 Hi, I'm Chris Hodge from the OpenStack Foundation and today I'm going to talk about using OpenStack Ironic to manage bare-middle infrastructure for containers. So we're going to talk about the hardware setup we're using this in demo. We're going to then prepare the head node, install Ironic onto the head node using a container-based installation, build a base image for deploying on the worker nodes, enroll in the provision of the hardware using Ironic, and then install Kubernetes on top of that hardware. Okay, so let's begin. In this setup, we have three servers, a control node that's going to run Ironic, a two worker nodes that are connected to a switch over VLANs with a public network, a data network, and an IPMI or out-of-band control network. So we prepare the head node. We're running CentOS for this instance, and you start off by installing some minimal package requirements, setting up the system settings, and then starting some services like Docker. Okay, so we have our new installation. We're going to start off by updating our installation. This will take a few minutes and then we'll reboot to grab whatever new kernel is installed. Okay, we also want to make sure that we disable the firewall because this will interfere with our installation and with Docker. And finally, we set SE Linux to be permissive. Okay, with this we reboot our system and then we log back into it. And then we're going to install our base packages. We begin with installing the Apple release. And then we can install another large number of other development packages like Python PIP, Python Devel, GCC, OpenSSL, Ansible, NTP, virtual environment. You know, these are just some useful tools that we're going to need on our installation. And run this. It'll take a few minutes. And then finally, once we have our base requirements installed, we are going to use the Docker tools to install Docker, upgrade PIP first. And then we install Docker using the official Docker repository with their convenient get Docker.io bash script. We modify the user so that they can run Docker in the user space, log out so those changes will take effect and test that Docker is running. And finally, we want to make sure that Docker is started and enabled as a system service. Okay, let's move on to installing a container-based ironic installation. This is a standalone ironic installation. You're going to start by downloading the repository of the installation from my GitHub repository. You'll build the Docker images with a simple script, configure the installation, and then install the services with another simple script. Okay, so let's download the repository from my GitHub repository, change into the code base, and then just run the build script. The build script will take around 10 minutes to run. And when you're done, you'll see a new list of Docker packages that are available to you. Some of them are upstream containers and some are built by this system. Now we want to configure our installation by setting the passwords and network settings, including the interfaces for the IPMI and the data interface. And then we run the install script. The install script is essentially a set of Docker runs and Docker volume creates and other Docker commands to stand up the services and expose their ports and make network connections where necessary. So you run the install script and it's a pretty quick installation once you're at this point. And if you do a Docker PS, you can see all of your containers running. And what we've installed with the script is a message queue backed by RabbitMQ, a database that's backed by MariaDB. These are private services, a publicly available FTP server, Nginx running as an HDTV server. These are both for pixie booting, DNS mask for managing our network, a control interface, which is an ironic API, and then the ironic conductor, which is handles the image management and deployment and is connected to the database and the message queue. And with this, we've installed ironic on top of our control node. Okay, moving on to building a base image. This installation includes a helper container that you can use to build base images and drop them into our HTTP server. You start them with the dib.sh command and then you change to the HTTP boot repository and then run dib with selected elements to build a customized image. Okay, we're going to start by adding a Kubernetes repository to all of our images so that Kubernetes will be available immediately on our images. And then we run dib with the settings. And it takes about 10 minutes to run through the process. This is installing CentOS with Kubernetes on top of it, adding a user, making sure that when it starts up it reaches DHCP. You also want to do an MD5 sum of the image that you created. This is so that ironic can securely pixie boot. Now we can move on to enrolling and provisioning the hardware. We start off by enrolling the hardware. There's through node create and node update commands on ironic. You're setting information like the ironic boot service of hardware information and final installation information, including the checksum from the image that we just created as well as setting up network ports. And we're doing this for two bare metal compute nodes. We also need to install the ironic client. And we do this inside of a Python virtual environment. And then we're going to set some environment variables to point to the password and the endpoint of the ironic server. Check to see that ironic is running. And then we run the node create and node update for node one. And then attach the network devices onto it. We can see that node one is set up. And then we do the same for node two. And we do an ironic node list. And we can see that ironic has actually picked up the power state of the first node. And you can also do an ironic node validate to make sure that all of your settings are correct. And then you can actually boot. Once this is done, we can set the provision state of node one to active. And we can interactively watch the boot process. Using ironic show node, it'll provide us updated information. It takes a few minutes to boot. This works by booting the machine, installing the ironic agent onto it, using that to prepare the machine, including installing the base operating system. And then the node will reboot and will pixie boot to the we're using the kernel and the boot loader for our image. We do the same thing for node two. We can also watch this process as it comes up. With bare metal, the boot process usually takes a little bit longer than with virtual machines. We move from deploying, then we're going to move into the active state after this. And we have both nodes deployed. So from here, let's move on to installing Kubernetes, finalizing our server deployment. Okay, so we log into our first node, which is going to be our cube control. And we want to make sure that Docker is started and enabled. And we also want to make sure that Kubelet is installed and enabled. Check the status of them. Kubelet will be in an error state until we have Kubernetes running, but Docker will be running just fine. We also want to handle SE Linux, make sure that we set it to the permissive state, and disable the firewall service in case it's running, and finally set the host name of the service to cube control. Normally, these are things that you would handle through some sort of configuration management system, but it's useful to show all these services. Next, we log into our worker node and we do the same thing. We start the Kubelet, we start the Docker service, check to make sure they're up and running, make sure the firewall is stopped, update the network settings and disable SE Linux, and then reboot the system. Okay, we log back into the control node. And from here, we can, now that everything is set up, we can just run kubin and init. And a few minutes later, the installation will be complete along with a custom token that we will want to make note of. You want to install network fabric, in this case we're using calico, and then we can check on the status of all of the pods. It's going to take a few minutes for all of the pods to come up and for the cube control to be completely running. Then we go to our minion. We run the command that was previously given to us. So that the node can join the cluster. Then we check the status. We have both the control and the minion. And then from here, let's deploy a sample application, the sock shop. Again, it's going to take a few minutes for all of the pods to come up. But once they're up and running, we can curl the interface and actually load it inside of our web browser. So this was just a quick run through of how to install ironic on a control node and Kubernetes on some worker nodes controlled by ironic. Thanks for watching and we hope you have a good time with OpenStack.