Nova

OpenStack Study 3rd

클라우드개발팀 신진호

Installations

# yum install nova-api nova-cert nova-conductor nova-consoleauth nova-novncproxynova-scheduler python-novaclient

# yum install nova-compute

On Controller Node

On Compute Node

Where is nova-network!!!?What is cert? novncproxy?

Openstack Icehouse

Components

nova-novncproxy

nova-cert

nova-consoleauth

nova-network

nova-api-metadata

nova-api nova-conductor

nova-scheduler nova-computequeue

database

Components

nova-novncproxy

nova-cert

nova-consoleauth

nova-network

nova-api-metadata

nova-api nova-conductor

nova-scheduler nova-computequeue

database

Components

nova-novncproxy

nova-cert

nova-consoleauth

nova-network

nova-api-metadata

Neutron

nova-api nova-conductor

nova-scheduler nova-computequeue

database

Components

nova-novncproxy

nova-cert

nova-consoleauth

nova-api nova-conductor

nova-scheduler nova-computequeue

database

Components

nova-api nova-conductor

nova-scheduler nova-computequeue

database

Components > nova-api

nova-api nova-conductor

nova-scheduler nova-computequeue

database

HTTP Web Service!Accepts & Responds to User’s Compute API callsSupports OpenStack Compute API, Amazon EC2 API, Admin API.Initiates Orchestration Activities.

POST /v2/{tenant_id}/servers/{server_id}/action

Components > nova-apiPOST /v2/{tenant_id}/servers

Request Body

{

"server": {

"name": "server-test-1",

"imageRef": "b5660a6e-4b46-4be3-9707-6b47221b454f",

"flavorRef": "2",

"max_count": 1,

"min_count": 1,

"networks": [

{

"uuid": "d32019d3-bc6e-4319-9c1d-6722fc136a22"

}

],

"security_groups": [

{

"name": "default"

},

{

"name": "another-secgroup-name"

}

]

}

}

202 Accepted

Response Body

{

Components > nova-conductor

nova-api nova-conductor

nova-scheduler nova-computequeue

database

Database Proxy!Acting as an intermediary between the compute node and the database node and the database.

Components > nova-conductor

Why?

Auditing database operations, revoking access privileges.

That’s Difficult!

They host tenant instances.

Compute nodes are the least trusted of the services in OpenStack.

Components > nova-conductor

They strongly recommends

Be isolated to a management network,

Use SSL,

Create unique user accounts per service endpoint.

Restrict services to executing with parameters, …

Prevent directly accessing or modifying.

Unfortunately, it complicates fine-grained access control

and audit data access.

Because, it Focus on improving Security, effectively modifying.

Components > nova-conductor

-> Compute nodes are the least trustedof the services in OpenStack. Because they host tenant instances.

-> Do not deploy it on Compute Nodes.

Components > nova-conductor

nova-api nova-conductor

nova-scheduler nova-computequeue

database

pushpop

pushpop

Components > nova-scheduler

nova-api nova-conductor

nova-scheduler nova-computequeue

database

Scheduler!Takes VM requests from the queue.Determine on which compute node host it.

Components > nova-scheduler

nova-api nova-conductor

nova-scheduler queue

mysql

nova-compute1

nova-compute2

nova-compute3

NEW Instance

Instance B

takesdetermines

Create Instance

Components > nova-compute

nova-api nova-conductor

nova-scheduler nova-computequeue

database

Worker Daemon!Creates and terminates VMs through hypervisor APIs,such as Xen, QEMU, KVM, Vmware, ….

It Supports multiple hypervisors.

Because, it Has an abstraction layer, Driver.

Components > nova-compute

nova-compute

Compute Agent(KVM)

libvirt

KVM

VM VM

nova-compute

Compute Agent(Hyper-v)

Hyper-v

VM VM

nova-scheduler

nova-compute

Abstraction layer, Driver

any hypervisor

VM VM

Components > nova-compute

nova-api nova-conductor

nova-schedulernova-compute

queue

database

hypervisor

VM

VM launch

takes

determines

Components > nova-compute

keystone

Glance

Neutron

Cinder

Horizon or CLI

45

312

In more detail…

Provisioning Instance

Links

• Deprecation of Nova Network– http://docs.openstack.org/openstack-ops/content/nova-network-deprecation.html

• Compute service– http://docs.openstack.org/icehouse/install-guide/install/apt/content/compute-service.html

• Chapter 33. Database access control– http://docs.openstack.org/security-guide/content/ch042_database-overview.html

• VNC console proxy– http://docs.openstack.org/admin-guide-cloud/content/getting-started-with-vnc-proxy.html

• EC2 compatibility API– http://docs.openstack.org/admin-guide-cloud/content/instance-mgmt-ec2compat.html

• nova-cert– http://docs.openstack.org/developer/nova/man/nova-cert.html

• Laurent Luce's Blog > OpenStack Nova internals of instance launching– http://www.laurentluce.com/posts/openstack-nova-internals-of-instance-launching/

• Request Flow for Provisioning Instance in Openstack– http://ilearnstack.com/2013/04/26/request-flow-for-provisioning-instance-in-openstack/

Next Week…

• nova-compute – driver

– hypervisor support matrix

– …

• nova-scheduler – filters

– host aggregates

– …

• availability zone

• initialization of a cloud instance– cloud-init

– file injection

• migration– migrate instances

EOF