Contenu connexe
Similaire à Painless OpenStack Deployments Powered by Puppet
Similaire à Painless OpenStack Deployments Powered by Puppet (20)
Painless OpenStack Deployments Powered by Puppet
- 2. About Me
Christopher Aedo
Solutions Architect
Technical Evangelist
doc@morphlabs.com
doc@aedo.net
T I T L E : PA I N L E S S O P E N S TA C K D E P L O Y M E N T S P O W E R E D B Y P U P P E T C O N F I D E N T I A L & P R O P R I E TA R Y 2
D AT E : July 5 2012
© 2012 Morphlabs Inc. All Rights Reserved
- 3. What is OpenStack?
Founded July 2010 by RackSpace and NASA
“OpenStack is a global collaboration of developers and
cloud computing technologists producing the ubiquitous
open source cloud computing platform for public and
private clouds. The project aims to deliver solutions for
all types of clouds by being simple to implement,
massively scalable, and feature rich.”
T I T L E : PA I N L E S S O P E N S TA C K D E P L O Y M E N T S P O W E R E D B Y P U P P E T C O N F I D E N T I A L & P R O P R I E TA R Y 3
D AT E : July 5 2012
© 2012 Morphlabs Inc. All Rights Reserved
- 4. What is OpenStack?
Built from a series of interrelated projects delivering various components for
a cloud infrastructure solution.
•Compute (multiple hypervisors, LXC, bare metal)
•Storage (Object, Block)
•Networking (Nova Network, Quantum, +many others)
•Dashboard (Horizon)
•Shared Services (Identity, Image storage)
T I T L E : PA I N L E S S O P E N S TA C K D E P L O Y M E N T S P O W E R E D B Y P U P P E T C O N F I D E N T I A L & P R O P R I E TA R Y 4
D AT E : July 5 2012
© 2012 Morphlabs Inc. All Rights Reserved
- 5. Large and quickly expanding ecosystem
T I T L E : PA I N L E S S O P E N S TA C K D E P L O Y M E N T S P O W E R E D B Y P U P P E T C O N F I D E N T I A L & P R O P R I E TA R Y 5
D AT E : July 5 2012
© 2012 Morphlabs Inc. All Rights Reserved
- 6. Large and quickly expanding ecosystem
T I T L E : PA I N L E S S O P E N S TA C K D E P L O Y M E N T S P O W E R E D B Y P U P P E T C O N F I D E N T I A L & P R O P R I E TA R Y 6
D AT E : July 5 2012
© 2012 Morphlabs Inc. All Rights Reserved
- 7. Large and quickly expanding ecosystem
T I T L E : PA I N L E S S O P E N S TA C K D E P L O Y M E N T S P O W E R E D B Y P U P P E T C O N F I D E N T I A L & P R O P R I E TA R Y 7
D AT E : July 5 2012
© 2012 Morphlabs Inc. All Rights Reserved
- 8. Are OpenStack installs painful?
Depends...
•Single node, just for fun?
• Use DevStack! (http://devstack.org)
•Need more?
•It definitely gets complicated
•Multiple compute nodes?
•What about networking? Flat DHCP, or VLANs?
•Don’t forget Quantum (network connectivity as a service)!
•Routing - send traffic back through controller, or direct via multi-host?
•Extra bridge devices on your computes (accessing multiple networks, etc.)?
•Swift object store! How many nodes in your ring?
•Block storage too! Multiple devices, dedicated network for storage?
T I T L E : PA I N L E S S O P E N S TA C K D E P L O Y M E N T S P O W E R E D B Y P U P P E T C O N F I D E N T I A L & P R O P R I E TA R Y 8
D AT E : July 5 2012
© 2012 Morphlabs Inc. All Rights Reserved
- 9. Configuration management!
•Consistency is key
• reduce your variables, reduce your surprises
•One admin can do the work of five
• (or five admins don’t have to work too hard!)
•Many choices
T I T L E : PA I N L E S S O P E N S TA C K D E P L O Y M E N T S P O W E R E D B Y P U P P E T C O N F I D E N T I A L & P R O P R I E TA R Y 9
D AT E : July 5 2012
© 2012 Morphlabs Inc. All Rights Reserved
- 10. Puppet FTW!
•But WHY?? Chef is better!
•Wait, Mark Burgess invented the whole concept in 1993 with CFEngine!
•You forgot Salt! SaltStack ROCKS!
•Chef is easier to use!
•Puppet’s RAL is brilliant!
•Promise Theory and self healing is genius!
•Bah, my bash scripts are more than enough!
•Rundeck man, that’s where it’s at!
T I T L E : PA I N L E S S O P E N S TA C K D E P L O Y M E N T S P O W E R E D B Y P U P P E T C O N F I D E N T I A L & P R O P R I E TA R Y 10
D AT E : July 5 2012
© 2012 Morphlabs Inc. All Rights Reserved
- 11. Classic puppet examples
Get the current state (the RAL sorts this for you):
dpkg-query --search git
Check the desired state (you tell Puppet what you want):
package {‘git’:
ensure => present,
}
Sync if needed (Puppet delivers):
apt-get install git
Note the event (Puppet logs it):
state transition: absent -> present
T I T L E : PA I N L E S S O P E N S TA C K D E P L O Y M E N T S P O W E R E D B Y P U P P E T C O N F I D E N T I A L & P R O P R I E TA R Y 11
D AT E : July 5 2012
© 2012 Morphlabs Inc. All Rights Reserved
- 12. Resource types and providers
•Common types:
• Package, Service, File, User, Group, Exec, Host
•Common providers:
• Package providers:
RPM
yum
apt
• Service providers:
init
systemd
upstart
T I T L E : PA I N L E S S O P E N S TA C K D E P L O Y M E N T S P O W E R E D B Y P U P P E T C O N F I D E N T I A L & P R O P R I E TA R Y 12
D AT E : July 5 2012
© 2012 Morphlabs Inc. All Rights Reserved
- 13. Morphlabs and Puppet
•We have been using it for a long time (it feels comfy)
•The RAL makes us worry less about underlying changes
• “Resource Abstraction Layer” sorts out stuff like “using apt or rpm?”
• We use Ubuntu now, but adding RHEL (or other distros) to the mix is no sweat
•Performs configurations as state changes
• We can encapsulate everything we need in a single config
• Add/modify config files, fix ownership
• Guarantee necessary packages are installed and running
•Written in Ruby (many ruby devs in the house)
•Cross-platform (Linux, Windows, BSD, Solaris and more)
•Makes our life easy!
T I T L E : PA I N L E S S O P E N S TA C K D E P L O Y M E N T S P O W E R E D B Y P U P P E T C O N F I D E N T I A L & P R O P R I E TA R Y 13
D AT E : July 5 2012
© 2012 Morphlabs Inc. All Rights Reserved
- 14. Why does it matter to Morphlabs?
•We deploy private clouds based on OpenStack
•We work with large service providers so they can offer private cloud to their
customers
•We work with large enterprises, helping them transition from bare-metal and
virtualized servers to “the cloud”
•We support these environments, so if something goes wrong, it’s our
problem
• I want happy customers, and more of them
• I also want my admins to sleep easy and not worry about having to deal with
surprises
•Puppet helps us eliminate unknowns
•Dell hardware gives us a power-dense energy efficient highly reliable
platform to run our code
•OK, all done with the marketing!
T I T L E : PA I N L E S S O P E N S TA C K D E P L O Y M E N T S P O W E R E D B Y P U P P E T C O N F I D E N T I A L & P R O P R I E TA R Y 14
D AT E : July 5 2012
© 2012 Morphlabs Inc. All Rights Reserved
- 15. Puppet and OpenStack
•Puppet Labs crew deeply involved with OpenStack
• http://puppetlabs.com/solutions/openstack/
•Their OpenStack manifests are where we start
• https://github.com/puppetlabs/puppetlabs-openstack/
•You can even launch/destroy VMs inside OpenStack with Puppet
• http://forge.puppetlabs.com/puppetlabs/node_openstack
T I T L E : PA I N L E S S O P E N S TA C K D E P L O Y M E N T S P O W E R E D B Y P U P P E T C O N F I D E N T I A L & P R O P R I E TA R Y 15
D AT E : July 5 2012
© 2012 Morphlabs Inc. All Rights Reserved
- 16. Speaking of starting...
•You have some hardware, now what?
• You probably don’t want to start with a boot from your favorite distro CD (unless
you’re just starting down this road...)
•Provisioning tools
• Razor from Puppet Labs
• MAAS and Juju from Canonical/Ubuntu
• Crowbar from Dell
T I T L E : PA I N L E S S O P E N S TA C K D E P L O Y M E N T S P O W E R E D B Y P U P P E T C O N F I D E N T I A L & P R O P R I E TA R Y 16
D AT E : July 5 2012
© 2012 Morphlabs Inc. All Rights Reserved
- 17. Crowbar FTW!
•The Crowbar team has been solving deployment problems for years
• IPMI config
• RAID config
• BIOS updates
•The framework is flexible, so you can make it do what you want...
•WAIT! Doesn’t Crowbar use Chef for config management?
• Yes, that’s true
• Puppet will soon be an option
• (If there’s demand, CFEngine will likely be an option in the not too distant
future!)
•Also, we have a pretty good relationship with Dell in general
• (Come to OSCON, and I’ll be able to say more!)
T I T L E : PA I N L E S S O P E N S TA C K D E P L O Y M E N T S P O W E R E D B Y P U P P E T C O N F I D E N T I A L & P R O P R I E TA R Y 17
D AT E : July 5 2012
© 2012 Morphlabs Inc. All Rights Reserved
- 18. Provisioning continued
•We’ve got Ubuntu 12.04 Server installed on all the nodes in the environment
•The network config is good to go
• Static IPs, correct route, DNS, NTP, and access to the Internet
•Our deployer added nothing but the puppet agent and a config file pointing
back to our puppetmaster
•Puppet takes over from here (and it’s incredibly uneventful!)
• On our puppet server, we note the few unique facts:
mcloud:
node_type: mcloud-compute
controller_name: mc.my-controller-url.net
controller_ip: 10.99.3.1
storage_ip: 10.99.255.3
release_environment: 302p03
web_client_listeners: 5
networking:
external_interface: eth1
internal_interface: br100
external_ip: 10.172.100.29
internal_ip: 10.99.100.29
T I T L E : PA I N L E S S O P E N S TA C K D E P L O Y M E N T S P O W E R E D B Y P U P P E T C O N F I D E N T I A L & P R O P R I E TA R Y 18
D AT E : July 5 2012
© 2012 Morphlabs Inc. All Rights Reserved
- 19. Speaking of facts
Facter is a standalone tool based on Ruby that provides system information in “key
=> value” pairs
architecture => amd64
domain => la.morphlabs.net
facterversion => 1.6.7
fqdn => some-url.net
hardwareisa => x86_64
hardwaremodel => x86_64
hostname => server
interfaces => eth0,eth1,lo
ipaddress => 10.123.254.251
ipaddress_eth0 => 10.123.254.251
kernel => Linux
kernelrelease => 3.2.0-22-generic
lsbdistcodename => precise
lsbdistdescription => Ubuntu 12.04 LTS
lsbdistid => Ubuntu
lsbdistrelease => 12.04
lsbmajdistrelease => 12
macaddress => 00:30:41:f5:aa:74
macaddress_eth0 => 00:30:41:f5:aa:74
macaddress_eth1 => 00:30:41:f5:aa:75
memoryfree => 12.61 GB
memorysize => 15.67 GB
memorytotal => 15.67 GB
netmask => 255.255.0.0
netmask_eth0 => 255.255.0.0
T I T L E : PA I N L E S S O P E N S TA C K D E P L O Y M E N T S P O W E R E D B Y P U P P E T C O N F I D E N T I A L & P R O P R I E TA R Y 19
D AT E : July 5 2012
© 2012 Morphlabs Inc. All Rights Reserved
- 20. Typical manifest
class openstack::glance {
package { ["glance", "glance-registry", "glance-common", "glance-client", "glance-api", "python-
glance"]:
ensure => $::glance_version;
}
}
class openstack::glance::services {
#Make sure perms are correct
exec{"/bin/chown -R glance:glance /etc/glance /var/lib/glance":
alias => glance_set_perms,
}
service { "glance-api":
ensure => running,
provider => upstart,
require => Exec[glance_set_perms],
}
service { "glance-registry":
ensure => running,
provider => upstart,
require => Exec[glance_set_perms],
}
}
.
.
.
T I T L E : PA I N L E S S O P E N S TA C K D E P L O Y M E N T S P O W E R E D B Y P U P P E T C O N F I D E N T I A L & P R O P R I E TA R Y 20
D AT E : July 5 2012
© 2012 Morphlabs Inc. All Rights Reserved
- 21. Process
•All the manifests are in git repos
• One for the manifests
• One for the environments
•For standalone, we use the same manifests
•We use “no-op” mode to simulate changes (no surprises!)
•Updating environments is safe (but not foolproof)
•Can package the update as a deb to be run standalone
• Transparency (no sneaky back-doors)
T I T L E : PA I N L E S S O P E N S TA C K D E P L O Y M E N T S P O W E R E D B Y P U P P E T C O N F I D E N T I A L & P R O P R I E TA R Y 21
D AT E : July 5 2012
© 2012 Morphlabs Inc. All Rights Reserved
- 22. An alternative
•Dodai-Deploy
• Deployment tool
• Uses Puppet
• Easier than doing this all by hand
•https://github.com/nii-cloud/dodai-deploy/
•You can spin up deployer with one line
•curl https://raw.github.com/nii-cloud/dodai-deploy/master/
setup-env/setup-all-in-one.sh | sudo sh
T I T L E : PA I N L E S S O P E N S TA C K D E P L O Y M E N T S P O W E R E D B Y P U P P E T C O N F I D E N T I A L & P R O P R I E TA R Y 22
D AT E : July 5 2012
© 2012 Morphlabs Inc. All Rights Reserved
- 23. Challenges (the parts that suck)
•Surprisingly few!
• Provided you put in the work to test your assertions
•Rollbacks are not always painless
• We try to avoid at all cost (but that’s what everyone does right?)
•Direct remote access is rare
• - Enterprise corps are not very trusting
• + The less access we have, the lower our risk
•We have too much work to do
• Which brings me to my last slide
T I T L E : PA I N L E S S O P E N S TA C K D E P L O Y M E N T S P O W E R E D B Y P U P P E T C O N F I D E N T I A L & P R O P R I E TA R Y 23
D AT E : July 5 2012
© 2012 Morphlabs Inc. All Rights Reserved
- 24. Morphlabs is hiring!
•We’re looking for excellent Sysadmins!
•We’re looking for excellent Python devs!
•Send your details to doc@morphlabs.com
• Thank you!
T I T L E : PA I N L E S S O P E N S TA C K D E P L O Y M E N T S P O W E R E D B Y P U P P E T C O N F I D E N T I A L & P R O P R I E TA R Y 24
D AT E : July 5 2012
© 2012 Morphlabs Inc. All Rights Reserved