by Red Hat

1. ANSIBLE SERVICE BROKER
Deploying multi-container applications on OpenShift
Tommy Hughes Vinny Valdez
Scott Collier Kent Hua
AWS Loft Event
July 11, 2017

2. ENTER TO WIN!
1080p 3D GAMING PROJECTOR
Red Hat + AWS is a
winning combination!
You can win by
entering our raffle:
http://red.ht/AWSLoft

3. ● Sandboxed application processes on a
shared Linux OS kernel
● Simpler, lighter, and denser than virtual
machines
● Portable across different environments
● Package my application and all of its
dependencies
● Deploy to any environment in seconds and
enable CI/CD
● Easily access and share containerized
components
Sys-Admins / Ops Developers
It Depends on Who You Ask
What Are Containers?

4. DevOps With Containers Across the Hybrid Cloud?
Source
Repository
CI/CD
Engine
Dev Container
Physical
Virtual
Private cloud
Public cloud

5. Self-Service
Multi-language
Automation
Collaboration
Seamless
Standards-based
Web-scale
Open Source
Enterprise Grade
Secure
Critical features for both Dev and Ops

6. Trusted Container OS
Trusted by Fortune Global
500 companies
Container Runtime & Packaging
(Docker)
Enterprise Container Host
Red Hat Enterprise LinuxAtomic Host

7. Container Runtime & Packaging
(Docker)
Enterprise Container Host
Red Hat Enterprise LinuxAtomic Host
Enterprise Kubernetes
CloudForms
Red Hat Storage
Infrastructure Automation & Mg
Networking Storage Registry
Logs &
Metrics
Security
Container Orchestration & Cluster Management
(kubernetes)

8. 10,000 foot overview

9. Container Runtime & Packaging
(Docker)
Enterprise Container Host
Red Hat Enterprise LinuxAtomic Host
Enterprise Container Platform
Source-2-Image
Application Pipelines
Dev ToolsOpenShift Application Lifecycle Management
(CI/CD)
Build Automation Deployment Automation
Service Catalog
(Language Runtimes, Middleware, Databases)
Self-Service
Infrastructure Automation & Cockpit
Networking Storage Registry
Logs &
Metrics
Security
Container Orchestration & Cluster Management
(kubernetes)

10. JBOSS EAP
JBOSS DATA GRID
JBOSS DATA
VIRTUALIZATION
JBOSS AM-Q
JBOSS BRMS
JBOSS BPM
JBOSS FUSE
RED HAT MOBILE
3 Scale
Container
Business
Automation
Container
Integration
Container
Data &
Storage
Container
Web &
Mobile
Traditional, Stateful, and Microservices-based Apps
OpenShift Application Lifecycle Management
(CI/CD)
Build Automation Deployment Automation
Service Catalog
(Language Runtimes, Middleware, Databases)
Self-Service
Infrastructure Automation & Cockpit
Networking Storage Registry
Logs &
Metrics
Security
Container Orchestration & Cluster Management
(kubernetes)
Container Runtime & Packaging
(Docker)
Enterprise Container Host
Red Hat Enterprise LinuxAtomic Host

11. Commons
Get Involved With Zero Commitment
Where users, partners, customers,
and contributors come together to
collaborate and work together on
OpenShift.
https://commons.openshift.org/
Quickly build, host, and scale
containerized applications in the
public cloud, operated and supported
by Red Hat.
Origin is the upstream community
project that powers OpenShift.
https://www.openshift.com/ https://openshift.org/

12. Ansible Service Broker

13. 13
● API working group formed in September 2016, officially announced December; successor to CF
Service Broker API
● API defines an HTTP interface between the services marketplace of a platform and service brokers
● Service Broker is the component of the service that implements the Service Broker API, for which a
platform's marketplace is a client
● Service brokers are responsible for advertising a catalog of service offerings and service plans to the
marketplace, and acting on requests from the marketplace for:
○ Provisioning, binding, unbinding, and deprovisioning
○ Provisioning reserves a resource (service instance)
○ Binding typically generates credentials necessary for accessing the resource or provides the service
instance with information for a configuration change
● Platform marketplace may expose services from one or many service brokers
● Individual service broker may support one or many platform marketplaces using different URL prefixes
and credentials
● Backed by numerous industry leaders including Fujitsu, Google, IBM, Pivotal, Red Hat, and SAP
Open Service Broker API
Overview

14. ANSIBLE SERVICE BROKER
Orchestrating OpenShift Services
● Define, extend, and deliver “simple” to “complex” multi-container OpenShift services
● Standardized approach to using Ansible to manage and provision applications
● Leverage existing investment in Ansible roles/playbooks
● Easy management of applications for “simple” cloud-native apps
Ansible Service Broker
● Embraces Service Catalog and Open Service
Broker API concepts
● Supports:
○ Traditional S2I deployments
○ Provisioning of pre-existing images
○ Orchestrating external services
○ Deploying multi-service solutions
Ansible Playbook Bundle
● Lightweight application definition (meta-container)
● Simple directory employing:
○ Named playbooks [provision, bind, …] to
perform Open Service Broker actions
○ Metadata containing a list of required /
optional parameters during deployment
○ Embedded Ansible runtime

15. ANSIBLE SERVICE BROKER - Architecture
Service
Consumer
Ansible
Service Broker
Red Hat
Container Catalog
Ansible
Playbook Bundle
Service Broker
Service Broker
Service Broker
Ansible
Playbook Bundle
OpenShift
Service
oc run $appname $method $vars
ansible-playbook $method.yaml $vars
• catalog
• provision
• deprovision
• bind
• unbind
OpenShift Mall /
Service Catalog
Example Ansible Playbook Bundles:
• ELK, Etherpad, Foreman, Galera
• ManageIQ, MongoDB, PostgreSQL
• Foreman, Pulp, Wordpress
• External MLAB MongoDB SaaS
• and more...
Supports
provisioning of
and binding to
both on-platform
and off-platform
(public cloud)
services!

16. ANSIBLE PLAYBOOK BUNDLE (APB)
Definition
● Simple directory with named “action”
playbooks and metadata.
● Metadata:
○ required/optional parameters
○ dependencies (provision vs bind)
● Leverages existing investment in Ansible
Roles / Playbooks.
● Developer Tooling to drive guided approach.
● Easily modified or extended.

17. ANSIBLE PLAYBOOK BUNDLE (APB)
A Closer Look
Steps to create an APB:
1. Create apb.yml
2. Create Ansible Playbooks
3. apb prepare
a. Creates Dockerfile with image labels
4. Build container

18. ANSIBLE PLAYBOOK BUNDLE (APB)
abp.yaml
abp.yml
playbooks
provision.yml
deprovision.yml
Dockerfile
name: helloworld-apb
image: myorg/helloworld-apb
parameters:
- name: namespace
type: string
default: hello-world-apb
- name: message
type: string
default: "Hello World"

19. ANSIBLE PLAYBOOK BUNDLE (APB)
provision.yml
abp.yml
playbooks
provision.yml
deprovision.yml
Dockerfile
- name: Deploy sampleapp
hosts: localhost
connection: local
tasks:
- name: create namespace
shell: "oc new-project {{ ns }}"
- name: create app dc
shell: "oc create -n {{ ns }} -f sampleapp.yml"

20. ANSIBLE PLAYBOOK BUNDLE (APB)
deprovision.yml
abp.yml
playbooks
provision.yml
deprovision.yml
Dockerfile
- name: Uninstall sampleapp
hosts: localhost
connection: local
tasks:
- name: delete namespace
shell: "oc delete project {{ ns }}"

21. ANSIBLE PLAYBOOK BUNDLE (APB)
Dockerfile - Ansible runtime for base image
abp.yml
playbooks
provision.yml
deprovision.yml
Dockerfile
FROM ansibleplaybookbundle/apb-base
LABEL "com.redhat.apb.version"="0.1.0"
LABEL "com.redhat.apb.spec"=”...<base64 encoded apb.yml data >…”
ADD roles /opt/ansible/roles
ADD playbooks /opt/apb/actions
RUN useradd -u 1001 -r -g 0 -M -b /opt/apb -s /sbin/nologin -c "apb user"
apb
RUN chown -R 1001:0 /opt/{ansible,apb}
USER 1001

22. ANSIBLE PLAYBOOK BUNDLE (APB)
Ansible 2.4 will include k8s/openshift modules
- name: create namespace
shell: "oc new-project {{ ns }}"
- name: create route
shell: "oc create -n {{ ns }} -f route.yml"
apiVersion: v1
kind: Route
spec:
port:
targetPort: port-80
<snip>
- openshift_v1_project:
name: '{{ ns }}'
- openshift_v1_route:
name: wordpress
namespace: '{{ ns }}'
port_target_port: 80
Playbook - Executes oc commands directly Playbook - Leverages Ansible Modules for K8S/OCP
https://github.com/openshift/openshift-restclient-python

23. How about a demo?

24. Bind Example
Python WebApp + PostgreSQL

25. Download Postgres APB
Service
Consumer
Ansible
Service Broker
Red Hat
Container Catalog
postgres-demo-apb
OpenShift Mall /
Service Catalog

26. Run provision.yaml from postgres-demo-apb
Service
Consumer
Ansible
Service Broker
Red Hat
Container Catalog
postgres-demo-apb
postgres-demo-apb
oc run $appname $method $vars
ansible-playbook $method.yaml $vars
OpenShift Mall /
Service Catalog

27. Postgres is now running
Service
Consumer
Ansible
Service Broker
Red Hat
Container Catalog
postgres-demo-apb
postgres-demo-apb
oc run $appname $method $vars
ansible-playbook $method.yaml $vars
OpenShift Mall /
Service Catalog
Pod:
postgres-demo

28. Create WebApp
Service
Consumer
Ansible
Service Broker
Red Hat
Container Catalog
postgres-demo-apb
postgres-demo-apb
oc run $appname $method $vars
ansible-playbook $method.yaml $vars
OpenShift Mall /
Service Catalog
Pod:
postgres-demo
S2I Created
Python WebApp

29. Bind Postgres to WebApp
Service
Consumer
Ansible
Service Broker
Red Hat
Container Catalog
postgres-demo-apb
postgres-demo-apb
oc run $appname $method $vars
ansible-playbook provision.yaml $vars
OpenShift Mall /
Service Catalog
POD:
postgres-demo
S2I Created
Python WebApp
Bind connects the
WebApp to the
Database

30. What is Bind Doing?
Ansible
Service Broker
postgres-demo-apb
OpenShift Mall /
Service Catalog
Pod:
postgres-demo
S2I Created
Python WebApp
APB returns
credentials of
service to Broker
Service Catalog
injects credentials
into pod
Credentials

31. Bind WebApp to PostgreSQL
Binding connects
WebApp to
Database through a
Secret

32. PostgreSQL APB: https://github.com/fusor/apb-examples/tree/master/postgresql-demo-apb
apb.yml
Dockerfile
playbooks
provision.yaml
roles
postgresql-demo-apb-openshift
defaults
main.yml
files
airports.ddl
airports.sql
tasks
main.yml
- name: create service
k8s_v1_service:
name: postgresql
namespace: '{{ namespace }}'
state: present
labels:
app: postgresql-demo-apb
service: postgresql
selector:
app: postgresql-demo-apb
service: postgresql
ports:
- name: port-5432
port: 5432
protocol: TCP
target_port: 5432
register: postgres_service

33. https://github.com/fusor/apb-examples

34. 34
Ansible Service Broker
More Information
● Email: ansible-service-broker@redhat.com
● IRC (Freenode): #asbroker
● Trello: https://trello.com/b/50JhiC5v/ansible-service-broker
● Github:
○ https://github.com/fusor/ansible-service-broker
○ https://github.com/fusor/ansible-playbook-bundle
○ https://github.com/fusor/catasb
● Library of example APBs: https://github.com/fusor/apb-examples
○ ManageIQ, Etherpad, Wordpress, ELK Stack
● YouTube Channel: https://www.youtube.com/channel/UC04eOMIMiV06_RSZPb4OOBw
○ Using the Service Catalog to Bind a PostgreSQL APB to a Python Web App
■ https://www.youtube.com/watch?v=xmd52NhEjCk
○ Service Catalog deploying ManageIQ APB on to OpenShift
■ https://www.youtube.com/watch?v=J6rDssVEZuQ
● Docker hub published APBs
○ https://hub.docker.com/u/ansibleplaybookbundle/

35. 35
Questions?

36. ENTER TO WIN!
1080p 3D GAMING PROJECTOR
Red Hat + AWS is a
winning combination!
You can win by
entering our raffle:
http://red.ht/AWSLoft

37. LIKE WHAT YOU SEE TODAY?
QUALIFY FOR OUR P.O.C
We have funded a POC
Program for qualifying
OpenShift customers.
If you’re interested, chat
with us at the end of the
session today!