Upload
phamanh
View
224
Download
2
Embed Size (px)
Citation preview
Red Hat Openshift Enterprise
AgendaOpenShift for Ops and Dev
09.00 - 09.30 Uhr - Führung durchs Netzzentrum der Telekom09.30 - 10.00 Uhr - Eintreffen und Registrierung der Teilnehmer10.00 - 10.30 Uhr - Begrüßung und Vorstellung10.30 - 11.00 Uhr - Klein Starten - Groß Wachsen - Dirk Sander T-Systems 11.00 - 11.15 Uhr - Pause 11.15 - 12.45 Uhr - Open Discussion12.45 - 13.30 Uhr - Mittagessen13.30 - 15:00 Uhr - OpenShift Lab - Time for hands onab 15 Uhr - Networking & freie Diskussion
Red Hat Openshift Enterprise
Webseite http://www.openshift-anwender.de
Aktuelle Ankündigungen oder Berichte über Treffen
Slack Channel http://openshift-de.slack.com
Anmeldung via Einladung von Mitgliedern, oder Mail an [email protected]
Mailing Liste [email protected]
Anmeldung via https://www.redhat.com/mailman/listinfo/openshift-anwender
Infrastruktur der Anwendertreffen
Red Hat Openshift Enterprise
OpenShift Commons - http://commons.openshift.com
Dachorganisation zum OpenShift Community weltweit
Anwendertreffen - http://openshift-anwender.de
Deutschsprachige Gruppe von OpenShift Anwendern mit ca. 2-3 Live Treffen pro Jahr.
OpenShift Meetups - Stuttgart, Dortmund ...
Lokale OpenShift Anwendertreffen, die regelmäßiger durchgeführt werden. Häufig als Abendveranstaltung
Anwendertreffen, Meetups, CommonsWas ist das alles?
Red Hat Openshift Enterprise
● Core Org Team○ Sebastian Faulhaber - Red Hat Solution Architect ( Elternzeit bis September 17 )○ Lutz Lange - Red Hat Solution Architect
● Lokale Unterstützung ○ Natalie Heilmann - T-Systems Marketing
● Offene Fragen○ Wie kommen wir dahin dass sich die Gruppe selbst verwaltet?○ Wer mag aktiv die nächsten Treffen mitgestalten?
ORG Team AnwendertreffenVon Vorgaben zur Selbstorganisation
Red Hat Openshift Enterprise
Treffen 3.2 am 8. Juni in Berlin
Ein großes Treffen im September in Frankfurt bei der Bahn?
Ein Treffen in München bei der Consol?
Ein Treffen in Hamburg?
Nächste Anwendertreffen
Red Hat Openshift Enterprise
Agenda
09.00 - 09.30 Uhr - Führung durchs Netzzentrum der Telekom09.30 - 10.00 Uhr - Eintreffen und Registrierung der Teilnehmer10.00 - 10.30 Uhr - Begrüßung und Vorstellung10.30 - 11.00 Uhr - OpenShift als Service - Rubin Meißner T-Systems 11.00 - 11.15 Uhr - Pause 11.15 - 12.45 Uhr - Open Discussion12.45 - 13.30 Uhr - Mittagessen13.30 - 15:00 Uhr - Open Discussionab 15 Uhr - Networking
Red Hat Openshift Enterprise
Rückmeldung ist wichtighttp://goo.gl/iZEGqr
Red Hat Openshift Enterprise
Wie können wir Elemente einbringen um live am OpenShift dran zu sein?
Minimalziel : OpenShift auf dem Notebook mit Minishift
Lab Guide
OpenShift LabTestballon
Red Hat Openshift Enterprise11
Building BlocksTerms and Functions in the Container World - Let’s be specific
CONTAINERPROCESS
CONTAINERIMAGE
CONTAINERHOST
REGISTRY
ORCHESTRATION
KUBERNETES vs. OSE INFRASTRUCTURE
SECURITY REGISTRYTELEMETRY STORAGE NETWORK
ATOMIC HOST or full RHEL
ORCHESTRATION
CONTAINER CONTAINERCONTAINER CONTAINER CONTAINER
STORAGE
GENERAL DISTRIBUTION
LIFECYCLE AUTOMATION
RED HAT CONTAINER STACK
ENTERPRISE-GRADE CONTAINER OS(Red Hat Enterprise Linux & Atomic Host)
CONTAINER CONTAINER CONTAINER CONTAINER CONTAINER
Business Automation Integration Data Web & Mobile 3rd party
frameworks
CONTAINER INFRASTRUCTURE SERVICES
OPS MANAGEMENT(CloudForms,
Satellite)
OPS AUTOMATION(Ansible)
DEV TOOLS( Developer Studio, Container Dev Kit)
STORAGE(e.g. RH Storage) PHYSICAL VIRTUAL PRIVATE CLOUD PUBLIC CLOUD
NETWORKING(Open vSwitch)
PUBLIC REGISTRY(RH Registry)
STORAGE(Kubernetes)
REGISTRY(Atomic Registry)
SECURITY(Docker Engine)
SELF-SERVICE
CI/CD(Jenkins)
IMAGE BUILD
CONTAINER ENGINE(Docker Engine)
CONTAINER MANAGEMENT
SERVICE CATALOG
ORCHESTRATION(Kubernetes)
MONITORING
POLICY MANAGEMENT(CloudForms)
SECURITY ANALYSIS(CloudForms)
CAPACITY MGMT(CloudForms)
CaaS
IaaS
PaaS
ApplicationLayer
Platform LayerOpenShift
InfrastructureLayer
33 Red Hat OpenShift Enterprise
Code
Deploy
Build
Can configure different deployment strategies like A/B, Rolling upgrade, Automated base updates, and more.
Can configure triggers for automated deployments, builds, and more.
Source 2 Image Builds
36 Red Hat OpenShift Enterprise
EFK Stack for Log Aggregation
“User”
ElasticSearchElastic
SearchElasticSearch
“Ops”
ElasticSearchElastic
SearchElasticSearchElasticSearch
“Ops”
Kibana
Kibana
Kibana
Kibana
“User”
Kibana
Kibana
Kibana
KibanaElasticSearch
Admin
User
PodPod
37 Red Hat OpenShift Enterprise
Container Metrics Aggregation
User
Pod
Heapster
Pod
Hawkular
Web-UI
PodPod
Pod
Cloud-Forms
Admin
/stats
cadvisor
/stats
cadvisor
RED HAT AND CONTAINERS
Consistent Infrastructure Management with CloudForms and OpenShift
● Cloud Forms functionality now included with OpenShift Enterprise to improve control over apps and infrastructure
● Monitor and manage resource consumption of containers running in OpenShift Enterprise
● Docker and Kubernetes aware (containers, pods, services...)
39 Red Hat OpenShift Enterprise
HOW TO GET STARTED?
● FREE Developer Subscriptions
● FREE PODs on OpenShift Online
● Get an Eval for OpenShift Container Platform ● Try OpenShift Origin
● Join OpenShift Commons
40 Red Hat OpenShift Enterprise
Resources & How to keep up to date
● OpenShift Product Documentation
● Architecting Container Blog Post series on rhelblog ● Red Hat Developer Blog
● Project Atomic Blog ● Kubernetes Blog
● Google Cloud Platform Blog
THANK YOU
plus.google.com/+RedHat
linkedin.com/company/red-hat
youtube.com/user/RedHatVideos
facebook.com/redhatinc
twitter.com/RedHatNews
43 Red Hat OpenShift Enterprise
Software Defined Network Multitenant Option ( ovs-multitenant )
Project A Project B
Default Namespace
Project C Project D
Default Namespace
merge
Case #1
Case #2
Node Node Node Node
Pod
Pod
Pod Pod Pod
Pod
Pod
Pod Pod
Pod Pod
Pod Pod
Red Hat OpenShift Enterprise 44
POD STORAGE OPTIONSOverview
TYPE FORMAT DURATION PROVIDEREmptyDirFile Ephemeral Local hostHostDir File Persistent Local hostNFS File Persistent NFS ServerGlusterfs File Persistent Glusterfs ServersCeph RBD Block Persistent Ceph ClusteriSCSI Block Persistent iSCSI target providerFc Block Persistent Fibre ChannelCinder Block Persistent OpenStack CinderGCE PD Block Persistent GCEAWS EBS Block Persistent AWS
Red Hat OpenShift Enterprise 45
PERSISTENT STORAGE A few recommendations
● Anonymous Storage Access○ Use Volume and Claim Objects○ Volume set up by ops○ Claim defined by dev○ Kube binds them if a match can be found
■ Access Mode must match exactly■ Volume size >= Claim size
Shared writeable Storage
● use an NFS export ● Point containers at different sub dirs
In the Volume definition● On the master :
○ chown nobody.nobody /nfsshare○ chroot 777 /nfshare
● On the nodes○ setsebool -P virt_use_nfs 1● Direct Volume access via Storage plugins
○ Define Volume directly on Pod Level ○ Use as default storage access option
Red Hat OpenShift Enterprise 46
SECURITY for HOSTS, CONTAINERS & IMAGESAspects of Container Security
Inner values you should care about.
● What base Image are you building on?● Who built that? How quickly is that updated? Any SLA on patches?● Red Hat provides Container Image Scanning Technology
Container Host needs to be secure too.
● Plays to the strengths of RHEL : Certifications, SLAs, Red Hat Experience
● Make sure SELinux active
Automated Build and Deploy is needed to Secure Environments
● New Base image triggers a rebuild of top layers● Running workloads need to be restarted with fresh images
Red Hat OpenShift Enterprise
There is a URL in the Build Config Object
● # oc describe bc | grep WebHook● Put that hook ( with pub URL ) into settings for your GitHub Project● Demo git add + push + commit + rebuild + redeploy
Documentation
● https://docs.openshift.com/enterprise/latest/dev_guide/builds.html#webhook-triggers● https://blog.openshift.com/using-generic-webhook-trigger-builds/
Web Hooks & Automated BuildsGitHub and Generic Hooks
Red Hat Openshift Enterprise
CLOUDFORMS
Bare Metal
48
Red Hat Container StackFunctional Layers, Container Technology and Red Hat Products
OS
CT
Orchestration Layer
Platform Layer
RHEL / RHEL ATOMIC HOST
Docker
Kubernetes
Virt / Bare Metal / CloudRHEV RHEL OSP GCEAWS
Azure / HyperV VMware
OS
CT
OPENSHIFT ENTERPRISE PLATFORM
Includes Atomic Services
App Layer
RED HAT OPENSHIFT ENTERPRISE
Networking - Individually Addressable Pods
49
node01 node02 node03 node04
management network
OpenShift SDN
10.0.1.12
10.0.4.1710.0.2.23
10.0.2.11
10.0.3.25
10.0.4.8
10.0.3.2710.0.1.52
10.0.1.36 10.0.3.48
RED HAT OPENSHIFT ENTERPRISE
Networking - Services
50
node01 node02 node03 node04
management network
OpenShift SDN
10.0.2.11 10.0.3.25
10.0.4.810.0.3.2710.0.1.52
my-backend
RED HAT OPENSHIFT ENTERPRISE
Routing layer
Networking - Routing
51
management network
OpenShift SDN
10.0.4.810.0.3.2710.0.1.52
myapp.hostname.com
node01 node02 node03 node04
Client
Red Hat OpenShift Enterprise 52
CONTAINER IMAGES & BACKENDSERVICESImage Architecture
Backend Services
● Linux Kernel● Libcontainer● Docker Storage
○ Loopback sparse file default○ Device Mapper○ OverlayFS
Image Layers
● Base Images use RHEL● Layer by Function and Responsibilities
Red Hat OpenShift Enterprise 53
DEVICE MAPPER BACKENDHow does that work?
LVM-Thin Pool
● Default 10G Size Base Dev○ Size per Host System○ Resize requires storage init
● New Layer = New Snapshot● New Container = New Snapshot● Monitor Thin Pool!
○ Breaks if full● Look for “Data space exhaustion”
○ Run dmeventd○ thin_pool_autoextend_threshold○ thin_pool_autoextend_percent
LVM THIN POOL
10G BASE DEV
RHEL7 image
snapshot
httpd-24-rhel7 img
rhel7 image 047f9abfd5fe
bf63a676257a
snapshot
DOCKER VOLUME GROUP
Red Hat OpenShift Enterprise 54
MANAGE DOCKER BACKEND STORAGEOPS work
Docker Backend Storage
● Docker-storage-setup tool● Monitor Storage Usage● Prune the environment
○ Delete exited Containers○ Delete old images
● Thin Pool breaks when full.○ Fix when broken○ Clear out : # rm -rf /var/lib/docker/*○ Restart docker
Red Hat OpenShift Enterprise
Filesysteme.g. ext4
55
All Layers are extracted to /var/lib/docker/overlayfs/*Missing files of a dependent layer are linked in with hard links
DOCKER & OVERLAYFS IMAGE LAYERINGDirectories and Hard Links
httpd-24-rhel7
rhel7
File FileFile
File File File
File
hard link
File
hard link
Red Hat OpenShift Enterprise
Filesysteme.g. ext4
56
RUNNING CONTAINERS ON OVERLAYFS Directories and Hard Links
httpd-24-rhel7
rhel7 File
File
File
FileFile File
File
File
hard link hard link
prickly_swirles
Container Mountmerged FileFile File File
File
File
upperdir (rw)
lowerdir (ro)
File
copy up
FileFile
File
OverlayFS
Change a file from the image
Red Hat OpenShift Enterprise 57
OVERLAYFS BACKEND DetailsNoteable facts about OverlayFS
Heavy use on Inodes
● Multiple Image Layers implemented as directories
● Each Layer has a dir in /var/lib/docker/overlay/
● Bottom Layer Files inserted by Hard Links
→ create FS with enough Inodes for /var/lib/docker ( mkfs.ext4 -i 4096 )
Copy Up can be expensive
● If a file is changed for the first time in upper layer → copy up occurs
● Can be expensive for big files
→ Use Volume mounts for data intensive apps
Page cache sharing
● One page cache entry for a file can be shared between all running containers
● Reduces memory requirements● Allows for increased densityNO SELINUX SUPPORT! (Yet)
NOT 100% POSIX COMPLIANT
Red Hat OpenShift Enterprise 58
BUILDING CONTAINER IMAGESLow level recommendations
Size matters - smaller is better
● Keep em small but not too small.● Reduce Layer count
Building with docker build and dockerfile
● Switch off caching for building○ RUN yum install httpd -y
● Remove build artefacts, clean caches○ RUN yum clean all
● Every line in dockerfile results in a new layer○ RUN yum install httpd -y && yum clean all