Upload
martin-hickey
View
63
Download
0
Embed Size (px)
Citation preview
“Cloud computing is the next stage in the Internet's evolution, providing the means
through which everything — from computing power to computing infrastructure,
applications, business processes to personal collaboration — can be delivered to
you as a service wherever and whenever you need. “
The OpenStack Open Source Cloud Mission:
“to produce the ubiquitous Open Source Cloud
Computing platform that will meet the needs of public
and private clouds regardless of size, by being simple to
implement and massively scalable. “
[https://wiki.openstack.org/wiki/Main_Page]
“OpenStack Software delivers a massively scalable cloud
operating system.”
[http://www.openstack.org/]
OpenStack Design Philosophy
• Simple to implement, massively scalable, elastic, and feature rich
• Architected to provide flexibility as you design your cloud
• No proprietary hardware or software requirements
• Able to integrate with legacy systems and third party technologies
• Share-nothing architecture – composable stand-alone services
• API driven and command line accessible
• Stateless and asynchronous
• Flexible networking models to suit the needs of different applications or user groups
OpenStack is Comprised of Multiple Key
Components
10
Compute (Nova)Provision and manage virtual machines
Dashboard (Horizon)Self-service portal
Image (Glance)Catalog and manage server images
Identity (Keystone)Unified authentication, integrates with existing systems
Object Storage (Swift)Scalable, secure, reliable object storage
Network (Neutron)Provides flexible networking-as-a-service
Block Storage (Cinder)Allows block devices to be exposed and connected to compute instances
Network
Compute
Block
Storage
Dashboard
Image
Identity
Object
Storage
OpenStack Identity Service - Keystone
11
Purpose:
� Provide authentication and authorization services for
OpenStack components.
Why its Important:� Manages tenants and users of OpenStack
� Common authentication across all OpenStack services
� Integration point for enterprise authentication
� Provides seamless integration into existing LDAP, ADs, and
Federated Identity Management Systems
� Provides configurable role-based access control
� REST-based APIs
How it Works:
� Comprised of four services:Identity Service - provides credential validation against various
backend authoritative services (LDAP, PAM, etc.) Token Service - Validates and manages tokens used after initial
credential verification Catalog Service – provides a service and endpoint registry of available
services.Policy Service – rule based authorization engine
Network
Compute
Block
Storage
Dashboard
Image
Identity
Object
Storage
Offers project-wide identity, token, service catalog, and policy
service designed for integration with existing systems.
OpenStack Dashboard - Horizon
12
Network
Compute
Block
Storage
Dashboard
Image
Identity
Object
Storage
Purpose:
� End-user self-service portal for compute, image storage,
object storage, identity, and network.
� Cloud administration (users/projects, quotas, etc.)
Why its important:� Provides a single, web-based interface for OpenStack
services.
� Extensible: Anyone can add a new component. Ships with a
set of API abstractions
� Manageable: The codebase is simple and easy-to-navigate.
� Consistent: Visual and interaction paradigms are maintained
throughout.
� Stable: A reliable API with an emphasis on backwards-
compatibility.
How it works:� The dashboard application is built on a consistent API for any
additional third party OpenStack dashboard apps.
� Any actions done through the UI can also be preformed via
the respective service API/CLI
Enables administrators and users to access and provision cloud-
based resources through a self-service portal.
OpenStack Compute - Nova
13
Network
Compute
Block
Storage
Dashboard
Image
Identity
Object
Storage
Purpose:
� Provide compute resources (CPU, memory, disk, network)
Why its important:� Massively scalable and highly available system that is
distributed and asynchronous.
� Supports live-migration (with shared file systems) of guests
with run, reboot, suspend, resize, terminate operations.
� No proprietary hardware or software requirements.
� Works with many hypervisor providers (KVM, QEMU, Xen…)
How it works:� Accepts and responds to end user API calls and initiates
orchestration activities for managing an VM instance.
� Provides a scheduler service for VM placement
(configurable)
� Interacts with the Block Storage service for persistent
storage (volumes)
� Interacts with the network service to create virtual network
interfaces and network paths for the VMs.
Delivers a fully featured, redundant, and scalable cloud computing
platform.
OpenStack Block Storage - Cinder
14
Network
Compute
Block
Storage
Dashboard
Image
Identity
Object
Storage
Purpose:� OpenStack’s software defined storage interface. It provides a
single control plane for managing backend storageBlock Storage (AKA Volume Service) allows block devices to be exposed and connected to compute instances for expanded storage, better performance.
Why its important:� API driven - provides on-demand block-based storage� Enables attaching persistent block storage to virtual machines� Support for booting virtual machines from volume backed storage� Provides integration with enterprise storage platforms through a
flexible driver architecture - works with over fifty storage vendors How it works:
� Made up of three services� cinder-api - accepts API requests and routes them to cinder-
volume for action. � cinder-volume - acts upon the requests
� cinder-scheduler – daemon picks the optimal block storage provider node to create the volume on.
� Leverages a database to maintain state and a message queue to interact with other processes (like the scheduler)
Provides persistent block storage to guest VMs.
OpenStack Image Service - Glance
15
Network
Compute
Block
Storage
Dashboard
Image
Identity
Object
Storage
Purpose:� Provides discovery, registration and delivery services for disk and
server images. � Serves as an image registry – the actual images can reside in
other repositoriesWhy its Important:� Administrators can create base templates from which their users
can start new compute instances� Users can choose from available images, or create their own from
existing servers� Snapshots can also be stored in the Image Service so that virtual
machines can be backed up quicklyHow it Works:� A RESTful API that allows users to query VM image metadata and
retrieve the actual image with HTTP requests� Composed of two services
API service - the main interface that routes requests from clients to registries of image metadata and to its backend stores.
Registry service(s) – stores image metadata� Supports the following backend storage devices: OpenStack
Object Storage, File system, & HTTP� Supported a variety of disk and container formats: Raw, Machine
(a.k.a. AMI), VHD (Hyper-V), VDI (VirtualBox), qcow2 (Qemu/KVM), VMDK (VMWare); OVF (VMWare, others).
Provides basic discovery, registration, and delivery services for
virtual disk images.
OpenStack Object Storage - Swift
16
Network
Compute
Block
Storage
Dashboard
Image
Identity
Object
Storage
Purpose:� A distributed storage system that provides scalable object storage.
Why its important:� Provides a cost effective, scale-out storage solution� Can be integrated directly into applications or used for backup,
archiving and data retention. � Leverages commodity hardware� Public and private containers� HDD/node failure agnostic (self-healing)� Built-in replication & easy to add capacity (elasticity)� Simple API-accessible storage – Put, Get, Delete
How it Works:
� Composed of four scalable services:Proxy Service – Handles and coordinates all API requestsAccount Service – determines what containers are accessible to
an accountContainer Service – manages namespaces used to group
objects within an accountObject Service – where the actual data is stored.
Provides redundant, scalable storage using clusters of
standardized servers to store petabytes of data.
OpenStack Network Management - Neutron
17
Network
Compute
Block
Storage
Dashboard
Image
Identity
Object
Storage
Purpose:� Provides networking-as-a-service capabilities.
Why its important:� Single point of management for networks and IP addresses
� Plugin architecture -> easily configurable
� Enable plugins (open and closed source) that introduce
advanced network capabilities
� Lets anyone build advanced network services that plug into
OpenStack tenant networks.
� Examples: LB-aaS, VPN-aaS, firewall-aaS, IDS-aaS,
data-center-interconnect-aaS.
� Provides floating IP addresses
� Security groups
How it works:� neutron-server takes API requests and forwards them to an
appropriate plugin.� plugins and agents are responsible for the actual work.
� e.g. plugging and unplugging ports, creating networks or subnets and IP addressing.
Provides Networking-as-a-Service capabilities.
Logging
• OpenStack services use the standard logging levels, at increasing severity: DEBUG, INFO, AUDIT, WARNING, ERROR, CRITICAL, and TRACE
• Messages only appear in the logs if they are more “severe” than the particular log level, with DEBUG allowing all log statements through.
• Logs are generated by process.
Where are the Logs?
Node type Service Log location
Cloud controller nova-* /var/log/nova
Cloud controller glance-* /var/log/glance
Cloud controller cinder-* /var/log/cinder
Cloud controller keystone-* /var/log/keystone
Cloud controller neutron-* /var/log/neutron
Cloud controller Horizon /var/log/apache2/
All nodes misc (swift, dnsmasq) /var/log/syslog
Compute nodes Libvirt /var/log/libvirt/libvirtd.log
Compute nodesConsole (boot up messages) for
VM instances:
/var/lib/nova/instances/instance-
<instanceid>/console.log
Block Storage nodes cinder-volume /var/log/cinder/cinder-volume.log
Logging for Horizon
• Horizon is a Django web application, it follows the Django Logging framework conventions.
• Logging for horizon is configured in /etc/openstack_dashboard/local_settings.py
Process Monitoring
• A basic type of alert monitoring is to simply check and see whether a required process is running.
Resource Alerting
• Some of the resources that you want to monitor include:
• Disk usage
• Server load
• Memory usage
• Network I/O
• Available vCPUs
• OpenStack does not provide a built in way to monitor your environment.
References
OpenStack: https://www.openstack.org/
Projects/Components: https://www.openstack.org/software/
Start using: http://www.openstack.org/software/start/
Documentation: http://docs.openstack.org/
Install Guides: http://docs.openstack.org/project-install-guide/newton/
Operations Guide: http://docs.openstack.org/ops-guide
Contributor Guide: http://docs.openstack.org/contributor-guide/index.html