Building Docker Images

With PuppetNick Jones, DataCentred

@yankcrime

Schedule

DataCentred overview

Why Docker

Why PuppetDemo

Problems / solutions

Wrap-up

OpenStack

Keystone, Nova, Neutron, Glance, Cinder, Horizon, etc.

KVMOpen vSwitchControl, compute, network, data nodes

OpenStack Services

GaleraRabbitMQMongoDB

MemcacheApache httpdHaproxy & keepalived

Ceph

Loadbalancers

GatewaysMonitors

OSDs

Monitoring

Icinga2Telegraf, InfluxDB, Grafana

ElasticSearch, Logstash, Kibana

Services

CI - JenkinsDNS, TFTP, DHCP

IPAMMirrors

Puppet

Puppet MasterPuppetDBPuppet CAForeman

ಠ_ಠ

Puppet

With Puppet you use a common language to describe what you want your infrastructure to look like, and Puppet makes it happen - and helps you keep it that way.

OpenStack Infrastructure Overview

OpenStack Control Nodes

OpenStack Control Node

Why Docker

Consolidate OpenStack components into discrete building blocksMix-and-match versions of components

Ease the pain of upgrades

Why Configuration Management

Need to build custom images

Harness the power of something that's the right tool for the job

Puppet incumbent for configuration management, would like to reuse data

Make the two work together

Assumptions

Containers should be ephemeral

Running SSH in a container is out

Running Puppet as an agent in a container is out

Typical Dockerfile

FROM phusion/baseimage:0.9.15

ENV HOME /rootENV LANG en_US.UTF-8

RUN locale-gen en_US.UTF-8RUN ln -s -f /bin/true /usr/bin/chfnRUN apt-get update && apt-get -y upgrade

[..]

RUN apt-get remove -y --auto-remove openstack-dashboard-ubuntu-themeADD local_settings.py /etc/openstack-dashboard/local_settings.pyVOLUME ["/etc/openstack-dashboard"]ADD openstack-dashboard.conf /etc/apache2/conf-available/openstack-dashboard.confADD start_memcached.sh /etc/service/memcached/runADD start_apache2.sh /etc/service/apache2/run

With Puppet

FROM puppet:latestMAINTAINER Nick Jones "nick@dischord.org"

ENV FACTER_role='horizon'

RUN puppet apply --verbose \ --modulepath /puppet/modules \ --hiera_config /puppet/hiera.yaml \ --manifestdir /puppet/ /puppet/default.pp

RUN apt-get -y clean && rm -rf /puppet

EXPOSE 80

CMD ["/usr/bin/supervisord", "-n"]

Another Example

FROM puppet:latestMAINTAINER Nick Jones "nick@dischord.org"

ENV FACTER_role='database'ENV FACTER_container='dischord_database'

RUN puppet apply --debug --verbose \ --modulepath /puppet/modules \ --hiera_config /puppet/hiera.yaml \ --manifestdir /puppet/ /puppet/default.pp

RUN apt-get -y clean && rm -rf /puppet

EXPOSE 3306VOLUME /var/lib/mysql

CMD ["/usr/bin/supervisord", "-n"]

Database Container

database.yaml:classes: - '::profile::mariadb'

dischord_database.yaml:databases: 'fever': 'user': 'fever' 'password': 'xxx' 'host': '%'

service: 'mariadb-server': 'command': '/usr/sbin/mysqld'

Puppet

class profile::mariadb {

include ::mysql::server

create_resources(::mysql::db, hiera('databases'))

}

Demo

Building a Horizon image

What doesn't work so well

Repo data in images

Breaks image layers philosophy

Puppet modules not handling container behaviour

Lack of support in Puppet's RAL for minimal distros

Solutions

Mount configuration data repo at build - Rocker!

Build APIOCI Image Format SpecificationAlternative configuration management tools:

—mgmt—Habitat

Questions?

References

https://puppet.com/blog/building-puppet-based-applications-inside-docker

http://dischord.org/2016/03/27/docker-and-puppet/

https://github.com/purpleidea/mgmt

https://github.com/puppetlabs/puppet-rocker-demo

https://www.habitat.shhttps://github.com/grammarly/rocker