Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Deploying OpenStack Using Docker in Production

1.083 Aufrufe

Veröffentlicht am

Video of presentation can be found here: https://www.youtube.com/watch?v=3pc85InNR20

Time Warner Cable has been slowly deploying Dockerized OpenStack services in production since the Juno release. In this talk we'll share our real-world experiences with deploying OpenStack services in production with Docker

Veröffentlicht in: Technologie
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

Deploying OpenStack Using Docker in Production

  1. 1. Deploying OpenStack Using Docker in Production
  2. 2. Overview • The Pain of Operating Openstack • Possible Solutions • Why Docker Works • Why Docker Doesn’t Work • Docker @ TWC • Lessons Learned
  3. 3. • Docker in production in July 2015 • First service was Designate • Added Heat, Nova and Keystone • Nova using Ceph and Solidfire Backends • Neutron in progress • Glance and Cinder later this year • Using Docker 1.10 and Docker Registry V2 Docker & OpenStack @ TWC
  4. 4. • Started with packages for deployments • Don’t like big-bang upgrades • Want to be able to carry local patches • Want to run mixed versions of services • Smaller upgrades, more often How Did We End Up Here?
  5. 5. Why Not Packages? • Built packages for Keystone • Worked for local patches • Worked for updating stable branches • Doesn’t work for mixed releases • Limited by distro python packaging • Packaging workflow is a pain • Packages slow down your workflow • Package may not exist yet
  6. 6. Why Not Python Virtual Envs? • Deployed Designate with Virtual Envs • Mirrored Python packages internally • Built Virtual Envs on servers • Was slow to deploy • Still have to install/manage non-Python deps
  7. 7. Why Docker?
  8. 8. Everyone Else Is Doing It?
  9. 9. • Reproducible builds • Easy to distribute artifacts • Contains all dependencies • Easy to install multiple versions of an image Why Docker?
  10. 10. • Restarting docker restarts containers • Intermittent bugginess • Complex services are hard to fit into Docker • Requires new tooling for build/deployment/etc Why Not Docker?
  11. 11. Docker @ TWC: Images • Building base images using debootstrap • Build openstack-dev image based on that –Contains all common deps • Image per OpenStack Service • Per service base requirements.txt and a frozen one • Frozen requirements.txt is used for image builds • Uses upper-constraints.txt for frozen requirements1 1. https://github.com/openstack/requirements/blob/master/upper-constraints.txt
  12. 12. Docker @ TWC: Image Tags • Tag should: –Identify OpenStack service version –Identify tooling version –Be automatically generated –Be unique
  13. 13. Docker @ TWC: Image Tags 5.0.1-9-g0441ca8.16.dd35404 5.0.1-9-g0441ca8 16 dd35404 git-describe for Heat Tooling # commits Tooling commit hash
  14. 14. Docker @ TWC: Image Distribution • Using Docker Registry V2 • Registry using file backend for local storage • Publish to master registry via Jenkins • Replicate to registry mirrors via rsync • Mirrors provide read-only access to images • No dependency on production environment
  15. 15. Docker @ TWC: Deployments • Images installed with puppet-docker • Managed with twc-openstack/os_docker • Worked with Puppet OpenStack project to add hooks for software and service management • The os_docker module uses these to extend OpenStack Puppet modules
  16. 16. Docker Registry Scaling • Docker recommends (almost requires) TLS for registry • We deploy to 20 hypervisors in parallel • 8 vCPU Docker Registry • Supports concurrent 40 pulls * 500mb images • Size your registry for concurrent pulls * image size
  17. 17. Beware Docker Networking • We use --net host for all containers • Many services *require* --net host • Docker always creates bridge and NAT rules • NAT rules aren’t tied to a specific interface • Docker picks unused network range –But can’t see VM IP addresses • Found this out on first Nova Compute deploy
  18. 18. OpenStack Upgrades With Docker • Allows upgrading single services! • Allows staging the upgrade images ahead of time • Not exciting
  19. 19. Why Not Kolla? • At the time didn’t meet our requirements: –Didn’t support plugins, no source build –These things are resolved, or being resolved • Great reference for running OpenStack with Docker • Recommended
  20. 20. Questions? Clayton O’Neill – clayton.oneill@twcable.com – IRC: clayton – Twitter: @clayton_oneill Eric Peterson –eric.peterson1@twcable.com –IRC: ducttape_ –Twitter: @_ducttape