[qa][openstack-ansible] redefining devstack

Mohammed Naser mnaser at vexxhost.com
Mon Jun 3 12:37:54 UTC 2019

On Mon, Jun 3, 2019 at 8:02 AM Jim Rollenhagen <jim at jimrollenhagen.com> wrote:
> I don't think I have enough coffee in me to fully digest this, but wanted to
> point out a couple of things. FWIW, this is something I've thought we should do
> for a while now.
> On Sat, Jun 1, 2019 at 8:43 AM Mohammed Naser <mnaser at vexxhost.com> wrote:
>> Hi everyone,
>> This is something that I've discussed with a few people over time and
>> I think I'd probably want to bring it up by now.  I'd like to propose
>> and ask if it makes sense to perhaps replace devstack entirely with
>> openstack-ansible.  I think I have quite a few compelling reasons to
>> do this that I'd like to outline, as well as why I *feel* (and I could
>> be biased here, so call me out!) that OSA is the best option in terms
>> of a 'replacement'
>> # Why not another deployment project?
>> I actually thought about this part too and considered this mainly for
>> ease of use for a *developer*.
>> At this point, Puppet-OpenStack pretty much only deploys packages
>> (which means that it has no build infrastructure, a developer can't
>> just get $commit checked out and deployed).
>> TripleO uses Kolla containers AFAIK and those have to be pre-built
>> beforehand, also, I feel they are much harder to use as a developer
>> because if you want to make quick edits and restart services, you have
>> to enter a container and make the edit there and somehow restart the
>> service without the container going back to it's original state.
>> Kolla-Ansible and the other combinations also suffer from the same
>> "issue".
> FWIW, kolla-ansible (and maybe tripleo?) has a "development" mode which mounts
> the code as a volume, so you can make edits and just run "docker restart
> $service". Though systemd does make that a bit nicer due to globs (e.g.
> systemctl restart nova-*).
> That said, I do agree moving to something where systemd is running the services
> would make for a smoother transition for developers.

I didn't know about this (and this wasn't around for the time that I
was trying and
experimenting with Kolla).  This does seem like a possible solution if
we're okay
with adding the Docker dependency into DevStack and the workflow changing
from restarting services to restarting containers.

>> OpenStack Ansible is unique in the way that it pretty much just builds
>> a virtualenv and installs packages inside of it.  The services are
>> deployed as systemd units.  This is very much similar to the current
>> state of devstack at the moment (minus the virtualenv part, afaik).
>> It makes it pretty straight forward to go and edit code if you
>> need/have to.  We also have support for Debian, CentOS, Ubuntu and
>> SUSE.  This allows "devstack 2.0" to have far more coverage and make
>> it much more easy to deploy on a wider variety of operating systems.
>> It also has the ability to use commits checked out from Zuul so all
>> the fancy Depends-On stuff we use works.
>> # Why do we care about this, I like my bash scripts!
>> As someone who's been around for a *really* long time in OpenStack,
>> I've seen a whole lot of really weird issues surface from the usage of
>> DevStack to do CI gating.  For example, one of the recent things is
>> the fact it relies on installing package-shipped noVNC, where as the
>> 'master' noVNC has actually changed behavior a few months back and it
>> is completely incompatible at this point (it's just a ticking thing
>> until we realize we're entirely broken).
>> To this day, I still see people who want to POC something up with
>> OpenStack or *ACTUALLY* try to run OpenStack with DevStack.  No matter
>> how many warnings we'll put up, they'll always try to do it.  With
>> this way, at least they'll have something that has the shape of an
>> actual real deployment.  In addition, it would be *good* in the
>> overall scheme of things for a deployment system to test against,
>> because this would make sure things don't break in both ways.
> ++
>> Also: we run Zuul for our CI which supports Ansible natively, this can
>> remove one layer of indirection (Zuul to run Bash) and have Zuul run
>> the playbooks directly from the executor.
>> # So how could we do this?
>> The OpenStack Ansible project is made of many roles that are all
>> composable, therefore, you can think of it as a combination of both
>> Puppet-OpenStack and TripleO (back then).  Puppet-OpenStack contained
>> the base modules (i.e. puppet-nova, etc) and TripleO was the
>> integration of all of it in a distribution.  OSA is currently both,
>> but it also includes both Ansible roles and playbooks.
>> In order to make sure we maintain as much of backwards compatibility
>> as possible, we can simply run a small script which does a mapping of
>> devstack => OSA variables to make sure that the service is shipped
>> with all the necessary features as per local.conf.
> ++
>> So the new process could be:
>> 1) parse local.conf and generate Ansible variables files
>> 2) install Ansible (if not running in gate)
>> 3) run playbooks using variable generated in #1
>> The neat thing is after all of this, devstack just becomes a thin
>> wrapper around Ansible roles.  I also think it brings a lot of hands
>> together, involving both the QA team and OSA team together, which I
>> believe that pooling our resources will greatly help in being able to
>> get more done and avoiding duplicating our efforts.
>> # Conclusion
>> This is a start of a very open ended discussion, I'm sure there is a
>> lot of details involved here in the implementation that will surface,
>> but I think it could be a good step overall in simplifying our CI and
>> adding more coverage for real potential deployers.  It will help two
>> teams unite together and have more resources for something (that
>> essentially is somewhat of duplicated effort at the moment).
>> I will try to pick up sometime to POC a simple service being deployed
>> by an OSA role instead of Bash, placement which seems like a very
>> simple one and share that eventually.
>> Thoughts? :)
> The reason this hasn't been pushed on in the past is to avoid the perception
> that the TC or QA team is choosing a "winner" in the deployment space. I don't
> think that's a good reason not to do something like this (especially with the
> drop in contributors since I've had that discussion). However, we do need to
> message this carefully at a minimum.

Right.  I think that's because in OpenStack-Ansible world, we have two things

- OSA roles: nothing but basic roles to deploy OpenStack services,
with external consumers
- Integrated: contains all the playbooks

In a way, our roles is "Puppet OpenStack" and our integrated repo is
"TripleO", back
when TripleO deployed via Puppet anyways... I have to be honest, I wish that our
roles lived under a different name so we can collaborate all on them (because an
Ansible role to deploy something generically is needed regardless).

We've actually done a lot of work with the TripleO team and they are consuming
one of our roles (os_tempest) to do all their tempest testing, we gate TripleO
and they gate us for the role.

>> --
>> Mohammed Naser — vexxhost
>> -----------------------------------------------------
>> D. 514-316-8872
>> D. 800-910-1726 ext. 200
>> E. mnaser at vexxhost.com
>> W. http://vexxhost.com

Mohammed Naser — vexxhost
D. 514-316-8872
D. 800-910-1726 ext. 200
E. mnaser at vexxhost.com
W. http://vexxhost.com

More information about the openstack-discuss mailing list