deploying multi-container applications on openshift ...€¦ · deploying multi-container...
TRANSCRIPT
ANSIBLE SERVICE BROKERDeploying multi-container applications on OpenShift
Todd SandersJohn MatthewsOpenShift Commons Briefing
May 31, 2017
2
● API working group formed in September 2016, officially announced December; successor to CF Service Broker API
● API defines an HTTP interface between the services marketplace of a platform and service brokers● Service Broker is the component of the service that implements the Service Broker API, for which a
platform's marketplace is a client● Service brokers are responsible for advertising a catalog of service offerings and service plans to the
marketplace, and acting on requests from the marketplace for:○ Provisioning, binding, unbinding, and deprovisioning○ Provisioning reserves a resource (service instance)○ Binding typically generates credentials necessary for accessing the resource or provides the service
instance with information for a configuration change● Platform marketplace may expose services from one or many service brokers● Individual service broker may support one or many platform marketplaces using different URL prefixes
and credentials● Backed by numerous industry leaders including Fujitsu, Google, IBM, Pivotal, Red Hat, and SAP
Open Service Broker APIOverview
ANSIBLE SERVICE BROKEROrchestrating OpenShift Services
● Define, extend, and deliver “simple” to “complex” multi-container OpenShift services● Standardized approach to using Ansible to manage and provision applications● Leverage existing investment in Ansible roles/playbooks● Easy management of applications for “simple” cloud-native apps
Ansible Service Broker● Embraces Service Catalog and Open Service
Broker API concepts● Supports:
○ Traditional S2I deployments○ Provisioning of pre-existing images○ Orchestrating external services○ Deploying multi-service solutions
Ansible Playbook Bundle● Lightweight application definition (meta-container)● Simple directory employing:
○ Named playbooks [provision, bind, …] to perform Open Service Broker actions
○ Metadata containing a list of required / optional parameters during deployment
○ Embedded Ansible runtime
ANSIBLE SERVICE BROKER - Architecture
Service Consumer
Ansible Service Broker
Red Hat Container Catalog
Ansible Playbook Bundle
Service BrokerService BrokerService Broker
Ansible Playbook Bundle
OpenShiftService
oc run $appname $method $vars
ansible-playbook $method.yaml $vars
• catalog • provision • deprovision • bind • unbind
OpenShift Mall / Service Catalog
Example Ansible Playbook Bundles:
• ELK, Etherpad, Foreman, Galera • ManageIQ, MongoDB, PostgreSQL • Foreman, Pulp, Wordpress • External MLAB MongoDB SaaS • and more...
Supports provisioning of and binding to
both on-platform and off-platform (public cloud)
services!
ANSIBLE PLAYBOOK BUNDLE (APB)Definition
● Simple directory with named “action” playbooks and metadata.
● Metadata:○ required/optional parameters ○ dependencies (provision vs bind)
● Leverages existing investment in Ansible Roles / Playbooks.
● Developer Tooling to drive guided approach.● Easily modified or extended.
ANSIBLE PLAYBOOK BUNDLE (APB)A Closer Look
Steps to create an APB:
1. Create apb.yml2. Create Ansible Playbooks3. apb prepare
a. Creates Dockerfile with image labels4. Build container
ANSIBLE PLAYBOOK BUNDLE (APB)abp.yaml
abp.yml
playbooks
provision.yml
deprovision.yml
Dockerfile
name: helloworld-apbimage: myorg/helloworld-apb
parameters: - name: namespace type: string default: hello-world-apb
- name: message type: string default: "Hello World"
ANSIBLE PLAYBOOK BUNDLE (APB)provision.yml
abp.yml
playbooks
provision.yml
deprovision.yml
Dockerfile
- name: Deploy sampleapp hosts: localhost connection: local tasks: - name: create namespace shell: "oc new-project {{ ns }}"
- name: create app dc shell: "oc create -n {{ ns }} -f sampleapp.yml"
ANSIBLE PLAYBOOK BUNDLE (APB)deprovision.yml
abp.yml
playbooks
provision.yml
deprovision.yml
Dockerfile
- name: Uninstall sampleapp hosts: localhost connection: local tasks: - name: delete namespace shell: "oc delete project {{ ns }}"
ANSIBLE PLAYBOOK BUNDLE (APB)Dockerfile - Ansible runtime for base image
abp.yml
playbooks
provision.yml
deprovision.yml
Dockerfile
FROM ansibleplaybookbundle/apb-base
LABEL "com.redhat.apb.version"="0.1.0"LABEL "com.redhat.apb.spec"=”...<base64 encoded apb.yml data >…”
ADD roles /opt/ansible/rolesADD playbooks /opt/apb/actions
RUN useradd -u 1001 -r -g 0 -M -b /opt/apb -s /sbin/nologin -c "apb user" apbRUN chown -R 1001:0 /opt/{ansible,apb}USER 1001
ANSIBLE PLAYBOOK BUNDLE (APB)Ansible 2.4 will include k8s/openshift modules
- name: create namespace shell: "oc new-project {{ ns }}"
- name: create route shell: "oc create -n {{ ns }} -f route.yml"
apiVersion: v1kind: Routespec: port: targetPort: port-80 <snip>
- openshift_v1_project: name: '{{ ns }}'
- openshift_v1_route: name: wordpress namespace: '{{ ns }}' port_target_port: 80
Playbook - Executes oc commands directly Playbook - Leverages Ansible Modules for K8S/OCP
https://github.com/openshift/openshift-restclient-python
Download Postgres APB
Service Consumer
Ansible Service Broker
Red Hat Container Catalog
postgres-demo-apb
OpenShift Mall / Service Catalog
Run provision.yaml from postgres-demo-apb
Service Consumer
Ansible Service Broker
Red Hat Container Catalog
postgres-demo-apb
postgres-demo-apb
oc run $appname $method $vars
ansible-playbook $method.yaml $vars
OpenShift Mall / Service Catalog
Postgres is now running
Service Consumer
Ansible Service Broker
Red Hat Container Catalog
postgres-demo-apb
postgres-demo-apb
oc run $appname $method $vars
ansible-playbook $method.yaml $vars
OpenShift Mall / Service Catalog
Pod: postgres-demo
Create WebApp
Service Consumer
Ansible Service Broker
Red Hat Container Catalog
postgres-demo-apb
postgres-demo-apb
oc run $appname $method $vars
ansible-playbook $method.yaml $vars
OpenShift Mall / Service Catalog
Pod: postgres-demo
S2I Created Python WebApp
Bind Postgres to WebApp
Service Consumer
Ansible Service Broker
Red Hat Container Catalog
postgres-demo-apb
postgres-demo-apb
oc run $appname $method $vars
ansible-playbook provision.yaml $vars
OpenShift Mall / Service Catalog
POD: postgres-demo
S2I Created Python WebApp
Bind connects the WebApp to the
Database
What is Bind Doing? Ansible Service Broker postgres-demo-apb
OpenShift Mall / Service Catalog
Pod: postgres-demo
S2I Created Python WebApp
APB returns credentials of
service to BrokerService Catalog
injects credentials into pod
Credentials
PostgreSQL APB: https://github.com/fusor/apb-examples/tree/master/postgresql-demo-apb
apb.yml Dockerfile playbooks provision.yaml roles postgresql-demo-apb-openshift defaults main.yml files airports.ddl airports.sql tasks
main.yml
- name: create service k8s_v1_service: name: postgresql namespace: '{{ namespace }}' state: present labels: app: postgresql-demo-apb service: postgresql selector: app: postgresql-demo-apb service: postgresql ports: - name: port-5432 port: 5432 protocol: TCP target_port: 5432 register: postgres_service
https://github.com/fusor/apb-examples
23
Ansible Service BrokerMore Information
● Email: [email protected]● IRC (Freenode): #asbroker● Trello: https://trello.com/b/50JhiC5v/ansible-service-broker● Github:
○ https://github.com/fusor/ansible-service-broker○ https://github.com/fusor/ansible-playbook-bundle
● Library of example APBs: https://github.com/fusor/apb-examples○ ManageIQ, Etherpad, Wordpress, ELK Stack
● YouTube Channel: https://www.youtube.com/channel/UC04eOMIMiV06_RSZPb4OOBw○ Using the Service Catalog to Bind a PostgreSQL APB to a Python Web App
■ https://www.youtube.com/watch?v=xmd52NhEjCk○ Service Catalog deploying ManageIQ APB on to OpenShift
■ https://www.youtube.com/watch?v=J6rDssVEZuQ● Docker hub published APBs
○ https://hub.docker.com/u/ansibleplaybookbundle/