OpenShift Container Platform and Ansible go hand-in-hand, playing an important role in cloud automation. They both empower DevOps engineers not only to automate the deployment of Kubernetes clusters in on-premises, hybrid, and multicloud environments, but also all the other services in their end-to-end environments.
For example,OpenShift Container Platform typically requires access to persistent storage for stateful applications, such as database services and message queues. Using Ansible, the NetApp® Cloud Volumes ONTAP enterprise data platform can be deployed alongside OpenShift, and the integration performed to enable them to work together using the NetApp Trident storage provisioner for Kubernetes. This gives OpenShift users a reliable and scalable platform to deploy new containerized applications and services.
In this article, we will look at how an OpenShift deployment with Cloud Volumes ONTAP can be used to dynamically provision persistent storage, and how Ansible can be used to automate the deployment and configuration of Cloud Volumes ONTAP.
Cloud Volumes ONTAP allows you to manage your data uniformly across the major hyperscaler environments, namely AWS, Azure, and Google Cloud Platform. Cloud Volumes ONTAP brings NetApp’s extensive background in enterprise data management to the cloud, providing high availability across Availability Zones, DR capability across regions, storage efficiencies that can dramatically reduce your cloud storage footprint, and much more.
Cloud Volumes ONTAP builds on the compute and storage infrastructure of the cloud to deliver reliable, scalable, and high-performance storage services for cloud-native applications. You can build disk aggregates and volumes using any of the available block-level and object storage services available in your cloud environment. For example, in AWS, all of the Amazon EBS disk types are supported, as well as the use of Amazon S3 for less frequently accessed data. Cloud Volumes ONTAP uses built-in storage efficiency technologies, such as thin provisioning, data deduplication, and data compression, to reduce your operational expenditure on cloud storage in comparison to allocating the storage directly, which can be by as much as 70%.
Block-level cloud storage, such as Amazon EBS and Azure Managed Disks, usually provide redundancy at the Availability Zone level, with snapshot backups providing a greater level of data protection. With Cloud Volumes ONTAP HA, all of your data is protected across Availability Zones, which ensures that you can continue normal operations even in the face of a site-wide failure. Using NetApp SnapMirror replication, you can create DR failover capability that spans cloud regions. This level of data protection is a prerequisite for large, enterprise organizations.
Cloud Volumes ONTAP also provides sophisticated data management features that make it easier to work with and manage your data. For example, NetApp FlexClone data cloning allows you to create multiple, writable copies of a source volume instantly and without needing to copy any of the source data. In fact, storage is only required for the changes that you make to the clone, which makes these clones ideal for running integration test suites against real data.
NetApp Trident is the open-source and fully supported storage provisioner for Kubernetes that allows for easy and direct integration with Cloud Volumes ONTAP from any Kubernetes cluster. Using NetApp Trident, you can dynamically provision OpenShift persistent storage using native Kubernetes constructs and yaml files. This is achieved by setting up the storage classes to be used and then simply issuing persistent volumes claims, just as you would for another backend storage provider.
OpenShift uses Ansible for cluster installation and configuration management. This allows for cluster deployments to be automated and repeatable, which makes rollouts significantly faster and less error prone. Ansible playbooks are also used to scale up clusters by adding more worker nodes, or to perform an upgrade to the latest version of OpenShift.
Ansible, however, has a wider scope that just OpenShift, and herein lies its power. With hundreds of open-source modules available that cover everything from mounting storage onto a server to the configuring of database services and DNS, you can setup your entire end-to-end environment using the same, familiar automation platform. This also includes the installation and configuration of NetApp Cloud Manager, Cloud Volumes ONTAP, and NetApp Trident.
Cloud Manager is Cloud Volumes ONTAP’s graphical centralized management platform. It’s easy to get started with Cloud Manager and Cloud Volumes ONTAP using the modern, web-based UI; however, to support automation, Cloud Manager also provides a RESTful API interface that enables integration with tools such as Ansible. This allows you to automate the deployment of Cloud Manager itself, new Cloud Volumes ONTAP storage environments, disk aggregates and storage volumes, all through Ansible tasks and playbooks.
Using Ansible, you can go further than just the initial setup of Cloud Volumes ONTAP. NetApp is one of only six Red Hat Ansible Certified Module Vendors, and the only data management company with this certification. There are a vast number of NetApp ONTAP modules available that can be used to perform the large bulk of initial Cloud Volumes ONTAP configuration tasks, and nearly all commonly performed day-to-day operations. As a certified vendor, NetApp’s modules are first tested internally, then by the open-source Ansible community, and finally by the engineers at Red Hat to ensure correct operation and verified performance.
The procedural task automation provided by Ansible and the idempotency, i.e. the ability for tasks to be safely re-executed without causing duplication or configuration problems, helps to massively reduce the time taken for complicated rollouts from weeks to minutes. When NetApp themselves moved to Ansible internally for setting up new ONTAP clusters, they were able to make the setup process 96 times faster than it was previously.
In this section, we’ll cover some of the Ansible use cases typical to the deployment and setup of Cloud Volumes ONTAP. In order to authenticate yourself when performing Cloud Manager operations, you will first need to acquire a refresh token from https://services.cloud.netapp.com/refresh-token using your NetApp Cloud Central account.
The refresh token is then used together with your client ID in order to create an access token that can be used in HTTP requests. An example of how this is achieved using Ansible is shown below:
vars:
auth0_domain: netapp-cloud-account.auth0.com
tasks:
- name: Get Token
uri:
url: https:///oauth/token
method: POST
body_format: json
return_content: yes
body: {"grant_type":"refresh_token", "refresh_token": "", "client_id": ""}
status_code: 200,204,202
register: token_response
ignore_errors: no
- name: set token & token_type
set_fact: token=""
- set_fact: token_type=""
- name: set OCCM IP
set_fact: occm_ip="{{item.public_ip}}"
Here we can make use of Ansible playbook variables to store information that will be passed into Ansible from the command line, such as refToken and client_id, as well as variables to store information from the HTTP response received from the token request. Use of Ansible variables make playbooks more generic and applicable in different environments, such as Staging and Production.
The reference API documentation that details the available endpoints, the payload expected, and the responses returned is available from within the Cloud Manager UI by clicking the API documentation link:
The following example Ansible task shows the main steps required to deploy Cloud Manager. The full yaml file can be found here.
# Deploy OCCM Instance from AMI
- name: Launch OCCM instance
local_action:
module: ec2
aws_access_key: ""
aws_secret_key: ""
instance_tags:
Name: ""
region: ""
keypair: ""
group_id: ""
instance_type: ""
image: ""
vpc_subnet_id: ""
assign_public_ip: yes
instance_profile_name: ""
count: ""
wait: yes
register: ec2
- name: Wait for SSH to come up
wait_for: host={{item.public_dns_name}} port=22 delay=60 timeout=320 state=started
with_items: ""
- name: Wait for OCCM to come up
wait_for: host={{item.public_dns_name}} port=80 delay=60 timeout=600 state=started
with_items: ""
Ansible can be used to deploy Cloud Volumes ONTAP as a single node or as an HA pair. This can be achieved by separating out the configuration information for the new instance into a separate JSON template file, which is then referenced by the Ansible playbook. As the template file will be read and processed by Ansible, it too can make use of Ansible playbook variables. A template file could look like the following:
{
"name": "",
"tenantId": "",
"region": "",
"packageName": "aws_standard",
"dataEncryptionType": "AWS",
"capacityTier": "S3",
"subnetId": "",
"svmPassword": "",
"vpcId": "",
"ontapEncryptionParameters": null,
"ebsVolumeType": "gp2"
}
The Ansible task to use this template and deploy Cloud Volumes ONTAP would look like the following:
- name: Create OTC
uri:
url: "http:///occm/api/vsa/working-environments"
method: POST
headers:
Authorization: " "
Referer: "Ansible"
body_format: json
body: ""
status_code: 200,204,202
timeout: 180
register: otc_response
Similar to deploying Cloud Volumes ONTAP, all of the necessary information for creating a disk aggregate or a volume can be stored in a template file and then simply referenced by your Ansible playbook tasks. The following task can be used to create to create a disk aggregate:
- name: Create Aggregate
uri:
url: "http:///occm/api/vsa/aggregates"
method: POST
headers:
Authorization: " "
Referer: "Ansible"
body_format: json
body: ""
status_code: 200,204,202
timeout: 180
register: aggr_response
The next example shows an Ansible task to create a new volume:
- name: Create Volume
uri:
url: "http:///occm/api/vsa/volumes?createAggregateIfNotFound=true"
method: POST
headers:
Authorization: " "
Referer: "Ansible"
body_format: json
body: ""
status_code: 200,204,202
timeout: 180
register: vol_response
Integrating Cloud Volumes ONTAP with OpenShift is a two-step operation that first requires that NetApp Trident be installed in the destination cluster. This process is started by uploading the Kubernetes configuration yaml file to Cloud Manager. The following shows how this can be achieved with Ansible:
- name: Install Trident
uri:
url: "http:///occm/api/k8s/load"
method: POST
headers:
Authorization: " "
Referer: "Ansible"
body_format: json
body: ""
status_code: 200,204,202
The second part of the procedure is to link an existing deployment of Cloud Volumes ONTAP to the OpenShift cluster loaded up in the previous step. Multiple clusters can target the same instance of Cloud Volumes ONTAP. This can be achieved using a task such as this:
- name: Install Trident
uri:
url: "http:///occm/api/k8s/connect//"
method: POST
headers:
Authorization: " "
Referer: "Ansible"
status_code: 200,204,202
OpenShift and Cloud Volumes ONTAP have now been integrated, and you can start dynamically provisioning OpenShift persistent storage.
OpenShift, Ansible, and Cloud Volumes ONTAP enable rapid and reliable deployment of end-to-end containerized applications and services. Using Ansible for DevOps allows you to uniformly manage the configuration for a diverse set of cloud infrastructure services. This includes OpenShift deployment, as well as the installation, configuration, and integration of Cloud Volumes ONTAP with your Kubernetes clusters.