OPENSTACK MAGNUM Adrian Otto, Distinguished Architect
7
Outl ine
Container Orchestration EnginesWhy different orchestration engines exist for containers, and where they shine.
MagnumWhat Magnum is all about.
Managing Container Clusters with MagnumCLI Usage, and demonstration video
ReviewQuestions and Answers
OP
EN
STA
CK
S
ER
VIC
ES
KeystoneGlanceNova
NeutronSwiftCinder Designate Ironic
HorizonBarbicanCielometer
SaharaTroveHeat Magnum Marconi Murano
Layer 4: Consumption Services
Layer 3: Optional Enhancements
Layer 2: Extended Infrastructure
Layer 1: Base Compute Infrastructure
Solum
Cloud operators assume a r isk when select ing a s ingle c loud technology today… but OpenStack is d i f ferent .
11
Magnum Dif ferent iators
12
Fundamental Design Goal
Docker Swarm, Kubernetes, Mesos
VM or Bare Metal
SSO Experience for Cloud Users
Multi-Tenant Control and Data Planes
Choice of COE
Choice of Server Flavor
Integrated with OpenStack
13
Outl ine
Container Orchestration EnginesWhy different orchestration engines exist for containers, and where they shine.
MagnumWhat Magnum is all about.
Managing Container Clusters with MagnumCLI Usage, and demonstration video
ReviewQuestions and Answers
DOCKER SWARMSwarm Manager
Swarm Node
Docker Client
Docker Daemon
Swarm Node
Docker Daemon
Swarm Node
Docker Daemon
Swarm Daemon
Discovery Service
KUBERNETES
Node
Docker
Kubelet Proxy
REST API
AuthScheduler
Node
Docker
Kubelet Proxy
Node
Docker
Kubelet Proxy
APACHE MESOSMesos Master
StandbyZK
StandbyZK
Mesos Slave
Framework A
Executor
Task
Mesos Slave
Framework B
Executor
Task
LeaderZK
17
Outl ine
Container Orchestration EnginesWhy different orchestration engines exist for containers, and where they shine.
MagnumWhat Magnum is all about.
Managing Container Clusters with MagnumCLI Usage, and demonstration video
ReviewQuestions and Answers
What is Magnum?
• Magnum is an OpenStack API that allows the use of your keystone credentials.
• Magnum is designed from the ground-up to be multi-tenant in both the cloud’s data plane and control plane.
• Magnum allows for different container cluster types to be simultaneously run side-by-side in the same cloud account, by the same tenant.
• Clusters are isolated from each other using groups of nova instances.
• When you want to upgrade your container runtime, you simply create a new cluster.
HOW IS THIS DIFFERENT THAN JUST RUNNING KUBERNETES OR DOCKER SWARM?
An OpenStack API Service that allows creation of container clusters
19
Terminology (1/4)
COE
Container Orchestration Engine. Examples: Docker Swarm, Kubernetes, Apache Mesos.
20
Terminology (2/4)
Bay == COE Cluster
A Bay is an API resource in OpenStack Magnum that is composed of nova instances, neutron networks, security groups, and other resources combined using a heat stack. This is where your Container Orchestration Engine (COE) runs.
Bays may be scaled up or down by adding or removing nodes from them. Heat facilitates the setup and scaling of Bays.
21
Bay Bay Bay
COE COE COE
Nova instance
Nova instance
Nova instance
Nova instance
Nova instance
Nova instance
Terminology (3/4)
BayModel (ClusterModel)
A BayModel is a template used for creating a Bay resource. It contains information that is common among all bays that are instantiated from it. Each one has a pre-defined type (swarm, kubernetes, mesos, etc.).
22
BayModel Bay
Bay
Bay
Terminology (4/4)
Native Client
The client distributed with the COE. For example “docker” or “kubectl”. A native client is not an OpenStack Client. It uses TLS to authenticate with the COE.
23
Bay
COE
Nova instance
Nova instance
Nova instance
Native Client
TLS
What you can do with Magnum
•CRUD on BayModels (baymodel-*) • Create, Modify, List, Show, Delete.
•CRUD on Bays (bay-*) • Create, Modify, List, Show, Delete.
•GET TLS CA Cert (ca-show) •Sign a TLS Cert (ca-sign)
•Service status (service-list)
24
Usage: magnum <subcommand>
<subcommands:> baymodel-create Create a baymodel. baymodel-delete Delete specified baymodel. baymodel-list Print a list of baymodels. baymodel-show Show details about the given baymodel. baymodel-update Updates one or more baymodel attributes. bay-create Create a bay. bay-delete Delete specified bay. bay-list Print a list of available bays. bay-show Show details about the given bay. bay-update Update information about the given bay. ca-show Show details about the CA certificate for a bay. ca-sign Generate the CA certificate for a bay. service-list Print a list of magnum services. help Display help about this program or one of its subcommands.
What you can NOT do with Magnum
•Any actions on containers. Native APIs and tools are used for this. •Docker Swarm (docker CLI) •Kubernetes (kubectl CLI)
25
Magnum provisions the cloud resources needed to run the COE of your choice, and then gets out of your way, allowing you to use prevailing tools to directly manage your containers.
Magnum Resources: BayModels and Bays
26
stack@demo:~$ magnum baymodel-show swarm+-----------------------+--------------------------------------+| Property | Value |+-----------------------+--------------------------------------+| insecure_registry | None || labels | {} || updated_at | 2016-08-02T20:47:29+00:00 || fixed_subnet | None || master_flavor_id | None || uuid | 209afb5a-fb3c-4fa2-8732-763cac7ee9e5 || no_proxy | None || https_proxy | None || tls_disabled | False || keypair_id | testkey || public | False || http_proxy | None || docker_volume_size | 5 || server_type | vm || external_network_id | public || cluster_distro | fedora-atomic || image_id | fedora-atomic-latest || volume_driver | None || registry_enabled | False || docker_storage_driver | devicemapper || apiserver_port | None || name | swarm || created_at | 2016-07-11T22:26:28+00:00 || network_driver | docker || fixed_network | None || coe | swarm || flavor_id | m1.small || master_lb_enabled | False || dns_nameserver | 8.8.8.8 |+-----------------------+--------------------------------------+
stack@demo:~$ magnum bay-show swarm_bay+--------------------+------------------------------------------------------------+| Property | Value |+--------------------+------------------------------------------------------------+| status | CREATE_COMPLETE || uuid | c9bb18c3-07a3-4e82-a545-a21e2e5ddea7 || stack_id | a9c97092-9556-4116-acb7-4fdb803766cd || status_reason | Stack CREATE completed successfully || created_at | 2016-08-02T20:51:15+00:00 || updated_at | 2016-08-02T20:52:43+00:00 || bay_create_timeout | 0 || api_address | https://172.24.4.14:2376 || baymodel_id | 209afb5a-fb3c-4fa2-8732-763cac7ee9e5 || master_addresses | ['172.24.4.16'] || node_count | 1 || node_addresses | ['172.24.4.15'] || master_count | 1 || discovery_url | https://discovery.etcd.io/ef6ba25bf1715a5200a3c3be4aee401b || name | swarm_bay |+--------------------+------------------------------------------------------------+
Create: 88 seconds
Glance Image
COE Type: swarm
Resource L i fecycle
28
CREATE_IN_PROGRESS
CREATE_COMPLETE
UPDATE_IN_PROGRESS
UPDATE_COMPLETE
DELETE_IN_PROGRESS
List BayModel Resources
$ magnum baymodel-list+--------------------------------------+------------+| uuid | name |+--------------------------------------+------------+| 209afb5a-fb3c-4fa2-8732-763cac7ee9e5 | swarm || 2e5ce644-2e2f-4182-a144-388b29bcaf29 | kubernetes |+--------------------------------------+------------+
29
Show a BayModel Resource
+-----------------------+--------------------------------------+| Property | Value |+-----------------------+--------------------------------------+| insecure_registry | None || labels | {} || updated_at | 2016-08-02T20:47:29+00:00 || fixed_subnet | None || master_flavor_id | None || uuid | 209afb5a-fb3c-4fa2-8732-763cac7ee9e5 || no_proxy | None || https_proxy | None || tls_disabled | False || keypair_id | testkey || public | False || http_proxy | None || docker_volume_size | 5 || server_type | vm || external_network_id | public || cluster_distro | fedora-atomic || image_id | fedora-atomic-latest || volume_driver | None || registry_enabled | False || docker_storage_driver | devicemapper || apiserver_port | None || name | swarm || created_at | 2016-07-11T22:26:28+00:00 || network_driver | docker || fixed_network | None || coe | swarm || flavor_id | m1.small || master_lb_enabled | False || dns_nameserver | 8.8.8.8 |+-----------------------+--------------------------------------+
30
$ magnum baymodel-show swarm
List Bay Resources
$ magnum bay-list+--------------------------------------+-----------+------------+--------------+-----------------+| uuid | name | node_count | master_count | status |+--------------------------------------+-----------+------------+--------------+-----------------+| fdc9e295-3c06-4a39-a26e-21bc32ae53e3 | k8s_bay | 2 | 1 | UPDATE_COMPLETE || 56f3a0b1-565d-4766-a3ca-978e6684b6f5 | swarm_bay | 1 | 1 | CREATE_COMPLETE |+--------------------------------------+-----------+------------+--------------+-----------------+
31
Show a Bay Resource
32
$ magnum bay-show swarm_bay+--------------------+------------------------------------------------------------+| Property | Value |+--------------------+------------------------------------------------------------+| status | UPDATE_COMPLETE || uuid | fdc9e295-3c06-4a39-a26e-21bc32ae53e3 || stack_id | b4a47913-b7dc-46a9-86cc-3060910d989e || status_reason | Stack UPDATE completed successfully || created_at | 2016-08-03T00:14:33+00:00 || updated_at | 2016-08-03T00:18:42+00:00 || bay_create_timeout | 0 || api_address | https://172.24.4.45:6443 || baymodel_id | 2e5ce644-2e2f-4182-a144-388b29bcaf29 || master_addresses | ['172.24.4.45'] || node_count | 2 || node_addresses | ['172.24.4.50', '172.24.4.51'] || master_count | 1 || discovery_url | https://discovery.etcd.io/2bb31d8950ab6081de0c006151a148a2 || name | k8s_bay |+--------------------+------------------------------------------------------------+
Creat ing a BayModel : Kubernetes
$ magnum baymodel-create --name kubernetes \ --image-id fedora-atomic-latest \ --keypair-id testkey \ --external-network-id public \ --dns-nameserver 8.8.8.8 \ --flavor-id m1.small \ --docker-volume-size 5 \ --network-driver flannel \ --coe kubernetes
33
Creat ing a Bay: Kubernetes
$ magnum bay-create --name k8s_bay --baymodel kubernetes --node-count 1
34
Creat ing a BayModel : Swarm
$ magnum baymodel-create --name swarm \ --image-id fedora-atomic-latest \ --keypair-id testkey \ --external-network-id public \ --dns-nameserver 8.8.8.8 \ --flavor-id m1.small \ --docker-volume-size 5 \ --network-driver flannel \ --coe swarm
35
Connect your nat ive docker c l ient
•Place cert files in client directory, and tell client where they are •Configure client to use a remote host with TLS
•Use api-address value from the Magnum bay resource
38
#!/bin/sh
BAY=${1-swarm_bay}CERT_DIR='/opt/stack/devstack/.docker'
mkdir -p $CERT_DIR; chmod 700 $CERT_DIR; cd $CERT_DIR
NODE_ADDRESS=$(magnum bay-show $BAY | grep node_address | cut -d "'" -f 2)
/usr/bin/scp -q -oStrictHostKeyChecking=no fedora@${NODE_ADDRESS}:/etc/docker/ca.crt ca.pem/usr/bin/scp -q -oStrictHostKeyChecking=no fedora@${NODE_ADDRESS}:/etc/docker/server.crt cert.pem/usr/bin/scp -q -oStrictHostKeyChecking=no fedora@${NODE_ADDRESS}:/etc/docker/server.key key.pem
echo "export DOCKER_HOST=$(magnum bay-show $BAY | grep api_address | cut -d '|' -f 3 | sed -e 's/ https/tcp/')"echo "export DOCKER_CERT_PATH=$CERT_DIR"echo "export DOCKER_TLS_VERIFY=1"
39
Outl ine
Container Orchestration EnginesWhy different orchestration engines exist for containers, and where they shine.
MagnumWhat Magnum is all about.
Managing Container Clusters with MagnumCLI Usage, and demonstration video
ReviewQuestions and Answers
Magnum CLI
$ magnum baymodel-list $ magnum bay-create --name k8s_bay --baymodel kubernetes --node-count 1 $ magnum bay-list $ magnum bay-update k8s_bay replace node_count=2 $ magnum bay-show k8s_bay
40
41
Summar y
Container Orchestration EnginesWhy different orchestration engines exist for containers, and where they shine.
MagnumWhat Magnum is all about.
Managing Container Clusters with MagnumCLI Usage, and demonstration video
ReviewQuestions and Answers
Python OpenStack EngineersC, C++ Linux Systems EngineersRuby DevOps Engineers
C#, .NET Java
Full Stack Developers Web Developers
JavaScript, CSS, HTML Software Developer in TestAngular.JS, Ember.js, Node.js Security Engineers
Restful/JSON/XML Data ScientistClosure, Scala, Erlang
Hadoop, MongoDB, MySQLSolutions Architects
Software Dev. ManagersStrategic Account Executive
Field Sales Specialist MS Azure SA, Virtualization & Support
Technical Trainer
We’re Hiring
O N E FA N AT I C A L P L A C E | S A N A N T O N I O , T X 7 8 2 1 8
U S S A L E S : 1 - 8 0 0 - 9 6 1 - 2 8 8 8 | U S S U P P O R T: 1 - 8 0 0 - 9 6 1 - 4 4 5 4 | W W W . R A C K S PA C E . C O M | W W W . G E T C A R I N A . C O M
© RAC K S PAC E LT D . | RAC K S PAC E® AN D FAN AT I C AL S U P P ORT ® ARE S ERV I C E M ARK S OF RAC K S PAC E U S , I N C . REG I ST ERED I N T HE U N I T ED STAT ES AN D OT HER C OU N T RI ES . | W W W.RAC KS PAC E .C OM
Thank you