brkdct-1253: introduction to openstack...brkdct-1253 © 2012 cisco and/or its affiliates. all rights...

BRKDCT-1253: Introduction to OpenStack Daneyon Hansen, Software Engineer

© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 2 Cisco Public

Agenda

§ Background § Technical Overview § Demonstration § Q&A


Looking Back

Do You Remember What This Guy Did to IT?

Linux™


The Internet

How will you build your cloud?

The Internet was built on Open Source Software


Welcome to OpenStack

The Cloud Needs and WILL have an Open Source operating system to achieve Internet Scale:


OpenStack: A Brief History

nebula.nasa.gov

§ NASA Launches Nebula – One of the first cloud computing platforms

built by the Federal Government for the Federal Government

§ March 2010: Rackspace Open Sources Cloud Files software, aka Swift

§ May 2010: NASA open sources compute software, aka “Nova”

§  June 2010: OpenStack is formed §  July 2010: The inaugural Design Summit


OpenStack Community

160 and counting

+ &


Cloud Layers Overview

§ Hosts – Linux (Ubuntu, Red Hat, Fedora, etc.), Windows

§ Host Virtualization – KVM, Xen, Hyper-V, ESX

§ Host Management: Libvirt – An open source toolkit to interact with hypervisors

§  Virtual Networking – Linux Bridge, Open vSwitch


Cloud Layers Overview Cont..

§  Infrastructure as a Service (IaaS) Orchestration – OpenStack, Amazon EC2/S3, CloudStack

§  Platform as a Service (PaaS) – Google App Engine, AWS Beanstalk, Heroku, Cloud Foundry

§ Application Orchestration – AWS CloudFormation, OpenStack Heat (Incubation Project)

§  System Management & Automation (aka DevOps) – Puppet, Chef, Ansible, etc.


OpenStack Vision

Seamless Cloud Interoperability

Public Clouds Private Clouds

Community Clouds


Agenda



OpenStack Introduction

§ A Cloud Operating System

– A collection of interrelated software components delivering capabilities to build and manage cloud infrastructure.

§ A global community of developers devoted to innovation and openness

§ Flexibility in deployment and features

§ Standards for broad deployment

§ No fear of vendor “lock-in”


OpenStack Terminology

§ Instance- Running virtual machine § Image- Non-running virtual machine, multiple formats (AMI, OVF, etc.) § Application Programming Interface (API)- Interface for computer programs § Message Queue- Acts as a hub for passing messages between daemons § Volume- Provides persistent block storage to instances § Project- aka Tenants, provides logical separation among cloud users § Flavors- Pre-created bundles of compute resources § Fixed IP- Associated to an instance on start-up, internal only § Floating IP- Public facing IP address


OpenStack Core Projects

OpenStack Compute (Nova) Software to provision virtual machines on standard server hardware at massive scale

OpenStack Object Storage (Swift) Software to reliably store billions of objects distributed across standard server hardware

OpenStack Image Service (Glance) Services for discovering, registering, and retrieving virtual machine images


OpenStack Core Projects Cont..

OpenStack Dashboard (Horizon) A self-service web portal to allow administrators and users to manage OpenStack resources

OpenStack Identity (Keystone) Provides “unified authentication” across all OpenStack projects and integrates with 3rd party authentication systems OpenStack Block Storage Service (Cinder) Intended to separate existing nova-volume service into an independent service


OpenStack Core Projects Cont..

OpenStack Network Service (Quantum) Provides “network connectivity as a service” between devices managed by other OpenStack services

Many Other Incubation & Community Projects http://openstack.org/projects/


Identity Service (Keystone) Introduction

§ An authentication and authorization (AA) system

§ Organized into a group of internal services

§ Provides a HTTP front-end to clients (components, users, etc.)

§ Support for multiple back-ends

– Allows Keystone to adapt to a wide-range of environments


Keystone

Keystone Architecture

Nova Swift

object-api

nova-api (EC2, OS, Admin)

Glance glance-api

Service & Admin API’s

OpenStack

Service Backends (KVS, SQL, PAM, Templated)

identity token Catalog Policy


Image Service (Glance) Introduction

§ Designed to be adaptable

§ 3 primary services- API, Registry, and Store Adapter

§ Provides services for discovering, registering, and retrieving virtual machine images

§ Images can be stored in a variety of locations


Glance Architecture

Nova Swift

object-api


Glance Glance API Server (glace-api)

OpenStack

Registry Server

S3 Store

Store Adapter

Swift Store Filesystem Store HTTP Store

SQL

Keystone

Service API


Compute Service (Nova) Introduction

§ Primary component of the OpenStack IaaS platform

§ Shared-nothing and modular software architecture

– Services communicate using a message queue (AMQP)

§ Uses a SQL-based database for information storage

– Shared by all system components


Nova Architecture

Nova


OpenStack

Users

Computer Programs

Message Queue (RabbitMQ)

Scheduler (nova-scheduler)

Compute Worker(s) (nova-compute)

Network Controller(s) (nova-network)

Volume Worker(s) (nova-volume)

Data Store

Glance Swift

object-api

Keystone

Service API glance-api glance-api


Block Storage Service (Cinder) Introduction

§ New in Folsom Release

§ Provides a “drop-in” replacement/alternative to nova-volume

§ Utilizes the same nova-volume code and architecture

§ Operates using the same nova client and euca2ools

– nova volume-create, nova volume-snapshot-create, etc.

§ Upcoming release (Havana) will include:

– Additional driver support, metering, incremental snapshots w/Swift integration


Cinder Architecture

Cinder

cinder-api (OS, Admin)

OpenStack

Users

Computer Programs

Message Queue (RabbitMQ)

Scheduler (cinder-scheduler)

Volume Worker(s) (cinder-volume)

Data Store

Nova Swift

object-api

Keystone

Service API nova-api


Object Store Service (Swift) Introduction

§ Object-based storage system

– NOT a block-based system like iSCSI

– Consists of flexibly-sized data containers (objects)

§ Distributed architecture

– Avoids a single point of failure

– Massively scalable (billions of objects and PB’s of data)

§ Server hard drives turn into a pool of storage


Swift Architecture

Nova

Swift object-api


OpenStack

Keystone

Service API

Glance glance-api

Account Service Container Service Object Service

Memcache Proxy Server

Storage Server

swauth


Swift Functionality

27

§  The Ring – Mapping between entities and physical location

§  Proxy Server – Ties together end users and the Swift back-end

services, provides public API endpoint.

§ Object Server – Simple blob storage server to store, retrieve, and

delete objects on local disk

§ Container Server – Lists objects

§  Account Server – Similar to container, but lists containers

Server 1 Device

1

Server 2 Device

2

Server 3 Device

3

Zone 1 (Replica 1)

P11

P25

Zone 2 (Replica 2)

Zone 3 (Replica 3)

….

The Ring The Cluster


Component Communication

Other OpenStack Components

Nova

Swift object-api

Glance glance-api nova-api (EC2, OS, Admin)

OpenStack

component-api




Nova

Swift object-api

Glance glance-api

OpenStack


component-api




Nova

Swift object-api

Glance glance-api

component-api

OpenStack



OpenStack Networking Options

Flat Mode All Instances are attached to a single Linux bridge. IP’s are injected into image on launch FlatDHCP Mode Similar to Flat Mode, but includes a DHCP server to manage instance IP’s. Instances receive an IP through a dhcpdiscover message VLAN Network Mode A VLAN, Fixed IP Subnet, and Linux bridge per tenant. Quantum Network Manager A peer OpenStack service providing network connectivity services


Flat & Flat DHCP Modes

33

VM1 WS1

OS

vNIC

ETH0 Hypervisor

TAP2

VM2 App

OS

vNIC

TAP3

VM3 WS2

OS

vNIC

br100 ETH0

br100 ETH1

Private Network

Public Network

Network Controller (i.e. Node running Nova-

Network)

Compute Node Host 1 Controller Node

VM4 WS1

OS

vNIC

TAP4

ETH0 Hypervisor

TAP5

VM5 App

OS

vNIC

TAP6

VM6 WS2

OS

vNIC

br100

Compute Node Host N

Bridging, NAT, DHCP

§  Controller Node runs nova-network and acts as gateway to “outside world” §  Optionally, nova-network component can run on each compute node

Requires nova-api on each compute node

TAP1


VLAN Mode

34

VM1 WS1

OS

vNIC

ETH1 Hypervisor

VM2 App

OS

vNIC

VM3 WS2

OS

vNIC

br101 / VLAN 22 br100/ VLAN11

VM4 WS1

OS

vNIC

ETH1 Hypervisor

VM5 App

OS

vNIC

VM6 WS2

OS

vNIC

br101 / VLAN 22 br100 / VLAN11

ETH1 br100 / VLAN11

br101 / VLAN 22

ETH0

Private Network

Public Network

Compute Node Compute Node Host 1 Host N

§  Default Networking Mode §  Switch must support 802.1q VLAN Tagging

Controller Node

TAP0 TAP1 TAP6 TAP4 TAP5 TAP3

Network Controller (i.e. Node running Nova-

Network)


Quantum Introduction §  Provides abstractions and functionality needed for

cloud networking

§ Why Quantum? – Current networking under Nova is limited – Provide tenants an API to build rich networking topologies

– Foster innovation through plug-ins

§  Provides abstractions, functions, and API for: – Virtual Network (VN)

– Virtual port (VPT) on a VN – Attaching/detaching Virtual Interfaces (VIF)

35

VM1 WS1

OS

VIF1

VPT1

ETH1 Hypervisor

VPT2

VM2 App

OS

VIF2

VM42 App

OS

VIF4

VPT3 VPT4

VM3 WS2

OS

VIF3

VN-Red-E2 VN-Blue-E1

q-router


Quantum Architecture

Quantum API

Quantum Service •  Network abstraction definition and management •  Device and service attachment framework •  Does NOT implement any abstractions

Quantum Plug-in API

API Extensions

Vendor/User Plug-In •  Maps abstraction to implementation on physical and/or virtual networks •  Implements all the operations included in the Quantum API •  Can provide additional features through API extensions


Quantum Abstractions §  Virtual Networks (VN)

– A basic Layer-2 (L2) network – A common VN realization is a VLAN

§  Virtual Ports (VP) – An attachment point for a virtual interface (VIF) to connect

to a VN

– Ports expose configuration and monitoring state through extensions

§  Subnets (new in v2 API) – IP Address Management (IPAM) to store subnet

information and IP allocation

– Allows the setting of gateway and host routes 37

VM1 WS1

OS

VIF1

VPT1

ETH1 Hypervisor

VPT2

VM2 App

OS

VIF2

VM42 App

OS

VIF4

VPT3 VPT4

VM3 WS2

OS

VIF3


q-router


Quantum Abstractions Cont.. §  Through CRUD operations, an Instance can

dynamically be: – Added/removed from a network – Moved from one port to another on demand

38

VM1 WS1

OS

VIF1

VPT1

ETH1 Hypervisor

VPT2

VM2 App

OS

VIF2

VM42 App

OS

VIF4

VPT3 VPT4

VM3 WS2

OS

VIF3


q-router


Quantum Plugins & API Extensions §  Plugin

– Implements the realization of Quantum abstractions – Supports different back-end technologies and vendors

– Currently 1 Quantum plugin per deployment – Examples: Linux Bridge, Open vSwitch, Cisco, Nicira

NVP

§  API Extensions – Allows the plugin to expose additional capabilities – Applications can programmatically determine what

extensions are available through CRUD operations

– Examples: Port profiles, Quality of Service, etc.

39

VM1 WS1

OS

VIF1

VPT1

ETH1 Hypervisor

VPT2

VM2 App

OS

VIF2

VM42 App

OS

VIF4

VPT3 VPT4

VM3 WS2

OS

VIF3


q-router


Quantum High-Level Flow §  Tenant creates a network (i.e. net1) §  Tenant associates a subnet with a network (i.e.

subnet1- 10.10.10.0/24)

§  Tenant boots an Instance, specifying the network to connect to (i.e. nova boot –nic net-id=)

§ Nova contacts Quantum and creates a port1 on net1 § Quantum assigns an IP address to the Instance

(through DHCP Agent)

§  Tenant destroys the Instance § Nova contacts Quantum to destroy port1.

Associated IP address is returned to pool.

40

VM1 WS1

OS

VIF1

VPT1

ETH1 Hypervisor

VPT2

VM2 App

OS

VIF2

VM42 App

OS

VIF4

VPT3 VPT4

VM3 WS2

OS

VIF3


q-router


Agenda



Keystone Demonstration


Glance Demonstration


Nova Demonstration


Quantum Demonstration


Horizon Demonstration


Summary

§ Openstack.org § OpenStack is massively scalable § OpenStack is production ready


Questions?


Complete Your Online Session Evaluation §  Give us your feedback and you

could win fabulous prizes. Winners announced daily.

§  Receive 20 Passport points for each session evaluation you complete.

§  Complete your session evaluation online now (open a browser through our wireless network to access our portal) or visit one of the Internet stations throughout the Convention Center.

Don’t forget to activate your Cisco Live Virtual account for access to all session material, communities, and on-demand and live activities throughout the year. Activate your account at the Cisco booth in the World of Solutions or visit www.ciscolive.com.

49


Final Thoughts

§ Get hands-on experience with the Walk-in Labs located in World of Solutions, booth 1042

§ Come see demos of many key solutions and products in the main Cisco booth 2924

§  Visit www.ciscoLive365.com after the event for updated PDFs, on-demand session videos, networking, and more!

§  Follow Cisco Live! using social media: – Facebook: https://www.facebook.com/ciscoliveus – Twitter: https://twitter.com/#!/CiscoLive – LinkedIn Group: http://linkd.in/CiscoLI

50

brkdct-1253: introduction to openstack...brkdct-1253 © 2012 cisco and/or its affiliates. all rights...

Documents