Embed Size (px)
Citation preview
Image BUILD aS-a-SeRVIce Why it makes sense to build your own cloud images
OpenStack Summit Boston 2017
May 2017 2 Image Factory@Open Telekom Cloud
aBoUt US
SeBaStIan wenneR open teLekom cLoUD aRchItekt [email protected]
kURt gaRLoff open teLekom cLoUD aRchItekt [email protected]
DanIeLa eBeRt open teLekom cLoUD engIneeR [email protected]
Studied physics Built up SUSE Labs, where he was leading the development of the Linux kernel, the gcc Compiler and X11 Since 2011, he has mainly been leading engineering and operations of OpenStack based cloud environments
Studied Information Technology Since 2000, in various roles covering Linux, virtualisation, outsourcing and infrastructure After 10 years at IBM, he joined T-Systems in 2012 focussing on cloud
Studied Information Technology With T-Systems since 2003 Spent many years as an AIX Engineer before joining the OTC team
May 2017 3 Image Factory@Open Telekom Cloud
agenDa
I. Intro II. Reasons III. Requirements IV. Setup V. Workflow VI. Output VII. Outlook VIII. Q&A
May 2017 4 Image Factory@Open Telekom Cloud
IntRo
An open technology platform with built-in compliance, ease-of-use, and best pricing for businesses of any size, in any industry
open teLekom cLoUD
open teLekom cLoUD public iaas for european enterprises
maRket anD cUStomeR expectatIonS aRe changIng:
Demand for scalable, dynamic IT resources is growing.
Public IaaS is the answer (compute, storage, network, management)
OpenStack API No vendor lock-in Simple to integrate
Great pricing Moving from capex to opex
for IT infrastructures
Rapid access Support/help getting started Easy to use
Data protection in compliance with German legislation
Meeting enterprise needs
Image Factory@Open Telekom Cloud 5
open
affoRDaBLe
SecURe
SImpLe
May 2017
otc at a gLance
Open Telekom Cloud meets German and European legal requirements on data protection/privacy
Open Telekom Cloud offers 99.95% availability
Open Telekom Cloud is a cloud offered by Deutsche Telekom
Open Telekom Cloud is a public-cloud service based on OpenStack
Open Telekom Cloud is operated by T-Systems in Germany, and its functionality continues to be enhanced
For users who need robust data protection/security
For cost-conscious enterprises of all sizes, in all industries
For users looking for simple, secure and affordable cloud services
Image Factory@Open Telekom Cloud 6 May 2017
May 2017 7 Image Factory@Open Telekom Cloud
ReaSonS
ReaSonS foR BUILDIng own ImageS
May 2017 Image Factory@Open Telekom Cloud 8
SecURIty Hardening of images
Patched images
Transparent process of image creation
pLatfoRm XEN drivers
High-performance drivers
Huawei tools (uvp-monitor)
cloud-init optimization
• Preconfiguration (NTP, update
mirrors etc.)
USeR expeRIence Up-to-date images
Uniform images
Standard user for login
Include OpenStack tools
May 2017 9 Image Factory@Open Telekom Cloud
ReqUIRementS
Image ReqUIRementS
Image Factory@Open Telekom Cloud 10 May 2017
SImpLe
SecURe
affoRDaBLe
open
Supportable and maintainable Regular updates Security hardening Check authenticity of packages
Small images, fast to build, deploy, discard, and cheap to run Modern (latest stable community and enterprise Linux distros) Configuration/Customization via cloud-init & vendor/user-data
Reproducible, template-based Tested Continuous integration License compliancy
Transparent process of image creation Provide community images to public
May 2017 11 Image Factory@Open Telekom Cloud
SetUp
tooLS openSUSE KIWI is a Perl-based tool building customized OS images Pulls packages from repositories, and installs them in chroot environment Builds for us: openSUSE, SLES, CentOS, OracleLinux, RHEL Not supported: Debian-based images
diskimage-builder is a Python-based tool for building customized OS images Pulls packages from repositories, and installs them in chroot environment Builds for us: Debian, Fedora Not supported: SUSE-based images
GIT repository: Holds template files and scripts Bash scripts to automate the whole workflow OpenStack tools: Upload and register images Apache: Publish image files and documentation
Image Factory@Open Telekom Cloud 12 May 2017
Support systems
Normal tenant in OTC production environment
All servers are redundant in az1 and az2
Security groups to contol the traffic
Jump Hosts: Gateway for all outgoing traffic (SNAT)
NFS server for GIT and image data
BUILD enVIRonment architecture
Image Factory@Open Telekom Cloud 13
SSH
SMT RHUI APT-cacher
Object storage
Admin
May 2017
NFS Server
Jump Host
Web Server
KIWI Build Host
DIB Build Host
Image Factory Tenant
Glance
Internet
HTTPS
REST
REST
SSh
NFS
NFS
User HTTPS
May 2017 14 Image Factory@Open Telekom Cloud
woRkfLow
Image BUILD woRkfLow
Image Factory@Open Telekom Cloud 15 May 2017
Config files from GIT Keys RPMs from repo servers
Calls KIWI or diskimage-builder Compares config and package list to
previous build Collects logfiles Signs the images
Upload image to tenant OBS Register as private image
Boot VM Start testsuite Save test results
Webserver: qcow2 files Glance: Script to register image
InpUt exampLe (confIg.xmL)
Image Factory@Open Telekom Cloud 16 May 2017
Image BUILD exampLe 1/2
Image Factory@Open Telekom Cloud 17 May 2017
Call KIWI
Get repos
Setup chroot
Image BUILD exampLe 2/2
Image Factory@Open Telekom Cloud 18 May 2017
Convert qcow2
KIWI success
UpLoaD & RegISteR
Image Factory@Open Telekom Cloud 19 May 2017
OBSUpload
Register
teStSUIte exampLe
Image Factory@Open Telekom Cloud 20 May 2017
SSH checks
Reboot test
Update test
May 2017 21 Image Factory@Open Telekom Cloud
oUtpUt
Image VeRSIonS V1
Image Factory@Open Telekom Cloud 22 May 2017
Latest stable community and enterprise Linux distros , e.g.:
openSUSE 42, SLES 12SP2
CentOS, OEL, RHEL 6.8 + 7.3
Debian 8.7, Fedora 25
Also available, but provided by Canonical:
Ubuntu 14.04 (trusty), Ubuntu 16.04 (xenial)
Latest stable community (Standard_ prefix) and enterprise (Enterprise_) Linux distros , e.g.:
openSUSE 42.x, SLES 12SPx CentOS, OEL, RHEL 7.x EulerOS 2.x Debian 8.x, Fedora 25
Also available, but provided by Canonical (Community_):
Ubuntu 14.04 (trusty) Ubuntu 16.04 (xenial)
Image VeRSIonS V2
Image Factory@Open Telekom Cloud 23 May 2017 23 May 17, 2017
pUBLIc Image LISt
Image Factory@Open Telekom Cloud 24 May 2017
https://console.otc.t-systems.com/
May 2017 25 Image Factory@Open Telekom Cloud
oUtLook
May 2017 26 Image Factory@Open Telekom Cloud
what IS next
comIng Soon
Paas Images
Jenkins
CoreOS
GPU based Linux
Windows Integration
Marketplace
Infrastructure improvements
IFaaS
?
qUeStIonS?
May 2017 27 Image Factory@Open Telekom Cloud
May 2017 28 Image Factory@Open Telekom Cloud
LInkS
Image Factory: https://imagefactory.otc.t-systems.com/
Image Factory related blogs: https://cloud.telekom.de/en/blog/open-telekom-cloud-image-factory-introduction/ https://cloud.telekom.de/en/blog/open-telekom-cloud-image-factory-get-in-touch-with-an-open-
telekom-image/ https://cloud.telekom.de/en/blog/open-telekom-cloud-available-images-naming-conventions-
planned-roadmap/ https://cloud.telekom.de/en/blog/image-factory-image-modifications/
Helpcenter: https://docs.otc.t-systems.com/ims_dld/index.html
May 2017 29 Image Factory@Open Telekom Cloud
thank yoU!
