The post order is a bit wrong. But I was witnessing the same problem at a job. Lack of clear architecture. As I thought about it, I was currently no better, and I was a team of one, with no excuses. I recognized that with a lack of written architecture, I was having problems organizing and planning the project. And if a team of one was having a problem, imagine a team or even multiple teams with the same problem. But better late than never.
Before I can architect anything, I needed a goal. What was my elevator pitch for this project and why it should exist? Here is what I came up with.
An IT infrastructure and software development lifecycle in a box for my home projects, with the capability to grow and maintain a corporate-like and team enforcing workflow and best practice on the cheap.
Not a bad goal if I do say so. And I do 😉
Now I know what you are thinking. How can one breathe with a goal so high in the clouds? And my answer would be, that is exactly part of the solution. Cloud technology has come so far that we even have it available for free. Amazon is free within a certain size and timeframe. OpenStack is free if you have the hardware. There is also Microsoft Azure and Rackspace, the list goes on. Additionally there are containers helping to reduce the overhead in parts of the processes and setup. A good cloud will have to utilize both virtualization and containers. Amazon, Google and Azure all offer container solutions. However there is one problem, everything I’ve listed is in the public space, except for OpenStack itself.
Now before some of you scream bloody murder with your torches and pitch forks, I am not saying that 100% public space solutions are not impossible or bad for that matter. However in several environments you will need to keep some things local. Even Netflix is not 100% AWS. Depending on the audience your cloud is meant to host, as well as the desires of the business you may not have a choice to host it anywhere but within the company. But there is the possibility of expanding the capabilities into hosting spikes of load into the cloud. This is what I’m setting out to do.
The toughest restriction on this project is on the cheap. Thankfully software can be cheap. I mentioned OpenStack before. OpenStack has paid support solutions out there like RedHat and Cisco, to name a few. But in its purest form it is free and supports a multitude of features that can support much of an enterprises desires. Check it out here.
Now OpenStack can be complicated and has a bunch of moving parts, and while it can take awhile to install by hand, there are installation scripts and projects like RDO where you can quickly and easily setup an install and tool around to learn what it can do and how it works first hand. I personally and from my experience would not recommend it for Production, but if you do I would not touch it again. Everything by hand after that.
OpenStack satisfies the virtualization and storage management. Everything will be built within it. Now for the rest of the services.
This picture will be references again later. But a quick explanation, I consider Infrastructure to be anything that is required of the base IT for any organization deploying this structure. Shared Services is more dependent on the business itself. In my case my Shared Services is aimed at supporting developers, or my development projects. More on that in a later post. For now let’s focus on Infrastructure.
DNS – DNS should be self-explanatory, but while we may have it, anything that comes before it (like OpenStack nodes) should not rely on it in the event you have to boot from power off. In which case DNS would not be up yet.
FreeIPA – FreeIPA (Identity, Policy, and Audit) is a project created by RedHat available for free that can be used to enable Single Sign On capabilities, as well as centralized permission management. FreeIPA has its own DNS server and I plan to leverage it. Again, anything that comes before it should not be dependent on it.
iTop – Many organizations practice ITIL, iTop is here to fulfill the CMDB aspect. This will be used to track machines, services, and IT issues, as well as the dependencies of each of them. So if there is an issue with a specific file share, we can see what is impacted by the outage.
phpIPAM – IPAM is something every network should have. Or at least the networks businesses. We need to keep track of the IPs that are used and where they are. Especially if we are going to be using VLANs, which I plan to.
OpenShift Origin – Built by RedHat on top of Kubernetes, OpenShift Origin will manage and orchestrate containers and ensure they are up, and stable.
ManageIQ – ManageIQ will be our central point for managing both Containers and Virtual Machines. This will also serve as a place to host the catalogue of our services. Especially Shared Services.
Load Balancer – Simply there for acknowledgement. I plan on hosting the Load Balancer in the same space since it would be considered a central piece to networking.
So now that we know what the services look like, we need to plan out the network. The following is what I came up with.
First thing to note about the network I’m doing this in, I do not have the control to do anything about the Airport Extreme which cannot do static routing. So if I want multiple subnets and VLANs, it has to happen behind a NAT with VPN to get in uninhibited. This network has changed compared to what I had written about before. The FreeNAS is still there. This time it will have interfaces for the VLANs that need access to the storage. I also now have fourHP ProLiant ML10 v2’s. One is getting used as the VyOS router. The next three will be running OpenStack. Cloud9 will be the Controller, and Cloud10 and Cloud11 will be the Compute nodes. If/When I replace VyOS for an actual router, I could easily add the host in as Cloud12 and will be an additional Compute node.
I have already installed OpenStack by hand. I’ll make a post explaining things I adjusted for my setup. But for basic OpenStack installation instructions, I suggest the OpenStack Docs. Hope this was helpful and interesting.