Build Cloud like Rackspace with OpenStack Ansible
Jirayut NimsaengDevOps & Cloud Architect
2nd Cloud OpenStack-Container Conference and Workshop 2016Grand Postal Building, Bangrak, Bangkok | September 22-23, 2016
What is OpenStack● Open source software for creating private and
public clouds
● Coordinated collection of software from a few dozen related projects
OpenStack Dashboard (Horizon)
● A graphical interface to OpenStack services
● Develop on Django web application that is Python
OpenStack Image Service (Glance)
● Managed pre-built OS images
● Accepts API requests for disk or server images
● Images can have metadata definitions
● Supports the storage of disk or server images on various
repository types
OpenStack Networking (Neutron)
● Provide networks and connectivity for instances
● Create and attach interfaces devices
● Plug-ins use to accommodate different networking
equipment and software
● It is Software Defined Networking or SDN● And provided functionality to do Network Function
Virtualization or NFV
Security Groups
● Named collection of network access rules to limit the types of
traffic that have access to instance
● You can assign one or more security groups to instance
● Basically it is iptables
● Any incoming traffic that is not matched by a rule is denied
access by default
● What you can configure are
○ Source of traffic
○ Protocol
○ Destination port
● Rules are automatically enforced as soon as you create or modify
Key Pairs
● SSH keys
● Provides SSH access to the instances
● Image must has cloud-init package
● Key pair is belongs to an individual user, not to a project
OpenStack Compute (Nova)
● Virtualization
● Start and Stop VMs
● Keep track of all running VMs to do load balancing
● Report back to the cloud VM states
Nova Hypervisors Supported
● KVM
● LXC
● Qemu
● VMWare vSphere
● Xen
● IBM PowerVM
● Microsoft Hyper-V
OpenStack Block Storage (Cinder)
● Adds persistent storage to a virtual machine
● Managing volumes, volume snapshots and volume types
● Interacts with Nova to provide volumes for instances
OpenStack Identity (Keystone)
● Provides a single point of integration for managing
○ Authentication
○ Authorization
○ Catalog of services
● Can integrate with external user management systems such
as LDAP
Service Catalog
● Users and services can locate other services by using the
service catalog
● A service catalog is a collection of available services
● Each service can have one or many endpoints
● Endpoint has three types
○ admin
○ internal
○ public
OpenStack Object Storage (Swift)
● Multi-tenant object storage system
● Highly scalable
● Can manage large amounts of unstructured data
● Low cost
● Interact with RESTful HTTP API
OpenStack Telemetry (Ceilometer)
● Collect data, store in database and provide API service
● Uses an agent-based architecture
● Still need to use command for almost features
OpenStack Bare-Metal Provisioning (Ironic)
● Provides physical hardware as opposed to virtual machines
● Configure via PXE or IPMI
● Make it easy to provision physical servers like a virtual
machines in a cloud
OpenStack Orchestration (Heat)
● Tool for orchestrating cloud
● Automated configures and deploys resources in stacks
● Defined with templates. Heat Orchestration Template (HOT)
or Cloud Formation
What is Ceph?
● Distributed storage platform
● Software-defined Storage
● Maintain by Red Hat (that acquired InkTank)
● Support Block, Object, File
Why Ceph?
● Enterprise Class
● Data Protection with Replication
● Self-healing
● No RAID needed
● Flexibility and Scalability (to exabyte!!)
● Performance (with RADOS)
● Lower cost (free and open source)
● Fully-tested with OpenStack
Because it is Ansible
● Agentless architecture
● No centralized server
● Human readable
● Open Source
● Highly flexible and configurable
● Idempotent
Comply Security Technical Implementation Guide
http://docs.openstack.org/developer/openstack-ansible-security/auto_controls-all.html
OpenStack Ansible (OSA)
● OSA uses Ansible to automate deploy OpenStack
environment on Ubuntu Linux
● OSA deploy OpenStack components into Linux container
(LXC) for isolation and ease of maintenance
Ansible
● Ansible provides an automation platform to simplify system
and application deployment
● Ansible manages systems using Secure Shell (SSH)
● Ansible uses playbooks written in the YAML language for
orchestration
● Ansible host types
○ Deployment host
○ Target hosts
Linux Containers (LXC)
● Containers provide operating-system level virtualization
● No overhead and complexity of virtual machines
● Access to the same kernel, devices and file systems
● It is Linux kernel namespaces
Software requirements
● Ubuntu 16.04 LTS or Ubuntu 14.04 LTS
● Secure Shell (SSH) client and server that supports public
key authentication
● Network Time Protocol (NTP) client for time synchronization
● Python 2.7.x must be on the hosts
● en_US.UTF-8 as locale
Hardware requirements
● CPU support hardware-assisted virtualization extensions
● Disk for install OS should be SSD and doing RAID1
● Network recommended 10 Gigabit Ethernet with bonded
LACP network interfaces
● Enable jumbo frames
● Switch L3 for VLAN and support LACP
Infrastructure services
● MariaDB/Galera
● RabbitMQ
● MemcacheD
● Repository
● Load Balancer
● Utility Container
● Log Aggregation Host
● Unbound DNS Container
OpenStack Services supported
Enabled by default
● Cinder
● Nova
● Horizon
● Keystone
● Glance
● Neutron
● Heat
Not enabled by default
● Swift
● Ironic
● Aodh, Ceilometer, Gnocchi
● Magnum
● Sahara
● Aodh
● Ceilometer
● Gnocchi
Networking
● OSA uses Linux bridges to provide layer 2 connectivity
between interfaces and containers
OpenStack Network
● Single Flat Network
● Multiple Flat Networks
● Mixed Flat + Private Networks
● Single Provider Router
● Per-Tenant Router