Immutable Infrastructure

Kuo-tung Kao

簡介任職於 inwinstack過去的迎廣科技雲端應用研發中心OpenStack contributorkjellytw at gmail dot comhttp://www.blackwhite.tw/

大綱Immutable infrastructure 介紹為什麼會有 immutable infrastructure?

immutable infrastructure 是什麼immutable infrastructure 的缺點

OpenStack Kolla 如何實現 Iimmutable infrastructure名詞解釋： OpenStack, Docker, Ansible,

OpenStack KollaOpenStack Kolla 實做

為什麼會有 immutable infrastructure?

減輕 operator 的工作減少無紀錄的環境修改更容易升級 / 降級不容易升級失敗升級失敗也可以快速還原

What’s the Iimmutable Iinfrastructure Don’t modify image manuallyCreate new image when something changes

System Infrastructure is divided into "data" and "other".

"Other" are replaced at every deployment.

"Other" are modifed with version controll.

"Other" include “config”, “program”, “environment”.

Package “other” usingContainerHypervisor

Running Container V1

volume

Running Container V2

volume

Stopped Container V1

Running Container V1

volume

Stopped Container V2

upgrade downgrade

Immutable Infrastructure AdvantageAtomic deployments

Easy to upgradeEasy to downgradeFault recovery

Easy to track change

Immutable Infrastructure DownsideCreate new image when something changes

OpenStackOpen source software for creating private and public clouds.

OpenStack software controls large pools of compute, storage, and networking resources throughout a datacenter, managed through a dashboard or via the OpenStack API.

DockerContainerLlighter, fast than hypervistorBuild envirenment from Dockerfile

Version ControllSupport named volume

Dockerfile Demo

Docker - run containerdocker run -e MYSQL_ROOT_PASSWORD=pass \ -d mysql:5.7.12

AnsibleDeployment toolInterpretYamlJinja2Easy to write your own module in PythonAagentless

Aansible Demo Sscript

Aansible Demo Sscript

OpenStack KollaDeploy OpenStack using Docker and Ansible

Support CephA little downtime when upgradingEasy to upgrade/downgradeRapid Deployment

How to deploy OpenStack using Kollatools/build.py -t binary -b centostox -e genconfigsudo cp -rf etc/kolla /etc#modify /etc/kolla/globals.yamltools/generate_passwords.pytools/kolla-ansible pull #optionaltools/kolla-ansible deploy

Kolla Code Structuredocker:

build imageansible:

generate openstack configrun container

1.Encode the configuration into the build of the container

2.Encode the configuration into environment

3.Create the configuration file that the OpenStack service runs against outside the container

4.Encode the configuration file generated by the deployment tool into a JSON blob which sets the environment or configuration files appropriately.

Kolla Code Structure

Kolla - dockerfile, base

Run the same command in every container

Kolla - docker, base

the file is generated by kolla_set_configs.

Kolla - dockerfile, heat-api

Create database schema when KOLLA_BOOTSTRAP is set

Kolla - ansible, deploy, deploy.yaml

Kolla - ansible, deploy, bootstrap.yaml

Create mysql databae using Ansible

Kolla - ansible, deploy, bootstrap_service.yaml

Set env var, KOLLA_BOOTSTRAP

Kolla - ansible, deploy, start.yaml

Kolla - ansible, deploy, heat-api.json.j2

Kolla - ansible, upgrade, bootstrap_service.yaml

結論Immutable infrastructure 讓佈署更容易容易升級 / 降級當升級失敗時，能夠快速還原Kolla 和其他佈署方法相比，擁有快速佈署、快速升級降級的優點

參考資料https://sdake.io/2015/11/11/the-tldr-on-immutable-infrastructure/

Q&A

Question用 Kolla 佈 OpenStack, 所謂 Downtime 很小是因為在建新的 image, 舊的系統仍正在service, total upgrading 時間仍然一樣還試 ?

Answer在升級時，你可以事先將 image 建置好。等所有 image 都建置好後，再進行升級動作。在還沒執行 Ansible 腳本前，舊的系統依舊正常運作，不會有任何影響升級系統時，安裝套件很花時間。而 kolla 將這時間轉嫁到 build image ，而 build image 不會影響原本系統。這就是 kolla 可以快速升級、快速佈署的原因

Question用 Kolla 佈 OpenStack, 適合用在企業的部屬嗎 ?

Answer目前能做的客製化部分不夠多，所以不一定滿足不同的企業環境需要。不過如果你能夠修改 ansible 腳本，那麼有助於你突破一些限制 ( cinder multi backend 等 )未來 kolla 會支援 kubernetes 。或許可以等到 kolla 支援 kubernetes 在導入企業。 OpenStack 跑在 kubernetes 將會更強大