Flexible, simple deployments
with OpenStack-Ansible
OpenStack Austin Meetup - June 20th, 2016
Major Hayden | major.io | @majorhayden
Agenda
1. About me
2. The big question
3. Why Ansible?
4. Why OpenStack-Ansible?
5. Get involved!
About me
Major Hayden
Principal Architect, Rackspace
At Rackspace since 2006
Contributor to OpenStack
and the Fedora Project
I am addicted to
buying domain names
(please don’t give me ideas)
We seriously needed
another way to
deploy OpenStack
clouds?
“Fortunately, the charging one has been solved now that
we’ve all standardized on mini-USB. Or is it micro-USB?”
https://xkcd.com/927/
STANDARDS
Different use cases
demand different
deployment
methods.
What our customers wanted
“I want to focus on what
we deploy on our cloud,
not how we deploy it.
I want to lean on
someone else’s
experience.”
“We want to add
hardware on an as-
needed basis.
I want to expand my
cloud without
downtime.”
What our customers didn’t want
“Don’t tell me I need
downtime to change a
configuration option.
I want my cloud to be
flexible for my needs.”
“Don’t tell me to ‘lift
and shift’ my
workloads.
Upgrades should
be easy.”
Existing
deployment
methods had
limitations
Rigid configuration
Upgrade challenges
No operators in the community
Not coordinated
Lack of an overall direction
The foundation was
set for something
entirely different.
Why Ansible?
Highly extensible
Each task does one action
Tasks are grouped into roles
Roles are tied together with playbooks
Simple variable scope
Every role or task can have a default
Additional variables per environment
Deployers can override all of these variables easily
Dependencies make sense
If you can read top-down, you understand Ansible’s dependencies
Very little baggage
No daemons or agents
No clients or servers
Everything uses ssh
Use your existing keys, users, and auth mechanisms (like Kerberos!)
Why OpenStack-Ansible?
Extensible collection of roles
A backbone of playbooks that links multiple roles together
Each role deploys an OpenStack service
Opinionated defaults are set in each role
OpenStack-Ansible is
built by operators,
for operators
Isolation
Each service deploys into a different container
Each service gets unique message queue and database credentials
Each service queries different databases and message queue virtual hosts
Coordination
Every change is tested as part of the whole stack
If a keystone change breaks nova, automated testing will fail
Deprecated configurations and imports are handled gracefully
Documentation
Lots of installation documentation and reference guides
Real-world use cases and integrations
Growing, diverse community
Over 2,700 commits from 30 companies
Used to deploy the OSIC cluster (over 2,000 nodes)
* Newton mid-cycle is in San Antonio in August!
Deploy, maintain,
and upgrade with ease
Maintain
Upgrade
Deploy to one host, 100 hosts, or
1,000 hosts
High availability is built-in
Control over quantity and location
of Openstack services
Comes with opinionated defaults
from OpenStack operators
Deploy
Maintain
Upgrade
Change configurations with little
or no downtime
Rebuild any container quickly
after a failure or disruption
Add, remove or replace control
plane nodes as needed
Comprehensive host security
hardening
Deploy
Maintain
Upgrade
Upgrading between and within
major releases is a first class
feature
Services are carefully upgraded
along with database migrations
Deprecations are handled
gracefully
Deploy
What about security?
OpenStack-Ansible has a security role
Applies 200+ security configurations
on hosts and virtual machines
Follows the guidelines from the DISA STIG
Lots of auditor-friendly documentation
Supports Ubuntu 14.04/16.04, CentOS 7
and Red Hat Enterprise Linux 7
See the OpenStack Summit talk!
https://goo.gl/iyywZD
Get involved
What’s next?
Newton release
Ubuntu 16.04 support
Multi-arch support (PPCLE)
Xen and PowerVM support
Improved testing
Join us for the
Newton mid-cycle meeting
in San Antonio:
August 10-12, 2016
Join our community
Freenode IRC: #openstack-ansible
Mailing list: openstack-dev@lists.rackspace.com
(use the [openstack-ansible] tag in the subject line)
Code: https://github.com/openstack/openstack-ansible
Docs: http://docs.openstack.org/developer/openstack-ansible/
Thank you!
Major Hayden
@majorhayden
major.io
Photo credits
Title slide: Miles Bintz (Flickr) https://www.flickr.com/photos/milesbintz/4366494947
Construction crane: Richard Carter (Flickr) https://www.flickr.com/photos/richard_carter/6816885264/
Lock on old door: Denise Krebs (Flickr) https://www.flickr.com/photos/mrsdkrebs/13006945815/
Alamo: Nan Palmero (Flickr) https://www.flickr.com/photos/nanpalmero/15442494764/
Roadway at night: Paulo Valdivieso (Flickr) https://www.flickr.com/photos/p_valdivieso/14908384223/
All other photos are provided courtesy of Rackspace.

Flexible, simple deployments with OpenStack-Ansible

  • 1.
    Flexible, simple deployments withOpenStack-Ansible OpenStack Austin Meetup - June 20th, 2016 Major Hayden | major.io | @majorhayden
  • 2.
    Agenda 1. About me 2.The big question 3. Why Ansible? 4. Why OpenStack-Ansible? 5. Get involved!
  • 3.
    About me Major Hayden PrincipalArchitect, Rackspace At Rackspace since 2006 Contributor to OpenStack and the Fedora Project I am addicted to buying domain names (please don’t give me ideas)
  • 4.
    We seriously needed anotherway to deploy OpenStack clouds?
  • 5.
    “Fortunately, the chargingone has been solved now that we’ve all standardized on mini-USB. Or is it micro-USB?” https://xkcd.com/927/ STANDARDS
  • 6.
    Different use cases demanddifferent deployment methods.
  • 7.
    What our customerswanted “I want to focus on what we deploy on our cloud, not how we deploy it. I want to lean on someone else’s experience.” “We want to add hardware on an as- needed basis. I want to expand my cloud without downtime.”
  • 8.
    What our customersdidn’t want “Don’t tell me I need downtime to change a configuration option. I want my cloud to be flexible for my needs.” “Don’t tell me to ‘lift and shift’ my workloads. Upgrades should be easy.”
  • 9.
    Existing deployment methods had limitations Rigid configuration Upgradechallenges No operators in the community Not coordinated Lack of an overall direction
  • 10.
    The foundation was setfor something entirely different.
  • 11.
  • 12.
    Highly extensible Each taskdoes one action Tasks are grouped into roles Roles are tied together with playbooks
  • 13.
    Simple variable scope Everyrole or task can have a default Additional variables per environment Deployers can override all of these variables easily
  • 14.
    Dependencies make sense Ifyou can read top-down, you understand Ansible’s dependencies
  • 15.
    Very little baggage Nodaemons or agents No clients or servers Everything uses ssh Use your existing keys, users, and auth mechanisms (like Kerberos!)
  • 16.
  • 17.
    Extensible collection ofroles A backbone of playbooks that links multiple roles together Each role deploys an OpenStack service Opinionated defaults are set in each role
  • 18.
    OpenStack-Ansible is built byoperators, for operators
  • 19.
    Isolation Each service deploysinto a different container Each service gets unique message queue and database credentials Each service queries different databases and message queue virtual hosts
  • 20.
    Coordination Every change istested as part of the whole stack If a keystone change breaks nova, automated testing will fail Deprecated configurations and imports are handled gracefully
  • 21.
    Documentation Lots of installationdocumentation and reference guides Real-world use cases and integrations
  • 22.
    Growing, diverse community Over2,700 commits from 30 companies Used to deploy the OSIC cluster (over 2,000 nodes) * Newton mid-cycle is in San Antonio in August!
  • 23.
  • 24.
    Maintain Upgrade Deploy to onehost, 100 hosts, or 1,000 hosts High availability is built-in Control over quantity and location of Openstack services Comes with opinionated defaults from OpenStack operators Deploy
  • 25.
    Maintain Upgrade Change configurations withlittle or no downtime Rebuild any container quickly after a failure or disruption Add, remove or replace control plane nodes as needed Comprehensive host security hardening Deploy
  • 26.
    Maintain Upgrade Upgrading between andwithin major releases is a first class feature Services are carefully upgraded along with database migrations Deprecations are handled gracefully Deploy
  • 27.
  • 28.
    OpenStack-Ansible has asecurity role Applies 200+ security configurations on hosts and virtual machines Follows the guidelines from the DISA STIG Lots of auditor-friendly documentation Supports Ubuntu 14.04/16.04, CentOS 7 and Red Hat Enterprise Linux 7 See the OpenStack Summit talk! https://goo.gl/iyywZD
  • 29.
  • 30.
    What’s next? Newton release Ubuntu16.04 support Multi-arch support (PPCLE) Xen and PowerVM support Improved testing
  • 31.
    Join us forthe Newton mid-cycle meeting in San Antonio: August 10-12, 2016
  • 32.
    Join our community FreenodeIRC: #openstack-ansible Mailing list: openstack-dev@lists.rackspace.com (use the [openstack-ansible] tag in the subject line) Code: https://github.com/openstack/openstack-ansible Docs: http://docs.openstack.org/developer/openstack-ansible/
  • 33.
  • 34.
    Photo credits Title slide:Miles Bintz (Flickr) https://www.flickr.com/photos/milesbintz/4366494947 Construction crane: Richard Carter (Flickr) https://www.flickr.com/photos/richard_carter/6816885264/ Lock on old door: Denise Krebs (Flickr) https://www.flickr.com/photos/mrsdkrebs/13006945815/ Alamo: Nan Palmero (Flickr) https://www.flickr.com/photos/nanpalmero/15442494764/ Roadway at night: Paulo Valdivieso (Flickr) https://www.flickr.com/photos/p_valdivieso/14908384223/ All other photos are provided courtesy of Rackspace.