Cloudforms and Openshift
I have a generic question here and I have just started using Openshift enterprise and Origin but I would like to know the details on Cloudforms UI, I know that CloudForms UI can do a lot of things including managing Openshift instances but I would like to know the following in terms of managing Openshift instance, can CloudForms be able to do the following :
- Order New Openshift environments[For ex, DEV, UAT and PROD], where I could say how many nodes and other details I need for those environments?
- Could I be able to plug-in custom tools like ELK/Splunk or AppDynamics to the ordered environments as part of provisioning or later?
- Could I be able to populate locally build images and publish it to all the users for using them? For ex: Suppose my middleware teams build images for Tomcat, Nginx etc and they could be able to publish it in CloudForm and I could be able to add them to my newly ordered environments through the Cloudforms UI, could this be done?
- Could I add multiple registries and integrate them with my ordered environments.
- Does it have all the features that Openshift Enterprise console has? like scanling, S2i etc.
- Could I promote my images from one environment to other through the Cloudforms UI?
- Can I integrate CI/CD tools and build environments with my ordered environments?
- The RBAC in CloudForms can it be modified and catered to suit my requirements/ could this be customized to suit any firms needs?
- Could I replicate my DEV openshift ENV to UAT and then to PROD environments? I did see replicators tab in the videos.
- Can a charge back model be implemented in the Cloudforms UI ? if its already there then could be customized?
What I am trying to find here is to see if CloudForms can provide an end to end Openshift solution. The end user must only have his/her code ready, rest everything could be within the UI.
Kindly let us know what all are possible and what all are not.
Responses
You might receive a faster response time on users@lists.openshift.redhat.com. Overall, OpenShift leverages CloudForms as a administrator's console. In this role, you would expose CloudForms to your OpenShift platform administrators and not the end users or tenants of the OpenShift platform. I shall respond to your questions inline below to assist in the readability.
Order New Openshift environments[For ex, DEV, UAT and PROD], where I could say how many nodes and other details I need for >those environments?
This will come down to what is the best boundary for you. Most (80%) of the users will use the project as the application life cycle boundary. In that case you will be using a node selector and labels on the nodes to target them to distinct projects. Some people use completely different installations of OpenShift (clusters) for boundaries. Once you determine what is best for you, you can use the supplied ansible playbooks in OpenShift or create ad hoc provisioning tasks in CloudForms to create the projects or clusters.
Could I be able to plug-in custom tools like ELK/Splunk or AppDynamics to the ordered environments as part of provisioning or later?
OpenShift comes with a ELK (we use fluentd) stack based solution. What is nice about it is we automatically index the logs based on the tenant so he or she can log into the kibana interface with the same AUTH as the OpenShift environment and only see his or her logs (from their pods) and no one else's logs. Having said that, you can also send the logs to a secondary log solution (such as your own ELK or splunk).
AppDynamic normally involves (80%) adding their class path to your JVM. Most people modify the S2I image or scripts to add the appdynamic library.
Could I be able to populate locally build images and publish it to all the users for using them? For ex: Suppose my middleware teams >build images for Tomcat, Nginx etc and they could be able to publish it in CloudForm and I could be able to add them to my newly >ordered environments through the Cloudforms UI, could this be done?
This is more the default behavior of the docker registry that we include within OpenShift. Your middleware team can publish images to the registry or template to OpenShift and you have full control within OpenShift which users have the ability to see and use those templates or images.
Could I add multiple registries and integrate them with my ordered environments.
Yes, you can use external docker registries with OpenShift. The internal registry will be used for S2I processing.
Does it have all the features that Openshift Enterprise console has? like scanling, S2i etc.
No. Those are more tenant focused features that we expect the OpenShift tenant to use within the OpenShift web console. The CloudForm's experience with the OpenShift provider is for the OpenShift platform administrator.
Could I promote my images from one environment to other through the Cloudforms UI?
Based on the boundary that you declared from one of your questions above, you would use what is appropriate for that boundary. Sometimes that would be an imagestream command, other times an oc image import.
Can I integrate CI/CD tools and build environments with my ordered environments?
OpenShift provides an amazing amount of customization hooks that were tailed for integrations with CI/CD tools such as jenkins or other popular ones on the market. Check out the S2I jenkins images in the OpenShift 3.2 release from last May.
The RBAC in CloudForms can it be modified and catered to suit my requirements/ could this be customized to suit any firms needs?
I image is could. Both the CloudForms and OpenShift RBAC roles are highly customizable.
Could I replicate my DEV openshift ENV to UAT and then to PROD environments? I did see replicators tab in the videos.
Some people are using the ability to peer partner in OpenShift. Example here: https://blog.openshift.com/promoting-applications-across-environments/
Can a charge back model be implemented in the Cloudforms UI ? if its already there then could be customized?
Yes, CloudForms 4.1 allows you to create charge plans based on projects in OpenShift and charge on CPU and MEM usage.
Community Member
25 points
Thanks Mike for the detailed reply. I have a lot of queries.
If its OK could we have call either today or tomorrow on this, please let me know your convenient time.
Community Member
25 points
If phone conversation is not possible then could you please elaborate on the following?
This will come down to what is the best boundary for you. Most (80%) of the users will use the project as the application life cycle boundary. In that case you will be using a node selector and labels on the nodes to target them to distinct projects. Some people use completely different installations of OpenShift (clusters) for boundaries. Once you determine what is best for you, you can use the supplied ansible playbooks in OpenShift or create ad hoc provisioning tasks in CloudForms to create the projects or clusters.
About this one we are not able to understand the Ansible part? So are you saying that we can use CloudForms to order environments, basically Cloudforms calling Ansible playbooks in background for ordering Openshift environments?
OpenShift comes with a ELK (we use fluentd) stack based solution. What is nice about it is we automatically index the logs based on the tenant so he or she can log into the kibana interface with the same AUTH as the OpenShift environment and only see his or her logs (from their pods) and no one else's logs. Having said that, you can also send the logs to a secondary log solution (such as your own ELK or splunk). AppDynamic normally involves (80%) adding their class path to your JVM. Most people modify the S2I image or scripts to add the appdynamic library.
How this whole thing works, could you please explain?
This is more the default behavior of the docker registry that we include within OpenShift. Your middleware team can publish images to the registry or template to OpenShift and you have full control within OpenShift which users have the ability to see and use those templates or images.
Could you explain this with an example on how this whole thing will work?
Based on the boundary that you declared from one of your questions above, you would use what is appropriate for that boundary. Sometimes that would be an imagestream command, other times an oc image import.
So, basically you are saying that it can't be done through UI as of now?
I image is could. Both the CloudForms and OpenShift RBAC roles are highly customizable.
Could you provide more details on this, on how it could be done ?
I would appreciate if we could have a call but if you are busy please reply to this.
Ansible and CloudForms, We delivered in CloudForms 4.1 (June'16) and Ansible Tower provider. This means that CloudForms can now execute Tower Jobs that are playbooks from two places in CloudForms as follows;
1) Ansible Jobs as Service Catalog Items - Allows consumers to order a service from our service catalog, this service can be any Ansible Job template, linked to any ansible playbook.
2) Same as above, but executed from within CloudForms Automate. This allows administrators of CloudForms a choice of either Ansible Tower Jobs or Ruby Language as their automation language for the Automate orchestration layer of CloudForms.
CloudForms RBAC Is multi tenanted and supports very granular RBAC. The Operations UI can be restricted for visibility and access, the security scope can be controlled by tags.
I think a call would be best. Could you contact your account team and have them arrange this for you. Thanks
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.