Openstack presentation

OpenStackSankalp Jain

Agenda

• OpenStack Brief Overview

• “Keystone” Identity

• “Storage”

• “Glance” Image

• “Nova” Compute

• “Without Quantum” Networking

• “Quantum” Networking

2

Open Source Cloud Computing Software

Eucalyptus

OpenNebula

OpenStack

Open Stack: A Platform for Innovation

“My UI will be easier to use”

“I need a different VM

placement policy”

“I have a much better way to snapshot machine

images”

“I want to report on my customers

SLAs”

“I’ll build in a way to share

revenue with my customer’s”

“I let my customers span multiple clouds”

What is OpenStack? Originated at NASA, with Rackspace Driven by an open community process

Three existing projects:OpenStack Compute OpenStack Image ServiceOpen Object Storage

Multiple hypervisors: Xen, KVM, ESXi, Hyper-VReleases:

Grizzly: April 2013Folsom: Oct 2012Grizzly : April 2013: CurrentHavana: scheduled for Oct 2013

OpenStack Compute(VMs & VM Networks)

OpenStack Compute(VMs & VM Networks)

OpenStack Image Service (Image Library & Management)

OpenStack Image Service (Image Library & Management)

OpenStack Object Store(Storage)

OpenStack Object Store(Storage)

Open Source Advantages

Leverage the work of a growing community of developers Works across multiple hardware infrastructure Possible to deploy at service providers and on-premise Amazon AWS Interface Compatibility Flexible Clustering and Availability Zones Access Control List (ACL) with policies management Network Management, Security Groups, Traffic Isolation

OpenStack Arhictecture

OpenStack Components (Grizzly Release)

Agenda



• “Storage”





9

Keystone Main Functions

• Provides 4 primary services:

– Identity: User information authentication

– Token: After logged in, replace account-password

– Service catalog: Service units registered

– Policies: Enforces different user levels

• Can be backed by different databases.

– LDAP

– SQL

– Key Value Stores (KVS)

10

Keystone: Identity

• User information:

– username/password

– Metadata (e-mail, etc.)

– Tenant - organizes users into projects or group.

– Role - define a user’s role and permissions in a project.

• A user must belong to at least one tenant, and may belong to many tenants

• Roles are assigned to user/tenant pairs

– Common roles: Member, Admin

11

Keystone: Token

• Once a user’s identity has been verified with a acc/pswd pair, a short-lived (24 hr) token is issued.

• Tokens are a stand-in for the acc/pswd.

• OpenStack services hold on to tokens and use them to query keystone during operations.

• For example, once Nova can use a token to determine if an authenticated user has authorization to delete an instance.

12

13

14

Agenda



• “Storage”





15

Storage as a Service

• CAPEX to OPEX based business model.

• Manage storage by well-defined set of remotely accessible APIs

• Abstracts the actual storage implementation

• This service offers specialized functions: DR, backup, document sharing, etc.

Using Storage as a Service

• Object

• Block

• File

16

Storage Available

Ephemeral(On-instance) : -Used for running Operating System and scratch space-Persists until VM is terminated-Access associated with a VM-Implemented as a filesystem underlying OpenStack Compute-Administrator configures size setting, based on flavors-Example: 10GB first disk, 30GB/core second diskFor desktop user PC's internal disk drives are ephemeral; persistent storage can be considered similar to an external USB drive.

17

OpenStack Object Storage SwiftWhat Is It?

• Object Storage is ideal for cost effective, scale-out storage. It provides a fully distributed, API-accessible storage platform that can be integrated directly into applications or used for backup, archiving and data retention.

• Store 3 Copies & use for web, media files• In production today

– Rackspace’s Cloud Files,• Architectural overview:

– http://swift.openstack.org/overview_architecture.html

18

Swift

• Object storage, objects “live” on an endpoint.

– An endpoint could be any storage device

• Every object belongs to a user/account pair.

– keystone tenant : swift account

– keystone user : swift user

– keystone role : swift group

• Proxy, Ring, and Workers

• Account, Container, Object

19

←Stores object metadata

↑Stores container / object metadata

↓Physical arrangement

↑ Logical view

← Stores real objects

Duplicated storage, load balancing

Workers can be a account server, a container server, or an object server

24

Cinder

What Is It?• Block Storage allows block devices to be exposed and connected

to compute instances for expanded storage, better performance and integration with enterprise storage platforms.

• OpenStack provides persistent block level storage devices for use with OpenStack compute instances. Can be exposed to applications as well.

• Block storage volumes are fully integrated into OpenStack Compute and the Dashboard allowing for cloud users to manage their own storage needs.

25

Cinder (Contd.) This is block storage (or volumes) and currently there are blueprints

for filesystems like NFS or CIFS share• Used for adding additional persistent storage to a virtual machine

(VM)• Persists until deleted• Access associated with a VM• Mounted via OpenStack Block-Storage controlled protocol (for

example, iSCSI)• Sizings based on need• Example: 1TB "extra hard drive”

26

Cinder Capabilities

Cinder manages block storage Volumes attach to VM Instances Boot from volume Volumes have a lifecycle independent of VM instance Admin can create tiers of storage. e.g. two LVM backends, one

with SSD’s and the other with HDD’s. Users can specify a tier they want when creating a volume. A backup is an archived copy of a Volume stored in a object store. A backup is just the data that was written, unlike a snapshot which

is the entire block.

Cinder call flow

Database Queue

28

Cinder Vol

Cinder Vol

Cinder Vol

Cinder API

C- scheduler

iSCSI NFS

Cinder Service

Cinder-api

Cinder-schedular

Cinder-volume

Agenda



• “Storage”





30

Glance

• Image storage and indexing.

• Keeps a database of metadata associated with an image, discover, register, and retrieve.

• Built on top of Swift, images store in Swift

• Two servers:

– Glance-api: public interface for uploading and managing images.

– Glance-registry: private interface to metadata database

• Support multiple image formats

31

32

33

35

Agenda



• “Storage”





36

Nova

• Major components:

– API: public facing interface

– Message Queue: Broker to handle interactions between services, currently based on RabbitMQ

– Scheduler: coordinates all services, determines placement of new resources requested

– Compute Worker: hosts VMs, controls hypervisor and VMs when receives cmds on Msg Queue

– Volume: manages permanent storage

37

Nova Messaging and Data

• Messaging is managed through RabbitMQ

– Server that allows messages to be posted to channels.

– Subscribers to channels receive messages.

– Services regularly announce availability.

– Scheduler regularly reads for availability.

– Scheduler makes requests to services.

• Persistent data stored in a database.

– VM metadata, network topology, volume metadata, known services

38

Messaging (RabbitMQ)• Get data from point A to point B

• Decouple publishers and consumers

• Queueing for later delivery

• Load balancing and scalability

• RabbitMQ is an AMQP messaging broker

• Advanced Message Queueing Protocol

• Network wire-level protocol

• Internet protocol - like HTTP, TCP - but ASYNCHRONOUS

39

40

41

44

45

Agenda



• “Storage”





46

Without Quantum• Originally, Nova handles all networking by:

– Linux bridge networking

– Virtual interfaces connecting network through the physical interface

– Assigns VM IP address

– Fixed IP: Returns when VM shuts down

– Floating IP: Can be reassigned online

• Network Manager provides VN to enable compute servers to interact with each other and the public network

• A Blog states currently 90% Nova bugs are network related

47

Original Network Manager• Each VM network owned by one network host

–Simply a Linux running Nova-network daemon

• Nova Network node is the only gateway

• Flat Network Manager:

–Linux networking bridge forms a subnet

–All instances attached same bridge

–Manually Configure server, controller, and IP

• Flat DHCP Network Manager:

–Add DHCP server along same bridge

• Later: VLAN Network Manager

48

Bridged Networking

• One network card acts as many devices.

• Host does not need an IP address.

• Hypervisor sets virtual MAC address for guest machine.

• ACISS uses bridges, along with Virtual Local Area Networks (VLANs) to segment traffic and assign network addresses.

49

50

The only gatewayWith security measures

Linux running Nova-network daemon

Network host will act as the gateway for all the NICs bridged into that network.VMs bridged in to a raw Ethernet device

51

API for Networking in OpenStack Nova Integration OSI Network Layers L2 + L3 Decouples Logical / Tenant view of the network

from Physical / Provider Provides connectivity to VMs, Decouples logical

/Tenant view of the network from Physical/Provider. Manage OSI Network Layers L2 & L3 with an API.

What does Quantum provide ?

Not yet full-integraded with Dashboard : only L2 is working. L3 should be managed from CLI. Horizon can't manage L3 (routers + floatings IP).

Networking backed by plugins : Open-vSwitch, Linux Bridge, Cisco, OpenFlow (BigSwitch, Floodlight, NEC, Ryu, etc), Midonet (Midokura) and NVP (Nicira /Vmware).

Cont...

The Quantum Openvswitch plugin consists of two components:

• 1) A plugin loaded at runtime by the Quantum service. The plugin processes all API calls and stores the resulting logical network data model and associated network mappings in a database backend .

• 2) An agent which runs on each compute node (i.e., each node running nova-compute). This agent gathers the configuration and mappings from the central mysql database and communicates directly with the local Open vSwitch instance to configure flows to implement the logical data model.

Quantum Openvswitch plugin

Plugin

• The component where the ‘virtual networking’ magic happens. Fulfills API contract by implementing the ‘Plugin Interface’

• Tenants expect same behavior from Quantum API regardless of the particular plugin employed

• Available Quantum Plugins:

– Open vSwitch: Builds isolated networks with OVS and L2-in-L3 tunnels.

– Cisco UCS: Isolation based on VLAN and net-profiles applied to Cisco UCS

– converged network adapters

– Linux Bridge: Build isolated networks with VLAN interfaces and linux bridge

– NTT-Data Ryu: Acts as a proxy for the NTT Ryu platform

– Nicira NVP: Acts as a proxy for the Nicira NVP platform

60

The Quantum Manager

• Nova’s network manager for Quantum. Forwards network related requests.

• Also, provides other network services such as IP address management, DHCP, NAT, Floating IPs…

• Virtual Networking: A label nowadays applied to too many solutions and products.

– Securely partitioning the network

– Defining virtual network topologies

– Automating network provisioning

61

Thanks

Technology

Openstack presentation