Cloud Computing & OpenStack

Edgar Magana, PhD

@emaganap

Cloud Operations Architect

Workday, Inc. USA

Acknowledgments

Big Thanks to Great Developers in OpenStack Community &

OpenStack Foundation.

Information presented here are sourced from my own

experience as OpenStack developer/user and from

OpenStack Foundation Documents & Community

Views and Technical points expressed here are solely

presenter’s and doesn’t reflect his employer views positions or

OpenStack Foundation in anyway.

Cloud Computing

Cloud computing is computing in which large groups of remote servers

are networked to allow the centralized data storage, and online access to

computer services or resources. Clouds can be classified as public,

private or hybrid.

Concept evolved in 1950 (IBM) called RJE (Remote Job Entry Process).

In 2006 Amazon provided First public cloud AWS (Amazon Web Service).

It has three components

1.) Client computers

2.) Distributed Servers

3.) Datacenters

Cloud Computing – Service Models

SaaS(Software as a service): Required software, Operating system &

network is provided.

PaaS(Platform as service): Operating system and network is provided.

IaaS(Infrastructure as a service): Just Compute & Network is provided

Why cloud services are popular?

Reduce the complexity of networks.

Do not have to buy software licenses.

Customization.

Cloud providers that have specialized in a particular area (such as e-

mail) can bring advanced services that a single company might not be

able to afford or develop.

Scalability, reliability, and efficiency.

Information at cloud are not easily lost.

Why do I need to build a Cloud?

Hardware - Compute & Storage (even commodity)

Networking (Physical and Virtual)

Space and Maintenance (Data Center)

Cloud Management System (Physical and Virtual)

What is OpenStack?

OpenStack is a cloud management system that controls large

pools of compute, storage, and networking resources

throughout a datacenter, all managed through a dashboard that

gives administrators control while empowering their users to

provision resources through a web interface.

OpenStack: A Brief History

NASA Launches Nebula

– One of the first cloud computing platforms built for

Federal Government Private Cloud

March 2010: Rackspace Open Sources Cloud Files

software, aka Swift

May 2010: NASA open sources compute software,

aka “Nova”

June 2010: OpenStack is formed

July 2010: The inaugural Design Summit

April 2012: OpenStack Foundation

April 2013: Grizzly Release

Nov 2013: Havana Release

Quantum Neutron

April 2014: Icehouse Release

October 2014: Juno Release

nebula.nasa.gov

OpenStack Community

OpenStack Core Services

Compute ("Nova") provides virtual servers upon demand. Compute

resources are accessible via APIs for developers building cloud

applications and via web interfaces for administrators and users. The

compute architecture is designed to scale horizontally on standard

hardware, enabling the cloud economics companies have come to

expect.

Network (”Neutron") is a pluggable, scalable and API-driven system for

managing networks and IP addresses. Like other aspects of the cloud

operating system, it can be used by administrators and users to increase

the value of existing datacenter assets.

Block Storage ("Cinder") provides persistent block storage to guest VMs.

This project was born from code originally in Nova (the nova-volume

service described below).

Dashboard ("Horizon") provides a modular web-based user interface for

all the OpenStack services.

OpenStack Core Services Object Store ("Swift") provides object storage. It allows you to store or

retrieve files (but not mount directories like a fileserver)

Image ("Glance") provides a catalog and repository for virtual disk

images. These disk images are mostly commonly used in OpenStack

Compute.

Identity ("Keystone") provides authentication and authorization for all

the OpenStack services

Orchestration (“Heat”) orchestrates multiple cloud applications using

the AWS CloudFormation template format, through both an OpenStack-

native REST API and a CloudFormation-compatible Query API

Metering (“Ceilometer”) monitoring and metering framework using an

agentless from 3rd party systems, all is natively implemented in

OpenStack

Documentation (“What’s up doc?)

How many in total?

24

OpenStack Core Services - Conceptual

docs.openstack.org

OpenStack Core Services - Conceptual

docs.openstack.org

OpenStack Core Services - Logical

Identity Service (Keystone) Overview

Keystone Overview

Front-ends to various OpenStack

services (compute, storage, etc.) for

authentication and authorization (AA)

Can function as an ID service on its own

with SQLite or MySQL as ID server

– Provides capabilities to create users and

roles

Other ID services can be interfaced

Can function as service catalogue to any

client (users, applications, GUI)

Identity

Service

(Keystone)

Compute

Service

(Nova

8774)

Image

Service

(Glance

9292)

Storage

Service

(Swift

8080)

Network

Service

(Neutron

9696)

Credentials

Token & SC

(with TTL)

API

Requests

with Token

Other ID

Backend

Token

Validation

Introduction – Service Catalogue

Keystone can function as Service

Catalogue (SC) for all the services in an

OpenStack deployment

SC is returned along with the token in

response to an authentication request

SC contains following information

– Service end-point (EP): <service http

address>:<port>/<service API

version>/<tenant ID>

– Region service has been deployed

19

Identity

Service

(Keystone)

Compute

Service

(Nova

8774)

Image

Service

(Glance

9292)

Storage

Service

(Swift

8080)

Network

Service

(Neutron

9696)

Credentials

Token & SC

(with TTL)

API

Requests

with Token

Other ID

Backend

Token

Validation

Image Service (Glance) Overview

Functionalities

Meta-data about a [VM] image can be stored

or updated in Glance Registry while storing or

about stored data

Glance registry service can interface with

Swift, file, S3 for image storage backend

– Can also interface with any web server for read-

only data

Meta-data stored in SQLlite or MySQL

OpenStack packaged Registry server is a

reference implementation (conforming to

Glance API)

21

Storage

Service

(File/Swift)

Glance

API

Controller

Glance

Registry

Metadata

Repository

Image

Repository

Major Meta-data

Major meta-data that can be specified ( meta key in [] indicates optional)

– Name – does not not have to unique

– [id]

– If not specified an UUID is generated

– Duplicate error returned, if duplicate ID found

– [store]

– File | Swift | S3 | HTTP | CEPH …

– If not specified configured (in .conf file) default is selected

– [type]

– ‘kernel` | `machine` | `raw` | `ramdisk`

– [is_public]

– By default non-public

Glance does not scan the image to identify image parameters

22

Compute Service (Nova) Overview

Nova Functionalities

• Nova is the Compute Service

• On-demand CRUD of Virtual Servers or VMs

• On-demand attachment/detachment of VM to network via Nova-

Network

• Replaced by Neutron Service

• On-demand attachment/detachment of block storage (“volume”) to/from

VM

Hypervisors supported:

• KVM: Linux Kernel-based VM

• VMWare ESX/ESXi 4.1 update 1

• Xen - XenServer 5.5, Xen Cloud Platform (XCP)

• Hyper-V

• LXC: Linux Containers

• UML: User Mode Linux

Nova Concepts - Projects/Tenants

Project/Tenant is unit of isolation

between users

An organization can have multiple

projects

Each project is associated with

proper resources and attributes

Project associated quota

– Number of volumes which may be

created

– Total size of all volumes within a project

as measured in GB

– Number of instances which may be

launched

– Number of processor cores which may

be allocated

– Publicly accessible IP addresses

25

Compute Instances

Servers– An abstraction of

running VM

instances or virtual

servers

While creating

servers following

information

specified– Flavor

– Image

– IPv4/6 addresses

– Metadata: user

specified, such as

server name

Flavors– Default

– Admin created

– Example:

–m1.medium:

Memory: 4096MB,

VCPUS: 2, Storage:

40GB, FlavorID: 3,

Swap: 0GB, RXTX

Quota: 0GB, RXTX

Cap: 0MB

– Admin can create

flavor:

–nova-manage

instance_type create

m1.mega 32768 16

320 0 0 0

Image– OS image

– VM disk

– Other files

26

Network Service (Nova-Network) Overview

Introduction

Network service / controller provides network related services to

connect compute instances (VM) to network

Nova has an embedded network component called Nova-Network that

provides network related services

– Target network domain: L2 network connecting VMs to local (access)

network

A separate network service / controller called Neutron is a separate

(from Nova) service on its own

– Target network domain: L2, L3

28

Nova-Network

Flat Mode

All Instances are attached to a single Linux bridge

IP addresses are injected into image on launch (from configuration file)

FlatDHCP Mode

Similar to Flat Mode with DHCP for IP addresses

VLAN Network Mode: Default Mode

A VLAN, Fixed IP Subnet, and Linux bridge per tenant

Switch must support 802.1Q VLAN tagging

Neutron Network Manager (code is being renaming in Havana release)

A client (resident in Nova) for communication with Neutron Service

2

9

Flat Mode

30

VM1

WS1

OS

vNIC

TAP

1

ETH0

Hypervisor

TAP2

VM2

App

OS

vNIC

TAP3

VM3

WS2

OS

vNIC

br100

ETH0

br100

SW 11

ETH1

SW 11

Private

Towards Cloud DC Net

or Public Net

Nova Controller with

Nova-Network or

Neutron Controller

Nova Compute Host 1

Controller Host

VM4

WS1

OS

vNIC

TAP

4

ETH0

Hypervisor

TAP5

VM5

App

OS

vNIC

TAP6

VM6

WS2

OS

vNIC

br100

Nova Compute Host 2

Bridging, NAT, DHCP

Outside communication via the controller node (where Nova-network is

resident)

Nova network component (or controller) can run in each compute node

VLAN Mode

VM1

WS1

OS

vNI

C

TAP

0

ETH1

Hypervisor

TAP1

VM2

App

OS

vNIC

TAP3

VM3

WS2

OS

vNIC

br1 / VLAN 22

br0/ VLAN11

VM4

WS1

OS

vNI

C

TAP

4

ETH1

Hypervisor

TAP5

VM5

App

OS

vNIC

TAP6

VM6

WS2

OS

vNIC

br1 / VLAN 22

br0 / VLAN11

ETH1

br0 / VLAN11

br0 / VLAN 22

SW 11

ETH0

SW 11

Private

Towards DC Net

or Public Net

Nova with Nova-Network or

Neutron Controller

Nova ComputeNova Compute Host 1 Host 2 Host n

Networking Service (Neutron) Overview

Neutron Overview

Incubation project in April 2011

Promoted to Core Project at Folsom Summit (April 2012)

Neutron Solves two main issues in Nova:

1. Limited networking technology

• Implements simple linux-based bridges (no advanced QoS, ACL or monitoring)

• Limited back-end network technologies supported

• VLANs are the only option for multi-tenancy isolation

2. No tenant control over networking

Tenant can not create their own network topologies

Tenant can not leverage different network virtualization technologies

Network as a Service (NaaS)

Provides REST APIs to manage network connections for the

resources managed by other OpenStack Services (e.g. Nova)

Technology Agnostic (framework based on “plug-ins”)

Multi-tenancy: Isolation, Abstraction, full control over virtual

networks

Modular Design: API specifies service, vendor provides its

implementation. Extensions for vendor-specific features.

Standalone Service : It is not exclusive to OpenStack. Neutron

is an autonomous service

Exposes vendor-specific network virtualization and SDN

technologies

OpenStack Networking - Neutron

Neutron Architecture

Neutron API

Neutron Service

Neutron Plug-in API

API Extensions

Service API

(VPN, FW & LBaaS)

VNI & PNI

Virtual & Physical Networking Infrastructure

Plug-In

Extensions

Plug-In

Implementation

Load Balancer as a Service (LBaaS):

Stable release

HA Proxy support

Vendor specific framework in place

Virtual Private Network as a Service (VPNaaS):

IPsec support

Site-to-Site configuration

Single-site-to-Multi-site configuration

Firewall as a Service (FWaaS):

Separate FW service

IP tables support

Vendor specific service can be included

Neutron Services - Havana

source: wiki.Openstack.org

Neutron Services

• Join the foundation

https://wiki.openstack.org/wiki/HowToContribute

Corporate Contributor License Agreement

Individual Contributor License Agreement

• Blueprints and Bugs in Launchpad

https://blueprints.launchpad.net/neutron

https://bugs.launchpad.net/neutron/+bugs

• Code review in Gerrit

https://wiki.openstack.org/wiki/GerritWorkflow

https://review.openstack.org/#/q/status:open+project:openstack/neutron,n,z

pep8 enforcement

Python hacking rules:

https://github.com/openstack/neutron/blob/master/HACKING.rst

OpenStack Contribution

Devstack

1. Install Ubuntu 14.04 or Fedora

2. Download DevStack

git clone git://github.com/openstack-dev/devstack.git

3. Start the install

cd devstack; ./stack.sh

It takes a few minutes, and you are done!

Questions!