• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
What's New in Grizzly & Deploying OpenStack with Puppet
 

What's New in Grizzly & Deploying OpenStack with Puppet

on

  • 7,600 views

Slides from the May Triangle OpenStack Meetup.

Slides from the May Triangle OpenStack Meetup.
Part 1: What's new in Grizzly
Part 2: Deploying OpenStack with Puppet

Statistics

Views

Total Views
7,600
Views on SlideShare
7,588
Embed Views
12

Actions

Likes
4
Downloads
0
Comments
1

1 Embed 12

https://twitter.com 12

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel

11 of 1 previous next

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
  • How to deploy openstack using puppet modules .Please guide me from basic and step by step.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    What's New in Grizzly & Deploying OpenStack with Puppet What's New in Grizzly & Deploying OpenStack with Puppet Presentation Transcript

    • Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 1May Triangle OpenStackMeetupOrganizers: Mark T. Voelker, Arvind Somya, Amy Lewis2013-05-30
    • © 2013 Cisco and/or its affiliates. All rights reserved. 2• 4:30pm: Welcome & Introductions• 4:45pm: ―What’s New In Grizzly‖• 5:00pm: ―OpenStack Automation with Puppet‖• 5:30pm: Open Forum – Q&A• 5:45(ish)pm: Pizza!* All times ―-ish‖
    • © 2013 Cisco and/or its affiliates. All rights reserved. 3• A few introductions are in order….
    • © 2013 Cisco and/or its affiliates. All rights reserved. 4• Technical Leader/Developer/Manager/‖That Guy‖• Systems Development Unit at Cisco Systems• Lead one of the Cisco dev teams working on Quantum in the initial release• Currently working on: OpenStack solutions, Big Data, Massively ScalableData CentersIRC: markvoelkerTwitter: @marktvoelkerGitHub: markvoelkerBio
    • © 2013 Cisco and/or its affiliates. All rights reserved. 5• Software Engineer• Data Center Group/Office of the Cloud CTO at Cisco• Developed the initial representation of Quantum in Horizon• Currently working on: QuantumIRC: asomyaTwitter: @ArvindSomyaGitHub: asomya
    • © 2013 Cisco and/or its affiliates. All rights reserved. 6• Community Evangelist for Data Center Virtualization• Social Media Strategist at Cisco• Creator of Engineers Unplugged• Currently working on: Listening to and developing the technologistcommunity across various platforms and in real life (gasp!).Twitter: @CommsNinjaLinkedIn: amyhlewisYouTube: engineersunpluggedBio
    • © 2013 Cisco and/or its affiliates. All rights reserved. 7• You people:• Are OpenStack developers, OpenStack deployers, and OpenStack newbies• …..are hopefully here for the Triangle OpenStack Meetup.Otherwise, you’re in the wrong place.• Introductions?
    • © 2013 Cisco and/or its affiliates. All rights reserved. 8• We have WebEx!Tonight’s talks will be broadcast/recorded via WebEx. Feel free to tune in!We’ll also post content after we wrap up tonight.• We want content!Interested in giving a talk next time? Contact Mark, Arvind, or Amy!• We want feedback!Help us shape future Triangle OpenStack Meetups by answering a fewquestions when we’re done.• Mark your calendars!Proposed date for next meetup: Monday, July 1
    • Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 9Grizzly: What’s New?Mark T. VoelkerTechnical Leader, Cisco SystemsMay Triangle OpenStack Meetup2013-05-30
    • © 2013 Cisco and/or its affiliates. All rights reserved. 10• Release date: April 4, 2013• Contributors: 517 (up ~56%)• New features: ~230• Growth by lines of code: 35%• Patches merged: ~7,620• New networking drivers: 5• New block storage drivers: 10• New docs contributors: 27• Release notes: https://wiki.openstack.org/wiki/ReleaseNotes/Grizzly• Next release name and date: Havana, Oct. 17• Next design summit: Nov. 5-8 in Hong KongStats referenced from: http://www.slideshare.net/laurensell/openstack-grizzly-release
    • © 2013 Cisco and/or its affiliates. All rights reserved. 11With numbers like those…..Tonight’s list of new features won’tbe comprehensive…(or anywhere close)But it should be enough towhet your appetite.
    • © 2013 Cisco and/or its affiliates. All rights reserved. 12• ―Cells‖ are a way to manage distributed clusters within an OpenStackcloud, allowing for greater scalability and some resource isolation• Originated at Rackspace (in production since 8/1/2012)• Cells provide a way to create isolated resource pools within anOpenStack cloud—similar in some respects to AWS Availability Zones• OpenStack had a ―zone‖ concept dating back to Bexar.• Through Diablo, zones shared nothing and communicated via the OpenStackpublic API• Zones were broken by the introduction of Keystone and were removed in Essex• Cells replace the old zone functionality• More information on cells:• The blueprint• The Grizzly OpenStack Compute Admin Guide• Chris Behrens’s cells presentation from the Grizzly Design Summit
    • © 2013 Cisco and/or its affiliates. All rights reserved. 13• Compute resources are partitioned into hierarchical pools called―cells‖:• Each top-level ―API cell‖ has a nova-api service, AMQP broker, DB, andnova-cells service• Each ―child‖ cell has all the normal nova services except for nova-api• Each child cell has it’s own database server, AMQP broker, etc.• Glance/keystone are global• The nova-cells service provides communication between cells.• Also selects cells for new instances…cell scheduling != host scheduling• Host scheduling decisions are made within a cell• The future of cells• Other options besides AMQP for inter-cell communication (pluggabletoday, but only one option available)• More cell scheduler options (currently random)
    • © 2013 Cisco and/or its affiliates. All rights reserved. 14• Today, cells primarily address scalability and geographicdistribution concerns rather than providing complete resourceisolation• Cells can be nested (e.g. ―grandchild cells‖)• Cells are optional…small deployments aren’t forced to use them• Each child cell database has only the data for that cell• API cells have a subset of all child data (instances, quotas, migrations)• Quotas must be disabled in child cells…quota managementhappens on the API cell
    • © 2013 Cisco and/or its affiliates. All rights reserved. 15• Each nova-compute service used to have direct access to acentral database• Scalability concern• Security concern• Upgrade concern• In Grizzly, most DB access by the nova-compute service waseliminated• Some information is now conveyed over the RPC system (AMQP)• Some information is now conveyed over the new nova-conductor servicewhich essentially proxies database calls or proxies calls to RPC services• More information in the blueprint
    • © 2013 Cisco and/or its affiliates. All rights reserved. 16• Upgrades to existing plugins:• New plugins introduced:
    • © 2013 Cisco and/or its affiliates. All rights reserved. 17• Multihost distribution of L#/L4 and DHCP services• Improved handling of security groups and overlapping IP’s• Simplified configuration requirements for metadata service• v2 API support for XML and pagination• Introduction of Load Balancing as a Service (LBaaS)• API model and pluggable framework established• Tenant and cloud admin API’s• Basic reference implementation with HAProxy• Vendor plugins to come in Havana
    • © 2013 Cisco and/or its affiliates. All rights reserved. 18Slick new network topology visualization
    • © 2013 Cisco and/or its affiliates. All rights reserved. 19• Vastly improved networking support• Visualization• Support for routers and load balancers• Simplified floating IP workflow• Direct image upload to Glance• Makes uploading images easier/faster, but some constraints• Live migration support
    • © 2013 Cisco and/or its affiliates. All rights reserved. 20• PKI tokens replace UUID tokens as the default format• Allows offline validation and improved performance• API v3• Domains provide namespace isolation and role management• RBAC improvements• Trusts provided via CGI-style REMOTE_USER params tomake external authentication simpler
    • © 2013 Cisco and/or its affiliates. All rights reserved. 21• Fibre channel attach support• Multiple backends with the same manager & schedulerimprovements• New drivers:
    • © 2013 Cisco and/or its affiliates. All rights reserved. 22• User container quotas• CORS (cross-origin resource sharing) support for easierintegration with web/HTML5 apps• Bulk operations support• StatsD updates
    • © 2013 Cisco and/or its affiliates. All rights reserved. 23• Nova: https://launchpad.net/nova/+milestone/2013.1• Quantum: https://launchpad.net/quantum/+milestone/2013.1• Keystone: https://launchpad.net/keystone/+milestone/2013.1• Horizon: https://launchpad.net/horizon/+milestone/2013.1• Swift: https://launchpad.net/swift/grizzly/1.8.0• Glance: https://launchpad.net/glance/+milestone/2013.1• Cinder: https://launchpad.net/cinder/+milestone/2013.1• Grizzly release notes:https://wiki.openstack.org/wiki/ReleaseNotes/Grizzly• Grizzly Overview:http://www.openstack.org/software/grizzly/
    • Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 24OpenStack Automationwith PuppetMark T. VoelkerTechnical Leader, Cisco SystemsMay Triangle OpenStack Meetup2013-05-30
    • © 2013 Cisco and/or its affiliates. All rights reserved. 25• Puppet is open source software designed for to manage ITconfiguration and state of systems of all sizes.• It is primarily used on servers, but can also work with other typesof devices (like switches).• It is *not* a baremetal installer, but it can handle most tasks oncean OS is installed, including softwareinstallation, configuration, and maintenance.• It is written and backed by Puppet Labs.• Puppet Labs offers a commercial, supported version of Puppetcalled Puppet Enterprise, which features additional scale andmanagement.
    • © 2013 Cisco and/or its affiliates. All rights reserved. 26• Because it beats the heck out of managing a pile of bash scripts.• The Puppet DSL is designed to be easy to use and easier toread.• Puppet allows you describe the state of systems, and store thosestates in a single place. You don’t have to configure systemsindividually.• Puppet lets you codify many systems administration tasks.• Puppet can be used to ensure compliance.• If a rogue changes a configuration you provided, Puppet will change it back.• It can also be used to provide auditability, showing when changes weremade.
    • © 2013 Cisco and/or its affiliates. All rights reserved. 27Pile ofBashScripts
    • © 2013 Cisco and/or its affiliates. All rights reserved. 28• Puppet is a declarative language, meaning you describe the state youwant the system to be in (not what action you want to take).• A manifest is essentially a Puppet ―program‖…it’s what you write tomake stuff happen to your infrastructure, where ―stuff‖ includes thingslike:• Installing/removing packages• Adding or modifying configuration files• Starting/stopping/restarting services• Setting file permissions or modes• A module is a self-contained bundle of Puppet code and data.Generally, you’ll write one module to accomplish a given state.• Such as ―install and configure Apache and make sure it’s always running.‖• Generally includes manifests, templates, and other data.• Treated as source code and (frequently) shared on PuppetForge.
    • © 2013 Cisco and/or its affiliates. All rights reserved. 29• Resource Types define the attributes and actions of a kind ofthing• Such as: a file, a host, a service, a package, or a cron job.• Somewhat analogous to programming language variable types(int, struct, float, char, etc)• Providers provide the low-level functionality of a given type.• For example, a ―package‖ resource has providers for apt, yum, PyPI, etc.• Different providers might extend different features for the same resourcetype.• There are many kinds of types and providers built in toPuppet, but you can also write your own (with a bit of Ruby).
    • © 2013 Cisco and/or its affiliates. All rights reserved. 30• Standalone Mode• Puppet operating on a single machine• Good for learning and small deployments• Client/Server (aka ―Master/Agent‖) Mode• A server acts as a ―master‖ where modules and manifests live• Each managed node runs an ―agent‖ which periodically checks in with the master to see ifany changes need to be applied.• Communication is via SSL (see caveats), scales horizontal behind load balancers.• Makes it easy to manage lots of nodes by only touching one• Master can be run with a built-in server, or can be run via Phusion Passenger or similartools for greater scalability.• The most common mode in production.• Massively Scalable Mode• Not really one type of mode at all: you define how Puppet code is distributed• Usually involves rsync, git, or shared filesystems and cron• Invokes Puppet in standalone mode, but you provide the glue that determines how codegets to the managed nodes.• Allows you to sidestep the Puppet Master as a bottleneck.
    • © 2013 Cisco and/or its affiliates. All rights reserved. 31<- Installs the openssh-serverpackage (before we place aconfig file)<- Creates an SSHd config fileby copying one we had in /rootand sets the mode<- Makes sure the sshdservice is always running, andrestarts it if we make anychanges to sshd_config
    • © 2013 Cisco and/or its affiliates. All rights reserved. 32• Facts are information about the specific system a given Puppetagent is running on.• They are collected by a program called Facter that ships withPuppet itself.• Facts can be inserted in manifests as variables.• Puppet supports a variety of facts already, but you can add morewith a bit of Ruby.
    • © 2013 Cisco and/or its affiliates. All rights reserved. 33
    • © 2013 Cisco and/or its affiliates. All rights reserved. 34Puppet has very good ―getting started‖ training online!http://docs.puppetlabs.com/learning/Some other resources to check out:• Look for ―Pro Puppet‖ and ―Puppet 2.7 Cookbook‖, at your favorite tech booklibrary.• Puppet has IRC channels where you can ask questions.• Puppet has documentation.
    • © 2013 Cisco and/or its affiliates. All rights reserved. 35• Puppet Labs has been active participant in the OpenStackcommunity, as have Puppet users• Stop by the #puppet-openstack channel on IRC• Check out the Google Group• Say ―hi‖ to Dan Bode• Many OpenStack clouds are deployed with Puppet• Such as Rackspace’s public cloud, eNovance, Morph Labs, Cisco WebEx, andclouds built with PackStack• Puppet is also used to manage portions of the OpenStack community’s projectinfrastructure• Puppet modules for OpenStack are maintained on StackForge• StackForge is a way for projects related to OpenStack to make use ofOpenStack project infrastructure• Puppet modules are mirrored to GitHub at:https://github.com/stackforge/puppet-openstack
    • © 2013 Cisco and/or its affiliates. All rights reserved. 36• Puppet Labs integration specialist• Frequent OpenStack Design Summit speaker and community guy• Co-author of ―Puppet Types and Providers‖• Did a workshop on installing OpenStack with Puppet at the Havana Design SummitrecentlyIRC: bodepdTwitter: @bodepdGitHub: bodepdO’Reilly Bio
    • © 2013 Cisco and/or its affiliates. All rights reserved. 37• Start by reading over requirements and notes here.• Install Puppet 2.7.12 or higher and configure a Puppet Master.• Install the modules.• Edit site.pp to provide information about your environment.• This is where you define things like where your compute, storage, andcontrol nodes are.• Run puppet agents on each host.• Go get coffee.• Cloud!
    • © 2013 Cisco and/or its affiliates. All rights reserved. 38• puppet-openstack is the ―root‖ module• Probably the only one you need to really touch• Intended to make bootstrapping an OpenStack environment fast and easy• It provides the site.pp file where you define your infrastructure (IPaddresses, etc)• Individual OpenStack components handled by their ownmodules (you may or may not use all of them)• puppet-nova• puppet-swift• puppet-quantum• puppet-glance• puppet-cinder• puppet-horizon• puppet-keystone
    • © 2013 Cisco and/or its affiliates. All rights reserved. 39• Using the StackForge Puppet modules assumes that you have anoperating system and Puppet installed on all of the servers youwant to participate in your cloud.• Remember, Puppet doesn’t do baremetal provisioning…e.g. loading anoperating system on a freshly unboxed server.• Probably fine if your deployment is small, but baremetal provisioningbecomes more time consuming with more nodes.• So how can you handle baremetal? Several options…• PXE booting with Kickstart (Red Hat derivatives) or preseeding (Debianderivatives)• Razor• Cobbler
    • © 2013 Cisco and/or its affiliates. All rights reserved. 40• A simple (~15k lines of Python code) tool for managing baremetaldeployments• Flexible usage (API, CLI, GUI)• Allows you to define systems (actual machines) and profiles (whatyou want to do with them)• Provides hooks for Puppet so you can then do further automationonce the OS is up and running• Provides control for power (via IPMI or other means), DHCP/PXE(for netbooting machines), preseed/kickstart setup, and more.
    • © 2013 Cisco and/or its affiliates. All rights reserved. 41+ +=
    • © 2013 Cisco and/or its affiliates. All rights reserved. 42• In our labs (and at some of our customer sites), we deploy OpenStackusing Cobbler and Puppet with the Cisco OpenStack Installer.• Installs OpenStack with Quantum networking using the Open vSwitch driver (soit works on almost any hardware).• Also installs some basic monitoring utilities (Nagios, collectd, graphite)• Open source, freely available• Documentation/install instructions here:http://docwiki.cisco.com/wiki/OpenStack• Video walk-through here:• Part 1: Build Server Deploymenthttp://www.youtube.com/watch?v=sCtL6g1DPfY• Part 2: Controller and Compute Node Deploymenthttp://www.youtube.com/watch?v=RPUmxdI4M-w• Part 3: Quantum Network Setup and VM Creationhttp://www.youtube.com/watch?v=Y0qjOsgyT90
    • © 2013 Cisco and/or its affiliates. All rights reserved. 43• Start with a single Ubuntu 12.04 machine (can be virtual orphysical).• Download base manifests and set up site.pp.• Run ―puppet apply‖ to turn your Ubuntu machine into a ―buildnode‖• Build node is now a Puppet master, a Cobbler server, and aNagios/Graphite host.• Use Cobbler on the build node to PXE boot a Control Node• Control node runs most of the OpenStack ―control‖ services (e.g. APIservers, nova-scheduler, glance-registry, Horizon, etc)• Use Cobbler on the build node to PXE boot as many computenodes as you like
    • © 2013 Cisco and/or its affiliates. All rights reserved. 44
    • © 2013 Cisco and/or its affiliates. All rights reserved. 45• Mostly information about your physical nodesNIC, MAC, and IP Address info (for PXE booting, etc)NTP and Proxy server info (if necessary)Password for databases• Let’s take a look…..
    • © 2013 Cisco and/or its affiliates. All rights reserved. 46• Building a multi-node cloud takes some time and the pizza is onit’s way, so let’s look at an abbreviated demo.• We’ll assume that you’ve downloaded the Puppet modules toyour build node and applied them.• We’ll also assume you’ve booted your control node with Cobblerand let Puppet set it up• We’ll now use Cobbler to boot up a new compute node.
    • © 2013 Cisco and/or its affiliates. All rights reserved. 47Questions?http://www.cisco.com/go/openstack