Image BUILD aS - a - SeRVIce Why it makes sense to build your own cloud images OpenStack Summit Boston 2017
aBoUt US kURt gaRLoff Studied physics Built up SUSE Labs, where he was leading the development open teLekom cLoUD aRchItekt of the Linux kernel, the gcc Compiler and X11 kurt.garloff@t-systems.com Since 2011, he has mainly been leading engineering and operations of OpenStack based cloud environments SeBaStIan wenneR Studied Information Technology Since 2000, in various roles covering Linux, virtualisation, open teLekom cLoUD aRchItekt outsourcing and infrastructure sebastian.wenner@t-systems.com After 10 years at IBM, he joined T-Systems in 2012 focussing on cloud DanIeLa eBeRt Studied Information Technology With T-Systems since 2003 open teLekom cLoUD engIneeR Spent many years as an AIX Engineer before joining the OTC d.ebert@t-systems.com team Image Factory@Open Telekom Cloud May 2017 2
agenDa I. Intro II. Reasons III. Requirements IV. Setup V. Workflow VI. Output VII. Outlook VIII. Q&A Image Factory@Open Telekom Cloud May 2017 3
IntRo Image Factory@Open Telekom Cloud May 2017 4
open teLekom cLoUD public iaas for european enterprises Data protection in compliance maRket anD SecURe with German legislation An open technology cUStomeR Meeting enterprise needs platform with built-in expectatIonS compliance, ease-of-use, Rapid access aRe changIng: and best pricing for SImpLe Support/help getting started businesses of any size, Easy to use Demand for scalable, in any industry dynamic IT resources is growing. Great pricing affoRDaBLe open Moving from capex to opex Public IaaS is the answer for IT infrastructures (compute, storage, teLekom network, management) OpenStack API cLoUD open No vendor lock-in Simple to integrate Image Factory@Open Telekom Cloud May 2017 5
otc at a gLance Open Telekom Cloud is a cloud offered by Deutsche Telekom Open Telekom Cloud is a public-cloud service based on OpenStack Open Telekom Cloud is operated by T-Systems in Germany, and its functionality continues to be enhanced Open Telekom Cloud meets German and European legal requirements on data protection/privacy Open Telekom Cloud offers 99.95% availability For users who need robust data protection/security For cost-conscious enterprises of all sizes, in all industries For users looking for simple, secure and affordable cloud services Image Factory@Open Telekom Cloud May 2017 6
ReaSonS Image Factory@Open Telekom Cloud May 2017 7
ReaSonS foR BUILDIng own ImageS SecURIty pLatfoRm USeR expeRIence Hardening of images XEN drivers Up-to-date images Patched images High-performance drivers Uniform images Transparent process of image Huawei tools (uvp-monitor) Standard user for login creation cloud-init optimization Include OpenStack tools • Preconfiguration (NTP, update mirrors etc.) Image Factory@Open Telekom Cloud May 2017 8
ReqUIRementS Image Factory@Open Telekom Cloud May 2017 9
Image ReqUIRementS Supportable and maintainable Regular updates Small images, fast to build, deploy, discard, and cheap to run Security hardening Modern (latest stable community and enterprise Linux distros) Check authenticity of packages Configuration/Customization via cloud-init & vendor/user-data SecURe SImpLe affoRDaBLe Reproducible, template-based Tested open Transparent process of image creation Continuous integration Provide community images to public License compliancy Image Factory@Open Telekom Cloud May 2017 10
SetUp Image Factory@Open Telekom Cloud May 2017 11
tooLS openSUSE KIWI I is a Perl-based tool building customized OS images Pulls packages from repositories, and installs them in chroot environment Builds for us: openSUSE, SLES, CentOS, OracleLinux, RHEL Not supported: Debian-based images diskimage-builder is a Python-based tool for building customized OS images Pulls packages from repositories, and installs them in chroot environment Builds for us: Debian, Fedora Not supported: SUSE-based images GIT repository: Holds template files and scripts Bash scripts to automate the whole workflow OpenStack tools: Upload and register images Apache: Publish image files and documentation Image Factory@Open Telekom Cloud May 2017 12
BUILD enVIRonment architecture Normal tenant in OTC production environment Internet Image Factory Tenant Support systems All servers are redundant in SSh HTTPS az1 and az2 SMT Jump KIWI RHUI Host Build Host APT-cacher Security groups to contol SSH the traffic NFS Admin Object Server NFS storage REST Jump Hosts: Gateway for all outgoing traffic (SNAT) Web DIB Server Build Host NFS server for GIT and Glance NFS image data HTTPS REST User Image Factory@Open Telekom Cloud May 2017 13
woRkfLow Image Factory@Open Telekom Cloud May 2017 14
Image BUILD woRkfLow Config files from GIT Webserver: qcow2 files Keys Glance: Script to register image RPMs from repo servers Calls KIWI or diskimage-builder Boot VM Compares config and package list to Start testsuite previous build Save test results Collects logfiles Signs the images Upload image to tenant OBS Register as private image Image Factory@Open Telekom Cloud May 2017 15
InpUt exampLe (confIg.xmL) Image Factory@Open Telekom Cloud May 2017 16
Image BUILD exampLe 1/2 Call K KIWI Ge Get rep epos Setu tup chro root Image Factory@Open Telekom Cloud May 2017 17
Image BUILD exampLe 2/2 Co Convert qco cow2 KIWI WI su succe ccess Image Factory@Open Telekom Cloud May 2017 18
UpLoaD & RegISteR OBSUpload Registe ter Image Factory@Open Telekom Cloud May 2017 19
teStSUIte exampLe SSH SSH ch check cks Upda date e test Reb eboot test Image Factory@Open Telekom Cloud May 2017 20
oUtpUt Image Factory@Open Telekom Cloud May 2017 21
Image VeRSIonS V1 Latest stable community and enterprise Linux distros , e.g.: openSUSE 42, SLES 12SP2 CentOS, OEL, RHEL 6.8 + 7.3 Debian 8.7, Fedora 25 Also available, but provided by Canonical: Ubuntu 14.04 (trusty), Ubuntu 16.04 (xenial) Image Factory@Open Telekom Cloud May 2017 22
Image VeRSIonS V2 Latest stable community (Standard_ prefix) and enterprise (Enterprise_) Linux distros , e.g.: openSUSE 42.x, SLES 12SPx CentOS, OEL, RHEL 7.x EulerOS 2.x Debian 8.x, Fedora 25 Also available, but provided by Canonical (Community_): Ubuntu 14.04 (trusty) Ubuntu 16.04 (xenial) May 17, 2017 23 Image Factory@Open Telekom Cloud May 2017 23
pUBLIc Image LISt https://cons onsol ole.otc.t-sys ystems.com om/ Image Factory@Open Telekom Cloud May 2017 24
oUtLook Image Factory@Open Telekom Cloud May 2017 25
what IS next Paas aas Im Imag ages Marketp tplace IFaaS aaS CoreOS Co Windows ws Inte tegration Je Jenkins ? Infrastr tructu ture re imp mpro roveme ments GPU U based Linux comIng Soon Image Factory@Open Telekom Cloud May 2017 26
qUeStIonS? Image Factory@Open Telekom Cloud May 2017 27
LInkS Image Factory: https://imagefactory.otc.t-systems.com/ Image Factory related blogs: https://cloud.telekom.de/en/blog/open-telekom-cloud-image-factory-introduction/ https://cloud.telekom.de/en/blog/open-telekom-cloud-image-factory-get-in-touch-with-an-open- telekom-image/ https://cloud.telekom.de/en/blog/open-telekom-cloud-available-images-naming-conventions- planned-roadmap/ https://cloud.telekom.de/en/blog/image-factory-image-modifications/ Helpcenter: https://docs.otc.t-systems.com/ims_dld/index.html Image Factory@Open Telekom Cloud May 2017 28
thank yoU! Image Factory@Open Telekom Cloud May 2017 29
Recommend
More recommend