OpenStack Magnum 2016-08-04

OPENSTACK MAGNUMAdrian Otto, Distinguished Architect

MORE COMPUTE

CONTAINERS ARE DISRUPTIVE

An easy-to-use and instant-on

native container environment.

getcarina.com Free Beta available today.

EARLY ACCESS BY INVITATIONCarina on your own Rackspace Private Cloud

5

Our Containers Exper t ise

6

7

Outl ine

Container Orchestration EnginesWhy different orchestration engines exist for containers, and where they shine.

MagnumWhat Magnum is all about.

Managing Container Clusters with MagnumCLI Usage, and demonstration video

ReviewQuestions and Answers

OP

EN

STA

CK

S

ER

VIC

ES

KeystoneGlanceNova

NeutronSwiftCinder Designate Ironic

HorizonBarbicanCielometer

SaharaTroveHeat Magnum Marconi Murano

Layer 4: Consumption Services

Layer 3: Optional Enhancements

Layer 2: Extended Infrastructure

Layer 1: Base Compute Infrastructure

Solum

BARE METALVM

DOCKER

OPENSTACK

KUBERNETES

MESOS

MAGNUM

DOCKER API

K8S API

MAGNUM OVERVIEW

OpenStack Magnum’s Top Contr ibutors

10

Cloud operators assume a r isk when select ing a s ingle c loud technology today… but OpenStack is d i f ferent .

11

Magnum Dif ferent iators

12

Fundamental Design Goal

Docker Swarm, Kubernetes, Mesos

VM or Bare Metal

SSO Experience for Cloud Users

Multi-Tenant Control and Data Planes

Choice of COE

Choice of Server Flavor

Integrated with OpenStack

13

Outl ine

Container Orchestration EnginesWhy different orchestration engines exist for containers, and where they shine.

MagnumWhat Magnum is all about.

Managing Container Clusters with MagnumCLI Usage, and demonstration video

ReviewQuestions and Answers

DOCKER SWARMSwarm Manager

Swarm Node

Docker Client

Docker Daemon

Swarm Node

Docker Daemon

Swarm Node

Docker Daemon

Swarm Daemon

Discovery Service

KUBERNETES

Node

Docker

Kubelet Proxy

REST API

AuthScheduler

Node

Docker

Kubelet Proxy

Node

Docker

Kubelet Proxy

APACHE MESOSMesos Master

StandbyZK

StandbyZK

Mesos Slave

Framework A

Executor

Task

Mesos Slave

Framework B

Executor

Task

LeaderZK

17

Outl ine

Container Orchestration EnginesWhy different orchestration engines exist for containers, and where they shine.

MagnumWhat Magnum is all about.

Managing Container Clusters with MagnumCLI Usage, and demonstration video

ReviewQuestions and Answers

OPENSTACK MAGNUM

MANAGING CLUSTERS

Magnum and Rackspace Private Cloud: OpenStack

What is Magnum?

• Magnum is an OpenStack API that allows the use of your keystone credentials.

• Magnum is designed from the ground-up to be multi-tenant in both the cloud’s data plane and control plane.

• Magnum allows for different container cluster types to be simultaneously run side-by-side in the same cloud account, by the same tenant.

• Clusters are isolated from each other using groups of nova instances.

• When you want to upgrade your container runtime, you simply create a new cluster.

HOW IS THIS DIFFERENT THAN JUST RUNNING KUBERNETES OR DOCKER SWARM?

An OpenStack API Service that allows creation of container clusters

19

Terminology (1/4)

COE

Container Orchestration Engine. Examples: Docker Swarm, Kubernetes, Apache Mesos.

20

Terminology (2/4)

Bay == COE Cluster

A Bay is an API resource in OpenStack Magnum that is composed of nova instances, neutron networks, security groups, and other resources combined using a heat stack. This is where your Container Orchestration Engine (COE) runs.

Bays may be scaled up or down by adding or removing nodes from them. Heat facilitates the setup and scaling of Bays.

21

Bay Bay Bay

COE COE COE

Nova instance

Nova instance

Nova instance

Nova instance

Nova instance

Nova instance

Terminology (3/4)

BayModel (ClusterModel)

A BayModel is a template used for creating a Bay resource. It contains information that is common among all bays that are instantiated from it. Each one has a pre-defined type (swarm, kubernetes, mesos, etc.).

22

BayModel Bay

Bay

Bay

Terminology (4/4)

Native Client

The client distributed with the COE. For example “docker” or “kubectl”. A native client is not an OpenStack Client. It uses TLS to authenticate with the COE.

23

Bay

COE

Nova instance

Nova instance

Nova instance

Native Client

TLS

What you can do with Magnum

•CRUD on BayModels (baymodel-*) • Create, Modify, List, Show, Delete.

•CRUD on Bays (bay-*) • Create, Modify, List, Show, Delete.

•GET TLS CA Cert (ca-show) •Sign a TLS Cert (ca-sign)

•Service status (service-list)

24

Usage: magnum <subcommand>

<subcommands:> baymodel-create Create a baymodel. baymodel-delete Delete specified baymodel. baymodel-list Print a list of baymodels. baymodel-show Show details about the given baymodel. baymodel-update Updates one or more baymodel attributes. bay-create Create a bay. bay-delete Delete specified bay. bay-list Print a list of available bays. bay-show Show details about the given bay. bay-update Update information about the given bay. ca-show Show details about the CA certificate for a bay. ca-sign Generate the CA certificate for a bay. service-list Print a list of magnum services. help Display help about this program or one of its subcommands.

What you can NOT do with Magnum

•Any actions on containers. Native APIs and tools are used for this. •Docker Swarm (docker CLI) •Kubernetes (kubectl CLI)

25

Magnum provisions the cloud resources needed to run the COE of your choice, and then gets out of your way, allowing you to use prevailing tools to directly manage your containers.

Magnum Resources: BayModels and Bays

26

stack@demo:~$ magnum baymodel-show swarm+-----------------------+--------------------------------------+| Property | Value |+-----------------------+--------------------------------------+| insecure_registry | None || labels | {} || updated_at | 2016-08-02T20:47:29+00:00 || fixed_subnet | None || master_flavor_id | None || uuid | 209afb5a-fb3c-4fa2-8732-763cac7ee9e5 || no_proxy | None || https_proxy | None || tls_disabled | False || keypair_id | testkey || public | False || http_proxy | None || docker_volume_size | 5 || server_type | vm || external_network_id | public || cluster_distro | fedora-atomic || image_id | fedora-atomic-latest || volume_driver | None || registry_enabled | False || docker_storage_driver | devicemapper || apiserver_port | None || name | swarm || created_at | 2016-07-11T22:26:28+00:00 || network_driver | docker || fixed_network | None || coe | swarm || flavor_id | m1.small || master_lb_enabled | False || dns_nameserver | 8.8.8.8 |+-----------------------+--------------------------------------+

stack@demo:~$ magnum bay-show swarm_bay+--------------------+------------------------------------------------------------+| Property | Value |+--------------------+------------------------------------------------------------+| status | CREATE_COMPLETE || uuid | c9bb18c3-07a3-4e82-a545-a21e2e5ddea7 || stack_id | a9c97092-9556-4116-acb7-4fdb803766cd || status_reason | Stack CREATE completed successfully || created_at | 2016-08-02T20:51:15+00:00 || updated_at | 2016-08-02T20:52:43+00:00 || bay_create_timeout | 0 || api_address | https://172.24.4.14:2376 || baymodel_id | 209afb5a-fb3c-4fa2-8732-763cac7ee9e5 || master_addresses | ['172.24.4.16'] || node_count | 1 || node_addresses | ['172.24.4.15'] || master_count | 1 || discovery_url | https://discovery.etcd.io/ef6ba25bf1715a5200a3c3be4aee401b || name | swarm_bay |+--------------------+------------------------------------------------------------+

Create: 88 seconds

Glance Image

COE Type: swarm

Magnum Demo

27

Watch this video for a demo:

https://vimeo.com/177327412

Resource L i fecycle

28

CREATE_IN_PROGRESS

CREATE_COMPLETE

UPDATE_IN_PROGRESS

UPDATE_COMPLETE

DELETE_IN_PROGRESS

List BayModel Resources

$ magnum baymodel-list+--------------------------------------+------------+| uuid | name |+--------------------------------------+------------+| 209afb5a-fb3c-4fa2-8732-763cac7ee9e5 | swarm || 2e5ce644-2e2f-4182-a144-388b29bcaf29 | kubernetes |+--------------------------------------+------------+

29

Show a BayModel Resource

+-----------------------+--------------------------------------+| Property | Value |+-----------------------+--------------------------------------+| insecure_registry | None || labels | {} || updated_at | 2016-08-02T20:47:29+00:00 || fixed_subnet | None || master_flavor_id | None || uuid | 209afb5a-fb3c-4fa2-8732-763cac7ee9e5 || no_proxy | None || https_proxy | None || tls_disabled | False || keypair_id | testkey || public | False || http_proxy | None || docker_volume_size | 5 || server_type | vm || external_network_id | public || cluster_distro | fedora-atomic || image_id | fedora-atomic-latest || volume_driver | None || registry_enabled | False || docker_storage_driver | devicemapper || apiserver_port | None || name | swarm || created_at | 2016-07-11T22:26:28+00:00 || network_driver | docker || fixed_network | None || coe | swarm || flavor_id | m1.small || master_lb_enabled | False || dns_nameserver | 8.8.8.8 |+-----------------------+--------------------------------------+

30

$ magnum baymodel-show swarm

List Bay Resources

$ magnum bay-list+--------------------------------------+-----------+------------+--------------+-----------------+| uuid | name | node_count | master_count | status |+--------------------------------------+-----------+------------+--------------+-----------------+| fdc9e295-3c06-4a39-a26e-21bc32ae53e3 | k8s_bay | 2 | 1 | UPDATE_COMPLETE || 56f3a0b1-565d-4766-a3ca-978e6684b6f5 | swarm_bay | 1 | 1 | CREATE_COMPLETE |+--------------------------------------+-----------+------------+--------------+-----------------+

31

Show a Bay Resource

32

$ magnum bay-show swarm_bay+--------------------+------------------------------------------------------------+| Property | Value |+--------------------+------------------------------------------------------------+| status | UPDATE_COMPLETE || uuid | fdc9e295-3c06-4a39-a26e-21bc32ae53e3 || stack_id | b4a47913-b7dc-46a9-86cc-3060910d989e || status_reason | Stack UPDATE completed successfully || created_at | 2016-08-03T00:14:33+00:00 || updated_at | 2016-08-03T00:18:42+00:00 || bay_create_timeout | 0 || api_address | https://172.24.4.45:6443 || baymodel_id | 2e5ce644-2e2f-4182-a144-388b29bcaf29 || master_addresses | ['172.24.4.45'] || node_count | 2 || node_addresses | ['172.24.4.50', '172.24.4.51'] || master_count | 1 || discovery_url | https://discovery.etcd.io/2bb31d8950ab6081de0c006151a148a2 || name | k8s_bay |+--------------------+------------------------------------------------------------+

Creat ing a BayModel : Kubernetes

$ magnum baymodel-create --name kubernetes \ --image-id fedora-atomic-latest \ --keypair-id testkey \ --external-network-id public \ --dns-nameserver 8.8.8.8 \ --flavor-id m1.small \ --docker-volume-size 5 \ --network-driver flannel \ --coe kubernetes

33

Creat ing a Bay: Kubernetes

$ magnum bay-create --name k8s_bay --baymodel kubernetes --node-count 1

34

Creat ing a BayModel : Swarm

$ magnum baymodel-create --name swarm \ --image-id fedora-atomic-latest \ --keypair-id testkey \ --external-network-id public \ --dns-nameserver 8.8.8.8 \ --flavor-id m1.small \ --docker-volume-size 5 \ --network-driver flannel \ --coe swarm

35

Creat ing a Bay: Swarm

$ magnum bay-create --name swarm_bay --baymodel swarm --node-count 1

36

Scale a Bay: To two nodes

$ magnum bay-update k8s_bay replace node_count=2

37

Connect your nat ive docker c l ient

•Place cert files in client directory, and tell client where they are •Configure client to use a remote host with TLS

•Use api-address value from the Magnum bay resource

38

#!/bin/sh

BAY=${1-swarm_bay}CERT_DIR='/opt/stack/devstack/.docker'

mkdir -p $CERT_DIR; chmod 700 $CERT_DIR; cd $CERT_DIR

NODE_ADDRESS=$(magnum bay-show $BAY | grep node_address | cut -d "'" -f 2)

/usr/bin/scp -q -oStrictHostKeyChecking=no fedora@${NODE_ADDRESS}:/etc/docker/ca.crt ca.pem/usr/bin/scp -q -oStrictHostKeyChecking=no fedora@${NODE_ADDRESS}:/etc/docker/server.crt cert.pem/usr/bin/scp -q -oStrictHostKeyChecking=no fedora@${NODE_ADDRESS}:/etc/docker/server.key key.pem

echo "export DOCKER_HOST=$(magnum bay-show $BAY | grep api_address | cut -d '|' -f 3 | sed -e 's/ https/tcp/')"echo "export DOCKER_CERT_PATH=$CERT_DIR"echo "export DOCKER_TLS_VERIFY=1"

39

Outl ine

Container Orchestration EnginesWhy different orchestration engines exist for containers, and where they shine.

MagnumWhat Magnum is all about.

Managing Container Clusters with MagnumCLI Usage, and demonstration video

ReviewQuestions and Answers

Magnum CLI

$ magnum baymodel-list $ magnum bay-create --name k8s_bay --baymodel kubernetes --node-count 1 $ magnum bay-list $ magnum bay-update k8s_bay replace node_count=2 $ magnum bay-show k8s_bay

40

41

Summar y

Container Orchestration EnginesWhy different orchestration engines exist for containers, and where they shine.

MagnumWhat Magnum is all about.

Managing Container Clusters with MagnumCLI Usage, and demonstration video

ReviewQuestions and Answers

Python OpenStack EngineersC, C++ Linux Systems EngineersRuby DevOps Engineers

C#, .NET Java

Full Stack Developers Web Developers

JavaScript, CSS, HTML Software Developer in TestAngular.JS, Ember.js, Node.js Security Engineers

Restful/JSON/XML Data ScientistClosure, Scala, Erlang

Hadoop, MongoDB, MySQLSolutions Architects

Software Dev. ManagersStrategic Account Executive

Field Sales Specialist MS Azure SA, Virtualization & Support

Technical Trainer

We’re Hiring

O N E FA N AT I C A L P L A C E | S A N A N T O N I O , T X 7 8 2 1 8

U S S A L E S : 1 - 8 0 0 - 9 6 1 - 2 8 8 8 | U S S U P P O R T: 1 - 8 0 0 - 9 6 1 - 4 4 5 4 | W W W . R A C K S PA C E . C O M | W W W . G E T C A R I N A . C O M

© RAC K S PAC E LT D . | RAC K S PAC E® AN D FAN AT I C AL S U P P ORT ® ARE S ERV I C E M ARK S OF RAC K S PAC E U S , I N C . REG I ST ERED I N T HE U N I T ED STAT ES AN D OT HER C OU N T RI ES . | W W W.RAC KS PAC E .C OM

Thank you