Kolla - containerizing the cloud itself

Copyright © 2015 Mirantis, Inc. All rights reserved

www.mirantis.com

Kolla Containerizing the cloud itself

Michał Rostecki | OpenStack Software [email protected]


What is LXC (Linux Containers)?

LXC is isolation of Linux systems which separates resources, filesystem, network namespace, but shares the common kernel.It’s based on cgroups which is kernel’s feature to limit resources for processes.It’s much more lightweight than virtualization.


What is Docker?

Docker is a RESTful API for containerization technologies. One of them (and the main one) is LXC.It provides layers for containers to utilize disk space when different containers have a common base.


Problems that Docker solves

● Separation of applications which share common libraries in different versions

● Upgradability of software● “It worked on my machine”● Possible differences in deployments due to i.e. packages

installation in different time


Typical Docker application

Cloud

Developer’s machine

Application

Database

Application

Message queue

Database

Other app

Message queue


But… what’s the cloud?

Cloud consists of a lot of hardware and a complicated software which manages:● Virtual machines● Block or objective storage● Networking● Bare metal hardware● Containers (running both on VM-s and bare metal)


OpenStack architecture


Problems of OpenStack

● Separation of OpenStack components which share common libraries in different versions

● Upgradability of OpenStack● “It worked on my devstack”, “It worked on my test env”● Possible differences in deployments due to i.e. packages

installation in different timeAlmost the same like for “usual” applications, but in much bigger scale!


Docker solves them too!

That’s why Kolla project was created.It provides Docker images with different OpenStack services.


What we containerized

● MariaDB● RabbitMQ● Ceph● Openvswitch● Memcached

● Keystone● Glance● Nova● Cinder● Swift● Heat● Horizon


Components of Kolla

● Docker images templates and builder - which supports different Linux distributions (RH family and Debian family) and types of OpenStack installation (from binary packages or source)

● Ansible playbooks and modules, which generate config files and deploy containers


Development in progress

● “Docker in Docker” - for testing multinode Kolla deployments using only Docker, without VM-s

● Running OpenStack on Mesos - orchestration/scheduling service for containers

● Storing OpenStack services configuration in ZooKeeper


Technologies

● Docker● Python

● docker-py● Jinja2● Ansible modules

● Ansible● ZooKeeper● Mesos● Pecan


docker-py

Docker-py is a Python client for Docker API.Used by us for building Docker images.


Jinja2

Jinja2 is a templating engine for Python, which provides environment (variables), forloops, “if” conditionals, blocks, inheritance etc. into text files.Mostly known by Flask (it’s a integrated part of it).Commonly used in the other lightweight frameworks (often as a standalone lib).


Ansible

Ansible is a configuration and orchestration system which can deploy any kind of software. It uses SSH to connect to the servers (it’s agentless).It has module to run Docker containers on deployed hosts.It’s written in Python and supports Python-based modules.


ZooKeeper

ZooKeeper is a key-value store used for keeping the configuration of high-available services.


Mesos

Mesos is the container orchestration and scheduling service.It can isolate applications by Docker or “vanilla” cgroups.Exposes its API to users by frameworks. The main one is Marathon, but Kubernetes is also supported as a framework.


Pecan

Pecan is a lightweight web framework. Based on WebOb. Provides Mako templates.Mostly used framework in OpenStack API-s. OpenStack doesn’t use Pecan’s (Mako) templating - there are only JSON views.


Pecan vs Flask

Flask● you have to use “app”

object in every view or plugin - risk of circular imports

● you have to define routing “by hand”, with string

Pecan● you define “app” with

config once on server running and don’t use it anymore

● routing is discovered dynamically


Pecan vs Flask

Flaskapp.py

import flask

app = flask.Flask(__name__)

views.py

import flask

import app

@app.route(“/foo”):

flask.jsonify(foo=’bar’)

Pecanapp.py

import pecan

app = pecan.make_app(

‘controllers.RootController’)

controllers.py

class RootController(object):

foo = FooController()

[...]


Pecan vs Flask

Pecan has an app object with root controller defined. App object is not needed to be called anywhere. Other controllers are defined as attributes of the root one.

app RootController/

FooController/foo


Pecan vs Flask

Flask has an app object which has to be used as a decorator of every view and plugin.

app

root_view/

foo_view/foo


Contributors

Kolla is one of the most diverse OpenStack project in terms of companies.


Contributors


Why OpenStack is needed here?

Why cannot be use Mesos without OpenStack? We need just containers!


Why OpenStack is needed here?

The answer is networking and its isolation, which is not present in Mesos and Docker itself, but is in OpenStack:● Currently - OpenStack can separate containers by putting

them into different VM-s or bare metal servers, which have different networks.

● In near future - OpenStack’s project Kuryr will bring virtualized networking directly to Docker containers.


Q&A

Thank you for your attention

Technology

Kolla - containerizing the cloud itself