Openstack presentation

Agenda
• OpenStack Brief Overview
• “Keystone” Identity
• “Storage”
• “Glance” Image
• “Nova” Compute
• “Without Quantum” Networking
• “Quantum” Networking

Open Source Cloud Computing
Software



Eucalyptus



OpenNebula



OpenStack

Open Stack: A Platform for Innovation

“My UI will be easier to
use”

“I need a
different VM
placement policy”

“I have a much better way
to snapshot machine
images”

“I want to report
on my customers
SLAs”
“I’ll build in a
way to share
revenue with my
customer’s”
“I let my customers
span multiple clouds”

What is OpenStack?
 Originated at NASA, with Rackspace
 Driven by an open community process
OpenStack Compute
OpenStack Compute
Three existing projects:
(VMs & VM Networks)
(VMs & VM Networks)
OpenStack Compute
OpenStack Image Service
OpenStack Image Service
OpenStack Image Service
(Image Library & Management)
(Image Library & Management)
Open Object Storage
Multiple hypervisors: Xen, KVM, ESXi, Hyper-V
Releases:
OpenStack Object Store
OpenStack Object Store
(Storage)
(Storage)
Grizzly: April 2013
Folsom: Oct 2012
Grizzly : April 2013: Current
Havana: scheduled for Oct 2013

Open Source Advantages
Leverage the work of a growing community of
developers

Works across multiple hardware infrastructure

Possible to deploy at service providers and onpremise

Amazon AWS Interface Compatibility

Flexible Clustering and Availability Zones

Access Control List (ACL) with policies
management

Network Management, Security Groups, Traffic
Isolation


OpenStack Components (Grizzly
Release)

Keystone Main Functions
• Provides 4 primary services:
– Identity: User information authentication
– Token: After logged in, replace account-password
– Service catalog: Service units registered
– Policies: Enforces different user levels

• Can be backed by different databases.
– LDAP
– SQL
– Key Value Stores (KVS)

Keystone: Identity
• User information:
– username/password
– Metadata (e-mail, etc.)
– Tenant - organizes users into projects or group.
– Role - define a user’s role and permissions in a project.

• A user must belong to at least one tenant, and
may belong to many tenants
• Roles are assigned to user/tenant pairs
– Common roles: Member, Admin

Keystone: Token
• Once a user’s identity has been veriﬁed with a
acc/pswd pair, a short-lived (24 hr) token is
issued.
• Tokens are a stand-in for the acc/pswd.
• OpenStack services hold on to tokens and use
them to query keystone during operations.
• For example, once Nova can use a token to
determine if an authenticated user has
authorization to delete an instance.

Storage as a Service
• CAPEX to OPEX based business model.
• Manage storage by well-defined set of remotely
accessible APIs
• Abstracts the actual storage implementation
• This service offers specialized functions: DR, backup,
document sharing, etc.
Using Storage as a Service
• Object
• Block
• File

Storage Available
Ephemeral(On-instance) :
-Used for running Operating System and scratch space
-Persists until VM is terminated
-Access associated with a VM
-Implemented as a filesystem underlying OpenStack Compute
-Administrator configures size setting, based on flavors
-Example: 10GB first disk, 30GB/core second disk
For desktop user PC's internal disk drives are ephemeral; persistent
storage can be considered similar to an external USB drive.

OpenStack Object Storage Swift
What Is It?

• Object Storage is ideal for cost effective, scale-out storage. It
provides a fully distributed, API-accessible storage platform that
can be integrated directly into applications or used for backup,
archiving and data retention.
• Store 3 Copies & use for web, media files
• In production today
– Rackspace’s Cloud Files,
• Architectural overview:
– http://swift.openstack.org/overview_architecture.html

Swift
• Object storage, objects “live” on an endpoint.
– An endpoint could be any storage device

• Every object belongs to a user/account pair.
– keystone tenant : swift account
– keystone user : swift user
– keystone role : swift group

• Proxy, Ring, and Workers
• Account, Container, Object

Duplicated storage, load balancing

↑ Logical view

↓Physical arrangement
← Stores real objects
←Stores object metadata

↑Stores container / object metadata

Workers can be a account server, a
container server, or an object server

Cinder
What Is It?
• Block Storage allows block devices to be exposed and connected
to compute instances for expanded storage, better performance
and integration with enterprise storage platforms.
• OpenStack provides persistent block level storage devices for use
with OpenStack compute instances. Can be exposed to
applications as well.
• Block storage volumes are fully integrated into OpenStack
Compute and the Dashboard allowing for cloud users to manage
their own storage needs.

Cinder (Contd.)


This is block storage (or volumes) and currently there are blueprints
for filesystems like NFS or CIFS share

• Used for adding additional persistent storage to a virtual machine
(VM)
• Persists until deleted
• Access associated with a VM
• Mounted via OpenStack Block-Storage controlled protocol (for
example, iSCSI)
• Sizings based on need
• Example: 1TB "extra hard drive”

Cinder Capabilities










Cinder manages block storage
Volumes attach to VM Instances
Boot from volume
Volumes have a lifecycle independent of VM instance
Admin can create tiers of storage. e.g. two LVM backends, one
with SSD’s and the other with HDD’s.
Users can specify a tier they want when creating a volume.
A backup is an archived copy of a Volume stored in a object store.
A backup is just the data that was written, unlike a snapshot which
is the entire block.

Cinder call flow
Database

Queue

Cinder API

C- scheduler

Cinder Vol

Cinder Vol
Cinder Vol

iSCSI

NFS

Cinder Service



Cinder-api



Cinder-schedular



Cinder-volume

Glance
• Image storage and indexing.
• Keeps a database of metadata associated with an
image, discover, register, and retrieve.
• Built on top of Swift, images store in Swift
• Two servers:
– Glance-api: public interface for uploading and
managing images.
– Glance-registry: private interface to metadata database

• Support multiple image formats

Nova
• Major components:
– API: public facing interface
– Message Queue: Broker to handle interactions
between services, currently based on RabbitMQ
– Scheduler: coordinates all services, determines
placement of new resources requested
– Compute Worker: hosts VMs, controls hypervisor and
VMs when receives cmds on Msg Queue
– Volume: manages permanent storage

Nova Messaging and Data
• Messaging is managed through RabbitMQ
– Server that allows messages to be posted to channels.
– Subscribers to channels receive messages.
– Services regularly announce availability.
– Scheduler regularly reads for availability.
– Scheduler makes requests to services.

• Persistent data stored in a database.
– VM metadata, network topology, volume metadata, known
services

Messaging (RabbitMQ)
• Get data from point A to point B
• Decouple publishers and consumers
• Queueing for later delivery
• Load balancing and scalability
• RabbitMQ is an AMQP messaging broker
• Advanced Message Queueing Protocol
• Network wire-level protocol
• Internet protocol - like HTTP, TCP - but
ASYNCHRONOUS

Without Quantum
• Originally, Nova handles all networking by:
– Linux bridge networking
– Virtual interfaces connecting network through the
physical interface
– Assigns VM IP address
– Fixed IP: Returns when VM shuts down
– Floating IP: Can be reassigned online

• Network Manager provides VN to enable compute
servers to interact with each other and the public
network
• A Blog states currently 90% Nova bugs are network related

Original Network Manager
• Each VM network owned by one network host
– Simply a Linux running Nova-network daemon
• Nova Network node is the only gateway
• Flat Network Manager:
– Linux networking bridge forms a subnet
– All instances attached same bridge
– Manually Configure server, controller, and IP
• Flat DHCP Network Manager:
– Add DHCP server along same bridge
• Later: VLAN Network Manager

Bridged Networking
• One network card acts as
many devices.
• Host does not need an IP
address.
• Hypervisor sets virtual MAC
address for guest machine.
• ACISS uses bridges, along
with Virtual Local Area
Networks (VLANs) to
segment traffic and assign
network addresses.

Linux running Nova-network daemon
Network host will act as the gateway
for all the NICs bridged into that
network.
VMs bridged in to a raw Ethernet
device

The only gateway
With security measures

What does Quantum provide ?



API for Networking in OpenStack



Nova Integration



OSI Network Layers L2 + L3







Decouples Logical / Tenant view of the network
from Physical / Provider
Provides connectivity to VMs, Decouples logical
/Tenant view of the network from Physical/Provider.
Manage OSI Network Layers L2 & L3 with an API.





Cont...
Not yet full-integraded with Dashboard : only L2 is
working. L3 should be managed from CLI. Horizon
can't manage L3 (routers + floatings IP).
Networking backed by plugins : Open-vSwitch, Linux
Bridge, Cisco, OpenFlow (BigSwitch, Floodlight,
NEC, Ryu, etc), Midonet (Midokura) and NVP
(Nicira /Vmware).

Quantum Openvswitch plugin
The Quantum Openvswitch plugin consists of two
components:
• 1) A plugin loaded at runtime by the Quantum service.
The plugin processes all API calls and stores the
resulting logical network data model and associated
network mappings in a database backend .
• 2) An agent which runs on each compute node (i.e.,
each node running nova-compute). This agent
gathers the configuration and mappings from the
central mysql database and communicates directly
with the local Open vSwitch instance to configure
flows to implement the logical data model.

Plugin
• The component where the ‘virtual networking’ magic
happens. Fulfills API contract by implementing the ‘Plugin
Interface’
• Tenants expect same behavior from Quantum API
regardless of the particular plugin employed
• Available Quantum Plugins:
– Open vSwitch: Builds isolated networks with OVS and L2-in-L3 tunnels.
– Cisco UCS: Isolation based on VLAN and net-profiles applied to Cisco UCS
– converged network adapters
– Linux Bridge: Build isolated networks with VLAN interfaces and linux bridge
– NTT-Data Ryu: Acts as a proxy for the NTT Ryu platform
– Nicira NVP: Acts as a proxy for the Nicira NVP platform

The Quantum Manager
• Nova’s network manager for Quantum. Forwards network
related requests.
• Also, provides other network services such as IP address
management, DHCP, NAT, Floating IPs…
• Virtual Networking: A label nowadays applied to too many
solutions and products.
– Securely partitioning the network
– Defining virtual network topologies
– Automating network provisioning

Openstack presentation

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Destaque

Destaque (6)

Semelhante a Openstack presentation

Semelhante a Openstack presentation (20)

Último

Último (20)

Openstack presentation