Slides from Docker Austin Meetup on 2016-08-04 with an overview of OpenStack Magnum, how we use it in Carina on private clouds, an overview of the Container Orchestration Engines Magnum supports, and an overview of how to manage your COEs with Magnum (v1). Includes a link to a video demo.
7. 7
Outline
Container Orchestration Engines
Why different orchestration engines exist for containers, and where they shine.
Magnum
What Magnum is all about.
Managing Container Clusters with Magnum
CLI Usage, and demonstration video
Review
Questions and Answers
11. Cloud operators assume a risk when
selecting a single cloud technology
today… but OpenStack is different.
11
12. Magnum Differentiators
12
Fundamental Design Goal
Docker Swarm, Kubernetes, Mesos
VM or Bare Metal
SSO Experience for Cloud Users
Multi-Tenant Control and Data Planes
Choice of COE
Choice of Server Flavor
Integrated with OpenStack
13. 13
Outline
Container Orchestration Engines
Why different orchestration engines exist for containers, and where they shine.
Magnum
What Magnum is all about.
Managing Container Clusters with Magnum
CLI Usage, and demonstration video
Review
Questions and Answers
17. 17
Outline
Container Orchestration Engines
Why different orchestration engines exist for containers, and where they shine.
Magnum
What Magnum is all about.
Managing Container Clusters with Magnum
CLI Usage, and demonstration video
Review
Questions and Answers
19. What is Magnum?
• Magnum is an OpenStack API that allows the use of your keystone credentials.
• Magnum is designed from the ground-up to be multi-tenant in both the cloud’s data
plane and control plane.
• Magnum allows for different container cluster types to be simultaneously run side-
by-side in the same cloud account, by the same tenant.
• Clusters are isolated from each other using groups of nova instances.
• When you want to upgrade your container runtime, you simply create a new cluster.
HOW IS THIS DIFFERENT THAN JUST RUNNING KUBERNETES OR DOCKER SWARM?
An OpenStack API Service that allows creation of container clusters
19
21. Terminology (2/4)
Bay == COE Cluster
A Bay is an API resource in OpenStack Magnum that is composed of nova
instances, neutron networks, security groups, and other resources combined using
a heat stack. This is where your Container Orchestration Engine (COE) runs.
Bays may be scaled up or down by adding or removing nodes from them. Heat
facilitates the setup and scaling of Bays.
21
Bay Bay Bay
COE COE COE
Nova
instance
Nova
instance
Nova
instance
Nova
instance
Nova
instance
Nova
instance
22. Terminology (3/4)
BayModel (ClusterModel)
A BayModel is a template used for creating a Bay resource. It contains information
that is common among all bays that are instantiated from it. Each one has a pre-
defined type (swarm, kubernetes, mesos, etc.).
22
BayModel Bay
Bay
Bay
23. Terminology (4/4)
Native Client
The client distributed with the COE. For example “docker” or “kubectl”. A native
client is not an OpenStack Client. It uses TLS to authenticate with the COE.
23
Bay
COE
Nova
instance
Nova
instance
Nova
instance
Native
Client
TLS
24. What you can do with Magnum
•CRUD on BayModels (baymodel-*)
• Create, Modify, List, Show, Delete.
•CRUD on Bays (bay-*)
• Create, Modify, List, Show, Delete.
•GET TLS CA Cert (ca-show)
•Sign a TLS Cert (ca-sign)
•Service status (service-list)
24
Usage: magnum <subcommand>
<subcommands:>
baymodel-create Create a baymodel.
baymodel-delete Delete specified baymodel.
baymodel-list Print a list of baymodels.
baymodel-show Show details about the given baymodel.
baymodel-update Updates one or more baymodel attributes.
bay-create Create a bay.
bay-delete Delete specified bay.
bay-list Print a list of available bays.
bay-show Show details about the given bay.
bay-update Update information about the given bay.
ca-show Show details about the CA certificate for a bay.
ca-sign Generate the CA certificate for a bay.
service-list Print a list of magnum services.
help Display help about this program or one of its
subcommands.
25. What you can NOT do with Magnum
•Any actions on containers. Native APIs and tools are used for this.
•Docker Swarm (docker CLI)
•Kubernetes (kubectl CLI)
25
Magnum provisions the cloud resources needed to
run the COE of your choice, and then gets out of your
way, allowing you to use prevailing tools to directly
manage your containers.
33. Creating a BayModel: Kubernetes
$ magnum baymodel-create --name kubernetes
--image-id fedora-atomic-latest
--keypair-id testkey
--external-network-id public
--dns-nameserver 8.8.8.8
--flavor-id m1.small
--docker-volume-size 5
--network-driver flannel
--coe kubernetes
33
34. Creating a Bay: Kubernetes
$ magnum bay-create --name k8s_bay --baymodel kubernetes --node-count 1
34
35. Creating a BayModel: Swarm
$ magnum baymodel-create --name swarm
--image-id fedora-atomic-latest
--keypair-id testkey
--external-network-id public
--dns-nameserver 8.8.8.8
--flavor-id m1.small
--docker-volume-size 5
--network-driver flannel
--coe swarm
35
36. Creating a Bay: Swarm
$ magnum bay-create --name swarm_bay --baymodel swarm --node-count 1
36
37. Scale a Bay: To two nodes
$ magnum bay-update k8s_bay replace node_count=2
37
38. Connect your native docker client
•Place cert files in client directory, and tell client where they are
•Configure client to use a remote host with TLS
•Use api-address value from the Magnum bay resource
38
#!/bin/sh
BAY=${1-swarm_bay}
CERT_DIR='/opt/stack/devstack/.docker'
mkdir -p $CERT_DIR; chmod 700 $CERT_DIR; cd $CERT_DIR
NODE_ADDRESS=$(magnum bay-show $BAY | grep node_address | cut -d "'" -f 2)
/usr/bin/scp -q -oStrictHostKeyChecking=no fedora@${NODE_ADDRESS}:/etc/docker/ca.crt ca.pem
/usr/bin/scp -q -oStrictHostKeyChecking=no fedora@${NODE_ADDRESS}:/etc/docker/server.crt cert.pem
/usr/bin/scp -q -oStrictHostKeyChecking=no fedora@${NODE_ADDRESS}:/etc/docker/server.key key.pem
echo "export DOCKER_HOST=$(magnum bay-show $BAY | grep api_address | cut -d '|' -f 3 | sed -e 's/ https/tcp/')"
echo "export DOCKER_CERT_PATH=$CERT_DIR"
echo "export DOCKER_TLS_VERIFY=1"
39. 39
Outline
Container Orchestration Engines
Why different orchestration engines exist for containers, and where they shine.
Magnum
What Magnum is all about.
Managing Container Clusters with Magnum
CLI Usage, and demonstration video
Review
Questions and Answers
40. Magnum CLI
$ magnum baymodel-list
$ magnum bay-create --name k8s_bay --baymodel kubernetes --node-count 1
$ magnum bay-list
$ magnum bay-update k8s_bay replace node_count=2
$ magnum bay-show k8s_bay
40
41. 41
Summary
Container Orchestration Engines
Why different orchestration engines exist for containers, and where they shine.
Magnum
What Magnum is all about.
Managing Container Clusters with Magnum
CLI Usage, and demonstration video
Review
Questions and Answers
42. Python OpenStack Engineers
C, C++ Linux Systems Engineers
Ruby DevOps Engineers
C#, .NET
Java
Full Stack Developers
Web Developers
JavaScript, CSS, HTML Software Developer in Test
Angular.JS, Ember.js, Node.js Security Engineers
Restful/JSON/XML Data Scientist
Closure, Scala, Erlang
Hadoop, MongoDB, MySQL
Solutions Architects
Software Dev. Managers
Strategic Account Executive
Field Sales Specialist
MS Azure SA, Virtualization & Support
Technical Trainer
We’re Hiring