Transcript Slides - CS 491/591: Cloud Computing

OpenStack
Open Stack
•
•
•
•
Free open-source cloud-computing software platform
IaaS
6-month release cycle
Began 2010 Rackspace and NASA
– Early code from NASA’s Nebula platform and
Rackspace’s Cloud Files platform
• Red Hat – commercial support with Grizzly release 2013
• Managed by OpenStack Foundation
– Non-profit corporate entity
• AWS compatibility
What is with all the names?
• All different flavors(?)
• Versions have different names – current release is
Newton(10/16) Previous was kilo
• HP Helion has tweaked the storage of open stack
• Mirantis openstack allows companies to write their own
plug-ins that can be installed and deployed automatically
• GroundWork supports all and added CloudHub
In general clouds have
• Controller node
• Compute node
• Storage node
OpenStack
• General components in the architecture
– Cloud Controller
– Compute Nodes – Nova
– Network Controller – Neutron
– Storage Controller –Swift
Core Services
• Nova – compute instance management for their lifecycle
• Keystone – identity provides authentication and
authorization for other OpenStack services
• Glance – Image service to store/retrieve VMIs
• Neutron – network connectivity as a service for other
OpenStack services
• Swift – object storage for unstructured data objects
• Cinder – block storage for running instances
Cloud controller
• Cloud controller is one or more nodes, that control the cloud
operations.
• In contrast to compute nodes (e.g. worker nodes), cloud controller
maintains a high level view of the resources and provides unified
point for cloud management.
• All of the user's request (e.g. launch an instance), goes into cloud
controller node and then it sends to the other nodes (e.g. compute
nodes)
• In most non-production OpenStack environment, one controller
node is enough.
• To achieve better high availability, two or more cloud controllers can
be deployed.
OpenStack Cloud controller
• Generally, OpenStack Cloud Controller comprises of the following
services:
• Database Service(MySQL/MariaDB): Stores cloud data
• Messaging Queue Service(RabbitMQ): Provides message passing
mechansim for cloud nodes
• Authentication Service(Keystone): Provides authentication and
autherization service
• API Endpoints(nova-api, glance-api, ...): Provides unified access point
for cloud services(e.g. network, storage, compute)
• Scheduler(nova-scheduler, cinder-scheduler, ...): Provides workload
scheduling service
• Dashboard(Horizon): Provides web-based management dashboard
Controller Node
• Nova
– Manages lifecycle of compute instances
– Span, schedule, decommission machines on
demand
– Fabric controller – manage and automate
pools of resources
– Works with KVM, Vmware, Xen, Hyper-V
– Also bare metal HPC
– Written in Python
Object Storage
• Swift
– Scalable redundant storage system
– Files written to multiple disk drives – replication
– In case of a drive failure, contents replicated to
new location
– Analogous to Amazon’s S3
– Can store billions of objects across nodes
Image Service
• Glance
– Image service (Image – OS installed on a VM)
– Manages/stores VM images
– Provides registration services for disk and service
images
– Also used to store and catalog backups
– API a standard REST interface for querying info
about disk images
– Can use local file system, OpenStack Object Store,
S3
How will we install OpenStack
For Assignment#1?
Must sign up by Friday 1/27 midnight
Our Setup
•
•
•
•
In our installation of Open stack for each cluster we have
1 controller node
2 compute nodes
1 jump box for security purposes
– So can ssh from home
– Cluster has same ip range
Jump
Box
Installation
• Email me your group names (4 people –doesn’t matter if 491/591)
• If you don’t have a group I will assign you to one
• If you are not comfortable with Linux commands, make sure
someone in your group is
• You will be able to cut/paste the commands
• The TA will email you info before your timeslot about the IP address,
etc.
• You will have 4 people in a group, but 1 controller and 2 compute
nodes
• The controller installation is the most complex
• Two people can work on it
CONTROLLER NODE
• Controller node:
– Install a DBMariaDB
– Install RabbitMQ message queue
– Create a DB then
– Install Keystone – identity management
– Configure Apache
– Remove sqlite DB (defualt)
– Configure admin account
CONTROLLER NODE
– Configure glance – VM image service
– Populate image service DB
– Configure Nova - compute service
•
•
•
•
•
•
•
•
Create a DB
Create a Nova user
Grant admin role to Nova user
Create Nova service entity
Install packages
Configure location of image service API
Populate compute DBs
Restart compute services
COMPUTE NODES
• Configure Nova computer service on each of
the 2 compute nodes
– Configure RabbitMQ message Q access
– Configure keystone identity service
– Configure nova networking service
– Configure location of image service
CONTROLLER NODE
• Verify operation of computer service on the
CONTROLLER NODE
CONTROLLER NODE
• Install and configure network service
– Create a DB
– Create neutron network user
– Configure RabbitMQ message Q access
– Configure keystone identity service
– Configure networking to notify of network topology
– Configure Modular Layer 2 plug-in
– Enable port security extension driver
– Configure Linux bridge agent
– Configure DHCP agent
– ..
– Configure Compute service to use Networking service
COMPUTE NODES
• On each of the 2 compute nodes
– Install neutron networking
•
•
•
•
•
Configure RabbitMQ
Configure keystone
Enable security groups
Configure the Linux bridge
Restart
CONTROLLER NODE
• Verify network operations
– Create the network
– Create a subnet on the network
CONTROLLER NODE
Launch an Instance
• Create an instance
– Choose a VM image
– Generate a key pair
– Add security
– Launch the instance
– Verify it is running
– You are done!! Leave everything in this state
– Virtual machine instances are accessible through IP
addresses
• Stopped here
VLAN bridge
• A bridge connects 2 networks(VLAN) together
• A bridge works by learning the MAC (media access control) addresses
of the devices on each of its network interfaces.
• It forwards traffic between networks only when the source and
destination MAC addresses are on different networks
• Network architects set up VLANs to provide the network
segmentation services traditionally provided only by routers in LAN
configurations.
• VLANs address issues such as scalability, security, and network
management.
• Communication between nodes in the cloud
through the network
• Flat interface – Ethernet adapters configured
as bridges – network traffic between nodes
Other components
• Dashboard (horizon) – GUI
• Identity service (Keystone) – central directory of users,
access control
• Networking (Neutron) – system for managing networks and
IP addresses
• Block Storage (Cinder) – persistent block-level storage
devices for compute instances
• Database (Trove) – relational and non-relational
• Bare Metal (Ironic) – instead of provisioning VMs
VMIs
• Virtual machine instances are deployed to
perform some task
• Virtual machine instances are accessible
through IP addresses
Private IP
• A private IP address is assigned to an
instance's network-interface by the DHCP
server (Dynamic Host Configuration Protocol)
– enables server to automatically assign IP address
from defined range for given network
– communication between instances in the same
broadcast domain via virtual switch
– The private IP address - access the instance by
other instances in the private network
Floating IP
• A floating IP address is a service provided by
Neutron. It's not using any DHCP service
– floating IP address - accessing the instance from a
public network
– Guest's operating system has completely no idea
that it was assigned a floating IP address
• Floating IP address and a private IP address
can be used at the same time on a single
network-interface.
• NAT (network address translation) maps from
one IP address space to another
• Example
• Service token –
– To authenticate access to OpenStack services,
must issue an authentication request to acquire a
token
– Fire up OpenStack
./stack.sh
• VNC – virtual network computing
– enables compute service users to access their
instances through VNC clients
– Transmits keyboard/mouse events from one
computer to another, relaying the
graphical screen updates back in the other
direction, over a network using remote frame
buffer protocol
The public responds