mesos/docker clusters with ironic: a match made in heaven

1

Docker and Ironic:

A Match Made in Heaven

Scott Drennan

Vlad Gridin

Bernard Van De Walle

2

• Introduction to Containers

• Deployment approaches

• Using Ironic

• Example deployment

Docker and Ironic

3

Server Hardware

Hypervisor and/or Host OS

Guest OS

Guest OS

Libs/Bins

Libs/Bins

Apps Apps

Server Hardware

Host OS

Shared Libraries

Libs/Bins

Libs/Bins

Apps Apps

Virtualization (LXC/Docker)

Container Advantages

Single OS to manage

Lower overheads

Better hardware utilization

Simplified application life cycle management

(through Docker etc.)

Quick launch times

Container Issues

Linux on Linux only

Careful security considerations for multi-tenancy

Network and Storage multi-tenancy

Containers vs. Virtualization

4

Containers in VMs

One Deployment Approach…

5

Optimum performance and scale

Containers on bare metal

6

Security Considerations

7

Separate Clusters for security

Security zone A Security zone B

8

Interworking Docker with VMs

9

Solution: Use Ironic!

Ironic provision Bare Metals as a Service

Ironic Boot Glance Images directly on the

Hardware Servers

Each Host is assigned to one “Cluster” only:

Complete separation between Tenants.

Use a Hardware Gateway to receive the traffic

directly

Bare metals are directly connected to the

Hardware Gateway

Ironic will configure the Hardware Gateway Ports

10




Hardware Servers




directly


Hardware Gateway


11




Hardware Servers




directly


Hardware Gateway


12




Hardware Servers




directly


Hardware Gateway


13

Solution: Per Cluster Networking

Secure and Clustered Networking

Ironic and Neutron Provision on

demand Each port of the Hardware

Gateway in order to provide

complete separation between the

physical Servers of different tenants.

14

Solution: High Performance Networking

Servers send non-encapsulated traffic using

the Physical NIC. No OVS!

Full Line-Speed is attained

No need for Neutron L3 Agent

15

Solution: Seamless Bare Metal/VM Networking

Bare Metals can go Beyond the Gateway to

reach VMs and other Object belonging to

the Tenant.

Seamless integration of the Bare Metal with

other Openstack objects (VMs,

Gateways,…)

16

Solution: Orchestration with Heat

Heat Templates define:

Bare Metal server to use

Network Topology

VMs to plug into those Networks

Complete end to end orchestration

17

Demonstration: Mesos Cluster launch

Let’s Deploy a Single Mesos Cluster.

The Mesos Master is a VM

Run by Nova-Compute

The Mesos Slaves are Bare Metals

Launched and provisioned by Ironic

The Hardware Gateway is a Nuage Gateway

The Network is created using Neutron

With Nuage Plugin

Heat is Orchestrating all the pieces.

18

Demonstration: Cluster 1

19

Demonstration: Bare Metal to VM communication:

Marathon

Let’s start a Second Mesos Cluster for a

Second Tenant.

20

• Nuage VSP, the true Hybrid Cloud

Demonstration: Cluster 2

21

Summary

• Ironic, Heat, Nova and Neutron

• Only L3-capable VXLAN gateway allows flexible DC design

• Consistent networking and policy enforcement across VMs and bare metal

22

What else?

• Networking and policy across bare metal, VMs and containers

• Demonstrated scale to 100k instances with fast and predictable convergence -

• Visit the Nuage booth for details

mesos/docker clusters with ironic: a match made in heaven

Technology

hardware gateway ironic

hardware servers

hardware gateway ports

ironic provision bare

clustered networking

bare metal server

complete separation

security security zone