OpenStack has become de-facto standard for private cloud implementations. This is presentation of OpenStack basics, with a conclusion that can be valuable to professional services. I recommend the clients to pay attention to IBM's value-added solutions like Cloud Manager and Cloud Orchestrator.
2. 2
Agenda
Context
OpenStack Project and Governance
OpenStack Architecture
OpenStack Components
Perception and experience
IBM Solutions
3. 3
Context – Private, Public, Hybrid Cloud
Why private cloud?
Compliance, performance, security, reliability, lock-in avoidance
Private cloud adoption is growing 13% for hardware – 24% for software
But the future is in the hybrid cloud
The best of both world (elasticity & security)
Multivendor (cost optimization, different geographies, specializations)
Multilayer (SaaS + IaaS and/ or PaaS)
Disaster recovery of private cloud
Balance of dedicated and shared resources (private and public)
4. 4
OpenStack Adoption
As of end 2014, the enterprise
adoption is still mixed. A lot of
interest of large companies, but the
approach is still « Wait and See »
Most of the installations are still in
the US
In 2014 OpenStack received support
of Chinese government
BMW's CTO Stefan Lenz: "We need
more stability in the future, but that
doesn't prevent us from using it right
now as it is."
5. 5
OpenStack Project
OpenStack is a cloud computing project in which developers and cloud
computing providers work together to create an open IaaS platform for
public and private clouds :
Launched in 2010 as a joint project of NASA and Rackspace
New releases are produced every six months
Open source code in python, available in https://github.com/openstack
Every subproject is lead by a Program Technical Lead
Meetup groups in many major cities, Swiss meetup
6. 6
OpenStack Governance
Currently 200 companies participate in the project.
Contribution per company: Source :
Site http://stackalytics.com
OpenStack Foundation
• Technical Committee : 13 members
• Board of Directors : 24 members
• User Committee : 3 members
Tim Bell
CERN, Infrastructure Team Lead
7. 7
OpenStack Architecture – List of cloud services
OpenStack Dashboard – Horizon
OpenStack Image Service – Glance
OpenStack Identity – Keystone
OpenStack Compute – Nova
OpenStack Networking – Neutron
OpenStack Block Storage – Cinder
OpenStack Object Storage – Swift
OpenStack Orchestration – Heat
OpenStack Telemetry – Ceilometer
OpenStack Database – Trove
OpenStack Data Processing – Sahara
12. 12
OpenStack Dashboard - Horizon
Horizon is a graphical interface for administrators and users , allowing
them to access and provision cloud services
Can be customized and styled with css files
Variety of 3rd party add-ons for billing, monitoring, and some additional
management tools and interfaces
14. 14
OpenStack Image Service - Glance
Glance is REST based web service that
provides registration and delivery of server
images.
Administrators can create templates,
upload server images, set permissions on
them etc
Users can query available images and
retrieve them
Snapshots can be taken as server backups
Images are created using utilities like Virt-
Manager
15. 15
OpenStack Identity Service - Keystone
Keystone authenticate users and issue tokens, provides a catalog of services and
manages policies :
Tokens: by default temporary for 1 day, defined as private keys (PKI) : All programs have encrypted
copy of all tokens, so when a user sends request with his token to the program, the validity is verified
locally.
Tenants (projects), groupes (roles) and users
Catalog contains name, description and endpoint of the cloud services
Components :
keystone server processes APIs
and works with backends
token backend
catalog backend
policy backend
identity backend (can use LDAP)
16. 16
OpenStack Compute Service - Nova
Components:
nova-api accepts and responds to end user compute API
calls
nova-compute creates and terminates virtual machines
via the hypervisor APIs (xenAPI for xen, libvirt for KVM). It
downloads the image from glance to launch the VM
nova-scheduler takes a request from the queue and
determines where it should run (which compute server). It
also determines on which hypervisor the request should
be executed
queue (RabbitMQ) provides a central hub for passing
messages between daemons
SQL database stores the states of the cloud
infrastructure
nova-console is proxy for accessing the VMs consoles
nova-volume was replaced by cinder, nova-network by
neutron
17. 17
OpenStack Compute Service - Nova
Hypervisors:
KVM – most of the OpenStack installations are done with KVM (>50%). It is
used also in PowerLinux
VMware - VMware driver inside nova compute interacts with VCenter API to
select appropriate ESX host within the cluster. This allows for automatic
restart of VMs from a failed node on another member of ESX cluster
Xen – large customer reference - Amazon EC2 is built on it, Softlayer. It
operates in paravirtualized mode, so the guests are aware of the hypervisor
and can run efficiently without emulation.
18. 18
OpenStack Network Service - Neutron
Management network- internal communication between OpenStack components
Tenant network - VM data communication within the cloud
Public network (floating Ips for external access, public API endpoints).
19. 19
OpenStack Network Service - Neutron
Components:
Neutron server runs on controller, receives API requests and passes them to
Neutron plugins
Neutron plugins run on network node, implement APIs and interact with neutron
server, database and agents. Vendors can write plugins for interoperability with
their vendor-specific software and hardware.
Neutron DHCP agent and L3 agent run on network node and provide DHCP and
L3 Nat forwarding services
Neutron agents run on each compute node and connect instances to network
ports.
Included are plugins for Cisco virtual and physical switches, OpenV switch
20. 20
OpenStack Block Storage - Cinder
Cinder provides block storage volumes to nova compute instances
create/ delete volumes, attach/ detach volumes from compute instances, clone volumes, performs backup
drivers for commercial providers' storage solutions
manages quotas for total storage utilized, total number of snapshots, total number of volumes
cinder by default uses swift to store backups
Components
cinder api receives the requests and forwards them
to cinder-volume for action, handles the
authentication with keystone
cinder volume reads or writes to the cinder
database, works with the queue and works with
backed storage drivers
cinder scheduler chooses the storage node to
create the volume on
database retains the state of volumes, backups,
snapshots and services (MySQL, PostgreSQL)
21. 21
OpenStack Object Storage - Swift
Swift Proxy node is handling
incoming requests (command,
token, storage URL) :
authentication
check hash rings to identify the data
location
sending requests to storage nodes
Storage node is handling data
manipulations :
hash rings for data mapping
diskfile to access volume
auditor and replicator background
processes
22. 22
Swift - replicas
A node belongs to a zone, which belongs to a region:
Region (ex. data center, country)
Availability zone (machine room, power line, rack row)
Node
Multiregion configurations:
Two regions, three replicas: synchronous replication of two nodes in one region, asynchronous with
the second region
Three regions, three replicas: one region with three synchronous replicas, asynchronous replication
with two other regions
Three replicas by default, but this is configurable.
If swift is installed only on one node with three disks, it will keep three replicas
on each disk. It can be installed also on two disks
24. 24
Swift – data mapping
Ring – data structure that allows to find objects on a node
Mechanism of Hash Rings :
separate rings for accounts, containers and objects
each ring is SQLLite database with two tables (devices and partitions)
rings are created once and reballanced when new drives are added
25. 25
Swift - middleware customisations
Softlayer created a middleware to enable very sofisticated search of the
storage based on accounts and containers with multiple parameters
IBM developed swift middleware to enable connectivity directly from Docker
containers
zeroVM created a middleware to enable compute directly on storage nodes.
The requests to compute instances are encapsulated in swift requests.
NTTdata created middleware to eable connectivity from AWS S3 to swift
object storage
Wikipedia is using a middleware to dynamically create image thumbnales
26. 26
OpenStack Orchestration - Heat
Uses text file templates to describe the infrastructure resources for a cloud
application: servers, volumes, IPs, security groups, users, scaling groups
etc.
Heat also provides an autoscaling service that integrates with Ceilometer
Templates also specify the relationships between resources (e.g. this
volume is connected to that server). Heat will then make requests to
OpenStack APIs to create all requested infrastructure in the correct order
Heat manages the whole lifecycle of the application - when you need to
change your infrastructure, simply modify the template and use it to update
your existing stack. It will delete all of the resources when you are finished
with the application, too.
Can also execute AWS CloudFormation APIs
Components: heat-api and heat engine
27. 27
OpenStack - Real World Architecture
Real-world Architecture : example of BBVA
28. 28
Why OpenStack ?
Ability to innovate
Flexibility
Modularity
Cost savings
Ability to customize
Avoiding supplier lock-in
o When enterprises adopt OpenStack, they tend to
consider entirely phasing out VMware virtualization
29. 29
But…
Problems:
requires technical expertise, lack of
official support, problems with stabiilty
.
Lacks or requires:
tools for the bare metal infrastructure
provisioning, configuration management,
patching and upgrades, high availability,
monitoring, client and user support,
capacity management, billing and
chargeback, security, integration with
other infrastructure, advanced
automation, process governance
.
opportunity to sell professional services
.
opportunity to sell commercial CMP
.
31. 31
IBM Cloud Management Platform
IBM Cloud Manager with OpenStack for basic infrastructure cloud services:
Integration with existing Power and x86 installations
Hybrid cloud and Softlayer support
Workload provisioning including bare metal
Simplified installation and configuration using Chef
Collection of infrastructure patterns
Approvals process, billing
Integrated management and monitoring
Intelligent extension of nova scheduler
Capacity management (VMs utilisation)
IBM Orchestrator
Advanced orhcestration services