Heat up your stack

Heat up your StackRico LinChief OpenStack Technologist, inwinSTACK

IRC: ricolin #heatrico.l@inwinstack.com@ricolintw

Your HA OpenStack Architecture

Deploy Compute

Storage

Controller

HA

OpenStack

imageflavor

userrole

Port instance

Trove

Sahara

MuranoMagnum

keypairsubnet

networksecurity group

Project

load balance

container volumeFloating IP

volumealarm

imageflavor

userrole

Port instance

Trove

Sahara

MuranoMagnum

keypairsubnet

networksecurity group

Project

load balance

container volumeFloating IP

volumealarm

A Mess

But You Didn’t Know, It’s Happening...

Making It Right and Making It Fast!

imageflavor

userrole

Port instance

Trove

Sahara

MuranoMagnum

keypairsubnet

networksecurity group

Project

load balance

container volumeFloating IP

volumealarm

User Image Flavor Role Alarm Vloume

Port

Network

ContainerFloating

IP

Subnet

Load balance

Keypair

Security group

Instance

Vloume

Magnum

Trove

Sahara

Murano

ProjectUse Heat Resource to Redefine Old Resource

Create Stack for Default Resource Set

heat_template_version: 2015-04-30resources: image_for_cloudos: type: OS::Glance::Image properties: … image_for_ubuntu: type: OS::Glance::Image properties: … image_for_win7: type: OS::Glance::Image properties: …

Stack: images

Image Image

Image

Create Stack for Authorization Topology

Stack: Authorization

ProjectProject Role

Role User UserUser

Stack: Network_TopologyRouter

Create Stack for Network Topology

Network NetworkSubnet SubnetPort Port

Create Stack for Instance Topology

Stack: InstanceServerVolumeKeypair

Murano Magnum Trove

Sceurity GroupFloating IPLBaas

imageflavor

userrole

Port instance

Trove

Sahara

MuranoMagnum

keypairsubnet

networksecurity group

Project

load balance

container volumeFloating IP

volumealarm

User Image Flavor Role Alarm Vloume

Port

Network

ContainerFloating

IP

Subnet

Load balance

Keypair

Security group

Instance

Vloume

Magnum

Trove

Sahara

Murano

Project

Stack: NetworkTopology

Stack: Instance

Container

Authentication Image

security group

volume

Flavor Alarm volume

AuthorizationEverything Transform

to

Stack

Example: Create Instance

1 Operation8 Operations VS

Stack

port

Instance

security group

Volume

keypair

imagefloating IP

LBaas

Operations You Give, Mistake You’ll Make.

The More

imageflavor

userrole

Port instance

Trove

Sahara

MuranoMagnum

keypairsubnet

networksecurity group

Project

load balance

container volumeFloating IP

volumealarm

How many operations to draw this structure?!

Migration do

Happens...

Withdraw entire resources set by dependency

StackStack

StackStack

No Zombie Resources

StackStack

Stack

Same Resources Structure

StackStack

StackStack

New

Resources Structure on Horizon

Stack

Stack is Updatable

Stack

Get file from others, make control flow clean

type: OS::Heat::SoftwareConfig config:

get_file: script.sh

Stack

Script.sh

type: OS::Neutron::FloatingIP

depends_on: port_A

Set Dependency cross Resourcess

Stack

StackGet Resource Info Direct From Another Resource

type: OS::Nova::Server properties:

flavor: {

get_resource: flavor}

user_data: {

get_attr: [boot_config, config]}

type: Database_node.yaml properties: role: ...

network: ... flavor: ... image: ...

Nested Stack Make Management Easy

Stack

Stack

Whereare

Applications?

config: type: OS::Heat::SoftwareConfig group: ansible config: get_file: applicaton_deploy_flow.ansible deployment: ... server: ...

Application in Heat

Stack for Application

Image Server SoftwareConfigSoftwareDeployment ControlS

criptScript

server: type: OS::Nova::Server user_data_format: SOFTWARE_CONFIGconfig: ... deployment: ...

Application in Heat

Stack for Application

Image Server SoftwareConfig

SoftwareDeployment ControlScriptScript

deployment: type: OS::Heat::SoftwareDeployment config: get_resource: config server: get_resource: server config: … server: ...

Application in Heat

Stack for Application

Image Server SoftwareConfig

Script SoftwareDeployment ControlScript

Use cases - Ceph

Stack: Ceph

Image Server SoftwareConfig

SoftwareDeployment

Cephansible control scriptMe Too!

Ceph Ansiblescript

Hi, I pull from Ceph-ansible repo

Use cases - Ceph

Stack: Ceph

Image Server SoftwareConfig

SoftwareDeployment

Cephansible control script

Hi, Server!

Here is SoftwareConfig for you, and with parameter

(role= ceph-monitor)Go knock yourself out!!!

Ceph Ansiblescript

Use cases - ?

Stack

Image Server SoftwareConfig

?Ansiblescript SoftwareDeployment

?Ansible control script Ansible

Puppet

ScriptSalt

Kubelet

Cfn-initDocker-compose

Example: Application Deployment

1 Operation11 + ? Operations VS

Stack

Write config

Run Ansible port

Instance

security group

Volume

keypair

imagefloating IP

LBaas

Collect information for other instance

SoftwareConfig Flow

Image

script

Heat-engine

Nova

Server

os-collect-configos-refresh-configheat-configansible-hookansible-playbookAnsible files

os-apply-config

Clouds are noisy - servers fail to come up, or die when the underlying hypervisor crashes or suffers a power failure. Heat should be resilient and allow concurrent operations on any sized stack.

convergence_engine = True

Template Heat-API AMQP

Heat-engine

DB

Original Design

Ideal Design

Template Heat-API AMQP

Heat-engineAMQPDB

Hey worker this is resource, go create it!!

Worker

Observer

Current Convergency Design

Current Convergency Design

Template Heat-API AMQP

Heat-engine

AMQP(engine_worker)

Worker

DB

Where isObserver?

How it Interact between

Convergence Workers?

Traversal Graph

SyncPointA

SyncPointC

(C,A) => (requirer, required)

SyncPointB

(C,B)

SyncPointD

(D,C)

leaves

StackSyncPoint

*traversal_id*stack_id*entity_id*is_updateinput_dataatomic_key

Shall We Trace?

1. create_stack(): Parse template, Create Stack, Validate Stack, and Check Convergence status

Template Heat-API

Heat-engineHeat-engine

AMQP

Heat-engine

AMQP(engine_worker)

Heat-engine

WorkerWorker

Worker

Worker

DB

Stack

2. converge_stack(): Clear previous traversal sync_point on stack (if any)

Heat-engineHeat-engine

Heat-engine

AMQP(engine_worker)

Heat-engine

SyncPoint

Stack

DB

WorkerWorker

Worker

Worker

AMQPTemplate Heat-API

leaves

3. _converge_create_or_update():Create dependency and sync_point for traversal

Heat-engine

AMQP(engine_worker)

WorkerWorker

Worker

Worker

C

D

BA

SyncPoint

Stack

DB

4. check_resoruce():Load resource, check current_traversal is equal to stack’s current_traversal.

Also check timeout or finish

leaves

AMQP(engine_worker)

WorkerWorker

Worker

Worker

A

C

D

BA

SyncPoint

Stack

DB

5. _do_check_resoruce():Try to update or create resource, replace if upadate failed,

clearup from convergence if can’t get the lock

WorkerA

C

D

BA

SyncPoint

Stack

DB

leaves

6. check_resoruce_update():Create or update convergence base on action is initial or not

WorkerA

C

D

BA

SyncPoint

Stack

DB

leaves

7. create_convergence(): Create resource by invoking scheduler: TaskRunner

WorkerA

C

D

BA

SyncPoint

Stack

DB

leaves

8. create(): Handle resource create failure

WorkerA

C

D

BA

SyncPoint

Stack

DB

leaves

9. handle_create():Create resource

Worker

C

D

BA

SyncPoint

StackA

DB

leaves

5-9, 4. check_resoruce():Load next resource, check current_traversal is equal to stack’s current_traversal.

Go execute and check timeout or finish.

AMQP(engine_worker)

WorkerWorker

Worker

Worker

B

C

D

B

SyncPoint

StackA

DB

leaves

5-9, 4. check_resoruce():Load next resource, check current_traversal is equal to stack’s current_traversal.

Go execute and check timeout or finish.

AMQP(engine_worker)

WorkerWorker

Worker

Worker

C

DSyncPoint

StackA

CB

DB

leaves

5-9, 4. check_resoruce():Load next resource, check current_traversal is equal to stack’s current_traversal.

Go execute and check timeout or finish.

AMQP(engine_worker)

WorkerWorker

Worker

Worker

DSyncPoint

StackA

DDB

BC

leaves

3. _converge_create_or_update():Mark completed and purge Database

Heat-engine

AMQP(engine_worker)

WorkerSyncPoint

StackA

DB

BCD

WorkerWorkerWorker

So What Happens If Conflict?

Another Stcak Update Request Join?Stack SyncPoint will show which Stack traversal is current.

AMQP(engine_worker)Worker

Worker

C

DSyncPoint

Stack_a

AC

B

DB

Stack_aA

Hey, wrong traversal ID here!!

Me!?

leaves

Example: Mass Application Deployment

1 Operation

<20 Min.

> 50 Operations

>100 Min.VS

Stack

Heat Fleet’s sessions● inwinSTACK- Heat Up Your Stack - Deep Dive to Heat, Learn How to

Orchestrate Your Cloud - Wednesday, 11:15am● User/ops session for summit - Wednesday, 3:40pm● Extending OpenStack Heat to Orchestrate Security Policies and Network

Function Service Chains - Thursday, 9:50am● Why Reinvent the Wheel? - Using Murano, Heat, Container Clustering and

Ceilometer to Provide Auto--scaling and Enforce Self-Healing Best Practices in Applications - Thursday, 11:00am

● Heat, Cloud-init & Cloud-config: OpenStack Orchestration Deep Dive, Hands-On Lab - Thursday, 4:30pm

Q&A