Automated Deployment of OpenStack with Chef

Texas Linux Fest April 2, 2011

1

Introductions

Matt Ray Senior Technical Evangelist matt@opscode.com @mattray GitHub:mattray

2

What is OpenStack?

Founders operate at massive scale

NASA

OpenStack: The Mission

"To produce theubiquitousOpen Source cloud computing platform that will meet the needs of public and private cloud providers regardless of size, by being simple to implement and massively scalable."

OpenStack Founding Principles

Apache 2.0 license (OSI), open development process Open design process, 2x year public Design Summits Publicly available open source code repositories Open community processes documented and transparent Commitment to drive and adopt open standards Modular design for deployment exibility via APIs

Community with Broad Support

Software to provision virtual machines on standard hardware at massive scale

OpenStack Compute

creating open source software to build public and private clouds

Software to reliably store billions of objects distributed across standard hardware
OpenStack Object Storage

OpenStack Compute Key Features

ReST-based API Asynchronous eventually consistent communication

Horizontally and massively scalable

Hypervisor agnostic:
support for Xen ,XenServer, Hyper-V, KVM, UML and ESX is coming

Hardware agnostic:
standard hardware, RAID not required
9

User Manager

Cloud Controller: Global state of system, talks to LDAP, OpenStack Object Storage, and node/storage workers through a queue ATAoE / iSCSI

API: Receives HTTP requests, converts commands to/from API format, and sends requests to cloud controller Host Machines: workers that spawn instances

OpenStack Compute

Glance: HTTP + OpenStack Object Storage for server images

10

Hardware Requirements
OpenStack is designed to run on industry standard hardware, with flexible configurations Compute
x86 Server (Hardware Virt. recommended) Storage flexible (Local, SAN, NAS)

Object Storage
x86 Server (other architectures possible) Do not deploy with RAID (can use controller for cache)

11

Why is OpenStack important?

Open eliminates vendor lock-in Working together, we all go faster Freedom to federate, or move between clouds

12

What is Chef?

13

Chef enables Infrastructure as Code

Manage conguration as idempotent Resources. Put them together in Recipes. Track it like Source Code. Congure your servers.

14

At a High Level

Library for conguration management Conguration management system Systems integration platform API for your entire Infrastructure

15

Fully automated Infrastructure

16

Principles

Idempotent Data-driven Sane defaults Hackability TMTOWTDI

17

Open Source and Community

Apache 2 licensed Large and active community Over 300 individual contributors (60+ corporate) Community is Important!

18

19

How does it Work?

20

How does it Work? Miracles!

21

How does it Work? Miracles! (no really)

22

Chef Client runs on your System

23

Chef Client runs on your System

ohai!

24

Clients talk to the Chef Server

25

The Opscode Platform is a hosted Chef Server

26

We call each system you congure a Node

27

Nodes have Attributes

{ "kernel": { "machine": "x86_64", "name": "Darwin", "os": "Darwin", "version": "Darwin Kernel Version 10.4.0: Fri Apr 23 18:28:53 PDT 2010; root:xnu-1504.7.4~1/RELEASE_I386", "release": "10.4.0" }, "platform_version": "10.6.4", "platform": "mac_os_x", "platform_build": "10F569", "domain": "local", "os": "darwin", "current_user": "mray", "ohai_time": 1278602661.60043, "os_version": "10.4.0", "uptime": "18 days 17 hours 49 minutes 18 seconds", "ipaddress": "10.13.37.116", "hostname": "morbo", "fqdn": "morbomorbo.local", "uptime_seconds": 1619358 }

Kernel info!

Platform info!

Hostname and IP!

28

Nodes have a Run List

What Roles and Recipes to Apply in Order

29

Nodes have Roles

webserver, database, monitoring, etc.

30

Roles have a Run List

What Roles and Recipes to Apply in Order

31

name "webserver" description "Systems that serve HTTP traffic" run_list( "role[base]", "recipe[apache2]", "recipe[apache2::mod_ssl]" ) default_attributes( "apache" => { "listen_ports" => [ "80", "443" ] } ) override_attributes( "apache" => { "max_children" => "50" } )
32
32

name "webserver" description "Systems that serve HTTP traffic" run_list( "role[base]", "recipe[apache2]", "recipe[apache2::mod_ssl]" )

Can include other roles!

default_attributes( "apache" => { "listen_ports" => [ "80", "443" ] } ) override_attributes( "apache" => { "max_children" => "50" } )
32
32

Chef manages Resources on Nodes

33

Resources

Declare a description of the state a part of the node should be in

34

Resources
package "apache2" do version "2.2.11-2ubuntu2.6" action :install end template "/etc/apache2/apache2.conf" do source "apache2.conf.erb" owner "root" group "root" mode 0644 action :create end

Declare a description of the state a part of the node should be in

34

Resources
Have a type
package "apache2" do version "2.2.11-2ubuntu2.6" action :install end template "/etc/apache2/apache2.conf" do source "apache2.conf.erb" owner "root" group "root" mode 0644 action :create end

Declare a description of the state a part of the node should be in

34

Resources
Have a type Have a name
package "apache2" do version "2.2.11-2ubuntu2.6" action :install end template "/etc/apache2/apache2.conf" do source "apache2.conf.erb" owner "root" group "root" mode 0644 action :create end

Declare a description of the state a part of the node should be in

34

Resources
Have a type Have a name Have parameters
package "apache2" do version "2.2.11-2ubuntu2.6" action :install end template "/etc/apache2/apache2.conf" do source "apache2.conf.erb" owner "root" group "root" mode 0644 action :create end

Declare a description of the state a part of the node should be in

34

Resources
Have a type Have a name Have parameters Take action to put the resource in the declared state
package "apache2" do version "2.2.11-2ubuntu2.6" action :install end template "/etc/apache2/apache2.conf" do source "apache2.conf.erb" owner "root" group "root" mode 0644 action :create end

Declare a description of the state a part of the node should be in

34

Resources take action through Providers

35

Recipes are lists of Resources

36

Recipes
package "apache2" do version "2.2.11-2ubuntu2.6" action :install end

Evaluate and apply Resources in the order they appear

template "/etc/apache2/apache2.conf" do source "apache2.conf.erb" owner "root" group "root" mode 0644 action :create end

37

Order Matters

38

Recipes are just Ruby!

extra_packages = case node[:platform] when "ubuntu","debian" %w{ ruby1.8 ruby1.8-dev rdoc1.8 ri1.8 libopenssl-ruby } end extra_packages.each do |pkg| package pkg do action :install end end
39

Cookbooks are packages for Recipes

40

Cookbooks

Distributable, shareable comunity.opscode.com Infrastructure as Code Versioned Hundreds

41

Cookbooks

Recipes Files Templates Attributes Metadata

42

Data bags store arbitrary data

43

A user data bag item...

% knife data bag show users mray { "comment": "Matt Ray", "groups": "sysadmin", "ssh_keys": "ssh-rsa SUPERSEKRATS mray@morbo", "files": { ".bashrc": { "mode": "0644", "source": "dot-bashrc" }, ".emacs": { "mode": "0644", "source": "dot-emacs" } }, "id": "mray", "uid": 7004, "shell": "/usr/bin/bash" }
44

Environments manage versioned infrastructure

45

Command-line API utility, Knife

http://www.ickr.com/photos/myklroventine/3474391066/ Copyright 2011 Opscode, Inc - All Rights Reserved

46
46

Search
CLI or in Ruby Nodes are searchable Roles are searchable Recipes are
searchable searchable
$ knife search node 'platform:ubuntu' search(:node, platform:centos) $ knife search role 'max_children:50' search(:role, max_children:50) $ knife search node role:webserver search(:node, role:webserver) $ knife users shell:/bin/bash search (:users, group:sysadmins)

Data bags are

47

48

Standard Hardware Into a Cloud with OpenStack

HOW TO: Turn Racks of

49

What Works Today?

50

Compute (Nova)
Single machine installation
Role: nova-single-machine MySQL, RabbitMQ Nova-(api|scheduler|network|objectstore|compute)

Multi-machine
Role: nova-multi-controller (1) Role: nova-multi-compute (N)

51

Role: nova-single-machine
name "nova-single-machine-install" description "Installs everything required to run Nova on a single machine" run_list( "role[nova-multi-controller]", "role[nova-multi-compute]" )

52

Role: nova-multi-controller
name "nova-multi-controller" description "Installs requirements to run the Controller node in a Nova cluster" run_list( "role[nova-support-server]", "role[nova-head]", "role[nova-cloud-controller]", "role[nova-super-user-setup]" )

53

Role: nova-multi-compute
name "nova-multi-compute" description "Installs requirements to run a Compute node in a Nova cluster" run_list( "recipe[nova::compute]" )

54

What does this look like?

55

Crowbar
Codename for the OpenStack
installer from Dell

Dell is releasing this under the

Apache 2 license

Extension of the Chef server Jointly developed by Dell,

Rackspace and Opscode

56

Crowbar - What does it Do?

Crowbar is a PXE state machine starts with bare metal hardware manages and congures BIOS
and network settings

network boot and installation nodes are congured with Chef deploys OpenStack, could be
used for anything

57

OpenStack Installation

Cookbooks uploaded Roles uploaded Nodes ready

$ $ $ $ $

knife cookbook upload -a knife cookbook list rake roles knife role list knife node list

58

AMIs
name "nova-ami-urls" description "Feed in a list URLs for AMIs to download" default_attributes( "nova" => { "images" => ["http://192.168.11.7/ubuntu1010-UEC-localuser-image.tar.gz] } ) $ knife role from file roles/nova-ami-urls.rb

Use an existing AMI Update URL to your own

59

Assign the Roles

$ knife node run_list add crushinator.localdomain "role[nova-amiurls]" { "run_list": [ "role[nova-ami-urls]" ] } $ knife node run_list add crushinator.localdomain "role[nova-singlemachine-install]" { "run_list": [ "role[nova-ami-urls]" "role[nova-single-machine-install]", ] }

60

chef-client
mray@ubuntu1010:~$ sudo chef-client [Fri, 25 Feb 2011 11:52:59 -0800] INFO: 0.9.12) ... [Fri, 25 Feb 2011 11:56:05 -0800] INFO: 5.911955 seconds [Fri, 25 Feb 2011 11:56:05 -0800] INFO: [Fri, 25 Feb 2011 11:56:05 -0800] INFO: [Fri, 25 Feb 2011 11:56:05 -0800] INFO: Starting Chef Run (Version Chef Run complete in cleaning the checksum cache Running report handlers Report handlers complete

61

The Moment of Truth

nova@$ nova-manage service list nova@$ euca-describe-images nova@$ euca-run-instances ami-h8wh0j17 -k mykey -t m1.tiny nova@$ euca-describe-instances nova@$ ssh -i mykey.priv ubuntu@10.0.0.2 Linux i-00000001 2.6.35-24-virtual #42-Ubuntu SMP Thu Mar 30 05:15:26 UTC 2011 x86_64 GNU/Linux Ubuntu 10.10 Welcome to Ubuntu! <SNIP> See "man sudo_root" for details. ubuntu@i-00000001:~$
62

How Did We Get Here?

63

Forked from Anso Labs Cookbooks

Bootstrapped by Opscode Chef Solo/Vagrant installs for Developers http://github.com/ansolabs/openstack-cookbooks

64

Whos involved so far?

65

Whats Next?

66

Nova needed enhancements

Pluggable/Modular Roles
Database ObjectStore Network Virtualization

Swift and Glance integration

67

68

Dashboard

69

Knife
http://github.com/opscode/knife-openstack Nova has same API as Amazon Fog supports OpenStack already knife openstack server create role
[base] -i ami-a403f6xd -f m1.micro A OpenStack instance

70

Object Storage (Swift)

Recipes originated from Anso Labs repository Will be managed with Chef and Crowbar Included in the bexar branch Untested so far (Cactus will tackle)

71

Image Registry (Glance)

Recipes originated from Anso Labs repository Will be managed with Chef and Crowbar Included in the bexar branch Untested so far (Cactus!)

72

Scaling changes how we deploy OpenStack!

73

Deployment Scenarios
Single machine is special case of multi-install Controller + Compute nodes is a known quantity
for small installations

Nova + Swift + Glance in large installations Services separated and HA congurations

supported solution

Documentation and Chef Roles will be the

74

Cactus, Diablo, ...

Development continues... Branches for each stable release Design Summit later this month Design Summit in the Fall

75

Rackspace Cloud Builders

Commercial support and Training for OpenStack
Opscode Dell Equinix Cloudscaling Citrix

76

Get Involved!
https://github.com/mattray/openstack-cookbooks/tree/bexar http://lists.openstack.org http://lists.opscode.com #chef on irc.freenode.net #openstack on irc.freenode.net matt@opscode.com jordan@openstack.com

77