openstackcontained · copyright©2015, oracleand/oritsaffiliates.allrights*reserved.**|...

Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |

OpenStack ContainedUsing Docker containers to deploy OpenStack

Wiekus Beukes Software Development Senior Director Oracle OpenStack for Oracle Linux August 2015


Safe Harbor Statement

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

3


Agenda

Docker

Dockerizing OpenStack

Kolla

Kolla CLI

Putting it all together

3

4

2

5

1

4

Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted

DockerWhy?

• Run everywhere – Regardless of host distro – Physical or virtual – Container architecture must match host

• Run anything – If it can run on the host, it can run in the container – If it can run on a Linux kernel, it can run in the container

5

What? • High Level—It’s a lightweight VM –Own process space – Can have own network interface – Can run stuff as root – Can have its own /sbin/init (different from host)

• Low Level—It’s chroot on steroids – Shares kernel with host – No device emulation (not HVM or PV)


DockerPros

• Immutable • Portable • Fast • App focused experience • Massive community • Branding • Growth

6

Cons • Green • Dockerizing OpenStack is even greener • Additional complexity • Difficult to audit


DockerDocker System

7

Dockerfile

Docker

Host 1 (Linux OS)

Container A

Docker Images Registry

Docker

Build

Push Pull

Container B

Container A

Host 2 (Linux OS)


Agenda

Docker


Kolla

Kolla CLI


3

8

5

2

4

1



• Create Docker images for all OpenStack components –OpenStack has many services • Keystone, Nova, Swift, Cinder, Glance, Neutron, Heat….

– Each service can have one or more components • For example Nova: API, Scheduler, Conductor etc.

– Docker best practices calls for one function/process per container • All of this boils down to having to create a significant number of docker images (around 45 for the base services)

– This now presents us with a new problem, managing a large amount of Docker containers over many hosts

What does it mean?

9



• Simplify deployments and ongoing operations – Breaking up the OpenStack services up into the micro services (Docker containers), each micro service becomes an atomic unit of management such as deployment, upgrading, scaling, etc.

• Repeatable, reliable and fast – As long as the Docker containers are idempotent • Patching, upgrading the docker containers are atomic • The patches are applied upstream to the docker image – Tags are then used for rolling forward and backward

What does it buy you?

10


Agenda

Docker


Kolla

Kolla CLI


2

11

5

3

4

1


Kolla

• OpenSource project is hosted on StackForge (soon to change) – The project has already obtained approval to move into the big tent and is in the process of moving

• Kolla’s manifest – Kolla provides production-‐ready containers and deployment tools for operating OpenStack clouds

• Goal – Scalable, fast, reliable, and upgradable OpenStack clouds using community best practices

• Prebuilt Docker images -‐ not currently intended for production use – https://registry.hub.docker.com/repos/kollaglue

• Deployment tools – Ansible playbooks

What exactly is it?

12

whttps://registry.hub.docker.com/repos/kollaglue


KollaWho is contributing?

13


Kolla

• Provide all the Dockerfiles to build the OpenStack services Docker container images – A simple Python script to build all the images using the Dockerfiles and optionally push them to a private registry – Can build from both source (pull from github) or binary (RPMs/Debs -‐ for example RDO) – Source builds allow the build to pick up patches/releases that have not yet made it into the distros yet

• Provide start/config scripts that live inside the images to start/config the specific OpenStack service – Currently support three modes for configuration – CONFIG_INTERNAL – Use environment variables to create the OpenStack config file in the container -‐ Deprecated

– CONFIG_EXTERNAL_COPY_ALWAYS – Copy the Ansible generated config file into the container every time at startup

– CONFIG_EXTERNAL_COPY_ONCE – Copy the Ansible generated config file into the container only at initial startup -‐ Default

What does it do?

14


KollaHow does it work -‐ an example

15

base

glance-‐api

glance-‐base

FROM oraclelinux

FROM %%KOLLA_NAMESPACE%%/%%KOLLA_PREFIX%%base:%%KOLLA_TAG%%

FROM %%KOLLA_NAMESPACE%%/%%KOLLA_PREFIX%%glance-base:%%KOLLA_TAG%%


Kolla -‐ Dockerfiles

16

FROM %%KOLLA_NAMESPACE%%/%%KOLLA_PREFIX%%base:%%KOLLA_TAG%%MAINTAINER Kolla Project (https://launchpad.net/kolla)

ADD ./glance.tar /RUN ln -s /glance-* /glance

RUN cd /glance \ && pip install -r requirements.txt \ && pip install /glance \ && mkdir /etc/glance /var/log/glance \ && cp -r /glance/etc/* /etc/glance/ \ && rm -rf /root/.cache

COPY config-glance.sh /opt/kolla/CMD ["/start.sh"]

123456789

101112131415

FROM %%KOLLA_NAMESPACE%%/%%KOLLA_PREFIX%%glance-base:%%KOLLA_TAG%%MAINTAINER Kolla Project (https://launchpad.net/kolla)

COPY start.sh check.sh /

COPY config-internal.sh config-external.sh /opt/kolla/CMD ["/start.sh"]

12345678


Kolla

17

#!/bin/bashset -o errexit

CMD="/usr/bin/glance-api"ARGS=""

# Loading common functions.source /opt/kolla/kolla-common.sh

# Config-internal script exec out of this function, it does not return here.set_configs

# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases# of the KOLLA_BOOTSTRAP variable being set, including empty.if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then su -s /bin/sh -c "glance-manage db_sync" glance exit 0fi

exec $CMD $ARGS

123456789

1011121314151617181920

glance-‐api start script


Kolla

This example just scratched the surface of what is available

For more information visit

https://github.com/stackforge/kolla

18

https://github.com/stackforge/kolla


Agenda

Docker


Kolla

Kolla CLI


1

3

19

4

2

5


Kolla CLI

• Possible to use the Ansible playbook directly – But who wants to use vi to configure inventory files etc.

• Kolla expect hosts to be pre-‐configured – Although it is technically possible to do using Ansible, it is not part of Kolla

• Docker private registry –Most deployments will not allow the controller domains of the hypervisors to access the internet directly

• Ansible configuration HA – Replicating the Ansible config over multiple hosts to ensure operation when the primary Ansible config goes offline

Using Kolla to deploy OpenStack is awesome, but how do you actually use it?

20


Kolla CLISimple syntax

21

kollacli host [list] [add 'host name' 'host address’] [remove 'host name’] [check 'host name’] [install 'host name' ‘password’] [addservice 'host name' 'service name’] [removeservice 'host name' 'service name’] [setzone 'host name' 'zone name'] [clearzone 'zone name’] kollacli zone [list] [add 'zone name’] [remove 'zone name’]

kollacli service [list] [activate 'service name’] [deactivate 'service name’] [autodeploy 'on/off' 'service name’]

kollacli property [list] [set 'key' ‘value']

kollacli startkollacli stopkollacli upgrade


Agenda

Docker


Kolla

Kolla CLI


1

3

22

2

5

4

Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted


• Use Kolla to build the required Docker container images – Kolla package up master only, most deployments cannot use master and would need a stable tree version

• Use the Kolla CLI as a configuration tool – The CLI fills in the gaps to make the Kolla provided Ansible playbook etc. easier to work with

How does all this translate to deploying a real OpenStack environment?

23


Putting it all together -‐ deployment architecture overview

24

Nova Compute Neutron ML2 agent Neutron OvS agent

Docker Containers

Hypervisor (KVM/Hyper-‐V/LXC/Xen)

Compute Node(s)

Swift Account Swift Container Swift Object

Cinder VolumeDocker Containers

Storage Node(s)

NeutronNeutron ML2 agent Neutron L3 agent Neutron OvS agent

Docker Containers

Network Node(s)

MySQL Cluster RabbitMQ Keepalived Nova Neutron Memcached HAProxy

Cinder Swift Keystone Glance Heat Horizon

Docker Containers

Controller Node(s)

Docker Registry MySQL Cluster RabbitMQ Keepalived Nova Neutron Memcached

HAProxy Cinder Swift Keystone Glance Heat Horizon

Docker Containers

Container life cycle management (Ansible)

Management Controller Nodes(Up to 4 nodes)

Deploy, Upgrade and Configure containers

openstack*contained · copyright©*2015, *oracle*and/or*its*affiliates.*all*rights*reserved.**|...

Documents

openstackcontained · copyright©2015, oracleand/oritsaffiliates.allrights*reserved.**|...