PowerPoint Presentation
Things we found while playing aroundDeploying Apps on
OpenStackAnne Gentle and Hart HooverTechnical Product ManagersOct.
26, 2016
#
1
IntroductionsAnne GentleHart HooverTechnical Product Managersat
Cisco
Were fromTexas, yall.
@annegentle@hhoover
#Slides can be found on slideshare2
Find OutWhat tools work well for app deployment?How do you
practice deploying on OpenStack?What did we learn?Demos!Get the
deck: slideshare.net/annegentle
Ask for us at Cisco Stand A25
#Rock-solid IaaSLets make the infrastructureboring.
Done.
Now what?
Lets play!
#
Common use cases for applications on OpenStackweb apps, mobile
appsenvironmentsCI/CD pipelineecommerceentertainment/mediaserving
content (think: ad network)big datayou name itFlickr: rlopez117
#
Configuration ManagementMany options:OpenStack-inclusive:
Orchestration, Application CatalogEcosystem-only: Ansible, Chef,
Puppet, cloud-initCombinations: Orchestration template that runs
Ansible or Puppet configurationsFlickr: mingusmutter
#
Orchestration templates in combination with CM An Orchestration
(heat) template can automate networking so that floating IPs and
public network access is available at runtime of server launch.
This combination means you truly deploy with heat.
In the template, pass parameters into the application itself at
launch (Minecraft creative mode for example).
Heat can control your software deployments with liberty for
deployment of your app (we had been waiting a while for this).
#
ContainersWhere do containers on OpenStack fit into the
application deployment use case?
Docker resource in OpenStack Orchestration; do cloud providers
offer it?
Docker is easy to use locally; container orchestration that
someone else runs is even better.
Flickr: stevensnodgrass
#there is a docker resource in heat - does anyone use it? Have
not found many clouds supporting that resource.
How to: practice deployment on OpenStackFind a cloud that will
give you credentials.Find services you want to install.Find heat
templates.Find ansible-galaxy solutions.Play around!Test test test,
sleep, test.Flickr: dharder9475
#
Get credentials
Upload a key pair
Determine OS username:cloud?root?Flickr: lamerie
#Its not just credentials to the cloud itself, I found. Also
find out what the username is for the images you want to use. And
since Im cloning github repos, I needed to upload my github key as
a keypair for that remote user. This is also where I found out
Trystack didnt have an Orchestration endpoint.
10
Demo Software Apache/NGINX MySQL Etherpad Minecraft
Jekyll/WordPress PaaSFlickr: leosagnotti
#Its interesting, theres not a lot of interesting truly open
source software out there. I think thats why lots of people deploy
openstack itself on openstack. Its true open source. Thats why
every infrastructure demo typically is WordPress - multi-tier app
everyone knows.
11
Look for templates:
GitHub: heatChef cookbooksPuppet ForgeAnsible GalaxyFlickr:
threeblackdots
#Spent a ton of time trying to find a magic bullet. It doesnt
really exist for icehouse/liberty era clouds that we have access
to.
Which clouds support Orchestration?
Which CLI tool?
Which version of OpenStack?
Things we found while playing around
#TryStack doesnt support Orchestration. RegionOne errorFound out
the neutron CLI tool gives better output than the openstack CLI
tool, and sometimes you have to use nova CLIFound out your clouds
dont have the resources you want for Orchestration, such as
software config and software deploy, on Icehouse clouds13
Need Orchestration-ready images.Things we found while playing
aroundMurano looks awesome! But where? Never use the default
security group.
#. os_collect_config... Etc werent in some cloud images. Murano
looks awesome! But none of our cloud providers have it installed.
Set up your own so you know what traffic is in and out with
confidence.
14
Docker just works.
ContainersFlickr: jeremybrooks
#For easy, dev environments, Docker pre-built images take a lot
less time to test with.15
Who am I?
Am I admin or user?
Am I cloud or cloud-user?
Flickr: blakebolinger
#Find out youre admin on one cloud, user on another. And that
makes for really long floating IP lists when you use the OpenStack
CLI.
Plus, you have to know the images remote OS username if youre
using your public key to clone git repos.
Everything is replaced with a tiny shell scriptFind out how
little you know about Linux administration and commands (eek!).
Find out what a terrible typist you are: m1.smell
Find out how long it takes to have SSH access while debugging
too much at once: cloud-init, ansible, heat, oh my.
#I was surprised that all templates come down to bash scripting.
I was also surprised at how hard this is.
Lets Demo Minecraft and JekyllI can haz templates?
#
MinecraftOrchestration template
#
#
JekyllAnsible template
#Prerequisites: 1. Must have public key uploaded: openstack
keypair create --public-key ~/.ssh/id_rsa.pub 2. Must have private
network created with router to public network interface created:
neutron router-gateway-set doc-router public 3. Must have a port
associated with a floating IP for the subnet carved out of the
private network. 3.5 Must have a floating IP allocated: openstack
ip floating create public 4. Must have correct cloud user name for
remote images in the ansible playbook files and then ensure that
username is in the ansible-jekyll branch the cloud-init is cloning.
On Trystack:openstack server create \ --image "Ubuntu14.04" \
--flavor m1.small \ --key-name pub-key \ --security-group default \
--nic net-id=doc-test \ --user-data
~/src/deploying-apps/cloud-init-jekyll-trystack.txt \ --wait \
jekyll-staging
Launch playbook with cloud-init and user-data
#
Ansible playbooks, roles, tasks, templates
#
#
SummaryLearn tools for deploymentUse cloud-ready
imagesParameterize everythingGet the best of both worlds: infra
plus configuration managementDemosOrchestration + Ansiblecloud-init
+ Ansible
#
25
#Any questions, ask26
