ANSIBLE SERVICE BROKER Deploying multi-container applications on OpenShift Todd Sanders John Matthews OpenShift Commons Briefing May 31, 2017 Open Service Broker API Overview ● API working group formed in September 2016, officially announced December; successor to CF Service Broker API ● API defines an HTTP interface between the services marketplace of a platform and service brokers ● Service Broker is the component of the service that implements the Service Broker API, for which a platform's marketplace is a client ● Service brokers are responsible for advertising a catalog of service offerings and service plans to the marketplace, and acting on requests from the marketplace for: ○ Provisioning, binding, unbinding, and deprovisioning ○ Provisioning reserves a resource (service instance) ○ Binding typically generates credentials necessary for accessing the resource or provides the service instance with information for a configuration change ● Platform marketplace may expose services from one or many service brokers ● Individual service broker may support one or many platform marketplaces using different URL prefixes and credentials ● Backed by numerous industry leaders including Fujitsu, Google, IBM, Pivotal, Red Hat, and SAP 2 ANSIBLE SERVICE BROKER Orchestrating OpenShift Services ● Define, extend, and deliver “simple” to “complex” multi-container OpenShift services ● Standardized approach to using Ansible to manage and provision applications ● Leverage existing investment in Ansible roles/playbooks ● Easy management of applications for “simple” cloud-native apps Ansible Service Broker Ansible Playbook Bundle ● Embraces Service Catalog and Open Service ● Lightweight application definition (meta-container) Broker API concepts ● Simple directory employing: ● Supports: ○ Named playbooks [provision, bind, …] to ○ Traditional S2I deployments perform Open Service Broker actions ○ Provisioning of pre-existing images ○ Metadata containing a list of required / ○ Orchestrating external services optional parameters during deployment ○ Deploying multi-service solutions ○ Embedded Ansible runtime ANSIBLE SERVICE BROKER - Architecture Example Ansible Playbook Bundles: Supports provisioning of Red Hat Container Catalog • ELK, Etherpad, Foreman, Galera and binding to • ManageIQ, MongoDB, PostgreSQL both on-platform • catalog • Foreman, Pulp, Wordpress and off-platform • provision Ansible • External MLAB MongoDB SaaS (public cloud) • deprovision Playbook Bundle • and more... services! • bind • unbind ansible-playbook $method.yaml $vars Ansible Ansible OpenShift Service Service Broker Playbook Bundle Service Consumer oc run $appname $method $vars OpenShift Mall / Service Catalog Service Broker Service Broker Service Broker ANSIBLE PLAYBOOK BUNDLE (APB) Definition ● Simple directory with named “action” playbooks and metadata. ● Metadata: ○ required/optional parameters ○ dependencies (provision vs bind) ● Leverages existing investment in Ansible Roles / Playbooks. ● Developer Tooling to drive guided approach. ● Easily modified or extended. ANSIBLE PLAYBOOK BUNDLE (APB) A Closer Look Steps to create an APB: 1. Create apb.yml 2. Create Ansible Playbooks 3. apb prepare a. Creates Dockerfile with image labels 4. Build container ANSIBLE PLAYBOOK BUNDLE (APB) abp.yaml name: helloworld-apb image: myorg/helloworld-apb abp.yml parameters: playbooks - name: namespace provision.yml type: string default: hello-world-apb deprovision.yml - name: message Dockerfile type: string default: "Hello World" ANSIBLE PLAYBOOK BUNDLE (APB) provision.yml - name: Deploy sampleapp hosts: localhost connection: local abp.yml tasks: playbooks - name: create namespace shell: "oc new-project {{ ns }}" provision.yml deprovision.yml - name: create app dc shell: "oc create -n {{ ns }} -f sampleapp.yml" Dockerfile ANSIBLE PLAYBOOK BUNDLE (APB) deprovision.yml - name: Uninstall sampleapp hosts: localhost connection: local abp.yml tasks: playbooks - name: delete namespace shell: "oc delete project {{ ns }}" provision.yml deprovision.yml Dockerfile ANSIBLE PLAYBOOK BUNDLE (APB) Dockerfile - Ansible runtime for base image FROM ansibleplaybookbundle/apb-base LABEL "com.redhat.apb.version"="0.1.0" LABEL "com.redhat.apb.spec"=”...<base64 encoded apb.yml data >…” abp.yml ADD roles /opt/ansible/roles playbooks ADD playbooks /opt/apb/actions provision.yml RUN useradd -u 1001 -r -g 0 -M -b /opt/apb -s /sbin/nologin -c "apb user" apb deprovision.yml RUN chown -R 1001:0 /opt/{ansible,apb} USER 1001 Dockerfile ANSIBLE PLAYBOOK BUNDLE (APB) Ansible 2.4 will include k8s/openshift modules Playbook - Executes oc commands directly Playbook - Leverages Ansible Modules for K8S/OCP - name: create namespace - openshift_v1_project: shell: "oc new-project {{ ns }}" name: '{{ ns }}' - name: create route - openshift_v1_route: shell: "oc create -n {{ ns }} -f route.yml" name: wordpress namespace: '{{ ns }}' apiVersion: v1 port_target_port: 80 kind: Route spec: port: targetPort: port-80 <snip> https://github.com/openshift/openshift-restclient-python How about a demo? Bind Example Python WebApp + PostgreSQL Download Postgres APB Red Hat Container Catalog postgres-demo-apb Ansible Service Service Broker Consumer OpenShift Mall / Service Catalog Run provision.yaml from postgres-demo-apb Red Hat Container Catalog postgres-demo-apb ansible-playbook $method.yaml $vars Ansible Service Service Broker postgres-demo-apb Consumer oc run $appname $method $vars OpenShift Mall / Service Catalog Postgres is now running Red Hat Container Catalog postgres-demo-apb ansible-playbook $method.yaml $vars Ansible Pod: Service Service Broker postgres-demo-apb Consumer postgres-demo oc run $appname $method $vars OpenShift Mall / Service Catalog Create WebApp Red Hat Container Catalog postgres-demo-apb ansible-playbook $method.yaml $vars Ansible Pod: Service Service Broker postgres-demo-apb Consumer postgres-demo oc run $appname $method $vars OpenShift Mall / Service Catalog S2I Created Python WebApp Bind Postgres to WebApp Red Hat Container Catalog postgres-demo-apb ansible-playbook provision.yaml $vars Ansible POD: Service Service Broker postgres-demo-apb Consumer postgres-demo oc run $appname $method $vars OpenShift Mall / Service Catalog Bind connects the WebApp to the Database S2I Created Python WebApp What is Bind Doing? OpenShift Mall / Service Catalog Ansible Service Broker postgres-demo-apb APB returns credentials of Credentials service to Broker Service Catalog injects credentials into pod S2I Created Pod: Python WebApp postgres-demo Bind WebApp to PostgreSQL Binding connects WebApp to Database through a Secret PostgreSQL APB: https://github.com/fusor/apb-examples/tree/master/postgresql-demo-apb apb.yml - name: create service Dockerfile k8s_v1_service: name: postgresql playbooks namespace: '{{ namespace }}' provision.yaml state: present roles labels: postgresql-demo-apb-openshift app: postgresql-demo-apb defaults service: postgresql main.yml selector: app: postgresql-demo-apb files service: postgresql airports.ddl ports: airports.sql - name: port-5432 tasks port: 5432 protocol: TCP main.yml target_port: 5432 register: postgres_service https://github.com/fusor/apb-examples Ansible Service Broker More Information ● Email: [email protected] ● IRC (Freenode): #asbroker ● Trello: https://trello.com/b/50JhiC5v/ansible-service-broker ● Github: ○ https://github.com/fusor/ansible-service-broker ○ https://github.com/fusor/ansible-playbook-bundle ● Library of example APBs: https://github.com/fusor/apb-examples ○ ManageIQ, Etherpad, Wordpress, ELK Stack ● YouTube Channel: https://www.youtube.com/channel/UC04eOMIMiV06_RSZPb4OOBw ○ Using the Service Catalog to Bind a PostgreSQL APB to a Python Web App ■ https://www.youtube.com/watch?v=xmd52NhEjCk ○ Service Catalog deploying ManageIQ APB on to OpenShift ■ https://www.youtube.com/watch?v=J6rDssVEZuQ ● Docker hub published APBs ○ https://hub.docker.com/u/ansibleplaybookbundle/ 23 Questions? 24.