Containerized OpenStack: Preview Inside

Session TUT1273April 2019

T. R. Bosworth- Senior Product Manager Arun Kant - Senior Software Engineer tbosworth@suse.com akant@suse.com

2

Agenda

• Introduction to Containerized OpenStack• Airship Open Source Project • Technology Preview• Demo• Questions

What is it?• OpenStack services (e.g., Nova, Keystone, Neutron) packaged to run in containers as

opposed to running as processes on bare metal• Kubernetes installed onto bare metal, with OpenStack deployed within containers using

Helm Charts• Airship open source project foundation for lifecycle management

Why are we introducing it?• Containers are more lightweight than VMs and easier to start up and terminate

• OpenStack environment faster to start up and scale• Easier to separate individual OpenStack projects

• Easier to scale individual components up and down• Upgrades of individual components become easier

• Leverage Kubernetes’ built-in HA• Designing a self-healing environment becomes simpler

• Securing individual services and components becomes easier, due to container isolation

Containerized OpenStack Tech Preview

Cloud 9 Containerized OpenStack

4

Tech Preview • Separately delivered – In parallel with Cloud 9 delivery• Mandatory milestone for Cloud 10 roadmap• Unification of Lifecycle Management• Based on upstream Airship project

• SUSE Manager Integration Investigation – SUSE Manager Team• Target for Delivery – May 2019• Details linked from the Cloud 9 Beta page

https://www.suse.com/betaprogram/cloud-beta/

We need your Feedback!

What Is Airship?

5

• Full Lifecycle Management of Data Center Infrastructure using Containerized OpenStack

• Uses OpenStack-Helm to Deploy OpenStack on a Kubernetes Infrastructure

SUSE Manager UI

Deployer

SUSE Linux

Cloud Lifecycle Management AirshipContainerized Deployment

6

YAMLConfiguration

• Leverages Community Tools to Deploy OpenStack in a Kubernetes Infrastructure.

• SUSE Simplified Overrides Accelerates Deployment• Selected Set of Airship Services

SUSE Simplified Overrides

Shipyard

Airship Components UCP

Deckhand

Pegleg Armada

CaaSPAdmin

CCP Repo

CaaSP – Kubernetes Cluster

Node 1Control

Node 2Control

Node 3Control

Node 4Compute

Node 5Compute

Node 6Compute

Keystone

Swift

Horizon

Glance

Libvirt

Nova

Neutron

Cinder

Heat

Barbican

RabbitMQ

MariaDB

Ironic

kvm kvm kvm

Deployer delivers components Airship runs as containers in the cluster

Lifecycle Upgrade Paths / Unification Plan

2018 2019 2020

Cloud 8Crowbar

Cloud 8CLM

Cloud 8 Cloud 9 Cloud 10

Cloud 9Crowbar

Cloud 9CLM

Cloud 9CCP Tech

PR

Cloud 10CCP

SUSE OpenStack Cloud 10 Containerized Control Plane requires Lifecycle Manager conversion

Provide Migration Path in Cloud 9 for both flavors Allows single customer conversion to CCP in Cloud 10 Lifecycle Manager is more aligned with Upstream

HOS 8CLM

8

SUSE Linux

Deployer

Image RegistrySUSE MicroOS

Airship UCP | Openstack CP

Docker Kubelet

CaaSPSOC Site Manifests

Helm

SOCOK8s

Tiller

Armada

Shipyard

Deckhnad

Pegleg

Keystone

HorizonGlance

NeutronN

ovaCinderHeat

MariaDB

RabbitMQ

SUSE MicroOS

Compute Hosts

Docker Kubelet

CaaSP

Nova com

pute

Ingress

Libvirt

OVS

SES Hosts

CCP Deployment on Existing CaaSP and SES

9

SUSE Linux

Deployer

Image Registry SUSE MicroOS

Host

Docker Kubelet

CaaSP

SOC Site Manifests

Helm

SOCOK8s (final name?)

SES AIO

CCP Deployment – What if I Don’t Already Have K8S?

CaaSP Heat

templates

CaaSP V3SES V5.5

10

SUSE Linux

Deployer

Image Registry

SOC Site Manifests

Helm

SOCOK8s (final name?)

Declarative and Repetitive Cloud InfrastructureHelm charts

Overrides

Container Images

Profiles

Security PolicyNetwork

Storage Host

11

One Workflow for Lifecycle ManagementUse Case 1: Scale out Control Plane

SUSE Linux

Deployer

Image RegistrySUSE MicroOS

Control Worker 1

Docker Kubelet

CaaSP

SOC Site Manifests

Helm

SOCOK8s

Armada

ShipyardDeckhnad

Pegleg

KeystoneHorizonGlanceN

eutronN

ovaCinder

SUSE MicroOS

Compute Host

Docker Kubelet

CaaSP

Nova com

pute

Ingress

Libvirt

Neutron O

VS

SES Hosts

SUSE MicroOS

Worker 2

Docker Kubelet

CaaSP

SUSE MicroOS

Worker 3

Docker Kubelet

CaaSP

HeatM

ariaDBRabbitM

Q

“Before”Single Node Demo Control Plane

12

One Workflow for Lifecycle ManagementUse Case 1: Scale out Control Plane

SUSE Linux

Deployer

Image RegistrySUSE MicroOS

Control Worker 1

Docker Kubelet

CaaSP

SOC Site Manifests

Helm

SOCOK8s

Armada

ShipyardDeckhnad

Pegleg

KeystoneHorizonGlanceN

eutronN

ovaCinder

SUSE MicroOS

Compute Host

Docker Kubelet

CaaSP

Nova com

pute

Ingress

Libvirt

Neutron O

VS

SES Hosts

SUSE MicroOS

Control Worker 2

Docker Kubelet

CaaSP

SUSE MicroOS

Control Worker 3

Docker Kubelet

CaaSP

HeatM

ariaDBRabbitM

Q

“After”Three Node HA Control Plane

Armada

ShipyardDeckhnad

Pegleg

KeystoneHorizonGlanceN

eutronN

ovaCinder

IngressHeat

MariaDB

RabbitMQ

Armada

ShipyardDeckhnad

Pegleg

KeystoneHorizonGlanceN

eutronN

ovaCinder

IngressHeat

MariaDB

RabbitMQ

13

One Workflow for Lifecycle ManagementUse Case 2: Expand Compute Capacity

SUSE Linux

Deployer

RegistrySUSE MicroOS

Control Worker 1

Docker Kubelet

CaaSP

SOC Site Manifests

Helm

SOCOK8s

Armada

ShipyardDeckhnad

Pegleg

KeystoneHorizonGlanceN

eutronN

ovaCinder

SUSE MicroOS

Compute Host

Docker Kubelet

CaaSP

Nova com

pute

Ingress

Libvirt

Neutron O

VS

SUSE MicroOS

Control Worker 2

Docker Kubelet

CaaSP

SUSE MicroOS

Control Worker 3

Docker Kubelet

CaaSP

HeatM

ariaDBRabbitM

Q

Armada

ShipyardDeckhnad

Pegleg

KeystoneHorizonGlanceN

eutronN

ovaCinder

IngressHeat

MariaDB

RabbitMQ

Armada

ShipyardDeckhnad

Pegleg

KeystoneHorizonGlanceN

eutronN

ovaCinder

IngressHeat

MariaDB

RabbitMQ

SUSE MicroOS

Worker Node

Docker Kubelet

CaaSP

“Before”Spare Worker node

14

One Workflow for Lifecycle ManagementUse Case 2: Expand Compute Capacity

SUSE Linux

Deployer

RegistrySUSE MicroOS

Control Worker 1

Docker Kubelet

CaaSP

SOC Site Manifests

Helm

SOCOK8s

Armada

ShipyardDeckhnad

Pegleg

KeystoneHorizonGlanceN

eutronN

ovaCinder

SUSE MicroOS

Compute Host

Docker Kubelet

CaaSP

Nova com

pute

Ingress

Libvirt

Neutron O

VS

SUSE MicroOS

Control Worker 2

Docker Kubelet

CaaSP

SUSE MicroOS

Control Worker 3

Docker Kubelet

CaaSP

HeatM

ariaDBRabbitM

Q

Armada

ShipyardDeckhnad

Pegleg

KeystoneHorizonGlanceN

eutronN

ovaCinder

IngressHeat

MariaDB

RabbitMQ

Armada

ShipyardDeckhnad

Pegleg

KeystoneHorizonGlanceN

eutronN

ovaCinder

IngressHeat

MariaDB

RabbitMQ

“After”Additional Compute Host

SUSE MicroOS

Compute Host

Docker Kubelet

Nova com

pute

Libvirt

Neutron O

VS

CaaSP

15

One Workflow for Lifecycle ManagementUse Case 3: Upgrade Service from Pike to Queens

SUSE Linux

Deployer

RegistrySUSE MicroOS

Control Worker 1

Docker Kubelet

CaaSP

SOC Site Manifests

Helm

SOCOK8s

Armada

ShipyardDeckhnad

Pegleg

KeystoneHorizonGlanceN

eutronN

ovaCinder

IngressHeat

MariaDB

RabbitMQ

Resilience and Self-HealingWhat happens when a node is lost?

16

• Leverages Kubernetes HA

• Airship Can Redeploy Components on New Node

CaaSP – Kubernetes Cluster

Node 1Control

Node 2Control

Node 3Control

Node 4Compute

Node 5Compute

Node 6Compute

Keystone

Swift

Horizon

Glance

Libvirt

Nova

Neutron

Cinder

Heat

Barbican

RabbitMQ

MariaDB

Ironic

kvm kvm kvm

Cloud 9 Containerized OpenStack

Details Linked from the Cloud 9 Beta Pagehttps://www.suse.com/betaprogram/cloud-beta/

Coming to you soon.. May 2019

We need your Feedback!!!17

19

19

Unpublished Work of SUSE LLC. All Rights Reserved.This work is an unpublished work and contains confidential, proprietary and trade secret information of SUSE LLC. Access to this work is restricted to SUSE employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of SUSE. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.

General DisclaimerThis document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. SUSE makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for SUSE products remains at the sole discretion of SUSE. Further, SUSE reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All SUSE marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.