Embed Size (px)
Citation preview
1
Presented by Sasha Lazarevic Geneva, 2015 Feb 27
2
Agenda
Context
OpenStack Project and Governance
OpenStack Architecture
OpenStack Components
Perception and experience
IBM Solutions
3
Context – Private, Public, Hybrid Cloud
Why private cloud? Compliance, performance, security, reliability, lock-in avoidance
Private cloud adoption is growing 13% for hardware – 24% for software
But the future is in the hybrid cloud The best of both world (elasticity & security)
Multivendor (cost optimization, different geographies, specializations)
Multilayer (SaaS + IaaS and/ or PaaS)
Disaster recovery of private cloud
Balance of dedicated and shared resources (private and public)
4
OpenStack Adoption
As of end 2014, the enterprise adoption is still mixed. A lot of interest of large companies, but the approach is still « Wait and See »
Most of the installations are still in the US
In 2014 OpenStack received support of Chinese government
BMW's CTO Stefan Lenz: "We need more stability in the future, but that doesn't prevent us from using it right now as it is."
5
OpenStack Project
OpenStack is a cloud computing project in which developers and cloud computing providers work together to create an open IaaS platform for public and private clouds : Launched in 2010 as a joint project of NASA and Rackspace
New releases are produced every six months
Open source code in python, available in https://github.com/openstack
Every subproject is lead by a Program Technical Lead
Meetup groups in many major cities, Swiss meetup
6
OpenStack Governance
Currently 200 companies participate in the project. Contribution per company: Source :
Site http://stackalytics.com
OpenStack Foundation • Technical Committee : 13 members
• Board of Directors : 24 members
• User Committee : 3 members
Tim Bell
CERN, Infrastructure Team Lead
7
OpenStack Architecture – List of cloud services
OpenStack Dashboard – Horizon
OpenStack Image Service – Glance
OpenStack Identity – Keystone
OpenStack Compute – Nova
OpenStack Networking – Neutron
OpenStack Block Storage – Cinder
OpenStack Object Storage – Swift
OpenStack Orchestration – Heat
OpenStack Telemetry – Ceilometer
OpenStack Database – Trove
OpenStack Data Processing – Sahara
8
OpenStack Architecture - Roadmap
Release Date Included Components Austin Oct 2010 Nova, Swift Bexar Feb 2011 Nova, Glance, Swift Cactus Apr 2011 Nova, Glance, Swift Diablo Sep 2011 Nova, Glance, Swift Essex Apr 2012 Nova, Glance, Swift, Horizon, Keystone Folsom Sep 2012 Nova, Glance, Swift, Horizon, Keystone, Quantum, Cinder Grizzly Apr 2013 Nova, Glance, Swift, Horizon, Keystone, Quantum, Cinder Havana Oct 2013 Nova, Glance, Swift, Horizon, Keystone, Neutron, Cinder, Ceilometer, Heat Icehouse Apr 2014 Nova, Glance, Swift, Horizon, Keystone, Neutron, Cinder, Ceilometer, Heat, Trove Juno Oct 2014 Nova, Glance, Swift, Horizon, Keystone, Neutron, Cinder, Ceilometer, Heat, Trove, Sahara Kilo Apr 2015 Nova, Glance, Swift, Horizon, Keystone, Neutron, Cinder, Ceilometer, Heat, Trove, Sahara, Ironic
9
OpenStack Architecture - Network and Physical View
10
OpenStack Architecture – Conceptual View
11
OpenStack Architecture – Logical view
12
OpenStack Dashboard - Horizon
Horizon is a graphical interface for administrators and users , allowing them to access and provision cloud services
Can be customized and styled with css files
Variety of 3rd party add-ons for billing, monitoring, and some additional management tools and interfaces
13
OpenStack Dashboard Demo
Configuration: VirtualBox + Ubuntu Desktop + DevStack
Home lab recommendations
14
OpenStack Image Service - Glance
Glance is REST based web service that provides registration and delivery of server images.
Administrators can create templates, upload server images, set permissions on them etc
Users can query available images and retrieve them
Snapshots can be taken as server backups
Images are created using utilities like Virt-Manager
15
OpenStack Identity Service - Keystone
Keystone authenticate users and issue tokens, provides a catalog of services and manages policies : Tokens: by default temporary for 1 day, defined as private keys (PKI) : All programs have encrypted
copy of all tokens, so when a user sends request with his token to the program, the validity is verified locally.
Tenants (projects), groupes (roles) and users
Catalog contains name, description and endpoint of the cloud services
Components : keystone server processes APIs
and works with backends
token backend
catalog backend
policy backend
identity backend (can use LDAP)
16
OpenStack Compute Service - Nova
Components: nova-api accepts and responds to end user compute API
calls
nova-compute creates and terminates virtual machines via the hypervisor APIs (xenAPI for xen, libvirt for KVM). It downloads the image from glance to launch the VM
nova-scheduler takes a request from the queue and determines where it should run (which compute server). It also determines on which hypervisor the request should be executed
queue (RabbitMQ) provides a central hub for passing messages between daemons
SQL database stores the states of the cloud infrastructure
nova-console is proxy for accessing the VMs consoles
nova-volume was replaced by cinder, nova-network by neutron
17
OpenStack Compute Service - Nova
Hypervisors: KVM – most of the OpenStack installations are done with KVM (>50%). It is
used also in PowerLinux
VMware - VMware driver inside nova compute interacts with VCenter API to select appropriate ESX host within the cluster. This allows for automatic restart of VMs from a failed node on another member of ESX cluster
Xen – large customer reference - Amazon EC2 is built on it, Softlayer. It operates in paravirtualized mode, so the guests are aware of the hypervisor and can run efficiently without emulation.
18
OpenStack Network Service - Neutron
Management network- internal communication between OpenStack components
Tenant network - VM data communication within the cloud
Public network (floating Ips for external access, public API endpoints).
19
OpenStack Network Service - Neutron
Components: Neutron server runs on controller, receives API requests and passes them to
Neutron plugins
Neutron plugins run on network node, implement APIs and interact with neutron server, database and agents. Vendors can write plugins for interoperability with their vendor-specific software and hardware.
Neutron DHCP agent and L3 agent run on network node and provide DHCP and L3 Nat forwarding services
Neutron agents run on each compute node and connect instances to network ports.
Included are plugins for Cisco virtual and physical switches, OpenV switch
20
OpenStack Block Storage - Cinder
Cinder provides block storage volumes to nova compute instances create/ delete volumes, attach/ detach volumes from compute instances, clone volumes, performs backup
drivers for commercial providers' storage solutions
manages quotas for total storage utilized, total number of snapshots, total number of volumes
cinder by default uses swift to store backups
Components cinder api receives the requests and forwards them
to cinder-volume for action, handles the authentication with keystone
cinder volume reads or writes to the cinder database, works with the queue and works with backed storage drivers
cinder scheduler chooses the storage node to create the volume on
database retains the state of volumes, backups, snapshots and services (MySQL, PostgreSQL)
21
OpenStack Object Storage - Swift
Swift Proxy node is handling incoming requests (command, token, storage URL) :
authentication
check hash rings to identify the data location
sending requests to storage nodes
Storage node is handling data manipulations :
hash rings for data mapping
diskfile to access volume
auditor and replicator background processes
22
Swift - replicas
A node belongs to a zone, which belongs to a region: Region (ex. data center, country)
Availability zone (machine room, power line, rack row)
Node
Multiregion configurations: Two regions, three replicas: synchronous replication of two nodes in one region, asynchronous with
the second region
Three regions, three replicas: one region with three synchronous replicas, asynchronous replication with two other regions
Three replicas by default, but this is configurable.
If swift is installed only on one node with three disks, it will keep three replicas on each disk. It can be installed also on two disks
23
Swift - replicas
24
Swift – data mapping
Ring – data structure that allows to find objects on a node
Mechanism of Hash Rings : separate rings for accounts, containers and objects
each ring is SQLLite database with two tables (devices and partitions)
rings are created once and reballanced when new drives are added
25
Swift - middleware customisations
Softlayer created a middleware to enable very sofisticated search of the storage based on accounts and containers with multiple parameters
IBM developed swift middleware to enable connectivity directly from Docker containers
zeroVM created a middleware to enable compute directly on storage nodes. The requests to compute instances are encapsulated in swift requests.
NTTdata created middleware to eable connectivity from AWS S3 to swift object storage
Wikipedia is using a middleware to dynamically create image thumbnales
26
OpenStack Orchestration - Heat
Uses text file templates to describe the infrastructure resources for a cloud application: servers, volumes, IPs, security groups, users, scaling groups etc.
Heat also provides an autoscaling service that integrates with Ceilometer
Templates also specify the relationships between resources (e.g. this volume is connected to that server). Heat will then make requests to OpenStack APIs to create all requested infrastructure in the correct order
Heat manages the whole lifecycle of the application - when you need to change your infrastructure, simply modify the template and use it to update your existing stack. It will delete all of the resources when you are finished with the application, too.
Can also execute AWS CloudFormation APIs
Components: heat-api and heat engine
27
OpenStack - Real World Architecture
Real-world Architecture : example of BBVA
28
Why OpenStack ?
Ability to innovate
Flexibility
Modularity
Cost savings
Ability to customize
Avoiding supplier lock-in
o When enterprises adopt OpenStack, they tend to consider entirely phasing out VMware virtualization
29
But…
Problems: requires technical expertise, lack of official support, problems with stabiilty .
Lacks or requires: tools for the bare metal infrastructure provisioning, configuration management, patching and upgrades, high availability, monitoring, client and user support, capacity management, billing and chargeback, security, integration with other infrastructure, advanced automation, process governance .
opportunity to sell professional services .
opportunity to sell commercial CMP .
30
IBM Solutions
31
IBM Cloud Management Platform
IBM Cloud Manager with OpenStack for basic infrastructure cloud services: Integration with existing Power and x86 installations
Hybrid cloud and Softlayer support
Workload provisioning including bare metal
Simplified installation and configuration using Chef
Collection of infrastructure patterns
Approvals process, billing
Integrated management and monitoring
Intelligent extension of nova scheduler
Capacity management (VMs utilisation)
IBM Orchestrator Advanced orhcestration services
32
THE END
But, to be continued..
