Upload
others
View
10
Download
0
Embed Size (px)
Citation preview
Copyright 2015 FUJITSU LIMITED
Development for
Fully-Automated Bare Metal
Provisioning in OpenStack
June 5, 2015
Hironori Shiina
Fujitsu Limited
0
Copyright 2015 FUJITSU LIMITED
OpenStack Ironic overview
Our development for baremetal provisioning
Automated provisioning with multi tenancy
Network isolation with automated network configuration
Agenda
1
OpenStack Ironic overview
Copyright 2015 FUJITSU LIMITED2
Demands for baremetal cloud
Workloads requiring high performance are unsuited for VMs(e.g. Enterprise database)
Some users cannot allow to be affected by other users
Easy deployment is required for baremetal like VM deployment
Automated setup
On demand deployment
Copyright 2015 FUJITSU LIMITED3
OpenStack Ironic
Ironic provides baremetal provisioning
Officially released since OpenStack Kilo (Apr, 2015)
Users can request baremetal instances with the same interface as VM instances
Copyright 2015 FUJITSU LIMITED
VM VM VM Baremetal Baremetal
Request VM Request baremetal
deploy deploy
Nova
Hypervisor
Nova
Ironic
4
Architecture of Ironic
Copyright 2015 FUJITSU LIMITED
Baremetal node
Baremetal node
Baremetal node
Request baremetal deployment
Get OS image
Connect network
Control baremetal nodes
Ironic
Nova
Ironic API
Neutron
Glance
Ironic Conductor
Driver
5
Drivers
Provides interface between Ironic and baremetal nodes
Default diver controls nodes with IPMI (commonly available)
Hardware vendors implement their own drivers to provide improved performance and additional functions
iRMC driver (Fujitsu)
iLO driver (HP)
DRAC driver (Dell)
etc...
Various deployment methods are implemented by drivers
PXE boot
Ironic Python Agent
Virtual media deployment
Copyright 2015 FUJITSU LIMITED6
System overview
Copyright 2015 FUJITSU LIMITED
Controller node
Network node
Compute node
Management Network
Baremetal node Baremetal node
OOB Network
BMC BMC
Data Network
User Traffic
Power Management
External
Network
Control OpenStack
Nova Neutron
Glance
Neutron Agents
DHCP L3 Nova Ironic
Each node represents a physical server
7
Set up Ironic
Before Deployment, administrator needs setup
Enroll baremetal nodes to Ironic
Register node specs (CPU number, Memory size, etc...)
Register MAC address as a port
Register a driver and enroll BMC access information
Create flavors for baremetal deployment(User requests a baremetal node by selecting a flavor)
Create disk images for baremetal
Deployment image (only used for deployment)
• bm-deploy-kernel and bm-deploy-ramdisk
User OS image
• user-image, user-image-vmlinuz and user-image-initrd
Copyright 2015 FUJITSU LIMITED8
Overview of Deployment
1. Ironic powers on a baremetal node using a driver
2. The baremetal node gets a deployment image
3. The deployment image configures iSCSI target
4. Ironic copies a user OS image to the baremetal node
5. Ironic reboots the baremetal node
6. The baremetal is booted by the user image
Copyright 2015 FUJITSU LIMITED
Baremetal node
Ironic
Compute node
tftp
Network node
dhcp
Power management
user OS image
IP address
deployment image
iSCSI target
9
Our development for automated provisioning
Copyright 2015 FUJITSU LIMITED10
More advanced features are required
Current Ironic function
Power management
Deploy OS
Ironic community continues enhancing Ironic functions
More features are necessary to use baremetal nodes like VMs
Multi tenancy
Attach virtual volumes (cinder integration)
Security groups
Etc...
We focus on multi tenancy in this presentation
Copyright 2015 FUJITSU LIMITED11
Our Goal
For the multi tenancy, network isolation is necessary
Network isolation requires some configuration to physical switches
We will automate network configuration for multi tenancy
Copyright 2015 FUJITSU LIMITED
Baremetal
Switch
Baremetal
Baremetal Baremetal
Tenant1
Tenant2
VLAN100
VLAN200
Automated
configurationMulti
Tenancy
12
First idea
First, we thought of dividing network with VLAN simply
When deploying, all baremetal nodes need to get OS image from Ironic
Copyright 2015 FUJITSU LIMITED
BaremetalIronic
Switch
Baremetal
Baremetal
Tenant1
Tenant2
VLAN100
VLAN200
Need to access Ironic
for deployment
13
Next idea
Could we add a Ironic node to another tenant?
Copyright 2015 FUJITSU LIMITED
BaremetalIronic
Switch
Baremetal
IronicBaremetal Baremetal
Tenant1
Tenant2
VLAN100
VLAN200
14
Should each tenant have a node for Ironic?
The idea is not practical because it consumes too many nodes for Ironic
Copyright 2015 FUJITSU LIMITED
Ironic
・・・
Baremetal Baremetal
Ironic Baremetal Baremetal
Ironic Baremetal Baremetal
15
Our solution
One Ironic manages multiple tenants
Use two types of VLAN
Deployment VLAN
• Created by administrator as a Neutron network
• Ironic compute node is connected to this VLAN
• Each baremetal node connects to this VLAN only when deployment
Tenant VLAN
• Created by a tenant user as a Neutron network
• Baremetal nodes in a tenant connect to this type of VLAN after deployment
Switch VLAN types before and after deployment
Copyright 2015 FUJITSU LIMITED16
Control physical switches
Control switches by Neutron plugin
Configure VLAN of a port in our solution
We’re planning to implement this plugin as a ML2 mechanism driver
Copyright 2015 FUJITSU LIMITED
Physical Switch
Request configuring VLAN
Configure VLAN
Ironic Conductor Neutron Server
Neutron plugin
(ML2 mechanism driver)
Ironic Neutron
17
Our solution overview (1/4)
A baremetal node is deployed by using the deployment VLAN
Copyright 2015 FUJITSU LIMITED
Ironic
Untagged
VLAN 100
Switch
Untagged
VLAN 100
Untagged
VLAN 200
Copy OS imageBaremetal
(Deploying)
Baremetal
(Deployed)
Tenant 1
Deployment VLAN
VLAN ID
100:Deployment
200:Tenant1
18
Our solution overview (2/4)
After deployment, Ironic changes the VLAN ID so that the baremetal node connects to the tenant VLAN
Copyright 2015 FUJITSU LIMITED
Ironic
Untagged
VLAN 100
Switch
Untagged
VLAN 200
Untagged
VLAN 200
Baremetal
(Deployed)
Baremetal
(Deployed)
Tenant 1
Change VLAN IDTenant VLAN
Neutron
Plug in
VLAN ID
100:Deployment
200:Tenant1
19
Our solution overview (3/4)
A baremetal node of another tenant also can be deployed by using the deployment VLAN
Copyright 2015 FUJITSU LIMITED
Ironic
Untagged
VLAN 100
Switch
Untagged
VLAN 200
Untagged
VLAN 200
Baremetal
(Deployed)
Baremetal
(Deployed)
Tenant 1
Baremetal
(Deploying)
Untagged
VLAN 100
Tenant 2
Copy OS image
VLAN ID
100:Deployment
200:Tenant1
300:Tenant2
20
Our solution overview (4/4)
By switching VLANs, Ironic can manage all tenants
Copyright 2015 FUJITSU LIMITED
Ironic
Untagged
VLAN 100
Switch
Untagged
VLAN 200
Untagged
VLAN 200
Baremetal
(Deployed)
Baremetal
(Deployed)
Tenant 1
Baremetal
(Deployed)
Untagged
VLAN 300
Tenant 2
Baremetal
(Deployed)
Untagged
VLAN 300
Communicate
in a tenant
Communicate
in a tenant
Multi
Tenancy
VLAN ID
100:Deployment
200:Tenant1
300:Tenant2
21
Deployment flow (preparation)
Administrator operations
1. Create a Neutron network (Deployment VLAN)Then, Neutron creates a DHCP server on the network
2. Set untagged VLAN for the Ironic compute node
Copyright 2015 FUJITSU LIMITED
Baremetal node
BMCNetwork nodeCompute node
Switch
Ironic
OOB Network
NIC
tftp
NIC
br-eth
br-int
dhcp
(deploy)
NIC
trunkuntagged VLAN
(deployment)
Data Network
1
2
22
Deployment flow (1/6)
1. Tenant user creates a network (tenant VLAN)Then, Neutron creates a DHCP server for the network
2. The user requests baremetal provisioning on the network
Copyright 2015 FUJITSU LIMITED
Baremetal node
BMCNetwork nodeCompute node
Switch
Ironic
OOB Network
NIC
tftp
Data Network
NIC
br-eth
br-int
dhcp
(deploy)
NIC
trunkuntagged VLAN
(deployment)
dhcp
(tenant)
1
23
Deployment flow (2/6)
3. Ironic configures an untagged VLAN ID of deployment VLAN to the port connected to the baremetal node
4. Ironic powers on the baremetal node
Copyright 2015 FUJITSU LIMITED
Baremetal node
BMCNetwork nodeCompute node
Switch
Ironic
OOB Network
NIC
tftp
NIC
br-eth
br-int
dhcp
(deploy)
NIC
trunkuntagged VLAN
(deployment)
dhcp
(tenant)
Power on
Data Network
3
4
untagged VLAN
(deployment)
Neutron
Plugin
24
Deployment flow (3/6)
5. The baremetal node gets an IP address from the DCHP server on the deployment VLAN
6. The baremetal loads a deployment image from the tftp server
Copyright 2015 FUJITSU LIMITED
Baremetal node
BMCNetwork nodeCompute node
Switch
Ironic
OOB Network
NIC
tftp
NIC
br-eth
br-int
dhcp
(deploy)
NIC
trunkuntagged VLAN
(deployment)
dhcp
(tenant)
deployment
image
Data Network
5
6untagged VLAN
(deployment)
25
Deployment flow (4/6)
7. The deployment image prepares an iSCSI target and sends a notification to Ironic
8. Receiving notification from the baremetal node, Ironic copies a user OS image to the baremetal node
Copyright 2015 FUJITSU LIMITED
Baremetal node
BMCNetwork nodeCompute node
Switch
Ironic
OOB Network
NIC
tftp
NIC
br-eth
br-int
dhcp
(deploy)
NIC
trunkuntagged VLAN
(deployment)
dhcp
(tenant)
Data Network
8
Notification
untagged VLAN
(deployment)
iSCSI target
7
26
Deployment flow (5/6)
9. Ironic configures an untagged VLAN ID of the tenant VLAN to the port connected to the baremetal node
10. Ironic reboots the baremetal node
Copyright 2015 FUJITSU LIMITED
Baremetal node
BMCNetwork nodeCompute node
Switch
Ironic
OOB Network
NIC
tftp
NIC
br-eth
br-int
dhcp
(deploy)
NIC
trunkuntagged VLAN
(deployment)
dhcp
(tenant)
Reboot
9
10
Data Network
untagged VLAN
(tenant)
Neutron
Plugin
27
Deployment flow (6/6)
11.After rebooted, the baremetal node gets an IP address from DCHP server on the tenant VLAN
12.The baremetal node is provided to the user
Copyright 2015 FUJITSU LIMITED
Baremetal node
BMCNetwork nodeCompute node
Switch
Ironic
OOB Network
NIC
tftp
NIC
br-eth
br-int
dhcp
(deploy)
NIC
trunkuntagged VLAN
(deployment)
dhcp
(tenant)
Data Network
11
untagged VLAN
(tenant)
28
Community approach
OpenStack Summit was held
May 18–22 in Vancouver
The issue was discussed at Design Summit
Neutron/Ironic integration
We confirmed our solution does not conflict with the approach of the community
We will contribute to the community by discussing the design and implementing our plugin
We proposed a blueprinthttps://blueprints.launchpad.net/neutron/+spec/fujitsu-ism-ml2-mechanism-driver
Copyright 2015 FUJITSU LIMITED29
Copyright 2015 FUJITSU LIMITED