SlideShare une entreprise Scribd logo

Hacking apache cloud stack

Murali Reddy
Murali Reddy
1  sur  86
Télécharger pour lire hors ligne
Hacking on Apache (Incubating) CloudStack
Tutorial Outline •  Session 1: Introduction to CloudStack Murali Reddy: Committer Apache CloudStack •  Session 2: Architecture of CloudStack Murali Reddy: Committer Apache CloudStack •  Session 3: Hands on with DevCloud Kishan Kavala: Committer Apache CloudStack Rajesh Battala: Contributor Apache CloudStack
Session 1 Introduction to CloudStack
Cloud Computing Virtualization is not Cloud computing Server Virtualization++ Cloud Built for traditional enterprise Designed around big data, apps & client-server compute massive scale & next-gen apps •  Enterprise arch for 100s of hosts •  Cloud arch for 1000s of hosts •  Scale-up (pool-based resourcing) •  Scale-out (horizontal resourcing) •  IT management-centric •  Autonomic management •  1 administrator for Dozens of servers •  1 administrator for 1,000’s of servers •  Apps assume reliability •  Apps assume failure •  Proprietary vendor stack •  Open, value-added stack
Cloud Computing (contd..) •  Tenets of Cloud o  Shared infrastructure and Multi-tenancy o  Self Service o  Elasticity o  Built for massive Scale o  Service agility o  Pay-as-you-go o  APIs and Extreme Automation •  IAAS/PAAS/SAAS •  Public/Private/Hybrid clouds
What is Apache CloudStack •  Turnkey orchestration platform for delivering IAAS clouds o  Secure, multi-tenant o  Self-service o  Service agility and elasticity o  Built for large scale o  Pay-as-you-go •  Deploys on premise (private) or as a hosted (public) cloud •  Can be used for hybrid clouds •  built in java, provides native REST API’s and EC2 API •  Has python, Ruby clients and CLI as well
A  bit  of  History   •  Original  company  Cloud.com  (2008)   •  Open  source  (GPLv3)  as  CloudStack  (2010)   •  Acquired  by  Citrix  (July  2011)   •  Relicensed  under  ASL  v2  April  3,  2012   •  Accepted  as  Apache  IncubaKng  Project  April  16,   2012   •  First  Apache  (ACS  4.0)  released   •  Many  non-­‐Citrix  contributors,  commiRers,  PPMC   members  
Who is contributing •  Sungard: Unit test cases •  Carnigo: Object store plug-in •  Ceph/Rbd support by Wido •  CLVM/KVM by Marcus •  Nicira NVP: Schuberg Philis •  Basho: Object Store •  Brocade ADX ADC support •  Midokura midonet SDN controller integration
How to contribute •  Its not just about code! As community member you can engage in o Discussions: Design, Use Case, deployment issues o Bug reporting, feature requests o Code reviews o Build, tools, infrastructure o Helping out on the IRC o Documentation o Submit bug fixes, features
How to contribute (contd..) •  Git repo, bug tracker, wiki are on ASF infra •  Project website o  http://incubator.apache.org/cloudstack/ o  http://www.cloudstack.org •  IRC o  #cloudstack on irc.freenode.net o  Wednesday - 10:30 PM IST, 5:00 UTC •  Mailing lists (cloudstack.org/discuss/mailing- lists.html) o  cloudstack-dev-subscribe@incubator.apache.org o  cloudstack-users-subscribe@incubator.apache.org •  http://www.slideshare.net/cloudstack
On-demand infrastructure as a service Org A Org B Admin Admin Users Users Cloud Admin End User Provision Consume resources resources UI Cli EC2 CloudStack managed cloud REST API Compute Network Storage CloudStack Management Server manage resources
Core CloudStack Components VM •  Hosts •  Servers onto which services will be provisioned Host VM Network •  Primary Storage Host •  VM storage •  Cluster Primary •  A grouping of hosts and their associated storage Storage •  Pod •  Collection of clusters Cluster •  Network Secondary Storage Cluster •  Logical network associated with service offerings •  Secondary Storage •  Template, snapshot and ISO storage CloudStack Pod •  Zone •  Collection of pods, network offerings and secondary CloudStack Pod storage •  Management Server Farm Zone •  Responsible for all management and provisioning tasks
CloudStack Deployment Architecture CloudStack Management Internet Ø  Hypervisor is the basic unit Server of scale. Zone 1 Ø  Cluster consists of one ore more hosts of same L3 core hypervisor Ø  All hosts in cluster have Pod 1 Access Layer Pod N access to shared (primary) Secondary storage …. Storage Cluster N Ø  Pod is one or more clusters, usually with L2 switches. …. Ø  Availability Zone has one or more pods, has access to Cluster 1 secondary storage. Host 1 Ø  One or more zones Primary represent cloud Storage Host 2
CloudStack Managing Multiple Zones Data Center 1 Data Center 2 Ø  Single Management Server can Data Center 2 Management Data Center 3 manage multiple zones Server Zone Zone Ø  Zones can be geographically 2 distributed but low latency links 2 Zone Zone are expected for better Zone1 Zone 3 performance 4 3 Ø  Single MS node can manage up to 5K hosts. Data Center 2 Ø  Multiple MS nodes can be Data Center 2 deployed as cluster for scale or Data Center 2 redundancy Zone Zone 2ZoneZone 2 2 Zone 3 Zone 3 3
Infrastructure provisioning
Infrastructure provisioning (contd.)
Compute/Disk/Network Offering
Create Virtual Machines via Offerings Select Operating System •  Windows, Linux Select Compute Offering •  CPU & RAM Select Disk Offering •  Volume Size Select Network Offering •  Network & Services Create VM
Virtual Machine Management Users Change VM Operations Console Access VM Status Service Offering Start •  CPU Utilized 2 CPUs 4 CPUs Stop 1 GB 4 GB •  Network Read RAM RAM Restart •  Network Writes 20 GB 200 GB Destroy 20 100 Mbps Mbps
Volume & Snapshot Management VM 1 Add / Delete Volumes Volume Create Templates Volume Template from Volumes Hourly Weekly Schedule Now Snapshots Daily Monthly …. View Snapshot History
A  Very  Flexible  IaaS  Pla5orm   Compute Hypervisor XenServer VMware Oracle VM KVM Bare metal Storage Block & Object Fiber Local Disk iSCSI NFS Swift Ceph Riak Channel Primary  Storage   Secondary  Storage   Network Network & Network Services Load Network Type Isolation Firewall VPN balancer
CloudStack Storage Primary Storage •  Configured at Cluster-level. Close to hosts for better performance •  Stores all disk volumes for VMs in a cluster L3 switch •  Cluster can have one or more primary storages L2 switch Pod 1 •  Local disk, iSCSI, FC or NFS Cluster 1 Secondary Storage Secondary Storage Host 1 Local •  Configured at Zone-level storage Primary Storage •  Stores all Templates, ISOs and Snapshots Host 2 •  Zone can have one or more secondary storages •  NFS, OpenStack Swift Availability zone Local Storage •  Storage available on hypervisor hist
Role of Storage and Templates •  Primary Storage •  Cluster level storage for VMs Host •  Connected directly to hosts •  NFS, iSCSI, FC and Local Host •  Secondary Storage Primary Storage •  Zone level storage for template, ISOs and Cluster snapshots •  NFS or OpenStack Swift via CloudStack Pod System VM •  Templates and ISOs •  Imported into CloudStack •  Can be private or public Secondary Storage Zone Template
Provisioning Process 1.  User Requests Instance VM 2.  Provision Optional Network Host Services Host 3.  Copy instance template from Primary Storage secondary storage to primary Cluster storage on appropriate cluster Pod 4.  Create any requested data volumes on primary storage for the Template cluster 5.  Create instance Secondary Storage 6.  Start instance Zone
Object Store CloudStack Mgmt •  Object store used to store Server templates and snapshots •  VM’s can be distributed across the availability zones •  For DR create instances Availability Zone Availability Zone Availability Zone in different zones Object Storage
Multi-tenancy & Account Management Resources Domain VMs, IPs, Snapshots… Domain is a unit of isolation Org A that represents a customer Admin org, business unit or a reseller Domain Reseller A Domain can have arbitrary Admin Sub-Domain Resources levels of sub-domains VMs, IPs, Snapshots… Org C A Domain can have one or Admin more accounts Account Group A An Account represents one or more users and is the Account basic unit of isolation Group B Admin can limit resources at User 1 the Account or Domain levels User 2
User Dashboard: Consumed Resources •  Running, Stopped & Total VMs •  Public IPs •  Private networks •  Latest Events
Admin Dashboard: Consumed Resources •  Provides zone wide resource consumption •  Also provides latest alerts and events
Edge services with System VMs •  System VMs optimize and scale the datapath on behalf of CloudStack o  Stateless, can be destroyed and recreated from database state o  Highly Available o  Communicates with Management Server over management network o  Usually have 3 interfaces: control, guest and public •  Console Proxy VM o  Provides AJAX-style HTTP-only console viewer o  Grabs VNC output from hypervisor o  Scales out (more spawned) as load increases o  Java-based server Communicates with MS over message bus •  Secondary Storage VM o  Provides image (template) management services o  Download from HTTP file share or Swift o  Copy between zones o  Scale out to handle multiple NFS mounts o  Java-based server communicates with MS over message bus
Edge services with System VMs (contd.) •  Virtual Router VM o  Provides multiple network services o  IPAM (DHCP), DNS, NAT, Source NAT, Firewall, PF, VPN o  User-data, Meta-data, SSH keys and password change server o  Redundancy via VRRP o  MS configures VR over SSH §  Proxied via the hypervisor on XS and KVM
Network & Network Services •  Create Networks and attach VMs •  Acquire public IP address for NAT & load balancing •  Control traffic to VM using ingress and egress firewall rules •  Set up rules to load balance traffic between VMs
Networking feature overview •  Orchestration of L2 – L7 network services o  IPAM, DNS, Gateway, Firewall, NAT, LB, VPN, etc •  Mix-and-match services and providers •  Out-of-the-box integration with automated deployment of virtual routers o  Highly available network services using CloudStack HA and VRRP •  Orchestrate external providers such as hardware firewalls and load balancers o  Devices can provide multiple services o  Admin API to configure external devices o  Plugin-based extensions for network behavior and admin API extensions •  Multiple multi-tenancy [network isolation] options •  Integrated traffic accounting •  Access control •  Software Defined Networking (Nicira NVP)
L2 Features •  Choice of network isolation o  Physical, VLAN, L3 (anti-spoof), Overlay[GRE] o  Physical isolation through network labels [limited to # of nics or bonds] •  Multi-nic o  Deploy instance in multiple networks o  Control default route •  Access control o  Shared networks, project networks •  QoS [max rate] •  Traffic monitoring •  Hot-plug / detach of nics
L3 Features •  IPAM [DHCP], Public IP address management o  VR acts as DHCP server o  Can request multiple public IPs per tenant •  Gateway (default gateway) o  Redundant VR (using VRRP) o  Inter-subnet routing o  Static routing control •  Remote Access VPN o  L2TP over IPSec using PSK o  Virtual Router only •  Firewall based on source cidr •  Static NAT [1:1] o  Including “Elastic IP” in Basic Zone •  Source NAT o  Per-network, or interface NAT •  Public Traffic usage o  Monitoring on the Virtual Router / External network device o  Integration with sFlow collectors •  Site-to-Site VPN o  IPSec VPN based on VR •  L3 ACLs
L4 Features •  Security groups for L3-isolation o  “Basic Zone” in docs o  Default AWS-style networking o  Scales much better than VLANs •  Stateful firewall for TCP, UDP and ICMP •  Port forwarding [“Advanced Zone”] o  Conserve public Ips
L7 features •  Loadbalancer o  VR has HAProxy built in o  External Loadbalancer support §  Netscaler (MPX/SDX/VPX) §  F5 BigIP §  Can dedicate an LB appliance to an account or share it among tenants o  Loadbalancer supported with L3-isolation as well o  Stickiness support o  SSL support [future] o  Health Checks [future] •  User-data & meta-data o  Fetched from virtual router •  Password change server
CloudStack Terminology •  Guest network o  The tenant network to which instances are attached •  Storage network o  The physical network which connects the hypervisor to primary storage •  Management network o  Control Plane traffic between CloudStack management server and hypervisor clusters •  Public network o  “Outside” the cloud [usually Internet] o  Shared public VLANs trunked down to all hypervisors •  All traffic can be multiplexed on to the same underlying physical network using VLANs o  Usually Management network is untagged o  Storage network usually on separate nic (or bond) •  Admin informs CloudStack how to map these network types to the underlying physical network o  Configure traffic labels on the hypervisor o  Configure traffic labels on Admin UI
CloudStack Network Service Providers •  A Network Service Provider is hardware or virtual appliance that makes a network service possible in CloudStack ; for example, a Citrix NetScaler appliance can be installed in the cloud to provide Load-Balancing services. •  Administrators can have multiple instances of the same service provider in a network; for example, more than one Citrix NetScaler or Juniper SRX device can be added to CloudStack •  CloudStack supports the following Network Providers: o  CloudStack Virtual Router (default) o  Citrix NetScaler SDX, VPX and MPX models o  Juniper SRX o  F5 BigIP
Network Service Providers Matrix •  Network offerings is basically a definition of what Network Services are available when this offering is used. The available Network Services are: VPN, DHCP, DNS, Firewall, Load Balancer, User Data, Source NAT, Static NAT, Port Forwarding and Security Groups* Feature Virtual Citrix Juniper F5 BigIP Router NetScaler SRX Remote Access VPN YES N/A N/A N/A Firewall YES N/A YES N/A Source NAT YES N/A YES N/A Static NAT YES YES YES N/A Load Balancing YES YES N/A YES Port Forwarding YES N/A YES N/A Elastic IP N/A YES N/A N/A Elastic LB N/A YES N/A N/A DHCP/DNS/User Data YES N/A N/A N/A
Network Offerings •  Cloud provider defines the feature set for guest networks •  Toggle features or service levels o  Security groups on/off o  Load balancer on/off o  Load balancer software/hardware o  VPN, firewall, port forwarding •  User chooses network offering when creating network •  Enables upgrade between network offerings •  Default offerings built-in o  For classic CloudStack networking
Add Guest Networks •  Choice to choose L3 subnet, default gateway •  Choice of network offerings
Editing Guest Networks When editing a guest network users can change the network offering. They can either upgrade to a “premium” network offering (for example offering that uses hardware Load-balancer) or downgrade to a “cheaper” network.
Restarting/Cleaning Up a Guest Network •  Restarting the network will simply resend all the LB, Firewall and Port-Forwarding rules to the network provider •  Restarting the Network with “Clean up”: •  restarKng  network  elements  -­‐  virtual  routers,  DHCP   servers   •  If  virtual  router  is  used,  it  will  be  destroyed  and   recreated     •  Reapplying  all  public  IPs  to  the  network  provider   •  Reapplying  load-­‐Balancing/Port-­‐Forwarding/Firewall   rules  
Deleting a Guest Network •  An Isolated Guest Network can only be deleted if no VMs are using these network (e.g. Completely destroyed and expunged) •  Deleting a Network will Destroy the Virtual Router (if used) and will release the Public IPs back to the IP Pool
Basic vs Advanced Networking •  Segmentation based on feature set and ease-of- deployment •  Both are feature-rich •  Basic implements true AWS-style L3-isolation o  Tenants do not get contiguous IP addresses or subnets o  Network segmentation based on Security Groups o  Tremendous scale (tens of thousands) •  Advanced Zone offers full L3 subnets and L2 isolation o  VLANs are default implementation (4K limit) o  More features (source NAT, PF, LB, VPN)
Physical Network in Zone Core (L3) Network Pod 1 Pod 2 Pod N Cloudstack   Access  Switch(es) Server   Cloudstack   Servers CLUSTER 1 …   Hypervisor  1 VM Traffic …   Hypervisor  8 Control Plane Traffic Storage Traffic Storage 2 Storage 1 Public Traffic …   CLUSTER 4 Hypervisor  N Hypervisor  N+1 Storage k
Layer 3 cloud networking Web DB Web VM VM VM Web DB Security Security Group Group Web Web DB VM VM VM … … … Web Web VM VM
Guest Networks with L3 isolation Public   Public  IP   Guest   Guest   Internet address   1  VM  1 address   65.37.141.11   10.1.0.2 10.1.0.1 Guest   65.37.141.24   Pod  1  L2   Guest   65.37.141.36   Switch 2  VM  1 address   65.37.141.80   10.1.0.3   Guest   Guest   1  VM  2 address   L3  Core   Switch Pod  2  L2   Switch 10.1.8.1 … 10.1.0.4 Guest   Guest   10.1.16. 2  VM  2 address   Load   Pod  3  L2   Balancer 1 10.1.16.12 Switch Guest   2  VM  3 Guest   address   10.1.16.21 … Guest   1  VM  3 Guest   address   10.1.16.47 Guest   Guest   1  VM  4 address   10.1.16.85
Guest Networks with L2 isolation Core (L3) Network Pod K Pod M Pod N Access  Switch(es) V V Hypervisor R V Hypervisor CLUSTER 1 …   Hypervisor  1 R VM Traffic …   Hypervisor  8 Public Traffic …   CLUSTER 4 V V Hypervisor  N V Tenant VM Hypervisor  N+1 V R Tenant Virtual Router
L2 isolation: VLAN networking User 1 User 1 User User 1 2 User 1 User User 2 1 User 2 … … … User 1
SDN at Work CloudStack Mgmt Server SDN Controlle r Host 1 OVS Host 3 OVS VM VM VM V 1 1 3 R GRE Tunnel GRE Tunnel Host 2 OVS Host 4 OVS VM VM VM V 2 2 3 R GRE Tunnel GRE Tunnel
Guest virtual layer-2 network Guest  Virtual  Network   10.1.1.0/24 Public   Public  IP   Guest   Gateway   Guest   Network address   1  VM  1 address   address   65.37.141.11   10.1.1.1 10.1.1.2 65.37.141.36 Guest  1   Guest   Guest   Public   Virtual   1  VM  2 address   Internet Router 10.1.1.3 NAT   Guest   Guest   DHCP   1  VM  3 address   Load   10.1.1.4 Balancing   Guest   Guest   VPN 1  VM  4 address   10.1.1.5 Guest  Virtual  Network   Public  IP   10.1.1.0/24 address   Gateway   Guest   Guest   65.37.141.24   address   2  VM  1 address   65.37.141.80 10.1.1.1 10.1.1.2 Guest  2   Guest   Guest   Virtual   2  VM  2 address   Router 10.1.1.3 NAT   Guest   Guest   DHCP   2  VM  3 address   Load   10.1.1.4 Balancing   VPN
Layer-2 Guest Virtual Network CS Virtual Router provides Network Services External Devices provide Network Services Guest  Virtual  Network  10.1.1.1/8   Guest  Virtual  Network  10.1.1.1/8   VLAN  100 VLAN  100 Public   Public   Network/ Network/ Internet Guest Internet Guest Public  IP   Private  IP   10.1.1.1 10.1.1.1 VM 1 10.1.1.111 VM 1 Gateway   65.37.141.111 Juniper Public  IP   SRX address   65.37.141.11 CS Firewall 10.1.1.1 Guest Guest Virtual 10.1.1.3 VM 2 10.1.1.3 VM 2 Router Public  IP   Private  IP   DHCP,  DNS   65.37.141. NetScaler 10.1.1.112 NAT   Guest 112 Load Guest Load  Balancing   10.1.1.4 VM 3 Blancer VM 3 10.1.1.4 VPN Guest Guest 10.1.1.5 VM 4 10.1.1.5 VM 4 CS DHCP,   Virtual Router DNS  
Layer-3 Guest Network Network Services Managed Externally Network Services Managed by CS Public  Network   65.11.0.0/16 Security  Group   Security  Group   Public  Network/ 1 1 Internet 10.1.2.3 65.11.1.2 Guest Guest VM 1 VM 1 10.2.12.4 65.11.1.3 65.11.1.2 NetScaler L3 Guest Guest 65.11.1.3 Load switch VM 2 VM 2 Blancer 65.11.1.4 EIP,   ELB   10.5.2.99 65.11.1.4 Guest Guest VM 3 VM 3 10.1.2.18 65.11.1.5 Guest Guest VM 4 VM 4 CS CS Virtual DHCP,   Virtual Security  Group   DHCP,   Route Security  Group   Router DNS   2 DNS   r 2
Multi-tier network Internet IPSec or SSL site-to-site VPN CS Customer Virtual Router Loadbalancer Premises Monitoring VLAN Virtual Router Services App VM •  IPAM 10.1.2.31 1 •  DNS 10.1.1.1 Web VM 1 •  LB [intra] •  S-2-S VPN App VM 10.1.2.24 •  Static Routes Web VM 2 •  ACLs 10.1.1.3 2 •  NAT, PF •  FW [ingress & egress] Web VM DB VM •  BGP 10.1.1.4 3 10.1.3.24 1 Web VM 10.1.1.5 4 Virtual  Network     Virtual  Network     Virtual  Network     10.1.1.0/24   10.1.2.0/24   10.1.3.0/24   VLAN  100 VLAN  1001 VLAN  141
Session 2 Architecture of CloudStack
Problem Definition •  Offer a scalable, flexible, manageable IAAS platform that orchestrate physical and virtual resources to offer self-service infrastructure provisioning and monitoring •  Flexible o  Handle new physical resource types § Hypervisors, storage, networking o  Add new APIs o  Add new services o  Add new networking models
Problem Definition (contd..) •  Manageable o  Hide complexity of underlying resources o  Rich functional end-user and admin UI o  Admin API to automate operations o  Easy install, upgrade for small -> large clouds o  Simple scaling, automated resilience •  Scalable architecture o  1 -> N hypervisors / VMs / virtual resources o  1 -> N end users
Problem Definition (contd..) •  Resource Allocation o  Hypervisor CPU, Memory o  Storage space o  Avoid set of pods, clusters, hosts •  Capacity scanning o  Snapshot of resources consumed o  Trigger capacity threshold violations •  Garbage collection o  Network resources (IP, VLAN, CIDR etc) o  Compute (VM, CPU, memory) o  Storage (volumes) •  Synchronizing the resource states •  Infrastructure resource failures •  Fencing
Scaling: Horizontal Scaling Single-node Multi-node Deployment Deployment Manage ment Server User API User API Manage Manage ment MySQL Load ment Server DB Balancer Server Admin API Admin API Manage MySQL ment DB Server Back Up DB Replication Ø  MS is stateless. MS can be deployed as physical server or VM Infrastructure Infrastructure Ø  Single MS node can manage up Resources Resources to 10K hosts. Multiple nodes can be deployed for scale or redundancy
Resource Load Balancing •  As management server is added into the cluster, resources are rebalanced seamlessly. o  MS2 signals to MS1 to hand over a resource o  MS1 wait for the commands on the resources to finish o  MS1 holds further commands in a queue o  MS1 signals to MS2 to take over o  MS2 connects o  MS2 signals to MS1 to complete transfer o  MS1 discards its resource and flows the commands being held to MS2 •  Listeners are provided to business logic to listen on connection status and adjusts work based on who’s connected. •  By only working on resources that are connected to the management server the process is on, work is auto-balanced between management servers. •  Also reduces the message routing between the management servers.
Cloud Other CLI UI Clients Portal Management Server REST API End User Other Pluggable Service API OAM&P API EC2 API API APIs Engine Console Proxy ACL & Authentication Security Adapters Management -  Accounts, Domains, and Projects -  ACL, limits checking Account Management Connectors Template Services API Access Plugin API Deployment Planning HA Kernel Job Services API -  Drives long running VM Network Configurations Queue Usage operations Calculations -  Syncs between resources managed and DB Network Elements Additional -  Generates events Services Hypervisor Gurus Cluster Resource Job Alert & Event Database Managemen Managemen Management Management Access DB t t Event Bus Message Bus Hypervisor Network Storage Image Snapshot Resources Resources Resources Resources Resources
Interactions OVM Cluster Primary Storage vcenter Monitoring Primary CS API vSphere Cluster Storage End User UI Primary XS Cluster Storage Admin UI Clustered CloudStack XAPI Domai CS Admin & CloudStack CloudStack n End-user API Primary Admin Management JSON KVM Cluster Storage UI Server NetConf Juniper SRX Cloud user Nitro API {API client (Fog/etc)} VNC JSON ec2 API JSON Netscaler Cloud user Console Console {ec2 API client } Proxy VM Proxy VM NFS MySQL Server Sec. {Proxied} SSH Sec. Storage NFS NFS Storage VM Ajax HTTPS VM Console Router VM HTTP (Template Download) Router VM HTTP (Template Copy) Router VM Cloud user HTTP (Swift)
Management Server Layering
Balancing Incoming Requests •  Each management server has two worker thread pools for incoming requests: effectively two servers in one. o  Executor threads provided by tomcat o  Job threads waiting on job queue •  All incoming requests that requires mostly DB operations are short in duration and are executed by executor threads because incoming requests are already load balanced by the load balancer •  All incoming requests needing resources, which often have long running durations, are checked against ACL by the executor threads and then queued and picked up by job threads. •  # of job threads are scaled to the # of DB connections available to the management server •  Requests may take a long time depending on the constraint of the resources but they don’t fail.
Inside a Management Server CloudStack API API Servlet Plugins Commands cmd.execute() Plugins Plugins Async Job Queue Services Agent API Kernel (Cmds) Mgr API Responses Mess age Resources Bus Local Or Remote Agent Manager Hypervisor Network Native Device APIs API MySQL
CloudStack API Sync/Async commands •  Package and Location cloudstack-oss/api/src/com/cloud/api/… •  BaseCmd (base class) All commands descend from the BaseCmd base class
CloudStack API Configuration Commands are configured in cloudstack-oss/client/command.properties.in Format: <command name>=<java classname>;<ACL> *note* ACL is calculated as a bitmap with the following, 1 = ADMIN, 2 = RESOURCE_DOMAIN_ADMIN, 4 = DOMAIN_ADMIN, 8 = USER Example: ### snapshot commands! createSnapshot=com.cloud.api.commands.CreateSnapshotCmd;15! listSnapshots=com.cloud.api.commands.ListSnapshotsCmd;15! deleteSnapshot=com.cloud.api.commands.DeleteSnapshotCmd;15! createSnapshotPolicy=com.cloud.api.commands.CreateSnapshotPoli cyCmd;15! deleteSnapshotPolicies=com.cloud.api.commands.DeleteSnapshotPo liciesCmd;15! listSnapshotPolicies=com.cloud.api.commands.ListSnapshotPolici esCmd;15!
CloudStack API: adding API Adding a new command Determine type of command Synchronous Synchronous List Based Asynchronous Asynchronous Create based Create your command Define request parameters Implement the execute() method Implement an appropriate ResponseObject Add new command to command.properties.in
Management Layer •  Management layer is collection of Managers o  Managers are responsible for directing a specific area of the cloud §  Storage Manager •  Manages primary storage server (allocation, life-cycle, attach, detach, user volumes, life-cycle of the primary storage server itself) §  Network Manager •  Manages network configurations, IP Allocations, Port Forwarding, Load Balancers etc. §  User Vm Manager •  Manages life-cycle of VMs created in the cloud §  And many more!!! •  Managers coordinate with each other to achieve a task
Management Layer: Adapters •  Modularization and customization within the CloudStack management server is achieved through the use of the Adapter framework. •  Each Adapter is uniquely identified by the interface it exposes and represents the boundary between CloudStack and the individual component and/or processes that can be configured into the system •  Adapters provide extensibility and in many cases device specific implementation details while maintaining a simple and consistent interface.
Management Layer: Adapters •  Adapters are executed as a chain in the order that they are configured •  Defined in cloudstack-oss/client/tomcatconf/components.xml.in <adapters key="com.cloud.network.guru.NetworkGuru”> <adapter name="StorageNetworkGuru” class="com.cloud.network.guru.StorageNetworkGuru"/> <adapter name="ExternalGuestNetworkGuru" class="com.cloud.network.guru.ExternalGuestNetworkGuru"/> <adapter name="PublicNetworkGuru" class="com.cloud.network.guru.PublicNetworkGuru"/> <adapter name="PodBasedNetworkGuru" class="com.cloud.network.guru.PodBasedNetworkGuru"/> <adapter name="ControlNetworkGuru" class="com.cloud.network.guru.ControlNetworkGuru"/> <adapter name="DirectNetworkGuru" class="com.cloud.network.guru.DirectNetworkGuru"/> <adapter name="DirectPodBasedNetworkGuru" class="com.cloud.network.guru.DirectPodBasedNetworkGuru"/> <adapter name="OvsGuestNetworkGuru" class="com.cloud.network.guru.OvsGuestNetworkGuru"/> </adapters>
Adapter Interfaces Available •  Discoverer •  VirtualMachineGuru •  StoragePoolDiscoverer •  HypervisorGuru •  StoragePoolAllocator •  Listener •  ConsoleProxyAllocator •  UserAuthenticator •  Investigator •  SecurityChecker •  FenceBuilder •  DeploymentPlanner •  NetworkGuru •  NetworkElement •  And more…
Adapters: VM orchestration •  Deployment Planner o  First Fit planner •  Host Allocator o  First Fit o  Random •  Storage Allocator o  First Fit o  Random
Adapters: Network Orchestration •  Network Guru (Responsible for L2-L3) o  Design o  Implement o  Allocate o  Release o  Shutdown e.g. guest network guru, OVS network guru etc •  Network Element (Responsible for L4-L7) o  Implement o  Shutdown e.g. F5, SRX, NetScaler, Virtual Router
Extending CloudStack Networking 2. prepare (Network, Nic, DeployDestination, VmInfo) 1. prepare (part of start vm) Network PluggableServi Network Element ce Manager Device Configuration MyDnsDeviceS Admin API (CRUD) DnsService ervice 3. addDnsRecord(ip, fqdn) Demonstrates one way to MyDnsDeviceM MySQL MyDnsElement inform an external DNS anager server when an instance starts. AgentMana 4.Enqueue AddDnsRecord ger Queue Classes shaded blue form a plugin / service bundle to integrate an external MyDnsDeviceR DNS server. Clients of the esource instance can then use DNS names to access the 5.API call to Dns Device instance.
Sequence Flow for VM Creation Deployme Server Job Services User VM VirtualMac Network Storage Network Network Templat nt Resource Threads API Mgr hine Mgr Mgr Mgr Guru Element e Mgr Planner s Start VM Start User VM Start VM Get a Deployment Plan (Host and StoragePool) Prepare Nics Reserve resources for Nic Notify that Nic is about to be started in network Agent Calls Prepare Volumes Prepare template on Primary Storage Agent Calls Agent Start VM Call Stores job result
Management Layer: Adapters flow
Server Resources Agent •  Resources are carried in service VMs to be in close Hypervisor Resources network proximity to the physical resources it manages Resource API Network Resources •  Easily scales to utilize the most abundant resource in data Storage Resources center (CPU & RAM) Image & Template •  Communicates with Resources Orchestration Server over message bus (JSON) Snapshot Resources •  Can be replicated for fault tolerance •  Control gateway to resources within data center
Resource Layer
Working toward 4.1 release •  4.1 is next major release o  Moving away from monolithic architecture to loosely coupled subsystems o  Spring for IOC container and AOP o  Storage subsystem refactoring o  Network subsystem refactoring o  New orchestration engine o  Regions support
Session 3 Developing with DevCloud
DevCloud • CloudStack requires o  Hypervisor o  Network o  Storage
DevCloud • self-contained CloudStack runs in the appliance
DevCloud • Several use cases o  Try CloudStack in an isolated sandbox. Runs within the appliance o  Develop CloudStack on own machine, build locally and deploy new version in DevCloud (Build and test) o  Develop and Run locally, use DevCloud as Xen hosts
Thanks

Recommandé

Apache CloudStack Architecture by Alex Huang
Apache CloudStack Architecture by Alex HuangApache CloudStack Architecture by Alex Huang
Apache CloudStack Architecture by Alex Huangbuildacloud
 
CloudStack Architecture
CloudStack ArchitectureCloudStack Architecture
CloudStack ArchitectureCloudStack - Open Source Cloud Computing Project
 
CloudStack technical overview
CloudStack technical overviewCloudStack technical overview
CloudStack technical overviewCloudStack - Open Source Cloud Computing Project
 
Apache CloudStack from API to UI
Apache CloudStack from API to UIApache CloudStack from API to UI
Apache CloudStack from API to UICloudStack - Open Source Cloud Computing Project
 
CloudStack Overview
CloudStack OverviewCloudStack Overview
CloudStack Overviewsedukull
 
2 architectural at CloudStack Developer Day
2 architectural at CloudStack Developer Day2 architectural at CloudStack Developer Day
2 architectural at CloudStack Developer DayKimihiko Kitase
 
CloudStack Hyderabad Meetup: Using CloudStack to build IaaS clouds
CloudStack Hyderabad Meetup: Using CloudStack to build IaaS cloudsCloudStack Hyderabad Meetup: Using CloudStack to build IaaS clouds
CloudStack Hyderabad Meetup: Using CloudStack to build IaaS cloudsCloudStack - Open Source Cloud Computing Project
 
Introduction to CloudStack
Introduction to CloudStack Introduction to CloudStack
Introduction to CloudStack CloudStack - Open Source Cloud Computing Project
 

Recommandé

Apache CloudStack Architecture by Alex Huang
Apache CloudStack Architecture by Alex HuangApache CloudStack Architecture by Alex Huang
Apache CloudStack Architecture by Alex Huangbuildacloud
 
CloudStack Architecture
CloudStack ArchitectureCloudStack Architecture
CloudStack ArchitectureCloudStack - Open Source Cloud Computing Project
 
CloudStack technical overview
CloudStack technical overviewCloudStack technical overview
CloudStack technical overviewCloudStack - Open Source Cloud Computing Project
 
Apache CloudStack from API to UI
Apache CloudStack from API to UIApache CloudStack from API to UI
Apache CloudStack from API to UICloudStack - Open Source Cloud Computing Project
 
CloudStack Overview
CloudStack OverviewCloudStack Overview
CloudStack Overviewsedukull
 
2 architectural at CloudStack Developer Day
2 architectural at CloudStack Developer Day2 architectural at CloudStack Developer Day
2 architectural at CloudStack Developer DayKimihiko Kitase
 
CloudStack Hyderabad Meetup: Using CloudStack to build IaaS clouds
CloudStack Hyderabad Meetup: Using CloudStack to build IaaS cloudsCloudStack Hyderabad Meetup: Using CloudStack to build IaaS clouds
CloudStack Hyderabad Meetup: Using CloudStack to build IaaS cloudsCloudStack - Open Source Cloud Computing Project
 
Introduction to CloudStack
Introduction to CloudStack Introduction to CloudStack
Introduction to CloudStack CloudStack - Open Source Cloud Computing Project
 
CloudStack-Developer-Day
CloudStack-Developer-DayCloudStack-Developer-Day
CloudStack-Developer-DayKimihiko Kitase
 
Deploying Apache CloudStack from API to UI
Deploying Apache CloudStack from API to UIDeploying Apache CloudStack from API to UI
Deploying Apache CloudStack from API to UIJoe Brockmeier
 
Virtualization in the Cloud @ Build a Cloud Day SFO May 2012
Virtualization in the Cloud @ Build a Cloud Day SFO May 2012Virtualization in the Cloud @ Build a Cloud Day SFO May 2012
Virtualization in the Cloud @ Build a Cloud Day SFO May 2012The Linux Foundation
 
Introduction to CloudStack: How to Deploy and Manage Infrastructure-as-a-Serv...
Introduction to CloudStack: How to Deploy and Manage Infrastructure-as-a-Serv...Introduction to CloudStack: How to Deploy and Manage Infrastructure-as-a-Serv...
Introduction to CloudStack: How to Deploy and Manage Infrastructure-as-a-Serv...CloudStack - Open Source Cloud Computing Project
 
2012 CloudStack Design Camp in Taiwan--- CloudStack Overview-1
2012 CloudStack Design Camp in Taiwan--- CloudStack Overview-12012 CloudStack Design Camp in Taiwan--- CloudStack Overview-1
2012 CloudStack Design Camp in Taiwan--- CloudStack Overview-1tcloudcomputing-tw
 
Scalable networking in Apache CloudStack
Scalable networking in Apache CloudStackScalable networking in Apache CloudStack
Scalable networking in Apache CloudStackChiradeep Vittal
 
CloudStack Architecture Future
CloudStack Architecture FutureCloudStack Architecture Future
CloudStack Architecture FutureKimihiko Kitase
 
CloudStack Networking
CloudStack NetworkingCloudStack Networking
CloudStack NetworkingCloudStack - Open Source Cloud Computing Project
 
Decisions behind hypervisor selection in CloudStack 4.3
Decisions behind hypervisor selection in CloudStack 4.3Decisions behind hypervisor selection in CloudStack 4.3
Decisions behind hypervisor selection in CloudStack 4.3Tim Mackey
 
Automating CloudStack and hypervisor installation and configuration
Automating CloudStack and hypervisor installation and configurationAutomating CloudStack and hypervisor installation and configuration
Automating CloudStack and hypervisor installation and configurationDag Sonstebo
 
Intro to CloudStack Build a Cloud Day
Intro to CloudStack Build a Cloud DayIntro to CloudStack Build a Cloud Day
Intro to CloudStack Build a Cloud DaySebastien Goasguen
 
CloudStack Networking at CloudOpen Japan
CloudStack Networking at CloudOpen JapanCloudStack Networking at CloudOpen Japan
CloudStack Networking at CloudOpen JapanKimihiko Kitase
 
CloudStack 4.1, 4.2 and beyond
CloudStack 4.1, 4.2 and beyondCloudStack 4.1, 4.2 and beyond
CloudStack 4.1, 4.2 and beyondChip Childers
 
Cloud stack for_beginners
Cloud stack for_beginnersCloud stack for_beginners
Cloud stack for_beginnersRadhika Puthiyetath
 
Cloud stack overview
Cloud stack overviewCloud stack overview
Cloud stack overviewgavin_lee
 
Introduction to Apache CloudStack by David Nalley
Introduction to Apache CloudStack by David NalleyIntroduction to Apache CloudStack by David Nalley
Introduction to Apache CloudStack by David Nalleybuildacloud
 
CloudStack DC Meetup - Apache CloudStack Overview and 4.1/4.2 Preview
CloudStack DC Meetup - Apache CloudStack Overview and 4.1/4.2 PreviewCloudStack DC Meetup - Apache CloudStack Overview and 4.1/4.2 Preview
CloudStack DC Meetup - Apache CloudStack Overview and 4.1/4.2 PreviewChip Childers
 
Apache CloudStack AlpesJUG
Apache CloudStack AlpesJUGApache CloudStack AlpesJUG
Apache CloudStack AlpesJUGSebastien Goasguen
 
Cloud stack overview
Cloud stack overviewCloud stack overview
Cloud stack overviewhowie YU
 
DevCloud and CloudMonkey
DevCloud and CloudMonkeyDevCloud and CloudMonkey
DevCloud and CloudMonkeySebastien Goasguen
 
The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)
The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)
The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)Chiradeep Vittal
 
Cloud stack networking shapeblue technical deep dive
Cloud stack networking shapeblue technical deep diveCloud stack networking shapeblue technical deep dive
Cloud stack networking shapeblue technical deep diveShapeBlue
 

Contenu connexe

Tendances

CloudStack-Developer-Day
CloudStack-Developer-DayCloudStack-Developer-Day
CloudStack-Developer-DayKimihiko Kitase
 
Deploying Apache CloudStack from API to UI
Deploying Apache CloudStack from API to UIDeploying Apache CloudStack from API to UI
Deploying Apache CloudStack from API to UIJoe Brockmeier
 
Virtualization in the Cloud @ Build a Cloud Day SFO May 2012
Virtualization in the Cloud @ Build a Cloud Day SFO May 2012Virtualization in the Cloud @ Build a Cloud Day SFO May 2012
Virtualization in the Cloud @ Build a Cloud Day SFO May 2012The Linux Foundation
 
2012 CloudStack Design Camp in Taiwan--- CloudStack Overview-1
2012 CloudStack Design Camp in Taiwan--- CloudStack Overview-12012 CloudStack Design Camp in Taiwan--- CloudStack Overview-1
2012 CloudStack Design Camp in Taiwan--- CloudStack Overview-1tcloudcomputing-tw
 
Scalable networking in Apache CloudStack
Scalable networking in Apache CloudStackScalable networking in Apache CloudStack
Scalable networking in Apache CloudStackChiradeep Vittal
 
CloudStack Architecture Future
CloudStack Architecture FutureCloudStack Architecture Future
CloudStack Architecture FutureKimihiko Kitase
 
Decisions behind hypervisor selection in CloudStack 4.3
Decisions behind hypervisor selection in CloudStack 4.3Decisions behind hypervisor selection in CloudStack 4.3
Decisions behind hypervisor selection in CloudStack 4.3Tim Mackey
 
Automating CloudStack and hypervisor installation and configuration
Automating CloudStack and hypervisor installation and configurationAutomating CloudStack and hypervisor installation and configuration
Automating CloudStack and hypervisor installation and configurationDag Sonstebo
 
Intro to CloudStack Build a Cloud Day
Intro to CloudStack Build a Cloud DayIntro to CloudStack Build a Cloud Day
Intro to CloudStack Build a Cloud DaySebastien Goasguen
 
CloudStack Networking at CloudOpen Japan
CloudStack Networking at CloudOpen JapanCloudStack Networking at CloudOpen Japan
CloudStack Networking at CloudOpen JapanKimihiko Kitase
 
CloudStack 4.1, 4.2 and beyond
CloudStack 4.1, 4.2 and beyondCloudStack 4.1, 4.2 and beyond
CloudStack 4.1, 4.2 and beyondChip Childers
 
Cloud stack overview
Cloud stack overviewCloud stack overview
Cloud stack overviewgavin_lee
 
Introduction to Apache CloudStack by David Nalley
Introduction to Apache CloudStack by David NalleyIntroduction to Apache CloudStack by David Nalley
Introduction to Apache CloudStack by David Nalleybuildacloud
 
CloudStack DC Meetup - Apache CloudStack Overview and 4.1/4.2 Preview
CloudStack DC Meetup - Apache CloudStack Overview and 4.1/4.2 PreviewCloudStack DC Meetup - Apache CloudStack Overview and 4.1/4.2 Preview
CloudStack DC Meetup - Apache CloudStack Overview and 4.1/4.2 PreviewChip Childers
 
Cloud stack overview
Cloud stack overviewCloud stack overview
Cloud stack overviewhowie YU
 

Tendances (20)

CloudStack-Developer-Day
CloudStack-Developer-DayCloudStack-Developer-Day
CloudStack-Developer-Day
 
Deploying Apache CloudStack from API to UI
Deploying Apache CloudStack from API to UIDeploying Apache CloudStack from API to UI
Deploying Apache CloudStack from API to UI
 
Virtualization in the Cloud @ Build a Cloud Day SFO May 2012
Virtualization in the Cloud @ Build a Cloud Day SFO May 2012Virtualization in the Cloud @ Build a Cloud Day SFO May 2012
Virtualization in the Cloud @ Build a Cloud Day SFO May 2012
 
Introduction to CloudStack: How to Deploy and Manage Infrastructure-as-a-Serv...
Introduction to CloudStack: How to Deploy and Manage Infrastructure-as-a-Serv...Introduction to CloudStack: How to Deploy and Manage Infrastructure-as-a-Serv...
Introduction to CloudStack: How to Deploy and Manage Infrastructure-as-a-Serv...
 
2012 CloudStack Design Camp in Taiwan--- CloudStack Overview-1
2012 CloudStack Design Camp in Taiwan--- CloudStack Overview-12012 CloudStack Design Camp in Taiwan--- CloudStack Overview-1
2012 CloudStack Design Camp in Taiwan--- CloudStack Overview-1
 
Scalable networking in Apache CloudStack
Scalable networking in Apache CloudStackScalable networking in Apache CloudStack
Scalable networking in Apache CloudStack
 
CloudStack Architecture Future
CloudStack Architecture FutureCloudStack Architecture Future
CloudStack Architecture Future
 
CloudStack Networking
CloudStack NetworkingCloudStack Networking
CloudStack Networking
 
Decisions behind hypervisor selection in CloudStack 4.3
Decisions behind hypervisor selection in CloudStack 4.3Decisions behind hypervisor selection in CloudStack 4.3
Decisions behind hypervisor selection in CloudStack 4.3
 
Automating CloudStack and hypervisor installation and configuration
Automating CloudStack and hypervisor installation and configurationAutomating CloudStack and hypervisor installation and configuration
Automating CloudStack and hypervisor installation and configuration
 
Intro to CloudStack Build a Cloud Day
Intro to CloudStack Build a Cloud DayIntro to CloudStack Build a Cloud Day
Intro to CloudStack Build a Cloud Day
 
CloudStack Networking at CloudOpen Japan
CloudStack Networking at CloudOpen JapanCloudStack Networking at CloudOpen Japan
CloudStack Networking at CloudOpen Japan
 
CloudStack 4.1, 4.2 and beyond
CloudStack 4.1, 4.2 and beyondCloudStack 4.1, 4.2 and beyond
CloudStack 4.1, 4.2 and beyond
 
Cloud stack for_beginners
Cloud stack for_beginnersCloud stack for_beginners
Cloud stack for_beginners
 
Cloud stack overview
Cloud stack overviewCloud stack overview
Cloud stack overview
 
Introduction to Apache CloudStack by David Nalley
Introduction to Apache CloudStack by David NalleyIntroduction to Apache CloudStack by David Nalley
Introduction to Apache CloudStack by David Nalley
 
CloudStack DC Meetup - Apache CloudStack Overview and 4.1/4.2 Preview
CloudStack DC Meetup - Apache CloudStack Overview and 4.1/4.2 PreviewCloudStack DC Meetup - Apache CloudStack Overview and 4.1/4.2 Preview
CloudStack DC Meetup - Apache CloudStack Overview and 4.1/4.2 Preview
 
Apache CloudStack AlpesJUG
Apache CloudStack AlpesJUGApache CloudStack AlpesJUG
Apache CloudStack AlpesJUG
 
Cloud stack overview
Cloud stack overviewCloud stack overview
Cloud stack overview
 
DevCloud and CloudMonkey
DevCloud and CloudMonkeyDevCloud and CloudMonkey
DevCloud and CloudMonkey
 

En vedette

The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)
The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)
The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)Chiradeep Vittal
 
Cloud stack networking shapeblue technical deep dive
Cloud stack networking shapeblue technical deep diveCloud stack networking shapeblue technical deep dive
Cloud stack networking shapeblue technical deep diveShapeBlue
 
CloudStack hands-on workshop @ DevOpsDays Amsterdam 2015
CloudStack hands-on workshop @ DevOpsDays Amsterdam 2015CloudStack hands-on workshop @ DevOpsDays Amsterdam 2015
CloudStack hands-on workshop @ DevOpsDays Amsterdam 2015Remi Bergsma
 
The Mission Critical Cloud
The Mission Critical CloudThe Mission Critical Cloud
The Mission Critical CloudRemi Bergsma
 
The Mission Critical Cloud @ Apache CloudStack meetup Amsterdam June 2015
The Mission Critical Cloud @ Apache CloudStack meetup Amsterdam June 2015The Mission Critical Cloud @ Apache CloudStack meetup Amsterdam June 2015
The Mission Critical Cloud @ Apache CloudStack meetup Amsterdam June 2015Remi Bergsma
 
Containers and CloudStack
Containers and CloudStackContainers and CloudStack
Containers and CloudStackShapeBlue
 
JClouds at San Francisco Java User Group
JClouds at San Francisco Java User GroupJClouds at San Francisco Java User Group
JClouds at San Francisco Java User GroupMarakana Inc.
 
XenServer Virtualization In Cloud Environments
XenServer Virtualization In Cloud EnvironmentsXenServer Virtualization In Cloud Environments
XenServer Virtualization In Cloud EnvironmentsTim Mackey
 
Operating CloudStack: Sharing My Tool Box @ApacheCon NA'15
Operating CloudStack: Sharing My Tool Box @ApacheCon NA'15Operating CloudStack: Sharing My Tool Box @ApacheCon NA'15
Operating CloudStack: Sharing My Tool Box @ApacheCon NA'15Remi Bergsma
 
Caching and tuning fun for high scalability
Caching and tuning fun for high scalabilityCaching and tuning fun for high scalability
Caching and tuning fun for high scalabilityWim Godden
 
Red Hat Gluster Storage - Direction, Roadmap and Use-Cases
Red Hat Gluster Storage - Direction, Roadmap and Use-CasesRed Hat Gluster Storage - Direction, Roadmap and Use-Cases
Red Hat Gluster Storage - Direction, Roadmap and Use-CasesRed_Hat_Storage
 
Red Hat Enterprise Linux: Open, hyperconverged infrastructure
Red Hat Enterprise Linux: Open, hyperconverged infrastructureRed Hat Enterprise Linux: Open, hyperconverged infrastructure
Red Hat Enterprise Linux: Open, hyperconverged infrastructureRed_Hat_Storage
 
DevOpsDays Amsterdam Cosmic workshop
DevOpsDays Amsterdam Cosmic workshopDevOpsDays Amsterdam Cosmic workshop
DevOpsDays Amsterdam Cosmic workshopRemi Bergsma
 
Operating CloudStack: the easy way (automation!)
Operating CloudStack: the easy way (automation!)Operating CloudStack: the easy way (automation!)
Operating CloudStack: the easy way (automation!)Remi Bergsma
 

En vedette (14)

The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)
The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)
The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)
 
Cloud stack networking shapeblue technical deep dive
Cloud stack networking shapeblue technical deep diveCloud stack networking shapeblue technical deep dive
Cloud stack networking shapeblue technical deep dive
 
CloudStack hands-on workshop @ DevOpsDays Amsterdam 2015
CloudStack hands-on workshop @ DevOpsDays Amsterdam 2015CloudStack hands-on workshop @ DevOpsDays Amsterdam 2015
CloudStack hands-on workshop @ DevOpsDays Amsterdam 2015
 
The Mission Critical Cloud
The Mission Critical CloudThe Mission Critical Cloud
The Mission Critical Cloud
 
The Mission Critical Cloud @ Apache CloudStack meetup Amsterdam June 2015
The Mission Critical Cloud @ Apache CloudStack meetup Amsterdam June 2015The Mission Critical Cloud @ Apache CloudStack meetup Amsterdam June 2015
The Mission Critical Cloud @ Apache CloudStack meetup Amsterdam June 2015
 
Containers and CloudStack
Containers and CloudStackContainers and CloudStack
Containers and CloudStack
 
JClouds at San Francisco Java User Group
JClouds at San Francisco Java User GroupJClouds at San Francisco Java User Group
JClouds at San Francisco Java User Group
 
XenServer Virtualization In Cloud Environments
XenServer Virtualization In Cloud EnvironmentsXenServer Virtualization In Cloud Environments
XenServer Virtualization In Cloud Environments
 
Operating CloudStack: Sharing My Tool Box @ApacheCon NA'15
Operating CloudStack: Sharing My Tool Box @ApacheCon NA'15Operating CloudStack: Sharing My Tool Box @ApacheCon NA'15
Operating CloudStack: Sharing My Tool Box @ApacheCon NA'15
 
Caching and tuning fun for high scalability
Caching and tuning fun for high scalabilityCaching and tuning fun for high scalability
Caching and tuning fun for high scalability
 
Red Hat Gluster Storage - Direction, Roadmap and Use-Cases
Red Hat Gluster Storage - Direction, Roadmap and Use-CasesRed Hat Gluster Storage - Direction, Roadmap and Use-Cases
Red Hat Gluster Storage - Direction, Roadmap and Use-Cases
 
Red Hat Enterprise Linux: Open, hyperconverged infrastructure
Red Hat Enterprise Linux: Open, hyperconverged infrastructureRed Hat Enterprise Linux: Open, hyperconverged infrastructure
Red Hat Enterprise Linux: Open, hyperconverged infrastructure
 
DevOpsDays Amsterdam Cosmic workshop
DevOpsDays Amsterdam Cosmic workshopDevOpsDays Amsterdam Cosmic workshop
DevOpsDays Amsterdam Cosmic workshop
 
Operating CloudStack: the easy way (automation!)
Operating CloudStack: the easy way (automation!)Operating CloudStack: the easy way (automation!)
Operating CloudStack: the easy way (automation!)
 

Similaire à Hacking apache cloud stack

What is cloud computing
What is cloud computingWhat is cloud computing
What is cloud computingBrian Bullard
 
Apache CloudStack: API to UI (STLLUG)
Apache CloudStack: API to UI (STLLUG)Apache CloudStack: API to UI (STLLUG)
Apache CloudStack: API to UI (STLLUG)Joe Brockmeier
 
CloudStack Best Practice in PPTV
CloudStack Best Practice in PPTVCloudStack Best Practice in PPTV
CloudStack Best Practice in PPTVgavin_lee
 
1 Introduction at CloudStack Developer Day
1 Introduction at CloudStack Developer Day 1 Introduction at CloudStack Developer Day
1 Introduction at CloudStack Developer Day Kimihiko Kitase
 
Hacking apache cloud stack
Hacking apache cloud stackHacking apache cloud stack
Hacking apache cloud stackNitin Mehta
 
CloudStack - LinuxFest NorthWest
CloudStack - LinuxFest NorthWestCloudStack - LinuxFest NorthWest
CloudStack - LinuxFest NorthWestke4qqq
 
Getting Started with Apache CloudStack
Getting Started with Apache CloudStackGetting Started with Apache CloudStack
Getting Started with Apache CloudStackJoe Brockmeier
 
Integrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing InfrastructureIntegrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing InfrastructureHui Cheng
 
Integrating OpenStack to Existing infrastructure
Integrating OpenStack to Existing infrastructureIntegrating OpenStack to Existing infrastructure
Integrating OpenStack to Existing infrastructurelaurabeckcahoon
 
CloudStack Architecture and Refactor
CloudStack Architecture and RefactorCloudStack Architecture and Refactor
CloudStack Architecture and Refactorgavin_lee
 
6 Roadmap Cloudstack Developer Day
6 Roadmap Cloudstack Developer Day6 Roadmap Cloudstack Developer Day
6 Roadmap Cloudstack Developer DayKimihiko Kitase
 
OSDC 2012 - OpenNebula: Open-source Solution for Data Center Virtualization
OSDC 2012 - OpenNebula: Open-source Solution for Data Center VirtualizationOSDC 2012 - OpenNebula: Open-source Solution for Data Center Virtualization
OSDC 2012 - OpenNebula: Open-source Solution for Data Center VirtualizationOpenNebula Project
 
Cloudstack for beginners
Cloudstack for beginnersCloudstack for beginners
Cloudstack for beginnersJoseph Amirani
 
Taking the open cloud to 11
Taking the open cloud to 11Taking the open cloud to 11
Taking the open cloud to 11Joe Brockmeier
 
Architecting a Private Cloud - Cloud Expo
Architecting a Private Cloud - Cloud ExpoArchitecting a Private Cloud - Cloud Expo
Architecting a Private Cloud - Cloud Exposmw355
 
Architectures with Windows Azure
Architectures with Windows AzureArchitectures with Windows Azure
Architectures with Windows AzureDamir Dobric
 
OpenStack Boston User Group, OpenStack overview
OpenStack Boston User Group, OpenStack overviewOpenStack Boston User Group, OpenStack overview
OpenStack Boston User Group, OpenStack overviewOpen Stack
 

Similaire à Hacking apache cloud stack (20)

What is cloud computing
What is cloud computingWhat is cloud computing
What is cloud computing
 
Apache CloudStack: API to UI (STLLUG)
Apache CloudStack: API to UI (STLLUG)Apache CloudStack: API to UI (STLLUG)
Apache CloudStack: API to UI (STLLUG)
 
CloudStack Best Practice in PPTV
CloudStack Best Practice in PPTVCloudStack Best Practice in PPTV
CloudStack Best Practice in PPTV
 
CloudStack and SDN
CloudStack and SDNCloudStack and SDN
CloudStack and SDN
 
1 Introduction at CloudStack Developer Day
1 Introduction at CloudStack Developer Day 1 Introduction at CloudStack Developer Day
1 Introduction at CloudStack Developer Day
 
Txlf2012
Txlf2012Txlf2012
Txlf2012
 
Hacking apache cloud stack
Hacking apache cloud stackHacking apache cloud stack
Hacking apache cloud stack
 
CloudStack - LinuxFest NorthWest
CloudStack - LinuxFest NorthWestCloudStack - LinuxFest NorthWest
CloudStack - LinuxFest NorthWest
 
Getting Started with Apache CloudStack
Getting Started with Apache CloudStackGetting Started with Apache CloudStack
Getting Started with Apache CloudStack
 
Integrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing InfrastructureIntegrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing Infrastructure
 
Xen and Apache cloudstack
Xen and Apache cloudstack Xen and Apache cloudstack
Xen and Apache cloudstack
 
Integrating OpenStack to Existing infrastructure
Integrating OpenStack to Existing infrastructureIntegrating OpenStack to Existing infrastructure
Integrating OpenStack to Existing infrastructure
 
CloudStack Architecture and Refactor
CloudStack Architecture and RefactorCloudStack Architecture and Refactor
CloudStack Architecture and Refactor
 
6 Roadmap Cloudstack Developer Day
6 Roadmap Cloudstack Developer Day6 Roadmap Cloudstack Developer Day
6 Roadmap Cloudstack Developer Day
 
OSDC 2012 - OpenNebula: Open-source Solution for Data Center Virtualization
OSDC 2012 - OpenNebula: Open-source Solution for Data Center VirtualizationOSDC 2012 - OpenNebula: Open-source Solution for Data Center Virtualization
OSDC 2012 - OpenNebula: Open-source Solution for Data Center Virtualization
 
Cloudstack for beginners
Cloudstack for beginnersCloudstack for beginners
Cloudstack for beginners
 
Taking the open cloud to 11
Taking the open cloud to 11Taking the open cloud to 11
Taking the open cloud to 11
 
Architecting a Private Cloud - Cloud Expo
Architecting a Private Cloud - Cloud ExpoArchitecting a Private Cloud - Cloud Expo
Architecting a Private Cloud - Cloud Expo
 
Architectures with Windows Azure
Architectures with Windows AzureArchitectures with Windows Azure
Architectures with Windows Azure
 
OpenStack Boston User Group, OpenStack overview
OpenStack Boston User Group, OpenStack overviewOpenStack Boston User Group, OpenStack overview
OpenStack Boston User Group, OpenStack overview
 

Hacking apache cloud stack

  • 1. Hacking on Apache (Incubating) CloudStack
  • 2. Tutorial Outline •  Session 1: Introduction to CloudStack Murali Reddy: Committer Apache CloudStack •  Session 2: Architecture of CloudStack Murali Reddy: Committer Apache CloudStack •  Session 3: Hands on with DevCloud Kishan Kavala: Committer Apache CloudStack Rajesh Battala: Contributor Apache CloudStack
  • 4. Cloud Computing Virtualization is not Cloud computing Server Virtualization++ Cloud Built for traditional enterprise Designed around big data, apps & client-server compute massive scale & next-gen apps •  Enterprise arch for 100s of hosts •  Cloud arch for 1000s of hosts •  Scale-up (pool-based resourcing) •  Scale-out (horizontal resourcing) •  IT management-centric •  Autonomic management •  1 administrator for Dozens of servers •  1 administrator for 1,000’s of servers •  Apps assume reliability •  Apps assume failure •  Proprietary vendor stack •  Open, value-added stack
  • 5. Cloud Computing (contd..) •  Tenets of Cloud o  Shared infrastructure and Multi-tenancy o  Self Service o  Elasticity o  Built for massive Scale o  Service agility o  Pay-as-you-go o  APIs and Extreme Automation •  IAAS/PAAS/SAAS •  Public/Private/Hybrid clouds
  • 6. What is Apache CloudStack •  Turnkey orchestration platform for delivering IAAS clouds o  Secure, multi-tenant o  Self-service o  Service agility and elasticity o  Built for large scale o  Pay-as-you-go •  Deploys on premise (private) or as a hosted (public) cloud •  Can be used for hybrid clouds •  built in java, provides native REST API’s and EC2 API •  Has python, Ruby clients and CLI as well
  • 7. A  bit  of  History   •  Original  company  Cloud.com  (2008)   •  Open  source  (GPLv3)  as  CloudStack  (2010)   •  Acquired  by  Citrix  (July  2011)   •  Relicensed  under  ASL  v2  April  3,  2012   •  Accepted  as  Apache  IncubaKng  Project  April  16,   2012   •  First  Apache  (ACS  4.0)  released   •  Many  non-­‐Citrix  contributors,  commiRers,  PPMC   members  
  • 8. Who is contributing •  Sungard: Unit test cases •  Carnigo: Object store plug-in •  Ceph/Rbd support by Wido •  CLVM/KVM by Marcus •  Nicira NVP: Schuberg Philis •  Basho: Object Store •  Brocade ADX ADC support •  Midokura midonet SDN controller integration
  • 9. How to contribute •  Its not just about code! As community member you can engage in o Discussions: Design, Use Case, deployment issues o Bug reporting, feature requests o Code reviews o Build, tools, infrastructure o Helping out on the IRC o Documentation o Submit bug fixes, features
  • 10. How to contribute (contd..) •  Git repo, bug tracker, wiki are on ASF infra •  Project website o  http://incubator.apache.org/cloudstack/ o  http://www.cloudstack.org •  IRC o  #cloudstack on irc.freenode.net o  Wednesday - 10:30 PM IST, 5:00 UTC •  Mailing lists (cloudstack.org/discuss/mailing- lists.html) o  cloudstack-dev-subscribe@incubator.apache.org o  cloudstack-users-subscribe@incubator.apache.org •  http://www.slideshare.net/cloudstack
  • 11. On-demand infrastructure as a service Org A Org B Admin Admin Users Users Cloud Admin End User Provision Consume resources resources UI Cli EC2 CloudStack managed cloud REST API Compute Network Storage CloudStack Management Server manage resources
  • 12. Core CloudStack Components VM •  Hosts •  Servers onto which services will be provisioned Host VM Network •  Primary Storage Host •  VM storage •  Cluster Primary •  A grouping of hosts and their associated storage Storage •  Pod •  Collection of clusters Cluster •  Network Secondary Storage Cluster •  Logical network associated with service offerings •  Secondary Storage •  Template, snapshot and ISO storage CloudStack Pod •  Zone •  Collection of pods, network offerings and secondary CloudStack Pod storage •  Management Server Farm Zone •  Responsible for all management and provisioning tasks
  • 13. CloudStack Deployment Architecture CloudStack Management Internet Ø  Hypervisor is the basic unit Server of scale. Zone 1 Ø  Cluster consists of one ore more hosts of same L3 core hypervisor Ø  All hosts in cluster have Pod 1 Access Layer Pod N access to shared (primary) Secondary storage …. Storage Cluster N Ø  Pod is one or more clusters, usually with L2 switches. …. Ø  Availability Zone has one or more pods, has access to Cluster 1 secondary storage. Host 1 Ø  One or more zones Primary represent cloud Storage Host 2
  • 14. CloudStack Managing Multiple Zones Data Center 1 Data Center 2 Ø  Single Management Server can Data Center 2 Management Data Center 3 manage multiple zones Server Zone Zone Ø  Zones can be geographically 2 distributed but low latency links 2 Zone Zone are expected for better Zone1 Zone 3 performance 4 3 Ø  Single MS node can manage up to 5K hosts. Data Center 2 Ø  Multiple MS nodes can be Data Center 2 deployed as cluster for scale or Data Center 2 redundancy Zone Zone 2ZoneZone 2 2 Zone 3 Zone 3 3
  • 18. Create Virtual Machines via Offerings Select Operating System •  Windows, Linux Select Compute Offering •  CPU & RAM Select Disk Offering •  Volume Size Select Network Offering •  Network & Services Create VM
  • 19. Virtual Machine Management Users Change VM Operations Console Access VM Status Service Offering Start •  CPU Utilized 2 CPUs 4 CPUs Stop 1 GB 4 GB •  Network Read RAM RAM Restart •  Network Writes 20 GB 200 GB Destroy 20 100 Mbps Mbps
  • 20. Volume & Snapshot Management VM 1 Add / Delete Volumes Volume Create Templates Volume Template from Volumes Hourly Weekly Schedule Now Snapshots Daily Monthly …. View Snapshot History
  • 21. A  Very  Flexible  IaaS  Pla5orm   Compute Hypervisor XenServer VMware Oracle VM KVM Bare metal Storage Block & Object Fiber Local Disk iSCSI NFS Swift Ceph Riak Channel Primary  Storage   Secondary  Storage   Network Network & Network Services Load Network Type Isolation Firewall VPN balancer
  • 22. CloudStack Storage Primary Storage •  Configured at Cluster-level. Close to hosts for better performance •  Stores all disk volumes for VMs in a cluster L3 switch •  Cluster can have one or more primary storages L2 switch Pod 1 •  Local disk, iSCSI, FC or NFS Cluster 1 Secondary Storage Secondary Storage Host 1 Local •  Configured at Zone-level storage Primary Storage •  Stores all Templates, ISOs and Snapshots Host 2 •  Zone can have one or more secondary storages •  NFS, OpenStack Swift Availability zone Local Storage •  Storage available on hypervisor hist
  • 23. Role of Storage and Templates •  Primary Storage •  Cluster level storage for VMs Host •  Connected directly to hosts •  NFS, iSCSI, FC and Local Host •  Secondary Storage Primary Storage •  Zone level storage for template, ISOs and Cluster snapshots •  NFS or OpenStack Swift via CloudStack Pod System VM •  Templates and ISOs •  Imported into CloudStack •  Can be private or public Secondary Storage Zone Template
  • 24. Provisioning Process 1.  User Requests Instance VM 2.  Provision Optional Network Host Services Host 3.  Copy instance template from Primary Storage secondary storage to primary Cluster storage on appropriate cluster Pod 4.  Create any requested data volumes on primary storage for the Template cluster 5.  Create instance Secondary Storage 6.  Start instance Zone
  • 25. Object Store CloudStack Mgmt •  Object store used to store Server templates and snapshots •  VM’s can be distributed across the availability zones •  For DR create instances Availability Zone Availability Zone Availability Zone in different zones Object Storage
  • 26. Multi-tenancy & Account Management Resources Domain VMs, IPs, Snapshots… Domain is a unit of isolation Org A that represents a customer Admin org, business unit or a reseller Domain Reseller A Domain can have arbitrary Admin Sub-Domain Resources levels of sub-domains VMs, IPs, Snapshots… Org C A Domain can have one or Admin more accounts Account Group A An Account represents one or more users and is the Account basic unit of isolation Group B Admin can limit resources at User 1 the Account or Domain levels User 2
  • 27. User Dashboard: Consumed Resources •  Running, Stopped & Total VMs •  Public IPs •  Private networks •  Latest Events
  • 28. Admin Dashboard: Consumed Resources •  Provides zone wide resource consumption •  Also provides latest alerts and events
  • 29. Edge services with System VMs •  System VMs optimize and scale the datapath on behalf of CloudStack o  Stateless, can be destroyed and recreated from database state o  Highly Available o  Communicates with Management Server over management network o  Usually have 3 interfaces: control, guest and public •  Console Proxy VM o  Provides AJAX-style HTTP-only console viewer o  Grabs VNC output from hypervisor o  Scales out (more spawned) as load increases o  Java-based server Communicates with MS over message bus •  Secondary Storage VM o  Provides image (template) management services o  Download from HTTP file share or Swift o  Copy between zones o  Scale out to handle multiple NFS mounts o  Java-based server communicates with MS over message bus
  • 30. Edge services with System VMs (contd.) •  Virtual Router VM o  Provides multiple network services o  IPAM (DHCP), DNS, NAT, Source NAT, Firewall, PF, VPN o  User-data, Meta-data, SSH keys and password change server o  Redundancy via VRRP o  MS configures VR over SSH §  Proxied via the hypervisor on XS and KVM
  • 31. Network & Network Services •  Create Networks and attach VMs •  Acquire public IP address for NAT & load balancing •  Control traffic to VM using ingress and egress firewall rules •  Set up rules to load balance traffic between VMs
  • 32. Networking feature overview •  Orchestration of L2 – L7 network services o  IPAM, DNS, Gateway, Firewall, NAT, LB, VPN, etc •  Mix-and-match services and providers •  Out-of-the-box integration with automated deployment of virtual routers o  Highly available network services using CloudStack HA and VRRP •  Orchestrate external providers such as hardware firewalls and load balancers o  Devices can provide multiple services o  Admin API to configure external devices o  Plugin-based extensions for network behavior and admin API extensions •  Multiple multi-tenancy [network isolation] options •  Integrated traffic accounting •  Access control •  Software Defined Networking (Nicira NVP)
  • 33. L2 Features •  Choice of network isolation o  Physical, VLAN, L3 (anti-spoof), Overlay[GRE] o  Physical isolation through network labels [limited to # of nics or bonds] •  Multi-nic o  Deploy instance in multiple networks o  Control default route •  Access control o  Shared networks, project networks •  QoS [max rate] •  Traffic monitoring •  Hot-plug / detach of nics
  • 34. L3 Features •  IPAM [DHCP], Public IP address management o  VR acts as DHCP server o  Can request multiple public IPs per tenant •  Gateway (default gateway) o  Redundant VR (using VRRP) o  Inter-subnet routing o  Static routing control •  Remote Access VPN o  L2TP over IPSec using PSK o  Virtual Router only •  Firewall based on source cidr •  Static NAT [1:1] o  Including “Elastic IP” in Basic Zone •  Source NAT o  Per-network, or interface NAT •  Public Traffic usage o  Monitoring on the Virtual Router / External network device o  Integration with sFlow collectors •  Site-to-Site VPN o  IPSec VPN based on VR •  L3 ACLs
  • 35. L4 Features •  Security groups for L3-isolation o  “Basic Zone” in docs o  Default AWS-style networking o  Scales much better than VLANs •  Stateful firewall for TCP, UDP and ICMP •  Port forwarding [“Advanced Zone”] o  Conserve public Ips
  • 36. L7 features •  Loadbalancer o  VR has HAProxy built in o  External Loadbalancer support §  Netscaler (MPX/SDX/VPX) §  F5 BigIP §  Can dedicate an LB appliance to an account or share it among tenants o  Loadbalancer supported with L3-isolation as well o  Stickiness support o  SSL support [future] o  Health Checks [future] •  User-data & meta-data o  Fetched from virtual router •  Password change server
  • 37. CloudStack Terminology •  Guest network o  The tenant network to which instances are attached •  Storage network o  The physical network which connects the hypervisor to primary storage •  Management network o  Control Plane traffic between CloudStack management server and hypervisor clusters •  Public network o  “Outside” the cloud [usually Internet] o  Shared public VLANs trunked down to all hypervisors •  All traffic can be multiplexed on to the same underlying physical network using VLANs o  Usually Management network is untagged o  Storage network usually on separate nic (or bond) •  Admin informs CloudStack how to map these network types to the underlying physical network o  Configure traffic labels on the hypervisor o  Configure traffic labels on Admin UI
  • 38. CloudStack Network Service Providers •  A Network Service Provider is hardware or virtual appliance that makes a network service possible in CloudStack ; for example, a Citrix NetScaler appliance can be installed in the cloud to provide Load-Balancing services. •  Administrators can have multiple instances of the same service provider in a network; for example, more than one Citrix NetScaler or Juniper SRX device can be added to CloudStack •  CloudStack supports the following Network Providers: o  CloudStack Virtual Router (default) o  Citrix NetScaler SDX, VPX and MPX models o  Juniper SRX o  F5 BigIP
  • 39. Network Service Providers Matrix •  Network offerings is basically a definition of what Network Services are available when this offering is used. The available Network Services are: VPN, DHCP, DNS, Firewall, Load Balancer, User Data, Source NAT, Static NAT, Port Forwarding and Security Groups* Feature Virtual Citrix Juniper F5 BigIP Router NetScaler SRX Remote Access VPN YES N/A N/A N/A Firewall YES N/A YES N/A Source NAT YES N/A YES N/A Static NAT YES YES YES N/A Load Balancing YES YES N/A YES Port Forwarding YES N/A YES N/A Elastic IP N/A YES N/A N/A Elastic LB N/A YES N/A N/A DHCP/DNS/User Data YES N/A N/A N/A
  • 40. Network Offerings •  Cloud provider defines the feature set for guest networks •  Toggle features or service levels o  Security groups on/off o  Load balancer on/off o  Load balancer software/hardware o  VPN, firewall, port forwarding •  User chooses network offering when creating network •  Enables upgrade between network offerings •  Default offerings built-in o  For classic CloudStack networking
  • 41. Add Guest Networks •  Choice to choose L3 subnet, default gateway •  Choice of network offerings
  • 42. Editing Guest Networks When editing a guest network users can change the network offering. They can either upgrade to a “premium” network offering (for example offering that uses hardware Load-balancer) or downgrade to a “cheaper” network.
  • 43. Restarting/Cleaning Up a Guest Network •  Restarting the network will simply resend all the LB, Firewall and Port-Forwarding rules to the network provider •  Restarting the Network with “Clean up”: •  restarKng  network  elements  -­‐  virtual  routers,  DHCP   servers   •  If  virtual  router  is  used,  it  will  be  destroyed  and   recreated     •  Reapplying  all  public  IPs  to  the  network  provider   •  Reapplying  load-­‐Balancing/Port-­‐Forwarding/Firewall   rules  
  • 44. Deleting a Guest Network •  An Isolated Guest Network can only be deleted if no VMs are using these network (e.g. Completely destroyed and expunged) •  Deleting a Network will Destroy the Virtual Router (if used) and will release the Public IPs back to the IP Pool
  • 45. Basic vs Advanced Networking •  Segmentation based on feature set and ease-of- deployment •  Both are feature-rich •  Basic implements true AWS-style L3-isolation o  Tenants do not get contiguous IP addresses or subnets o  Network segmentation based on Security Groups o  Tremendous scale (tens of thousands) •  Advanced Zone offers full L3 subnets and L2 isolation o  VLANs are default implementation (4K limit) o  More features (source NAT, PF, LB, VPN)
  • 46. Physical Network in Zone Core (L3) Network Pod 1 Pod 2 Pod N Cloudstack   Access  Switch(es) Server   Cloudstack   Servers CLUSTER 1 …   Hypervisor  1 VM Traffic …   Hypervisor  8 Control Plane Traffic Storage Traffic Storage 2 Storage 1 Public Traffic …   CLUSTER 4 Hypervisor  N Hypervisor  N+1 Storage k
  • 47. Layer 3 cloud networking Web DB Web VM VM VM Web DB Security Security Group Group Web Web DB VM VM VM … … … Web Web VM VM
  • 48. Guest Networks with L3 isolation Public   Public  IP   Guest   Guest   Internet address   1  VM  1 address   65.37.141.11   10.1.0.2 10.1.0.1 Guest   65.37.141.24   Pod  1  L2   Guest   65.37.141.36   Switch 2  VM  1 address   65.37.141.80   10.1.0.3   Guest   Guest   1  VM  2 address   L3  Core   Switch Pod  2  L2   Switch 10.1.8.1 … 10.1.0.4 Guest   Guest   10.1.16. 2  VM  2 address   Load   Pod  3  L2   Balancer 1 10.1.16.12 Switch Guest   2  VM  3 Guest   address   10.1.16.21 … Guest   1  VM  3 Guest   address   10.1.16.47 Guest   Guest   1  VM  4 address   10.1.16.85
  • 49. Guest Networks with L2 isolation Core (L3) Network Pod K Pod M Pod N Access  Switch(es) V V Hypervisor R V Hypervisor CLUSTER 1 …   Hypervisor  1 R VM Traffic …   Hypervisor  8 Public Traffic …   CLUSTER 4 V V Hypervisor  N V Tenant VM Hypervisor  N+1 V R Tenant Virtual Router
  • 50. L2 isolation: VLAN networking User 1 User 1 User User 1 2 User 1 User User 2 1 User 2 … … … User 1
  • 51. SDN at Work CloudStack Mgmt Server SDN Controlle r Host 1 OVS Host 3 OVS VM VM VM V 1 1 3 R GRE Tunnel GRE Tunnel Host 2 OVS Host 4 OVS VM VM VM V 2 2 3 R GRE Tunnel GRE Tunnel
  • 52. Guest virtual layer-2 network Guest  Virtual  Network   10.1.1.0/24 Public   Public  IP   Guest   Gateway   Guest   Network address   1  VM  1 address   address   65.37.141.11   10.1.1.1 10.1.1.2 65.37.141.36 Guest  1   Guest   Guest   Public   Virtual   1  VM  2 address   Internet Router 10.1.1.3 NAT   Guest   Guest   DHCP   1  VM  3 address   Load   10.1.1.4 Balancing   Guest   Guest   VPN 1  VM  4 address   10.1.1.5 Guest  Virtual  Network   Public  IP   10.1.1.0/24 address   Gateway   Guest   Guest   65.37.141.24   address   2  VM  1 address   65.37.141.80 10.1.1.1 10.1.1.2 Guest  2   Guest   Guest   Virtual   2  VM  2 address   Router 10.1.1.3 NAT   Guest   Guest   DHCP   2  VM  3 address   Load   10.1.1.4 Balancing   VPN
  • 53. Layer-2 Guest Virtual Network CS Virtual Router provides Network Services External Devices provide Network Services Guest  Virtual  Network  10.1.1.1/8   Guest  Virtual  Network  10.1.1.1/8   VLAN  100 VLAN  100 Public   Public   Network/ Network/ Internet Guest Internet Guest Public  IP   Private  IP   10.1.1.1 10.1.1.1 VM 1 10.1.1.111 VM 1 Gateway   65.37.141.111 Juniper Public  IP   SRX address   65.37.141.11 CS Firewall 10.1.1.1 Guest Guest Virtual 10.1.1.3 VM 2 10.1.1.3 VM 2 Router Public  IP   Private  IP   DHCP,  DNS   65.37.141. NetScaler 10.1.1.112 NAT   Guest 112 Load Guest Load  Balancing   10.1.1.4 VM 3 Blancer VM 3 10.1.1.4 VPN Guest Guest 10.1.1.5 VM 4 10.1.1.5 VM 4 CS DHCP,   Virtual Router DNS  
  • 54. Layer-3 Guest Network Network Services Managed Externally Network Services Managed by CS Public  Network   65.11.0.0/16 Security  Group   Security  Group   Public  Network/ 1 1 Internet 10.1.2.3 65.11.1.2 Guest Guest VM 1 VM 1 10.2.12.4 65.11.1.3 65.11.1.2 NetScaler L3 Guest Guest 65.11.1.3 Load switch VM 2 VM 2 Blancer 65.11.1.4 EIP,   ELB   10.5.2.99 65.11.1.4 Guest Guest VM 3 VM 3 10.1.2.18 65.11.1.5 Guest Guest VM 4 VM 4 CS CS Virtual DHCP,   Virtual Security  Group   DHCP,   Route Security  Group   Router DNS   2 DNS   r 2
  • 55. Multi-tier network Internet IPSec or SSL site-to-site VPN CS Customer Virtual Router Loadbalancer Premises Monitoring VLAN Virtual Router Services App VM •  IPAM 10.1.2.31 1 •  DNS 10.1.1.1 Web VM 1 •  LB [intra] •  S-2-S VPN App VM 10.1.2.24 •  Static Routes Web VM 2 •  ACLs 10.1.1.3 2 •  NAT, PF •  FW [ingress & egress] Web VM DB VM •  BGP 10.1.1.4 3 10.1.3.24 1 Web VM 10.1.1.5 4 Virtual  Network     Virtual  Network     Virtual  Network     10.1.1.0/24   10.1.2.0/24   10.1.3.0/24   VLAN  100 VLAN  1001 VLAN  141
  • 57. Problem Definition •  Offer a scalable, flexible, manageable IAAS platform that orchestrate physical and virtual resources to offer self-service infrastructure provisioning and monitoring •  Flexible o  Handle new physical resource types § Hypervisors, storage, networking o  Add new APIs o  Add new services o  Add new networking models
  • 58. Problem Definition (contd..) •  Manageable o  Hide complexity of underlying resources o  Rich functional end-user and admin UI o  Admin API to automate operations o  Easy install, upgrade for small -> large clouds o  Simple scaling, automated resilience •  Scalable architecture o  1 -> N hypervisors / VMs / virtual resources o  1 -> N end users
  • 59. Problem Definition (contd..) •  Resource Allocation o  Hypervisor CPU, Memory o  Storage space o  Avoid set of pods, clusters, hosts •  Capacity scanning o  Snapshot of resources consumed o  Trigger capacity threshold violations •  Garbage collection o  Network resources (IP, VLAN, CIDR etc) o  Compute (VM, CPU, memory) o  Storage (volumes) •  Synchronizing the resource states •  Infrastructure resource failures •  Fencing
  • 60. Scaling: Horizontal Scaling Single-node Multi-node Deployment Deployment Manage ment Server User API User API Manage Manage ment MySQL Load ment Server DB Balancer Server Admin API Admin API Manage MySQL ment DB Server Back Up DB Replication Ø  MS is stateless. MS can be deployed as physical server or VM Infrastructure Infrastructure Ø  Single MS node can manage up Resources Resources to 10K hosts. Multiple nodes can be deployed for scale or redundancy
  • 61. Resource Load Balancing •  As management server is added into the cluster, resources are rebalanced seamlessly. o  MS2 signals to MS1 to hand over a resource o  MS1 wait for the commands on the resources to finish o  MS1 holds further commands in a queue o  MS1 signals to MS2 to take over o  MS2 connects o  MS2 signals to MS1 to complete transfer o  MS1 discards its resource and flows the commands being held to MS2 •  Listeners are provided to business logic to listen on connection status and adjusts work based on who’s connected. •  By only working on resources that are connected to the management server the process is on, work is auto-balanced between management servers. •  Also reduces the message routing between the management servers.
  • 62. Cloud Other CLI UI Clients Portal Management Server REST API End User Other Pluggable Service API OAM&P API EC2 API API APIs Engine Console Proxy ACL & Authentication Security Adapters Management -  Accounts, Domains, and Projects -  ACL, limits checking Account Management Connectors Template Services API Access Plugin API Deployment Planning HA Kernel Job Services API -  Drives long running VM Network Configurations Queue Usage operations Calculations -  Syncs between resources managed and DB Network Elements Additional -  Generates events Services Hypervisor Gurus Cluster Resource Job Alert & Event Database Managemen Managemen Management Management Access DB t t Event Bus Message Bus Hypervisor Network Storage Image Snapshot Resources Resources Resources Resources Resources
  • 63. Interactions OVM Cluster Primary Storage vcenter Monitoring Primary CS API vSphere Cluster Storage End User UI Primary XS Cluster Storage Admin UI Clustered CloudStack XAPI Domai CS Admin & CloudStack CloudStack n End-user API Primary Admin Management JSON KVM Cluster Storage UI Server NetConf Juniper SRX Cloud user Nitro API {API client (Fog/etc)} VNC JSON ec2 API JSON Netscaler Cloud user Console Console {ec2 API client } Proxy VM Proxy VM NFS MySQL Server Sec. {Proxied} SSH Sec. Storage NFS NFS Storage VM Ajax HTTPS VM Console Router VM HTTP (Template Download) Router VM HTTP (Template Copy) Router VM Cloud user HTTP (Swift)
  • 65. Balancing Incoming Requests •  Each management server has two worker thread pools for incoming requests: effectively two servers in one. o  Executor threads provided by tomcat o  Job threads waiting on job queue •  All incoming requests that requires mostly DB operations are short in duration and are executed by executor threads because incoming requests are already load balanced by the load balancer •  All incoming requests needing resources, which often have long running durations, are checked against ACL by the executor threads and then queued and picked up by job threads. •  # of job threads are scaled to the # of DB connections available to the management server •  Requests may take a long time depending on the constraint of the resources but they don’t fail.
  • 66. Inside a Management Server CloudStack API API Servlet Plugins Commands cmd.execute() Plugins Plugins Async Job Queue Services Agent API Kernel (Cmds) Mgr API Responses Mess age Resources Bus Local Or Remote Agent Manager Hypervisor Network Native Device APIs API MySQL
  • 67. CloudStack API Sync/Async commands •  Package and Location cloudstack-oss/api/src/com/cloud/api/… •  BaseCmd (base class) All commands descend from the BaseCmd base class
  • 68. CloudStack API Configuration Commands are configured in cloudstack-oss/client/command.properties.in Format: <command name>=<java classname>;<ACL> *note* ACL is calculated as a bitmap with the following, 1 = ADMIN, 2 = RESOURCE_DOMAIN_ADMIN, 4 = DOMAIN_ADMIN, 8 = USER Example: ### snapshot commands! createSnapshot=com.cloud.api.commands.CreateSnapshotCmd;15! listSnapshots=com.cloud.api.commands.ListSnapshotsCmd;15! deleteSnapshot=com.cloud.api.commands.DeleteSnapshotCmd;15! createSnapshotPolicy=com.cloud.api.commands.CreateSnapshotPoli cyCmd;15! deleteSnapshotPolicies=com.cloud.api.commands.DeleteSnapshotPo liciesCmd;15! listSnapshotPolicies=com.cloud.api.commands.ListSnapshotPolici esCmd;15!
  • 69. CloudStack API: adding API Adding a new command Determine type of command Synchronous Synchronous List Based Asynchronous Asynchronous Create based Create your command Define request parameters Implement the execute() method Implement an appropriate ResponseObject Add new command to command.properties.in
  • 70. Management Layer •  Management layer is collection of Managers o  Managers are responsible for directing a specific area of the cloud §  Storage Manager •  Manages primary storage server (allocation, life-cycle, attach, detach, user volumes, life-cycle of the primary storage server itself) §  Network Manager •  Manages network configurations, IP Allocations, Port Forwarding, Load Balancers etc. §  User Vm Manager •  Manages life-cycle of VMs created in the cloud §  And many more!!! •  Managers coordinate with each other to achieve a task
  • 71. Management Layer: Adapters •  Modularization and customization within the CloudStack management server is achieved through the use of the Adapter framework. •  Each Adapter is uniquely identified by the interface it exposes and represents the boundary between CloudStack and the individual component and/or processes that can be configured into the system •  Adapters provide extensibility and in many cases device specific implementation details while maintaining a simple and consistent interface.
  • 72. Management Layer: Adapters •  Adapters are executed as a chain in the order that they are configured •  Defined in cloudstack-oss/client/tomcatconf/components.xml.in <adapters key="com.cloud.network.guru.NetworkGuru”> <adapter name="StorageNetworkGuru” class="com.cloud.network.guru.StorageNetworkGuru"/> <adapter name="ExternalGuestNetworkGuru" class="com.cloud.network.guru.ExternalGuestNetworkGuru"/> <adapter name="PublicNetworkGuru" class="com.cloud.network.guru.PublicNetworkGuru"/> <adapter name="PodBasedNetworkGuru" class="com.cloud.network.guru.PodBasedNetworkGuru"/> <adapter name="ControlNetworkGuru" class="com.cloud.network.guru.ControlNetworkGuru"/> <adapter name="DirectNetworkGuru" class="com.cloud.network.guru.DirectNetworkGuru"/> <adapter name="DirectPodBasedNetworkGuru" class="com.cloud.network.guru.DirectPodBasedNetworkGuru"/> <adapter name="OvsGuestNetworkGuru" class="com.cloud.network.guru.OvsGuestNetworkGuru"/> </adapters>
  • 73. Adapter Interfaces Available •  Discoverer •  VirtualMachineGuru •  StoragePoolDiscoverer •  HypervisorGuru •  StoragePoolAllocator •  Listener •  ConsoleProxyAllocator •  UserAuthenticator •  Investigator •  SecurityChecker •  FenceBuilder •  DeploymentPlanner •  NetworkGuru •  NetworkElement •  And more…
  • 74. Adapters: VM orchestration •  Deployment Planner o  First Fit planner •  Host Allocator o  First Fit o  Random •  Storage Allocator o  First Fit o  Random
  • 75. Adapters: Network Orchestration •  Network Guru (Responsible for L2-L3) o  Design o  Implement o  Allocate o  Release o  Shutdown e.g. guest network guru, OVS network guru etc •  Network Element (Responsible for L4-L7) o  Implement o  Shutdown e.g. F5, SRX, NetScaler, Virtual Router
  • 76. Extending CloudStack Networking 2. prepare (Network, Nic, DeployDestination, VmInfo) 1. prepare (part of start vm) Network PluggableServi Network Element ce Manager Device Configuration MyDnsDeviceS Admin API (CRUD) DnsService ervice 3. addDnsRecord(ip, fqdn) Demonstrates one way to MyDnsDeviceM MySQL MyDnsElement inform an external DNS anager server when an instance starts. AgentMana 4.Enqueue AddDnsRecord ger Queue Classes shaded blue form a plugin / service bundle to integrate an external MyDnsDeviceR DNS server. Clients of the esource instance can then use DNS names to access the 5.API call to Dns Device instance.
  • 77. Sequence Flow for VM Creation Deployme Server Job Services User VM VirtualMac Network Storage Network Network Templat nt Resource Threads API Mgr hine Mgr Mgr Mgr Guru Element e Mgr Planner s Start VM Start User VM Start VM Get a Deployment Plan (Host and StoragePool) Prepare Nics Reserve resources for Nic Notify that Nic is about to be started in network Agent Calls Prepare Volumes Prepare template on Primary Storage Agent Calls Agent Start VM Call Stores job result
  • 79. Server Resources Agent •  Resources are carried in service VMs to be in close Hypervisor Resources network proximity to the physical resources it manages Resource API Network Resources •  Easily scales to utilize the most abundant resource in data Storage Resources center (CPU & RAM) Image & Template •  Communicates with Resources Orchestration Server over message bus (JSON) Snapshot Resources •  Can be replicated for fault tolerance •  Control gateway to resources within data center
  • 81. Working toward 4.1 release •  4.1 is next major release o  Moving away from monolithic architecture to loosely coupled subsystems o  Spring for IOC container and AOP o  Storage subsystem refactoring o  Network subsystem refactoring o  New orchestration engine o  Regions support
  • 83. DevCloud • CloudStack requires o  Hypervisor o  Network o  Storage
  • 85. DevCloud • Several use cases o  Try CloudStack in an isolated sandbox. Runs within the appliance o  Develop CloudStack on own machine, build locally and deploy new version in DevCloud (Build and test) o  Develop and Run locally, use DevCloud as Xen hosts