Prox - Ansible - Changing Configuration

[bdunbar]

Building on past experience and using previously created playbooks, with Ansible (version 1.1) we've (really my devops partner) created a process that creates containers from defined settings - template, ram, disk size, etc.

We do this by calling pvesh like so

pvesh create /nodes/${target_env}-proxmox-${node_id}/openvz -vmid ${vm_id} -ostemplate ${container.ostemplate} -memory ${container.memory) (etc)

This is really handy for deploying X containers at a time, and doing so without making any tedious mistakes in configuration.

What I'd like to do is change a given container's (ram, disk size, network configuration) by changing it's configuration file. Ansible would execute playbook at defined intervals, notice that ${container.memory} is different than the actual value that container has, and adjust.

This is better for operations in that one needs only touch a configuration once, it's under change control, and changes happen, rather than reaching out and manually adding that value.

I am probably missing something, but the only way I can see to do this is like so

- process pulls the configuration for container X
- if variables diff then execute change
- else exit 0.

Comments? It's not impossible that the prox API provides a way to make that happen without a lot of extracting and comparing variables in bash or perl and I'm missing it.

 

[mo_]

The containers configuration files can be found in /etc/pve/openvz/$CTID.conf on any given node. I must say I dont know Ansible/playbook but since you mentioned devops Im guessing its some kind of niche alternative to puppet? In that case I dont think there'd be any problems in directly interacting with the .conf files. However, I was unable to find any mention anywhere about whether theres some way to tell openvz/vzctl to apply new parameters to a running container by re-reading the conf file. You can modify container parameters with "vzctl set ..." but thatd be a horrible thing to implement whereas telling vzctl to simply refresh the config from file would be so much simpler...

 

[bdunbar]

Im guessing its some kind of niche alternative to puppet?

I don't know about niche (smile) but Ansible is an alternative to Puppet, or Chef. If I recall it debuted after Puppet hit the big time: solving the same problem using a different approach. Essentially, if one can SSH to a host, one can deploy software, manage configurations, and so on. A playbook in Ansible is simply a yaml file telling Ansible what to do.

whereas telling vzctl to simply refresh the config from file would be so much simpler...

Ah! Ansible has a directive that says "If this configuration X changes then execute Y".

Say if one tells ansible to change /etc/foo.conf, one can include a directive to restart service foo. So .. if one edits a container's .conf then edit the appropriate setting using vzctl.

Which would be messy using the execute shell command: I may have just talked myself into writing an ansible module: I need to bone up on Python.