Deploying Multi-Container Applicationswith Ansible Broker

11.7.2017

Eric Dubé, Senior Principal Product Manager, Red HatTodd Sanders, Director Software Engineering, Red Hat

Service Catalog and BrokersOpen Service Broker API and High-level Architecture

Ansible BrokerAnsible Playbook Bundle (APB) Definition

What’s New and Future PlansRoadmap Review

Live DemonstrationWalkthrough of Provision/Bind of selected services

More InformationAdditional information to get you started

QuestionsWhat can we answer for you?

Agenda

2

Service Catalog& Ansible Broker

3

Why Service Brokers?

SERVICE CONSUMER

SERVICE PROVIDER

☑ Open ticket☑ Wait for allocation☑ Receive credentials☑ Add to app☑ Deploy app

Manual, Time-consuming, Error-prone, and Inconsistent

4

SERVICE CONSUMER

SERVICE PROVIDER

SERVICE CATALOG

SERVICE BROKER

Brokers inform Service Catalog of the Service Classes it can provision

Service Consumer only interacts with Service Catalog, the details of the Brokers are largely hidden

Creates a process that is automated, standardized, and most importantly consistent

What is a Service Broker?

5

Service Broker Concepts

CONSUMER: user of service deployed by the catalog/broker

SERVICE: an offering that can be used by an app e.g. database

PLAN: a specific flavor of a service e.g. Gold Tier

SERVICE INSTANCE: an instance of the offering

PROVISION: creating a service instance

BIND: associate a service instance and its credentials to an app

SERVICE CONSUMER

SERVICE PROVIDER

SERVICE CATALOG

SERVICE BROKER

6

Service CatalogWhere Services Are Published

● Better experience for service consumers

● Streamlines “getting started” process

○ Task focused○ Key call outs○ Unified search○ Guided workflow

● Provision and manage services from a central interface

● Search option ensures quick access to all services

7

Service BrokersExpose and Provision Services

8

SERVICE CATALOG

AnsibleBroker

OpenShiftTemplateBroker

AWSServiceBroker

OtherServiceBrokers

ANSIBLE

OPENSHIFT

AMAZON WEB SERVICES

OTHER COMPATIBLE SERVICES

Ansible Playbook Bundles

OpenShiftTemplates

PublicCloudServices

OtherServices

SERVICE BROKERS

BETA

Open Service Broker APIDefines an HTTP interface between the services marketplace of a platform and service brokers

9

Background• Working group formed in September 2016; successor to Cloud Foundry Service Broker API• Multi-vendor project to standardize how services are consumed on cloud native platforms across

service providers• Service Broker is the component that implements the API, for which a platform's marketplace is a

client

Methods• Service brokers are responsible for advertising catalog of service offerings and service plans to the

marketplace, and acting on requests from the marketplace for:

• Catalog - Return service offerings• Provision - Create service• Deprovision - Delete service• Bind - Obtain credentials/coordinates for service• Unbind - Revoke credentials for service• Update - Change service instance parameters or service plan

Ansible Broker - Inspiration and GoalsWhat are we trying to accomplish?

10

Project Inspiration● Solution for defining and delivering “simple” to “complex” multi-container applications● Easy orchestration of services using a simple, lightweight application definition● Leverage a container image as transport mechanism for delivering application

○ Both application definition and container image can be hosted in the same location

Project Goals● Ensure technology is simple yet extensible enough to support deploying any application type

and combination of applications○ Must work with both new and pre-existing, canned application container images

● Build extensive application ecosystem deployable through the Kubernetes Service Catalog● Grow interest, participation, and adoption in the community as one of the prevailing methods

for provisioning applications on Kubernetes

Ansible BrokerOrchestrating Containerized Services

Ansible Broker Ansible Playbook Bundle● Lightweight application definition

(meta-container)● Simple directory employing:

○ Named playbooks [provision.yaml, bind.yaml, …] to perform Open Service Broker actions

○ Metadata containing a list of required / optional parameters during deployment

○ Embedded Ansible runtime

● Implementation of Open Service Broker API● Exposes services to Service Catalog● Provisions services using Ansible● Use cases:

○ Traditional S2I deployments○ Provisioning of pre-existing images○ Orchestration of external services○ Deploying multi-service solutions

● Define, extend, and deliver “simple” to “complex” multi-container services● Standardized approach for using Ansible to manage and provision applications● Leverage existing investment in Ansible roles/playbooks

11

Ansible BrokerHigh Level Architecture

ProvisionedService

Ansible Playbook BundleService

Consumer

Ansible Broker

Container ImageRegistry

Service BrokerService BrokerOther Service Brokers

Ansible Playbook Bundle • catalog

• provision • deprovision • bind • unbind • update

Service CatalogAPB services:

• MediaWiki • PostgreSQL • MariaDB • MySQL, etc.

Supports provisioning and binding of both on

and off-platform (public cloud)

services!

12

Ansible Playbook Bundle (APB)Definition Architecture

Description:

● Short-lived, lightweight container image consisting of a simple directory structure with:

○ Named “action” playbooks & deployment role○ Metadata:

■ required/optional parameters ■ service plans■ Image dependencies (provision vs bind)■ specification version

○ Ansible runtime environment● Designed to orchestrate pre-existing containerized

application images● Developer tooling provides simple, guided approach

to APB creation● Easily modified or extended

Ansible Runtime

Directory of files

Ansible Playbook Bundle (APB) Definition

provision.yaml

deprovision.yaml

bind.yaml

unbind.yaml

update.yaml

DeploymentRole

provision.yaml = Installdeprovision.yaml = Uninstallbind.yaml = Grantunbind.yaml = Revokeupdate.yaml = Upgradetest.yaml = Testabp.yaml = Metadata

MinimalLinux Image

apb.yaml

test.yaml

13

Ansible Broker AdvantagesWhy is it better than other provisioning technologies?

● Capable of orchestrating both on- and off-platform services○ Not limited to deploying just local services like most provisioning technologies○ Provision and manage remote services and even those hosted in public clouds

● Highly customizable binding operations between services● APB packaging makes it easy to distribute since definition can be hosted in same

registry as application● Application provisioning can be tied to the successful startup of dependent services

○ Ensure all dependent services are fully operational before starting your application■ Example: Check that a database has fully initialized and ready to accept connections prior to provisioning

your application● Support for complex conditional logic enabling better control of deployed services

Anything you can do with Ansible, you can do in an APB!14

OpenStack Integration

15

Why use Ansible Broker?

● Better control and greater flexibility when deploying services than with other orchestration technologies

○ Able to solve many of the problems plaguing existing solutions today:■ Dependent service startup synchronization■ Robust service control using conditional logic■ Ability to provision and manage services both locally and remote

● Engaged with upstream to build OpenStack PoC orchestrated by Ansible○ Once playbooks have been created for deploying OpenStack services these can easily be

turned into APBs for provisioning with Ansible Broker● Looking for broader community collaboration to help with the development

of OpenStack Service APB’s○ End goal is to support the deployment of an entire OpenStack environment using APB’s

(with all deployed services managed by Kubernetes)

Roadmap Review

16

Development Plan & Application EcosystemOpenShift Origin and Kubernetes

● Primary development is currently being done within OpenShift Origin community○ ‘CatASB’ project enables anyone to easily stand-up an Origin environment with both Kubernetes

Service Catalog and Broker enabled at startup

● Support for pure Kubernetes environments nearly completed○ Extends broker technology to be used outside of typical PaaS environments

■ Leverage technology to also deploy infrastructure environments

● Looking to grow adoption and build-out application ecosystem ○ Not only in the community but also with commercial ISVs○ Ever growing list of examples and documentation enables developers to quickly create new APB’s○ In the process of building community presence / website to streamline navigation of content

17

OpenShift Origin 3.6.0

• New Web UI with Kubernetes Service Catalog• Allows a service consumer to select and manage services

via standard operations• Service Catalog interacts with Brokers through a

standard API• Open Service Broker API

• Support for multiple Brokers within Service Catalog instance

• Includes Template and Ansible Brokers• Several APB services examples available

• Targeted at deploying example applications to learn about this new technology

• Not yet intended for APB creation• No tooling included for creating APBs, but can be

obtained externally

OpenShift Origin 3.7.0

• Service Broker and Service Catalog hardening• Supports use with ‘production’ workloads

• Secure connectivity between Service Catalog and Broker• Support for multiple service plans

• Example: Bronze, Silver, and Gold plans• New APB services

• Popular services (such as databases)• Commercial third-party ISV applications

• Multiple concurrent source adapters• Broker instance can connect to multiple image registries

• APB “test” directive• Define a functional test for checking deployed service

• Developer tooling included providing guided approach to APB creation

Release PlansWhat’s new for Service Catalog and Ansible Broker

18

• Open Service Broker API ‘update’ operation support(allows changes to parameters and service plans)

• Improved broker service scaling

• MiniShift support (develop on a Mac)

• Internationalization/Localization

• Additional source adapters• Github, AWS ECR

• Improved verification/checking of deployed services

• Injectable custom configuration options within UI during provision operation

• Enhanced support of multiple bindings for services

• Explore Broker use cases outside of Service Catalog

• Ansible Galaxy integration

• Support for additional deployment models• Provision into users own namespace• Provision into our own namespace• Full remote (not within OpenShift cluster)

• Better APB dependency support

• Intelligent requires/provides information in APB

• Split runtime; separate linux runtime from APB orchestration code

• Async bind/unbind support (requires API changes)

• Add ‘test’ operation support to upstream OSB API

Future Directions & DevelopmentWhat’s Planned?

19

Service Provisioning & Binding Demo

20

21

Live DemoWalkthrough

Steps: Initial Provisioning + Binding1. Create new Project2. Provision Backend of Web Application (PostgreSQL + Python API + Data Seeding) - DogAPI3. Provision Frontend of Web Application (Django) - Random Image Viewer4. Bind Frontend to Backend

Steps: External Saas Provider1. Provision External SaaS API - CatAPI2. Bind Frontend of Web Application to External SaaS API

Steps: Update Service Instance1. Update Web Application - Album Title Parameter

Origin/Kubernetes Cluster

22

PODsDog API

Random Image Viewer(Django)

PostgreSQL

Demo ApplicationInternal Backend

Random Image Viewer APB

Dog API APB “Back-end”

“Front-end”

Origin/Kubernetes Cluster

23

Dog API

Random Image Viewer(Django)

PostgreSQL

Demo ApplicationExternal SaaS Backend

Random Image Viewer APB

Dog API APB

External Cloud Service

Cat API

PostgreSQLCat API APB

New Binding

More Information

24

Community Applications and ServicesBuilding an APB ecosystem

25

● Central location where community developed APB’s can be contributed

○ Hosted within a single Github organization: ‘ansibleplaybookbundle’

○ Individual APBs reside in their own repos

● CI for doing sanity checking on all submitted PR’s

● Automated builds and publishing of APB’s to publicly accessible container registry

Continually growing portfolio of applications:

● PostgreSQL, Jenkins, MediaWiki, Wordpress, The Lounge, Hastebin, Etherpad, MariaDB, MySQL, AWS RDS MySQL, Rocket.Chat, Nginx, ManageIQ, … https://github.com/ansibleplaybookbundle

Demo Environment

26

Simple mechanism for quickly spinning up an environment to try out Ansible Broker:

● CatASB Project○ Only takes ~5 minutes to install○ Location: https://github.com/fusor/catasb/tree/master/local/linux#testing-downstream-images

• Ansible playbooks that use ‘oc cluster up --service-catalog’• Able to use downstream pre-built images if --rcm flag is passed• Runs locally on Linux, Mac, or provision to Amazon’s EC2 environment

Note: There are some environment differences with how Ansible Broker is installed via ‘catasb’ that is not an exact match to a downstream environment deployed with ‘atomic-openshift-installer’

How do I install it?

Ansible Broker

27

Project Information

• Public Mailing List: ansible-service-broker@redhat.com

• IRC (Freenode): #asbroker

• Project Links:• https://github.com/openshift/ansible-service-broker#project-related-links

• YouTube Channel: https://www.youtube.com/channel/UC04eOMIMiV06_RSZPb4OOBw• Deploying MediaWiki and PostgreSQL from Image Registry

• https://www.youtube.com/watch?v=3fLkcHJBnfc

• Points of Contact:• Product Manager: Eric Dubé edube@redhat.com

• Engineering Manager: Todd Sanders tsanders@redhat.com

• Technical Lead: John Matthews jmatthews@redhat.com

Thanks. Cheers.Questions?

Extra Slides

29

Discover APBs: DogAPI & RandomViewer

30

Ansible Broker

ContainerRegistry

DogAPI APB

RandomViewer APB

Service Consumer

Service Catalog

Provision DogAPI: Run ‘provision.yaml’

31

Ansible Broker

ContainerRegistry

DogAPI APB

RandomViewer APB

Service Consumer

Service Catalog

DogAPI APB

ansible-playbook provision.yaml $varsoc run $imagename $method $vars

Provision DogAPI: Creates PostgreSQL + API

32

Ansible Broker

ContainerRegistry

DogAPI APB

RandomViewer APB

Service Consumer

Service Catalog

PostgreSQL

DogAPI APB

ansible-playbook provision.yaml $vars API

DogAPI (Backend) is up & APB terminates

33

Ansible Broker

ContainerRegistry

Service Consumer

Service Catalog

PostgreSQL

API

DogAPI APB

RandomViewer APB

Provision RandomViewer: Run ‘provision.yaml’

34

Ansible Broker

ContainerRegistry

DogAPI APB

RandomViewer APB

Service Consumer

Service Catalog

PostgreSQL

RandomViewer APB

API

ansible-playbook provision.yaml $vars

Provision RandomViewer: Creates Service

35

Ansible Broker

ContainerRegistry

DogAPI APB

RandomViewer APB

Service Consumer

Service Catalog

PostgreSQL

RandomViewer APB

API

ansible-playbook provision.yaml $vars

RandomViewer

RandomViewer (frontend) is up & APB terminates

36

Ansible Broker

ContainerRegistry

DogAPI APB

RandomViewer APB

Service Consumer

Service Catalog

PostgreSQL

API

RandomViewer

Create Binding: Launch APB, Run bind.yaml

37

Ansible Broker

ContainerRegistry

DogAPI APB

RandomViewer APB

Service Consumer

Service Catalog

PostgreSQL

API

RandomViewer

DogAPI APB

ansible-playbook bind.yaml $vars

Binding

Secret created by Service Catalog

38

Ansible Broker

ContainerRegistry

DogAPI APB

RandomViewer APB

Service Consumer

Service Catalog

PostgreSQL

API

RandomViewer

Binding

Secret

Secret added to Application Deployment Config

39

Ansible Broker

ContainerRegistry

DogAPI APB

RandomViewer APB

Service Consumer

Service Catalog

PostgreSQL

API

RandomViewer

Binding

Secret

What is the “bind” operation doing?

40

Ansible Broker

Service Catalog

RandomViewer

Credentials

DogAPI APBService Catalog makes a Secret available for Pod

APB returns credentials of

service to broker

Service Consumer

PostgreSQL

API