Contenu connexe
Similaire à Daneyon Hansen - Intro to OpenStack - Feb13 OpenStack Denver Meetup
Similaire à Daneyon Hansen - Intro to OpenStack - Feb13 OpenStack Denver Meetup (20)
Daneyon Hansen - Intro to OpenStack - Feb13 OpenStack Denver Meetup
- 3. Looking Back
Do You Remember What This
Guy Did to IT?
Linux™
BRKDCT-1253 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
- 4. The Internet
The Internet was
built on Open
Source
Software
How will you build your
cloud?
BRKDCT-1253 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
- 5. Welcome to OpenStack
The Cloud Needs and WILL have an Open Source operating system to
achieve Internet Scale:
BRKDCT-1253 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
- 6. OpenStack: A Brief History
§ NASA Launches Nebula
– One of the first cloud computing platforms
built by the Federal Government for the
Federal Government
§ March 2010: Rackspace Open Sources
Cloud Files software, aka Swift
§ May 2010: NASA open sources compute
software, aka “Nova”
§ June 2010: OpenStack is formed nebula.nasa.gov
§ July 2010: The inaugural Design Summit
BRKDCT-1253 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
- 7. OpenStack Community
& +
160 and counting
BRKDCT-1253 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
- 8. Cloud Layers Overview
§ Hosts
– Linux (Ubuntu, Red Hat, Fedora, etc.), Windows
§ Host Virtualization
– KVM, Xen, Hyper-V, ESX
§ Host Management: Libvirt
– An open source toolkit to interact with hypervisors
§ Virtual Networking
– Linux Bridge, Open vSwitch
BRKDCT-1253 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
- 9. Cloud Layers Overview Cont..
§ Infrastructure as a Service (IaaS) Orchestration
– OpenStack, Amazon EC2/S3, CloudStack
§ Platform as a Service (PaaS)
– Google App Engine, AWS Beanstalk, Heroku, Cloud Foundry
§ Application Orchestration
– AWS CloudFormation, OpenStack Heat (Incubation Project)
§ System Management & Automation (aka DevOps)
– Puppet, Chef, Ansible, etc.
BRKDCT-1253 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
- 10. OpenStack Vision
Public Clouds Private Clouds
Seamless Cloud
Interoperability
Community Clouds
BRKDCT-1253 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
- 12. OpenStack Introduction
§ A Cloud Operating System
– A collection of interrelated software components delivering capabilities to build
and manage cloud infrastructure.
§ A global community of developers devoted to innovation and openness
§ Flexibility in deployment and features
§ Standards for broad deployment
§ No fear of vendor “lock-in”
BRKDCT-1253 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
- 13. OpenStack Terminology
§ Instance- Running virtual machine
§ Image- Non-running virtual machine, multiple formats (AMI, OVF, etc.)
§ Application Programming Interface (API)- Interface for computer programs
§ Message Queue- Acts as a hub for passing messages between daemons
§ Volume- Provides persistent block storage to instances
§ Project- aka Tenants, provides logical separation among cloud users
§ Flavors- Pre-created bundles of compute resources
§ Fixed IP- Associated to an instance on start-up, internal only
§ Floating IP- Public facing IP address
BRKDCT-1253 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
- 14. OpenStack Core Projects
OpenStack Compute (Nova)
Software to provision virtual machines on standard server
hardware at massive scale
OpenStack Object Storage (Swift)
Software to reliably store billions of objects distributed across
standard server hardware
OpenStack Image Service (Glance)
Services for discovering, registering, and retrieving virtual
machine images
BRKDCT-1253 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
- 15. OpenStack Core Projects Cont..
OpenStack Dashboard (Horizon)
A self-service web portal to allow administrators and users to
manage OpenStack resources
OpenStack Identity (Keystone)
Provides “unified authentication” across all OpenStack projects
and integrates with 3rd party authentication systems
OpenStack Block Storage Service (Cinder)
Intended to separate existing nova-volume service into an
independent service
BRKDCT-1253 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
- 16. OpenStack Core Projects Cont..
OpenStack Network Service (Quantum)
Provides “network connectivity as a service” between devices
managed by other OpenStack services
Many Other Incubation & Community Projects
http://openstack.org/projects/
BRKDCT-1253 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
- 17. Identity Service (Keystone) Introduction
§ An authentication and authorization (AA) system
§ Organized into a group of internal services
§ Provides a HTTP front-end to clients (components, users, etc.)
§ Support for multiple back-ends
– Allows Keystone to adapt to a wide-range of environments
BRKDCT-1253 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
- 18. Keystone Architecture
OpenStack
Swift
Nova object-api
Glance
nova-api
(EC2, OS, Admin) glance-api
Keystone Service & Admin API’s
identity token Catalog Policy
Service Backends
(KVS, SQL, PAM, Templated)
BRKDCT-1253 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
- 19. Image Service (Glance) Introduction
§ Designed to be adaptable
§ 3 primary services- API, Registry, and Store Adapter
§ Provides services for discovering, registering, and retrieving virtual
machine images
§ Images can be stored in a variety of locations
BRKDCT-1253 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
- 20. Glance Architecture
OpenStack
Swift
Nova object-api Keystone
nova-api
(EC2, OS, Admin) Service API
Glance Glance API Server
(glace-api)
SQL Registry Server Store Adapter
S3 Store HTTP Store Swift Store Filesystem Store
BRKDCT-1253 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
- 21. Compute Service (Nova) Introduction
§ Primary component of the OpenStack IaaS platform
§ Shared-nothing and modular software architecture
– Services communicate using a message queue (AMQP)
§ Uses a SQL-based database for information storage
– Shared by all system components
BRKDCT-1253 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
- 22. Nova Architecture
OpenStack
Nova Scheduler Compute Worker(s)
(nova-scheduler) (nova-compute)
Users Network Controller(s)
(nova-network) Data Store
nova-api Message Queue
(EC2, OS, Admin) (RabbitMQ)
Volume Worker(s)
(nova-volume)
Computer
Programs
glance-api object-api Service API
Glance Swift Keystone
BRKDCT-1253 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
- 23. Block Storage Service (Cinder) Introduction
§ New in Folsom Release
§ Provides a “drop-in” replacement/alternative to nova-volume
§ Utilizes the same nova-volume code and architecture
§ Operates using the same nova client and euca2ools
– nova volume-create, nova volume-snapshot-create, etc.
§ Upcoming release (Havana) will include:
– Additional driver support, metering, incremental snapshots w/Swift integration
BRKDCT-1253 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
- 24. Cinder Architecture
OpenStack
Cinder Scheduler
(cinder-scheduler)
Users
Data Store
cinder-api Message Queue Volume Worker(s)
(OS, Admin) (RabbitMQ) (cinder-volume)
Computer
Programs
nova-api object-api Service API
Nova Swift Keystone
BRKDCT-1253 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
- 25. Object Store Service (Swift) Introduction
§ Object-based storage system
– NOT a block-based system like iSCSI
– Consists of flexibly-sized data containers (objects)
§ Distributed architecture
– Avoids a single point of failure
– Massively scalable (billions of objects and PB’s of data)
§ Server hard drives turn into a pool of storage
BRKDCT-1253 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
- 26. Swift Architecture
OpenStack
Glance
Nova glance-api Keystone
nova-api
(EC2, OS, Admin) Service API
Swift
object-api Memcache
Proxy Server
swauth
Storage Server
Account Service Container Service Object Service
BRKDCT-1253 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
- 27. Swift Functionality
§ The Ring
– Mapping between entities and physical location
The Cluster § Proxy Server
The Ring
Server 1 – Ties together end users and the Swift back-end
Device Zone 1
1 (Replica 1) services, provides public API endpoint.
P11 Server 2
Device Zone 2
§ Object Server
….
2 (Replica 2)
P25 – Simple blob storage server to store, retrieve, and
Server 3 delete objects on local disk
Device Zone 3
3 (Replica 3)
§ Container Server
– Lists objects
§ Account Server
– Similar to container, but lists containers
BRKDCT-1253 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
27
- 28. Component Communication
OpenStack
Other OpenStack
Components
component-api
Nova Glance
nova-api
(EC2, OS, Admin) glance-api
object-api
Swift
BRKDCT-1253 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
- 29. Component Communication
OpenStack
Other OpenStack
Components
component-api
Nova Glance
nova-api
(EC2, OS, Admin) glance-api
object-api
Swift
BRKDCT-1253 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
- 30. Component Communication
OpenStack
Other OpenStack
Components
component-api
Nova Glance
nova-api
(EC2, OS, Admin) glance-api
object-api
Swift
BRKDCT-1253 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
- 31. Component Communication
OpenStack
Other OpenStack
Components
component-api
Nova Glance
nova-api
(EC2, OS, Admin) glance-api
object-api
Swift
BRKDCT-1253 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
- 32. OpenStack Networking Options
Flat Mode
All Instances are attached to a single Linux bridge. IP’s are injected into
image on launch
FlatDHCP Mode
Similar to Flat Mode, but includes a DHCP server to manage instance
IP’s. Instances receive an IP through a dhcpdiscover message
VLAN Network Mode
A VLAN, Fixed IP Subnet, and Linux bridge per tenant.
Quantum Network Manager
A peer OpenStack service providing network connectivity services
BRKDCT-1253 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
- 33. Flat & Flat DHCP Modes
Public Network
Private Network
Compute Node Host 1 Compute Node Host N Controller Node
Hypervisor Hypervisor
ETH0 ETH0 ETH0 ETH1
br100 br100 br100
Bridging, NAT, DHCP
TAP1 TAP2 TAP3 TAP4 TAP5 TAP6
vNI vNIC vNIC vNI vNIC vNIC
C C Network Controller
OS OS OS OS OS OS
(i.e. Node running Nova-
WS1 App WS2 WS1 App WS2
Network)
VM1 VM2 VM3 VM4 VM5 VM6
§ Controller Node runs nova-network and acts as gateway to “outside world”
§ Optionally, nova-network component can run on each compute node
Requires nova-api on each compute node
BRKDCT-1253 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
33
- 34. VLAN Mode
Public Network
Private Network
Compute Node Host 1 Compute Node Host N Controller Node
Hypervisor Hypervisor
ETH1 ETH1 ETH1 ETH0
br100/ VLAN11 br100 / VLAN11 br100 / VLAN11
br101 / VLAN 22 br101 / VLAN 22 br101 / VLAN 22
TAP0 TAP1 TAP3 TAP4 TAP5 TAP6
vNI vNIC vNIC vNI vNIC vNIC Network Controller
C C
OS OS OS OS OS OS (i.e. Node running Nova-
WS1 App WS2 WS1 App WS2 Network)
VM1 VM2 VM3 VM4 VM5 VM6
§ Default Networking Mode
§ Switch must support 802.1q VLAN Tagging
BRKDCT-1253 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
34
- 35. Quantum Introduction
§ Provides abstractions and functionality needed for
cloud networking
§ Why Quantum?
– Current networking under Nova is limited q-router
Hypervisor
– Provide tenants an API to build rich networking topologies ETH1
VN-Blue-E1
VN-Red-E2
– Foster innovation through plug-ins
VPT2 VPT3 VPT4
§ Provides abstractions, functions, and API for:
VPT1
VIF VIF2 VIF3 VIF4
– Virtual Network (VN) 1
OS OS OS OS
WS1 App WS2 App
– Virtual port (VPT) on a VN VM1 VM2 VM3 VM42
– Attaching/detaching Virtual Interfaces (VIF)
BRKDCT-1253 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
35
- 36. Quantum Architecture
Quantum API API Extensions
Quantum Service
• Network abstraction definition and management
• Device and service attachment framework
• Does NOT implement any abstractions
Quantum Plug-in API
Vendor/User Plug-In
• Maps abstraction to implementation on physical and/or virtual networks
• Implements all the operations included in the Quantum API
• Can provide additional features through API extensions
BRKDCT-1253 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
- 37. Quantum Abstractions
§ Virtual Networks (VN)
– A basic Layer-2 (L2) network
– A common VN realization is a VLAN
§ Virtual Ports (VP) q-router
Hypervisor
ETH1
– An attachment point for a virtual interface (VIF) to connect VN-Blue-E1
to a VN VN-Red-E2
– Ports expose configuration and monitoring state through VPT1 VPT2 VPT3 VPT4
extensions VIF VIF2 VIF3 VIF4
1
OS OS OS OS
§ Subnets (new in v2 API) WS1
VM1
App WS2 App
VM42
VM2 VM3
– IP Address Management (IPAM) to store subnet
information and IP allocation
– Allows the setting of gateway and host routes
BRKDCT-1253 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
37
- 38. Quantum Abstractions Cont..
§ Through CRUD operations, an Instance can
dynamically be:
– Added/removed from a network
– Moved from one port to another on demand q-router
Hypervisor
ETH1
VN-Blue-E1
VN-Red-E2
VPT1 VPT2 VPT3 VPT4
VIF VIF2 VIF3 VIF4
1
OS OS OS OS
WS1 App WS2 App
VM1 VM2 VM3 VM42
BRKDCT-1253 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
38
- 39. Quantum Plugins & API Extensions
§ Plugin
– Implements the realization of Quantum abstractions
– Supports different back-end technologies and vendors
– Currently 1 Quantum plugin per deployment q-router
Hypervisor
ETH1
– Examples: Linux Bridge, Open vSwitch, Cisco, Nicira VN-Blue-E1
NVP VN-Red-E2
§ API Extensions VPT1 VPT2 VPT3 VPT4
VIF VIF2 VIF3 VIF4
– Allows the plugin to expose additional capabilities 1
OS OS OS OS
WS1 App WS2 App
– Applications can programmatically determine what VM1 VM2 VM3 VM42
extensions are available through CRUD operations
– Examples: Port profiles, Quality of Service, etc.
BRKDCT-1253 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
39
- 40. Quantum High-Level Flow
§ Tenant creates a network (i.e. net1)
§ Tenant associates a subnet with a network (i.e.
subnet1- 10.10.10.0/24)
§ Tenant boots an Instance, specifying the network to q-router
Hypervisor
connect to (i.e. nova boot –nic net-id=<net1 id>) ETH1
VN-Blue-E1
VN-Red-E2
§ Nova contacts Quantum and creates a port1 on net1
VPT2 VPT3 VPT4
§ Quantum assigns an IP address to the Instance
VPT1
(through DHCP Agent) VIF
1
OS
VIF2
OS
VIF3
OS
VIF4
OS
WS1 App WS2 App
§ Tenant destroys the Instance VM1 VM2 VM3 VM42
§ Nova contacts Quantum to destroy port1.
Associated IP address is returned to pool.
BRKDCT-1253 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
40
- 49. Complete Your Online
Session Evaluation
§ Give us your feedback and you
could win fabulous prizes.
Winners announced daily.
§ Receive 20 Passport points for each
session evaluation you complete.
§ Complete your session evaluation
online now (open a browser through
our wireless network to access our Don’t forget to activate your
portal) or visit one of the Internet Cisco Live Virtual account for access to
all session material, communities, and
stations throughout the Convention
on-demand and live activities throughout
Center. the year. Activate your account at the
Cisco booth in the World of Solutions or visit
www.ciscolive.com.
BRKDCT-1253 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
49
- 50. Final Thoughts
§ Get hands-on experience with the Walk-in Labs located in World of
Solutions, booth 1042
§ Come see demos of many key solutions and products in the main Cisco
booth 2924
§ Visit www.ciscoLive365.com after the event for updated PDFs, on-
demand session videos, networking, and more!
§ Follow Cisco Live! using social media:
– Facebook: https://www.facebook.com/ciscoliveus
– Twitter: https://twitter.com/#!/CiscoLive
– LinkedIn Group: http://linkd.in/CiscoLI
BRKDCT-1253 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
50
- 51. BRKDCT-1253 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 51