building docker images with puppet
TRANSCRIPT
Building Docker Images
With PuppetNick Jones, DataCentred
@yankcrime
Schedule
DataCentred overview
Why Docker
Why PuppetDemo
Problems / solutions
Wrap-up
OpenStack
Keystone, Nova, Neutron, Glance, Cinder, Horizon, etc.
KVMOpen vSwitchControl, compute, network, data nodes
OpenStack Services
GaleraRabbitMQMongoDB
MemcacheApache httpdHaproxy & keepalived
Ceph
Loadbalancers
GatewaysMonitors
OSDs
Monitoring
Icinga2Telegraf, InfluxDB, Grafana
ElasticSearch, Logstash, Kibana
Services
CI - JenkinsDNS, TFTP, DHCP
IPAMMirrors
Puppet
Puppet MasterPuppetDBPuppet CAForeman
ಠ_ಠ
Puppet
With Puppet you use a common language to describe what you want your infrastructure to look like, and Puppet makes it happen - and helps you keep it that way.
OpenStack Infrastructure Overview
OpenStack Control Nodes
OpenStack Control Node
Why Docker
Consolidate OpenStack components into discrete building blocksMix-and-match versions of components
Ease the pain of upgrades
Why Configuration Management
Need to build custom images
Harness the power of something that's the right tool for the job
Puppet incumbent for configuration management, would like to reuse data
Make the two work together
Assumptions
Containers should be ephemeral
Running SSH in a container is out
Running Puppet as an agent in a container is out
Typical Dockerfile
FROM phusion/baseimage:0.9.15
ENV HOME /rootENV LANG en_US.UTF-8
RUN locale-gen en_US.UTF-8RUN ln -s -f /bin/true /usr/bin/chfnRUN apt-get update && apt-get -y upgrade
[..]
RUN apt-get remove -y --auto-remove openstack-dashboard-ubuntu-themeADD local_settings.py /etc/openstack-dashboard/local_settings.pyVOLUME ["/etc/openstack-dashboard"]ADD openstack-dashboard.conf /etc/apache2/conf-available/openstack-dashboard.confADD start_memcached.sh /etc/service/memcached/runADD start_apache2.sh /etc/service/apache2/run
With Puppet
FROM puppet:latestMAINTAINER Nick Jones "[email protected]"
ENV FACTER_role='horizon'
RUN puppet apply --verbose \ --modulepath /puppet/modules \ --hiera_config /puppet/hiera.yaml \ --manifestdir /puppet/ /puppet/default.pp
RUN apt-get -y clean && rm -rf /puppet
EXPOSE 80
CMD ["/usr/bin/supervisord", "-n"]
Another Example
FROM puppet:latestMAINTAINER Nick Jones "[email protected]"
ENV FACTER_role='database'ENV FACTER_container='dischord_database'
RUN puppet apply --debug --verbose \ --modulepath /puppet/modules \ --hiera_config /puppet/hiera.yaml \ --manifestdir /puppet/ /puppet/default.pp
RUN apt-get -y clean && rm -rf /puppet
EXPOSE 3306VOLUME /var/lib/mysql
CMD ["/usr/bin/supervisord", "-n"]
Database Container
database.yaml:classes: - '::profile::mariadb'
dischord_database.yaml:databases: 'fever': 'user': 'fever' 'password': 'xxx' 'host': '%'
service: 'mariadb-server': 'command': '/usr/sbin/mysqld'
Puppet
class profile::mariadb {
include ::mysql::server
create_resources(::mysql::db, hiera('databases'))
}
Demo
Building a Horizon image
What doesn't work so well
Repo data in images
Breaks image layers philosophy
Puppet modules not handling container behaviour
Lack of support in Puppet's RAL for minimal distros
Solutions
Mount configuration data repo at build - Rocker!
Build APIOCI Image Format SpecificationAlternative configuration management tools:
—mgmt—Habitat
Questions?
References
https://puppet.com/blog/building-puppet-based-applications-inside-docker
http://dischord.org/2016/03/27/docker-and-puppet/
https://github.com/purpleidea/mgmt
https://github.com/puppetlabs/puppet-rocker-demo
https://www.habitat.shhttps://github.com/grammarly/rocker