Automatisation¶
Ansible est un outil open-source de gestion de configuration écrit en python (aussi dispo en version commerciale avec une interface graphique et un service de déploiement). La configuration se fait via des fichiers appelés “Playbooks”.
Les avantages :
- Un système déclaratif : syntaxe YAML facilement lisible, ce qui rend l’apprentissage très rapide.
- Templating des fichiers de configuration : qui permet d’avoir des fichiers dynamiquement générés en fonction de ce que vous voulez, tel que le rôle du serveur, ou bien dépendant d’un autre serveur. En plus le langage de template par défaut est Jinja2, ça plaira aux amateurs de Django.
Quasiment rien à installer. A part Ansible sur votre machine hôte, tout ce dont vous avez besoin c’est d’un accès root via SSH sur vos serveurs cibles.
Provisionning des machines virtuelles¶
Nous avons besoin d’automatiser la création de machines virtuelles car elles servent d’hôte pour les conteneurs Docker.
Ainsi, nous pourrons créer autant de stack docker (dans la limite des ressources physiques disponibles).
Exemple de configuration:
- vsphere_guest:
vcenter_hostname: vcenter.vsphere.local // On se connecte sur le vCenter qui manage les esxi
username: user
password: password
guest: vm_name
state: powered_on
vm_extra_config: // On active l'ajout à chaud CPU & RAM
vcpu.hotadd: yes
mem.hotadd: yes
notes: docker-node
folder: VM
vm_disk: // On définit le stockage de la VM
disk1:
size_gb: 64
type: thin
datastore: ISCSI
folder: VM
vm_nic: // On définit le réseau auquel sera connecté la VM
nic1:
type: vmxnet3
network: VM Network
network_type: standard
vm_hardware: // On spécifie le matériel & l'image iso utilisée
memory_mb: 8192
num_cpus: 2
osid: debian8
scsi: paravirtual
vm_cdrom:
type: "iso"
iso_path: "Datastore/iso/debian-8.iso"
esxi: // On indique sur quel ESXi hôte la vm fonctionnera
datacenter: Datacenter
hostname: esx1.popcube.xyz
Ajout aux cluster swarm¶
Pour rejoindre le cluster j’utilise le roles :
Exemple Playbooks:
TASK [atosatto.docker-swarm : Install python-pip.] ***************************** skipping: [sw01] => (item=(0, u'python-pip')) TASK [atosatto.docker-swarm : Install the Python SNI support packages.] ******** skipping: [sw01] => (item=python-dev) skipping: [sw01] => (item=libssl-dev) skipping: [sw01] => (item=libffi-dev) TASK [atosatto.docker-swarm : Install the Python SNI python-pip dependencies.] *** skipping: [sw01] => (item=pyopenssl) skipping: [sw01] => (item=ndg-httpsclient) skipping: [sw01] => (item=pyasn1) TASK [atosatto.docker-swarm : Import Docker APT public key.] ******************* skipping: [sw01] TASK [atosatto.docker-swarm : Install yum-utils if necessary.] ***************** skipping: [sw01] TASK [atosatto.docker-swarm : Install apt-transport-https if necessary.] ******* skipping: [sw01] TASK [atosatto.docker-swarm : Add the YUM Docker repository.] ****************** skipping: [sw01] TASK [atosatto.docker-swarm : Add the APT Docker repository.] ****************** skipping: [sw01] TASK [atosatto.docker-swarm : Install Docker dependencies.] ******************** skipping: [sw01] => (item=linux-image-extra-virtual) TASK [atosatto.docker-swarm : Install the Docker Engine.] ********************** skipping: [sw01] TASK [atosatto.docker-swarm : Enable the Docker daemon as a service and start it.] *** skipping: [sw01] TASK [atosatto.docker-swarm : Install docker-py 1.9.0 to fix Ansible issue 17495] *** skipping: [sw01] TASK [atosatto.docker-swarm : Install docker-py] ******************************* skipping: [sw01] TASK [atosatto.docker-swarm : Add the Docker administrators to the Docker group] *** skipping: [sw01] => (item=root) TASK [atosatto.docker-swarm : Kill the ansible_user active SSH connections] **** skipping: [sw01] TASK [atosatto.docker-swarm : Check if "Swarm Mode" is enabled.] *************** ok: [sw01] TASK [atosatto.docker-swarm : Init "Swarm Mode" on the first manager.] *********
Conteneur¶
Réseaux et dns¶
Je ping la database de l’organisation de maxime:
docker@docker-02:~$ docker exec -it maxime_api.1.93ms44c6jdslhhazikwbdmrki /bin/sh
/go/src/github.com/titouanfreville/popcubeapi # ping maxime_database
PING maxime_database (10.0.3.4): 56 data bytes
64 bytes from 10.0.3.4: seq=0 ttl=64 time=0.080 ms
64 bytes from 10.0.3.4: seq=1 ttl=64 time=0.092 ms
Depuis la database je ping le conteneur disponible:
docker@docker-02:~$ docker service scale maxime_api=5
docker@docker-03:~$ docker exec -it maxime_database.1.rrppb6d5qaed3cm8n7oa42qes /bin/bash
root@1c32df28a830:/#
root@1c32df28a830:/# ping maxime_api
PING maxime_api (10.0.3.2): 56 data bytes
64 bytes from 10.0.3.2: icmp_seq=0 ttl=64 time=0.053 ms
64 bytes from 10.0.3.2: icmp_seq=1 ttl=64 time=0.100 ms
root@1c32df28a830:/# ping maxime_api.1.m19g9tbv4m6kx4794i1aoi0hh
PING maxime_api.1.m19g9tbv4m6kx4794i1aoi0hh (10.0.3.18): 56 data bytes
root@1c32df28a830:/# dig tasks.maxime_api
; <<>> DiG 9.9.5-9+deb8u11-Debian <<>> tasks.maxime_api
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42947
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;tasks.maxime_api. IN A
;; ANSWER SECTION:
tasks.maxime_api. 600 IN A 10.0.3.7
tasks.maxime_api. 600 IN A 10.0.3.9
tasks.maxime_api. 600 IN A 10.0.3.3
tasks.maxime_api. 600 IN A 10.0.3.11
tasks.maxime_api. 600 IN A 10.0.3.18
;; Query time: 0 msec
;; SERVER: 127.0.0.11#53(127.0.0.11)
;; WHEN: Mon May 29 12:23:16 UTC 2017
;; MSG SIZE rcvd: 194
Le nom de staks et service:
root@1c32df28a830:/# nslookup maxime_api
Server: 127.0.0.11
Address: 127.0.0.11#53
Non-authoritative answer:
Name: maxime_api
Address: 10.0.3.2
root@1c32df28a830:/# nslookup tasks.maxime_api
Server: 127.0.0.11
Address: 127.0.0.11#53
Non-authoritative answer:
Name: tasks.maxime_api
Address: 10.0.3.3
Name: tasks.maxime_api
Address: 10.0.3.11
Name: tasks.maxime_api
Address: 10.0.3.7
Name: tasks.maxime_api
Address: 10.0.3.9
Name: tasks.maxime_api
Address: 10.0.3.18
Mise a jours des conteneurs¶
Exmple : ajout d’un labels:
docker@docker-02:~$ docker service update maxime_database --update-parallelism 2 --with-registry-auth --container-label-add xyz.popcube.org=maxime
maxime_database
"UpdateStatus": {
"State": "completed",
"StartedAt": "2017-05-29T12:11:49.342150133Z",
"CompletedAt": "2017-05-29T12:12:32.897318749Z",
"Message": "update completed"
}
docker@docker-02:~$ docker service update maxime_api
"UpdateStatus": {
"State": "updating",
"StartedAt": "2017-05-29T12:36:21.96182509Z",
"CompletedAt": "1970-01-01T00:00:00Z",
"Message": "update in progress"
}
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
fg54tw7l62lb maxime_api.1 registry.popcube.xyz:5000/popcubeapi:alpha-1.1.11 docker-01 Running Running 2 minutes ago
m19g9tbv4m6k \_ maxime_api.1 registry.popcube.xyz:5000/popcubeapi:alpha-1.1.11 docker-03 Shutdown Shutdown 3 minutes ago
93ms44c6jdsl \_ maxime_api.1 registry.popcube.xyz:5000/popcubeapi:alpha-1.1.11 docker-02 Shutdown Shutdown 27 minutes ago
xyq4od3bl2l4 \_ maxime_api.1 registry.popcube.xyz:5000/popcubeapi:alpha-1.1.11 docker-01 Shutdown Shutdown 3 days ago
vitoudmvt0nd maxime_api.2 registry.popcube.xyz:5000/popcubeapi:alpha-1.1.11 docker-03 Running Running 2 minutes ago
tn1hudgg18ve \_ maxime_api.2 registry.popcube.xyz:5000/popcubeapi:alpha-1.1.11 docker-01 Shutdown Shutdown 3 minutes ago
klvmqfyi3vn9 maxime_api.3 registry.popcube.xyz:5000/popcubeapi:alpha-1.1.11 docker-02 Running Running 2 minutes ago
p3opbb8iq86w \_ maxime_api.3 registry.popcube.xyz:5000/popcubeapi:alpha-1.1.11 docker-02 Shutdown Shutdown 3 minutes ago
n9wg7howeasg maxime_api.4 registry.popcube.xyz:5000/popcubeapi:alpha-1.1.11 docker-01 Running Running 2 minutes ago
f75oupbzedf1 \_ maxime_api.4 registry.popcube.xyz:5000/popcubeapi:alpha-1.1.11 docker-01 Shutdown Shutdown 3 minutes ago
uhha8n4lajcr maxime_api.5 registry.popcube.xyz:5000/popcubeapi:alpha-1.1.11 docker-02 Running Running 2 minutes ago
34sja7n3xcv5 \_ maxime_api.5 registry.popcube.xyz:5000/popcubeapi:alpha-1.1.11 docker-02 Shutdown Shutdown 3 minutes ago
Portabilité¶
Les images se déplace facillement entre les noeuds
Exemple de nos images docker:
registry.popcube.xyz:5000/popcubeapi : 332 MB
registry.popcube.xyz:5000/popcube_website : 18 MB
Monitoring¶
Grace à l’écoute sur la socket les nodes exploreurs récoltent directement les nouveaux conteneurs qui sont créé.
Reverse Proxy¶
Selon les labels (swarm) du service, Traefik génére automatiquement la configuration de redirections.