mesos/docker clusters with ironic: a match made in heaven
Post on 27-Jul-2015
1.055 Views
Preview:
TRANSCRIPT
1
Docker and Ironic:
A Match Made in Heaven
Scott Drennan
Vlad Gridin
Bernard Van De Walle
2
• Introduction to Containers
• Deployment approaches
• Using Ironic
• Example deployment
Docker and Ironic
3
Server Hardware
Hypervisor and/or Host OS
Guest OS
Guest OS
Libs/Bins
Libs/Bins
Apps Apps
Server Hardware
Host OS
Shared Libraries
Libs/Bins
Libs/Bins
Apps Apps
Virtualization (LXC/Docker)
Container Advantages
Single OS to manage
Lower overheads
Better hardware utilization
Simplified application life cycle management
(through Docker etc.)
Quick launch times
Container Issues
Linux on Linux only
Careful security considerations for multi-tenancy
Network and Storage multi-tenancy
Containers vs. Virtualization
4
Containers in VMs
One Deployment Approach…
5
Optimum performance and scale
Containers on bare metal
6
Security Considerations
7
Separate Clusters for security
Security zone A Security zone B
8
Interworking Docker with VMs
9
Solution: Use Ironic!
Ironic provision Bare Metals as a Service
Ironic Boot Glance Images directly on the
Hardware Servers
Each Host is assigned to one “Cluster” only:
Complete separation between Tenants.
Use a Hardware Gateway to receive the traffic
directly
Bare metals are directly connected to the
Hardware Gateway
Ironic will configure the Hardware Gateway Ports
10
Solution: Use Ironic!
Ironic provision Bare Metals as a Service
Ironic Boot Glance Images directly on the
Hardware Servers
Each Host is assigned to one “Cluster” only:
Complete separation between Tenants.
Use a Hardware Gateway to receive the traffic
directly
Bare metals are directly connected to the
Hardware Gateway
Ironic will configure the Hardware Gateway Ports
11
Solution: Use Ironic!
Ironic provision Bare Metals as a Service
Ironic Boot Glance Images directly on the
Hardware Servers
Each Host is assigned to one “Cluster” only:
Complete separation between Tenants.
Use a Hardware Gateway to receive the traffic
directly
Bare metals are directly connected to the
Hardware Gateway
Ironic will configure the Hardware Gateway Ports
12
Solution: Use Ironic!
Ironic provision Bare Metals as a Service
Ironic Boot Glance Images directly on the
Hardware Servers
Each Host is assigned to one “Cluster” only:
Complete separation between Tenants.
Use a Hardware Gateway to receive the traffic
directly
Bare metals are directly connected to the
Hardware Gateway
Ironic will configure the Hardware Gateway Ports
13
Solution: Per Cluster Networking
Secure and Clustered Networking
Ironic and Neutron Provision on
demand Each port of the Hardware
Gateway in order to provide
complete separation between the
physical Servers of different tenants.
14
Solution: High Performance Networking
Servers send non-encapsulated traffic using
the Physical NIC. No OVS!
Full Line-Speed is attained
No need for Neutron L3 Agent
15
Solution: Seamless Bare Metal/VM Networking
Bare Metals can go Beyond the Gateway to
reach VMs and other Object belonging to
the Tenant.
Seamless integration of the Bare Metal with
other Openstack objects (VMs,
Gateways,…)
16
Solution: Orchestration with Heat
Heat Templates define:
Bare Metal server to use
Network Topology
VMs to plug into those Networks
Complete end to end orchestration
17
Demonstration: Mesos Cluster launch
Let’s Deploy a Single Mesos Cluster.
The Mesos Master is a VM
Run by Nova-Compute
The Mesos Slaves are Bare Metals
Launched and provisioned by Ironic
The Hardware Gateway is a Nuage Gateway
The Network is created using Neutron
With Nuage Plugin
Heat is Orchestrating all the pieces.
18
Demonstration: Cluster 1
19
Demonstration: Bare Metal to VM communication:
Marathon
Let’s start a Second Mesos Cluster for a
Second Tenant.
20
• Nuage VSP, the true Hybrid Cloud
Demonstration: Cluster 2
21
Summary
• Ironic, Heat, Nova and Neutron
• Only L3-capable VXLAN gateway allows flexible DC design
• Consistent networking and policy enforcement across VMs and bare metal
22
What else?
• Networking and policy across bare metal, VMs and containers
• Demonstrated scale to 100k instances with fast and predictable convergence -
• Visit the Nuage booth for details
top related