Embed Size (px)
Citation preview
Flexible, simple deploymentswith OpenStack-Ansible
OpenStack Austin Meetup - June 20th, 2016
Major Hayden | major.io | @majorhayden
Agenda
1. About me
2. The big question
3. Why Ansible?
4. Why OpenStack-Ansible?
5. Get involved!
About me
Major HaydenPrincipal Architect, Rackspace
At Rackspace since 2006
Contributor to OpenStackand the Fedora Project
I am addicted tobuying domain names(please don’t give me ideas)
We seriously needed another way to deploy OpenStack clouds?
“Fortunately, the charging one has been solved now that we’ve all standardized on mini-USB. Or is it micro-USB?”
https://xkcd.com/927/
STANDARDS
Different use cases demand different deployment methods.
What our customers wanted
“I want to focus on what we deploy on our cloud, not how we deploy it.I want to lean on someone else’s experience.”
“We want to add hardware on an as-needed basis.I want to expand my cloud without downtime.”
What our customers didn’t want
“Don’t tell me I need downtime to change a configuration option.I want my cloud to be flexible for my needs.”
“Don’t tell me to ‘lift and shift’ my workloads. Upgrades should be easy.”
Existing deployment
methods had limitations
Rigid configuration
Upgrade challenges
No operators in the community
Not coordinated
Lack of an overall direction
The foundation was set for something entirely different.
Why Ansible?
Highly extensible
Each task does one action
Tasks are grouped into roles
Roles are tied together with playbooks
Simple variable scope
Every role or task can have a default
Additional variables per environment
Deployers can override all of these variables easily
Dependencies make sense
If you can read top-down, you understand Ansible’s dependencies
Very little baggage
No daemons or agents
No clients or servers
Everything uses ssh
Use your existing keys, users, and auth mechanisms (like Kerberos!)
Why OpenStack-Ansible?
Extensible collection of roles
A backbone of playbooks that links multiple roles together
Each role deploys an OpenStack service
Opinionated defaults are set in each role
OpenStack-Ansible isbuilt by operators,
for operators
Isolation
Each service deploys into a different container
Each service gets unique message queue and database credentials
Each service queries different databases and message queue virtual hosts
Coordination
Every change is tested as part of the whole stack
If a keystone change breaks nova, automated testing will fail
Deprecated configurations and imports are handled gracefully
Documentation
Lots of installation documentation and reference guides
Real-world use cases and integrations
Growing, diverse community
Over 2,700 commits from 30 companies
Used to deploy the OSIC cluster (over 2,000 nodes)
* Newton mid-cycle is in San Antonio in August!
Deploy, maintain,and upgrade with ease
Maintain
Upgrade
Deploy to one host, 100 hosts, or 1,000 hosts
High availability is built-in
Control over quantity and location of Openstack services
Comes with opinionated defaults from OpenStack operators
Deploy
Maintain
Upgrade
Change configurations with little or no downtime
Rebuild any container quickly after a failure or disruption
Add, remove or replace control plane nodes as needed
Comprehensive host security hardening
Deploy
Maintain
Upgrade
Upgrading between and within major releases is a first class feature
Services are carefully upgraded along with database migrations
Deprecations are handled gracefully
Deploy
What about security?
OpenStack-Ansible has a security role
Applies 200+ security configurationson hosts and virtual machines
Follows the guidelines from the DISA STIG
Lots of auditor-friendly documentation
Supports Ubuntu 14.04/16.04, CentOS 7 and Red Hat Enterprise Linux 7
See the OpenStack Summit talk! https://goo.gl/iyywZD
Get involved
What’s next?Newton release
Ubuntu 16.04 support
Multi-arch support (PPCLE)
Xen and PowerVM support
Improved testing
Join us for theNewton mid-cycle meeting
in San Antonio:August 10-12, 2016
Join our community
Freenode IRC: #openstack-ansible
Mailing list: [email protected] (use the [openstack-ansible] tag in the subject line)
Code: https://github.com/openstack/openstack-ansible
Docs: http://docs.openstack.org/developer/openstack-ansible/
Thank you!Major [email protected]
Photo creditsTitle slide: Miles Bintz (Flickr) https://www.flickr.com/photos/milesbintz/4366494947
Construction crane: Richard Carter (Flickr) https://www.flickr.com/photos/richard_carter/6816885264/
Lock on old door: Denise Krebs (Flickr) https://www.flickr.com/photos/mrsdkrebs/13006945815/
Alamo: Nan Palmero (Flickr) https://www.flickr.com/photos/nanpalmero/15442494764/
Roadway at night: Paulo Valdivieso (Flickr) https://www.flickr.com/photos/p_valdivieso/14908384223/
All other photos are provided courtesy of Rackspace.
