Embed Size (px)
Citation preview
OpenStack Magnum Project
Container as a Service
Ton Ngo
3/8/16
How to create containers in OpenStack
Alternatives for containers
pros cons
Nova Docker driver • leverage VM asbtraction • mismatch in abstraction for server and process
Heat Docker resource • simple interface to docker client
• lags Docker advances• no longer in development
Heat Software Config • leverage existing heat feature • not a first class object
Magnum • container orchestrationengine
• container as first class object
• new service in OpenStack
2
Container vs VM (source Adrian Otto)
3
Why Magnum?Key Features that Simplify Container/OpenStack Integration
• Simplified Support for Multi-Tenant Containers
• Ease of Utilization/Integration with OpenStack Services
• Out of box integration with Kubernetes, Swarm, Mesos
• Security (TLS): allows secured access to Kubernetes, Swarm, Mesos
• Auto scaling support that spans Hosts/VMs and containers
How Magnum fits into OpenStack (source Adrian Otto)
Layer 4: Consumption Services
Layer 3: Optional Enhancements
Layer 2: Extended Infrastructure
Layer 1: Base Compute Infrastructure
5
Heat Magnum Marconi Murano Trove Sahara Solum
Ceilometer
Cinder
Nova
Barbican Horizon
Swift
Glance Keystone
Neutron Designate Ironic
Integration with OpenStack
• Container Orchestration Engines leverage OpenStack services:– nova: vm, bare metal
– heat: orchestration
– glance: image
– cinder: storage for containers, persistent storage
– keystone: authentication
– barbican: certificate, stored secret for TLS
– neutron: network, subnet, router, load balancer
– senlin: clustering for autoscaling
• Magnum interfaces:– Rest API
– Client
– Native client from container orchestrator
6
Magnum Operation
• Create/manage container orchestration engines (baymodel/bay)
– Docker Swarm
– Kubernetes
– Mesos
• Create/manage containers
• Use Heat templates
• Host cluster on VM’s or bare metal
7
Architecture
8
Swarm bay
9
Master
Node Node Node
swarm daemon
Docker daemon
Docker daemon
Docker daemon
etcd discovery
client
Kubernetes bay
10
Master
Node
kube-apiserver
Docker daemon
kubectl
kubelet kube-proxy
kube-scheduler
kube-controllermanager
Node
Docker daemon
kubelet kube-proxy
Node
Docker daemon
kubelet kube-proxy
etcd discovery
flannel overlay
Mesos bay
11
Master
Node
leader
MarathonFramework
zookeeperstandby
standby
Executor
tasktask
NodeMarathon
Framework
Executor
tasktask
NodeMarathon
Framework
Executor
tasktask
Networking for Kubernetes bay
12
router
private network
nodenova instance
nodenova instance
masternova instance
floating IP
public network
eth0
floating IP
eth0 eth0
router interface
private subnet dns
load balancerload balancer
New Features in Liberty Release (11/2015)
Mesos Bay Type (Multi-Tenancy)
Secure Bays (TLS) External Load Balancer Multi-MasterKubernetes
• Apache Mesos• Marathon Framework• REST API
• TLS Between Magnum Client and Magnum API
• TLS Between BayMaster and Minion/Slave/Worker
• Certificategeneration/signing
• docker / kubectl TLSinteroperability
• Neutron LBaaSIntegration
• Automatically add orremove nodes fromNeutron LB whenKubernetes bay is scaled
• Easy setup ofmultimasterconfiguration for Kubernetes
• Suitable for HAconfigurations
Key new developments
Scalingapplication + infrastructure
Container as a Service API
Persistent storage
Kubernetes,Swarm on Mesos
Advanced networking
• Coordination between containers and hosts
• Policy driven (Senlin)
• Intersection between Kubernetes, Swarm API
• Hideinfrastructure
• Volume drivers• Backed by Cinder
• Multiple workloads on Mesos
• Fine grain resource sharing
• Docker libnetwork(Kuryr)
OpenStack Client/API: model, bay
baymodel-create baymodel-delete baymodel-list baymodel-show bay-create bay-delete bay-list bay-show bay-update
Create a baymodel.Delete specified baymodel.Print a list of bay models.Show details about the given baymodel. Create a bay.Delete specified bay.Print a list of available bays.Show details about the given bay.Update information about the given bay.
15
OpenStack Client/API: Swarm cluster
container-create container-delete container-exec container-list container-logs container-pause container-reboot container-show container-start container-stop container-unpause
Create a container.Delete specified containers.Execute command in a container.Print a list of available containers. Get logs of a container.Pause specified containers.Reboot specified containers.Show details of a container.Start specified containers.Stop specified containers.Unpause specified containers.
16
Magnum Services
• Conductor: m-cond
– drive heat templates to create/update cluster
– interface with native client to create/update containers
– periodic synch
• Rest API: m-api
– publish API to client and other services
– interface with conductor, database
• Client:
– magnum command line
17
Horizon/UI
• Plugin for Magnum under development:
– https://github.com/openstack/magnum-ui
– README.rst: installation instruction
• Features:
– Create bay model, bay
– Deploy Kubernetes pods, services, replication controllers
– Deploy Swarm containers
18
Magnum Demo
• Live demo
– Create baymodel
– Create Kubernetes bay
– Deploy pod
– devstack screen logs
– Horizon plugin
• See recorded demo at:https://vimeo.com/128538940
19
Installing Magnum
• Devstack:https://github.com/openstack/magnum/blob/master/doc/source/dev/dev-quickstart.rst
– Configure local.conf:enable_plugin magnum https://git.openstack.org/openstack/magnumenable_plugin barbican https://git.openstack.org/openstack/barbicanPUBLIC_INTERFACE=eth0VOLUME_BACKING_FILE_SIZE=20G
– run stack.sh
• Manual:https://github.com/openstack/magnum/blob/master/doc/source/dev/dev-manual-devstack.rst
– Based on devstack (in progress: instruction for standard OpenStack installation)
– Configure OpenStack services required
– Set up networking, images, database
– Configure Magnum
20
Contributing to Magnum
• All bugs:https://bugs.launchpad.net/magnum/+bugs
• Easy bugs:https://bugs.launchpad.net/magnum/+bugs?field.tag=low-hanging-fruit
• Blueprints:https://blueprints.launchpad.net/magnum
• Patches under review:https://review.openstack.org/#/q/status:open+openstack/magnum,n,z
https://review.openstack.org/#/q/status:open+openstack/python-magnum
• OpenStack Summit, Austin 4/25-29:
– Talks
– 10 design sessions
21
Magnum development (source Adrian Otto)
22
6,039 patch sets
1,589 commits
275,601lines of code
1year
133engineers
34 affiliations
2015-01-20released
Companies contribution (source stackalytics.com)
23
24
