Deploying Multi-Container Applicationswith Ansible Broker
11.7.2017
Eric Dubé, Senior Principal Product Manager, Red HatTodd Sanders, Director Software Engineering, Red Hat
Service Catalog and BrokersOpen Service Broker API and High-level Architecture
Ansible BrokerAnsible Playbook Bundle (APB) Definition
What’s New and Future PlansRoadmap Review
Live DemonstrationWalkthrough of Provision/Bind of selected services
More InformationAdditional information to get you started
QuestionsWhat can we answer for you?
Agenda
2
Service Catalog& Ansible Broker
3
Why Service Brokers?
SERVICE CONSUMER
SERVICE PROVIDER
☑ Open ticket☑ Wait for allocation☑ Receive credentials☑ Add to app☑ Deploy app
Manual, Time-consuming, Error-prone, and Inconsistent
4
SERVICE CONSUMER
SERVICE PROVIDER
SERVICE CATALOG
SERVICE BROKER
Brokers inform Service Catalog of the Service Classes it can provision
Service Consumer only interacts with Service Catalog, the details of the Brokers are largely hidden
Creates a process that is automated, standardized, and most importantly consistent
What is a Service Broker?
5
Service Broker Concepts
CONSUMER: user of service deployed by the catalog/broker
SERVICE: an offering that can be used by an app e.g. database
PLAN: a specific flavor of a service e.g. Gold Tier
SERVICE INSTANCE: an instance of the offering
PROVISION: creating a service instance
BIND: associate a service instance and its credentials to an app
SERVICE CONSUMER
SERVICE PROVIDER
SERVICE CATALOG
SERVICE BROKER
6
Service CatalogWhere Services Are Published
● Better experience for service consumers
● Streamlines “getting started” process
○ Task focused○ Key call outs○ Unified search○ Guided workflow
● Provision and manage services from a central interface
● Search option ensures quick access to all services
7
Service BrokersExpose and Provision Services
8
SERVICE CATALOG
AnsibleBroker
OpenShiftTemplateBroker
AWSServiceBroker
OtherServiceBrokers
ANSIBLE
OPENSHIFT
AMAZON WEB SERVICES
OTHER COMPATIBLE SERVICES
Ansible Playbook Bundles
OpenShiftTemplates
PublicCloudServices
OtherServices
SERVICE BROKERS
BETA
Open Service Broker APIDefines an HTTP interface between the services marketplace of a platform and service brokers
9
Background• Working group formed in September 2016; successor to Cloud Foundry Service Broker API• Multi-vendor project to standardize how services are consumed on cloud native platforms across
service providers• Service Broker is the component that implements the API, for which a platform's marketplace is a
client
Methods• Service brokers are responsible for advertising catalog of service offerings and service plans to the
marketplace, and acting on requests from the marketplace for:
• Catalog - Return service offerings• Provision - Create service• Deprovision - Delete service• Bind - Obtain credentials/coordinates for service• Unbind - Revoke credentials for service• Update - Change service instance parameters or service plan
Ansible Broker - Inspiration and GoalsWhat are we trying to accomplish?
10
Project Inspiration● Solution for defining and delivering “simple” to “complex” multi-container applications● Easy orchestration of services using a simple, lightweight application definition● Leverage a container image as transport mechanism for delivering application
○ Both application definition and container image can be hosted in the same location
Project Goals● Ensure technology is simple yet extensible enough to support deploying any application type
and combination of applications○ Must work with both new and pre-existing, canned application container images
● Build extensive application ecosystem deployable through the Kubernetes Service Catalog● Grow interest, participation, and adoption in the community as one of the prevailing methods
for provisioning applications on Kubernetes
Ansible BrokerOrchestrating Containerized Services
Ansible Broker Ansible Playbook Bundle● Lightweight application definition
(meta-container)● Simple directory employing:
○ Named playbooks [provision.yaml, bind.yaml, …] to perform Open Service Broker actions
○ Metadata containing a list of required / optional parameters during deployment
○ Embedded Ansible runtime
● Implementation of Open Service Broker API● Exposes services to Service Catalog● Provisions services using Ansible● Use cases:
○ Traditional S2I deployments○ Provisioning of pre-existing images○ Orchestration of external services○ Deploying multi-service solutions
● Define, extend, and deliver “simple” to “complex” multi-container services● Standardized approach for using Ansible to manage and provision applications● Leverage existing investment in Ansible roles/playbooks
11
Ansible BrokerHigh Level Architecture
ProvisionedService
Ansible Playbook BundleService
Consumer
Ansible Broker
Container ImageRegistry
Service BrokerService BrokerOther Service Brokers
Ansible Playbook Bundle • catalog
• provision • deprovision • bind • unbind • update
Service CatalogAPB services:
• MediaWiki • PostgreSQL • MariaDB • MySQL, etc.
Supports provisioning and binding of both on
and off-platform (public cloud)
services!
12
Ansible Playbook Bundle (APB)Definition Architecture
Description:
● Short-lived, lightweight container image consisting of a simple directory structure with:
○ Named “action” playbooks & deployment role○ Metadata:
■ required/optional parameters ■ service plans■ Image dependencies (provision vs bind)■ specification version
○ Ansible runtime environment● Designed to orchestrate pre-existing containerized
application images● Developer tooling provides simple, guided approach
to APB creation● Easily modified or extended
Ansible Runtime
Directory of files
Ansible Playbook Bundle (APB) Definition
provision.yaml
deprovision.yaml
bind.yaml
unbind.yaml
update.yaml
DeploymentRole
provision.yaml = Installdeprovision.yaml = Uninstallbind.yaml = Grantunbind.yaml = Revokeupdate.yaml = Upgradetest.yaml = Testabp.yaml = Metadata
MinimalLinux Image
apb.yaml
test.yaml
13
Ansible Broker AdvantagesWhy is it better than other provisioning technologies?
● Capable of orchestrating both on- and off-platform services○ Not limited to deploying just local services like most provisioning technologies○ Provision and manage remote services and even those hosted in public clouds
● Highly customizable binding operations between services● APB packaging makes it easy to distribute since definition can be hosted in same
registry as application● Application provisioning can be tied to the successful startup of dependent services
○ Ensure all dependent services are fully operational before starting your application■ Example: Check that a database has fully initialized and ready to accept connections prior to provisioning
your application● Support for complex conditional logic enabling better control of deployed services
Anything you can do with Ansible, you can do in an APB!14
OpenStack Integration
15
Why use Ansible Broker?
● Better control and greater flexibility when deploying services than with other orchestration technologies
○ Able to solve many of the problems plaguing existing solutions today:■ Dependent service startup synchronization■ Robust service control using conditional logic■ Ability to provision and manage services both locally and remote
● Engaged with upstream to build OpenStack PoC orchestrated by Ansible○ Once playbooks have been created for deploying OpenStack services these can easily be
turned into APBs for provisioning with Ansible Broker● Looking for broader community collaboration to help with the development
of OpenStack Service APB’s○ End goal is to support the deployment of an entire OpenStack environment using APB’s
(with all deployed services managed by Kubernetes)
Roadmap Review
16
Development Plan & Application EcosystemOpenShift Origin and Kubernetes
● Primary development is currently being done within OpenShift Origin community○ ‘CatASB’ project enables anyone to easily stand-up an Origin environment with both Kubernetes
Service Catalog and Broker enabled at startup
● Support for pure Kubernetes environments nearly completed○ Extends broker technology to be used outside of typical PaaS environments
■ Leverage technology to also deploy infrastructure environments
● Looking to grow adoption and build-out application ecosystem ○ Not only in the community but also with commercial ISVs○ Ever growing list of examples and documentation enables developers to quickly create new APB’s○ In the process of building community presence / website to streamline navigation of content
17
OpenShift Origin 3.6.0
• New Web UI with Kubernetes Service Catalog• Allows a service consumer to select and manage services
via standard operations• Service Catalog interacts with Brokers through a
standard API• Open Service Broker API
• Support for multiple Brokers within Service Catalog instance
• Includes Template and Ansible Brokers• Several APB services examples available
• Targeted at deploying example applications to learn about this new technology
• Not yet intended for APB creation• No tooling included for creating APBs, but can be
obtained externally
OpenShift Origin 3.7.0
• Service Broker and Service Catalog hardening• Supports use with ‘production’ workloads
• Secure connectivity between Service Catalog and Broker• Support for multiple service plans
• Example: Bronze, Silver, and Gold plans• New APB services
• Popular services (such as databases)• Commercial third-party ISV applications
• Multiple concurrent source adapters• Broker instance can connect to multiple image registries
• APB “test” directive• Define a functional test for checking deployed service
• Developer tooling included providing guided approach to APB creation
Release PlansWhat’s new for Service Catalog and Ansible Broker
18
• Open Service Broker API ‘update’ operation support(allows changes to parameters and service plans)
• Improved broker service scaling
• MiniShift support (develop on a Mac)
• Internationalization/Localization
• Additional source adapters• Github, AWS ECR
• Improved verification/checking of deployed services
• Injectable custom configuration options within UI during provision operation
• Enhanced support of multiple bindings for services
• Explore Broker use cases outside of Service Catalog
• Ansible Galaxy integration
• Support for additional deployment models• Provision into users own namespace• Provision into our own namespace• Full remote (not within OpenShift cluster)
• Better APB dependency support
• Intelligent requires/provides information in APB
• Split runtime; separate linux runtime from APB orchestration code
• Async bind/unbind support (requires API changes)
• Add ‘test’ operation support to upstream OSB API
Future Directions & DevelopmentWhat’s Planned?
19
Service Provisioning & Binding Demo
20
21
Live DemoWalkthrough
Steps: Initial Provisioning + Binding1. Create new Project2. Provision Backend of Web Application (PostgreSQL + Python API + Data Seeding) - DogAPI3. Provision Frontend of Web Application (Django) - Random Image Viewer4. Bind Frontend to Backend
Steps: External Saas Provider1. Provision External SaaS API - CatAPI2. Bind Frontend of Web Application to External SaaS API
Steps: Update Service Instance1. Update Web Application - Album Title Parameter
Origin/Kubernetes Cluster
22
PODsDog API
Random Image Viewer(Django)
PostgreSQL
Demo ApplicationInternal Backend
Random Image Viewer APB
Dog API APB “Back-end”
“Front-end”
Origin/Kubernetes Cluster
23
Dog API
Random Image Viewer(Django)
PostgreSQL
Demo ApplicationExternal SaaS Backend
Random Image Viewer APB
Dog API APB
External Cloud Service
Cat API
PostgreSQLCat API APB
New Binding
More Information
24
Community Applications and ServicesBuilding an APB ecosystem
25
● Central location where community developed APB’s can be contributed
○ Hosted within a single Github organization: ‘ansibleplaybookbundle’
○ Individual APBs reside in their own repos
● CI for doing sanity checking on all submitted PR’s
● Automated builds and publishing of APB’s to publicly accessible container registry
Continually growing portfolio of applications:
● PostgreSQL, Jenkins, MediaWiki, Wordpress, The Lounge, Hastebin, Etherpad, MariaDB, MySQL, AWS RDS MySQL, Rocket.Chat, Nginx, ManageIQ, … https://github.com/ansibleplaybookbundle
Demo Environment
26
Simple mechanism for quickly spinning up an environment to try out Ansible Broker:
● CatASB Project○ Only takes ~5 minutes to install○ Location: https://github.com/fusor/catasb/tree/master/local/linux#testing-downstream-images
• Ansible playbooks that use ‘oc cluster up --service-catalog’• Able to use downstream pre-built images if --rcm flag is passed• Runs locally on Linux, Mac, or provision to Amazon’s EC2 environment
Note: There are some environment differences with how Ansible Broker is installed via ‘catasb’ that is not an exact match to a downstream environment deployed with ‘atomic-openshift-installer’
How do I install it?
Ansible Broker
27
Project Information
• Public Mailing List: [email protected]
• IRC (Freenode): #asbroker
• Project Links:• https://github.com/openshift/ansible-service-broker#project-related-links
• YouTube Channel: https://www.youtube.com/channel/UC04eOMIMiV06_RSZPb4OOBw• Deploying MediaWiki and PostgreSQL from Image Registry
• https://www.youtube.com/watch?v=3fLkcHJBnfc
• Points of Contact:• Product Manager: Eric Dubé [email protected]
• Engineering Manager: Todd Sanders [email protected]
• Technical Lead: John Matthews [email protected]
Thanks. Cheers.Questions?
Extra Slides
29
Discover APBs: DogAPI & RandomViewer
30
Ansible Broker
ContainerRegistry
DogAPI APB
RandomViewer APB
Service Consumer
Service Catalog
Provision DogAPI: Run ‘provision.yaml’
31
Ansible Broker
ContainerRegistry
DogAPI APB
RandomViewer APB
Service Consumer
Service Catalog
DogAPI APB
ansible-playbook provision.yaml $varsoc run $imagename $method $vars
Provision DogAPI: Creates PostgreSQL + API
32
Ansible Broker
ContainerRegistry
DogAPI APB
RandomViewer APB
Service Consumer
Service Catalog
PostgreSQL
DogAPI APB
ansible-playbook provision.yaml $vars API
DogAPI (Backend) is up & APB terminates
33
Ansible Broker
ContainerRegistry
Service Consumer
Service Catalog
PostgreSQL
API
DogAPI APB
RandomViewer APB
Provision RandomViewer: Run ‘provision.yaml’
34
Ansible Broker
ContainerRegistry
DogAPI APB
RandomViewer APB
Service Consumer
Service Catalog
PostgreSQL
RandomViewer APB
API
ansible-playbook provision.yaml $vars
Provision RandomViewer: Creates Service
35
Ansible Broker
ContainerRegistry
DogAPI APB
RandomViewer APB
Service Consumer
Service Catalog
PostgreSQL
RandomViewer APB
API
ansible-playbook provision.yaml $vars
RandomViewer
RandomViewer (frontend) is up & APB terminates
36
Ansible Broker
ContainerRegistry
DogAPI APB
RandomViewer APB
Service Consumer
Service Catalog
PostgreSQL
API
RandomViewer
Create Binding: Launch APB, Run bind.yaml
37
Ansible Broker
ContainerRegistry
DogAPI APB
RandomViewer APB
Service Consumer
Service Catalog
PostgreSQL
API
RandomViewer
DogAPI APB
ansible-playbook bind.yaml $vars
Binding
Secret created by Service Catalog
38
Ansible Broker
ContainerRegistry
DogAPI APB
RandomViewer APB
Service Consumer
Service Catalog
PostgreSQL
API
RandomViewer
Binding
Secret
Secret added to Application Deployment Config
39
Ansible Broker
ContainerRegistry
DogAPI APB
RandomViewer APB
Service Consumer
Service Catalog
PostgreSQL
API
RandomViewer
Binding
Secret
What is the “bind” operation doing?
40
Ansible Broker
Service Catalog
RandomViewer
Credentials
DogAPI APBService Catalog makes a Secret available for Pod
APB returns credentials of
service to broker
Service Consumer
PostgreSQL
API