7. Now Let’s Talk Openstack!
https://www.openstack.org/summit/vancouver-2018/
8. OpenStack Days Canada - 2018
Around October 10th
● Sponsors
● Speakers
● Helpers
● Stackers
9. OpenStack Days Canada Committee
OSDC is now based on OpenStack Days Nordic model
● Will alternate from Montreal to Ottawa or
other Canadian cities willing to host the
event.
Committee members:
● Mohammed Naser (Montreal)
● Stacy Véronneau (Montreal)
● David Moreau Simard (Montreal)
● Paul Belanger (Ottawa)
● Raymond Maika (Ottawa)
● Noura Daadaa (Ottawa)
● Curtis Collicutt (Toronto)
● Stephen Gordon (Toronto)
● George Mihaiescu (Toronto)
● Corey Erickson (Edmonton, Calgary, Vancouver)
● John Studarus (USA)
● Denise Ridolfo (OpenStack Foundation)
10. Reach out to your organizers for talk submission,
sponsorship or any MeetUp related topics.
11. Join us on Slack!
http://openstack-canada-slack-invite.herokuapp.com/
13. Our Speakers
Our first speakers will be Ian Jolliffe and
Yaniv Zadka from Wind River. They will talk
about Wind River and their upstream focus
areas, they'll do a demo of their platform
and also give us an update from the Dublin
PTG (Besides #Snowpenstack).
14. Our Speakers
Our second speaker will be Raymond Maika
from CENGN who will follow from his talk at
OpenStack Days Canada about OpenStack Helm.
This talk will answer the question: How do
you run OpenStack on Kubernetes? The
answer, OpenStack Helm Charts.
16. Stacy Véronneau
● Senior Cloud Architect at CloudOps. Focus
on OpenStack and GCP.
● Using public cloud resources since 2007
● OpenStack user since Grizzly
● OpenStack MeetUp organizer across Canada
● Speaker at OpenStack Days and Summit
● OpenStack Mentor since August 2017
● Canadian OpenStack Ambassador since October
2017
17. Long Live The QUEENS!
● 17th release of OpenStack
● Released on February 28th 2018
● Will be Followed by Rocky on August 28th
● Dedicated to the memory of Shawn Pearce, founder
of Gerrit which has been at the center of
OpenStack’s development process since the Diablo
release.
18. Long Live The QUEENS!
● New in Nova - Support for vGPUs
○ Cloud admins can define flavors that request vGPU
resources and specify resolutions for vGPUs, and end
users will be able to boot vms which have vGPUs.
● New in Cinder - 1 volume to Multiple VMs
○ one of the most highly-requested features in cloud
environments. An obvious benefit is that you can have
two nodes accessing the same volume, so if one goes down,
the other can take over and has access to the data, which
supports enterprise users who need robust environments
and users who need high availability.
19. Long Live The QUEENS!
● New in Ironic - Rescue Mode
○ Ironic user growth is going way up
○ With Rescue Mode, Ironic users now have a safety net if
something won’t boot correctly, something’s misconfigured,
they lose an SSH key, etc
● New in Kuryr CNI Daemon - Improving scalability
○ Growing OpenStack project that bridges container networking
frameworks and OpenStack networking.
○ CNI daemon watches pod events now instead of waiting on K8s
API.
20. Long Live The QUEENS!
● New in Horizon - WYSIWYG for orchestration
21. Long Live The QUEENS!
● New in Policy - RBAC in code
○ Policy.json SNAFU gone
○ RBAC policies are now in code in the majority of
projects, providing better communication about service
policies and the ability to set more granular defaults in
RBAC policies through that easier discoverability.
○ Congress???
22. ● New Projects
○ OpenStack Helm
■ Package Manager for K8s
○ OpenStack Masakari
■ Helps OpenStack clouds achieve high availability from
various vm failure events and automates the rescue
mechanism.
○ OpenStack LOCI
■ Lightweight OCI (Open Container initiative)
compatible images of OpenStack services.
○ OpenStack Cyborg
■ Management framework for accelerators. Great for
Telco NFV workloads.
Long Live The QUEENS!
23. Long Live The QUEENS!
● More news on this release at:
○ https://www.openstack.org/software/queens/
○ https://releases.openstack.org/queens/highlights.html
24. What’s next for ROCKY?
● Fast forward upgrade. I.e., go from
Liberty to Rocky!
● Minimum bandwidth and bandwidth-based
scheduling. Good for NFV and cloud
providers.
● Enable mutable configuration across
services. Change configs without
restarting a service!
25. OpenStack ‘S’ is STEIN!
Steinstraße or "Stein
Street" in Berlin, can
also be conveniently
abbreviated as
47. Kubernetes
• Leading container orchestration engine
• Provides several different types of container
deployments that are useful in deploying and
maintaining the state of OpenStack services
– Deployments to specific nodes based on
labels
– Constraints on how many replicas are
distributed across nodes
• Min/max that are up, fault tolerance levels
– Service endpoints that can map to
OpenStack service endpoints
48. OpenStack Dockerized
• Kolla is an OpenStack project
• Mission statement: “Kolla provides production-ready containers and deployment tools
for operating OpenStack clouds that are scalable, fast, reliable, and upgradable using
community best practices.”
• Creates stable docker images
• Tagged images based on OpenStack major releases
– 3.x Newton
– 4.x Ocata
– 5.x Pike
49. OpenStack Dockerized (part 2)
• OpenStack LOCI is a project designed to quickly build
Lightweight OCI compatible images of OpenStack services
• LOCI is an attempt to create the lightest container images
possible for core OpenStack services
• Optimization for CI/CD and stability
• Can be built from ubuntu:xenial or centos:7 base images
50. Helm
• “Kubernetes Package Manager”
• Helps to model, configure, and upgrade applications
deployed on k8s
• Facilitates management for immutable containers
– Allows templatizing configurations for install-time
overrides or upgrades
– Greater portability by allowing environment variables to
be injected into configurations at deployment
• Includes rollback workflow when running upgrades
51. OpenStack-Helm Project
• The OpenStack-Helm project aims to provide a collection of Helm charts to
deploy highly available OpenStack and related services on K8s
• OpenStack-Helm is an official OpenStack project
• Charts provided by OpenStack-Helm currently include (but not limited to):
– openstack-helm: (core OpenStack charts)
• Barbican, Ceilometer, Cinder, Glance, Gnocchi, Heat, Horizon, Keystone,
libvirt, Magnum, Neutron, Nova, Rally
– openstack-helm-infra: (charts for supporting services)
• Ceph, Ingress, MariaDB, Memcached, RabbitMQ, OVS
52. OpenStack-Helm Charts
• Chart is the basic unit of Helm
• A chart describes an application’s full
deployment, including:
– Templates for all K8s objects to run the
service
– Templates for all OpenStack service configs
– A YAML file called values.yaml that sets all
variables in the chart’s templates
• Tiller (helm server) processes the values from the
YAML files, fills templates and deploys K8s
resources
• Ref: https://docs.openstack.org/openstack-
helm/latest/
HelmChartCharts
Helm-toolkit
etc
*custom* *Conf.tpl
_policyjs
on.tpl
*_paste.i
ni.tpl
Templates
bin
*.tpl
Service.yaml
Deployment.yaml
DaemonSet.yaml
StatefulSet.yaml
Job*.yaml
Configmap-bin.yaml
Secret*.yaml
Ingress.yaml
Values.yaml Requirements.yaml Chart.yaml
53. Deployment Pattern
• The following pattern is used to deploy OpenStack services using Helm:
– Init and sync to the database
– Build ConfigMap in Helm
– Create Keystone services, users, and endpoints
– Create Deployments or DaemonSets of the control and compute plane Pods
to nodes based on labels
– Use a Kubernetes service to distribute requests to all Pods in the ReplicaSet
• All managed by the Helm server, which can also distribute required changes for
config updates or service upgrades
54. Deployment: CNI Network
• First after deploying a K8s cluster, need to
initialize a CNI plugin
• In this demo, that is Calico
• Calico is a pure L3 CNI plugin, uses host
gateways to route traffic
• Optional IPIP tunneling between hosts
• Calico and Flannel are supported by openstack-
helm
– Deployed by charts maintained in openstack-
helm-infra
Networking
(CNI)
Calico
55. Deployment:
OpenStack-Helm Charts
• Once there is a CNI plugin we can start
deploying containers
• The OpenStack-Helm Charts use the
Helm server to deploy and configure
containers on the hosts’ Docker runtimes
• OpenStack Kolla images are Docker
images for OpenStack services
• There are also charts to deploy Ceph and
other OpenStack-related services for
storage and messaging
Docker
runtime
OpenStack
Kolla
images
Helm
OpenStack-
Helm charts
Storage
Ceph
56. Deployment: Data
• Need data storage for OpenStack services
– Many OpenStack services save their state to a database
– Databases are stateful, need to store their data in
persistent storage
– Ideally with K8s, that storage is available to all worker
nodes
• Ceph is a well-known open source distributed storage solution
– Ceph has docker images available (ref: https://github.com/ceph/ceph-docker)
• These images can be leveraged to run Ceph on K8s
– HA accomplished with several mon and OSDs distributed
across the cluster
– Distributes the volumes used by database pods
Storage
Ceph
57. Deployment: Data (2)
• With ceph deployed, can deploy the database
onto ceph-backed storage
– This is done with a StorageClass in
Kubernetes
– Allows pods to mount a volume that is
provided (bound) by the StorageClass
• MariaDB is deployed in a 3-pod cluster across
nodes (across nodes with controller label)
• Now the deployment of OpenStack services can
begin
Helm
OpenStack-
Helm chart:
MariaDB
58. Deployment: Keystone
• First OpenStack service deployed is almost always Keystone, as other services
will register with it later
• Objects being created in Kubernetes by the Helm chart are:
– Secrets with credentials and tokens to be shared to other services
– Cronjobs – Keystone fernet key rotations
– One-time jobs – database init, database sync
– Pod(s) – keystone-api
– ReplicaSets – keystone-api
– Service – keystone-api (load balances to all pods, IP from the service CIDR)
59. Deployment: Glance, Cinder
• Two basic units for Image and Volume services, along with Nova and Neutron
make up the minimal deployment of an OpenStack cloud
• Helm will deploy the following objects to provide these services:
– Secrets – service credentials for keystone
– One-time Jobs – db_init, db_sync, keystone_[endpoints,user,service], glance-
bootstrap
– Pods – glance-api, glance-registry, cinder-api, cinder-scheduler, cinder-volume
– ReplicaSets – glance-api, glance-registry, cinder-api, cinder-scheduler, cinder-volume
– Services – cinder-api, glance-api, glance-registry
60. Deployment: Nova
• Basic unit for compute
• Helm deploys the following:
– Secrets – service credentials for keystone
– One-time Jobs – db_init, db_sync, keystone_[endpoints,user,service]
– Pods – nova-api-osapi, nova-api-metadata, nova-conductor, nova-scheduler,
nova-consoleauth, nova-libvirt, nova-compute*
– ReplicaSets – nova-api-osapi, nova-api-metadata, nova-conductor, nova-scheduler,
nova-consoleauth
– Services – nova-api, nova-metadata
61. Deployment: Neutron
• Basic unit for networking
• Helm deploys the following:
– Secrets – service credentials for keystone
– One-time Jobs – db_init, db_sync, keystone_[endpoints,user,service]
– Pods – neutron-server
– ReplicaSets – neutron-server
– Services – neutron-server
64. Benefits of OpenStack-Helm
• Using charts from OpenStack-Helm is a step towards making OpenStack “Cloud Native”
– Lower overhead by containerizing (kola/LOCI), orchestrating (K8s) OpenStack
– Leverage tooling ecosystem of the CNCF – Prometheus, Fluentd, etc
• See all at: https://www.cncf.io/projects/
– Step towards more scalable and distributed OpenStack control plane
• Use native Kubernetes features to manage OpenStack services
– Rolling upgrades
– Healthchecks
– Replica parameters (min/max available, maxUnavailable)
– Logging from and access to all services available across all controllers