OpenStack Magnum is an API designed for managing container orchestration engines such as Docker Swarm, Kubernetes, and Mesos within a multi-tenant cloud environment. It allows users to create and manage container clusters efficiently while ensuring resource isolation and scalability. The document provides an overview of Magnum's features, usage instructions, and examples of commands for managing container resources.

1. OPENSTACK MAGNUM
Adrian Otto, Distinguished Architect

2. MORE COMPUTE
CONTAINERS ARE
DISRUPTIVE

3. An easy-to-use and
instant-on
native container
environment.

4. getcarina.com
Free Beta available today.

5. EARLY ACCESS BY INVITATION
Carina on your own Rackspace Private Cloud
5

6. Our Containers Expertise
6

7. 7
Outline
Container Orchestration Engines
Why different orchestration engines exist for containers, and where they shine.
Magnum
What Magnum is all about.
Managing Container Clusters with Magnum
CLI Usage, and demonstration video
Review
Questions and Answers

8. OPENSTACK
SERVICES
KeystoneGlanceNova
NeutronSwiftCinder Designate Ironic
HorizonBarbicanCielometer
SaharaTroveHeat Magnum Marconi Murano
Layer 4: Consumption Services
Layer 3: Optional Enhancements
Layer 2: Extended Infrastructure
Layer 1: Base Compute Infrastructure
Solum

9. BARE METALVM
DOCKER
OPENSTACK
KUBERNETES
MESOS
MAGNUM
DOCKER
API
K8S
API
MAGNUM OVERVIEW

10. OpenStack Magnum’s Top Contributors
10

11. Cloud operators assume a risk when
selecting a single cloud technology
today… but OpenStack is different.
11

12. Magnum Differentiators
12
Fundamental Design Goal
Docker Swarm, Kubernetes, Mesos
VM or Bare Metal
SSO Experience for Cloud Users
Multi-Tenant Control and Data Planes
Choice of COE
Choice of Server Flavor
Integrated with OpenStack

13. 13
Outline
Container Orchestration Engines
Why different orchestration engines exist for containers, and where they shine.
Magnum
What Magnum is all about.
Managing Container Clusters with Magnum
CLI Usage, and demonstration video
Review
Questions and Answers

14. DOCKER SWARM
Swarm Manager
Swarm Node
Docker
Client
Docker
Daemon
Swarm Node
Docker
Daemon
Swarm Node
Docker
Daemon
Swarm
Daemon
Discovery
Service

15. KUBERNETES
Node
Docker
Kubelet Proxy
REST API
AuthScheduler
Node
Docker
Kubelet Proxy
Node
Docker
Kubelet Proxy

16. APACHE MESOS
Mesos Master
Standby
ZK
Standby
ZK
Mesos Slave
Framework A
Executor
Task
Mesos Slave
Framework B
Executor
Task
Leader
ZK

17. 17
Outline
Container Orchestration Engines
Why different orchestration engines exist for containers, and where they shine.
Magnum
What Magnum is all about.
Managing Container Clusters with Magnum
CLI Usage, and demonstration video
Review
Questions and Answers

18. OPENSTACK MAGNUM
MANAGING CLUSTERS
Magnum and Rackspace Private Cloud: OpenStack

19. What is Magnum?
• Magnum is an OpenStack API that allows the use of your keystone credentials.
• Magnum is designed from the ground-up to be multi-tenant in both the cloud’s data
plane and control plane.
• Magnum allows for different container cluster types to be simultaneously run side-
by-side in the same cloud account, by the same tenant.
• Clusters are isolated from each other using groups of nova instances.
• When you want to upgrade your container runtime, you simply create a new cluster.
HOW IS THIS DIFFERENT THAN JUST RUNNING KUBERNETES OR DOCKER SWARM?
An OpenStack API Service that allows creation of container clusters
19

20. Terminology (1/4)
COE
Container Orchestration Engine.
Examples: Docker Swarm, Kubernetes, Apache Mesos.
20

21. Terminology (2/4)
Bay == COE Cluster
A Bay is an API resource in OpenStack Magnum that is composed of nova
instances, neutron networks, security groups, and other resources combined using
a heat stack. This is where your Container Orchestration Engine (COE) runs.
Bays may be scaled up or down by adding or removing nodes from them. Heat
facilitates the setup and scaling of Bays.
21
Bay Bay Bay
COE COE COE
Nova
instance
Nova
instance
Nova
instance
Nova
instance
Nova
instance
Nova
instance

22. Terminology (3/4)
BayModel (ClusterModel)
A BayModel is a template used for creating a Bay resource. It contains information
that is common among all bays that are instantiated from it. Each one has a pre-
defined type (swarm, kubernetes, mesos, etc.).
22
BayModel Bay
Bay
Bay

23. Terminology (4/4)
Native Client
The client distributed with the COE. For example “docker” or “kubectl”. A native
client is not an OpenStack Client. It uses TLS to authenticate with the COE.
23
Bay
COE
Nova
instance
Nova
instance
Nova
instance
Native
Client
TLS

24. What you can do with Magnum
•CRUD on BayModels (baymodel-*)
• Create, Modify, List, Show, Delete.
•CRUD on Bays (bay-*)
• Create, Modify, List, Show, Delete.
•GET TLS CA Cert (ca-show)
•Sign a TLS Cert (ca-sign)
•Service status (service-list)
24
Usage: magnum <subcommand>
<subcommands:>
baymodel-create Create a baymodel.
baymodel-delete Delete specified baymodel.
baymodel-list Print a list of baymodels.
baymodel-show Show details about the given baymodel.
baymodel-update Updates one or more baymodel attributes.
bay-create Create a bay.
bay-delete Delete specified bay.
bay-list Print a list of available bays.
bay-show Show details about the given bay.
bay-update Update information about the given bay.
ca-show Show details about the CA certificate for a bay.
ca-sign Generate the CA certificate for a bay.
service-list Print a list of magnum services.
help Display help about this program or one of its
subcommands.

25. What you can NOT do with Magnum
•Any actions on containers. Native APIs and tools are used for this.
•Docker Swarm (docker CLI)
•Kubernetes (kubectl CLI)
25
Magnum provisions the cloud resources needed to
run the COE of your choice, and then gets out of your
way, allowing you to use prevailing tools to directly
manage your containers.

26. Magnum Resources: BayModels and Bays
26
stack@demo:~$ magnum baymodel-show swarm
+-----------------------+--------------------------------------+
| Property | Value |
+-----------------------+--------------------------------------+
| insecure_registry | None |
| labels | {} |
| updated_at | 2016-08-02T20:47:29+00:00 |
| fixed_subnet | None |
| master_flavor_id | None |
| uuid | 209afb5a-fb3c-4fa2-8732-763cac7ee9e5 |
| no_proxy | None |
| https_proxy | None |
| tls_disabled | False |
| keypair_id | testkey |
| public | False |
| http_proxy | None |
| docker_volume_size | 5 |
| server_type | vm |
| external_network_id | public |
| cluster_distro | fedora-atomic |
| image_id | fedora-atomic-latest |
| volume_driver | None |
| registry_enabled | False |
| docker_storage_driver | devicemapper |
| apiserver_port | None |
| name | swarm |
| created_at | 2016-07-11T22:26:28+00:00 |
| network_driver | docker |
| fixed_network | None |
| coe | swarm |
| flavor_id | m1.small |
| master_lb_enabled | False |
| dns_nameserver | 8.8.8.8 |
+-----------------------+--------------------------------------+
stack@demo:~$ magnum bay-show swarm_bay
+--------------------+------------------------------------------------------------+
| Property | Value |
+--------------------+------------------------------------------------------------+
| status | CREATE_COMPLETE |
| uuid | c9bb18c3-07a3-4e82-a545-a21e2e5ddea7 |
| stack_id | a9c97092-9556-4116-acb7-4fdb803766cd |
| status_reason | Stack CREATE completed successfully |
| created_at | 2016-08-02T20:51:15+00:00 |
| updated_at | 2016-08-02T20:52:43+00:00 |
| bay_create_timeout | 0 |
| api_address | https://172.24.4.14:2376 |
| baymodel_id | 209afb5a-fb3c-4fa2-8732-763cac7ee9e5 |
| master_addresses | ['172.24.4.16'] |
| node_count | 1 |
| node_addresses | ['172.24.4.15'] |
| master_count | 1 |
| discovery_url | https://discovery.etcd.io/ef6ba25bf1715a5200a3c3be4aee401b |
| name | swarm_bay |
+--------------------+------------------------------------------------------------+
Create: 88 seconds
Glance Image
COE Type: swarm

27. Magnum Demo
27
Watch this video for a demo:
https://vimeo.com/177327412

28. Resource Lifecycle
28
CREATE_IN_PROGRESS
CREATE_COMPLETE
UPDATE_IN_PROGRESS
UPDATE_COMPLETE
DELETE_IN_PROGRESS

29. List BayModel Resources
$ magnum baymodel-list
+--------------------------------------+------------+
| uuid | name |
+--------------------------------------+------------+
| 209afb5a-fb3c-4fa2-8732-763cac7ee9e5 | swarm |
| 2e5ce644-2e2f-4182-a144-388b29bcaf29 | kubernetes |
+--------------------------------------+------------+
29

30. Show a BayModel Resource
+-----------------------+--------------------------------------+
| Property | Value |
+-----------------------+--------------------------------------+
| insecure_registry | None |
| labels | {} |
| updated_at | 2016-08-02T20:47:29+00:00 |
| fixed_subnet | None |
| master_flavor_id | None |
| uuid | 209afb5a-fb3c-4fa2-8732-763cac7ee9e5 |
| no_proxy | None |
| https_proxy | None |
| tls_disabled | False |
| keypair_id | testkey |
| public | False |
| http_proxy | None |
| docker_volume_size | 5 |
| server_type | vm |
| external_network_id | public |
| cluster_distro | fedora-atomic |
| image_id | fedora-atomic-latest |
| volume_driver | None |
| registry_enabled | False |
| docker_storage_driver | devicemapper |
| apiserver_port | None |
| name | swarm |
| created_at | 2016-07-11T22:26:28+00:00 |
| network_driver | docker |
| fixed_network | None |
| coe | swarm |
| flavor_id | m1.small |
| master_lb_enabled | False |
| dns_nameserver | 8.8.8.8 |
+-----------------------+--------------------------------------+
30
$ magnum baymodel-show swarm

31. List Bay Resources
$ magnum bay-list
+--------------------------------------+-----------+------------+--------------+-----------------+
| uuid | name | node_count | master_count | status |
+--------------------------------------+-----------+------------+--------------+-----------------+
| fdc9e295-3c06-4a39-a26e-21bc32ae53e3 | k8s_bay | 2 | 1 | UPDATE_COMPLETE |
| 56f3a0b1-565d-4766-a3ca-978e6684b6f5 | swarm_bay | 1 | 1 | CREATE_COMPLETE |
+--------------------------------------+-----------+------------+--------------+-----------------+
31

32. Show a Bay Resource
32
$ magnum bay-show swarm_bay
+--------------------+------------------------------------------------------------+
| Property | Value |
+--------------------+------------------------------------------------------------+
| status | UPDATE_COMPLETE |
| uuid | fdc9e295-3c06-4a39-a26e-21bc32ae53e3 |
| stack_id | b4a47913-b7dc-46a9-86cc-3060910d989e |
| status_reason | Stack UPDATE completed successfully |
| created_at | 2016-08-03T00:14:33+00:00 |
| updated_at | 2016-08-03T00:18:42+00:00 |
| bay_create_timeout | 0 |
| api_address | https://172.24.4.45:6443 |
| baymodel_id | 2e5ce644-2e2f-4182-a144-388b29bcaf29 |
| master_addresses | ['172.24.4.45'] |
| node_count | 2 |
| node_addresses | ['172.24.4.50', '172.24.4.51'] |
| master_count | 1 |
| discovery_url | https://discovery.etcd.io/2bb31d8950ab6081de0c006151a148a2 |
| name | k8s_bay |
+--------------------+------------------------------------------------------------+

33. Creating a BayModel: Kubernetes
$ magnum baymodel-create --name kubernetes
--image-id fedora-atomic-latest
--keypair-id testkey
--external-network-id public
--dns-nameserver 8.8.8.8
--flavor-id m1.small
--docker-volume-size 5
--network-driver flannel
--coe kubernetes
33

34. Creating a Bay: Kubernetes
$ magnum bay-create --name k8s_bay --baymodel kubernetes --node-count 1
34

35. Creating a BayModel: Swarm
$ magnum baymodel-create --name swarm
--image-id fedora-atomic-latest
--keypair-id testkey
--external-network-id public
--dns-nameserver 8.8.8.8
--flavor-id m1.small
--docker-volume-size 5
--network-driver flannel
--coe swarm
35

36. Creating a Bay: Swarm
$ magnum bay-create --name swarm_bay --baymodel swarm --node-count 1
36

37. Scale a Bay: To two nodes
$ magnum bay-update k8s_bay replace node_count=2
37

38. Connect your native docker client
•Place cert files in client directory, and tell client where they are
•Configure client to use a remote host with TLS
•Use api-address value from the Magnum bay resource
38
#!/bin/sh
BAY=${1-swarm_bay}
CERT_DIR='/opt/stack/devstack/.docker'
mkdir -p $CERT_DIR; chmod 700 $CERT_DIR; cd $CERT_DIR
NODE_ADDRESS=$(magnum bay-show $BAY | grep node_address | cut -d "'" -f 2)
/usr/bin/scp -q -oStrictHostKeyChecking=no fedora@${NODE_ADDRESS}:/etc/docker/ca.crt ca.pem
/usr/bin/scp -q -oStrictHostKeyChecking=no fedora@${NODE_ADDRESS}:/etc/docker/server.crt cert.pem
/usr/bin/scp -q -oStrictHostKeyChecking=no fedora@${NODE_ADDRESS}:/etc/docker/server.key key.pem
echo "export DOCKER_HOST=$(magnum bay-show $BAY | grep api_address | cut -d '|' -f 3 | sed -e 's/ https/tcp/')"
echo "export DOCKER_CERT_PATH=$CERT_DIR"
echo "export DOCKER_TLS_VERIFY=1"

39. 39
Outline
Container Orchestration Engines
Why different orchestration engines exist for containers, and where they shine.
Magnum
What Magnum is all about.
Managing Container Clusters with Magnum
CLI Usage, and demonstration video
Review
Questions and Answers

40. Magnum CLI
$ magnum baymodel-list
$ magnum bay-create --name k8s_bay --baymodel kubernetes --node-count 1
$ magnum bay-list
$ magnum bay-update k8s_bay replace node_count=2
$ magnum bay-show k8s_bay
40

41. 41
Summary
Container Orchestration Engines
Why different orchestration engines exist for containers, and where they shine.
Magnum
What Magnum is all about.
Managing Container Clusters with Magnum
CLI Usage, and demonstration video
Review
Questions and Answers

42. Python OpenStack Engineers
C, C++ Linux Systems Engineers
Ruby DevOps Engineers
C#, .NET
Java
Full Stack Developers
Web Developers
JavaScript, CSS, HTML Software Developer in Test
Angular.JS, Ember.js, Node.js Security Engineers
Restful/JSON/XML Data Scientist
Closure, Scala, Erlang
Hadoop, MongoDB, MySQL
Solutions Architects
Software Dev. Managers
Strategic Account Executive
Field Sales Specialist
MS Azure SA, Virtualization & Support
Technical Trainer
We’re Hiring

43. O N E FA N AT I C A L P L AC E | S A N A N TO N I O , T X 7 8 21 8
U S S A L E S : 1 - 8 0 0 - 9 61 - 2 8 8 8 | U S S U P P O R T: 1 - 8 0 0 - 9 61 - 4 4 5 4 | W W W. R AC K S PAC E . C O M | W W W. G E T C A R I N A . C O M
© RACKSPACE LTD. | RACKSPACE® AND FANATICAL SUPPORT® ARE SERVICE MARKS OF RACKSPACE US, INC. REGISTERED IN THE UNITED STATES AND OTHER COUNTRIES. | WWW.RACKSPACE.COM
Thank you