Merge "[Docs] Include OpenStack-Ansible Manifesto"

2018-03-24 23:34:35 +00:00 · 2018-03-24 23:34:35 +00:00 · d23b8d9f01
commit d23b8d9f01
parent e8b0e8dcac d99c1d3469
3 changed files with 135 additions and 13 deletions
--- a/deploy-guide/source/app-aboutosa.rst
+++ b/deploy-guide/source/app-aboutosa.rst
@ -9,7 +9,14 @@ IT automation engine to deploy an OpenStack environment on Ubuntu, with CentOS a
 openSUSE currently in Beta release.
 For isolation and ease of maintenance, you can install OpenStack components
-into Linux containers (LXC).
+into machine containers.
 The OpenStack-Ansible manifesto
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 All the design considerations (the container architecture, the ability to
 override any code, the network considerations, etc.) of this project are
 listed in our :dev_docs:`architecture reference <reference/architecture/index.html>`.
 Why choose OpenStack-Ansible?
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@ -43,14 +50,3 @@ When **not** to choose OpenStack-Ansible?
  *systemd-nspawn* in the future (WIP). If you want to go 100% Docker,
  there are other projects in the OpenStack community that can
  help you.
 Ansible
 ~~~~~~~
 Ansible provides an automation platform to simplify system and application
 deployment. Ansible manages systems by using Secure Shell (SSH)
 instead of unique protocols that require remote daemons or agents.
 Ansible uses playbooks written in the YAML language for orchestration.
 For more information, see `Ansible - Intro to
 Playbooks <http://docs.ansible.com/playbooks_intro.html>`_.
--- a/doc/source/reference/architecture/index.rst
+++ b/doc/source/reference/architecture/index.rst
@ -11,8 +11,9 @@ was architected in this way.
 .. toctree::
   :maxdepth: 1
   manifesto.rst
   security.rst
   service-arch.rst
   storage-arch.rst
   security.rst
   container-networking.rst
--- a/doc/source/reference/architecture/manifesto.rst
+++ b/doc/source/reference/architecture/manifesto.rst
@ -0,0 +1,125 @@
 OpenStack-Ansible Manifesto
 ===========================
 This project will be a **Batteries included** project. Which
 means deployer can expect that deploying from any of the named
 feature branches or tags should provide an OpenStack cloud
 built for production which will be available at the successful
 completion of the deployment.
 Project scope
 ~~~~~~~~~~~~
 This project will be a **Batteries included** project. Which means deployer
 can expect that deploying from any of the named feature branches or tags should
 provide an OpenStack cloud built for production which will be
 available at the successful completion of the deployment.
 However, this project solely focuses on the deployment of OpenStack and its
 requirements.
 This project does **not** PXE boot hosts. Host setup and lifecycle management
 is left to the deployer. This project also requires that bridges are setup
 within the hosts to allow the containers to attach to a local bridge for
 network access.
 See also the :dev_docs:`Container networking <reference/architecture/container-networking.html>`.
 Ansible Usage
 ~~~~~~~~~~~~~
 Ansible provides an automation platform to simplify system and application
 deployment. Ansible manages systems by using Secure Shell (SSH)
 instead of unique protocols that require remote daemons or agents.
 Ansible uses playbooks written in the YAML language for orchestration.
 For more information, see `Ansible - Intro to
 Playbooks <http://docs.ansible.com/playbooks_intro.html>`_.
 Ansible is a simple yet powerful orchestration tool that is ideally
 equipped for deploying OpenStack-powered clouds. The declarative nature of
 Ansible allows the deployer to turn an entire deployment into a rather
 simple set of instructions.
 Roles within the Openstack-Ansible umbrella are built using Ansible
 best practices and contain namespaced variables that are *human* understandable.
 All roles are independant of each other and testable separately.
 All roles are built as Galaxy compatible roles even when the given role is
 not intended for standalone use. While the project will offer a lot of
 built-in roles the deployer will be able to pull down or override roles
 with external ones using the built-in Ansible capabilities.
 This allows extreme flexibility for deployers.
 Source based deployments
 ~~~~~~~~~~~~~~~~~~~~~~~~
 When the OpenStack-Ansible project was created, it was required
 to provide a system able to override any OpenStack upstream
 source code.
 This means that OpenStack services and their python
 dependencies are built and installed from source 
 code as found within the OpenStack Git repositories by default,
 but allow deployers to point to their own repositories.
 This also allows developers to point to their own code for
 their work.
 A source based deployment, for Python-built parts of OpenStack,
 makes sense when dealing with scale and wanting consistency
 over long periods of time. A deployer should have the ability
 to deploy the same OpenStack release on every node throughout
 the life cycle of the cloud, even when some components are
 end of life. By providing a repository of the sources, the
 deployment can be re-created even years after the initial
 deployment, assuming the underlying operating systems and
 packages stay the same.
 This means that there will never be a time where OpenStack
 specific packages, as provided by the distributions, are
 being used for OpenStack services. Third party repositories
 like *CloudArchive* and or *RDO* may still be required within
 a given deployment but only as a means to meet application
 dependencies.
 Containerized deployments
 ~~~~~~~~~~~~~~~~~~~~~~~~~
 This project introduces containers as a means to abstract services from
 one another.
 The use of containers allows for additional abstractions of entire
 application stacks to be run all within the same physical host machines.
 The "containerized" applications are sometimes grouped within a single
 container where it makes sense, or distributed in multiple containers
 based on application and or architectural needs.
 The default container architecture has been built in such a way to allow
 for scalability and highly available deployments.
 The simple nature of machine containers allows the deployer to treat
 containers as physical machines. The same concepts apply for machine
 containers and physical machines: This will allow deployers to use
 existing operational tool sets to troubleshoot issues within a deployment
 and the ability to revert an application or service within inventory
 to a known working state without having to re-kick a physical host.
 Not all services are containerized: some don't make sense to run
 within a container. Logic needs to be applied in regards on how services
 are containerized. If their requirements can't be met due to system
 limitations, (kernel, application maturity, etc...), then the service
 is not set to run within a container.
 Example of un-containerized services:
 * Nova compute (for direct access to virtualization devices)
 * Swift storage (for direct access to drive)
 The containers are not a mean of securing a system.
 The containers were not chosen for any eventual security safe
 guards. The machine containers were chosen because of their
 practicality with regard to providing a more uniform OpenStack
 deployment. Even if the abstractions that the containers provides
 do improve overall deployment security these potential benefits
 are not the intention of the containerization of services.