Image BUILD aS - a - SeRVIce Why it makes sense to build your own - - PowerPoint PPT Presentation

Image BUILD aS-a- SeRVIce

Why it makes sense to build your

• wn cloud images

OpenStack Summit Boston 2017

May 2017 2 Image Factory@Open Telekom Cloud

aBoUt US

SeBaStIan wenneR

• pen teLekom cLoUD aRchItekt

sebastian.wenner@t-systems.com

kURt gaRLoff

• pen teLekom cLoUD aRchItekt

kurt.garloff@t-systems.com

DanIeLa eBeRt

• pen teLekom cLoUD engIneeR

d.ebert@t-systems.com

• Studied physics
• Built up SUSE Labs, where he was leading the development
• f the Linux kernel, the gcc Compiler and X11
• Since 2011, he has mainly been leading engineering and
• perations of OpenStack based cloud environments
• Studied Information Technology
• Since 2000, in various roles covering Linux, virtualisation,
• utsourcing and infrastructure
• After 10 years at IBM, he joined T-Systems in 2012 focussing
• n cloud
• Studied Information Technology
• With T-Systems since 2003
• Spent many years as an AIX Engineer before joining the OTC

team

May 2017 3 Image Factory@Open Telekom Cloud

agenDa

I. Intro II. Reasons

• III. Requirements
• IV. Setup

V. Workflow

• VI. Output
• VII. Outlook
• VIII. Q&A

May 2017 4 Image Factory@Open Telekom Cloud

IntRo

An open technology platform with built-in compliance, ease-of-use, and best pricing for businesses of any size, in any industry

• pen

teLekom cLoUD

• pen teLekom cLoUD

public iaas for european enterprises

maRket anD cUStomeR expectatIonS aRe changIng:

Demand for scalable, dynamic IT resources is growing. Public IaaS is the answer (compute, storage, network, management)

 OpenStack API  No vendor lock-in  Simple to integrate  Great pricing  Moving from capex to opex

for IT infrastructures

 Rapid access  Support/help getting started  Easy to use  Data protection in compliance

with German legislation

 Meeting enterprise needs Image Factory@Open Telekom Cloud 5

• pen

affoRDaBLe SecURe SImpLe

May 2017

• tc at a gLance

 Open Telekom Cloud meets German and European legal requirements

• n data protection/privacy

 Open Telekom Cloud offers 99.95% availability  Open Telekom Cloud is a cloud offered by Deutsche Telekom  Open Telekom Cloud is a public-cloud service based on OpenStack  Open Telekom Cloud is operated by T-Systems in Germany, and its

functionality continues to be enhanced

 For users who need robust data protection/security  For cost-conscious enterprises of all sizes, in all industries  For users looking for simple, secure and affordable cloud services Image Factory@Open Telekom Cloud 6 May 2017

May 2017 7 Image Factory@Open Telekom Cloud

ReaSonS

ReaSonS foR BUILDIng own ImageS

May 2017 Image Factory@Open Telekom Cloud 8

SecURIty

 Hardening of images  Patched images  Transparent process of image

creation

pLatfoRm

 XEN drivers  High-performance drivers  Huawei tools (uvp-monitor)  cloud-init optimization

• Preconfiguration (NTP, update

mirrors etc.)

USeR expeRIence

 Up-to-date images  Uniform images  Standard user for login  Include OpenStack tools

May 2017 9 Image Factory@Open Telekom Cloud

ReqUIRementS

Image ReqUIRementS

Image Factory@Open Telekom Cloud 10 May 2017

SImpLe SecURe

affoRDaBLe

• pen

 Supportable and maintainable  Regular updates  Security hardening  Check authenticity of packages  Small images, fast to build, deploy, discard, and cheap to run  Modern (latest stable community and enterprise Linux distros)  Configuration/Customization via cloud-init & vendor/user-data  Reproducible, template-based  Tested  Continuous integration  License compliancy  Transparent process of image creation  Provide community images to public

May 2017 11 Image Factory@Open Telekom Cloud

SetUp

tooLS

 openSUSE KIWI

I is a Perl-based tool building customized OS images

 Pulls packages from repositories, and installs them in chroot environment  Builds for us: openSUSE, SLES, CentOS, OracleLinux, RHEL  Not supported: Debian-based images  diskimage-builder is a Python-based tool for building customized OS images  Pulls packages from repositories, and installs them in chroot environment  Builds for us: Debian, Fedora  Not supported: SUSE-based images  GIT repository: Holds template files and scripts  Bash scripts to automate the whole workflow  OpenStack tools: Upload and register images  Apache: Publish image files and documentation

Image Factory@Open Telekom Cloud 12 May 2017

Support systems

 Normal tenant in OTC

production environment

 All servers are redundant in

az1 and az2

 Security groups to contol

the traffic

 Jump Hosts: Gateway for all

• utgoing traffic (SNAT)

 NFS server for GIT and

image data

BUILD enVIRonment architecture

Image Factory@Open Telekom Cloud 13

SSH SMT RHUI APT-cacher Object storage Admin

May 2017 NFS Server Jump Host Web Server KIWI Build Host DIB Build Host

Image Factory Tenant

Glance

Internet

HTTPS REST REST

SSh

NFS NFS

User HTTPS

May 2017 14 Image Factory@Open Telekom Cloud

woRkfLow

Image BUILD woRkfLow

Image Factory@Open Telekom Cloud 15 May 2017

 Config files from GIT  Keys  RPMs from repo servers  Calls KIWI or diskimage-builder  Compares config and package list to

previous build

 Collects logfiles  Signs the images  Upload image to tenant OBS  Register as private image  Boot VM  Start testsuite  Save test results  Webserver: qcow2 files  Glance: Script to register image

InpUt exampLe (confIg.xmL)

Image Factory@Open Telekom Cloud 16 May 2017

Image BUILD exampLe 1/2

Image Factory@Open Telekom Cloud 17 May 2017

Call K KIWI Ge Get rep epos Setu tup chro root

Image BUILD exampLe 2/2

Image Factory@Open Telekom Cloud 18 May 2017

Co Convert qco cow2 KIWI WI su succe ccess

UpLoaD & RegISteR

Image Factory@Open Telekom Cloud 19 May 2017

OBSUpload Registe ter

teStSUIte exampLe

Image Factory@Open Telekom Cloud 20 May 2017

SSH SSH ch check cks Reb eboot test Upda date e test

May 2017 21 Image Factory@Open Telekom Cloud

• UtpUt

Image VeRSIonS V1

Image Factory@Open Telekom Cloud 22 May 2017  Latest stable community and enterprise Linux distros , e.g.:  openSUSE 42, SLES 12SP2  CentOS, OEL, RHEL 6.8 + 7.3  Debian 8.7, Fedora 25  Also available, but provided by Canonical:  Ubuntu 14.04 (trusty), Ubuntu 16.04 (xenial)

 Latest stable community (Standard_

prefix) and enterprise (Enterprise_) Linux distros , e.g.:

 openSUSE 42.x, SLES 12SPx  CentOS, OEL, RHEL 7.x  EulerOS 2.x  Debian 8.x, Fedora 25  Also available, but provided by

Canonical (Community_):

 Ubuntu 14.04 (trusty)  Ubuntu 16.04 (xenial)

Image VeRSIonS V2

Image Factory@Open Telekom Cloud 23 May 2017 23 May 17, 2017

pUBLIc Image LISt

Image Factory@Open Telekom Cloud 24 May 2017

https://cons

• nsol
• le.otc.t-sys

ystems.com

• m/

May 2017 25 Image Factory@Open Telekom Cloud

• UtLook

May 2017 26 Image Factory@Open Telekom Cloud

what IS next comIng Soon

Paas aas Im Imag ages Je Jenkins Co CoreOS GPU U based Linux Windows ws Inte tegration Marketp tplace Infrastr tructu ture re imp mpro roveme ments IFaaS aaS

?

qUeStIonS?

May 2017 27 Image Factory@Open Telekom Cloud

May 2017 28 Image Factory@Open Telekom Cloud

LInkS

Image Factory: https://imagefactory.otc.t-systems.com/ Image Factory related blogs: https://cloud.telekom.de/en/blog/open-telekom-cloud-image-factory-introduction/ https://cloud.telekom.de/en/blog/open-telekom-cloud-image-factory-get-in-touch-with-an-open- telekom-image/ https://cloud.telekom.de/en/blog/open-telekom-cloud-available-images-naming-conventions- planned-roadmap/ https://cloud.telekom.de/en/blog/image-factory-image-modifications/ Helpcenter: https://docs.otc.t-systems.com/ims_dld/index.html

May 2017 29 Image Factory@Open Telekom Cloud

thank yoU!