ANSIBLE SERVICE BROKERDeploying multi-container applications on OpenShift

Todd SandersJohn MatthewsOpenShift Commons Briefing

May 31, 2017

2

● API working group formed in September 2016, officially announced December; successor to CF Service Broker API

● API defines an HTTP interface between the services marketplace of a platform and service brokers● Service Broker is the component of the service that implements the Service Broker API, for which a

platform's marketplace is a client● Service brokers are responsible for advertising a catalog of service offerings and service plans to the

marketplace, and acting on requests from the marketplace for:○ Provisioning, binding, unbinding, and deprovisioning○ Provisioning reserves a resource (service instance)○ Binding typically generates credentials necessary for accessing the resource or provides the service

instance with information for a configuration change● Platform marketplace may expose services from one or many service brokers● Individual service broker may support one or many platform marketplaces using different URL prefixes

and credentials● Backed by numerous industry leaders including Fujitsu, Google, IBM, Pivotal, Red Hat, and SAP

Open Service Broker APIOverview

ANSIBLE SERVICE BROKEROrchestrating OpenShift Services

● Define, extend, and deliver “simple” to “complex” multi-container OpenShift services● Standardized approach to using Ansible to manage and provision applications● Leverage existing investment in Ansible roles/playbooks● Easy management of applications for “simple” cloud-native apps

Ansible Service Broker● Embraces Service Catalog and Open Service

Broker API concepts● Supports:

○ Traditional S2I deployments○ Provisioning of pre-existing images○ Orchestrating external services○ Deploying multi-service solutions

Ansible Playbook Bundle● Lightweight application definition (meta-container)● Simple directory employing:

○ Named playbooks [provision, bind, …] to perform Open Service Broker actions

○ Metadata containing a list of required / optional parameters during deployment

○ Embedded Ansible runtime

ANSIBLE SERVICE BROKER - Architecture

Service Consumer

Ansible Service Broker

Red Hat Container Catalog

Ansible Playbook Bundle

Service BrokerService BrokerService Broker

Ansible Playbook Bundle

OpenShiftService

oc run $appname $method $vars

ansible-playbook $method.yaml $vars

• catalog • provision • deprovision • bind • unbind

OpenShift Mall / Service Catalog

Example Ansible Playbook Bundles:

• ELK, Etherpad, Foreman, Galera • ManageIQ, MongoDB, PostgreSQL • Foreman, Pulp, Wordpress • External MLAB MongoDB SaaS • and more...

Supports provisioning of and binding to

both on-platform and off-platform (public cloud)

services!

ANSIBLE PLAYBOOK BUNDLE (APB)Definition

● Simple directory with named “action” playbooks and metadata.

● Metadata:○ required/optional parameters ○ dependencies (provision vs bind)

● Leverages existing investment in Ansible Roles / Playbooks.

● Developer Tooling to drive guided approach.● Easily modified or extended.

ANSIBLE PLAYBOOK BUNDLE (APB)A Closer Look

Steps to create an APB:

1. Create apb.yml2. Create Ansible Playbooks3. apb prepare

a. Creates Dockerfile with image labels4. Build container

ANSIBLE PLAYBOOK BUNDLE (APB)abp.yaml

abp.yml

playbooks

provision.yml

deprovision.yml

Dockerfile

name: helloworld-apbimage: myorg/helloworld-apb

parameters: - name: namespace type: string default: hello-world-apb

- name: message type: string default: "Hello World"

ANSIBLE PLAYBOOK BUNDLE (APB)provision.yml

abp.yml

playbooks

provision.yml

deprovision.yml

Dockerfile

- name: Deploy sampleapp hosts: localhost connection: local tasks: - name: create namespace shell: "oc new-project {{ ns }}"

- name: create app dc shell: "oc create -n {{ ns }} -f sampleapp.yml"

ANSIBLE PLAYBOOK BUNDLE (APB)deprovision.yml

abp.yml

playbooks

provision.yml

deprovision.yml

Dockerfile

- name: Uninstall sampleapp hosts: localhost connection: local tasks: - name: delete namespace shell: "oc delete project {{ ns }}"

ANSIBLE PLAYBOOK BUNDLE (APB)Dockerfile - Ansible runtime for base image

abp.yml

playbooks

provision.yml

deprovision.yml

Dockerfile

FROM ansibleplaybookbundle/apb-base

LABEL "com.redhat.apb.version"="0.1.0"LABEL "com.redhat.apb.spec"=”...<base64 encoded apb.yml data >…”

ADD roles /opt/ansible/rolesADD playbooks /opt/apb/actions

RUN useradd -u 1001 -r -g 0 -M -b /opt/apb -s /sbin/nologin -c "apb user" apbRUN chown -R 1001:0 /opt/{ansible,apb}USER 1001

ANSIBLE PLAYBOOK BUNDLE (APB)Ansible 2.4 will include k8s/openshift modules

- name: create namespace shell: "oc new-project {{ ns }}"

- name: create route shell: "oc create -n {{ ns }} -f route.yml"

apiVersion: v1kind: Routespec: port: targetPort: port-80 <snip>

- openshift_v1_project: name: '{{ ns }}'

- openshift_v1_route: name: wordpress namespace: '{{ ns }}' port_target_port: 80

Playbook - Executes oc commands directly Playbook - Leverages Ansible Modules for K8S/OCP

https://github.com/openshift/openshift-restclient-python

How about a demo?

Bind ExamplePython WebApp + PostgreSQL

Download Postgres APB

Service Consumer

Ansible Service Broker

Red Hat Container Catalog

postgres-demo-apb

OpenShift Mall / Service Catalog

Run provision.yaml from postgres-demo-apb

Service Consumer

Ansible Service Broker

Red Hat Container Catalog

postgres-demo-apb

postgres-demo-apb

oc run $appname $method $vars

ansible-playbook $method.yaml $vars

OpenShift Mall / Service Catalog

Postgres is now running

Service Consumer

Ansible Service Broker

Red Hat Container Catalog

postgres-demo-apb

postgres-demo-apb

oc run $appname $method $vars

ansible-playbook $method.yaml $vars

OpenShift Mall / Service Catalog

Pod: postgres-demo

Create WebApp

Service Consumer

Ansible Service Broker

Red Hat Container Catalog

postgres-demo-apb

postgres-demo-apb

oc run $appname $method $vars

ansible-playbook $method.yaml $vars

OpenShift Mall / Service Catalog

Pod: postgres-demo

S2I Created Python WebApp

Bind Postgres to WebApp

Service Consumer

Ansible Service Broker

Red Hat Container Catalog

postgres-demo-apb

postgres-demo-apb

oc run $appname $method $vars

ansible-playbook provision.yaml $vars

OpenShift Mall / Service Catalog

POD: postgres-demo

S2I Created Python WebApp

Bind connects the WebApp to the

Database

What is Bind Doing? Ansible Service Broker postgres-demo-apb

OpenShift Mall / Service Catalog

Pod: postgres-demo

S2I Created Python WebApp

APB returns credentials of

service to BrokerService Catalog

injects credentials into pod

Credentials

Bind WebApp to PostgreSQL

Binding connects WebApp to

Database through a Secret

PostgreSQL APB: https://github.com/fusor/apb-examples/tree/master/postgresql-demo-apb

apb.yml Dockerfile playbooks provision.yaml roles postgresql-demo-apb-openshift defaults main.yml files airports.ddl airports.sql tasks

main.yml

- name: create service k8s_v1_service: name: postgresql namespace: '{{ namespace }}' state: present labels: app: postgresql-demo-apb service: postgresql selector: app: postgresql-demo-apb service: postgresql ports: - name: port-5432 port: 5432 protocol: TCP target_port: 5432 register: postgres_service

https://github.com/fusor/apb-examples

23

Ansible Service BrokerMore Information

● Email: ansible-service-broker@redhat.com● IRC (Freenode): #asbroker● Trello: https://trello.com/b/50JhiC5v/ansible-service-broker● Github:

○ https://github.com/fusor/ansible-service-broker○ https://github.com/fusor/ansible-playbook-bundle

● Library of example APBs: https://github.com/fusor/apb-examples○ ManageIQ, Etherpad, Wordpress, ELK Stack

● YouTube Channel: https://www.youtube.com/channel/UC04eOMIMiV06_RSZPb4OOBw○ Using the Service Catalog to Bind a PostgreSQL APB to a Python Web App

■ https://www.youtube.com/watch?v=xmd52NhEjCk○ Service Catalog deploying ManageIQ APB on to OpenShift

■ https://www.youtube.com/watch?v=J6rDssVEZuQ● Docker hub published APBs

○ https://hub.docker.com/u/ansibleplaybookbundle/

24

Questions?