1 of 30

A Container Stack for OpenStack

Scott McCarty (@fatherlinux)

Senior Principal Product Marketing Manager, Red Hat

Stephen Gordon (@xsgordon)

Principal Product Manager, Red Hat

Sebastien Han (@sebastien_han)

Principal Storage Architect, Red Hat

2 of 30

Why not just use OpenShift?

Why not just use OpenStack?

3 of 30

EXPOSITION & CONSUMPTION OF RESOURCES

4 of 30

Exposition of Resource

5 of 30

Consumption of Resource

Historically, consuming resources meant running processes (pstree output on the right)
Now consuming resources means running distributed processes in containers across a cluster of systems

This is what OpenShift & Kubernetes is really good at. We don’t necessarily want to schedule an entire VM to run a single process

Old sysadmins used to make jokes that the servers worked fine until we let the developers use them

I think we have finally started to understand that giving developers access to resources is how we build new products that make money and keep us in business
Developer Joke: “Chuck Norris can write infinite recursion functions…and have them return.” (reminds me of a time when I wrote a fork bomb in college and crashed the system that everybody in the lab was using)
Sysadmin Joke: “Chuck Norris’s first program was kill -9.”

6 of 30

Fancy Files

Fancy Processes

Also Fancy File Servers

7 of 30

Load Applications at the Factory, not the Dock

There are several main value propositions to containers

Standardization: instead of loading boxes, bags, crates, barrels, bicycles, pianos, etc, we can now load one unit
Performance: Containers are fancy processes so there is no overhead for virtualization
Intermodal: Package/Load at the factory instead of the dock (New: never mentioned by Docker Inc)

In 1906, it took 45 days to load a ship, coincidentally about the same amount of time it takes to requisition a physical server
Imagine you are loading a bunch of lamps. If you break them on the dock, you have to wait for new ones to arrive. If you load at the factory, you go grab a new lamp and keep loading. Now, with code if something doesn’t work, you can fix it at the factory, on the developers laptop
“It works on my machine” always holds true for Chuck Norris

8 of 30

9 of 30

The Tenancy Scale

Security is about levels of isolation, or tenancy
Back in the day, I used to telnet into a shared webserver in college. Literally, we could all run processes side by side, like a free system in Tron
Now days, sometimes you need an application in two different data centers with affected by different weather patterns or fault lines
The conversation is how much isololation is enough? Walk from left to right

Sometimes a process is enough isolation
Sometimes we need a container. If you are running in a shell in a container, you can run “ps -ef” and you don’t see other people’s processes
Sometimes we need the extra isolation of virtual server
Sometimes a physical server
Sometimes a different rack in the data center
Sometimes a different data center affected by different weather patterns or earchquake fault lines.

10 of 30

Application Containers

Code: mysqld
Configuration: /etc/my.cnf
Data: /var/lib/mysql
Other stuff :-)

11 of 30

Container Patterns

12 of 30

BETTER TOGETHER

13 of 30

OpenShift on OpenStack

Architectural tenets:

Technical independence
Avoiding redundancy
Contextual awareness
Simplified management

?

14 of 30

OpenShift on OpenStack - Current

Networking via Neutron networks.
Load Balancing via Neutron LBaaS V1
Block Storage via Cinder volumes.
Compute via Nova virtual machines.
Orchestration via Heat templates.
Reference architecture to be published “real soon now”

15 of 30

Use Case: Provisioning

Heat provides orchestration services for OpenStack clouds
Pre-provision OpenStack resources for tenant (networks, nodes, etc.).
Also used directly or via e.g. Magnum
Configure for access to network and storage
Register into Kubernetes cluster

16 of 30

Use Case: Networking

Tenant isolation via OpenStack SDN
Application isolation via container SDN
Environment separation and isolation

17 of 30

Use Case: Storage

Container hosts consume OpenStack storage
Tenant isolation
Application storage managed by Kubernetes
Stateful applications
Containerized distributed storage services

18 of 30

19 of 30

OpenShift on OpenStack - Future

Load Balancing via Octavia (LBaaS V2)
DNS via Designate
File Storage via Manila
Re-validate architecture on bare-metal using Ironic

20 of 30

CONTAINERIZING THE INFRASTRUCTURE

21 of 30

Why should you care?

Toward an unified and common tool for managing your platform, Kubernetes.

OpenStack is just another application on your container stack
Hypercon… what? Why was it difficult prior to containers?
Collocate compute and storage resources on the same machine
Fine control of resources using cgroups, NUMA and CPU pinning
Guest can potentially benefit from a local hit when performing IOs
Component upgrades made easy with containers

22 of 30

What is Ceph?

Open, massively-scalable, software-defined storage
Flexible, scale-out architecture on clustered commodity hardware
Unified storage platform
CRUSH algorithm to distribute data
Integrated, easy-to-use management console
Designed for cloud infrastructure and emerging workloads
Used by the majority of OpenStack deployments

23 of 30

Not supported yet

24 of 30

Hyperconverged Node In-depth

qemu-kvm

25 of 30

Introducing containerized work

OpenStack Kolla:

Runs OpenStack components in containers
Orchestration using Ansible
Prototype on Kubernetes (kolla-kubernetes project)

Ceph Docker:

Containerizes all Ceph daemons
Orchestration using Ansible
Prototype on Kubernetes

26 of 30

Tech previews

OpenStack Compute nodes tech preview since Red Hat OpenStack Platform 8
Red Hat Ceph Storage in containers since 1.3.2 and the new 2.0 release

27 of 30

KEY TAKE AWAYS

28 of 30

Free takeaways!

OpenShift enables developers to consume resources
OpenStack enables operations to expose resources
Containers simplify deployment of OpenStack, Ceph, OVS, etc.
OpenShift + OpenStack = Distributed Systems Operating System

29 of 30

30 of 30

Citations

OpenShift on OpenStack Heat Template Work: http://bit.ly/23Zh6l1
Dynamic Cinder Provisioning: red.ht/1qPRqFA
OpenShift Commons Briefing (Mark Lamourine): http://bit.ly/1NwLEDh
Workload and Containerization Characteristics: http://red.ht/1SBw9ql
Containerizing Ceph: https://github.com/ceph/ceph-docker
Kolla Kubernetes: https://github.com/openstack/kolla-kubernetes
Deploy Kolla images with Kubernetes spec: https://review.openstack.org/#/c/255450/

Scott McCarty @fatherlinux Stephen Gordon @xsgordon Sebastien Han @sebastien_han