Build Cloud like Rackspace with OpenStack Ansible

Jirayut NimsaengDevOps & Cloud Architect

2nd Cloud OpenStack-Container Conference and Workshop 2016Grand Postal Building, Bangrak, Bangkok | September 22-23, 2016

What is OpenStack● Open source software for creating private and

public clouds

● Coordinated collection of software from a few dozen related projects

What is OpenStack

OpenStack Core Services

OpenStack Optional Services

OpenStack Release Cycle

Why OpenStack?

Maturity

High Availability and Scalability

Cost saving

http://www.slideshare.net/randybias/openstack-architected-like-aws-and-gcp

Automation Infrastructure

OpenStack Core Services

Overview

OpenStack Dashboard (Horizon)

● A graphical interface to OpenStack services

● Develop on Django web application that is Python

Play with Horizon

OpenStack Image Service (Glance)

● Managed pre-built OS images

● Accepts API requests for disk or server images

● Images can have metadata definitions

● Supports the storage of disk or server images on various

repository types

Play with Glance

OpenStack Networking (Neutron)

● Provide networks and connectivity for instances

● Create and attach interfaces devices

● Plug-ins use to accommodate different networking

equipment and software

● It is Software Defined Networking or SDN● And provided functionality to do Network Function

Virtualization or NFV

Traditional Switch Topology

Data Plane and Control Plane

Neutron Components

Play with Neutron

Security Groups

● Named collection of network access rules to limit the types of

traffic that have access to instance

● You can assign one or more security groups to instance

● Basically it is iptables

● Any incoming traffic that is not matched by a rule is denied

access by default

● What you can configure are

○ Source of traffic

○ Protocol

○ Destination port

● Rules are automatically enforced as soon as you create or modify

Play with Security Groups

Key Pairs

● SSH keys

● Provides SSH access to the instances

● Image must has cloud-init package

● Key pair is belongs to an individual user, not to a project

Play with Key Pairs

OpenStack Compute (Nova)

● Virtualization

● Start and Stop VMs

● Keep track of all running VMs to do load balancing

● Report back to the cloud VM states

Nova Hypervisors Supported

● KVM

● LXC

● Qemu

● VMWare vSphere

● Xen

● IBM PowerVM

● Microsoft Hyper-V

Play with Nova

Floating IP

● An IP address that a project can associate with a VM

Play with Floating IP

OpenStack Block Storage (Cinder)

● Adds persistent storage to a virtual machine

● Managing volumes, volume snapshots and volume types

● Interacts with Nova to provide volumes for instances

Storage types

Play with Cinder

OpenStack Identity (Keystone)

● Provides a single point of integration for managing

○ Authentication

○ Authorization

○ Catalog of services

● Can integrate with external user management systems such

as LDAP

Service Catalog

● Users and services can locate other services by using the

service catalog

● A service catalog is a collection of available services

● Each service can have one or many endpoints

● Endpoint has three types

○ admin

○ internal

○ public

OpenStack Keystone API V2

OpenStack Keystone API V3

OpenStack Identity Design

Domains

Groups

OpenStack and Active Directory

OpenStack Policy

OpenStack policy.json

Play with Keystone

Summary

OpenStack Optional Services

OpenStack Object Storage (Swift)

● Multi-tenant object storage system

● Highly scalable

● Can manage large amounts of unstructured data

● Low cost

● Interact with RESTful HTTP API

Play with Swift

OpenStack Telemetry (Ceilometer)

● Collect data, store in database and provide API service

● Uses an agent-based architecture

● Still need to use command for almost features

Play with Ceilometer

OpenStack Bare-Metal Provisioning (Ironic)

● Provides physical hardware as opposed to virtual machines

● Configure via PXE or IPMI

● Make it easy to provision physical servers like a virtual

machines in a cloud

OpenStack Orchestration (Heat)

● Tool for orchestrating cloud

● Automated configures and deploys resources in stacks

● Defined with templates. Heat Orchestration Template (HOT)

or Cloud Formation

Heat Orchestration Template

And many more...

OpenStack Distributed Storage

Distributed Storage Solution

What is Ceph?

● Distributed storage platform

● Software-defined Storage

● Maintain by Red Hat (that acquired InkTank)

● Support Block, Object, File

Why Ceph?

● Enterprise Class

● Data Protection with Replication

● Self-healing

● No RAID needed

● Flexibility and Scalability (to exabyte!!)

● Performance (with RADOS)

● Lower cost (free and open source)

● Fully-tested with OpenStack

Way to deploy OpenStack

Vendor lock-in

No vendor lock-in

Why OpenStack Ansible?

Use and maintain by Rackspace and Big Tent

Because it is Ansible

● Agentless architecture

● No centralized server

● Human readable

● Open Source

● Highly flexible and configurable

● Idempotent

Infrastructure as a Code

Comply Security Technical Implementation Guide

http://docs.openstack.org/developer/openstack-ansible-security/auto_controls-all.html

Best way to learn how OpenStack working

OpenStack Ansible (OSA)

OpenStack Ansible (OSA)

● OSA uses Ansible to automate deploy OpenStack

environment on Ubuntu Linux

● OSA deploy OpenStack components into Linux container

(LXC) for isolation and ease of maintenance

Ansible

● Ansible provides an automation platform to simplify system

and application deployment

● Ansible manages systems using Secure Shell (SSH)

● Ansible uses playbooks written in the YAML language for

orchestration

● Ansible host types

○ Deployment host

○ Target hosts

YAML

Linux Containers (LXC)

● Containers provide operating-system level virtualization

● No overhead and complexity of virtual machines

● Access to the same kernel, devices and file systems

● It is Linux kernel namespaces

Software requirements

● Ubuntu 16.04 LTS or Ubuntu 14.04 LTS

● Secure Shell (SSH) client and server that supports public

key authentication

● Network Time Protocol (NTP) client for time synchronization

● Python 2.7.x must be on the hosts

● en_US.UTF-8 as locale

Hardware requirements

● CPU support hardware-assisted virtualization extensions

● Disk for install OS should be SSD and doing RAID1

● Network recommended 10 Gigabit Ethernet with bonded

LACP network interfaces

● Enable jumbo frames

● Switch L3 for VLAN and support LACP

OpenStack Ansible Architecture

Infrastructure services

● MariaDB/Galera

● RabbitMQ

● MemcacheD

● Repository

● Load Balancer

● Utility Container

● Log Aggregation Host

● Unbound DNS Container

OpenStack Services supported

Enabled by default

● Cinder

● Nova

● Horizon

● Keystone

● Glance

● Neutron

● Heat

Not enabled by default

● Swift

● Ironic

● Aodh, Ceilometer, Gnocchi

● Magnum

● Sahara

● Aodh

● Ceilometer

● Gnocchi

Networking

● OSA uses Linux bridges to provide layer 2 connectivity

between interfaces and containers

OpenStack Ansible Network

OSA Network on Compute Host

VXLAN and VLAN

Cinder

Glance

Ephemeral storage

Storage choice

● LVM

● iSCSI

● Ceph

● SANs

Swift

How to Deploy with OpenStack Ansible

OpenStack Ansible Deploy Steps

Q/A

Backup Slides

OpenStack CLI

Automated configure commands

Some tips

Caching

OpenStack Network

OpenStack Network

● Single Flat Network

● Multiple Flat Networks

● Mixed Flat + Private Networks

● Single Provider Router

● Per-Tenant Router

OpenStack Network

VLANs or VXLANs?

VLANs Network Traffic Flow