Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apache CloudStack AlpesJUG
1. Apache CloudStack
Sebastien Goasguen
AlpesJUG, January 30th 2013
Grenoble, France
2. Info
• Apache incubator project
• http://incubator.apache.org/cloudstack/
• #cloudstack on irc.freenode.net
• @cloudstack on Twitter
• http://www.slideshare.net/cloudstack
• http://cloudstack.org/discuss/mailing-lists.html
Welcoming contributions and feedback, Join the fun !
6. IaaS challenges
• Not out of the box by itself.
• Need a farm of hypervisors
– Xen, KVM, Vmware…
• Need storage
– For image catalogue
– For volume/snapshot management
• Need flexible network that can be configured
on-demand
– VLANS, no VLANS, existing net infra, SDN…
7. French Use Cases
• INRIA service national d’integration continue
• Grid5000 , iKoula
• Usharesoft, BtrCloud, Activeeon Integration
• Appalia integrator
8. A bit of History
• Original company VMOPs (2008)
– Founded by Sheng Liang former lead dev on JVM
• Open source (GPLv3) as CloudStack
• Acquired by Citrix (July 2011)
• Relicensed under ASL v2 April 3, 2012
• Accepted as Apache Incubating Project April
16, 2012
• First Apache release ACS 4.0 in November
2012
10. Apache Process
• 100% community driven
• New ideas, decisions only taken on mailing lists.
Votes taken by community
• Project led by Project Management Committee
(PMC):
– http://www.apache.org/dev/pmc.html
– http://incubator.apache.org/guides/committer.html
• Non committers get invited as committers:
– http://community.apache.org/newcommitter.html
13. Releases
• Apache CloudStack 4.0 released in November
• Check out the testing procedure:
– https://cwiki.apache.org/CLOUDSTACK/cloudstack
-40-test-procedure.html
• Or watch my amazing screencast:
– http://vimeo.com/54610161
– Apache CloudStack 4.1 planned for March 22nd.
Feature Freeze tomorrow...
14. Contributions
Examples:
Sungard: Announced that
6 developers were joining
the Apache project
Schuberg Philis: Big
contribution in
building/packaging and
Nicira support
PCextreme: RBD/Ceph
support
Caringo: Support for own
object store
Basho: Devcloud
packaging, S3 integration
15. What Does it do ?
• Open source Infrastructure as a Service (IaaS)
platform.
• Data Center orchestrator
• Hypervisor agnostic (with addition of bare
metal provisioning)
• Support complex enterprise networking (e.g
Firewall, load balancer, VPN, VPC…)
• Multi-tenant
17. Architecture / Language
• Java application
• Tomcat6, Axis2, Maven build + ant
– Ant going away in 4.1
• Moving towards a plugin architecture
• Collaboration Conference, Nov 30th -Dec 2nd
– http://collab12.cloudstack.org/
– http://www.youtube.com/diycloudcomputing
18. Build and Run in 4.1
• git clone https://git-wip-
us.apache.org/repos/asf/incubat
or-cloudstack.git
• mvn clean
• mvn install
• mvn –P developer –pl developer
–Ddeploydb
• mvn –pl :cloud-client-ui
jetty:run
19. Cloud Interactions OVM Cluster Primary
Storage
Ap i
Xen vcenter
vcenter
Monitoring Primary
CS API Clu I
ste AP vSphere Cluster
Storage
r M n ter
End
End
gm vCe
t
User UI
User UI
Primary
XS Cluster Storage
Admin
Admin Clustered
Clustered
CloudStack XAPI
UI
UI CloudStack
Domain
Domain
CS Admin & CloudStack
CloudStack
CloudStack
CloudStack
End-user API Primary
Admin
Admin
UI
UI
Management
Management JSON KVM Cluster Storage
Server
Server NetConf
Juniper SRX
Cloud user Nitro API
{API client (Fog/etc)} VNC
JSON
ec2 API JSON Netscaler
Cloud user Console
Console
Console
{ec2 API client } ProxyConsole
VM
Proxy VM
Proxy VM
Proxy VM NFS
MySQL
MySQL Server
Sec. Storage
Sec. Storage NFS NFS
{Proxied} SSH Sec. VM
Storage
Sec. Storage
VM
Ajax
Ajax HTTPS VM
VM
Console
Console Router VM
Router VM HTTP (Template Download)
Router VM
Router VM HTTP (Template Copy)
Router VM
Router VM
Cloud user HTTP (Swift)
http://www.slideshare.net/cloudstack/cloudstack-architecture
20. Terminology
Zone: Availability zone,
aka Regions. Could be
worldwide. Different data
centers
Pods: Racks or aisles in a
data center
Clusters: Group of
machines with a common
type of Hypervisor
Host: A Single server
Primary Storage: Shared
storage across a cluster
Secondary Storage:
Shared storage in a single
Zone
21. CloudStack Cloud Architecture
Internet
Internet Hypervisor is the basic unit of
CloudStack
Management scale.
Server
Zone 1 Cluster consists of one ore
more hosts of same
L3 core
L3 core hypervisor
All hosts in cluster have access
Pod 1 Access Layer
Access Layer Pod N to shared (primary) storage
Secondary
…. Storage Pod is one or more clusters,
Cluster N usually with L2 switches.
Availability Zone has one or
…. more pods, has access to
secondary storage.
Cluster 1
One or more zones represent
Host 11
Host cloud
Primary
Storage
Host 22
Host
22. Storage
• Primary Storage:
– Anything that can be mounted on the node of a cluster.
– Cluster LVM…iSCSI…
– Holds disk images of running VMs
– Support for CEPH with KVM hypervisors
• Secondary Storage:
– Available across the zone
– Holds snapshots and templates (image repo)
– Can use Openstack swift or any object store (Gluster FS…)
– New support for Caringo
• Can use NFS for both to start
• Storage Abstraction refactoring underway
23. Networking
• Extremely flexible to:
– Provide isolation with VLANs
– Provide isolation at L3 with shared L2 (scalability)
– Support hardware devices that exposes API
– Deployed on existing networking infrastructure
– Support new networking paradigm (SDN)
• Support for Nicira Virtual P
• Extensive use of Open VSwitch
24. Layer-2 Guest Virtual Network
CS Virtual Router provides Network Services External Devices provide Network Services
Network Hardware exposing API can be controlled
Guest Virtual Network 10.1.1.1/8 Guest Virtual Network 10.1.1.1/8
VLAN 100 VLAN 100
Public Public
Network/Inter Network/Inter
net Guest net Guest
Guest
Guest Private IP
VM 11 Public IP 10.1.1.1 VM 11
10.1.1.1 VM 10.1.1.111 VM
Gateway 65.37.141.11 Juniper
Juniper
Public IP 1 SRX
SRX
address
65.37.141.11 CS Firewall
Firewall
CS 10.1.1.1 Guest
Guest Guest
Guest
Virtual
Virtual
10.1.1.3 VM 22
VM 10.1.1.3 VM 22
VM
Router
Router
Public IP Private IP
DHCP, DNS 65.37.141. NetScaler 10.1.1.112
NetScaler
NAT Guest 112 Load Guest
Guest Load Guest
Load Balancing 10.1.1.4 VM 33 Blancer VM 33
VM Blancer 10.1.1.4 VM
VPN
Guest
Guest Guest
Guest
10.1.1.5 VM 44
VM 10.1.1.5 VM 44
VM
CS
CS
DHCP, Virtual
Virtual
Router
Router
DNS
Slide from Chiradeep Vittal, http://www.slideshare.net/cloudstack/cloudstack-networking
25. L3 isolation
• To go beyond the limitation of VLANs (4096
vlans per switch)
• Move to L3 isolation
– Shared L2
– Manage one firewall per VM
• Potential use of GRE tunnels to create single
L2 overlay
• GRE in tech preview for site to site VPN.
26. L3 isolation with distributed firewalls
Tenant 10.1.0.2
Public Public IP address
1 VM 1
Internet 65.37.141.11
65.37.141.24
65.37.141.36 10.1.0.1
Pod 1 L2 Tenant 10.1.0.3
65.37.141.80 Switch 2 VM 1
Tenant 10.1.0.4
1 VM 2
L3 Core
Pod 2 L2
Switch
10.1.8.1
…
Tenant 10.1.16.12
10.1.16.1 2 VM 2
Load Pod 3 L2
Balancer Switch
Tenant
2 VM 3 10.1.16.21
… Tenant
1 VM 3
10.1.16.47
Tenant
10.1.16.85
1 VM 4
Slide from Chiradeep Vittal
29. API
• Not really REST
• A set of methods available over http(s)
• Unauthenticated on integration port
• Authenticated on 8080 using Access and
Secret Key
• Python/Ruby clients available
• Internal Marvin client
• CLI under development
• Other clouds client support the API
30. EC2 /S3 compatibility
• Significant development work happening to make
Cloudstack highly compatible with EC2 /S3 API.
• http://wiki.cloudstack.org/display/RelOps/EC2+API
+support+in+CloudStack
• http://www.slideshare.net/sebastiengoasguen/clou
dstack-ec2-configuration
• Euca tools, boto etc…should work with cloudstack.
31. Enabling EC2 and S3
• Via the GUI
• Via API call on integration API port 8096
http://localhost:8096/client/api?
command=updateConfiguration&name=enable.s3.api&value=true
http://localhost:8096/client/api?
command=updateConfiguration&name=enable.ec2.api&value=true
32. Highly Scalable
• See:
– http://www.slideshare.net/cloudstack/scalability-
12819428
– From Alex Huang. 10k “resources” managed per
Mgt server. 30k resources with 30k VM in
simulation.
• Management server can be setup in a multi-
node configuration with a load-balancer and
replicated MySQL.
33. SandBox: DevCloud
• A Virtual box appliance packaged to provide a
working CloudStack environment.
• Aimed at developers but has other use cases:
– Xen PV hosts gives nested virtualization
– Local EC2/S3 Cloud on your laptop
– Networking experiments ?
• http://wiki.cloudstack.org/display/comm/Dev
Cloud
37. Testing Framework –for the PyUG
[environment]
• Marvin is a Python dns=10.147.28.6
mshost=10.147.39.69
based framework to run mysql.host=10.147.39.69
tests against a
[cloudstack]
private.gateway=10.147.40.1
CloudStack install private.pod.startip=10.147.41.121
private.pod.endip=10.147.41.160
• Could be used as a private.netmask=255.255.254.0
public.gateway=10.147.40.1
simulator of a public.vlan.startip=10.147.41.162
datacenter
public.vlan.endip=10.147.41.200
public.netmask=255.255.254.0
• Used to configure an
hypervisor=XenServer
host=10.147.40.10
infrastructure on a mgt host.password=password
#storage pools
server primary.pool=nfs://10.147.28.7:/expo
rt/home/automation/sadhu/primary
secondary.pool=nfs://10.147.28.6:/ex
port/home/automation/sadhu/secondary
38. CloudMonkey
• New ASF CloudStack CLI
• Python code, built using Marvin
• https://cwiki.apache.org/CLOUDSTACK/clouds
tack-cloudmonkey-cli.html
• Available from CloudStack source or pypi:
– http://pypi.python.org/pypi/cloudmonkey/
39. Build A Cloud Events
• http://www.buildacloud.org
• @build_cloud or @sebgoa on twitter
• Upcoming events in Europe in 2013:
– BACD Ghent Belgium February 1st
– FOSDEM February 2-3, Brussels
– Probable LinuxTag, Berlin, May
– Probable Summer: RMLL 6-11 July, Brussels
– Probable in Fall: Linuxcon Europe, OWF Paris,
40. Info
• Apache incubator project
• http://incubator.apache.org/cloudstack
• #cloudstack and #cloudstack-dev on irc.freenode.net
• @CloudStack on Twitter
• http://www.slideshare.net/cloudstack
• http://cloudstack.org/discuss/mailing-lists.html
Welcoming contributions and feedback, Join the fun !
Notes de l'éditeur
Caveat: A contributor is identified by sending a single email on the –dev or –users mailing list. This graphs plots the number of unique email addresses
Even though this does not really makes sense because companies don’t have a standing with ASF, individuals do.
As vms get created and destroyed, CloudStack has to ensure the configuration of the host-based firewalls (iptables) is consistent with the security group rules programmed by the cloud user