state of containers in openstack

28
State of Containers in Openstack Madhuri Kumari Intel

Upload: madhuri-kumari

Post on 10-Feb-2017

73 views

Category:

Technology


0 download

TRANSCRIPT

Page 1: State of Containers in Openstack

State of Containers in OpenstackMadhuri KumariIntel

Page 2: State of Containers in Openstack

Agenda• Containers vs VMs• Why Containers?• Containers on Openstack• Openstack Components

– Nova-docker– Heat Docker– Magnum– Murano– Zun– Solum

• Other Container Focused Components– Kolla– Kuryr

Page 3: State of Containers in Openstack

Containers vs VMs

Page 4: State of Containers in Openstack

Containers vs VMsContainers VMs

Principle Lightweight, high packing density, with fewer resources to achieve rapid deployment, migrate easily.

Isolated, Hardware virtualization, large, performance overhead, migrate easily.

Resource Usage Efficient sharing of resources. Take up more resources.

Flexibility & Security

Less appropriate for multi-tenant environments, because of potential security risks.

Fully isolated from one another and malware, application crashes and other problems impact only the affected VM.

Use cases Web servers, micro-services VMs may contain other enterprise workloads such as database, ERP, CRM, email server, media server, web server or other business applications. 

Page 5: State of Containers in Openstack

Why Containers?

WHY NOT??

Page 6: State of Containers in Openstack

Containers in Openstack• OpenStack is above all an integration engine, bringing

various technologies together through common APIs. Therefore, containers have naturally been plugged into several existing projects and will find their way into other areas as well.

Page 7: State of Containers in Openstack

Openstack Containers ProjectNova-docker

A Docker hypervisor driver for Nova Compute to treat containers and images as the same type of resource as virtual machines.

Heat Docker

A plugin template fororchestrating Docker resources on top of OpenStack resources. Allows access to full Docker API.

Murano

Provides an application catalog of containerized applications that can be deployed to an OpenStackcloud.

Magnum

Provides an API to manage multitenant containers infrastructure leveraging Heat, Nova, and Neutron.

Zun

Container service for OpenStack. Provides API(s) for launching and managing containers backed by different container technologies.

Solum

An OpenStack project designed to make cloud services easier to consume and integrate into your application development process.

Page 8: State of Containers in Openstack

Nova-docker• Drivers for OpenStack Nova• Use Nova API to access containers• Interface with container backend (i.e. Docker

daemon, libvirt-lxc)• Fetch container images from Glance

Page 9: State of Containers in Openstack

Nova-docker Practice

• nova.conf: compute_driver=novadocker.virt.docker.DockerDriver

• glance-api.conf: container_formats=ami,ari,aki,bare,ovf,ova,docker

• docker save busybox | openstack image create busybox --public --container-format docker --disk-format raw

• nova boot --flavor m1.small --image busybox --key-name mykey test1

Page 10: State of Containers in Openstack

Heat Docker• Provide a Heat resource type for Docker.• Need to specify docker endpoint• Can orchestrate docker containers with other Heat

resources

Page 11: State of Containers in Openstack

Heat Practice• Heat

• Install heat-docker plugin

• Docker.ymlheat_template_version: 2013-05-23description: Test templateresources: apache: type: DockerInc::Docker::Container properties: image: marouen/apache port_specs: - 80 docker_endpoint: http://host:2375

• heat stack-create -f docker.yaml docker-stack

Page 12: State of Containers in Openstack

Magnum• Founded at the end of 2014• Integrates various container orchestration engine (COE).• Leverage other Openstack components lie Heat, Nova,

Neutron, Cinder etc• Manages infrastructure for running containers on

Openstack.• Runs containers under VM/baremetal• COE: Swarm, kubernetes, Mesos

Page 13: State of Containers in Openstack

Magnum Architecture

Page 14: State of Containers in Openstack

Magnum Practice

• magnum baymodel-create --name k8sbaymodel --image-id fedora-atomic-latest --keypair-id testkey --external-network-id public --flavor-id m1.small --docker-volume-size 5 --network-driver flannel --coe kubernetes

• magnum bay-create --name k8sbay --baymodel k8sbaymodel• magnum ca-sign --bay k8sbay --csr client.csr > client.crt• magnum ca-show --bay k8sbay > ca.crt

Page 15: State of Containers in Openstack

Murano• Application catalog to Openstack.• Provide a variety of applications and services, publishing

and lifecycle management , and provide UI and API. The application is defined as anything YAQL language templates defined application.

Page 16: State of Containers in Openstack

Murano UI

Page 17: State of Containers in Openstack

Zun• Zun (Higgins) is a Container service for OpenStack.• Aim to provide OpenStack API(s) for launching and

managing containers backed by different container technologies.

• Container runtimes: Docker, Rkt, Clear Conainer, etc.• COEs: Kubernetes, Docker Swarm, etc.

Page 18: State of Containers in Openstack

Zun• One platform for containers/VMs/baremetals• Neutron• Cinder• Glance• Horizon• Nova• ...

Images Container/VM/

BaremetalGlance

Neutron Cinder

HorizonNova

NetworksVolumes

UI

Provisions

Page 19: State of Containers in Openstack

Solum• Solum is an application lifecycle management system which

allows you to deploy your applications starting from the source code onto Openstack cloud.

• For developers, Solum provides an easy-to-use platform for building, testing, and deploying applications on OpenStack clouds

• For operators, Solum provides ability to make their OpenStack cloud more useful to their application developers by enabling CI/CD capabilities for applications to OpenStack clouds

Page 20: State of Containers in Openstack

Solum Architecture

SolumAPI

SolumWorker

SolumDeployerQueue Queue

Queue

SolumConductor

Heat

Database

Glance/Swift

Builds LP; run unit tests; Build DU

Deploys DU

Page 21: State of Containers in Openstack

Solum Practice

• solum languagepack create <NAME> <GIT_REPO>

• solum app create --app-file <app_file> [--param-file param_file]

• solum app deploy <UUID>

Page 22: State of Containers in Openstack

Other Openstack Container Focused Projects

Kolla

Kolla provides production-ready containers and deployment tools for operating OpenStack clouds.

Kuryr

A Docker network plugin that uses Neutron to provide networking services to Docker containers. It provides containerised images for the common Neutron plugins.

Page 23: State of Containers in Openstack

Kolla• Established in September 14.• Allows packaging and deployment using Docker and Ansible• Provides production ready Openstack service.• Ease of deployment , simplified operation, upgrade and

maintenance to enhance devops and operators experience.• Faster than devstack(comparison devstack 14mins ~ 9

mins)

Page 24: State of Containers in Openstack

Kuryr

• Its objective is to enable Neutron as the production ready networking abstraction containers need!

• Map container networking abstractions to the Neutron API • Bring your container and VM networking together under one API• Implement all the common code for Neutron vendors allowing

them to get to container networking by just having a binding script

• Leverage Neutron advanced networking like LBaaS, FWaaS, VPNaaS, Security Groups / NAT

• Aims to support different Container Orchestration Engines like Kubernetes, Mesos, Docker Swarm

Page 25: State of Containers in Openstack

Summary• OpenStack virtual machine management / physical and

running on the container (Magnum, Murano, Solum)

Advantage:• Resource sharing, unified management by the OpenStack

Nova

Disadvantages:• Performance loss running VM container• Network performance

Page 26: State of Containers in Openstack

Summary• COEs run on a variety of hosts managed container OpenStack

services (k8s, mesos)

Advantage:• Container performance guarantees• More efficient use of resources

Disadvantages:• Container isolation• VM network storage• Complexity OpenStack services

Page 27: State of Containers in Openstack

Summary• Manage containers and virtual machines (Nova-docker,

heat-docker, Nova-lxc / lxd, Nova + Zun)

Advantage:• simple• Integration of existing resources, such as network, storage

Disadvantages:• Not production ready

Page 28: State of Containers in Openstack

Thank You!!