Mirantis

www.mirantis.com/training
TM
http://www.mirantis.com/training
2-Day Agenda
TOPIC LECTURE, DEMOS AND GROUP EXERCISES
!
"
#

%

OpenStack
Overview &
Architecture
Project goals and use cases, basic operating and
deployment principles (EXCERPTED IN THIS PREVIEW)
Cloud Usage
Patterns
OpenStack codebase overview; creating networks,
tenants, roles, troubleshooting; using Nexenta Volume
Driver
!
"
#

&

In
Production
Deploying OpenStack for real-world use, and practice of
OpenStack operation on multiple nodes
Swift Object
Storage
Use cases, architecture, capabilities, configuration,
security and deployment
Advanced
Topics
Software Defined Networking, deployment and issues
workshop, VMWare/OpenStack comparison
http://www.mirantis.com/training
Goals
Understand OpenStack purpose and use
cases
Understand OpenStack ecosystem
o history
o projects
Understand OpenStack architecture
o logical architecture
o components
o request flow
Get enough theory for hands-on lab
http://www.mirantis.com/training
What is OpenStack?
"Open source software for building private and
public clouds"
http://www.mirantis.com/training
OpenStack capabilities
VMs on demand
o provisioning
o snapshotting
Volumes
Multi-tenancy
o quotas for different users
o user can be associated with multiple tenants
Object storage for VM images and arbitrary
files
http://www.mirantis.com/training
OpenStack History
July 2010 - Initial announcement
October 2010 - Austin Release
April 2011 - Cactus Release
October 2011 - Diablo Release
April 2012 - Essex Release
October 2012 - Folsom Release
http://www.mirantis.com/training
OpenStack Projects
Nova (Compute)
Glance (Image Service)
Swift (Object Store)
Keystone (auth)
Horizon (Dashboard)
http://www.mirantis.com/training
OpenStack Projects:
Relationship
http://www.mirantis.com/training
OpenStack:
Deployment Topology
http://www.mirantis.com/training
OpenStack Projects:
Detailed View
http://www.mirantis.com/training
Horizon
"The OpenStack Dashboard (Horizon) provides
a baseline user interface for managing
OpenStack services."
http://www.mirantis.com/training
Horizon notes
"Stateless"
Error handling is delegated to back-end
Doesn't support all API functions
Can use memcached or database to store
sessions
Gets updated via nova-api polling
http://www.mirantis.com/training
Horizon internals
2 subprojects
o horizon - generic Django libraries and components
to work with REST-based back-end
o openstack-dashboard - web app itself, with styles,
locale, etc.
Dashboard for each entity (like instances
or images) - nested Django app
http://www.mirantis.com/training
Keystone
"Keystone is an OpenStack project that
provides Identity, Token, Catalog and Policy
services for use specifically by projects in the
OpenStack family."
http://www.mirantis.com/training
Keystone Architecture
http://www.mirantis.com/training
Keystone data model
User: has account credentials, is associated with one or
more tenants
Tenant: unit of ownership in openstack, contains one or
more users
Role: a first-class piece of metadata associated with
many user-tenant pairs.
Token: identifying credential associated with a user or
user and tenant
Extras: bucket of key-value metadata associated with a
user-tenant pair.
Rule: describes a set of requirements for
performing an action.
http://www.mirantis.com/training
Keystone: auth flow
http://www.mirantis.com/training
Keystone:
populating auth data
Add tenants
Add users
Add roles
Grant roles to users
Add endpoint templates
Map endpoint templates to zones
http://www.mirantis.com/training
nova-api
"nova-api is a RESTful API web service which
is used to interact with nova"
http://www.mirantis.com/training
nova-api characteristics
Exposes REST API
Provides system for managing multiple APIs
on different sub-domains
o EC2-compatible - will be deprecated
o OpenStack Compute API - all innovation happens
here
The only "allowed" way to interact with nova
Stateless - HA-ready
http://www.mirantis.com/training
nova-api clients
http://www.mirantis.com/training
nova database
"nova database stores current state of all
objects in compute cluster."
http://www.mirantis.com/training
nova database
Can be any relational database
nova-api talks to DB via SQLAlchemy
(python ORM)
Most of the deployments are done with
MySQL or PostreSQL
DB HA should be done via external tools
(like MMM for MySQL)
http://www.mirantis.com/training
Message queue
"Message queue is a unified way for
collaboration between nova components."
http://www.mirantis.com/training
OpenStack messaging
2 modes:
rpc.cast - don't wait for result
rpc.call - wait for result (when there is
something to return)
http://www.mirantis.com/training
Messagings notes
OpenStack uses multiple queues within
single RabbitMQ instance
OpenStack messages traffic is not intensive
OpenStack doesn't send broadcast
messages
HA for MQ should be configured separately
http://www.mirantis.com/training
nova-scheduler
"nova-scheduler is a daemon, which
determines, on which compute host the
request should run."
http://www.mirantis.com/training
nova-scheduler:
users' demand
provision VM to particular host
provision VMs of the particular tenant to
isolated hosts
provision all VMs on different hosts
provision VMs to "higher density" hosts
http://www.mirantis.com/training
nova-scheduler:
available schedulers
Scheduler Description
Chance Picks a host that is up at random
Simple Picks a host that is up and has the
fewest running instances
Filter Picks the best-suited host which
satisfies selected filter
Multi A scheduler that holds multiple sub-
schedulers
http://www.mirantis.com/training
nova-scheduler: filtering
http://www.mirantis.com/training
nova-scheduler: filters
Filter Description
affinity Same host or different host
availability
zone
Least cost inside selected availability
zone
core Least CPU core utilization
ram Only return hosts with sufficient RAM
json Allows simple JSON based grammar.
Can be used to build custom
schedulers.
http://www.mirantis.com/training
nova-scheduler: filters
Filters are statically configured in nova.conf
Multiple filters can be specified
It is possible to create custom filter
o Inherit from BaseHostFilter class
o override host_passes(self, host_state,
filter_properties)
http://www.mirantis.com/training
nova-scheduler:
weights and costs
http://www.mirantis.com/training
nova-scheduler:
weights and costs
Cost - integer value
Every compute host can have several cost
functions associated with it
If no cost functions associated - use default
from nova.conf
weight = sum(cost
i
+ weigth_fn
i
)
http://www.mirantis.com/training
nova-scheduler: summary
Allow to tweak provisioning by adjusting
filters, cost and weights
Still doesn't cover all customer demands -
exposes framework for building custom
schedulers instead
http://www.mirantis.com/training
Questions
How does OpenStack understand that
specific request can be executed by the
user?
How to get a status for a requested server?
Where it will come from?
What is the difference between rpc.call vs
rpc.cast?
How to create a filter, which will determine
servers with 8GB to 16GB RAM available?
http://www.mirantis.com/training
nova-compute
"nova-compute is a worker daemon, which
primarily creates and terminates VMs via
hypervisor API."
http://www.mirantis.com/training
nova-compute
http://www.mirantis.com/training
nova-compute: drivers
Functionality is not 100% similar
Exact "run_instance" flow depends on driver
implementation
Most of the features are tested on KVM
http://www.mirantis.com/training
Glance
"The Glance project provides services for
discovering, registering, and retrieving virtual
machine images."
http://www.mirantis.com/training
Glance summary
Image-as-a-service
Can use multiple back-ends for image
storage
Supports multiple image formats
http://www.mirantis.com/training
Glance architecture
http://www.mirantis.com/training
Glance capabilities
CRUD images
Search images via filters
o name
o container format
o disk format
o size_min, size_max
o status
Caches images
o uses SQLite or FS that supports xattrs for caching
o queues images for prefetching
o prefetches images
o prunes images
o cleans invalid cache entries
http://www.mirantis.com/training
Glance image formats
Disk
Format
Description
raw
This is an unstructured disk image format
vhd This is the VHD disk format, a common disk format used by virtual
machine monitors from VMWare, Xen, Microsoft, VirtualBox, and others
vmdk Another common disk format supported by many common virtual machine
monitors
vdi A disk format supported by VirtualBox virtual machine monitor and the
QEMU emulator
iso An archive format for the data contents of an optical disc (e.g. CDROM).
qcow2 A disk format supported by the QEMU emulator that can expand
dynamically and supports Copy on Write
aki This indicates what is stored in Glance is an Amazon kernel image
ari This indicates what is stored in Glance is an Amazon ramdisk image
ami This indicates what is stored in Glance is an Amazon machine image
http://www.mirantis.com/training
Fetching image from glance
1. GET http://<glance-url>/images/<ID>
2. If image can be found, API returns image-uri
3. nova-compute passes image-uri to
hypervisor driver
4. hypervisor driver fetches image directly from
glance back-end store using image-uri
http://www.mirantis.com/training
Custom image creation
1. Get installation ISO
2. Create VM (qemu-img create)
3. Start VM and connect to it via VNC console
a. Install image without LVM
b. Create default iptables rules
c. Install and configure cloud-init
d. With cloud-init configure image
4. Prepare image for OpenStack
a. Extract root partition, kernel and ramdisk
b. cleanup
c. package
http://www.mirantis.com/training
Network configuration flow
1. Allocate MAC addresses
2. Allocate IPs (for each network)
3. Associate IPs with VMs (DB)
4. Setup network on host
a. Update DHCP config
b. Initialize gateway
c. VPN configuration (optional)
5. Update networking info in DB
http://www.mirantis.com/training
nova-network
"nova-network is a worker daemon which
performs tasks to manipulate network via
external commands."
http://www.mirantis.com/training
nova-network responsibilities
Allocate and configure network via network
manager
o FlatManager
o FlatDHCPManager
o VlanManager
Manage Floating IPs
Manage Security groups
http://www.mirantis.com/training
FlatManager
http://www.mirantis.com/training
FlatManager
Supports only single network
Doesn't do any bridge/vlan creation
The bridge needs to be manually created on
all hosts
Compute host attempts to inject network
settings into /etc/network/interfaces
http://www.mirantis.com/training
FlatDHCPManager
http://www.mirantis.com/training
FlatDHCPManager
Improvement of FlatManager
Stars up 1 DHCP server to give out
addresses
Never injects network settings into guest
Manages bridges
http://www.mirantis.com/training
VlanManager
http://www.mirantis.com/training
VlanManager features
Creates host-managed VLAN for each
project
Requires switch that supports VLAN tagging
(IEEE802.1Q)
Each project gets own subnet (VPN is
required to access VMs via private IPs)
DHCP server is running for each subnet
All instances belonging to one project are
bridged into the same VLAN for that project
http://www.mirantis.com/training
CloudPipe
http://www.mirantis.com/training
Floating IPs
Shared pool of public IP addresses
Each user gets a quota of how many IPs to
use
Managed by admin
http://www.mirantis.com/training
Floating IPs traffic
http://www.mirantis.com/training
Assigning Floating IPs
OpenStack Admin
Dedicate floating IPs to cluster
OpenStack User
1. Allocate public IP for tenant within given quota
2. Associate public IP with VM
a. Find host
b. Add IP address to public network interface of the host
c. NATting all network traffic via associated floating IP
http://www.mirantis.com/training
Security Groups
http://www.mirantis.com/training
Security Groups
Security group is a named collection of
network access rules
User can select multiple security groups
during VM creation
If no security groups specified - default is
selected
Security groups are applied on the host node
http://www.mirantis.com/training
nova-volume
"nova-volume manages the creation, attaching
and deattaching of persistent volumes to
compute instances"
http://www.mirantis.com/training
nova-volume summary
Optional
iSCSI solution which uses LVM
Volume can be attached only to 1 instance
at a time
Persistent volumes keep their state
independent of instances
Within single OpenStack deployment
different storage providers cannot be used
http://www.mirantis.com/training
nova-volume drivers
iSCSI
Xen Storage Manager
Nexenta
NetApp
SAN
http://www.mirantis.com/training
2-Day Agenda
TOPIC LECTURE, DEMOS AND GROUP EXERCISES
!
"
#

%

OpenStack
Overview &
Architecture
Project goals and use cases, basic operating and
deployment principles (EXCERPTED IN THIS PREVIEW)
Cloud Usage
Patterns
OpenStack codebase overview; creating networks,
tenants, roles, troubleshooting; using Nexenta Volume
Driver
!
"
#

&

In
Production
Deploying OpenStack for real-world use, and practice of
OpenStack operation on multiple nodes
Swift Object
Storage
Use cases, architecture, capabilities, configuration,
security and deployment
Advanced
Topics
Software Defined Networking, deployment and issues
workshop, VMWare/OpenStack comparison
Bootcamp for OpenStack
www.mirantis.com/training
END PREVIEW