11.7.2017

Deploying Multi-Container Applications with Ansible Broker

Eric Dubé, Senior Principal Product Manager, Red Hat Todd Sanders, Director Software Engineering, Red Hat Agenda

Service Catalog and Brokers Live Demonstration Open Service Broker API and High-level Architecture Walkthrough of Provision/Bind of selected services

Ansible Broker More Information

Ansible Playbook Bundle (APB) Definition Additional information to get you started

What’s New and Future Plans Questions

Roadmap Review What can we answer for you?

2 Service Catalog & Ansible Broker

3 Why Service Brokers?

☑ Open ticket ☑ Wait for allocation ☑ Receive credentials ☑ Add to app ☑ Deploy app SERVICE SERVICE CONSUMER PROVIDER

Manual, Time-consuming, Error-prone, and Inconsistent

4 What is a Service Broker?

SERVICE SERVICE SERVICE SERVICE CONSUMER CATALOG BROKER PROVIDER

Brokers inform Service Catalog of the Service Classes it can provision

Service Consumer only interacts with Service Catalog, the details of the Brokers are largely hidden

Creates a process that is automated, standardized, and most importantly consistent

5 Service Broker Concepts

CONSUMER: user of service deployed by the catalog/broker

SERVICE: an offering that can be used by an app e.g. database

PLAN: a specific flavor of a service e.g. Gold Tier

SERVICE INSTANCE: an instance of the offering SERVICE SERVICE SERVICE SERVICE CONSUMER CATALOG BROKER PROVIDER PROVISION: creating a service instance

BIND: associate a service instance and its credentials to an app

6 Service Catalog Where Services Are Published

● Better experience for service consumers

● Streamlines “getting started” process ○ Task focused ○ Key call outs ○ Unified search ○ Guided workflow ● Provision and manage services from a central interface

● Search option ensures quick access to all services

7 Service Brokers Expose and Provision Services

OpenShift OPENSHIFT OpenShift Template Templates Broker

ANSIBLE Ansible Ansible Playbook Broker Bundles

BETA AWS AMAZON WEB SERVICES Public Service Cloud Broker Services

Other OTHER COMPATIBLE SERVICES Other Service Services Brokers

SERVICE CATALOG SERVICE BROKERS

8 Open Service Broker API Defines an HTTP interface between the services marketplace of a platform and service brokers Background • Working group formed in September 2016; successor to Cloud Foundry Service Broker API • Multi-vendor project to standardize how services are consumed on cloud native platforms across service providers • Service Broker is the component that implements the API, for which a platform's marketplace is a client Methods • Service brokers are responsible for advertising catalog of service offerings and service plans to the marketplace, and acting on requests from the marketplace for:

• Catalog - Return service offerings • Provision - Create service • Deprovision - Delete service • Bind - Obtain credentials/coordinates for service • Unbind - Revoke credentials for service • Update - Change service instance parameters or service plan 9 Ansible Broker - Inspiration and Goals What are we trying to accomplish?

Project Inspiration ● Solution for defining and delivering “simple” to “complex” multi-container applications ● Easy orchestration of services using a simple, lightweight application definition ● Leverage a container image as transport mechanism for delivering application ○ Both application definition and container image can be hosted in the same location

Project Goals ● Ensure technology is simple yet extensible enough to support deploying any application type and combination of applications ○ Must work with both new and pre-existing, canned application container images ● Build extensive application ecosystem deployable through the Kubernetes Service Catalog ● Grow interest, participation, and adoption in the community as one of the prevailing methods for provisioning applications on Kubernetes

10 Ansible Broker Orchestrating Containerized Services

● Define, extend, and deliver “simple” to “complex” multi-container services ● Standardized approach for using Ansible to manage and provision applications ● Leverage existing investment in Ansible roles/playbooks

Ansible Broker Ansible Playbook Bundle ● Implementation of Open Service Broker API ● Lightweight application definition ● Exposes services to Service Catalog (meta-container) ● Provisions services using Ansible ● Simple directory employing: ● Use cases: ○ Named playbooks [provision.yaml, bind.yaml, …] to perform Open Service Broker actions ○ Traditional S2I deployments ○ Metadata containing a list of required / ○ Provisioning of pre-existing images optional parameters during deployment ○ Orchestration of external services ○ Embedded Ansible runtime ○ Deploying multi-service solutions

11 Ansible Broker High Level Architecture

Service Catalog APB services: Supports provisioning Container Image and binding of both on Registry • MediaWiki and off-platform • PostgreSQL (public cloud) Ansible • MariaDB services! Service Playbook Bundle • MySQL, etc. Consumer

Ansible Ansible Broker Provisioned • catalog Playbook Bundle Service • provision • deprovision • bind Service Broker • unbind Service Broker • update Other Service Brokers

12 Ansible Playbook Bundle (APB) Definition Architecture Ansible Playbook Bundle (APB) Description: Definition ● Short-lived, lightweight container image consisting of a simple directory structure with: Minimal Directory of files

○ Named “action” playbooks & deployment role Linux Image provision.yaml

○ Metadata: deprovision.yaml ■ required/optional parameters Ansible bind.yaml ■ service plans Deployment Runtime unbind.yaml ■ Image dependencies (provision vs bind) Role update.yaml ■ specification version ○ Ansible runtime environment test.yaml apb.yaml ● Designed to orchestrate pre-existing containerized application images ● Developer tooling provides simple, guided approach provision.yaml = Install deprovision.yaml = Uninstall to APB creation bind.yaml = Grant ● unbind.yaml = Revoke Easily modified or extended update.yaml = Upgrade test.yaml = Test abp.yaml = Metadata 13 Ansible Broker Advantages Why is it better than other provisioning technologies?

● Capable of orchestrating both on- and off-platform services ○ Not limited to deploying just local services like most provisioning technologies ○ Provision and manage remote services and even those hosted in public clouds ● Highly customizable binding operations between services ● APB packaging makes it easy to distribute since definition can be hosted in same registry as application ● Application provisioning can be tied to the successful startup of dependent services ○ Ensure all dependent services are fully operational before starting your application ■ Example: Check that a database has fully initialized and ready to accept connections prior to provisioning your application ● Support for complex conditional logic enabling better control of deployed services

Anything you can do with Ansible, you can do in an APB!

14 OpenStack Integration Why use Ansible Broker?

● Better control and greater flexibility when deploying services than with other orchestration technologies ○ Able to solve many of the problems plaguing existing solutions today: ■ Dependent service startup synchronization ■ Robust service control using conditional logic ■ Ability to provision and manage services both locally and remote ● Engaged with upstream to build OpenStack PoC orchestrated by Ansible ○ Once playbooks have been created for deploying OpenStack services these can easily be turned into APBs for provisioning with Ansible Broker ● Looking for broader community collaboration to help with the development of OpenStack Service APB’s ○ End goal is to support the deployment of an entire OpenStack environment using APB’s (with all deployed services managed by Kubernetes)

15 Roadmap Review

16 Development Plan & Application Ecosystem OpenShift Origin and Kubernetes

● Primary development is currently being done within OpenShift Origin community ○ ‘CatASB’ project enables anyone to easily stand-up an Origin environment with both Kubernetes Service Catalog and Broker enabled at startup ● Support for pure Kubernetes environments nearly completed ○ Extends broker technology to be used outside of typical PaaS environments ■ Leverage technology to also deploy infrastructure environments ● Looking to grow adoption and build-out application ecosystem ○ Not only in the community but also with commercial ISVs ○ Ever growing list of examples and documentation enables developers to quickly create new APB’s ○ In the process of building community presence / website to streamline navigation of content

17 ReleaseWhat’s new for Service Plans Catalog and Ansible Broker OpenShift Origin 3.6.0 OpenShift Origin 3.7.0

• New Web UI with Kubernetes Service Catalog • Service Broker and Service Catalog hardening • Allows a service consumer to select and manage services • Supports use with ‘production’ workloads via standard operations • Secure connectivity between Service Catalog and Broker • Service Catalog interacts with Brokers through a • Support for multiple service plans standard API • Example: Bronze, Silver, and Gold plans • Open Service Broker API • New APB services • Support for multiple Brokers within Service Catalog instance • Popular services (such as databases) • Includes Template and Ansible Brokers • Commercial third-party ISV applications • Several APB services examples available • Multiple concurrent source adapters • Targeted at deploying example applications to learn • Broker instance can connect to multiple image registries about this new technology • APB “test” directive • Not yet intended for APB creation • Define a functional test for checking deployed service • No tooling included for creating APBs, but can be • Developer tooling included providing guided approach to obtained externally APB creation

18 FutureWhat’s Planned? Directions & Development

• Open Service Broker API ‘update’ operation support • Explore Broker use cases outside of Service Catalog (allows changes to parameters and service plans) • Ansible Galaxy integration • Improved broker service scaling • Support for additional deployment models • MiniShift support (develop on a Mac) • Provision into users own namespace • Provision into our own namespace • Internationalization/Localization • Full remote (not within OpenShift cluster)

• Additional source adapters • Better APB dependency support • Github, AWS ECR • Intelligent requires/provides information in APB • Improved verification/checking of deployed services • Split runtime; separate linux runtime from APB • Injectable custom configuration options within UI orchestration code during provision operation • Async bind/unbind support (requires API changes) • Enhanced support of multiple bindings for services • Add ‘test’ operation support to upstream OSB API

19 Service Provisioning & Binding Demo

20 LiveWalkthrough Demo

Steps: Initial Provisioning + Binding 1. Create new Project 2. Provision Backend of Web Application (PostgreSQL + Python API + Data Seeding) - DogAPI 3. Provision Frontend of Web Application (Django) - Random Image Viewer 4. Bind Frontend to Backend

Steps: External Saas Provider 1. Provision External SaaS API - CatAPI 2. Bind Frontend of Web Application to External SaaS API

Steps: Update Service Instance 1. Update Web Application - Album Title Parameter

21 DemoInternal Backend Application

Origin/Kubernetes Cluster

PostgreSQL Dog API APB “Back-end”

Dog API PODs

Random Image Random Image Viewer Viewer APB (Django) “Front-end”

22 DemoExternal SaaS Backend Application

Origin/Kubernetes Cluster External Cloud Service

PostgreSQL PostgreSQL Dog API APB Cat API APB

Dog API Cat API

New Binding

Random Image Random Image Viewer Viewer APB (Django)

23 More Information

24 Community Applications and Services Building an APB ecosystem

● Central location where community developed APB’s can be contributed ○ Hosted within a single Github organization: ‘ansibleplaybookbundle’ ○ Individual APBs reside in their own repos

● CI for doing sanity checking on all submitted PR’s

● Automated builds and publishing of APB’s to publicly accessible container registry

Continually growing portfolio of applications:

● PostgreSQL, Jenkins, MediaWiki, Wordpress, The Lounge, Hastebin, Etherpad, MariaDB, MySQL, AWS RDS MySQL, Rocket.Chat, Nginx, ManageIQ, … https://github.com/ansibleplaybookbundle

25 Demo Environment How do I install it?

Simple mechanism for quickly spinning up an environment to try out Ansible Broker:

● CatASB Project ○ Only takes ~5 minutes to install ○ Location: https://github.com/fusor/catasb/tree/master/local/linux#testing-downstream-images • Ansible playbooks that use ‘oc cluster up --service-catalog’ • Able to use downstream pre-built images if --rcm flag is passed • Runs locally on Linux, Mac, or provision to Amazon’s EC2 environment

Note: There are some environment differences with how Ansible Broker is installed via ‘catasb’ that is not an exact match to a downstream environment deployed with ‘atomic-openshift-installer’

26 Ansible Broker Project Information

• Public Mailing List: [email protected]

• IRC (Freenode): #asbroker

• Project Links: • https://github.com/openshift/ansible-service-broker#project-related-links

• YouTube Channel: https://www.youtube.com/channel/UC04eOMIMiV06_RSZPb4OOBw • Deploying MediaWiki and PostgreSQL from Image Registry • https://www.youtube.com/watch?v=3fLkcHJBnfc

• Points of Contact: • Product Manager: Eric Dubé [email protected] • Engineering Manager: Todd Sanders [email protected] • Technical Lead: John Matthews [email protected]

27 Thanks. Cheers. Questions? Extra Slides

29 Discover APBs: DogAPI & RandomViewer

Container Registry

DogAPI APB RandomViewer APB

Ansible Broker

Service Catalog

Service Consumer

30 Provision DogAPI: Run ‘provision.yaml’

Container Registry

DogAPI APB RandomViewer APB

Ansible Broker DogAPI APB

oc run $imagename $method $vars ansible-playbook provision.yaml $vars

Service Catalog

Service Consumer

31 Provision DogAPI: Creates PostgreSQL + API

Container Registry

DogAPI APB RandomViewer APB

PostgreSQL

Ansible Broker DogAPI APB

ansible-playbook provision.yaml $vars API

Service Catalog

Service Consumer

32 DogAPI (Backend) is up & APB terminates

Container Registry

DogAPI APB RandomViewer APB

PostgreSQL

Ansible Broker

API

Service Catalog

Service Consumer

33 Provision RandomViewer: Run ‘provision.yaml’

Container Registry

DogAPI APB RandomViewer APB

PostgreSQL

Ansible Broker

API

Service Catalog

RandomViewer APB Service Consumer ansible-playbook provision.yaml $vars

34 Provision RandomViewer: Creates Service

Container Registry

DogAPI APB RandomViewer APB

PostgreSQL

Ansible Broker

API

Service Catalog

RandomViewer Random APB Service Viewer Consumer ansible-playbook provision.yaml $vars

35 RandomViewer (frontend) is up & APB terminates

Container Registry

DogAPI APB RandomViewer APB

PostgreSQL

Ansible Broker

API

Service Catalog

Random Service Viewer Consumer

36 Create Binding: Launch APB, Run bind.yaml

Container Registry

DogAPI APB RandomViewer APB

PostgreSQL

Ansible Broker DogAPI APB

ansible-playbook bind.yaml $vars API

Service Catalog

Binding Random Service Viewer Consumer

37 Secret created by Service Catalog

Container Registry

DogAPI APB RandomViewer APB

PostgreSQL

Ansible Broker

API

Service Catalog

Binding Secret Random Service Viewer Consumer

38 Secret added to Application Deployment Config

Container Registry

DogAPI APB RandomViewer APB

PostgreSQL

Ansible Broker

API

Service Catalog

Binding Secret Random Service Viewer Consumer

39 What is the “bind” operation doing?

Service Catalog

Ansible Broker

Service Consumer Credentials

Service Catalog APB returns makes a Secret DogAPI APB credentials of available for Pod service to broker

Random Viewer PostgreSQL

API 40