cloudfoundry introduction
TRANSCRIPT
Agenda
➢ Cloudfoundry Introduction
➢ Architecture
➢ Runtime
➢ Services
➢ Scaling
➢ Demo
2
PaaS发展经历的阶段
第一阶段: SaaS/IaaS的向下
/向上扩展,PaaS萌芽期
第二阶段: 基于容器技术、针对原生云应用的PaaS平台快速发展
第三阶段
❏ 2007年force.com发布❏ 2008年4月 GAE Beta预览版发
布❏ 2010 Heroku 被salesforce.com
收购 ❏ 2010.2 Windows Azure发布❏ 2011 Wmware 宣布
Cloudfoundry 开源项目 ❏ 2011 Redhat 宣布openshift 开
源项目
❏ 2013.3 Netflix 发布 Netflix OSS cloud Prize
❏ 2013.11Pivotal 发布企业版❏ 2013.12 dotcloud改名为Docker❏ 2014.2 Cloudfoundry 基金会成
立 ❏ 2014.2 GAE 支持Managed VM❏ 2014.4 IBM Bluemix 发布
❏ 与IaaS/SaaS的深度融合
❏ 企业应用, 混合云
3
传统的3层架构模型
3-Tier Shared Nothing Architecture● Most Common Archiecture, widely deployed
4
Micro-service 架构
● All is API
● Build large systems composed by small services that encapsulate the functionality corresponding to a single feature
● Simple
5
I Know them
but who cares
6
*-aaS
7
工作流程
● have a good idea● request a server● get a purchase order● wait● wait● server arrives● server get power and network● server get OS● start to config and deploy
Developer
IaaS
8
工作流程
● keep systems running● don’t care about your application● not paid to care● people waiting for their servers● might have to worry about other
servers● and emails● and printers
The System Admin
9
为什么需要PaaS?PaaS makes it easier to to develop,run and scale applications.
A growing number of businesses:● transitioning from packaged
software to cloud-based services● adding analytics, db services and
multiple services to their products
PaaS technology supports a variety of clouds, application styles and services.
10
PaaS ?
A PaaS provides ready-to-use-libraries,tools and services, such as databases, security, user management, monitoring and analytics, which can be easily integrated with the applications you are developing.
PaaS can support applications written different in frameworks for a wide variety of programming languages, such as Java, Python, Ruby, .NET,etc.
11
Architecture
12
Components
13
Router
● Proxy
● All traffic
● Access logs
● Load Balancing
● Routing Scheduler
14
Uaa
● Authentication/Authorization
● Oauth2
15
Loginserver
● standard JEE servlet application
● Just Login
● Easy Integration
● LDAP
● SAML
16
CCThe Cloud Controller is responsible for managing
the lifecycle of applications. When a developer
pushes an application to Cloud Foundry, she is
targeting the Cloud Controller. The Cloud Controller
then stores the raw application bits, creates a
record to track the application metadata, and directs
a DEA node to stage and run the application. The
Cloud Controller also maintains records of orgs,
spaces, services, service instances, user roles, and
more
17
BlobstoreThe Cloud Controller manages a blob store for the
following:
Resources: Files that are uploaded to the Cloud Controller with a
unique SHA such that they can be reused without re-uploading the
file
App Packages: Unstaged files that represent an application
Droplets: Result of taking an app package, staging it by processing
a buildpack, and preparing it to run
18
DEA● The Droplet Execution Agent manages application
instances, tracks started instances, and broadcasts
state messages.
● Application instances live inside Warden containers.
Containerization ensures that application instances
run in isolation, get their fair share of resources,
and are protected from noisy neighbors.
19
Runtime/Buildpack
● What you code run with and depend on
● tomcat● jdk● weblogic● python● ...
20
How Application Run
● Container(Warden)
● Applications running in a stack with a prebuilt root filesystem (rootfs) which
works in tandem with a buildpack
● Code + Runtime + Dependency
21
Platform
Your
Push 流程
22
Services and Service Instances
Cloud Foundry offers a marketplace of services, from which users can provision reserved resources on-demand. Examples of resources services provide include databases on a shared or dedicated server. These resources are known as Service Instances and the systems that deliver and operate these resources are known as Services. Think of a service as a factory that delivers service instances
23
How CF Work with Service
24
Mysql Service
25
Service 定义流程
Develop the broker program
● Push package to CF
cf push testbroker -p testbroker.war
url: http://testbroker.xxx.com
● Register the Broker
cf create-service-broker testbroker username password http://testbroker.xxx.com
● Enable the Broker
cf service-access
cf enable-service-access test-service -p small26
如何使用?
cf push testapp -p HelloWorldJavaWeb.war
cf create-service MysqlService free testservice
cf bind-service testapp testservice
cf restage testapp
access the application
27
ScalingVertical Scaling
Vertical scaling is often referred to as scaling up. Vertical scaling increases the resources available to an application by adding the capacity directly to the individual nodes.
28
ScalingHorizontal Scaling
Horizontal scaling is often referred to as scaling out. The overall application resource capacity grows by adding entire nodes.
29
Orgs, Spaces, Roles, and PermissionsCloud Foundry uses role-based access control (RBAC), with each role granting permissions in either an org or a space
Orgs
An org is a development account that an individual or multiple collaborators can own and use. All collaborators access an org with user accounts. Collaborators in an org share a resource quota plan, applications, services availability, and custom domains.
User Accounts
A user account represents an individual person within the context of a Cloud Foundry installation. A user can have different roles in different spaces within an org, governing what level and type of access they have within that space.
Spaces
Every application and service is scoped to a space. Each org contains at least one space. A space provides a set of users access to a shared location for application development, deployment, and maintenance. Each space role applies only to a particular space.
30
Orgs, Spaces, Roles, and Permissions(Cont.)Roles and Permissions
A user can have one or more roles. The combination of these roles defines the user’s overall permissions in the org and within specific spaces in that org.
Org Roles and Permissions
Org ManagerAssign this role to managers or other users who need to administer the account.
An Org Manager can:
● Add and manage users● View users and edit org roles● View the org quota● Create, view, edit, and delete spaces● Invite and manage users in spaces● View the status, number of instances, service bindings, and resource use of each application in every space in the
org● Add domains
31
Orgs, Spaces, Roles, and Permissions(Cont.)Note: An Org Manager needs explicit administrator permissions to perform certain actions. Refer to the Creating and Managing Users with the UAA CLI (UAAC) topic to learn how to create a user with admin rights.
Org AuditorAssign this role to people who need to view but not edit user information and org quota usage information.
An Org Auditor can:
● View users and org roles● View the org quota
Space Roles and Permissions
Space ManagerAssign this role to managers or other users who need to administer a space.
A Space Manager can:
● Add and manage users in the space● View the status, number of instances, service bindings, and resource use of each application in the space
32
Orgs, Spaces, Roles, and Permissions(Cont.)Space DeveloperAssign this role to application developers or other users who need to manage applications and services in a space.
A Space Developer can:
● Deploy an application● Start or stop an application● Rename an application● Delete an application● Create, view, edit, and delete services in a space● Bind or unbind a service to an application● Rename a space● View the status, number of instances, service bindings, and resource use of each application in the space● Change the number of instances, memory allocation, and disk limit of each application in the space● Associate an internal or external URL with an application
Space AuditorAssign this role to people who need to view but not edit the space.
A Space Auditor can:
● View the status, number of instances, service bindings, and resource use of each application in the space 33
Security
➢ IaaS
○ security group
○ FWaaS
➢ CF
○ security group
■ dea iptable rules
34
Perspective on DevOps
DevOps is all about:➢ Automating complex IT
processes ➢ With Full visibility and control
35
PaaS on vmwareAll components run in vm
2 compute servers (minimum)
N+1 compute servers to support single compute node failure
Active environment consumption: (128GB application pool)
● Total physical Cores: 32 @2.0+ GHZ each (need more cores on OpenStack vs VMware ~2x)● Total physical RAM: 512GB● Total datastore size: 3.5TB (when using multiple datastores, use an identical prefix)● Networking (similar configuration…….different details)● Minimum: One port group with outbound internet access and inbound access from the customer network.
Will need 10 customer network IP’s● Preferred: One additional port group that is private, only the ESXi’s in the cluster are able to communicate
across it.
36
37