-2

Standby Primary

EXADATA X6-2

DA

TA

BA

SE

IN-M

EM

OR

YE

XA

DA

TA

Active Dataguard

Production

Test

EXADATA X6-2

DA

TA

BA

SE

IN-M

EM

OR

YE

XA

DA

TA

DC3

1/8

X7

-2

DC4

1/8

X7

-2

Primary Standby

EXADATA X6-2

DA

TA

BA

SE

IN-M

EM

OR

YE

XA

DA

TA

Active Dataguard

Production


Exadata Architecture II


EXADATA X6-2

DA

TA

BA

SE

IN-M

EM

OR

YE

XA

DA

TA

DVD

HDD 6 HDD 7

HDD 3 or

NVMe1

HDD 5 or

NVMe3

HDD 2 or

NVMe0

HDD 4 or

NVMe2

HDD 1

HDD 0

REARTOP

FAN PS

SP

FILLER

FILLER FILLER

FILLER

FILLER

FILLER

FILLER FILLER

SERVER X5-2

DVD

HDD 6 HDD 7

HDD 3 or

NVMe1

HDD 5 or

NVMe3

HDD 2 or

NVMe0

HDD 4 or

NVMe2

HDD 1

HDD 0

REARTOP

FAN PS

SP

FILLER

FILLER FILLER

FILLER

FILLER

FILLER

FILLER FILLER

SERVER X5-2

DOM0DOMU

Databases

DOM0DOMU

Databases

RAC

DVD

HDD 6 HDD 7

HDD 3 or

NVMe1

HDD 5 or

NVMe3

HDD 2 or

NVMe0

HDD 4 or

NVMe2

HDD 1

HDD 0

REARTOP

FAN PS

SP

FILLER

FILLER FILLER

FILLER

FILLER

FILLER

FILLER FILLER

SERVER X5-2

DVD

HDD 6 HDD 7

HDD 3 or

NVMe1

HDD 5 or

NVMe3

HDD 2 or

NVMe0

HDD 4 or

NVMe2

HDD 1

HDD 0

REARTOP

FAN PS

SP

FILLER

FILLER FILLER

FILLER

FILLER

FILLER

FILLER FILLER

SERVER X5-2

DOM0DOMU

Databases

DOM0DOMU

Databases

DOMU

Databases

DOMU

Databases

RAC RAC


Agenda

About Me1

What is Ansible?2




Use Cases7

Conclusion8

Outlook9

The Inventory5


▪ Central Part for all further automation playbooks

▪ Stores information about Exadata Hosts

▪ Includes Central Configuration Settings (variables global to all playbooks)

▪ Includes Secrets encrypted with ansible-vault

▪ Currently file based

The Inventory



The Inventory II



▪ variables for all groups reside in “all” directory

▪ secrets encrypted in “*_wallet.yml”

▪ variables split into multiple configuration files

The Inventory III – HOST_-/GROUP_VARS



The Inventory IV - Encrypted Secrets



The Inventory IV - Encrypted Secrets II


▪ possibility to encrypt strings only (since Ansible 2.3)

▪ Command:

− ansible-vault encrypt_string ‘my_secret_PW‘ –name ‘my_pw_var ‘


Agenda

About Me1

What is Ansible?2



The Inventory5

Use Cases7

Conclusion8

Outlook9



▪ ansible.cfg

− can be placed in the current directory | in the HOME ( as .ansible.cfg) | in /etc/ansible/ansible.cfg

−Parameter “timeout” : increase ssh connect timeout

−Parameter “allow_world_readable_tmpfiles”: used for become_user != root

−Parameter “stdout_callback”: can be changed to change console output

• yaml / unixy / dense / debug (default)

Ansible Configuration File



Agenda

About Me1

What is Ansible?2



The Inventory5


Conclusion8

Outlook9

Use Cases7


▪ Deploy Ansible automation user

▪ Install / Upgrade TFA

▪ Install / Upgrade Exachk

▪ Create Oracle Home Goldimage for Cloning

▪ Manage OS-Logrotate

▪ Setup OS-LDAP

▪ Customize Rsyslog

▪ Customize OS-Environment (Routing, Hugepages,

SSHd)

▪ Install additional RPMs

Ansible Exadata Use Cases


▪ Manage sudoers

▪ Setup additional technical users

▪ Deploy SSH-Keys

▪ Ad-Hoc Tasks

▪ …


Ansible Exadata Use Cases


Make Exadata Production Ready

with one click


▪ Starting Point:

− Inventory already present with base

information

▪ The Goal:

−Do various OS-Customizations

▪ Steps:

− check services are running

− install additional rpm packages

−update sshd settings

−manage hugepage settings

−manage static routing

Use Case: Customize OS-Environment


▪ Challenges:

− routing setup

−efficient parameter updating in sshd config


25

Use Case: Customize OS-Environment



Use Case: Customize OS-Environment II



▪ Starting Point:

− fresh installed Exadata by Oracle

−Passwords are set to default: “welcome1”

▪ The Goal:

−Setup Ansible Deployment User on Exadata

▪ Steps:

−Update Inventory with new Exadata Components

− Execute Playbook to Setup Ansible Deployment User ‘ansible’

▪ Challenges:

− First Connect has to happen as ‘root’

−Default Security on Exadata, i.e. Login Security

−Ansible Timeout while connecting to Exadata Hosts

Use Case: Deploy Ansible User



Use Case: Deploy Ansible User



▪ Starting Point:

− Inventory already present with base information

▪ The Goal:

−Create/Update Local User Information

−Setup sudoers

▪ Steps:

− create group/user if it doesn’t exist

− set password expiration to unlimited

− copy ssh-pubkey if needed

− setup/update sudoers configuration

▪ Challenges:

− keep password expirery settings persistent across reboots

Use Case: Manage users and sudoers



Use Case: Manage users and sudoers



Use Case: Manage users and sudoers II



▪ Starting Point:

− Inventory already setup with base information

▪ The Goal:

− Install TFA and Exachk

−Upgrade TFA and Exachk if already installed

▪ Steps:

−Create one playbook for each component

▪ Challenges:

− Exachk Upgrade works, but installation corrupt

−TFA Upgrade failed sporadically

− TFA-Home different

− TFA Orachk run on installation/upgrade

Use Case: Deploy TFA / EXACHK



Use Case: Deploy TFA / EXACHK



▪ Starting Point:

− Inventory already setup with base

information

▪ The Goal:

−Setup OS LDAP Authentication

▪ Steps:

−MOS-Note 2199218.1*

−Configure openldap

−Configure nss

−Configure nscd

−Configure pam

−Configure nslcd

−Customize SSHd

Use Case: Setup OS LDAP


▪ Challenges:

−Missing RPM-Packages in Dom0

−Playbook includes many steps

−Where and how to store the LDAP-Server

Secrets

−Update of configuration values with

lineinfile-Module

* MOS-Note removed when Exadata

Machine Image 19.x with OEL7 was released

(stick to default Oracle Linux Doc)


Use Case: Setup OS LDAP



Use Case: Setup OS LDAP II

Ansible and Exadata - A Perfect Symbiosis | Timo Giese | UKOUG Techfest19 | 02.12.19 | Public (C1) 36


▪ Starting Point:

− Inventory already setup with base information

▪ The Goal:

−Setup Logrotate Configuration for DIAG-Directory Text-Logfiles

▪ Steps:

− copy logrotate config to cron.daily

▪ Challenges:

−none

Use Case: Manage OS Logrotate



Use Case: Manage OS Logrotate



Ansible Exadata Use Cases - Review


Make Exadata Production Ready with one click


Agenda

About Me1

What is Ansible?2



The Inventory5


Use Cases7

Outlook9

Conclusion8


▪ Many possibilities to automate manual tasks on Exadata with ansible

▪ Check Ansible Documentation for Modules and Task Parameters

− Important: Not all Parameters are Available in each Ansible Version

−docs.ansible.com/ansible/latest/index.html

▪ There is more than one way to solve a problem

▪ Stick to Standard Modules and try to avoid “Shell”, “Command” and “Lineinfile” Modules

whenever possible

▪ Use VCS like Git to track changes in the ansible scripts

▪ Keep Configuration settings equal on all Exadatas / Exadata Components

▪ Always keep an eye on your Ansible Automation when upgrading your Exadata to a new

Patch- / Release-Version

Conclusion


Th

e A

nsw

er

is Y

ES

https://docs.ansible.com/ansible/latest/index.html


Agenda

About Me1

What is Ansible?2



The Inventory5


Use Cases7

Conclusion8

Outlook9


▪ Setup Dependencies between Modules

▪ Database Instance Deployment (with RAC and Dataguard)

▪ Dynamic Inventory

▪ (Self-Service) Pluggable Database / Schema (DBaaS)

Outlook


Thank you very much for your attention!

ansible and exadata a perfect symbiosis?€¦ · automation tool for configuration- and...

Documents