How to launch an application?

How to deploy a VM? - Solution #2

Use Heat!

Heat template

heat_template_version: 2013-05-23

description:
  ...

parameters:
  ...

resources:
  ...

outputs:
  ...

Heat template - parameters

parameters:
  db_name:
    type: string
    description: WordPress database name
    default: wordpress
    constraints:
      - length: { min: 1, max: 64 }
        description: db_name must be between 1 and 64 characters
      - allowed_pattern: '[a-zA-Z][a-zA-Z0-9]*'
        description: >
          db_name must begin with a letter and contain only alphanumeric
          characters

Heat template - resources

resources:
  wordpress_instance:
    type: OS::Nova::Server
    properties:
      image: { get_param: image_id }
      flavor: { get_param: instance_type }
      key_name: { get_param: key_name }
      user_data:
        ...

Heat template - resource properties: user_data (1)

user_data:
  str_replace:
    template: |
      #!/bin/bash -v

      yum -y install mysql mysql-server httpd wordpress
      systemctl enable mysqld.service
      systemctl enable httpd.service
      systemctl start mysqld.service
      systemctl start httpd.service

      firewall-cmd --add-service=http
      firewall-cmd --permanent --add-service=http

Heat template - outputs

outputs:
  WebsiteURL:
    description: URL for Wordpress wiki
    value:
      str_replace:
        template: http://host/wordpress
        params:
          host: { get_attr: [wordpress_instance, first_address] }

How to deploy an VM? - Solution #2

heat stack-create mystack
                  --template-file=WordPress_Single_Instance.yaml
                  --parameters="db_name=$db_name;db_rootpassword=..."

tripleo-heat-templates

Image building

The goal of image building in TripleO

diskimage-builder

• disk images / file system images / ramdisk images
• virtual / baremetal machines
• stock of elements
• easily extensible

diskimage-builder

Scripts execution phases

• root.d
• finalise.d
• cleanup.d
• block-device.d
• extra-data.d
• pre-install.d
• install.d
• post-install.d
• environment.d

• creates a tmpfs mount to build the image in
• image is built using a chroot and bind mounted /proc /sys and /dev
• once the file system tree is assembled a loopback device with filesystem (or partition table and file system) is created and the tree copied into it.

element example: Fedora

bin/install-packages
bin/map-packages
bin/map-services
finalise.d/01-clean-old-kernels.sh
finalise.d/99-setup-first-boot
install.d/00-fedora-fixup-audit
install.d/00-fedora-fixup-openssl
install.d/00-fedora-fixup-pyopenssl
install.d/01-install-deps
pre-install.d/15-fedora-remove-grub
pre-install.d/00-usr-local-bin-secure-path
pre-install.d/02-lsb
root.d/10-fedora-cloud-image
README.md
element-deps
source-repository-fedora

Configuration

os-collect-config

[default]
command=os-refresh-config

[cfn]
metadata_url=http://192.0.2.99:8000/v1/
access_key_id = ABCDEFGHIJLMNOP01234567890
secret_access_key = 01234567890ABCDEFGHIJKLMNOP
path = MyResource
stack_name = my.stack

Heat template - metadata

resources:
  wordpress_instance:
    type: OS::Nova::Server
    properties:
      image: { get_param: image_id }
        ...
      metadata:
        key: value

os-refresh-config

Scripts execution phases

• pre-configure.d
• configure.d
• migration.d
• post-configure.d

os-apply-config

converts JSON file to service config

{"keystone": {"database": {"host": "127.0.0.1",
                           "user": "keystone",
                           "password": "foobar"}}}

[sql]
connection = mysql://keystone:foobar@127.0.0.1/keystone

mustache template example

[database]
connection={{tuskar.db}}

[heat_keystone]
username = {{tuskar.user}}
tenant_name = {{tuskar.tenant_name}}
password = {{tuskar.password}}
auth_url = http://{{keystone.host}}:35357/v2.0

tripleo-image-elements

diskimage-builder/elements vs tripleo-image-elements

element example: Nova

install.d/nova-source-install/74-nova
os-apply-config/etc/nova/nova.conf
os-refresh-config/configure.d/10-nova-state
pre-install.d/00-disable-requiretty
README.md
element-deps
source-repository-nova

VM vs baremetal

• pxe boot
• autodiscovery
• hw specs
• perf metrics

Ironic

TripleO == OpenStack On OpenStack

In reality: TripleO == OpenStack on OpenStack on OpenStack

Architecture

Overcloud

Undercloud

Seed

Workflow

Seed

Deploy Undercloud

Deploy Overcloud

Devtest

Seed - setup VM

setup-seed-vm -a $NODE_ARCH

$TRIPLEO_ROOT/diskimage-builder/bin/ramdisk-image-create \
    -a $NODE_ARCH $NODE_DIST $DEPLOY_IMAGE_ELEMENT \
    -o $TRIPLEO_ROOT/deploy-ramdisk

boot-seed-vm -a $NODE_ARCH $NODE_DIST neutron-dhcp-agent

Seed - register services

init-keystone -p unset unset 192.0.2.1 admin@example.com root@192.0.2.1

setup-endpoints 192.0.2.1 --glance-password unset
                          --heat-password unset
                          --neutron-password unset
                          --nova-password unset

Undercloud - create image

$TRIPLEO_ROOT/diskimage-builder/bin/disk-image-create $NODE_DIST
    -a $NODE_ARCH -o $TRIPLEO_ROOT/undercloud
    boot-stack nova-baremetal os-collect-config dhcp-all-interfaces
    neutron-dhcp-agent

UNDERCLOUD_ID=$(load-image $TRIPLEO_ROOT/undercloud.qcow2)

Undercloud - deploy with Heat

make -C $TRIPLEO_ROOT/tripleo-heat-templates undercloud-vm.yaml

heat stack-create
    -f $TRIPLEO_ROOT/tripleo-heat-templates/undercloud-vm.yaml
    -P "PowerUserName=$(whoami);AdminToken=${UNDERCLOUD_ADMIN_TOKEN};
        AdminPassword=${UNDERCLOUD_ADMIN_PASSWORD};
        GlancePassword=${UNDERCLOUD_GLANCE_PASSWORD};
        HeatPassword=${UNDERCLOUD_HEAT_PASSWORD};
        NeutronPassword=${UNDERCLOUD_NEUTRON_PASSWORD};
        NovaPassword=${UNDERCLOUD_NOVA_PASSWORD};
        BaremetalArch=${NODE_ARCH};
        PowerManager=$POWER_MANAGER;
        undercloudImage=${UNDERCLOUD_ID}"
    undercloud

Undercloud - register services

init-keystone -p $UNDERCLOUD_ADMIN_PASSWORD $UNDERCLOUD_ADMIN_TOKEN
    $UNDERCLOUD_IP admin@example.com heat-admin@$UNDERCLOUD_IP

setup-endpoints $UNDERCLOUD_IP
                --glance-password $UNDERCLOUD_GLANCE_PASSWORD
                --heat-password $UNDERCLOUD_HEAT_PASSWORD
                --neutron-password $UNDERCLOUD_NEUTRON_PASSWORD
                --nova-password $UNDERCLOUD_NOVA_PASSWORD

Overcloud - create the control image

$TRIPLEO_ROOT/diskimage-builder/bin/disk-image-create $NODE_DIST
    -a $NODE_ARCH -o $TRIPLEO_ROOT/overcloud-control
    boot-stack cinder-api cinder-volume os-collect-config
    neutron-network-node dhcp-all-interfaces swift-proxy swift-storage

OVERCLOUD_CONTROL_ID=$(load-image -d $TRIPLEO_ROOT/overcloud-control.qcow2)

Overcloud - create the compute image

$TRIPLEO_ROOT/diskimage-builder/bin/disk-image-create $NODE_DIST \
    -a $NODE_ARCH -o $TRIPLEO_ROOT/overcloud-compute \
    nova-compute nova-kvm neutron-openvswitch-agent os-collect-config \
    dhcp-all-interfaces

OVERCLOUD_COMPUTE_ID=$(load-image -d $TRIPLEO_ROOT/overcloud-compute.qcow2)

Undercloud - deploy with Heat

make -C $TRIPLEO_ROOT/tripleo-heat-templates overcloud.yaml

heat stack-create -f $TRIPLEO_ROOT/tripleo-heat-templates/overcloud.yaml
    -P "AdminToken=${OVERCLOUD_ADMIN_TOKEN};
        AdminPassword=${OVERCLOUD_ADMIN_PASSWORD};
        CinderPassword=${OVERCLOUD_CINDER_PASSWORD};
        GlancePassword=${OVERCLOUD_GLANCE_PASSWORD};
        HeatPassword=${OVERCLOUD_HEAT_PASSWORD};
        NeutronPassword=${OVERCLOUD_NEUTRON_PASSWORD};
        NovaPassword=${OVERCLOUD_NOVA_PASSWORD};
        NeutronPublicInterface=${NeutronPublicInterface};
        SwiftPassword=${OVERCLOUD_SWIFT_PASSWORD};
        SwiftHashSuffix=${OVERCLOUD_SWIFT_HASH}${OVERCLOUD_LIBVIRT_TYPE};
        SSLCertificate=${OVERCLOUD_SSL_CERT};SSLKey=${OVERCLOUD_SSL_KEY}"
    overcloud

Undercloud - register services

init-keystone -p $OVERCLOUD_ADMIN_PASSWORD $OVERCLOUD_ADMIN_TOKEN
    $OVERCLOUD_IP admin@example.com heat-admin@$OVERCLOUD_IP
    ${SSLBASE:+--ssl $PUBLIC_API_URL}

setup-endpoints $OVERCLOUD_IP --cinder-password $OVERCLOUD_CINDER_PASSWORD
    --glance-password $OVERCLOUD_GLANCE_PASSWORD
    --heat-password $OVERCLOUD_HEAT_PASSWORD
    --neutron-password $OVERCLOUD_NEUTRON_PASSWORD
    --nova-password $OVERCLOUD_NOVA_PASSWORD
    --swift-password $OVERCLOUD_SWIFT_PASSWORD
    ${SSLBASE:+--ssl $PUBLIC_API_URL}

Overcloud deployment with Tuskar

Registering of baremetal nodes(manual)

Hardware profiles (Flavors)

• Standard openstack flavors with architecture field (i386/amd64) added
• Heat uses nova-boot for provisioning, nova scheduler looks for available hardware by doing exact match of node specs with chosen flavor

Images

• Created by image builder and uploaded to Glance.

Deployment Role

• Creates a group of baremetals running the same group of services. (E.g. nova compute, block storage, etc.)
• Relation to hardware profiles(flavors)
• Relation to image
• Relation to heat template

Limited for these roles for Icehouse

• Controller (all services control planes)
• Compute (Nova)
• Object storage (Swift)
• Block storage (Cinder)

Deployment role example

Deploying Overcloud example

Deploying Overcloud example

Deploying Overcloud example

Future (Juno) management of Deployment Roles

• Assigning Image
• Assigning Template
• Assigning Hardware profiles (flavors)

Then we are prepared to deploy any service on the separate baremetals, that can be easily scaled, e.g. Neutron, Ceilometer, Ironic, etc....

In future we will allow to provision multiple images on one machine with Docker.

Future possible needed services

• Heat Template repository as Openstack service?
• Image builder as a Openstack service?

Overcloud monitoring with Tuskar

Monitoring of baremetals

• Icehouse: monitoring via SNMP: cpu_util, memory, disk, network
• Juno: monitoring via IPMI: Temperature, Fan Speed, Volt, etc. Plus pluggable architecture for vendor specific metrics.

Storing and querying stats

• Using Ceilometer agent for polling of the samples
• Using Ceilometer as generic samples and meters storage
• Using Ceilometer for querying statistics
• Ceilometer is supporting many backends MongoDB, MySQL, PostgreSQL, HBase, DB2 (Elastic search in progress)

Using D3 and rickshaw libraries for rendering charts

Future (Juno) Adding 'events time-line' to charts

• Under the each chart, there will be a time-line of the events, as a context for the chart data.
• E.g. machine updated, powered down, bad health, etc..

Future (Juno) monitoring of running services

• Extending Glance, so it can return list of services packed in image
• Monitoring of services on each baremetal using Ceilometer

Future(Juno) monitoring of the running services

Overcloud management with Tuskar

Scaling of the Overcloud

Downscaling of the overcloud

• Deleting resource manually then update stack.
• Choosing which resource to unprovision when downscaling, so users can evacuate services running inside, before downscaling happens
• Next: defining hooks for upscaling/downscaling so the evacuating behavior can be defined on template level, so it will be automatic.

Future (Juno) Auto-scaling of the overcloud

• We are waiting on ability to scale nested stacks, implemented in Heat
• Auto-scaling using Ceilometer alarms defined in the Heat template
• Auto-scaling with conditions we need, e.g. cpu_util bigger than 50% for 1 minute

FUTURE (Juno) Auto-scaling examples

• Newly plugged hardware can be auto-discovered and auto-scaled.
• It can be combined, as you application is scaling, the more hardware will be needed. That can be taken from e.g. other scaling down and releasing the hardware.

Running overcloud in HA

• AMQP - Rabit MQ cluster in active-active
• Openstack API instances - Virtual IP and keepalived + HA proxy
• DB - Mysql Percona XtraDB Cluster