Apache Brooklyn Hacks

Transcript

1. apache brooklyn APACHE BROOKLYN HACKS Richard Downer <[email protected]>

2. WHAT KIND OF HACKS? Tips, Techniques, Guides …and some things

   that are not so obvious

3. apache brooklyn A QUICK INTRODUCTION TO APACHE BROOKLYN

4. apache brooklyn BREAKING NEWS • Apache  Brooklyn  voted  to  graduate

    the  Incubator  in  October  2015  -­‐   resolu?on  to  be  presented  to  the  next  ASF  Board  Mee?ng

5. apache brooklyn hDps:/ /speakerdeck.com/rdowner/apache-­‐brooklyn-­‐what-­‐it-­‐is-­‐2015 For  an  introduc?on  to  Apache  Brooklyn,

    please  see
 my  recent  presenta?on:
 “Apache  Brooklyn  -­‐  What  it  is  and  why  you  should  join  in”

6. apache brooklyn #1: THE QUICKEST WAYS TO MAKE BLUEPRINTS

7. apache brooklyn VANILLA SOFTWARE PROCESS • An  en?ty  that  allows

    you  to  specify   arbitrary  shell  script  for  the  install,   customise  and  launch  phases   • Allows  you  to  make  an  en?ty  out  of   anything  that  can  be  shell  scripted name: Jenkins location: jclouds:digitalocean services: - name: Jenkins type: org.apache.brooklyn.entity.software.base.VanillaSoftwareProcess provisioning.properties: osFamily: ubuntu minRam: 2048 brooklyn.config: jenkins.port: 8080 shell.env: jport: $brooklyn:config("jenkins.port") install.command: | wget -q -O - https://jenkins-ci.org/debian/jenkins-ci.org.key | sudo a sudo sh -c 'echo deb http://pkg.jenkins-ci.org/debian binary/ > /etc/a sudo apt-get update sudo DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-unauthe sudo service jenkins stop customize.command: sudo sed -i.bak 's/^HTTP_PORT=.*$/HTTP_PORT='$jport'/ launch.command: sudo service jenkins start checkRunning.command: sudo service jenkins status

8. apache brooklyn ENTITY INITIALIZERS • En?ty  ini?alizers  allow  the  addi?on

    of   sensors  and  effectors   • These  can  come  from  SSH  shell  script   commands,  HTTP  queries,  and  more   • Not  just  limited  to   VanillaSoYwareProcess  -­‐  can  be   applied  to  any  en?ty! brooklyn.initializers: - type: org.apache.brooklyn.core.sensor.StaticSensor brooklyn.config: name: jenkins.port static.value: $brooklyn:config("jenkins.port") brooklyn.enrichers: - enricherType: org.apache.brooklyn.enricher.stock.Transformer brooklyn.config: enricher.producer: $brooklyn:component("this" ,"") enricher.sourceSensor: $brooklyn:sensor("host.name") enricher.targetSensor: $brooklyn:sensor("jenkins.url") enricher.targetValue: $brooklyn:formatString("http://%s:%s/", $brook

9. apache brooklyn COMBINE ENTITIES • Mix  and  match  VanillaSoYwareProcess  

   with  dedicated  en??es  (wriDen  in  Java)   • For  example:  Thomas  Bouron’s  GitLab   blueprint   • Uses  Brooklyn’s  off-­‐the-­‐shelf  Postgres   and  Redis  en??es   • Uses  VanillaSoYwareProcess  to   configure  GitLab’s  nginx  and  GitLab   itself   • Uses  Brooklyn’s  SameServer  en?ty  to   put  both  those  parts  onto  the  same  VM id: gitlab-w-postgres-redis-store-and-nginx name: Gitlab with PostgreSQL, Redis store and Nginx services: - type: brooklyn.entity.database.postgresql.PostgreSqlNode id: postgresql name: PostgreSQL Database # ... - type: brooklyn.entity.nosql.redis.RedisStore id: redis name: Redis Store # ... - type: brooklyn.entity.basic.SameServerEntity id: node name: Gitlab node provisioning.properties: osFamily: ubuntu brooklyn.children: - type: brooklyn.entity.basic.VanillaSoftwareProcess id: nginx name: Nginx server # ... - type: brooklyn.entity.basic.VanillaSoftwareProcess id: gitlab name: Gitlab instance

10. apache brooklyn I CURRENTLY USE CHEF. WHAT CAN I DO

    WITH MY COOKBOOKS?

11. apache brooklyn BLUEPRINT FOR CHEF COOKBOOKS • Chef  Solo:  list

     URLs  for  all  the   cookbooks,  specify  a  run  list  and   aDributes   • Chef  Server  supported  too!   • …and  we  can  fit  exactly  the  same   en?ty  ini?alisers  we  used  for  the   shell-­‐based  blueprint! name: Jenkins via Chef location: jclouds:digitalocean services: - type: chef:jenkins brooklyn.config: jenkins.port: 8090 cookbook_urls: jenkins: https://supermarket.chef.io/cookbooks/jenkins/download java: https://github.com/agileorbit-cookbooks/java/archive/v1.29.0.tar apt: https://supermarket.chef.io/cookbooks/apt/download runit: https://supermarket.chef.io/cookbooks/runit/download packagecloud: https://supermarket.chef.io/cookbooks/packagecloud/downl yum: https://supermarket.chef.io/cookbooks/yum/download launch_run_list: [ "jenkins::master" ] service_name: jenkins launch_attributes: jenkins: master: port: $brooklyn:config("jenkins.port") java: jdk_version: 7

12. apache brooklyn BUT WHAT ABOUT… • Puppet,  Ansible,  Salt,  others…?

      • We  would  welcome  the  contribu?on  of  these  integra?ons!

13. apache brooklyn THE COMMUNITY CATALOG • The  aim:  a  directory

     of  open  source   blueprints  for  Brooklyn   • Similar  to  Chef  Supermarket  /   Sonatype’s  Maven  Central

14. apache brooklyn REFERENCES • VanillaSoYwareProcess:
 https://brooklyn.incubator.apache.org/v/latest/yaml/custom-entities.html   • Thomas  Bouron’s

     GitLab  blueprint:
 https://github.com/brooklyncentral/blueprint-library/blob/master/gitlab-w-postgresql-redis-store-and-nginx.yaml   • Chef  blueprints:
 https://brooklyn.incubator.apache.org/v/latest/yaml/chef/index.html

15. apache brooklyn #2: WORKSTATION TO CLOUD… THEN TO ANOTHER CLOUD

16. apache brooklyn DEVELOP ON YOUR WORKSTATION • Most  en??es  will

     work  with  a  loca?on  of  localhost   • During  development,  deploy  your  en??es  (e.g.  database  and  web  app   container)  to  localhost  for  fast  turnaround  and  no  cloud  fees   • Or,  use  VirtualBox  to  fire  up  a  number  of  ready-­‐to-­‐go  VMs,  and  use  the   byon  loca?on   • Give  your  en??es  the  IP  addresses  of  the  VMs  you  pre-­‐created   • Or,  use  the  experimental  Vagrant  plugin  to  deploy  VirtualBox  VMs  on   demand

17. apache brooklyn THEN SWITCH TO CLOUD • Ready  to  go

     to  the  cloud?   • Just  change  the  loca?on  from  localhost  or  byon  to  a  real  cloud  provider   • Deploy  the  blueprint  and  it  will  work  first  ?me!   • Probably  

18. apache brooklyn THEN SWITCH TO A DIFFERENT CLOUD • Corporate

     HQ  nego?ated  a  beDer  deal  with  a  different  cloud  provider?   • Just  change  the  loca?on  to  the  new  cloud  provider   • Deploy  the  blueprint  and  it  will  s?ll  work  first  ?me!   • Probably  

19. apache brooklyn REFERENCES • Loca?ons:
 https://brooklyn.incubator.apache.org/v/latest/ops/locations/index.html

20. apache brooklyn #3: INTERACT WITH APIS

21. apache brooklyn IT’S NOT JUST ABOUT SOFTWARE • Brooklyn  en??es

     don’t  have  to  be  soYware  on  a  virtual  machine!   • Use  Brooklyn  to  interact  with  things  which  have  an  API   • Effectors  use  the  API  to  do  something   • Sensors  use  the  API  to  gather  data   • then  apply  Policies  to  make  things  happen  automa?cally

22. apache brooklyn EXAMPLE: ADVANCED NETWORKING • The  Advanced  Networking  project

     in  Brooklyn  Central   • Provides  en??es  which  control  cloud  networking  APIs

23. apache brooklyn APACHE CLOUDSTACK API • Advanced  Networking  can  integrate

     with  the  Apache  Cloudstack  API   • Allows  crea?on  of  private  subnets  for  a  Brooklyn  applica?on   • En??es  in  the  applica?on  share  a  private  network   • Selected  public  ports  are  configured  for  port  forwarding  at  the  gateway

24. apache brooklyn REFERENCES • Advanced  Networking  add-­‐on  for  Brooklyn
 https://github.com/brooklyncentral/advanced-networking

25. apache brooklyn TAKING IT A STEP FURTHER • If  you

     can  interact  with  APIs…   • and  if  some  hardware  has  an  API…   • then  you  can  use  Brooklyn  to:

26. apache brooklyn #4: CONTROL HARDWARE

27. apache brooklyn EXAMPLE: SECRET TELECOM PROJECT • A  telecommunica?ons  provider

     is  using  Brooklyn  to  orchestrate  fibre   op?c  networks  across  data  centres   • Telco-­‐grade  ($$$$$)  op?cal  networking  hardware  and  routers   • A  “bridge”  app  receives  a  customer’s  order  from  the  business  systems  and   turns  it  into  a  Brooklyn  blueprint  describing  a  mul?-­‐site  op?cal  network   • Brooklyn  configures  the  networking  hardware  to  realise  the  customer’s   order   • But  I  can’t  talk  about  it  because  of  an  NDA  :-­‐(

28. apache brooklyn A SMALLER SCALE EXAMPLE • Simply  take:  

    • A  temperature  sensor   • A  small  USB-­‐powered  fan   • A  relay  module   • A  Raspberry  Pi  computer   • A  HTTP  API  wriDen  in  Python   • An  Ethernet  cable

29. apache brooklyn A SMALLER SCALE EXAMPLE View  this  example  video

     online:   https://youtu.be/oc8yxfapDeM

30. apache brooklyn REFERENCES • Brooklyn  temperature  device:
 https://github.com/rdowner/brooklyn-temperature-device

31. apache brooklyn #5: “CLOUD ENABLE” A MONOLITHIC APPLICATION

32. apache brooklyn BRING YOUR APPS TO THE CLOUD • The

     original  purpose  of  Brooklyn!   • Take  an  app  that  expects  infrastructure  to  be  already  arranged…   • Brooklyn  arranges  the  infrastructure  in  the  cloud  of  your  choice   • Then  deploys  the  app  and  configures  it  with  the  details  of  the   infrastructure

33. apache brooklyn CASE STUDY: APACHE AMBARI • Apache  Ambari  aims

     to  make  it  easy  to  provision,  manage  and  monitor   Apache  Hadoop  clusters.   • …but  it  expects  hardware/VMs  to  be  already  available.   • Combine  it  with  Brooklyn:   • Brooklyn  creates  the  VMs,  installs  Ambari,  configures  it  with  the   details  of  the  VMs,  and  starts  Ambari  provisioning  Hadoop   • From  zero  to  Hadoop  cluster  in  the  cloud,  with  one  blueprint!

34. apache brooklyn BROOKLYN-AMBARI BLUEPRINT • Find  the  code  to  the

     Brooklyn-­‐Ambari   en?ty  at:
 https://github.com/brooklyncentral/brooklyn-ambari   • Your  blueprint  is  as  simple  as  this! name: Ambari driven cloud installation location: jclouds:aws-ec2: region: eu-west-1 identity: <your aws identity> credential: <your aws credential> osFamily: ubuntu osVersionRegex: 12.* minRam: 8192 services: - type: io.brooklyn.ambari.AmbariCluster securityGroup: <the name of a security group exposing 8080> initialSize: 3 services: - GANGLIA - HDFS - MAPREDUCE2 - NAGIOS - YARN - ZOOKEEPER

35. apache brooklyn #6: MANAGE DOCKER & DEPLOY TO DOCKER

36. apache brooklyn CLOCKER • Clocker  is  “The  Docker  Cloud  Maker”

      • Brooklyn  en??es,  policies  and  loca?ons  to  manage  Docker  Engines,  the   Containers  on  them,  and  networking  between  them   • Create  a  Docker  infrastructure  consis?ng  of  a  number  of  engines  on  your   favourite  cloud   • Take  your  exis?ng  Brooklyn  blueprints  and  change  the  loca?on  -­‐  now  they  are   deploying  to  Docker  containers!   • Integrates  with  Calico  and  Weave  for  seamless  networking  between  containers

37. apache brooklyn FIND OUT MORE • Home  page:  hDp:/ /clocker.io

      • Many  presenta?ons  and  videos,  including:   • Video:  “How  to  Create  a  Docker  Cloud  with  Brooklyn,  jclouds  and  Clocker”
 presented  by  Andrea  Turli  at  ApacheCon  North  America  2015
 https://youtu.be/oBEwFpYD620   • Slide  deck:  “Using  Clocker  with  Project  Calico  -­‐  Running  Produc?on  Workloads  in  the   Cloud”
 presented  by  Andrew  Kennedy  at  SoYware  Circus  2015
 https://speakerdeck.com/grkvlt/using-clocker-with-project-calico-running- production-workloads-in-the-cloud   • Full  list  at  https://github.com/brooklyncentral/clocker/wiki/Talks-and-Presentations  

38. apache brooklyn #7: ENABLE PERSISTENCE AND HIGH AVAILABILITY

39. apache brooklyn PERSISTENCE • Brooklyn  will  con?nually  save  its  state

     to  a  persistent  store   • A  file  system  loca?on,  or   • A  blobstore   • In  the  event  of  a  crash,  a  new  instance  of  Brooklyn  can  load  the   persisted  state  and  “re-­‐bind”

40. apache brooklyn PERSISTENCE OPTIONS • --persist disabled|auto|rebind|clean • disabled:  no

     persistence   • auto:  rebind  to  state  if  it  exists;  clean  startup  if  no  saved  state   • rebind:  rebind  to  state  if  it  exists;  error  if  no  saved  state   • clean:  remove  any  exis?ng  state

41. apache brooklyn PERSISTENCE LOCATION • --persistenceDir  —  directory  name,  rela?ve

     to  ~/.brooklyn,
 or  container  name  when  using  blobstore.  Defaults  to  brooklyn-persisted-state • Blobstore:   • --persistenceLocation  —  reference  to  a  blobstore   • a  jclouds  public  cloud  provider  -­‐  e.g.  jclouds:aws-s3   • a  named  loca?on  defined  in  brooklyn.properties  -­‐
 e.g.  named:my-blobstore   • creden?als  best  specified  in  brooklyn.properties

42. apache brooklyn HIGH AVAILABILITY • Run  mul?ple  instances  of  Brooklyn

     so  that  failures  do  not  cause  loss  of   service   • Master-­‐standby  system   • One  Brooklyn  instance  is  the  master  and  is  opera?ng  normally   • Other  instances  are  hot  standbys  in  a  read-­‐only  mode   • If  the  master  fails,  one  of  the  standbys  is  promoted  to  master  so  that   service  can  con?nue

43. apache brooklyn HOW DOES IT WORK? • Relies  on  Persistence

     -­‐  all  instances  share  the  same  persistent  store   • Master  is  the  only  instance  that  writes  to  the  persistence  store   • Master  writes  “heartbeat”  messages  to  the  store   • Standbys  read  the  persisted  state   • If  a  standby  detects  that  the  master  is  no  longer  wri?ng  heartbeats,  it   promotes  itself  to  master

44. apache brooklyn HA OPTIONS • --highAvailability disabled|auto|master|standby|hot_standby • disabled:  no

     HA   • auto:  will  start  as  master  if  there  isn’t  one;  or  as  standby  if  there  is   already  a  master   • master:  will  start  as  master;  fails  if  there  is  already  a  master   • standby:  will  start  as  standby;  fails  if  there  is  no  exis?ng  master   • hot_standby:  as  standby,  and  also  rebinds  to  en??es  read-­‐only  so   Brooklyn’s  state  can  be  observed

45. apache brooklyn REFERENCES • Persistence:
 https://brooklyn.incubator.apache.org/v/latest/ops/persistence/index.html   • High  Availability:


    https://brooklyn.incubator.apache.org/v/latest/ops/high-availability.html

46. apache brooklyn #8: USE BROOKLYN
 TO LAUNCH BROOKLYN

47. apache brooklyn LAUNCHING BROOKLYN • Brooklyn  is  a  soYware  package

     like  any  other,  so  Brooklyn  can   configure  and  launch  it.   • Why?

48. apache brooklyn ISOLATION • Brooklyn  is  not  mul?-­‐tenant   •

    A  service  provider  offering  Brooklyn  services  to  mul?ple  customers  can   start  up  a  Brooklyn  instance  for  each  customer   • No  risk  of  customer  data  cross  between  instances

49. apache brooklyn SCALABILITY • En??es  consume  resources   • Especially

     when  there  are  lots  of  them   • Especially  when  those  en??es  have  expensive  sensors   • So  run  mul?ple  Brooklyn  instances  with  apps  balanced  between  them

50. apache brooklyn SELF MANAGING • Brooklyn  can  manage  itself  

    • Use  it  to  bootstrap  itself  into  a  HA  setup   • Run  Brooklyn  on  your  worksta?on  in  HA  mode   • Use  it  to  provision  a  Brooklyn  HA  cluster  with  the  same  persistent   store   • Shut  down  Brooklyn  on  your  worksta?on   • Brooklyn  is  now  a  self-­‐managing,  self-­‐healing  HA  cluster

51. apache brooklyn THE BLUEPRINT name: Brooklyn location: jclouds:digitalocean services: -

    name: Brooklyn type: org.apache.brooklyn.entity.brooklynnode.BrooklynNode brooklyn.config: brooklynnode.managementUser: admin brooklynnode.managementPassword: password brooklynnode.brooklynproperties.global.remotepath: ${HOME}/.brooklyn/brooklyn.properties brooklynnode.properties.file.ifExists: OVERWRITE brooklynnode.brooklynproperties.global.contents: | brooklyn.webconsole.security.provider=org.apache.brooklyn.rest.security.provider.ExplicitUsersSecurityProvider brooklyn.webconsole.security.users=admin brooklyn.webconsole.security.user.admin.salt=xREI brooklyn.webconsole.security.user.admin.sha256=d1df5f4c006178887ec924692e7719b845b8a5c7a33b56cffdab9a38d76959eb

52. apache brooklyn REFERENCES • BrooklynNode  en?ty  documenta?on:
 https://brooklyn.incubator.apache.org/learnmore/catalog/catalog-item.html#! entities/org.apache.brooklyn.entity.brooklynnode.BrooklynNode

53. apache brooklyn #9: CREATE USERS ON SHARED DATABASE SERVER

54. apache brooklyn THE SCENARIO • You  have  a  powerful  database

     server  for  all  your  users   • You  want  your  user’s  en??es  to  access  this  server   • …but  you  do  not  want  them  to  use  the  admin/superuser  login

55. apache brooklyn THE DBACCESS ENTITY • Connects  to  an  exis?ng

     instance  of   PostgreSQL  or  MySQL   • Uses  admin  login  to  create  a  new  user   • Publishes  the  new  user  details  to   sensors   • (Op?onal)  A  second  en?ty  that   forwards  the  normal  user  login  and   hides  the  admin  user  login name: Postgres Access services: - type: io.cloudsoft.dbaccess.PostgresDatabaseAccessEntity name: Postgres Access brooklyn.config: dbaccess.endpoint.url: postgresql://192.241.135.61:5432/ dbaccess.admin.user: superuser dbaccess.admin.password: Sup3r_S3kr1t dbaccess.database: db dbaccess.username: fred dbaccess.password: n0rm4l_u5er

56. apache brooklyn REFERENCES • Blog  post:
 http://www.cloudsoftcorp.com/blog/2015/09/a-service-for-creating-read-only-users-on-existing-databases/   • En?ty

     source  code:
 https://github.com/brooklyncentral/dbaccess-entity

57. apache brooklyn #10: EXTERNALISE CONFIGURATION or,  “Don’t  put  clear  text

     passwords  in  your  blueprints”

58. apache brooklyn WHAT IT MEANS This  is  bad: This  is

     beDer: services: - type: com.example.AuthenticatedService service.user: apiUser service.password: passw0rd services: - type: com.example.AuthenticatedService service.user: $brooklyn:external("foo-creds", "user") service.password: $brooklyn:external("foo-creds", "password")

59. apache brooklyn WHERE DOES CONFIGURATION COME FROM? • A  pluggable

     system  for  external  sources   • Declare  in  brooklyn.proper?es:   • brooklyn.external.foo-creds = brooklyn.config.external.PropertiesFileExternalConfigSupplier
 brooklyn.external.foo-creds.propertiesUrl = “file:///home/brooklyn/foo.properties" • brooklyn.external.bar-creds = brooklyn.config.external.InPlaceExternalConfigSupplier
 brooklyn.external.bar-creds.username = admin
 brooklyn.external.bar-creds.password = Sup3r_S3kr1t


60. apache brooklyn WHERE DOES CONFIGURATION COME FROM? • Proper?es  file,

     and  inline  in  brooklyn.proper?es  (as  you  have  just  seen)   • External  services  under  development   • Hashicorp  Vault

61. apache brooklyn REFERENCES • Proposal  document:
 https://docs.google.com/document/d/1_cId6tVZ79ycmvn-DAmFBZDdtQxiHRm9sOilCfMigBc/edit#heading=h.f7qqi4wxbf4t   • Note

     that  this  is  a  new  feature  -­‐  it  is  present  in  Brooklyn  but  it  is  not   yet  fully  documented.

62. apache brooklyn #11: TESTING USING THE
 BROOKLYN MAVEN PLUGIN

63. apache brooklyn TESTING IS GOOD, RIGHT? • Your  blueprints  will

     need  tes?ng.   • Automated  tests  are  a  valuable  tool  in  development   • So  if  you  are  coding  a  Java  blueprint…   • Test  your  blueprint  automa?cally  as  part  of  your  build

64. apache brooklyn WHAT IT DOES • Connects  to  an  exis?ng

     instance  of  Brooklyn   • Deploys  a  blueprint   • Retrieves  sensor  values

65. apache brooklyn EXAMPLE <plugin>
 <groupId>io.brooklyn.maven</groupId>
 <artifactId>brooklyn-maven-plugin</artifactId>
 <version>0.3.0-SNAPSHOT</version>
 <executions>
 <execution>
 <id>Deploy

    blueprint</id>
 <goals>
 <goal>deploy</goal>
 <goal>sensor</goal>
 <goal>stop</goal>
 </goals>
 <configuration>
 <server>${server}</server>
 <blueprint>${project.basedir}/blueprint.yaml</blueprint>
 <sensor>webapp.url</sensor>
 <typeRegex>.*Tomcat.*</typeRegex>
 </configuration>
 </execution>
 </executions>
 </plugin> <plugin>
 <artifactId>maven-antrun-plugin</artifactId>
 <executions>
 <execution>
 <phase>integration-test</phase>
 <goals>
 <goal>run</goal>
 </goals>
 <configuration>
 <tasks>
 <echo>Maven plugin example results:</echo>
 <echo>Server was running at ${brooklyn.server}</echo>
 <echo>Application: ${brooklyn.app}</echo>
 <echo>Sensor value: ${brooklyn.sensor}</echo>
 </tasks>
 </configuration>
 </execution>
 </executions>
 </plugin>

66. apache brooklyn REFERENCES • Source  code:
 https://github.com/brooklyncentral/brooklyn-maven-plugin

67. apache brooklyn WHERE TO FIND US • Official  website:  hDps:/

    /brooklyn.incubator.apache.org   • Mailing  list:
 dev-­‐[email protected]
 hDps:/ /mail-­‐archives.apache.org/mod_mbox/incubator-­‐brooklyn-­‐dev/   • Source  code:
 hDps:/ /github.com/apache/incubator-­‐brooklyn
 or  hDps:/ /git-­‐wip-­‐us.apache.org/repos/asf?p=incubator-­‐brooklyn.git   • IRC  channel:  #brooklyncentral  on  Freenode   • Social  Media:  @ApacheBrooklyn,  YouTube,  Google+,   Facebook Thank  You!   Richard  Downer
 [email protected]
 @Fron?erTown