1 files changed, 502 insertions, 0 deletions

diff --git a/src/talks/ansible-openstack.hbs b/src/talks/ansible-openstack.hbs
new file mode 100644
index 0000000..4b2af33
--- /dev/null
+++ b/src/talks/ansible-openstack.hbs
@@ -0,0 +1,502 @@
+<!doctype html>
+<html lang="en">
+
+  <head>
+    <meta charset="utf-8">
+
+    <title>Using Ansible with OpenStack</title>
+
+  </head>
+  <body>
+
+    <section id="who-am-i-redhat" class="slide level2">
+      <h1>Who am I?</h1>
+      <img style="float:right; margin:24pt" src="/images/Logo_RH_CMYK_Default.jpg" />
+      <p> Office of Technology </p>
+      <p> Zuul </p>
+      <p> Ansible </p>
+    </section>
+
+    <section id="who-am-i-openstack" class="slide level2">
+      <h1>Who am I?</h1>
+      <img style="float:right; margin-right:24pt; width:300px; height: auto" src="/images/openstack-cloud-software-vertical-large.png" />
+      <p>Technical Committee</p>
+      <p>Developer Infrastructure Core Team</p>
+      <p>Former Foundation Board of Directors</p>
+      <p>PTL of shade project</p>
+    </section>
+
+    <section id="ansible" class="slide level1">
+      <h1>Ansible</h1>
+      <p>Ansible is a radically simple IT automation engine that automates cloud provisioning, configuration management, application deployment, intra-service orchestration, and many other IT needs.</p>
+    </section>
+
+    <section id="why-ansible-is-great" class="slide level1">
+      <h1>Why Ansible is Great</h1>
+      <ul>
+        <li>simple declarative YAML syntax</li>
+        <li>list of tasks to perform - easy to debug</li>
+        <li>agentless - don't infect machines under management</li>
+        <li>Open Source - thousands of contributors worldwide</li>
+      </ul>
+    </section>
+
+    <section id="ansible-overview" class="slide level1">
+      <h1>Ansible Overview</h1>
+      <ul>
+        <li>task - an action to perform</li>
+        <li>module - code that exposes a type of action</li>
+        <li>role - reusable collection of tasks to acomplish a goal</li>
+        <li>play - tasks and roles run on a specific host or hosts</li>
+        <li>inventory - list of locations available to run plays on</li>
+        <li>playbook - file containing one or more plays</li>
+      </ul>
+    </section>
+
+    <section id="ansible-simple-example" class="slide level1">
+      <h1>Ansible Simple Example</h1>
+      <p><em>simple.yaml</em></p>
+      <pre><code>
+- hosts: all
+  tasks:
+  - name: Print hostname of server
+    command: hostname
+      </code></pre>
+      <p>A <em>playbook</em> containing a <em>play</em> that will run
+      against all hosts in the <em>inventory</em>. It has one <em>task</em>
+      that uses the <em>command</em> module to run the "hostname" command.
+      </p>
+    </section>
+
+    <section id="ansible-longer-example" class="slide level1">
+      <h1>Ansible Longer Example</h1>
+      <p><em>longer.yaml</em></p>
+      <pre><code>
+- hosts: git
+  roles:
+    - create-mirror-locations
+- hosts: code-review.example.com
+  roles:
+    - create-repositories
+      </code></pre>
+      <p>A <em>playboook</em> containing two <em>plays</em>. The first runs
+      a <em>role</em> called "create-mirror-locations" against a group of hosts
+      from the <em>inventory</em> called "git". Then it runs a <em>role</em>
+      called "create-repositories" against a host from the <em>inventory</em>
+      called "code-review.example.com".
+      </p>
+    </section>
+
+    <section id="ansible-modules" class="slide level1">
+      <h1>Ansible Modules</h1>
+      <ul>
+        <li>Usually written in Python</li>
+        <li>Can do anything, not limited to executing commands on a server</li>
+        <li>Manipulate Network Switch Config (ansible-network)</li>
+        <li>Build Containers (ansible-container)</li>
+        <li>Interact with REST APIs</li>
+      </ul>
+    </section>
+
+    <section id="ansible-openstack-modules" class="slide level1">
+      <h1>Ansible OpenStack Modules</h1>
+      <ul>
+        <li><a href="http://docs.ansible.com/ansible/list_of_cloud_modules.html#openstack" class="uri">http://docs.ansible.com/ansible/list_of_cloud_modules.html#openstack</a></li>
+        <li>Focused on consuming OpenStack APIs</li>
+        <li>Some are end-user focused</li>
+        <li>Some are deployer focused</li>
+      </ul>
+    </section>
+
+    <section id="interop---work-on-all-openstack-clouds" class="slide level1">
+      <h1>Interop - Work on All OpenStack Clouds</h1>
+      <ul>
+        <li>Ansible's OpenStack modules work the same on every OpenStack cloud</li>
+      </ul>
+      <p class='fragment'>
+      Don't let the existence of Rackspace modules confuse you.
+      The OpenStack modules work just great on Rackspace</p>
+    </section>
+
+    <section id="work-around-deployer-differences-...-to-a-point" class="slide level1">
+      <h1>Work Around Deployer Differences ... To a Point</h1>
+      <ul>
+        <li>Herculean effort is made to hide a giant amount of differences</li>
+        <li>Even so - some bugs are EWONTFIX</li>
+      </ul>
+      <p class='fragment'>
+      A provider decided to redefine the OpenStack Availability Zone concept
+      complete with incompatible API changes. That is unsupportable.</p>
+      <p class='fragment'>PS. Don't do that</p>
+    </section>
+
+    <section id="based-on-shade-library" class="slide level1">
+      <h1>Based on shade library</h1>
+      <ul>
+        <li>OpenStack python library to abstract deployment differences</li>
+        <li>designed for multi-cloud</li>
+        <li>simple to use</li>
+        <li>massive scale
+          <ul>
+            <li>optional advanced features to handle &gt;20k servers a day</li>
+          </ul></li>
+          <li>Initial logic/design extracted from OpenStack Infra's nodepool</li>
+          <li>Turned in to library for re-use in Ansible</li>
+      </ul>
+    </section>
+
+    <section id="integration-testing" class="slide level1">
+      <h1>Integration Testing</h1>
+      <ul>
+        <li>Every shade patch is integration tested in OpenStack Infra</li>
+        <li>Every shade patch tests the ansible modules in OpenStack Infra</li>
+        <li>Support coming very soon to test PRs to ansible modules in OpenStack Infra</li>
+      </ul>
+    </section>
+
+    <section id="lets-take-a-few-steps-back" class="slide level1">
+      <h1>Let's Take a Few Steps Back</h1>
+      <p>OpenStack in Ansible and Multi-cloud Operations are easy...</p>
+      <p>but you need to know a few things.</p>
+      <ul>
+        <li>Module structure</li>
+        <li>Terminology</li>
+        <li>Config</li>
+      </ul>
+    </section>
+
+    <section id="module-structure" class="slide level1">
+      <h1>Module Structure</h1>
+      <ul>
+        <li>All modules start with <code>os_</code></li>
+        <li>End-user oriented modules are named for the resource
+          <ul>
+            <li>os_image</li>
+            <li>os_sever</li>
+          </ul>
+        </li>
+        <li>Operator oriented modules are named for the service
+          <ul>
+            <li>os_nova_flavor</li>
+            <li>os_keystone_domain</li>
+          </ul>
+        </li>
+        <li>If it could go both ways, we prefer user orientation
+          <ul>
+            <li>os_user</li>
+            <li>os_group</li>
+          </ul>
+        </li>
+        <li>If more than one service provides a resource, they DTRT
+          <ul>
+            <li>os_security_group</li>
+            <li>os_floating_ip</li>
+          </ul>
+        </li>
+      </ul>
+    </section>
+
+    <section id="openstack-dynamic-inventory-script" class="slide level1">
+      <h1>OpenStack Dynamic Inventory Script</h1>
+      <ul>
+        <li>github.com/ansible/ansible/contrib/inventory/openstack.py</li>
+        <li>Uses all hosts in all clouds as one inventory</li>
+        <li>Excludes hosts without IPs</li>
+        <li>Makes a bunch of auto-groups (flavor, image, az, region, cloud)</li>
+        <li>Makes groups for metadata['groups']</li>
+      </ul>
+      <p>New inventory plugin coming in Ansible 2.4</p>
+    </section>
+
+    <section id="modules-for-all-openstack-resources-are-welcome-upstream" class="slide level1">
+      <h1>Modules for All OpenStack Resources are Welcome Upstream</h1>
+      <ul>
+        <li>If there is a thing you want to manage that doesn't have a module,
+          add one</li>
+        <li>We're very welcoming/accepting</li>
+        <li>Same goes for features to existing modules</li>
+      </ul>
+    </section>
+
+    <section id="to-serve-all-users-we-have-to-be-strict" class="slide level1">
+      <h1>To Serve All Users, We Have to be Strict</h1>
+      <ul>
+        <li>Modules that touch OpenStack APIs must do so via shade library</li>
+        <li>In user modules, vendor differences should be hidden</li>
+        <li>In operator modules, exposing them is ok</li>
+      </ul>
+    </section>
+
+    <section id="clouds.yaml" class="slide level1">
+      <h1>clouds.yaml</h1>
+      <ul>
+      <li>Information about the clouds you want to connect to is stored in a
+        file called clouds.yaml.</li>
+      <li>In OpenStack Pike release, Horizon provides downloadable clouds.yaml</li>
+      <li>Both yaml and yml are acceptable.</li>
+      <li>clouds.yaml can be in your homedir: ~/.config/openstack/clouds.yaml or system-wide: /etc/openstack/clouds.yaml.</li>
+      <li>Information in your homedir, if it exists, takes precedence.</li>
+      <li>Full docs on clouds.yaml are at <a href="https://docs.openstack.org/developer/os-client-config/" class="uri">https://docs.openstack.org/developer/os-client-config/</a></li>
+      </ul>
+    </section>
+
+    <section id="what-about-mac-and-windows" class="slide level1">
+      <h1>What about Mac and Windows?</h1>
+      <p>USER_CONFIG_DIR is different on Linux, OSX and Windows.</p>
+      <ul>
+        <li>Linux: ~/.config/openstack</li>
+        <li>OSX: ~/Library/Application Support/openstack</li>
+        <li>Windows: C:\\Users\\USERNAME\\AppData\\Local\\OpenStack\\openstack</li>
+      </ul>
+      <p>SITE_CONFIG_DIR is different on Linux, OSX and Windows.</p>
+      <ul>
+        <li>Linux: /etc/openstack</li>
+        <li>OSX: /Library/Application Support/openstack</li>
+        <li>Windows: C:\\ProgramData\\OpenStack\\openstack</li>
+      </ul>
+    </section>
+
+    <section id="config-terminology" class="slide level1">
+      <h1>Config Terminology</h1>
+      <p>For multi-cloud, think of two types:</p>
+      <ul>
+        <li>profile - Facts about the cloud that are true for everyone</li>
+        <li>cloud - Information specific to a given user</li>
+      </ul>
+    </section>
+
+    <section id="remember-your-execution-context" class="slide level1">
+      <h1>Remember your Execution Context!</h1>
+      <ul>
+        <li>ansible executes code on remote systems</li>
+        <li>clouds.yaml needs to be on the host where the modules run</li>
+        <li>auth information can be passed to modules directly</li>
+        <li>other config (currently) MUST go in clouds.yaml</li>
+        <li class='fragment'>Ability to pass entire cloud config to module coming soon</li>
+      </ul>
+    </section>
+
+    <section id="basic-clouds.yaml-for-the-example-code" class="slide level1">
+      <h1>basic clouds.yaml for the example code</h1>
+      <p>Simple example of a clouds.yaml</p>
+      <ul>
+        <li>Config for a named cloud &quot;my-citycloud&quot;</li>
+        <li>Reference a well-known &quot;named&quot; profile: citycloud</li>
+        <li>os-client-config has a built-in list of profiles at <a href="https://docs.openstack.org/developer/os-client-config/vendor-support.html" class="uri">https://docs.openstack.org/developer/os-client-config/vendor-support.html</a></li>
+        <li>Vendor profiles contain various advanced config</li>
+        <li>cloud name can match profile name (using different names for clarity)</li>
+      </ul>
+      <div class="sourceCode"><pre class="sourceCode yaml"><code class="sourceCode yaml">
+clouds:
+  my-citycloud:
+    profile: citycloud
+    auth:
+      username: mordred
+      project_id: 65222a4d09ea4c68934fa1028c77f394
+      user_domain_id: d0919bd5e8d74e49adf0e145807ffc38
+      project_domain_id: d0919bd5e8d74e49adf0e145807ffc38
+      </code></pre></div>
+        <p>Where's the password?</p>
+    </section>
+
+    <section id="secure.yaml" class="slide level1">
+      <h1>secure.yaml</h1>
+      <ul>
+        <li>Optional additional file just like clouds.yaml</li>
+        <li>Values overlaid on clouds.yaml</li>
+        <li>Useful if you want to protect secrets more stringently</li>
+      </ul>
+    </section>
+
+    <section id="example-secure.yaml" class="slide level1">
+      <h1>Example secure.yaml</h1>
+      <ul>
+        <li>No, my password isn't XXXXXXXX</li>
+        <li>cloud name should match clouds.yaml</li>
+        <li>Optional - I actually keep mine in my clouds.yaml</li>
+      </ul>
+      <div class="sourceCode"><pre class="sourceCode yaml"><code class="sourceCode yaml">
+clouds:
+  my-citycloud:
+    auth:
+      password: XXXXXXXX
+      </code></pre></div>
+    </section>
+
+    <section id="more-clouds.yaml" class="slide level1">
+      <h1>more clouds.yaml</h1>
+      <p>More information can be provided.</p>
+      <ul>
+        <li>Use v3 of the identity API - even if others are present</li>
+        <li>Use https://image-ca-ymq-1.vexxhost.net/v2 for image API instead of what's in the catalog</li>
+      </ul>
+      <div class="sourceCode"><pre class="sourceCode yaml"><code class="sourceCode yaml">
+my-vexxhost:
+  identity_api_version: 3
+  image_endpoint_override: https://image-ca-ymq-1.vexxhost.net/v2
+  profile: vexxhost
+  auth:
+    user_domain_id: default
+    project_domain_id: default
+    project_name: d8af8a8f-a573-48e6-898a-af333b970a2d
+    username: 0b8c435b-cc4d-4e05-8a47-a2ada0539af1
+      </code></pre></div>
+    </section>
+
+    <section id="much-more-complex-clouds.yaml-example" class="slide level1">
+      <h1>Much more complex clouds.yaml example</h1>
+      <ul>
+        <li>Not using a profile - all settings included</li>
+        <li>In the ams01 region there are two networks with undiscoverable qualities</li>
+        <li>Each one are labeled here so choices can be made</li>
+        <li>Any of the settings can be specific to a region if needed</li>
+        <li>region settings override cloud settings</li>
+        <li>cloud does not support floating-ips</li>
+      </ul>
+    </section>
+
+    <section id="much-more-complex-clouds.yaml-example-core" class="slide level1">
+      <div class="sourceCode"><pre class="sourceCode yaml"><code class="sourceCode yaml">
+my-internap:
+  auth:
+    auth_url: https://identity.api.cloud.iweb.com
+    username: api-55f9a00fb2619
+    project_name: inap-17037
+  identity_api_version: 3
+  floating_ip_source: None
+  regions:
+  - name: ams01
+    values:
+      networks:
+      - name: inap-17037-WAN1654
+        routes_externally: true
+        default_interface: true
+      - name: inap-17037-LAN3631
+        routes_externally: false</code></pre></div>
+    </section>
+
+    <section id="extra-variables-to-control-inventory-behavior" class="slide level1">
+      <h1>Extra Variables to Control Inventory Behavior</h1>
+      <ul>
+        <li>
+          <dl>
+            <dt>expand_hostvars</dt>
+            <dd>whether to make extra API calls to fill out additional
+            information about each server
+            </dd>
+          </dl>
+        </li>
+        <li>
+          <dl>
+            <dt>use_hostnames</dt>
+            <dd>changes the behavior from registering every host with its
+              UUID and making a group of its hostname to only doing this if the
+              hostname in question has more than one server
+            </dd>
+          </dl>
+        </li>
+        <li>
+          <dl>
+            <dt>fail_on_errors</dt>
+            <dd>causes the inventory to fail and return no hosts if one
+            cloud has failed</dd>
+          </dl>
+        </li>
+      </ul>
+
+      <div class="sourceCode"><pre class="sourceCode yaml"><code class="sourceCode yaml">ansible:
+  use_hostnames: False
+  expand_hostvars: True
+  fail_on_errors: True</code></pre></div>
+    </section>
+    <section id="test-your-config" class="slide level1">
+      <h1>Test Your Config</h1>
+      <div class="sourceCode"><pre class="sourceCode yaml"><code class="sourceCode yaml">---
+- hosts: localhost
+  tasks:
+  - os_auth:
+      cloud: "{{ item.cloud }}"
+      region_name: "{{ item.region }}"
+    with_items:
+    - cloud: my-vexxhost
+      region: ca-ymq-1
+    - cloud: my-citycloud
+      region: Buf1
+    - cloud: my-internap
+      region: ams01
+      </code></pre></div>
+    </section>
+
+    <section id="more-interesting" class="slide level1">
+      <h1>More Interesting</h1>
+      <div class="sourceCode"><pre class="sourceCode yaml"><code class="sourceCode yaml">
+- hosts: localhost
+  tasks:
+  - os_server:
+      name: "my-server"
+      cloud: "{{ item.cloud }}"
+      region_name: "{{ item.region }}"
+      image: "{{ item.image }}"
+      flavor: "{{ item.flavor }}"
+      auto_ip: true
+    with_items:
+    - cloud: my-vexxhost
+      region: ca-ymq-1
+      image: Ubuntu 16.04.1 LTS [2017-03-03]
+      flavor: v1-standard-4
+    - cloud: my-citycloud
+      region: Buf1
+      image: Ubuntu 16.04 Xenial Xerus
+      flavor: 4C-4GB-100GB
+    - cloud: my-internap
+      region: ams01
+      image: Ubuntu 16.04 LTS (Xenial Xerus)
+      flavor: A1.4</code></pre></div>
+    </section>
+
+    <section id="check-that-there-is-an-inventory" class="slide level1">
+      <h1>Check That There is an Inventory</h1>
+        <blockquote>
+          python ~/src/github.com/ansible/ansible/contrib/inventory/openstack.py --list
+        </blockquote>
+    </section>
+
+    <section id="cleanup-after-ourselves" class="slide level1">
+      <h1>Cleanup After Ourselves</h1>
+      <div class="sourceCode"><pre class="sourceCode yaml"><code class="sourceCode yaml">
+- hosts: localhost
+  tasks:
+  - os_server:
+      cloud: "{{ item.cloud }}"
+      region_name: "{{ item.region }}"
+      name: my-server
+      state: absent
+    with_items:
+    - cloud: my-vexxhost
+      region: ca-ymq-1
+    - cloud: my-citycloud
+      region: Buf1
+    - cloud: my-internap
+      region: ams01
+      </code></pre></div>
+    </section>
+
+    <section id="check-out-ansible-cloud-launcher" class="slide level1">
+      <h1>Check out Ansible Cloud Launcher</h1>
+      <p><a href="https://git.openstack.org/cgit/openstack/ansible-role-cloud-launcher" class="uri">https://git.openstack.org/cgit/openstack/ansible-role-cloud-launcher</a></p>
+      <ul>
+        <li>Role for launching resources on an OpenStack Cloud</li>
+      </ul>
+    </section>
+
+    <section id="check-out-linch-pin" class="slide level1">
+      <h1>Check out Linch-pin</h1>
+      <p><a href="http://linch-pin.readthedocs.io/en/develop/" class="uri">http://linch-pin.readthedocs.io/en/develop/</a></p>
+      <ul>
+        <li>From our friends in CentOS</li>
+      </ul>
+        <p>Linch-pin provides a collection of Ansible playbooks for provisioning, decommissioning, and managing resources across multiple infrastructures. The main goal of linch-pin is to facilitate provisioning and orchestration of resources in a multi-cloud environment through a topology file.</p>
+    </section>
+
+  </body>
+</html>