OpenStack Deployments with Chef

    OpenStack Conference
        Spring 2012

            Matt Ray
      matt@opscode.com
 IRC/Twitter/LP/GitHub: mattray
      www.opscode.com
Deploying and Managing
OpenStack is not simple.
Chef makes it easier.
See Node



Application Server
See Nodes



Application Server


Application Database
See Nodes Grow



Application Server


Application Databases
See Nodes Grow



Application Servers


Application Databases
See Nodes Grow

Load Balancer


Application Servers


Application Databases
See Nodes Grow

Load Balancers


        Application Servers


Application Databases
See Nodes Grow

Load Balancers


        Application Servers


Application Database Cache


Application Databases
Tied together with Config

Load Balancers


        Application Servers


Application Database Cache


Application Databases
Infrastructure is a Snowflake

Load Balancers


         Application Servers


Application Database Cache


Floating IP?


Application Databases
Evolving Complexity



        Load Balancers
              ApplicationCache

                   Application Servers
NoSQL        Database Cache

             Database Slaves

        Database
Complexity Grows Quickly
      DC2


DC1

                      DC3
And it Continues to Evolve




          http://www.flickr.com/photos/16339684@N00/2681435235/
Chef is Infrastructure as Code



        •     Programmatically
              provision and configure
        •     Treat like any other code
              base
        •     Reconstruct business from
              code repository, data
              backup, and bare metal
              resources.


       http://www.flickr.com/photos/louisb/4555295187/
Nodes
  • Chef-Client generates
        configurations directly
        on nodes from their
        run list
  • Reduce management
        complexity through
        abstraction
  • Store the configuration
        of your programs in
        version control

http://www.flickr.com/photos/ssoosay/5126146763/
Collections of Resources

• Networking                                        • Routes
                                                    • Users
• Files                                             • Groups
• Directories                                       • Tasks
• Symlinks                                          • Packages
• Mounts                                            • Software
                                                    • Services
                                                    • Configurations
                                                    • Other Stuff
        http://www.flickr.com/photos/stevekeys/3123167585/
Declarative Interface to Resources




•    Define policy
•    Say what, not how
•    Pull not Push




http://www.flickr.com/photos/bixentro/2591838509/
Ruby!
extra_packages = case node['platform']
  when "ubuntu","debian"
    %w{
      ruby1.8
      ruby1.8-dev
      rdoc1.8
      ri1.8
      libopenssl-ruby
    }
  end
extra_packages.each do |pkg|
  package pkg do
    action :install
  end
end
Recipes and Cookbooks


•   Recipes are collections of
    Resources
•   Cookbooks contain
    recipes, templates, files,
    custom resources, etc
•   Code re-use and
    modularity
•   Hundreds already on
    Community.opscode.com

         http://www.flickr.com/photos/shutterhacks/4474421855/
Search

•   Search for nodes
    with Roles
•   Find configuration
    data

•   IP addresses
•   Hostnames
•   FQDNs




       http://www.flickr.com/photos/kathycsus/2686772625
Pass Results to Templates


pool_members = search("node","role:webserver”)

template "/etc/haproxy/haproxy.cfg" do
  source "haproxy-app_lb.cfg.erb"
  owner "root"
  group "root"
  mode 0644
  variables :pool_members => pool_members.uniq
  notifies :restart, "service[haproxy]"
end
Pass Results to Templates



# Set up application listeners here.
listen application 0.0.0.0:80
  balance roundrobin
  <% @pool_members.each do |member| -%>
  server <%= member[:hostname] %> <%= member[:ipaddress] %>:> weight 1 maxconn 1 check
  <% end -%>
<% if node["haproxy"]["enable_admin"] -%>
listen admin 0.0.0.0:22002
  mode http
  stats uri /
<% end -%>
So when this

Graphite   Nagios


                             Jboss App


           Memcache

           Postgres Slaves


           Postgres Master
Becomes this

Graphite   Nagios


                             Jboss App


           Memcache

           Postgres Slaves


           Postgres Master
Updates can be automatic

Graphite   Nagios


                             Jboss App


           Memcache

           Postgres Slaves


           Postgres Master
Count the resources
                                               •   Load balancer config
              Graphite              Nagios     •   Nagios host ping
                                               •   Nagios host ssh
                             Jboss App         •   Nagios host HTTP
                                               •   Nagios host app health
                             Memcache          •   Graphite CPU
                                               •   Graphite Memory
                             Postgres Slaves   •   Graphite Disk
                                               •   Graphite SNMP
                                               •   Memcache firewall
• 12+ resource changes for 1 node addition     •   Postgres firewall
                                                   Postgres authZ config
Build anything

       • Simple internal applications
       • Complex external applications
       • Workstations
       • Hadoop clusters
       • IaaS infrastructure
       • PaaS infrastructure
       • SaaS applications
       • Storage systems
       • You name it
http://www.flickr.com/photos/hyku/245010680/
And manage it simply
• Automatically
  reconfigure
  everything
• Linux, Windows,
  Unixes, BSDs
• Load balancers
• Metrics collection
  systems
• Monitoring systems
• Cloud migrations
  become trivial
                       http://www.flickr.com/photos/helico/404640681/
The Chef Community



•   Apache License, Version 2.0
•   675+ Individual contributors
•   125+ Corporate contributors
    •   Dell, Rackspace, VMware, DreamHost,
        Joyent, Heroku, RightScale, Deutsche
        Telekom and many more
•   450+ cookbooks
•   http://community.opscode.com
What's Out There?




openstack-cookbooks
   openstack-chef
     Resources
   chef-openstack
      crowbar
Opscode


•   Bexar/Cactus, now deprecated
•   original source for many other efforts
    •   Crowbar
    •   Mercado Libre
    •   HP
•   Apache 2 license
•   http://wiki.opscode.com/display/chef/
    Deploying+OpenStack+with+Chef
•   github.com/mattray/openstack-cookbooks
TryStack



•   TryStack.org, NTT & others
•   Smokestack testing
•   Xen & PostgreSQL
•   Apache 2 license
•   #trystack on irc.freenode.org & Facebook
•   github.com/openstack/openstack-chef
Rackspace Cloud Builders



•   Rackspace, DreamHost, Opscode & others
•   KVM & MySQL on Ubuntu 12.04 (others)
•   Apache 2 license
•   #openstack-chef on irc.freenode.net
•   github.com/osops/
    •   monitoring, logging, operations tools
•   github.com/rcbops/chef-cookbooks
Crowbar



•   Datacenter installer from Dell
    •   Extension of the Chef server
    •   "Barclamps" contain cookbooks + more
•   Dell released under the Apache 2 license
•   Dell, enStratus, Opscode & many others
•   Mailing list and Skype
•   github.com/dellcloudedge/crowbar
Deploying OpenStack




•   Chef ties it all together automatically
•   Scaling changes how we deploy
•   Interchangeable components
•   Configurations shared, supported &
    documented
•   Licensing makes it available to everyone
knife openstack
knife openstack



$ knife openstack
Available openstack subcommands: (for details, knife SUB-
COMMAND --help)

** OPENSTACK COMMANDS **
knife openstack flavor list (options)
knife openstack image list (options)
knife openstack server create (options)
knife openstack server delete SERVER [SERVER] (options)
knife openstack server list (options)
knife openstack flavor list




$ knife openstack flavor list
ID Name        Virtual CPUs RAM          Disk
1   m1.tiny    1              512 MB     0 GB
2   m1.small   1              2048 MB    20 GB
3   m1.medium 2               4096 MB    40 GB
4   m1.large   4              8192 MB    80 GB
5   m1.xlarge 8               16384 MB   160 GB
knife openstack image list




$ knife openstack image list
ID Name
13 natty-server-cloudimg-amd64
12 natty-server-cloudimg-amd64-kernel
15 oneiric-server-cloudimg-amd64
14 oneiric-server-cloudimg-amd64-kernel
knife openstack server create




knife openstack server create --node-name ko1 --flavor 1 --image 13 -S trystack
$ ssh -i ~/.ssh/trystack.pem ubuntu@8.21.28.24
The authenticity of host '8.21.28.24 (8.21.28.24)' can't be established.
RSA key fingerprint is 0c:d8:3e:34:d1:de:c4:ee:5f:bc:b5:89:11:0d:73:e0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '8.21.28.24' (RSA) to the list of known hosts.
Welcome to Ubuntu 11.04 (GNU/Linux 2.6.38-13-virtual x86_64)

 * Documentation:   https://help.ubuntu.com/

  System information as of Thu Feb 16 23:43:29 UTC 2012

  System load: 0.08               Processes:           63
  Usage of /:   40.8% of 1.35GB   Users logged in:     0
  Memory usage: 6%                IP address for eth0: 8.21.28.24
  Swap usage:   0%
---------------------------------------------------------------------
<snip>
Get cloud support with Ubuntu Advantage Cloud Guest
  http://www.ubuntu.com/business/services/cloud

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.

ubuntu@ko1:~$
Chef for Infrastructure Portability




•   knife ec2
•   knife rackspace
•   knife hp
•   knife openstack
•   ... and many others
What's Next?


  http://www.flickr.com/photos/felixmorgner/4347750467/
knife-openstack Roadmap




•   http://wiki.opscode.com/display/chef/
    OpenStack+Bootstrap+Fast+Start+Guide
•   Merges & publish on rubygems.org
•   Testing with Essex
•   tickets.opscode.com/browse/
    KNIFE_OPENSTACK
Chef Roadmap




•   Chef 0.10.10
    •   Full Stack installer
    •   Linux, BSDs, OSX, Solaris (Illumos),
        Windows
•   Chef 11
    •   Reporting
    •   Dry Run
OpenStack Cookbooks Roadmap



•   Additional Hypervisors
•   More Databases
•   Operations Support
•   HA Configuration
•   Additional Operating Systems
•   Folsom (Quantum, Melange, etc.)
Opscode's OpenStack Roadmap




•   Collaborate with the Community
•   Reference cookbooks for Essex
•   OpenStack Quick Start tutorial
•   Refresh Deploying OpenStack with Chef
•   Knife OpenStack enhancements
Thanks!


             Matt Ray
       matt@opscode.com
  IRC/Twitter/LP/GitHub: mattray
       www.opscode.com

OpenStack Deployments with Chef

  • 1.
    OpenStack Deployments withChef OpenStack Conference Spring 2012 Matt Ray matt@opscode.com IRC/Twitter/LP/GitHub: mattray www.opscode.com
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
    See Nodes Grow ApplicationServer Application Databases
  • 7.
    See Nodes Grow ApplicationServers Application Databases
  • 8.
    See Nodes Grow LoadBalancer Application Servers Application Databases
  • 9.
    See Nodes Grow LoadBalancers Application Servers Application Databases
  • 10.
    See Nodes Grow LoadBalancers Application Servers Application Database Cache Application Databases
  • 11.
    Tied together withConfig Load Balancers Application Servers Application Database Cache Application Databases
  • 12.
    Infrastructure is aSnowflake Load Balancers Application Servers Application Database Cache Floating IP? Application Databases
  • 13.
    Evolving Complexity Load Balancers ApplicationCache Application Servers NoSQL Database Cache Database Slaves Database
  • 14.
  • 15.
    And it Continuesto Evolve http://www.flickr.com/photos/16339684@N00/2681435235/
  • 16.
    Chef is Infrastructureas Code • Programmatically provision and configure • Treat like any other code base • Reconstruct business from code repository, data backup, and bare metal resources. http://www.flickr.com/photos/louisb/4555295187/
  • 17.
    Nodes •Chef-Client generates configurations directly on nodes from their run list • Reduce management complexity through abstraction • Store the configuration of your programs in version control http://www.flickr.com/photos/ssoosay/5126146763/
  • 18.
    Collections of Resources •Networking • Routes • Users • Files • Groups • Directories • Tasks • Symlinks • Packages • Mounts • Software • Services • Configurations • Other Stuff http://www.flickr.com/photos/stevekeys/3123167585/
  • 19.
    Declarative Interface toResources • Define policy • Say what, not how • Pull not Push http://www.flickr.com/photos/bixentro/2591838509/
  • 20.
    Ruby! extra_packages = casenode['platform'] when "ubuntu","debian" %w{ ruby1.8 ruby1.8-dev rdoc1.8 ri1.8 libopenssl-ruby } end extra_packages.each do |pkg| package pkg do action :install end end
  • 21.
    Recipes and Cookbooks • Recipes are collections of Resources • Cookbooks contain recipes, templates, files, custom resources, etc • Code re-use and modularity • Hundreds already on Community.opscode.com http://www.flickr.com/photos/shutterhacks/4474421855/
  • 22.
    Search • Search for nodes with Roles • Find configuration data • IP addresses • Hostnames • FQDNs http://www.flickr.com/photos/kathycsus/2686772625
  • 23.
    Pass Results toTemplates pool_members = search("node","role:webserver”) template "/etc/haproxy/haproxy.cfg" do source "haproxy-app_lb.cfg.erb" owner "root" group "root" mode 0644 variables :pool_members => pool_members.uniq notifies :restart, "service[haproxy]" end
  • 24.
    Pass Results toTemplates # Set up application listeners here. listen application 0.0.0.0:80 balance roundrobin <% @pool_members.each do |member| -%> server <%= member[:hostname] %> <%= member[:ipaddress] %>:> weight 1 maxconn 1 check <% end -%> <% if node["haproxy"]["enable_admin"] -%> listen admin 0.0.0.0:22002 mode http stats uri / <% end -%>
  • 25.
    So when this Graphite Nagios Jboss App Memcache Postgres Slaves Postgres Master
  • 26.
    Becomes this Graphite Nagios Jboss App Memcache Postgres Slaves Postgres Master
  • 27.
    Updates can beautomatic Graphite Nagios Jboss App Memcache Postgres Slaves Postgres Master
  • 28.
    Count the resources • Load balancer config Graphite Nagios • Nagios host ping • Nagios host ssh Jboss App • Nagios host HTTP • Nagios host app health Memcache • Graphite CPU • Graphite Memory Postgres Slaves • Graphite Disk • Graphite SNMP • Memcache firewall • 12+ resource changes for 1 node addition • Postgres firewall Postgres authZ config
  • 29.
    Build anything • Simple internal applications • Complex external applications • Workstations • Hadoop clusters • IaaS infrastructure • PaaS infrastructure • SaaS applications • Storage systems • You name it http://www.flickr.com/photos/hyku/245010680/
  • 30.
    And manage itsimply • Automatically reconfigure everything • Linux, Windows, Unixes, BSDs • Load balancers • Metrics collection systems • Monitoring systems • Cloud migrations become trivial http://www.flickr.com/photos/helico/404640681/
  • 31.
    The Chef Community • Apache License, Version 2.0 • 675+ Individual contributors • 125+ Corporate contributors • Dell, Rackspace, VMware, DreamHost, Joyent, Heroku, RightScale, Deutsche Telekom and many more • 450+ cookbooks • http://community.opscode.com
  • 32.
    What's Out There? openstack-cookbooks openstack-chef Resources chef-openstack crowbar
  • 33.
    Opscode • Bexar/Cactus, now deprecated • original source for many other efforts • Crowbar • Mercado Libre • HP • Apache 2 license • http://wiki.opscode.com/display/chef/ Deploying+OpenStack+with+Chef • github.com/mattray/openstack-cookbooks
  • 34.
    TryStack • TryStack.org, NTT & others • Smokestack testing • Xen & PostgreSQL • Apache 2 license • #trystack on irc.freenode.org & Facebook • github.com/openstack/openstack-chef
  • 35.
    Rackspace Cloud Builders • Rackspace, DreamHost, Opscode & others • KVM & MySQL on Ubuntu 12.04 (others) • Apache 2 license • #openstack-chef on irc.freenode.net • github.com/osops/ • monitoring, logging, operations tools • github.com/rcbops/chef-cookbooks
  • 36.
    Crowbar • Datacenter installer from Dell • Extension of the Chef server • "Barclamps" contain cookbooks + more • Dell released under the Apache 2 license • Dell, enStratus, Opscode & many others • Mailing list and Skype • github.com/dellcloudedge/crowbar
  • 37.
    Deploying OpenStack • Chef ties it all together automatically • Scaling changes how we deploy • Interchangeable components • Configurations shared, supported & documented • Licensing makes it available to everyone
  • 38.
  • 39.
    knife openstack $ knifeopenstack Available openstack subcommands: (for details, knife SUB- COMMAND --help) ** OPENSTACK COMMANDS ** knife openstack flavor list (options) knife openstack image list (options) knife openstack server create (options) knife openstack server delete SERVER [SERVER] (options) knife openstack server list (options)
  • 40.
    knife openstack flavorlist $ knife openstack flavor list ID Name Virtual CPUs RAM Disk 1 m1.tiny 1 512 MB 0 GB 2 m1.small 1 2048 MB 20 GB 3 m1.medium 2 4096 MB 40 GB 4 m1.large 4 8192 MB 80 GB 5 m1.xlarge 8 16384 MB 160 GB
  • 41.
    knife openstack imagelist $ knife openstack image list ID Name 13 natty-server-cloudimg-amd64 12 natty-server-cloudimg-amd64-kernel 15 oneiric-server-cloudimg-amd64 14 oneiric-server-cloudimg-amd64-kernel
  • 42.
    knife openstack servercreate knife openstack server create --node-name ko1 --flavor 1 --image 13 -S trystack
  • 44.
    $ ssh -i~/.ssh/trystack.pem ubuntu@8.21.28.24 The authenticity of host '8.21.28.24 (8.21.28.24)' can't be established. RSA key fingerprint is 0c:d8:3e:34:d1:de:c4:ee:5f:bc:b5:89:11:0d:73:e0. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '8.21.28.24' (RSA) to the list of known hosts. Welcome to Ubuntu 11.04 (GNU/Linux 2.6.38-13-virtual x86_64) * Documentation: https://help.ubuntu.com/ System information as of Thu Feb 16 23:43:29 UTC 2012 System load: 0.08 Processes: 63 Usage of /: 40.8% of 1.35GB Users logged in: 0 Memory usage: 6% IP address for eth0: 8.21.28.24 Swap usage: 0% --------------------------------------------------------------------- <snip> Get cloud support with Ubuntu Advantage Cloud Guest http://www.ubuntu.com/business/services/cloud The programs included with the Ubuntu system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. To run a command as administrator (user "root"), use "sudo <command>". See "man sudo_root" for details. ubuntu@ko1:~$
  • 45.
    Chef for InfrastructurePortability • knife ec2 • knife rackspace • knife hp • knife openstack • ... and many others
  • 46.
    What's Next? http://www.flickr.com/photos/felixmorgner/4347750467/
  • 47.
    knife-openstack Roadmap • http://wiki.opscode.com/display/chef/ OpenStack+Bootstrap+Fast+Start+Guide • Merges & publish on rubygems.org • Testing with Essex • tickets.opscode.com/browse/ KNIFE_OPENSTACK
  • 48.
    Chef Roadmap • Chef 0.10.10 • Full Stack installer • Linux, BSDs, OSX, Solaris (Illumos), Windows • Chef 11 • Reporting • Dry Run
  • 49.
    OpenStack Cookbooks Roadmap • Additional Hypervisors • More Databases • Operations Support • HA Configuration • Additional Operating Systems • Folsom (Quantum, Melange, etc.)
  • 50.
    Opscode's OpenStack Roadmap • Collaborate with the Community • Reference cookbooks for Essex • OpenStack Quick Start tutorial • Refresh Deploying OpenStack with Chef • Knife OpenStack enhancements
  • 51.
    Thanks! Matt Ray matt@opscode.com IRC/Twitter/LP/GitHub: mattray www.opscode.com