IBM Cloud Docs
Schematics actions

Schematics actions

Schematics actions delivers Ansible-as-a-Service capabilities for you to automate configuration and management of your IBM Cloud environment, and deploy complex multitier apps to your cloud infrastructure.

To get started with Configuration Management with Ansible in Schematics, see Getting started tutorial.

Schematics actions overview

Ansible is a configuration management and provisioning tool. The blog Infrastructure as Code: Chef, Ansible, Puppet, or Terraform? provides an overview of several popular open-source IaC tools and summarizes their capabilities and relative strengths.

It is designed to automate the configuration, operation, and management of cloud environments, and to deploy multitiered app workloads in the cloud. Ansible uses YAML syntax to describe the tasks that must be run against a single host or a group of hosts, and stores these tasks in an Ansible playbook.

Ansible does not use agents or a custom security infrastructure that must be present on a target machine to work properly. Instead, Ansible securely connects to compute hosts over the public network by using SSH keys. To bring a resource to the required state, Ansible pushes modules to the managed host that run the tasks in your Ansible playbook. After the tasks are executed, the result is returned to the Ansible server and the module is removed from the managed host. Ansible modules are idempotent such that executing the same playbook or operation multiple times returns the same result as resources are changed only if required. For more information about Ansible, check out this video.

Configuration Management with actions and Ansible
Configuration Management with actions and Ansible

Using your supplied playbooks, Schematics runs the Ansible engine to execute your playbook. Ansible, tasks, roles and playbooks can perform provisioning tasks through the IBM Cloud APIs through HTTPS, or configuration of compute instances (virtual servers) using SSH. Server configuration is performed through SSH over the public network. To maintain security for your environment, use of a bastion host to provide a secure gateway to your compute infrastructure is strongly encouraged.

It is your responsibility as a user to ensure suitable network policies and bastion host configuration are in place for their cloud environment to allow Schematics to connect through SSH to your environment. See Schematics firewall, allowed IPs for details of the IP addresses Schematics uses and must be allowed access. When using a bastion host, SSH forwarding is used to connect to the target VSIs. The command ssh -J bastion-ip vsi-ip can be used to validate access to the target hosts. Actions is only supported with IBM Cloud VPC VSIs.

Example as-is IBM Cloud® VPC configurations with bastion hosts are available in the Cloud-Schematics repo. Follow the tutorial Discover best-practice VPC configuration for application deployment for guidance on creating a suitable network configuration.

Using Actions

To use Ansible capabilities in Schematics, you create an action that points to the Ansible playbook that you want to run.

  1. Add tasks to your playbook: Use Ansible YAML syntax to describe the configuration tasks that you want to run on your cloud infrastructure, such as installing software or starting, stopping, and rebooting a virtual server. You add these tasks to an Ansible playbook and store the playbook in a GitHub, GitLab, or Bitbucket repository to ensure source control and enable collaboration, review, and auditing in your organization. If you are not familiar with Ansible, you can use one of the IBM provided playbooks, or browse the Ansible Galaxy library.
  2. Create a Schematics action: When you create an action, you point your action to the repository that stores your Ansible playbook and select a target playbook to execute.
  3. Define your inventory: Then, you select the cloud resources where you want to run the tasks that are defined in your Ansible playbook. To protect your cloud resources, you can further set up a bastion host in front of your target hosts that proxies all Ansible SSH connections to the target hosts. See creating resource inventories for details of how to define an inventory.
  4. Run your action: When you are ready to configure your cloud resources, you can run your action. Schematics uses the built-in Ansible engine to connect to your target hosts through SSH, and execute the tasks that are defined in your Ansible playbook. You can monitor the progress by reviewing the logs.

Next steps

So far you have learned about Schematics actions. The following are some next steps to explore.