Spec for system deployment of containerized openstack infrastructure
Submitting the following spec for review: system-deployment-of-containerized-openstack-infrastructure.rst Change-Id: Ic4bf44d2324b9c1f5d595daa19f260b612f4dc48 Signed-off-by: Bart Wensley <barton.wensley@windriver.com>
This commit is contained in:
parent
f7c04656d8
commit
9f239ab5fe
@ -0,0 +1,276 @@
|
|||||||
|
===========================================================
|
||||||
|
System Deployment of Containerized OpenStack Infrastructure
|
||||||
|
===========================================================
|
||||||
|
|
||||||
|
Storyboard: https://storyboard.openstack.org/#!/story/2003910
|
||||||
|
|
||||||
|
This story will update StarlingX to deploy its OpenStack infrastructure in a
|
||||||
|
containerized configuration. Changes will be identified and implemented to
|
||||||
|
enable end-to-end configuration of all the containers that will host
|
||||||
|
OpenStack infrastructure services.
|
||||||
|
|
||||||
|
Problem description
|
||||||
|
===================
|
||||||
|
|
||||||
|
Please see the following for background on the effort to containerize the
|
||||||
|
StartlingX OpenStack infrastructure:
|
||||||
|
https://wiki.openstack.org/wiki/Containerizing_StarlingX_Infrastructure
|
||||||
|
|
||||||
|
This story implements the end-to-end configuration of the StarlingX
|
||||||
|
platform with the OpenStack infrastructure services running in containers.
|
||||||
|
It builds on several other stories which are listed in the Dependencies
|
||||||
|
section below.
|
||||||
|
|
||||||
|
Use Cases
|
||||||
|
=========
|
||||||
|
|
||||||
|
Developers/testers/users need the ability to install and configure a StarlingX
|
||||||
|
system with kubernetes master and worker nodes, in order to support a
|
||||||
|
variety of containerized applications.
|
||||||
|
|
||||||
|
Developers/testers/users need the ability to install and configure the
|
||||||
|
OpenStack application on a running StarlingX system.
|
||||||
|
|
||||||
|
Proposed change
|
||||||
|
===============
|
||||||
|
|
||||||
|
The initial install of a StarlingX system will no longer include the OpenStack
|
||||||
|
software (with the exception of Keystone and Horizon which are required by
|
||||||
|
bare metal platform services). The OpenStack application will have its own
|
||||||
|
instance of Keystone and Horizon.
|
||||||
|
|
||||||
|
To install the OpenStack application, the user will first label the hosts to
|
||||||
|
be used for OpenStack controller functions (label: openstack-controller-node)
|
||||||
|
and OpenStack compute functions (label: openstack-compute-node) using the
|
||||||
|
following CLI:
|
||||||
|
|
||||||
|
system host-label-assign <hostname> <label>
|
||||||
|
|
||||||
|
Then the user will use the following CLI to import the OpenStack application:
|
||||||
|
|
||||||
|
system application-upload <app-name> <app-tarfile>
|
||||||
|
|
||||||
|
Finally, the user will install the OpenStack application:
|
||||||
|
|
||||||
|
system application-install <app-name>
|
||||||
|
|
||||||
|
The above CLIs are created as part of the stories listed in the Dependencies
|
||||||
|
section below (see the Armada Integration story for details). This story
|
||||||
|
provides the "glue" that performs the necessary configuration of platform
|
||||||
|
services (e.g. System Inventory (sysinv), Virtual Infrastructure Manager
|
||||||
|
(VIM)) to support the OpenStack application.
|
||||||
|
|
||||||
|
Alternatives
|
||||||
|
============
|
||||||
|
|
||||||
|
This is the only reasonable approach to integrate the containerized OpenStack
|
||||||
|
application with the StartlingX platform.
|
||||||
|
|
||||||
|
Data model impact
|
||||||
|
=================
|
||||||
|
|
||||||
|
None - any data model impacts are described in the stories listed in the
|
||||||
|
Dependencies section below.
|
||||||
|
|
||||||
|
REST API impact
|
||||||
|
===============
|
||||||
|
|
||||||
|
None - any REST API impacts are described in the stories listed in the
|
||||||
|
Dependencies section below.
|
||||||
|
|
||||||
|
Security impact
|
||||||
|
===============
|
||||||
|
|
||||||
|
This story does not expose any new interfaces to the external world. Any
|
||||||
|
security impacts are described in stories listed in the Dependencies section
|
||||||
|
below.
|
||||||
|
|
||||||
|
Other end user impact
|
||||||
|
=====================
|
||||||
|
|
||||||
|
Prior to this story, all StarlingX systems would come up with the OpenStack
|
||||||
|
services installed by default (on bare metal) after initial system
|
||||||
|
configuration.
|
||||||
|
|
||||||
|
After this story, all StarlingX systems will come up without the OpenStack
|
||||||
|
services. If a user wants to install the OpenStack application
|
||||||
|
(containerized), they will perform the actions described in the Proposed
|
||||||
|
Change section above.
|
||||||
|
|
||||||
|
Performance Impact
|
||||||
|
==================
|
||||||
|
|
||||||
|
The move from a bare metal OpenStack deployment to a containerized deployment
|
||||||
|
will impact the performance of the system. These impacts will be assessed
|
||||||
|
as the development is done and negative impacts will be mitigated.
|
||||||
|
|
||||||
|
Other deployer impact
|
||||||
|
=====================
|
||||||
|
|
||||||
|
In order to install the StarlingX system, external network access will be
|
||||||
|
required over the OAM interface on the controller hosts. This is necessary
|
||||||
|
to download the required docker images, which will not be included in the
|
||||||
|
StarlingX iso. This is both due to size considerations (the images required by
|
||||||
|
he OpenStack application will total several GB in size) and to decouple the
|
||||||
|
StarlingX software release from OpenStack docker image releases.
|
||||||
|
|
||||||
|
Patching of a StarlingX system will be different as the existing RPM based
|
||||||
|
patching mechanism will not work for software running in containers (i.e. all
|
||||||
|
the OpenStack components). The new patching mechanism for containers is TBD.
|
||||||
|
|
||||||
|
Developer impact
|
||||||
|
================
|
||||||
|
|
||||||
|
Developers working on StarlingX will now need to build docker images in order
|
||||||
|
to test changes to OpenStack components (e.g. keystone, nova, neutron) that
|
||||||
|
were previously running on bare metal. They will also need to generate the
|
||||||
|
OpenStack application tarfile, which includes manifests and Helm charts.
|
||||||
|
|
||||||
|
Upgrade impact
|
||||||
|
==============
|
||||||
|
|
||||||
|
None - this is the first StarlingX release so there are no previous releases
|
||||||
|
that we need to support upgrades from.
|
||||||
|
|
||||||
|
Implementation
|
||||||
|
==============
|
||||||
|
|
||||||
|
Assignee(s)
|
||||||
|
===========
|
||||||
|
|
||||||
|
Primary assignee:
|
||||||
|
|
||||||
|
* Bart Wensley (bartwensley)
|
||||||
|
|
||||||
|
Other contributors:
|
||||||
|
|
||||||
|
* Al Bailey (albailey)
|
||||||
|
* Chris Friesen (cbf123)
|
||||||
|
* Don Penney (dpenney)
|
||||||
|
* Jerry Sun (jerry-sun-u)
|
||||||
|
* Kevin Smith (kevin.smith.wrs)
|
||||||
|
* Lachlan Plant (lachlan.plant)
|
||||||
|
* Robert Church (rchurch)
|
||||||
|
* Shoaib Nasir (snasir)
|
||||||
|
* Tee Ngo (teewrs)
|
||||||
|
|
||||||
|
Repos Impacted
|
||||||
|
==============
|
||||||
|
|
||||||
|
* stx-config
|
||||||
|
* stx-integ
|
||||||
|
* stx-nfv
|
||||||
|
|
||||||
|
Work Items
|
||||||
|
==========
|
||||||
|
|
||||||
|
* Sysinv:
|
||||||
|
|
||||||
|
* Update VIM puppet plugin to disable all OpenStack plugins in the VIM when
|
||||||
|
the OpenStack application is NOT installed and to enable them when the
|
||||||
|
OpenStack application is installed.
|
||||||
|
* Support new keystone configuration (e.g. auth URL, username, password) for
|
||||||
|
containerized OpenStack services.
|
||||||
|
* Use the pod based keystone when accessing OpenStack services (if it is
|
||||||
|
configured).
|
||||||
|
* Update sysinv/puppet to supply kubernetes configuration to sysinv/VIM when
|
||||||
|
OpenStack application has been installed.
|
||||||
|
* Update sysinv/puppet to generate platform openrc file in
|
||||||
|
/etc/platform/openrc.
|
||||||
|
* Detect when OpenStack application installation is complete and:
|
||||||
|
|
||||||
|
* Reconfigure sysinv with pod based keystone configuration.
|
||||||
|
* Reconfigure VIM with pod based keystone configuration.
|
||||||
|
|
||||||
|
* Perform different semantic checks for worker nodes with OpenStack
|
||||||
|
installed vs. worker nodes without OpenStack.
|
||||||
|
* Add semantic checks to prevent label and override modifications for
|
||||||
|
unlocked hosts.
|
||||||
|
* Send notifications to VIM whenever labels are modified.
|
||||||
|
* Avoid modifications to host aggregates for pure kubernetes worker nodes.
|
||||||
|
|
||||||
|
* VIM:
|
||||||
|
|
||||||
|
* Support new keystone configuration (e.g. auth URL, username, password) for
|
||||||
|
containerized OpenStack services.
|
||||||
|
* Use the pod based keystone when accessing OpenStack services (if it is
|
||||||
|
configured).
|
||||||
|
* Disable all interactions with nova, neutron and guest services for pure
|
||||||
|
kubernetes worker nodes (based on absence of openstack-compute-node label).
|
||||||
|
* host-add:
|
||||||
|
|
||||||
|
* When sysinv notifies the VIM that a host has been added, the VIM will
|
||||||
|
no longer create the nova/neutron/guest services, as the host will
|
||||||
|
start out as a pure kubernetes worker node.
|
||||||
|
|
||||||
|
* label-add:
|
||||||
|
|
||||||
|
* When openstack-compute-node label is added to compute, create the
|
||||||
|
nova/neutron/guest services (previously done on host-add).
|
||||||
|
|
||||||
|
* host-delete:
|
||||||
|
|
||||||
|
* Only delete OpenStack services if openstack-compute-node label applied
|
||||||
|
to host.
|
||||||
|
|
||||||
|
* Remove --kubernetes option from config_controller, along with the
|
||||||
|
now-obsolete bare metal OpenStack related code (e.g. python code, puppet,
|
||||||
|
service scripts, OCF scripts, SM config, pmon config).
|
||||||
|
|
||||||
|
Dependencies
|
||||||
|
============
|
||||||
|
|
||||||
|
This requires new functionality being developed under the following stories:
|
||||||
|
|
||||||
|
* Kubernetes Platform Support:
|
||||||
|
https://storyboard.openstack.org/#!/story/2002843
|
||||||
|
* CEPH persistent storage backend for Kubernetes:
|
||||||
|
https://storyboard.openstack.org/#!/story/2002844
|
||||||
|
* Local Docker Registry:
|
||||||
|
https://storyboard.openstack.org/#!/story/2002840
|
||||||
|
* Docker Image Generation:
|
||||||
|
https://storyboard.openstack.org/#!/story/2003907
|
||||||
|
* Infrastructure HELM Chart Override Generation:
|
||||||
|
https://storyboard.openstack.org/#!/story/2003909
|
||||||
|
* Create HELM chart for nova-api-proxy:
|
||||||
|
https://storyboard.openstack.org/#!/story/2004007
|
||||||
|
* Create HELM chart for Fault project:
|
||||||
|
https://storyboard.openstack.org/#!/story/2004008
|
||||||
|
* Armada Integration:
|
||||||
|
https://storyboard.openstack.org/#!/story/2003908
|
||||||
|
|
||||||
|
Testing
|
||||||
|
=======
|
||||||
|
|
||||||
|
This story affects the configuration and deployment of all OpenStack services
|
||||||
|
on StarlingX. In addition to the usual unit testing in the impacted code
|
||||||
|
areas, this will require a full system regression of all StarlingX
|
||||||
|
functionality. It will also require extensive performance testing in order
|
||||||
|
to identify and address any performance impacts.
|
||||||
|
|
||||||
|
In addition, this story changes the way a StarlingX system is installed and
|
||||||
|
configured, which will require changes in existing automated installation and
|
||||||
|
testing tools.
|
||||||
|
|
||||||
|
Documentation Impact
|
||||||
|
====================
|
||||||
|
|
||||||
|
This story affects the StarlingX installation and configuration documentation.
|
||||||
|
Specific details of the documentation changes will be addressed once the
|
||||||
|
implementation is complete.
|
||||||
|
|
||||||
|
References
|
||||||
|
==========
|
||||||
|
|
||||||
|
None
|
||||||
|
|
||||||
|
History
|
||||||
|
=======
|
||||||
|
|
||||||
|
.. list-table:: Revisions
|
||||||
|
:header-rows: 1
|
||||||
|
|
||||||
|
* - Release Name
|
||||||
|
- Description
|
||||||
|
* - 2019.03
|
||||||
|
- Introduced
|
Loading…
Reference in New Issue
Block a user