ANSIBLE SERVICE BROKER Deploying multi-container applications on OpenShift Todd Sanders John Matthews OpenShift Commons Briefing

May 31, 2017 Open Service Broker API Overview

● API working group formed in September 2016, officially announced December; successor to CF Service Broker API ● API defines an HTTP interface between the services marketplace of a platform and service brokers ● Service Broker is the component of the service that implements the Service Broker API, for which a platform's marketplace is a client ● Service brokers are responsible for advertising a catalog of service offerings and service plans to the marketplace, and acting on requests from the marketplace for: ○ Provisioning, binding, unbinding, and deprovisioning ○ Provisioning reserves a resource (service instance) ○ Binding typically generates credentials necessary for accessing the resource or provides the service instance with information for a configuration change ● Platform marketplace may expose services from one or many service brokers ● Individual service broker may support one or many platform marketplaces using different URL prefixes and credentials ● Backed by numerous industry leaders including Fujitsu, Google, IBM, Pivotal, , and SAP

2 SERVICE BROKER Orchestrating OpenShift Services

● Define, extend, and deliver “simple” to “complex” multi-container OpenShift services ● Standardized approach to using Ansible to manage and provision applications ● Leverage existing investment in Ansible roles/playbooks ● Easy management of applications for “simple” cloud-native apps

Ansible Service Broker Ansible Playbook Bundle ● Embraces Service Catalog and Open Service ● Lightweight application definition (meta-container) Broker API concepts ● Simple directory employing: ● Supports: ○ Named playbooks [provision, bind, …] to ○ Traditional S2I deployments perform Open Service Broker actions ○ Provisioning of pre-existing images ○ Metadata containing a list of required / ○ Orchestrating external services optional parameters during deployment ○ Deploying multi-service solutions ○ Embedded Ansible runtime ANSIBLE SERVICE BROKER - Architecture

Example Ansible Playbook Bundles: Supports provisioning of Red Hat Container Catalog • ELK, Etherpad, , Galera and binding to • ManageIQ, MongoDB, PostgreSQL both on-platform • catalog • Foreman, Pulp, Wordpress and off-platform • provision Ansible • External MLAB MongoDB SaaS (public cloud) • deprovision Playbook Bundle • and more... services! • bind • unbind ansible-playbook $method.yaml $vars

Ansible Ansible OpenShift Service Service Broker Playbook Bundle Service Consumer oc run $appname $method $vars

OpenShift Mall / Service Catalog

Service Broker Service Broker Service Broker ANSIBLE PLAYBOOK BUNDLE (APB) Definition

● Simple directory with named “action” playbooks and metadata. ● Metadata: ○ required/optional parameters ○ dependencies (provision vs bind) ● Leverages existing investment in Ansible Roles / Playbooks. ● Developer Tooling to drive guided approach. ● Easily modified or extended. ANSIBLE PLAYBOOK BUNDLE (APB) A Closer Look

Steps to create an APB:

1. Create apb.yml 2. Create Ansible Playbooks 3. apb prepare a. Creates Dockerfile with image labels 4. Build container ANSIBLE PLAYBOOK BUNDLE (APB) abp.yaml name: helloworld-apb image: myorg/helloworld-apb

abp.yml parameters: playbooks - name: namespace

provision.yml type: string default: hello-world-apb deprovision.yml

- name: message Dockerfile type: string default: "Hello World" ANSIBLE PLAYBOOK BUNDLE (APB) provision.yml - name: Deploy sampleapp hosts: localhost connection: local abp.yml tasks: playbooks - name: create namespace shell: "oc new-project {{ ns }}" provision.yml

deprovision.yml - name: create app dc shell: "oc create -n {{ ns }} -f sampleapp.yml" Dockerfile ANSIBLE PLAYBOOK BUNDLE (APB) deprovision.yml - name: Uninstall sampleapp hosts: localhost connection: local abp.yml tasks: playbooks - name: delete namespace shell: "oc delete project {{ ns }}" provision.yml

deprovision.yml

Dockerfile ANSIBLE PLAYBOOK BUNDLE (APB) Dockerfile - Ansible runtime for base image

FROM ansibleplaybookbundle/apb-base

LABEL "com.redhat.apb.version"="0.1.0" LABEL "com.redhat.apb.spec"=”...…” abp.yml ADD roles /opt/ansible/roles playbooks ADD playbooks /opt/apb/actions

provision.yml RUN useradd -u 1001 -r -g 0 -M -b /opt/apb -s /sbin/nologin -c "apb user" apb deprovision.yml RUN chown -R 1001:0 /opt/{ansible,apb} USER 1001 Dockerfile ANSIBLE PLAYBOOK BUNDLE (APB) Ansible 2.4 will include k8s/ modules

Playbook - Executes oc commands directly Playbook - Leverages Ansible Modules for K8S/OCP - name: create namespace - openshift_v1_project: shell: "oc new-project {{ ns }}" name: '{{ ns }}'

- name: create route - openshift_v1_route: shell: "oc create -n {{ ns }} -f route.yml" name: wordpress namespace: '{{ ns }}' apiVersion: v1 port_target_port: 80 kind: Route spec: port: targetPort: port-80

https://github.com/openshift/openshift-restclient-python How about a demo? Bind Example Python WebApp + PostgreSQL Download Postgres APB

Red Hat Container Catalog

postgres-demo-apb

Ansible Service Service Broker Consumer

OpenShift Mall / Service Catalog Run provision.yaml from postgres-demo-apb

Red Hat Container Catalog

postgres-demo-apb

ansible-playbook $method.yaml $vars

Ansible Service Service Broker postgres-demo-apb Consumer oc run $appname $method $vars

OpenShift Mall / Service Catalog Postgres is now running

Red Hat Container Catalog

postgres-demo-apb

ansible-playbook $method.yaml $vars

Ansible Pod: Service Service Broker postgres-demo-apb Consumer postgres-demo oc run $appname $method $vars

OpenShift Mall / Service Catalog Create WebApp

Red Hat Container Catalog

postgres-demo-apb

ansible-playbook $method.yaml $vars

Ansible Pod: Service Service Broker postgres-demo-apb Consumer postgres-demo oc run $appname $method $vars

OpenShift Mall / Service Catalog

S2I Created Python WebApp Bind Postgres to WebApp

Red Hat Container Catalog

postgres-demo-apb

ansible-playbook provision.yaml $vars

Ansible POD: Service Service Broker postgres-demo-apb Consumer postgres-demo oc run $appname $method $vars

OpenShift Mall / Service Catalog Bind connects the WebApp to the Database S2I Created Python WebApp What is Bind Doing? OpenShift Mall / Service Catalog Ansible Service Broker postgres-demo-apb

APB returns credentials of Credentials service to Broker Service Catalog injects credentials into pod

S2I Created Pod: Python WebApp postgres-demo Bind WebApp to PostgreSQL

Binding connects WebApp to Database through a Secret PostgreSQL APB: https://github.com/fusor/apb-examples/tree/master/postgresql-demo-apb

apb.yml - name: create service Dockerfile k8s_v1_service: name: playbooks namespace: '{{ namespace }}' provision.yaml state: present roles labels: postgresql-demo-apb-openshift app: postgresql-demo-apb defaults service: postgresql main.yml selector: app: postgresql-demo-apb files service: postgresql airports.ddl ports: airports.sql - name: port-5432 tasks port: 5432 protocol: TCP main.yml target_port: 5432 register: postgres_service https://github.com/fusor/apb-examples Ansible Service Broker More Information ● Email: [email protected] ● IRC (Freenode): #asbroker ● Trello: https://trello.com/b/50JhiC5v/ansible-service-broker ● Github: ○ https://github.com/fusor/ansible-service-broker ○ https://github.com/fusor/ansible-playbook-bundle ● Library of example APBs: https://github.com/fusor/apb-examples ○ ManageIQ, Etherpad, Wordpress, ELK Stack ● YouTube Channel: https://www.youtube.com/channel/UC04eOMIMiV06_RSZPb4OOBw ○ Using the Service Catalog to Bind a PostgreSQL APB to a Python Web App ■ https://www.youtube.com/watch?v=xmd52NhEjCk ○ Service Catalog deploying ManageIQ APB on to OpenShift ■ https://www.youtube.com/watch?v=J6rDssVEZuQ ● Docker hub published APBs ○ https://hub.docker.com/u/ansibleplaybookbundle/

23 Questions?

24