Ansible Chef Inventory Orchestration

If you have used or are using chef for configuration management, chances are that you may have rolled some custom deployment scripts with fog or some other libraries. However, why roll your own when you don’t have to? It’s pretty easy to manage and orchestrate with the dynamic inventory of ansible.

Ansible can handle a few of the common orchestration tasks easily that aren’t possible without custom work:

• Deployments that require some ordering
• Rolling upgrades
• Creation of hosts and clusters on a variety of providers and then bootstrapping.

To get the orchestration of ansible with chef, this script needs to be installed into the inventory directory: https://gist.github.com/tjheeta/f3538c32965575e59bcd

Please note that ansible doesn’t allow colons in the group names, so if you have a runlist of recipes like cookbook1::default, all the hosts with that cookbook will be in group cookbook1__default.

The script will try to autoconfigure by looking for a working knife.rb in various locations. If no working knife.rb is available on the host, please setup a chef.ini in the inventory directory:

[chef]
chef_server_url=https://api.opscode.com/organizations/your_org
client_key=/home/user/.chef/user.pem
client_name=someusername

It also requires pychef to be installed as a pre-requisite, if your distro doesn’t have it, just use pip.

VIRT_DIR=virtenv-ansible
virtualenv ${VIRT_DIR}
source ${VIRT_DIR}/bin/activate

pip install ansible
pip install pychef

Example deploy:

- name: Run database migrations
  hosts: singleton
  roles:
    - run_chef

- name: Deploy to all the hosts
  hosts: all:!maintenance
  roles:
    - run_chef

Example creation and orchestration:

- name: Create AWS resources
  hosts: localhost
  connection: local
  gather_facts: False
  tasks:
  - name: Create security group
    local_action:
      module: ec2_group
      name: test_fw
      description: "test_fw"
      region: "{{aws_region}}"
      rules:
        - proto: tcp
          type: ssh
          from_port: 22
          to_port: 22
          cidr_ip: 0.0.0.0/0
      rules_egress:
        - proto: all
          type: all
          cidr_ip: 0.0.0.0/0
    register: worker_fw

  - name: create instance
    local_action:
      module: ec2
      key_name: test_key
      region: "{{aws_region}}"
      group: [ "default", "test_fw" ]
      instance_type: "{{instance_type}}"
      instance_tags:
        group: test
      count_tag:
        group: test
      exact_count: 1
      image: "{{ami_id}}"
      wait: yes
    register: ec2host

  - add_host: hostname="{{ item.public_ip }}" groupname=test_group
    with_items: ec2host.tagged_instances

  - wait_for: host="{{ item.public_ip }}" port=22 search_regex=OpenSSH delay=10 timeout=300
    with_items: ec2host.tagged_instances

- name: bootstrap chef
  hosts: test_group
  delegate_to: localhost
  sudo: true
  tasks:
    - shell: bundle exec knife bootstrap --sudo  -r 'bootstrap::default' {{ ansible_default_ipv4.address }}

tl;dr - ansible allows orchestration of chef inventory with script https://gist.github.com/tjheeta/f3538c32965575e59bcd