11.7.2017
Deploying Multi-Container Applications with Ansible Broker
Eric Dubé, Senior Principal Product Manager, Red Hat Todd Sanders, Director Software Engineering, Red Hat Agenda
Service Catalog and Brokers Live Demonstration Open Service Broker API and High-level Architecture Walkthrough of Provision/Bind of selected services
Ansible Broker More Information
Ansible Playbook Bundle (APB) Definition Additional information to get you started
What’s New and Future Plans Questions
Roadmap Review What can we answer for you?
2 Service Catalog & Ansible Broker
3 Why Service Brokers?
☑ Open ticket ☑ Wait for allocation ☑ Receive credentials ☑ Add to app ☑ Deploy app SERVICE SERVICE CONSUMER PROVIDER
Manual, Time-consuming, Error-prone, and Inconsistent
4 What is a Service Broker?
SERVICE SERVICE SERVICE SERVICE CONSUMER CATALOG BROKER PROVIDER
Brokers inform Service Catalog of the Service Classes it can provision
Service Consumer only interacts with Service Catalog, the details of the Brokers are largely hidden
Creates a process that is automated, standardized, and most importantly consistent
5 Service Broker Concepts
CONSUMER: user of service deployed by the catalog/broker
SERVICE: an offering that can be used by an app e.g. database
PLAN: a specific flavor of a service e.g. Gold Tier
SERVICE INSTANCE: an instance of the offering SERVICE SERVICE SERVICE SERVICE CONSUMER CATALOG BROKER PROVIDER PROVISION: creating a service instance
BIND: associate a service instance and its credentials to an app
6 Service Catalog Where Services Are Published
● Better experience for service consumers
● Streamlines “getting started” process ○ Task focused ○ Key call outs ○ Unified search ○ Guided workflow ● Provision and manage services from a central interface
● Search option ensures quick access to all services
7 Service Brokers Expose and Provision Services
OpenShift OPENSHIFT OpenShift Template Templates Broker
ANSIBLE Ansible Ansible Playbook Broker Bundles
BETA AWS AMAZON WEB SERVICES Public Service Cloud Broker Services
Other OTHER COMPATIBLE SERVICES Other Service Services Brokers
SERVICE CATALOG SERVICE BROKERS
8 Open Service Broker API Defines an HTTP interface between the services marketplace of a platform and service brokers Background • Working group formed in September 2016; successor to Cloud Foundry Service Broker API • Multi-vendor project to standardize how services are consumed on cloud native platforms across service providers • Service Broker is the component that implements the API, for which a platform's marketplace is a client Methods • Service brokers are responsible for advertising catalog of service offerings and service plans to the marketplace, and acting on requests from the marketplace for:
• Catalog - Return service offerings • Provision - Create service • Deprovision - Delete service • Bind - Obtain credentials/coordinates for service • Unbind - Revoke credentials for service • Update - Change service instance parameters or service plan 9 Ansible Broker - Inspiration and Goals What are we trying to accomplish?
Project Inspiration ● Solution for defining and delivering “simple” to “complex” multi-container applications ● Easy orchestration of services using a simple, lightweight application definition ● Leverage a container image as transport mechanism for delivering application ○ Both application definition and container image can be hosted in the same location
Project Goals ● Ensure technology is simple yet extensible enough to support deploying any application type and combination of applications ○ Must work with both new and pre-existing, canned application container images ● Build extensive application ecosystem deployable through the Kubernetes Service Catalog ● Grow interest, participation, and adoption in the community as one of the prevailing methods for provisioning applications on Kubernetes
10 Ansible Broker Orchestrating Containerized Services
● Define, extend, and deliver “simple” to “complex” multi-container services ● Standardized approach for using Ansible to manage and provision applications ● Leverage existing investment in Ansible roles/playbooks
Ansible Broker Ansible Playbook Bundle ● Implementation of Open Service Broker API ● Lightweight application definition ● Exposes services to Service Catalog (meta-container) ● Provisions services using Ansible ● Simple directory employing: ● Use cases: ○ Named playbooks [provision.yaml, bind.yaml, …] to perform Open Service Broker actions ○ Traditional S2I deployments ○ Metadata containing a list of required / ○ Provisioning of pre-existing images optional parameters during deployment ○ Orchestration of external services ○ Embedded Ansible runtime ○ Deploying multi-service solutions
11 Ansible Broker High Level Architecture
Service Catalog APB services: Supports provisioning Container Image and binding of both on Registry • MediaWiki and off-platform • PostgreSQL (public cloud) Ansible • MariaDB services! Service Playbook Bundle • MySQL, etc. Consumer
Ansible Ansible Broker Provisioned • catalog Playbook Bundle Service • provision • deprovision • bind Service Broker • unbind Service Broker • update Other Service Brokers
12 Ansible Playbook Bundle (APB) Definition Architecture Ansible Playbook Bundle (APB) Description: Definition ● Short-lived, lightweight container image consisting of a simple directory structure with: Minimal Directory of files
○ Named “action” playbooks & deployment role Linux Image provision.yaml
○ Metadata: deprovision.yaml ■ required/optional parameters Ansible bind.yaml ■ service plans Deployment Runtime unbind.yaml ■ Image dependencies (provision vs bind) Role update.yaml ■ specification version ○ Ansible runtime environment test.yaml apb.yaml ● Designed to orchestrate pre-existing containerized application images ● Developer tooling provides simple, guided approach provision.yaml = Install deprovision.yaml = Uninstall to APB creation bind.yaml = Grant ● unbind.yaml = Revoke Easily modified or extended update.yaml = Upgrade test.yaml = Test abp.yaml = Metadata 13 Ansible Broker Advantages Why is it better than other provisioning technologies?
● Capable of orchestrating both on- and off-platform services ○ Not limited to deploying just local services like most provisioning technologies ○ Provision and manage remote services and even those hosted in public clouds ● Highly customizable binding operations between services ● APB packaging makes it easy to distribute since definition can be hosted in same registry as application ● Application provisioning can be tied to the successful startup of dependent services ○ Ensure all dependent services are fully operational before starting your application ■ Example: Check that a database has fully initialized and ready to accept connections prior to provisioning your application ● Support for complex conditional logic enabling better control of deployed services
Anything you can do with Ansible, you can do in an APB!
14 OpenStack Integration Why use Ansible Broker?
● Better control and greater flexibility when deploying services than with other orchestration technologies ○ Able to solve many of the problems plaguing existing solutions today: ■ Dependent service startup synchronization ■ Robust service control using conditional logic ■ Ability to provision and manage services both locally and remote ● Engaged with upstream to build OpenStack PoC orchestrated by Ansible ○ Once playbooks have been created for deploying OpenStack services these can easily be turned into APBs for provisioning with Ansible Broker ● Looking for broader community collaboration to help with the development of OpenStack Service APB’s ○ End goal is to support the deployment of an entire OpenStack environment using APB’s (with all deployed services managed by Kubernetes)
15 Roadmap Review
16 Development Plan & Application Ecosystem OpenShift Origin and Kubernetes
● Primary development is currently being done within OpenShift Origin community ○ ‘CatASB’ project enables anyone to easily stand-up an Origin environment with both Kubernetes Service Catalog and Broker enabled at startup ● Support for pure Kubernetes environments nearly completed ○ Extends broker technology to be used outside of typical PaaS environments ■ Leverage technology to also deploy infrastructure environments ● Looking to grow adoption and build-out application ecosystem ○ Not only in the community but also with commercial ISVs ○ Ever growing list of examples and documentation enables developers to quickly create new APB’s ○ In the process of building community presence / website to streamline navigation of content
17 ReleaseWhat’s new for Service Plans Catalog and Ansible Broker OpenShift Origin 3.6.0 OpenShift Origin 3.7.0
• New Web UI with Kubernetes Service Catalog • Service Broker and Service Catalog hardening • Allows a service consumer to select and manage services • Supports use with ‘production’ workloads via standard operations • Secure connectivity between Service Catalog and Broker • Service Catalog interacts with Brokers through a • Support for multiple service plans standard API • Example: Bronze, Silver, and Gold plans • Open Service Broker API • New APB services • Support for multiple Brokers within Service Catalog instance • Popular services (such as databases) • Includes Template and Ansible Brokers • Commercial third-party ISV applications • Several APB services examples available • Multiple concurrent source adapters • Targeted at deploying example applications to learn • Broker instance can connect to multiple image registries about this new technology • APB “test” directive • Not yet intended for APB creation • Define a functional test for checking deployed service • No tooling included for creating APBs, but can be • Developer tooling included providing guided approach to obtained externally APB creation
18 FutureWhat’s Planned? Directions & Development
• Open Service Broker API ‘update’ operation support • Explore Broker use cases outside of Service Catalog (allows changes to parameters and service plans) • Ansible Galaxy integration • Improved broker service scaling • Support for additional deployment models • MiniShift support (develop on a Mac) • Provision into users own namespace • Provision into our own namespace • Internationalization/Localization • Full remote (not within OpenShift cluster)
• Additional source adapters • Better APB dependency support • Github, AWS ECR • Intelligent requires/provides information in APB • Improved verification/checking of deployed services • Split runtime; separate linux runtime from APB • Injectable custom configuration options within UI orchestration code during provision operation • Async bind/unbind support (requires API changes) • Enhanced support of multiple bindings for services • Add ‘test’ operation support to upstream OSB API
19 Service Provisioning & Binding Demo
20 LiveWalkthrough Demo
Steps: Initial Provisioning + Binding 1. Create new Project 2. Provision Backend of Web Application (PostgreSQL + Python API + Data Seeding) - DogAPI 3. Provision Frontend of Web Application (Django) - Random Image Viewer 4. Bind Frontend to Backend
Steps: External Saas Provider 1. Provision External SaaS API - CatAPI 2. Bind Frontend of Web Application to External SaaS API
Steps: Update Service Instance 1. Update Web Application - Album Title Parameter
21 DemoInternal Backend Application
Origin/Kubernetes Cluster
PostgreSQL Dog API APB “Back-end”
Dog API PODs
Random Image Random Image Viewer Viewer APB (Django) “Front-end”
22 DemoExternal SaaS Backend Application
Origin/Kubernetes Cluster External Cloud Service
PostgreSQL PostgreSQL Dog API APB Cat API APB
Dog API Cat API
New Binding
Random Image Random Image Viewer Viewer APB (Django)
23 More Information
24 Community Applications and Services Building an APB ecosystem
● Central location where community developed APB’s can be contributed ○ Hosted within a single Github organization: ‘ansibleplaybookbundle’ ○ Individual APBs reside in their own repos
● CI for doing sanity checking on all submitted PR’s
● Automated builds and publishing of APB’s to publicly accessible container registry
Continually growing portfolio of applications:
● PostgreSQL, Jenkins, MediaWiki, Wordpress, The Lounge, Hastebin, Etherpad, MariaDB, MySQL, AWS RDS MySQL, Rocket.Chat, Nginx, ManageIQ, … https://github.com/ansibleplaybookbundle
25 Demo Environment How do I install it?
Simple mechanism for quickly spinning up an environment to try out Ansible Broker:
● CatASB Project ○ Only takes ~5 minutes to install ○ Location: https://github.com/fusor/catasb/tree/master/local/linux#testing-downstream-images • Ansible playbooks that use ‘oc cluster up --service-catalog’ • Able to use downstream pre-built images if --rcm flag is passed • Runs locally on Linux, Mac, or provision to Amazon’s EC2 environment
Note: There are some environment differences with how Ansible Broker is installed via ‘catasb’ that is not an exact match to a downstream environment deployed with ‘atomic-openshift-installer’
26 Ansible Broker Project Information
• Public Mailing List: [email protected]
• IRC (Freenode): #asbroker
• Project Links: • https://github.com/openshift/ansible-service-broker#project-related-links
• YouTube Channel: https://www.youtube.com/channel/UC04eOMIMiV06_RSZPb4OOBw • Deploying MediaWiki and PostgreSQL from Image Registry • https://www.youtube.com/watch?v=3fLkcHJBnfc
• Points of Contact: • Product Manager: Eric Dubé [email protected] • Engineering Manager: Todd Sanders [email protected] • Technical Lead: John Matthews [email protected]
27 Thanks. Cheers. Questions? Extra Slides
29 Discover APBs: DogAPI & RandomViewer
Container Registry
DogAPI APB RandomViewer APB
Ansible Broker
Service Catalog
Service Consumer
30 Provision DogAPI: Run ‘provision.yaml’
Container Registry
DogAPI APB RandomViewer APB
Ansible Broker DogAPI APB
oc run $imagename $method $vars ansible-playbook provision.yaml $vars
Service Catalog
Service Consumer
31 Provision DogAPI: Creates PostgreSQL + API
Container Registry
DogAPI APB RandomViewer APB
PostgreSQL
Ansible Broker DogAPI APB
ansible-playbook provision.yaml $vars API
Service Catalog
Service Consumer
32 DogAPI (Backend) is up & APB terminates
Container Registry
DogAPI APB RandomViewer APB
PostgreSQL
Ansible Broker
API
Service Catalog
Service Consumer
33 Provision RandomViewer: Run ‘provision.yaml’
Container Registry
DogAPI APB RandomViewer APB
PostgreSQL
Ansible Broker
API
Service Catalog
RandomViewer APB Service Consumer ansible-playbook provision.yaml $vars
34 Provision RandomViewer: Creates Service
Container Registry
DogAPI APB RandomViewer APB
PostgreSQL
Ansible Broker
API
Service Catalog
RandomViewer Random APB Service Viewer Consumer ansible-playbook provision.yaml $vars
35 RandomViewer (frontend) is up & APB terminates
Container Registry
DogAPI APB RandomViewer APB
PostgreSQL
Ansible Broker
API
Service Catalog
Random Service Viewer Consumer
36 Create Binding: Launch APB, Run bind.yaml
Container Registry
DogAPI APB RandomViewer APB
PostgreSQL
Ansible Broker DogAPI APB
ansible-playbook bind.yaml $vars API
Service Catalog
Binding Random Service Viewer Consumer
37 Secret created by Service Catalog
Container Registry
DogAPI APB RandomViewer APB
PostgreSQL
Ansible Broker
API
Service Catalog
Binding Secret Random Service Viewer Consumer
38 Secret added to Application Deployment Config
Container Registry
DogAPI APB RandomViewer APB
PostgreSQL
Ansible Broker
API
Service Catalog
Binding Secret Random Service Viewer Consumer
39 What is the “bind” operation doing?
Service Catalog
Ansible Broker
Service Consumer Credentials
Service Catalog APB returns makes a Secret DogAPI APB credentials of available for Pod service to broker
Random Viewer PostgreSQL
API 40