image build as a service
play

Image BUILD aS - a - SeRVIce Why it makes sense to build your own - PowerPoint PPT Presentation

Image BUILD aS - a - SeRVIce Why it makes sense to build your own cloud images OpenStack Summit Boston 2017 aBoUt US kURt gaRLoff Studied physics Built up SUSE Labs, where he was leading the development open teLekom cLoUD aRchItekt of


  1. Image BUILD aS - a - SeRVIce Why it makes sense to build your own cloud images OpenStack Summit Boston 2017

  2. aBoUt US kURt gaRLoff  Studied physics  Built up SUSE Labs, where he was leading the development open teLekom cLoUD aRchItekt of the Linux kernel, the gcc Compiler and X11 kurt.garloff@t-systems.com  Since 2011, he has mainly been leading engineering and operations of OpenStack based cloud environments SeBaStIan wenneR  Studied Information Technology  Since 2000, in various roles covering Linux, virtualisation, open teLekom cLoUD aRchItekt outsourcing and infrastructure sebastian.wenner@t-systems.com  After 10 years at IBM, he joined T-Systems in 2012 focussing on cloud DanIeLa eBeRt  Studied Information Technology  With T-Systems since 2003 open teLekom cLoUD engIneeR  Spent many years as an AIX Engineer before joining the OTC d.ebert@t-systems.com team Image Factory@Open Telekom Cloud May 2017 2

  3. agenDa I. Intro II. Reasons III. Requirements IV. Setup V. Workflow VI. Output VII. Outlook VIII. Q&A Image Factory@Open Telekom Cloud May 2017 3

  4. IntRo Image Factory@Open Telekom Cloud May 2017 4

  5. open teLekom cLoUD public iaas for european enterprises  Data protection in compliance maRket anD SecURe with German legislation An open technology cUStomeR  Meeting enterprise needs platform with built-in expectatIonS compliance, ease-of-use,  Rapid access aRe changIng: and best pricing for SImpLe  Support/help getting started businesses of any size,  Easy to use Demand for scalable, in any industry dynamic IT resources is growing.  Great pricing affoRDaBLe open  Moving from capex to opex Public IaaS is the answer for IT infrastructures (compute, storage, teLekom network, management)  OpenStack API cLoUD open  No vendor lock-in  Simple to integrate Image Factory@Open Telekom Cloud May 2017 5

  6. otc at a gLance  Open Telekom Cloud is a cloud offered by Deutsche Telekom  Open Telekom Cloud is a public-cloud service based on OpenStack  Open Telekom Cloud is operated by T-Systems in Germany, and its functionality continues to be enhanced  Open Telekom Cloud meets German and European legal requirements on data protection/privacy  Open Telekom Cloud offers 99.95% availability  For users who need robust data protection/security  For cost-conscious enterprises of all sizes, in all industries  For users looking for simple, secure and affordable cloud services Image Factory@Open Telekom Cloud May 2017 6

  7. ReaSonS Image Factory@Open Telekom Cloud May 2017 7

  8. ReaSonS foR BUILDIng own ImageS SecURIty pLatfoRm USeR expeRIence  Hardening of images  XEN drivers  Up-to-date images  Patched images  High-performance drivers  Uniform images  Transparent process of image  Huawei tools (uvp-monitor)  Standard user for login creation  cloud-init optimization  Include OpenStack tools • Preconfiguration (NTP, update mirrors etc.) Image Factory@Open Telekom Cloud May 2017 8

  9. ReqUIRementS Image Factory@Open Telekom Cloud May 2017 9

  10. Image ReqUIRementS  Supportable and maintainable  Regular updates  Small images, fast to build, deploy, discard, and cheap to run  Security hardening  Modern (latest stable community and enterprise Linux distros)  Check authenticity of packages  Configuration/Customization via cloud-init & vendor/user-data SecURe SImpLe affoRDaBLe  Reproducible, template-based  Tested open  Transparent process of image creation  Continuous integration  Provide community images to public  License compliancy Image Factory@Open Telekom Cloud May 2017 10

  11. SetUp Image Factory@Open Telekom Cloud May 2017 11

  12. tooLS  openSUSE KIWI I is a Perl-based tool building customized OS images  Pulls packages from repositories, and installs them in chroot environment  Builds for us: openSUSE, SLES, CentOS, OracleLinux, RHEL  Not supported: Debian-based images  diskimage-builder is a Python-based tool for building customized OS images  Pulls packages from repositories, and installs them in chroot environment  Builds for us: Debian, Fedora  Not supported: SUSE-based images  GIT repository: Holds template files and scripts  Bash scripts to automate the whole workflow  OpenStack tools: Upload and register images  Apache: Publish image files and documentation Image Factory@Open Telekom Cloud May 2017 12

  13. BUILD enVIRonment architecture  Normal tenant in OTC production environment Internet Image Factory Tenant Support systems  All servers are redundant in SSh HTTPS az1 and az2 SMT Jump KIWI RHUI Host Build Host APT-cacher  Security groups to contol SSH the traffic NFS Admin Object Server NFS storage REST  Jump Hosts: Gateway for all outgoing traffic (SNAT) Web DIB Server Build Host  NFS server for GIT and Glance NFS image data HTTPS REST User Image Factory@Open Telekom Cloud May 2017 13

  14. woRkfLow Image Factory@Open Telekom Cloud May 2017 14

  15. Image BUILD woRkfLow  Config files from GIT  Webserver: qcow2 files  Keys  Glance: Script to register image  RPMs from repo servers  Calls KIWI or diskimage-builder  Boot VM  Compares config and package list to  Start testsuite previous build  Save test results  Collects logfiles  Signs the images  Upload image to tenant OBS  Register as private image Image Factory@Open Telekom Cloud May 2017 15

  16. InpUt exampLe (confIg.xmL) Image Factory@Open Telekom Cloud May 2017 16

  17. Image BUILD exampLe 1/2 Call K KIWI Ge Get rep epos Setu tup chro root Image Factory@Open Telekom Cloud May 2017 17

  18. Image BUILD exampLe 2/2 Co Convert qco cow2 KIWI WI su succe ccess Image Factory@Open Telekom Cloud May 2017 18

  19. UpLoaD & RegISteR OBSUpload Registe ter Image Factory@Open Telekom Cloud May 2017 19

  20. teStSUIte exampLe SSH SSH ch check cks Upda date e test Reb eboot test Image Factory@Open Telekom Cloud May 2017 20

  21. oUtpUt Image Factory@Open Telekom Cloud May 2017 21

  22. Image VeRSIonS V1  Latest stable community and enterprise Linux distros , e.g.:  openSUSE 42, SLES 12SP2  CentOS, OEL, RHEL 6.8 + 7.3  Debian 8.7, Fedora 25  Also available, but provided by Canonical:  Ubuntu 14.04 (trusty), Ubuntu 16.04 (xenial) Image Factory@Open Telekom Cloud May 2017 22

  23. Image VeRSIonS V2  Latest stable community (Standard_ prefix) and enterprise (Enterprise_) Linux distros , e.g.:  openSUSE 42.x, SLES 12SPx  CentOS, OEL, RHEL 7.x  EulerOS 2.x  Debian 8.x, Fedora 25  Also available, but provided by Canonical (Community_):  Ubuntu 14.04 (trusty)  Ubuntu 16.04 (xenial) May 17, 2017 23 Image Factory@Open Telekom Cloud May 2017 23

  24. pUBLIc Image LISt https://cons onsol ole.otc.t-sys ystems.com om/ Image Factory@Open Telekom Cloud May 2017 24

  25. oUtLook Image Factory@Open Telekom Cloud May 2017 25

  26. what IS next Paas aas Im Imag ages Marketp tplace IFaaS aaS CoreOS Co Windows ws Inte tegration Je Jenkins ? Infrastr tructu ture re imp mpro roveme ments GPU U based Linux comIng Soon Image Factory@Open Telekom Cloud May 2017 26

  27. qUeStIonS? Image Factory@Open Telekom Cloud May 2017 27

  28. LInkS Image Factory: https://imagefactory.otc.t-systems.com/ Image Factory related blogs: https://cloud.telekom.de/en/blog/open-telekom-cloud-image-factory-introduction/ https://cloud.telekom.de/en/blog/open-telekom-cloud-image-factory-get-in-touch-with-an-open- telekom-image/ https://cloud.telekom.de/en/blog/open-telekom-cloud-available-images-naming-conventions- planned-roadmap/ https://cloud.telekom.de/en/blog/image-factory-image-modifications/ Helpcenter: https://docs.otc.t-systems.com/ims_dld/index.html Image Factory@Open Telekom Cloud May 2017 28

  29. thank yoU! Image Factory@Open Telekom Cloud May 2017 29

Recommend


More recommend