Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Deploying OpenStack Using Docker in Production

1 096 vues

Publié le

Video of presentation can be found here: https://www.youtube.com/watch?v=3pc85InNR20

Time Warner Cable has been slowly deploying Dockerized OpenStack services in production since the Juno release. In this talk we'll share our real-world experiences with deploying OpenStack services in production with Docker

Publié dans : Technologie
  • Soyez le premier à commenter

  • Soyez le premier à aimer ceci

Deploying OpenStack Using Docker in Production

  1. 1. Deploying OpenStack Using Docker in Production
  2. 2. Overview • The Pain of Operating Openstack • Possible Solutions • Why Docker Works • Why Docker Doesn’t Work • Docker @ TWC • Lessons Learned
  3. 3. • Docker in production in July 2015 • First service was Designate • Added Heat, Nova and Keystone • Nova using Ceph and Solidfire Backends • Neutron in progress • Glance and Cinder later this year • Using Docker 1.10 and Docker Registry V2 Docker & OpenStack @ TWC
  4. 4. • Started with packages for deployments • Don’t like big-bang upgrades • Want to be able to carry local patches • Want to run mixed versions of services • Smaller upgrades, more often How Did We End Up Here?
  5. 5. Why Not Packages? • Built packages for Keystone • Worked for local patches • Worked for updating stable branches • Doesn’t work for mixed releases • Limited by distro python packaging • Packaging workflow is a pain • Packages slow down your workflow • Package may not exist yet
  6. 6. Why Not Python Virtual Envs? • Deployed Designate with Virtual Envs • Mirrored Python packages internally • Built Virtual Envs on servers • Was slow to deploy • Still have to install/manage non-Python deps
  7. 7. Why Docker?
  8. 8. Everyone Else Is Doing It?
  9. 9. • Reproducible builds • Easy to distribute artifacts • Contains all dependencies • Easy to install multiple versions of an image Why Docker?
  10. 10. • Restarting docker restarts containers • Intermittent bugginess • Complex services are hard to fit into Docker • Requires new tooling for build/deployment/etc Why Not Docker?
  11. 11. Docker @ TWC: Images • Building base images using debootstrap • Build openstack-dev image based on that –Contains all common deps • Image per OpenStack Service • Per service base requirements.txt and a frozen one • Frozen requirements.txt is used for image builds • Uses upper-constraints.txt for frozen requirements1 1. https://github.com/openstack/requirements/blob/master/upper-constraints.txt
  12. 12. Docker @ TWC: Image Tags • Tag should: –Identify OpenStack service version –Identify tooling version –Be automatically generated –Be unique
  13. 13. Docker @ TWC: Image Tags 5.0.1-9-g0441ca8.16.dd35404 5.0.1-9-g0441ca8 16 dd35404 git-describe for Heat Tooling # commits Tooling commit hash
  14. 14. Docker @ TWC: Image Distribution • Using Docker Registry V2 • Registry using file backend for local storage • Publish to master registry via Jenkins • Replicate to registry mirrors via rsync • Mirrors provide read-only access to images • No dependency on production environment
  15. 15. Docker @ TWC: Deployments • Images installed with puppet-docker • Managed with twc-openstack/os_docker • Worked with Puppet OpenStack project to add hooks for software and service management • The os_docker module uses these to extend OpenStack Puppet modules
  16. 16. Docker Registry Scaling • Docker recommends (almost requires) TLS for registry • We deploy to 20 hypervisors in parallel • 8 vCPU Docker Registry • Supports concurrent 40 pulls * 500mb images • Size your registry for concurrent pulls * image size
  17. 17. Beware Docker Networking • We use --net host for all containers • Many services *require* --net host • Docker always creates bridge and NAT rules • NAT rules aren’t tied to a specific interface • Docker picks unused network range –But can’t see VM IP addresses • Found this out on first Nova Compute deploy
  18. 18. OpenStack Upgrades With Docker • Allows upgrading single services! • Allows staging the upgrade images ahead of time • Not exciting
  19. 19. Why Not Kolla? • At the time didn’t meet our requirements: –Didn’t support plugins, no source build –These things are resolved, or being resolved • Great reference for running OpenStack with Docker • Recommended
  20. 20. Questions? Clayton O’Neill – clayton.oneill@twcable.com – IRC: clayton – Twitter: @clayton_oneill Eric Peterson –eric.peterson1@twcable.com –IRC: ducttape_ –Twitter: @_ducttape