The document discusses the orchestration capabilities of OpenStack Heat, highlighting how to create and manage stacks of resources, including compute, storage, and network configurations. It outlines various operational scenarios, including the use of software configuration management tools like Ansible and Ceph, while addressing the complexities of resource dependencies and the importance of maintaining stack integrity during updates. The presentation also emphasizes the need for resilience in cloud operations, optimizing performance, and includes participation details for various related sessions.

1. Heat up your Stack
Rico Lin
Chief OpenStack Technologist, inwinSTACK
IRC: ricolin #heat
rico.l@inwinstack.com
@ricolintw

2. Your HA OpenStack Architecture
Deploy Compute
Storage
Controller
HA

3. OpenStack

4. image
flavor
user
role
Port instance
Trove
Sahara
Murano
Magnum
keypairsubnet
network
security
group
Project
load
balance
container volumeFloating IP
volume
alarm

5. image
flavor
user
role
Port instance
Trove
Sahara
Murano
Magnum
keypairsubnet
network
security
group
Project
load
balance
container volumeFloating IP
volume
alarm
A Mess

6. But You Didn’t Know, It’s Happening...

7. Making It Right and Making It Fast!

8. image
flavor
user
role
Port instance
Trove
Sahara
Murano
Magnum
keypairsubnet
network
security
group
Project
load
balance
container volumeFloating IP
volume
alarm
User Image Flavor Role Alarm Vloume
Port
Network
Container
Floating
IP
Subnet
Load
balance
Keypair
Security
group
Instance
Vloume
Magnum
Trove
Sahara
Murano
Project
Use Heat Resource to
Redefine Old Resource

9. Create Stack for Default Resource Set
heat_template_version: 2015-04-30
resources:
image_for_cloudos:
type: OS::Glance::Image
properties: …
image_for_ubuntu:
type: OS::Glance::Image properties: …
image_for_win7:
type: OS::Glance::Image properties: …
Stack: images
Image Image
Image

10. Create Stack for Authorization Topology
Stack: Authorization
Project
Project Role
Role User User
User

11. Stack: Network_Topology
Router
Create Stack for Network Topology
Network Network
Subnet Subnet
Port Port

12. Create Stack for Instance Topology
Stack: Instance
Server
Volume
Keypair
Murano Magnum Trove
Sceurity Group
Floating IP
LBaas

13. image
flavor
user
role
Port instance
Trove
Sahara
Murano
Magnum
keypairsubnet
network
security
group
Project
load
balance
container volumeFloating IP
volume
alarm
User Image Flavor Role Alarm Vloume
Port
Network
Container
Floating
IP
Subnet
Load
balance
Keypair
Security
group
Instance
Vloume
Magnum
Trove
Sahara
Murano
Project
Stack:
Network
Topology
Stack: Instance
Container
Authenticat
ion
Image
security
group
volume
Flavor Alarm volume
Authorization
Everything Transform
to
Stack

14. Example: Create Instance
1 Operation8 Operations VS
Stack
port
Instance
security
group
Volume
keypair
image
floating IP
LBaas

15. Operations You Give,
Mistake You’ll Make.
The More

16. image
flavor
user
role
Port instance
Trove
Sahara
Murano
Magnum
keypairsubnet
network
security
group
Project
load
balance
container volumeFloating IP
volume
alarm
How many operations
to draw this structure?!

17. Migration
do
Happens...

18. Withdraw entire resources set by dependency
Stack
Stack
Stack
Stack

19. No Zombie Resources
Stack
Stack
Stack

20. Same Resources Structure
Stack
Stack
Stack
Stack
New

21. Resources Structure on Horizon
Stack

22. Stack is Updatable
Stack

23. Get file from others, make control flow clean
type: OS::Heat::SoftwareConfig
config:
get_file: script.sh
Stack
Script.sh

24. type: OS::Neutron::FloatingIP
depends_on: port_A
Set Dependency cross Resourcess
Stack

25. Stack
Get Resource Info Direct From Another Resource
type: OS::Nova::Server
properties:
flavor: {
get_resource: flavor}
user_data: {
get_attr: [boot_config, config]}

26. type: Database_node.yaml
properties:
role: ...
network: ...
flavor: ...
image: ...
Nested Stack Make Management Easy
Stack
Stack

27. Where
are
Applications?

28. config:
type: OS::Heat::SoftwareConfig
group: ansible
config: get_file: applicaton_deploy_flow.ansible
deployment:
...
server:
...
Application in Heat
Stack for Application
Image Server SoftwareConfig
SoftwareDeployment
ControlS
cript
Script

29. server:
type: OS::Nova::Server
user_data_format: SOFTWARE_CONFIG
config:
...
deployment:
...
Application in Heat
Stack for Application
Image Server SoftwareConfig
SoftwareDeployment
ControlS
cript
Script

30. deployment:
type: OS::Heat::SoftwareDeployment
config: get_resource: config
server: get_resource: server
config:
…
server:
...
Application in Heat
Stack for Application
Image Server SoftwareConfig
Script SoftwareDeployment
Control
Script

31. Use cases - Ceph
Stack: Ceph
Image Server SoftwareConfig
SoftwareDeployment
Ceph
ansible
control
script
Me Too!
Ceph
Ansible
script
Hi, I pull from Ceph-ansible repo

32. Use cases - Ceph
Stack: Ceph
Image Server SoftwareConfig
SoftwareDeployment
Ceph
ansible
control
script
Hi, Server!
Here is SoftwareConfig for you,
and with parameter
(role= ceph-monitor)
Go knock yourself out!!!
Ceph
Ansible
script

33. Use cases - ?
Stack
Image Server SoftwareConfig
?
Ansible
script SoftwareDeployment
?
Ansible
control
script Ansible
Puppet
Script
Salt
Kubelet
Cfn-init
Docker-compose

34. Example: Application Deployment
1 Operation11 + ? Operations VS
Stack
Write
config
Run
Ansible port
Instance
security
group
Volume
keypair
image
floating IP
LBaas
Collect
information for
other instance

35. SoftwareConfig Flow
Image
script
Heat-engine
Nova
Server
os-collect-config
os-refresh-config
heat-config
ansible-hook
ansible-playbook
Ansible files
os-apply
-config

36. Clouds are noisy - servers fail to come up, or die when the
underlying hypervisor crashes or suffers a power failure.
Heat should be resilient and allow concurrent operations
on any sized stack.
convergence_engine = True

37. Template Heat-API AMQP
Heat-engine
DB
Original Design

38. Ideal Design
Template Heat-API AMQP
Heat-engineAMQP
DB
Hey worker this
is resource, go
create it!!
Worker
Observer

39. Current Convergency Design
Current Convergency Design
Template Heat-API AMQP
Heat-engine
AMQP
(engine_
worker)
Worker
DB
Where is
Observer?

40. How it Interact
between
Convergence Workers?

41. Traversal Graph
SyncPoint
A
SyncPoint
C
(C,A) => (requirer, required)
SyncPoint
B
(C,B)
SyncPoint
D
(D,C)
leaves
Stack
SyncPoint
*traversal_id
*stack_id
*entity_id
*is_update
input_data
atomic_key

42. Shall We Trace?

43. 1. create_stack():
Parse template, Create Stack, Validate Stack, and Check Convergence status
Template Heat-API
Heat-engine
Heat-engine
AMQP
Heat-engine
AMQP
(engine_
worker)
Heat-engine
Worker
Worker
Worker
Worker
DB
Stack

44. 2. converge_stack():
Clear previous traversal sync_point on stack (if any)
Heat-engine
Heat-engine
Heat-engine
AMQP
(engine_
worker)
Heat-engine
SyncPoint
Stack
DB
Worker
Worker
Worker
Worker
AMQPTemplate Heat-API

45. leaves
3. _converge_create_or_update():
Create dependency and sync_point for traversal
Heat-engine
AMQP
(engine_
worker)
Worker
Worker
Worker
Worker
C
D
B
A
SyncPoint
Stack
DB

46. 4. check_resoruce():
Load resource, check current_traversal is equal to stack’s current_traversal.
Also check timeout or finish
leaves
AMQP
(engine_
worker)
Worker
Worker
Worker
Worker
A
C
D
B
A
SyncPoint
Stack
DB

47. 5. _do_check_resoruce():
Try to update or create resource, replace if upadate failed,
clearup from convergence if can’t get the lock
Worker
A
C
D
B
A
SyncPoint
Stack
DB
leaves

48. 6. check_resoruce_update():
Create or update convergence base on action is initial or not
Worker
A
C
D
B
A
SyncPoint
Stack
DB
leaves

49. 7. create_convergence():
Create resource by invoking scheduler: TaskRunner
Worker
A
C
D
B
A
SyncPoint
Stack
DB
leaves

50. 8. create():
Handle resource create failure
Worker
A
C
D
B
A
SyncPoint
Stack
DB
leaves

51. 9. handle_create():
Create resource
Worker
C
D
B
A
SyncPoint
Stack
A
DB
leaves

52. 5-9, 4. check_resoruce():
Load next resource, check current_traversal is equal to stack’s current_traversal.
Go execute and check timeout or finish.
AMQP
(engine_
worker)
Worker
Worker
Worker
Worker
B
C
D
B
SyncPoint
Stack
A
DB
leaves

53. 5-9, 4. check_resoruce():
Load next resource, check current_traversal is equal to stack’s current_traversal.
Go execute and check timeout or finish.
AMQP
(engine_
worker)
Worker
Worker
Worker
Worker
C
D
SyncPoint
Stack
A
C
B
DB
leaves

54. 5-9, 4. check_resoruce():
Load next resource, check current_traversal is equal to stack’s current_traversal.
Go execute and check timeout or finish.
AMQP
(engine_
worker)
Worker
Worker
Worker
Worker
D
SyncPoint
Stack
A
D
DB
B
C
leaves

55. 3. _converge_create_or_update():
Mark completed and purge Database
Heat-engine
AMQP
(engine_
worker)
WorkerSyncPoint
Stack
A
DB
B
C
D
Worker
Worker
Worker

56. So What Happens If Conflict?

57. Another Stcak Update Request Join?
Stack SyncPoint will show which Stack traversal is current.
AMQP
(engine_
worker)
Worker
Worker
C
D
SyncPoint
Stack_a
A
C
B
DB
Stack_a
A
Hey, wrong traversal ID here!!
Me!?
leaves

58. Example: Mass Application Deployment
1 Operation
<20 Min.
> 50 Operations
>100 Min.
VS
Stack

59. Heat Fleet’s sessions
● inwinSTACK- Heat Up Your Stack - Deep Dive to Heat, Learn How to
Orchestrate Your Cloud - Wednesday, 11:15am
● User/ops session for summit - Wednesday, 3:40pm
● Extending OpenStack Heat to Orchestrate Security Policies and Network
Function Service Chains - Thursday, 9:50am
● Why Reinvent the Wheel? - Using Murano, Heat, Container Clustering and
Ceilometer to Provide Auto--scaling and Enforce Self-Healing Best Practices in
Applications - Thursday, 11:00am
● Heat, Cloud-init & Cloud-config: OpenStack Orchestration Deep Dive, Hands-
On Lab - Thursday, 4:30pm

60. Q&A