Deploying Multi-Container Applications with Ansible Broker Eric - - PowerPoint PPT Presentation

Deploying Multi-Container Applications with Ansible Broker

11.7.2017

Eric Dubé, Senior Principal Product Manager, Red Hat Todd Sanders, Director Software Engineering, Red Hat

Service Catalog and Brokers

Open Service Broker API and High-level Architecture

Ansible Broker

Ansible Playbook Bundle (APB) Definition

What’s New and Future Plans

Roadmap Review

Live Demonstration

Walkthrough of Provision/Bind of selected services

More Information

Additional information to get you started

Questions

What can we answer for you?

Agenda

2

Service Catalog & Ansible Broker

3

Why Service Brokers?

SERVICE CONSUMER SERVICE PROVIDER

☑ Open ticket ☑ Wait for allocation ☑ Receive credentials ☑ Add to app ☑ Deploy app

Manual, Time-consuming, Error-prone, and Inconsistent

4

SERVICE CONSUMER SERVICE PROVIDER SERVICE CATALOG SERVICE BROKER Brokers inform Service Catalog of the Service Classes it can provision Service Consumer only interacts with Service Catalog, the details of the Brokers are largely hidden Creates a process that is automated, standardized, and most importantly consistent

What is a Service Broker?

5

Service Broker Concepts

CONSUMER: user of service deployed by the catalog/broker SERVICE: an offering that can be used by an app e.g. database PLAN: a specific flavor of a service e.g. Gold Tier SERVICE INSTANCE: an instance of the offering PROVISION: creating a service instance BIND: associate a service instance and its credentials to an app

SERVICE CONSUMER SERVICE PROVIDER SERVICE CATALOG SERVICE BROKER

6

Service Catalog

Where Services Are Published

• Better experience for service

consumers

• Streamlines “getting started”

process ○ Task focused ○ Key call outs ○ Unified search ○ Guided workflow

• Provision and manage services

from a central interface

• Search option ensures quick access

to all services

7

Service Brokers

Expose and Provision Services

8

SERVICE CATALOG

Ansible Broker OpenShift Template Broker AWS Service Broker Other Service Brokers

ANSIBLE OPENSHIFT AMAZON WEB SERVICES

OTHER COMPATIBLE SERVICES

Ansible Playbook Bundles OpenShift Templates Public Cloud Services Other Services

SERVICE BROKERS

B E T A

Open Service Broker API

Defines an HTTP interface between the services marketplace of a platform and service brokers

9

Background

• Working group formed in September 2016; successor to Cloud Foundry Service Broker API
• Multi-vendor project to standardize how services are consumed on cloud native platforms across

service providers

• Service Broker is the component that implements the API, for which a platform's marketplace is a

client

Methods

• Service brokers are responsible for advertising catalog of service offerings and service plans to the

marketplace, and acting on requests from the marketplace for:

• Catalog
• Return service offerings
• Provision
• Create service
• Deprovision
• Delete service
• Bind
• Obtain credentials/coordinates for service
• Unbind
• Revoke credentials for service
• Update
• Change service instance parameters or service plan

Ansible Broker - Inspiration and Goals

What are we trying to accomplish?

10

Project Inspiration

• Solution for defining and delivering “simple” to “complex” multi-container applications
• Easy orchestration of services using a simple, lightweight application definition
• Leverage a container image as transport mechanism for delivering application

○ Both application definition and container image can be hosted in the same location

Project Goals

• Ensure technology is simple yet extensible enough to support deploying any application type

and combination of applications ○

Must work with both new and pre-existing, canned application container images

• Build extensive application ecosystem deployable through the Kubernetes Service Catalog
• Grow interest, participation, and adoption in the community as one of the prevailing methods

for provisioning applications on Kubernetes

Ansible Broker

Orchestrating Containerized Services

Ansible Broker Ansible Playbook Bundle

• Lightweight application definition

(meta-container)

• Simple directory employing:

○ Named playbooks [provision.yaml, bind.yaml, …] to perform Open Service Broker actions ○ Metadata containing a list of required /

• ptional parameters during deployment

○ Embedded Ansible runtime

• Implementation of Open Service Broker API
• Exposes services to Service Catalog
• Provisions services using Ansible
• Use cases:

○ Traditional S2I deployments ○ Provisioning of pre-existing images ○ Orchestration of external services ○ Deploying multi-service solutions

• Define, extend, and deliver “simple” to “complex” multi-container services
• Standardized approach for using Ansible to manage and provision applications
• Leverage existing investment in Ansible roles/playbooks

11

Ansible Broker

High Level Architecture

Provisioned Service

Ansible Playbook Bundle

Service Consumer

Ansible Broker

Container Image Registry

Service Broker Service Broker

Other Service Brokers Ansible Playbook Bundle

• catalog
• provision
• deprovision
• bind
• unbind
• update

Service Catalog APB services:

• MediaWiki
• PostgreSQL
• MariaDB
• MySQL, etc.

Supports provisioning and binding of both on and off-platform (public cloud) services!

12

Ansible Playbook Bundle (APB)

Definition Architecture

Description:

• Short-lived, lightweight container image consisting
• f a simple directory structure with:

○ Named “action” playbooks & deployment role ○ Metadata:

■ required/optional parameters ■ service plans ■ Image dependencies (provision vs bind) ■ specification version

○ Ansible runtime environment

• Designed to orchestrate pre-existing containerized

application images

• Developer tooling provides simple, guided approach

to APB creation

• Easily modified or extended

Ansible Runtime Directory of files

Ansible Playbook Bundle (APB) Definition

provision.yaml deprovision.yaml bind.yaml unbind.yaml update.yaml

Deployment Role provision.yaml = Install deprovision.yaml = Uninstall bind.yaml = Grant unbind.yaml = Revoke update.yaml = Upgrade test.yaml = Test abp.yaml = Metadata Minimal Linux Image

apb.yaml test.yaml

13

Ansible Broker Advantages

Why is it better than other provisioning technologies?

• Capable of orchestrating both on- and off-platform services

○ Not limited to deploying just local services like most provisioning technologies ○ Provision and manage remote services and even those hosted in public clouds

• Highly customizable binding operations between services
• APB packaging makes it easy to distribute since definition can be hosted in same

registry as application

• Application provisioning can be tied to the successful startup of dependent services

○ Ensure all dependent services are fully operational before starting your application

■ Example: Check that a database has fully initialized and ready to accept connections prior to provisioning your application

• Support for complex conditional logic enabling better control of deployed services

Anything you can do with Ansible, you can do in an APB!

14

OpenStack Integration

15

Why use Ansible Broker?

• Better control and greater flexibility when deploying services than with
• ther orchestration technologies

○ Able to solve many of the problems plaguing existing solutions today: ■ Dependent service startup synchronization ■ Robust service control using conditional logic ■ Ability to provision and manage services both locally and remote

• Engaged with upstream to build OpenStack PoC orchestrated by Ansible

○ Once playbooks have been created for deploying OpenStack services these can easily be turned into APBs for provisioning with Ansible Broker

• Looking for broader community collaboration to help with the development
• f OpenStack Service APB’s

○ End goal is to support the deployment of an entire OpenStack environment using APB’s (with all deployed services managed by Kubernetes)

Roadmap Review

16

Development Plan & Application Ecosystem

OpenShift Origin and Kubernetes

• Primary development is currently being done within OpenShift Origin community

○ ‘CatASB’ project enables anyone to easily stand-up an Origin environment with both Kubernetes Service Catalog and Broker enabled at startup

• Support for pure Kubernetes environments nearly completed

○ Extends broker technology to be used outside of typical PaaS environments

■ Leverage technology to also deploy infrastructure environments

• Looking to grow adoption and build-out application ecosystem

○ Not only in the community but also with commercial ISVs ○ Ever growing list of examples and documentation enables developers to quickly create new APB’s ○ In the process of building community presence / website to streamline navigation of content

17

OpenShift Origin 3.6.0

• New Web UI with Kubernetes Service Catalog
• Allows a service consumer to select and manage services

via standard operations

• Service Catalog interacts with Brokers through a

standard API

• Open Service Broker API
• Support for multiple Brokers within Service Catalog

instance

• Includes Template and Ansible Brokers
• Several APB services examples available
• Targeted at deploying example applications to learn

about this new technology

• Not yet intended for APB creation
• No tooling included for creating APBs, but can be
• btained externally

OpenShift Origin 3.7.0

• Service Broker and Service Catalog hardening
• Supports use with ‘production’ workloads
• Secure connectivity between Service Catalog and Broker
• Support for multiple service plans
• Example: Bronze, Silver, and Gold plans
• New APB services
• Popular services (such as databases)
• Commercial third-party ISV applications
• Multiple concurrent source adapters
• Broker instance can connect to multiple image registries
• APB “test” directive
• Define a functional test for checking deployed service
• Developer tooling included providing guided approach to

APB creation

Release Plans

What’s new for Service Catalog and Ansible Broker

18

• Open Service Broker API ‘update’ operation support

(allows changes to parameters and service plans)

• Improved broker service scaling
• MiniShift support (develop on a Mac)
• Internationalization/Localization
• Additional source adapters
• Github, AWS ECR
• Improved verification/checking of deployed services
• Injectable custom configuration options within UI

during provision operation

• Enhanced support of multiple bindings for services
• Explore Broker use cases outside of Service Catalog
• Ansible Galaxy integration
• Support for additional deployment models
• Provision into users own namespace
• Provision into our own namespace
• Full remote (not within OpenShift cluster)
• Better APB dependency support
• Intelligent requires/provides information in APB
• Split runtime; separate linux runtime from APB
• rchestration code
• Async bind/unbind support (requires API changes)
• Add ‘test’ operation support to upstream OSB API

Future Directions & Development

What’s Planned?

19

Service Provisioning & Binding Demo

20

21

Live Demo

Walkthrough

Steps: Initial Provisioning + Binding

1. Create new Project 2. Provision Backend of Web Application (PostgreSQL + Python API + Data Seeding) - DogAPI 3. Provision Frontend of Web Application (Django) - Random Image Viewer 4. Bind Frontend to Backend

Steps: External Saas Provider

1. Provision External SaaS API - CatAPI 2. Bind Frontend of Web Application to External SaaS API

Steps: Update Service Instance

1. Update Web Application - Album Title Parameter

Origin/Kubernetes Cluster

22

PODs

Dog API

Random Image Viewer (Django)

PostgreSQL

Demo Application

Internal Backend

Random Image Viewer APB Dog API APB

“Back-end” “Front-end”

Origin/Kubernetes Cluster

23

Dog API

Random Image Viewer (Django)

PostgreSQL

Demo Application

External SaaS Backend

Random Image Viewer APB Dog API APB

External Cloud Service

Cat API PostgreSQL Cat API APB New Binding

More Information

24

Community Applications and Services

Building an APB ecosystem

25

• Central location where community developed APB’s

can be contributed ○

Hosted within a single Github organization: ‘ansibleplaybookbundle’

○

Individual APBs reside in their own repos

• CI for doing sanity checking on all submitted PR’s
• Automated builds and publishing of APB’s to

publicly accessible container registry Continually growing portfolio of applications:

• PostgreSQL, Jenkins, MediaWiki, Wordpress, The Lounge,

Hastebin, Etherpad, MariaDB, MySQL, AWS RDS MySQL, Rocket.Chat, Nginx, ManageIQ, …

https://github.com/ansibleplaybookbundle

Demo Environment

26

Simple mechanism for quickly spinning up an environment to try out Ansible Broker:

• CatASB Project

○

Only takes ~5 minutes to install

○

Location: https://github.com/fusor/catasb/tree/master/local/linux#testing-downstream-images

• Ansible playbooks that use ‘oc cluster up --service-catalog’
• Able to use downstream pre-built images if --rcm flag is passed
• Runs locally on Linux, Mac, or provision to Amazon’s EC2 environment

Note: There are some environment differences with how Ansible Broker is installed via ‘catasb’ that is not an exact match to a downstream environment deployed with ‘atomic-openshift-installer’ How do I install it?

Ansible Broker

27

Project Information

• Public Mailing List: ansible-service-broker@redhat.com
• IRC (Freenode): #asbroker
• Project Links:
• https://github.com/openshift/ansible-service-broker#project-related-links
• YouTube Channel: https://www.youtube.com/channel/UC04eOMIMiV06_RSZPb4OOBw
• Deploying MediaWiki and PostgreSQL from Image Registry
• https://www.youtube.com/watch?v=3fLkcHJBnfc
• Points of Contact:
• Product Manager: Eric Dubé

edube@redhat.com

• Engineering Manager: Todd Sanders

tsanders@redhat.com

• Technical Lead: John Matthews

jmatthews@redhat.com

• Thanks. Cheers.

Questions?

Extra Slides

29

Discover APBs: DogAPI & RandomViewer

30

Ansible Broker

Container Registry

DogAPI APB RandomViewer APB

Service Consumer Service Catalog

Provision DogAPI: Run ‘provision.yaml’

31

Ansible Broker

Container Registry

DogAPI APB RandomViewer APB

Service Consumer Service Catalog DogAPI APB

ansible-playbook provision.yaml $vars

• c run $imagename $method $vars

Provision DogAPI: Creates PostgreSQL + API

32

Ansible Broker

Container Registry

DogAPI APB RandomViewer APB

Service Consumer Service Catalog

PostgreSQL

DogAPI APB

ansible-playbook provision.yaml $vars

API

DogAPI (Backend) is up & APB terminates

33

Ansible Broker

Container Registry Service Consumer Service Catalog

PostgreSQL API

DogAPI APB RandomViewer APB

Provision RandomViewer: Run ‘provision.yaml’

34

Ansible Broker

Container Registry

DogAPI APB RandomViewer APB

Service Consumer Service Catalog

PostgreSQL

RandomViewer APB

API

ansible-playbook provision.yaml $vars

Provision RandomViewer: Creates Service

35

Ansible Broker

Container Registry

DogAPI APB RandomViewer APB

Service Consumer Service Catalog

PostgreSQL

RandomViewer APB

API

ansible-playbook provision.yaml $vars

Random Viewer

RandomViewer (frontend) is up & APB terminates

36

Ansible Broker

Container Registry

DogAPI APB RandomViewer APB

Service Consumer Service Catalog

PostgreSQL API Random Viewer

Create Binding: Launch APB, Run bind.yaml

37

Ansible Broker

Container Registry

DogAPI APB RandomViewer APB

Service Consumer Service Catalog

PostgreSQL API Random Viewer

DogAPI APB

ansible-playbook bind.yaml $vars

Binding

Secret created by Service Catalog

38

Ansible Broker

Container Registry

DogAPI APB RandomViewer APB

Service Consumer Service Catalog

PostgreSQL API Random Viewer Binding Secret

Secret added to Application Deployment Config

39

Ansible Broker

Container Registry

DogAPI APB RandomViewer APB

Service Consumer Service Catalog

PostgreSQL API Random Viewer Binding Secret

What is the “bind” operation doing?

40

Ansible Broker

Service Catalog

Random Viewer Credentials

DogAPI APB

Service Catalog makes a Secret available for Pod APB returns credentials of service to broker

Service Consumer

PostgreSQL API