Back to the main page

OCI Ansible modules

Intro

They are available from GitHub repo: https://github.com/oracle/oci-ansible-modules

Python virtual environment

It is highly recommended that a Python virtual environment be used when installing some stuff, like OCI , Oracle Cloud Infrastructure.
# pip show virtualenv 
Name: virtualenv
Version: 16.0.0
Summary: Virtual Python Environment builder
Home-page: https://virtualenv.pypa.io/

Environment location

Create the directory for environment, for example it's /python-virtualenv/oci. Configure the http proxy for WWW.

Create environment

Run the command that creates environment in the provided directory.
 virtualenv -v /python-virtualenv/oci 

Activate environment

Run this command and note environment name (oci) at prompt.
[username@ansible-host tmp]# source /python-virtualenv/oci/bin/activate 
(oci) [username@ansible-host tmp]#

Install Python SDK

Use pip to install software for this new environment. Install oci, for this new env, you may need to install ansible also (pip install ansible)
(oci) [username@ansible-host oci]# pip install oci
 
(oci) [username@ansible-host tmp]# pip list
Package         Version
--------------- ---------
asn1crypto      0.24.0
...
six             1.11.0
wheel           0.32.0

Install ansible oci modules

Get it from GitHub and install it.
(oci) [username@ansible-host tmp]# git clone https://github.com/oracle/oci-ansible-modules.git
(oci) [username@ansible-host tmp]# cd oci-ansible-modules
(oci) [username@ansible-host oci-ansible-modules]# ./install.py
The install.py copy modules into the directory /python-virtualenv/oci/lib/python2.7/site-packages/ansible/modules/cloud/oracle

Deactivate environment

To exit the environment:
(oci) [username@ansible-host tmp] deactivate
[username@ansible-host tmp]

Playbook

These are some of playbooks I wrote. In the office, they can be cloned via git repository, example. Then go to some of your working directory and clone the repo.
(oci) [zdudic@ansible-host oci] git clone git@gitlab-server.domain.com:sysadmins/ansible.git
(oci) [zdudic@ansible-host oci] cd ansible/oci
(oci) [zdudic@ansible-host oci]
(oci) [zdudic@ansible-host oci] ls
list_oci_compartment.yml  list_oci_policy.yml  list_oci_shapes.yml  list_oci_users.yml
... and more ...

The playbook for creating OCI instances.
---
- name : Create Oracle Cloud Instance playbook
  connection: local
  hosts: localhost
  tasks:

       - name: Launch/create an instance using an image, look through 'item'
         oci_instance:
            name: "{{ item }}"
            availability_domain: "DSdu:US-ASHBURN-AD-2"
            # labops compartment
            compartment_id: "ocid1.compartment.oc1..aaaaa..4ffpyyra"
            source_details:
               source_type: image
               # image Oracle-Linux-7.5-2018.08.14-0
               image_id: "ocid1.image.oc1.iad.aaaaaa..eiga4cnxa"
            preserve_boot_volume: no   # remove boot volume when an instance is terminated
            shape: "VM.Standard1.4"    # low usage of this shape as per service limit
            vnic:
               #name: some name
               #hostname_label: some name
               # subnet Web-AD2-iad.sub
               subnet_id: "ocid1.subnet.oc1.iad.aaaa..pe545jq"
            # adding ssh public key
            metadata: {
                    "ssh_authorized_keys": "ssh-rsa AAAAB3NzaC1yc2...umoH2tVhW+BK6ZSyCoWosR linuxandvirtualization"
                       }
            volume_details:     #  volume details is in experimental mode, seems doesn't do anything!!
               environment: {OCI_ANSIBLE_EXPERIMENTAL: True}
               attachment_name: second_disk
               attachment_state: present
               type: iscsi
               # this block volume already exist from before
               volume_id: "ocid1.volume.oc1.iad.abuwclj...hneneg26a"
            state: "present"    # an instance must be present, so create it if doesn't exist
            wait: yes
            wait_until: RUNNING
         with_items:   # note item is in plural !!
            - ca-oci-zarko1
            - ca-oci-zarko2
            - ca-oci-zarko3

The playbook for creating a OCI user, first check if user exists in corporate LDAP, and once account is created, sends email to a user. An operator is prompted for username and groups user belongs to.
---
- name : User playbook for creating and sending email
  connection: local
  hosts: localhost

  vars:
     oracle_ldap_srv: gmldap.domaincorp.com
     ldap_search_base: "DC=DOMAIN,DC=COM"

  vars_prompt:
    - name: user_name
      prompt: "Enter user's email address"
      #default: no_default_user
      private: no
    - name: users_grp
      prompt: "Enter list of groups user belogs to (separate by comma): grp1,grp2 "
      default: "[]"  # no group by default
      private: no
  tasks:

      # ----------------------------
      # Is a user in corporate LDAP ?
      # -----------------------------
      - name: Check corporate ldap for {{ user_name }}
        command:  ldapsearch -LLL -x -h {{oracle_ldap_srv}} -b "{{ldap_search_base}}" "mail={{ user_name }}"
        register: result

      # exit if users doesn't exist
      #- debug:   # if you don't want play to fail, just a message
      - fail:
           msg: "Exit: {{user_name}} is not Oracle employee"
        when: result.stdout.find('{{user_name}}') == -1

      - name: Print that user exists
        debug:
           msg: "OK: {{user_name}} is Oracle employee!"
        when: result.stdout.find('{{user_name}}') != -1

      # ----------------------------
      # Create OCI account
      # -----------------------------
      - name: Create User with password and group memberships
        oci_user:
          name: "{{ user_name }}"
          description: "Local account {{ user_name }}"
          user_groups: "{{ users_grp }}"
          create_or_reset_ui_password: True
          state: 'present'
        register: result

      #- fail:
      #     msg="Exit, I'd say {{ user_name }} already exists, please check it. "
      #  #when: result.user.password == -1

      - debug:
           msg="User {{ user_name }} is created with password {{result.user.password}}"
        when: result.user.password != -1

      # ----------------------------
      # Email details to a user
      # -----------------------------
      - name: Send an email to a user
        mail:
          host: "internal-mail-router.domain.com"
          from: "ca-labops-support@domain.com"
          to: "{{ user_name }}"
          subject: OCI account {{ user_name }} has been created!
          body: "
                 \n
                Login URL for OCI Console: \n
                https://console.us-some_city-1.oraclecloud.com/?tenant=linuxandvirtualization
                \n\n Username: \n
                {{ user_name }}
                \n\n The password: \n
                {{result.user.password}}
                \n\n You are in group(s): \n
                {{users_grp}}
                \n"

        when: result.user.password != -1    # prevents sending duplicated emails

      - debug:
           msg="Emailed details to {{ user_name }} "
        when: result.user.password != -1

the playbook for deleting users
---
- name: Delete user playbook
  connection: local
  hosts: localhost
  tasks:
     - name: Delete a user
       oci_user:
          user_id: "{{item}}"
          # If force='no' and if the user is part of a group, user will not be deleted.
          # To delete a user associated with group(s), use state=yes.
          force: yes
          state: absent
       loop:
         #- ocid1.user.oc1..aaaa...4c5f4p4c2q
         #- ocid1.user.oc1..aaaaa..edsdgwea

Playbook for listing user
---
- name : Users playbook
  connection: local
  hosts: localhost
  tasks:
     - name: List all OCI existing users in Linuxandvirtualization tenancy
       oci_user_facts:
  
       # need for showing output 
       register: result

     - name: Dump result
       debug:
          #msg: '{{result}}'
          msg: "{{result | json_query('users[*].name')}}"

     #- set_fact:
          #OCI_users : "{{result | json_query('users[*].name')}}"

the playbook for listing instances
---
- name : Instance playbook
  connection: local
  hosts: localhost
  tasks:
     - name: get details of all instances for provided compartment and availability domain
       oci_instance_facts:
          # compartment is labops
          compartment_id: "ocid1.compartment.oc1..aaaaaaa....j7mld4ffpyyra"
          availability_domain: "DSdu:US-ASHBURN-AD-2"

       # need for showing output
       register: result

     - name: Dump result
       debug:
          #msg: '{{result}}'
          msg: "{{result | json_query('instances[*].display_name')}}"

the playbook for listing shapes
---
- name : Shapes playbook
  connection: local
  hosts: localhost
  tasks:
     - name: List all OCI shapes in LV tenancy
       oci_shape_facts:
          compartment_id: "ocid1.tenancy.oc1..aaaaa..........prugdvqydygfq"

       # need for showing output
       register: result

     - name: Dump result
       debug:
          msg: '{{result}}'

the playbook for listing vcn, virtual cloud network
---
- name : VCN playbook
  connection: local
  hosts: localhost
  tasks:
     - name: List all VCN in Networks compartment
       oci_vcn_facts:
          # Networks compartment
          compartment_id: "ocid1.compartment.oc1..aaaaaa.........4x6leabhnmeibiq"

       # need for showing output
       register: result

     - name: Dump result
       debug:
          msg: '{{result}}'

the playbook for listing volumes
---
- name : Block Volume playbook
  connection: local
  hosts: localhost
  tasks:
     - name: List all volumes for an availability domain and compartment
       oci_volume_facts:
          availability_domain: DSdu:US-ASHBURN-AD-2
          # labops compartment
          compartment_id: "ocid1.compartment.oc1..aaaaa.....7mld4ffpyyra"

       # need for showing output
       register: result

     - name: Dump result
       debug:
          msg: '{{result}}'

the playbook for listing regions
---
- name : Region playbook
  connection: local
  hosts: localhost
  tasks:
     - name: List details of all offered regions
       oci_region_facts:
       # tenancy can be commented out
       #tenancy: "ocid1.tenancy.oc1..aaa.....oprugdvqydygfq"

       # need for showing output
       register: result

     - name: Dump result
       debug:
          msg: '{{result | json_query("regions")}}'  # filter only regions
          #msg: '{{result}}'   # show everything

Finally, check playbook with :
ansible-playbook -vvv <playbook_name> --check

and if no error, execute with:
ansible-playbook -vvv <playbook_name>


Back to the main page