VM orchestration using OpenStack

RMLL 2013

Brussels, July 11th 2013

Michaël Van de Borne

michael.vandeborne@cetic.be

Licence : cc-by-sa

Types of cloud

Source : claranet.fr

Types of cloud

Source : synergygs.com

Service levels

Source : natishalom.typepad.com

Service levels

Service levels

Service levels

Service levels

Service levels

Service levels

Service levels

Service levels

Service levels

Service levels

Service levels

Competition

Competition

Competition

Competition

Why OpenStack ?

Why OpenStack ?

licence

Why OpenStack ?

licence

Why OpenStack ?

licence

adoption&

evolution

Why OpenStack ?

large community

Why OpenStack ?

large community

Why OpenStack ?

Copyright : Parlophone/EMI

Actors

Actors

Actors

Actors

Actors

Actors

Actors

Actors

Actors

Actors

Services

Services

Architecture

Source : docs.openstack.org

Web interface

Packages for ubuntu / fedora / ...

Documentation : changing /!\

Lots of configuration

Installation

Orchestration (Heat)

Monitoring / Facturation (Ceilometer)

High availability

Automatic deployment (Puppet, Crowbar)

Next steps

Introduction to Heat APIOrchestration for Openstack

Presentation borrowed to Steven Hardy, Heat developper at Red Hat

Heat overview

Nova

ComputeNode

Glance

ImageService

Swift

ObjectStore

Cinder

VolumeService

Keystone

IdentityService

HorizonDashboard

Quantum

Networking

HeatOrchestration

●Provides AWS Cloudformation and native ReST API●Abstract configuration of services to single-template●HA/Autoscaling/Monitoring features●Openstack incubated project

Heat overview

● Orchestration of Openstack deployments

● Integrates with all Openstack core projects

● Converts a JSON template into a cloud application

● Implements well known template and API (AWS Cloudformation, also YAML, ReST)

● Version your cloud applications like your software

● Repeatable deployments, fully automated

Heat architecture

Heat API

Heat API : key features

● Compatibility with AWS Cloudformation (template/API)

● Also superset of Openstack native resources & ReST API

● Fully open community project

● Implements HA (service/instance/stack)

● Implements Instance Autoscaling

● Watch/Monitoring API (will move to Ceilometer)

Nova instance lifecycle

● Base OS image stored in glance

● Deployment-time configuration/customization

● Cloud-init (nova user/metadata)

● Puppet/Chef/Scripts/???

● Potentially complex

● Everyone rolling-their-own solutions

● High maintenance overhead

Nova instance lifecycle

Image

Nova RESTGlance

(Image Store)

REST

Ceilometer

Instance- cloud-init

Nova-network/quantum

Nova-volume/cinder

Swift

Keystone

Instance- cloud-init

Instances- cloud-init

- ???

Instance- cloud-init

- ???

Heat Stack lifecycle

● Base OS image stored in glance

● Deploy instances & configure services based on template contents (ressources)

● Deployment-time configuration/customization

● Very flexible, but much reduced complexity

● Cloud-init (nova user/metadata), plus cfn-init

● Puppet/Chef can still be used if you want!

● Fully integrated single-service solution

Heat Stack lifecycle

Heat-jeos(oz)

Nova

REST

Glance(Image Store)

Instance- cloud-init

- cfn-init- cfn-hup

-cfn-push-stats

Nova-network/quantum

Nova-volume/cinder

Swift

Heat

RE

ST

StackTemplate

RESTR

ESTR

ES

TR

ES

TRE

ST

Ceilometer

Why Heat/orchestration ?

● Orchestration makes things repeatable

● Much easier to provide “on demand” infrastructure

● Much less scripting, single template system

● Leverage the power of openstack without learning fine detail of every service (learn one set of APIs/tools)

● Portability/migration

● Version/tag/branch your infrastructure like code!

● Composed templates/modularity

Wordpress template{ "AWSTemplateFormatVersion" : "2010-09-09",

"Description" : "Installs a single-instance WordPress deployment using a local MySQL database.",

"Parameters" : {

"KeyName" : { "Description" : "Name of an existing EC2 KeyPair to enable SSH access to the instances", "Type" : "String" },

"InstanceType" : { "Description" : "WebServer EC2 instance type", "Type" : "String", "Default" : "m1.small", "AllowedValues" : [ "m1.tiny", "m1.small", "m1.medium", "m1.large", "m1.xlarge" ], "ConstraintDescription" : "must be a valid EC2 instance type." },

"DBName": { "Default": "wordpress", "Description" : "The WordPress database name", "Type": "String", "MinLength": "1", "MaxLength": "64", "AllowedPattern" : "[a-zA-Z][a-zA-Z0-9]*", "ConstraintDescription" : "must begin with a letter and contain only alphanumeric characters." },

Wordpress template "DBUsername": { "Default": "admin", "NoEcho": "true", "Description" : "The WordPress database admin account username", "Type": "String", "MinLength": "1", "MaxLength": "16", "AllowedPattern" : "[a-zA-Z][a-zA-Z0-9]*", "ConstraintDescription" : "must begin with a letter and contain only alphanumeric characters." },

"DBPassword": { "Default": "admin", "NoEcho": "true", "Description" : "The WordPress database admin account password", "Type": "String", "MinLength": "1", "MaxLength": "41", "AllowedPattern" : "[a-zA-Z0-9]*", "ConstraintDescription" : "must contain only alphanumeric characters." },

"DBRootPassword": { "Default": "admin", "NoEcho": "true", "Description" : "Root password for MySQL", "Type": "String", "MinLength": "1", "MaxLength": "41", "AllowedPattern" : "[a-zA-Z0-9]*", "ConstraintDescription" : "must contain only alphanumeric characters." },

Wordpress template "LinuxDistribution": { "Default": "F17", "Description" : "Distribution of choice", "Type": "String", "AllowedValues" : [ "F18", "F17", "U10", "RHEL-6.1", "RHEL-6.2", "RHEL-6.3" ] } },

"Mappings" : { "AWSInstanceType2Arch" : { "m1.tiny" : { "Arch" : "32" }, "m1.small" : { "Arch" : "64" }, "m1.medium" : { "Arch" : "64" }, "m1.large" : { "Arch" : "64" }, "m1.xlarge" : { "Arch" : "64" } }, "DistroArch2AMI": { "F18" : { "32" : "F18-i386-cfntools", "64" : "F18-x86_64-cfntools" }, "F17" : { "32" : "F17-i386-cfntools", "64" : "F17-x86_64-cfntools" }, "U10" : { "32" : "U10-i386-cfntools", "64" : "U10-x86_64-cfntools" }, "RHEL-6.1" : { "32" : "rhel61-i386-cfntools", "64" : "rhel61-x86_64-cfntools" }, "RHEL-6.2" : { "32" : "rhel62-i386-cfntools", "64" : "rhel62-x86_64-cfntools" }, "RHEL-6.3" : { "32" : "rhel63-i386-cfntools", "64" : "rhel63-x86_64-cfntools" } } },

Wordpress template

"Resources" : { "WikiDatabase": { "Type": "AWS::EC2::Instance", "Metadata" : { "AWS::CloudFormation::Init" : { "config" : { "packages" : { "yum" : { "mysql" : [], "mysql-server" : [], "httpd" : [], "wordpress" : [] } }, "services" : { "systemd" : { "mysqld" : { "enabled" : "true", "ensureRunning" : "true" }, "httpd" : { "enabled" : "true", "ensureRunning" : "true" } } } } } },

Wordpress template "Properties": { "ImageId" : { "Fn::FindInMap" : [ "DistroArch2AMI", { "Ref" : "LinuxDistribution" }, { "Fn::FindInMap" : [ "AWSInstanceType2Arch", { "Ref" : "InstanceType" }, "Arch" ] } ] }, "InstanceType" : { "Ref" : "InstanceType" }, "KeyName" : { "Ref" : "KeyName" }, "UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [ "#!/bin/bash -v\n", "/opt/aws/bin/cfn-init\n", "# Setup MySQL root password and create a user\n", "mysqladmin -u root password '", { "Ref" : "DBRootPassword" }, "'\n", "cat << EOF | mysql -u root --password='", { "Ref" : "DBRootPassword" }, "'\n", "CREATE DATABASE ", { "Ref" : "DBName" }, ";\n", "GRANT ALL PRIVILEGES ON ", { "Ref" : "DBName" }, ".* TO \"", { "Ref" : "DBUsername" }, "\"@\"localhost\"\n", "IDENTIFIED BY \"", { "Ref" : "DBPassword" }, "\";\n", "FLUSH PRIVILEGES;\n", "EXIT\n", "EOF\n", "sed -i \"/Deny from All/d\" /etc/httpd/conf.d/wordpress.conf\n", "sed -i \"s/Require local/Require all granted/\" /etc/httpd/conf.d/wordpress.conf\n", "sed --in-place --e s/database_name_here/", { "Ref" : "DBName" }, "/ --e s/username_here/", { "Ref" : "DBUsername" }, "/ --e s/password_here/", { "Ref" : "DBPassword" }, "/ /usr/share/wordpress/wp-config.php\n", "systemctl restart httpd.service\n" ]]}} } } },

Wordpress template

"Outputs" : { "WebsiteURL" : { "Value" : { "Fn::Join" : ["", ["http://", { "Fn::GetAtt" : [ "WikiDatabase", "PublicIp" ]}, "/wordpress"]] }, "Description" : "URL for Wordpress wiki" } }}

Let's create a new stack :heat stack-create wordpress-f=wordpress.template -P="InstanceType=m1.small;DBUsername=admin;DBPassword=grizzly;KeyName=grizzly_key;LinuxDistribution=F17"

Heat Image contents

Autoscaling template“Resources”: { "WebServerGroup" : { "Type" :"AWS::AutoScaling::AutoScalingGroup", "Properties" : { "AvailabilityZones" : { "Fn::GetAZs" : ""}, "LaunchConfigurationName" : { "Ref" : "LaunchConfig" }, "MinSize" : "1", "MaxSize" : "3", "LoadBalancerNames" : [ { "Ref" : "ElasticLoadBalancer" } ] } },

"WebServerScaleUpPolicy" : { "Type" : "AWS::AutoScaling::ScalingPolicy", "Properties" : { "AdjustmentType" : "ChangeInCapacity", "AutoScalingGroupName" : { "Ref" : "WebServerGroup" }, "Cooldown" : "60", "ScalingAdjustment" : "1" } },

"WebServerScaleDownPolicy" : { "Type" : "AWS::AutoScaling::ScalingPolicy", "Properties" : { "AdjustmentType" : "ChangeInCapacity", "AutoScalingGroupName" : { "Ref" : "WebServerGroup" }, "Cooldown" : "60", "ScalingAdjustment" : "-1" }

},

"MEMAlarmHigh": { "Type": "AWS::CloudWatch::Alarm", "Properties": { "AlarmDescription": "Scale-up", "MetricName": "MemoryUtilization", "Namespace": "system/linux", "Statistic": "Average", "Period": "60", "EvaluationPeriods": "1", "Threshold": "50", "AlarmActions": [ { "Ref": "WebServerScaleUpPolicy" } ], "Dimensions": [ { "Name": "AutoScalingGroupName", "Value": { "Ref": "WebServerGroup" } } ], "ComparisonOperator": "GreaterThanThreshold" } },,

In closing

● Users and developers wanted!

● Connect with the community via IRC on #heat@freenode

● Check out the repository:https://github.com/openstack/heat

● Read the Documentation:http://wiki.openstack.org/Heat/

● Heat simple but powerful method for orchestrating OpenStack environments

Aéropôle de Charleroi-GosseliesRue des Frères Wright, 29/3B-6041 Gosseliesinfo@cetic.be

www.cetic.be

Thank you

Questions ?

contact : michael.vandeborne@cetic.be