Using Ansible with the Packet host

    • packet_sshkey: adds a public SSH key from file or value to the Packet infrastructure. Every subsequently-created device will have this public key installed in .ssh/authorized_keys.
    • packet_device: manages servers on Packet. You can use this module to create, restart and delete devices.

    Note, this guide assumes you are familiar with Ansible and how it works. If you’re not, have a look at their before getting started.

    Requirements

    The Packet modules and inventory script connect to the Packet API using the packet-python package. You can install it with pip:

    In order to check the state of devices created by Ansible on Packet, it’s a good idea to install one of the Packet CLI clients. Otherwise you can check them via the .

    To use the modules and inventory script you’ll need a Packet API token. You can generate an API token via the Packet portal here. The simplest way to authenticate yourself is to set the Packet API token in an environment variable:

    1. $ export PACKET_API_TOKEN=Bfse9F24SFtfs423Gsd3ifGsd43sSdfs

    If you’re not comfortable exporting your API token, you can pass it as a parameter to the modules.

    On Packet, devices and reserved IP addresses belong to . In order to use the packet_device module, you need to specify the UUID of the project in which you want to create or manage devices. You can find a project’s UUID in the Packet portal here (it’s just under the project table) or via one of the available .

    If you want to use a new SSH keypair in this tutorial, you can generate it to and ./id_rsa.pub as:

    1. $ ssh-keygen -t rsa -f ./id_rsa

    If you want to use an existing keypair, just copy the private and public key over to the playbook directory.

    The following code block is a simple playbook that creates one Type 0 server (the ‘plan’ parameter). You have to supply ‘plan’ and ‘operating_system’. ‘location’ defaults to ‘ewr1’ (Parsippany, NJ). You can find all the possible values for the parameters via a .

    1. # playbook_create.yml
    2.  
    3. - name: create ubuntu device
    4.   hosts: localhost
    5.   tasks:
    6.  
    7.   - packet_sshkey:
    8.       key_file: ./id_rsa.pub
    9.       label: tutorial key
    10.  
    11.   - packet_device:
    12.       project_id: <your_project_id>
    13.       hostnames: myserver
    14.       operating_system: ubuntu_16_04
    15.       plan: baremetal_0
    16.       facility: sjc1

    After running ansible-playbook playbook_create.yml, you should have a server provisioned on Packet. You can verify via a CLI or in the Packet portal.

    If you get an error with the message “failed to set machine state present, error: Error 404: Not Found”, please verify your project UUID.

    Updating Devices

    The ‘device_ids’ and ‘hostnames’ parameters are mutually exclusive. The following values are all acceptable:

    • device_ids: a27b7a83-fc93-435b-a128-47a5b04f2dcf
    • hostnames: mydev1
    • device_ids: [a27b7a83-fc93-435b-a128-47a5b04f2dcf, 4887130f-0ccd-49a0-99b0-323c1ceb527b]
    • hostnames: [mydev1, mydev2]

    In addition, hostnames can contain a special ‘%d’ formatter along with a ‘count’ parameter that lets you easily expand hostnames that follow a simple name and number pattern; i.e. hostnames: "mydev%d", count: 2 will expand to [mydev1, mydev2].

    If your playbook acts on existing Packet devices, you can only pass the ‘hostname’ and ‘device_ids’ parameters. The following playbook shows how you can reboot a specific Packet device by setting the ‘hostname’ parameter:

    1. # playbook_reboot.yml
    2.  
    3. - name: reboot myserver
    4.   hosts: localhost
    5.   tasks:
    6.  
    7.   - packet_device:
    8.       project_id: <your_project_id>
    9.       hostnames: myserver
    10.       state: rebooted

    You can also identify specific Packet devices with the ‘device_ids’ parameter. The device’s UUID can be found in the or by using a CLI. The following playbook removes a Packet device using the ‘device_ids’ field:

    In this example, we’ll create a CoreOS cluster with .

    The CoreOS cluster will use etcd for discovery of other servers in the cluster. Before provisioning your servers, you’ll need to generate a discovery token for your cluster:

    1. $ curl -w "\n" 'https://discovery.etcd.io/new?size=3'

    The following playbook will create an SSH key, 3 Packet servers, and then wait until SSH is ready (or until 5 minutes passed). Make sure to substitute the discovery token URL in ‘user_data’, and the ‘project_id’ before running ansible-playbook. Also, feel free to change ‘plan’ and ‘facility’.

    1. # playbook_coreos.yml
    2.  
    3. - name: Start 3 CoreOS nodes in Packet and wait until SSH is ready
    4.   hosts: localhost
    5.   tasks:
    6.  
    7.   - packet_sshkey:
    8.       label: new
    9.  
    10.   - packet_device:
    11.       hostnames: [coreos-one, coreos-two, coreos-three]
    12.       operating_system: coreos_beta
    13.       plan: baremetal_0
    14.       facility: ewr1
    15.       project_id: <your_project_id>
    16.       wait_for_public_IPv: 4
    17.       user_data: |
    18.         #cloud-config
    19.         coreos:
    20.           etcd2:
    21.             discovery: https://discovery.etcd.io/<token>
    22.             advertise-client-urls: http://$private_ipv4:2379,http://$private_ipv4:4001
    23.             initial-advertise-peer-urls: http://$private_ipv4:2380
    24.             listen-client-urls: http://0.0.0.0:2379,http://0.0.0.0:4001
    25.             listen-peer-urls: http://$private_ipv4:2380
    26.           fleet:
    27.             public-ip: $private_ipv4
    28.           units:
    29.             - name: etcd2.service
    30.               command: start
    31.             - name: fleet.service
    32.               command: start
    33.     register: newhosts
    34.  
    35.   - name: wait for ssh
    36.     wait_for:
    37.       delay: 1
    38.       host: "{{ item.public_ipv4 }}"
    39.       port: 22
    40.       state: started
    41.       timeout: 500
    42.     loop: "{{ newhosts.results[0].devices }}"

    As with most Ansible modules, the default states of the Packet modules are idempotent, meaning the resources in your project will remain the same after re-runs of a playbook. Thus, we can keep the module call in our playbook. If the public key is already in your Packet account, the call will have no effect.

    The second module call provisions 3 Packet Type 0 (specified using the ‘plan’ parameter) servers in the project identified via the ‘project_id’ parameter. The servers are all provisioned with CoresOS beta (the ‘operating_system’ parameter) and are customized with cloud-config user data passed to the ‘user_data’ parameter.

    The packet_device module has a wait_for_public_IPv that is used to specify the version of the IP address to wait for (valid values are 4 or 6 for IPv4 or IPv6). If specified, Ansible will wait until the GET API call for a device contains an Internet-routeable IP address of the specified version. When referring to an IP address of a created device in subsequent module calls, it’s wise to use the parameter, or state: active in the packet_device module call.

    Run the playbook:

    1. $ ansible-playbook playbook_coreos.yml
    1.  $ ssh -i id_rsa [email protected]$one_of_the_servers_ip
    2.  ~ $ etcdctl cluster-health

    Once you create a couple of devices, you might appreciate the dynamic inventory script…

    Dynamic Inventory Script

    The dynamic inventory script queries the Packet API for a list of hosts, and exposes it to Ansible so you can easily identify and act on Packet devices. You can find it in Ansible’s git repo at contrib/inventory/packet_net.py.

    The inventory script is configurable via a .

    If you want to use the inventory script, you must first export your Packet API token to a PACKET_API_TOKEN environment variable.

    You can either copy the inventory and ini config out from the cloned git repo, or you can download it to your working directory like so:

    In order to understand what the inventory script gives to Ansible you can run:

    1. $ ./packet_net.py --list

    It should print a JSON document looking similar to following trimmed dictionary:

    1. {
    2.   "_meta": {
    3.     "hostvars": {
    4.       "147.75.64.169": {
    5.         "packet_billing_cycle": "hourly",
    6.         "packet_created_at": "2017-02-09T17:11:26Z",
    7.         "packet_facility": "ewr1",
    8.         "packet_hostname": "coreos-two",
    9.         "packet_href": "/devices/d0ab8972-54a8-4bff-832b-28549d1bec96",
    10.         "packet_locked": false,
    11.         "packet_operating_system": "coreos_beta",
    12.         "packet_plan": "baremetal_0",
    13.         "packet_state": "active",
    14.         "packet_updated_at": "2017-02-09T17:16:35Z",
    15.         "packet_user": "core",
    16.         "packet_userdata": "#cloud-config\ncoreos:\n  etcd2:\n    discovery: https://discovery.etcd.io/e0c8a4a9b8fe61acd51ec599e2a4f68e\n    advertise-client-urls: http://$private_ipv4:2379,http://$private_ipv4:4001\n    initial-advertise-peer-urls: http://$private_ipv4:2380\n    listen-client-urls: http://0.0.0.0:2379,http://0.0.0.0:4001\n    listen-peer-urls: http://$private_ipv4:2380\n  fleet:\n    public-ip: $private_ipv4\n  units:\n    - name: etcd2.service\n      command: start\n    - name: fleet.service\n      command: start"
    17.       }
    18.     }
    19.   },
    20.   "baremetal_0": [
    21.     "147.75.202.255",
    22.     "147.75.202.251",
    23.     "147.75.202.249",
    24.     "147.75.64.129",
    25.     "147.75.192.51",
    26.     "147.75.64.169"
    27.   ],
    28.   "coreos_beta": [
    29.     "147.75.202.255",
    30.     "147.75.202.251",
    31.     "147.75.202.249",
    32.     "147.75.64.129",
    33.     "147.75.192.51",
    34.     "147.75.64.169"
    35.   ],
    36.   "ewr1": [
    37.     "147.75.64.129",
    38.     "147.75.192.51",
    39.     "147.75.64.169"
    40.   ],
    41.   "sjc1": [
    42.     "147.75.202.255",
    43.     "147.75.202.251",
    44.     "147.75.202.249"
    45.   ],
    46.   "coreos-two": [
    47.     "147.75.64.169"
    48.   ],
    49.   "d0ab8972-54a8-4bff-832b-28549d1bec96": [
    50.     "147.75.64.169"
    51.   ]
    52. }

    In the ['_meta']['hostvars'] key, there is a list of devices (uniquely identified by their public IPv4 address) with their parameters. The other keys under ['_meta'] are lists of devices grouped by some parameter. Here, it is type (all devices are of type baremetal_0), operating system, and facility (ewr1 and sjc1).

    In addition to the parameter groups, there are also one-item groups with the UUID or hostname of the device.

    You can now target groups in playbooks! The following playbook will install a role that supplies resources for an Ansible target into all devices in the “coreos_beta” group:

    1. # playbook_bootstrap.yml
    2.  
    3. - hosts: coreos_beta
    4.   gather_facts: false
    5.   roles:

    Don’t forget to supply the dynamic inventory in the -i argument!

    1. $ ansible-playbook -u core -i packet_net.py playbook_bootstrap.yml