OpenStack
an introduction
Gerard Braad
me@gbraad.nl
Thank you
Apology
Who am I
- F/OSS
(Free / Open Source Software)
Who am I
- Fedora Project
Who am I
- OpenStack
Who am I
- Tinkerer
Who am I
- Teacher / Trainer
Who am I
- F/OSS & IT Consultant
What is OpenStack
OpenStack
What is OpenStack
- project
Since 2010
A joint project
- Rackspace Hosting
(Cloud Files) - NASA
(Nebula)
to bring cloud-computing services running on standard hardware.
"Austin"
First community release followed 4 months later.
- Object Storage
(Swift) - Compute
(Nova)
OpenStack
- Umbrella project
OpenStack Mission
To produce a ubiquitous Open Source Cloud Computing platform that is easy to use, simple to implement, interoperable between deployments, works well at all scales, and meets the needs of users and operators of both public and private clouds.
OpenStack Mission
... let's review ...
OpenStack Mission
- Produce a ubiquitous Open Source Cloud Computing platform
Open Source
- Is an ideology / way of doing
- Promotes collaboration/sharing of ideas
- The licensing promotes the re-use of material
Open Source
Not only about software
- Open Hardware
- Open CourseWare (MIT)
- Wikipedia (CC-licensed)
Prevents vendor 'lock-in'
Customer is not dependent on a vendor for products and services
- network equipment
- proprietary formats
- camera lenses
Cloud Computing
... is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources.
(eg. networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
OpenStack Mission
- Produce the ubiquitous Open Source Cloud Computing platform
- easy to use, simple to implement
- works well at all scales
OpenStack Mission
- Produce the ubiquitous Open Source Cloud Computing platform
- easy to use, simple to implement
- works well at all scales
- interoperable
- meet the needs
Why would people need OpenStack
- Agility
- Continuous Delivery
- Scalability
- DevOps
As an application developer,
I want to deploy and run an application on the internet so that my customers all over the world can consume it.
As an operator,
I want to deploy the application across multiple clouds so that my service survives issues in any one of them.
As a compliance officer,
I want to deploy and run an application in a location of my choosing so that I can comply with regulatory demands.
Why would people need OpenStack
- Legal reasons
- regional / jurisdiction
- PII
OpenStack Mission
- Produce the ubiquitous Open Source Cloud Computing platform
- easy to use, simple to implement
- works well at all scales
- interoperable
- meet the needs
- users, operators
- public, private clouds
What is OpenStack
- project
- foundation
OpenStack Foundation
- An independent body providing shared resources
Helps to achieve the OpenStack Mission
- Protecting
- Empowering
- Promoting
OpenStack software and the community around it
- users
- developers
- entire ecosystem
Understand OpenStack as a community
- Foundation mission
- core values
- target
Understand OpenStack as a community
- Definition of 'open' / openness
- source
- community
- design
- development
Customer as target audience
- enterprise need
- consultant listens
- task of the engineer
Bridge gap between community
Community engagement
- to keep up with the changes...
OpenStack is not just OpenStack
- Ceph (storage)
- Puppet, Ansible
- OPNFV, Open vSwitch
- ...
What is OpenStack
- project
- foundation
- set of applications
OpenStack services
- Set of applications
- Python
OpenStack services
- 'Un*x' philosophy
- do one thing
- and do it well
Note: microservices
OpenStack services
- communication
Architecture
OpenStack components
Core services
- Identity: Keystone
- Dashboard: Horizon
- Compute: Nova
- Networking: Neutron
- Object Storage: Swift
- Image: Glance
- Block Storage: Cinder
and many, many more ...
Keystone
- Keystone provides Identity, Token, Catalog and Policy services
Keystone Overview
User management
Tracks users and their permissionsService catalog
Provides a catalog of available services with their API endpoints
Keystone diagram
Keystone overview
- API gateway
- Verifies access tokens
- Entities and concepts
- users
- roles
- tenants
- ...
Usual flow
- authenticate with Keystone
- obtain a TOKEN
- use TOKEN for transactions with OpenStack services
- service verfies TOKEN with Keystone
Integration with LDAP
- MySQL
- Service catalog
- LDAP
- Accounts
- Roles
- Tenants
Horizon
- Horizon is the canonical implementation of OpenStack’s Dashboard
Enables cloud administrators and users to manage various OpenStack resources and services.
It enables Web-based interactions with the OpenStack Compute cloud controller through the OpenStack APIs.
Overview
- Django-based
- AngularJS
- Bootstrap
- jQuery
- D3.js
- ...
- Extensible
- Billing
- Monitoring
Customization
- Change site title, logo and brand links
- Modify dashboard and panel
- Change button styles
- Custom stylesheets
- Custom JavaScript
Short demonstration
- Horizon
- Client
Install client
(.venv) $ pip install python-openstackclient
$ sudo yum install -y python-openstackclient
$ sudo apt-get install -y python-openstackclient
$ docker pull gbraad/openstack-client:alpine
Client communication
- RESTful API
- HTTP Verbs/methods
- Resource oriented
- version-ed (microversion)
- JSON / HTTP(S)
Basic commands
$ openstack [resource] [command] [options]
Note:
- either use
source ~/.stack/dream - or use
--os-cloud dreamas parameter.
Nova
- Nova provides power massively scalable, on demand, self service access to compute resources
Nova diagram
Nova overview
- build on top of a messaging-based architecture
- component interaction with AMQP
- external services with REST
- pluggable
Nova components
- Nova API
- Nova scheduler
- Nova conductor
- Nova compute
- Nova ConsoleAuth
- Nova novncproxy
Nova API
Responsible for the API for users and services
Example: spawning an instance from Horizon or CLI
Nova scheduler
Using Filters it will dispatch requests for new virtual machines to the correct node
Nodes -> Filters -> filtered list -> Weighting -> final sorted list
Nova compute
- Runs on each to allow creation and termination of virtual machines.
- Interacts with the hypervisor to launch instances
- Instance state is maintained in the database.
Nova services
- Nova conductor
provides database access for compute nodes (reducing security risks) - Nova ConsoleAuth
handles console authentication - Nova novncproxy
provides a VNC proxy for browsers
Nova and AMQP interaction
- API service processes the REST requests
- database interaction
- RPC messaging
oslo.messaginglibrary
Integration
- Hyper-V (Windows Server, Windows 8)
Python application/service running on Hyper-V node- doesn't require clustering services
- doesn't require shared storage
- VMWare ESX
- Xen
- LXC, Docker
Boot instance
- Instance name
- Flavor ID
Image name
Network ID
- Security group
- Keypair
Boot instance
$ openstack server create test --flavor 1 --image "CentOS7" --key-name "my-key"
$ openstack server list
Glance
- Glance provides a service where users can upload and discover data assets that are meant to be used with other services
Glance diagram
Glance overview
- RESTful API
- querying image metadata
- retrieval of image
- storage backends
- filesystem
- object storage (Swift, S3)
- Ceph RBD (distributed storage)
- Cinder
Glance components
- Glance API
accepts calls for image discovery, retrieval, and storage - Glance registry stores, processes, and retrieves metadatda about images (size, type, etc.)
- Glance database stores image metadata. MySQL or SQlite
- Storage repository
Supported formats
Disk formats
- raw (unstructured)
- qcow2 (qemu)
- iso
- vhd (Hyper-V), vmdk (VMWare), vdi (VirtualBox)
- aki, ari, ami (AWS images)
Container formats
- bare
- ovf (Open Virtualization Format)
- aki, ari, ami
Glance image upload
$ wget -q http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2 -O /tmp/centos7.qcow2
$ openstack image create --disk-format qcow2 --file /tmp/centos7.qcow2 centos7
$ qemu-img convert /tmp/centos7.qcow2 /tmp/centos7.raw
$ openstack image create --disk-format raw --container-format bare --file /tmp/centos7.raw centos7
Glance assets
- Images for Nova
- Templates for Heat
- assets for use with other services
Cinder
- Cinder provides “block storage as a service”
Cinder overview
Originally called Nova volume, but is an independent project since the Folsom release. It provides infrastructure for managing volumes.
Cinder diagram
What is Cinder?
It virtualizes pools of block storage devices and provides users a self-service API to request and consume resources. No knowledge is required of where storage is actually deployed or on what type of device.
Supported backends
- Reference implementation
- LVM, in a group named
cinder-volumes
- LVM, in a group named
- Storage appliances
EMC, Hitachi, IBM Storage, etc - Ceph, GlusterFS, Nexenta
Volumes, snapshots and backups
- Volumes
allocated block storage attached as secondary storage, or as root store to boot instances - Snapshots
read-only point in time of a volume - Backups
archived copy of a volume, stored in Object Storage
Cinder volume creation
$ openstack volume create [volume-name] --size [size]
$ openstack volume create [volume-name] --image [image] --size [size]
$ openstack server add volume [server-name] [volume-name]
Neutron
- Neutron provides “network connectivity as a service” between interface devices (e.g., vNICs)
Neutron diagram
Neutron overview
- Technology agnostic
- Extensible
- Advanced services
- LBaaS (Load-balancer)
- VPNaaS (VPN)
- FWaaS (Firewall)
- Standalone service
Neutron components
- Neutron Server
- Neutron Plugin
- DHCP Agent
- L3 agent
- Advanced services
- Neutron Database
- ML2 (Modular layer2) plugin
Neutron network setup
- provider network setup
- map into existing network (VLAN)
- small number of tenants
- routing with exisitng infrastructure
Neutron network setup
- Overlays (and L2 gateways)
- large number of tenants
- Floating IPs
Neutron backends
- Dragonflow
- OpenContrail
- OpenDayLight
- OVN
- Astara
Demonstration
- Security groups
Access rules - Floating IP
- Network topology
Swift
- Swift is a highly available, distributed, eventually consistent object/blob store
What is object storage
- 'flat' structure
- stored in containers (massive scalability)
- metadata
- durability
- access via API
What is object storage
- Good for:
- Media (images, music, video)
- Documents
- Backups
- Not suited for:
- Relational data
- Data requiring updates within objects
Swift features
- Multi-tenancy
- Eventual consistency (CAP)
- Object versioning
- Standalone
Swift diagram
Swift architecture
- Account service
- Container service
- Object service
- Consistency service
OpenStack services continued
- Astara, Barbican, Ceilometer, Cloudkitty, Designate, Freezer, Heat, Kuryr, Magnum, Manila, Mistral, Monasca, Murano, Oslo, Rally, Sahara, Searchlight, Senlin, Smaug, Solum, Tempest, Tacker, Trove, Vitrage, Watcher, Zaqar
Ceilometer
- Telemetry service
- Billing, chargeback use-case
- Cloud operator
- Utilization
Heat
- Orchestration service
- Comaptible with AWS CloudFormation
- Uses a templating mechanism
- Controls complex groups of cloud resources
Heat
heat_template_version: 2016-04-08
description: Heat template to deploy an instance
parameters:
ssh_key_name:
type: string
label: Key Pair name
description : Name of the key pair to enable SSH access to the instance.
flavor_name:
type: string
label: Flavor Name
description: Instance type for the development environment
default: m1.small
constraints:
- allowed_values: [m1.small, m1.medium]
description: flavor_name must be one of m1.small or m1.medium
root_password:
label: root password
default: secrete
hidden: true
description: root password for the development environment
type: string
constraints:
- length: { min: 4, max: 25 }
description: Password MUST be between 1 - 25 characters
private_network:
type: string
label: Private network name or ID
description: Network to attach instance to
default: private
Heat
resources:
server:
type: OS::Nova::Server
properties:
name: devenv
flavor: { get_param: flavor_name }
image: Fedora23
key_name: { get_param: ssh_key_name }
networks:
- network: { get_param: private_network }
user_data:
str_replace:
template: |
#!/usr/bin/env bash
# Root password
sudo echo root:%root_password% | chpasswd
# Installation script
[...]
params:
"%root_password%": { get_param: root_password }
Heat
security_group:
type: OS::Neutron::SecurityGroup
properties:
description: Add security group rules for the development environment
name: devenv
rules:
- remote_ip_prefix: 0.0.0.0/0
protocol: tcp
port_range_min: 22
port_range_max: 22
outputs:
server_private_ip:
description: IP address of development environment in the private network
value: { get_attr: [ server, first_address ] }
Ceilometer + Heat
Autoscaling
- Orchestration triggered by events from telemetry data
- Neutron with LBaaS
Ironic
Provisions bare-metal (physical hardware) as opposed to virtual machines
- Leverages
- PXE
- IPMI
- plugin ...
- Images can be provided by
- HTTP
- Cinder
- Glance
What is OpenStack
- project
- foundation
- set of applications
- deployed environment
Deployed environment
There is no single OpenStack deployment
Examples
- UnitedStack UOS Cloud
- City Network CityCloud
- Dreamhost DreamCompute
- OVH Public Cloud
- EnterCloudSuite
- Rackspace Public Cloud
OpenStack deployments
The minimum that fits your use-case
Sample configurations (case studies)
Concept of node types
... before I continue...
Node types
Controller node
Takes care of the administrational tasks of the OpenStack environment
Compute node
Provides the computing resource for the OpenStack environment
Network node
Handles networking within the OpenStack environment
Puppet modules
Utilizes Puppet to configure and deploy OpenStack components
Puppet example
manifests/controller.pp
class ionic_cloud::controller {
include ionic_cloud::server
include ionic_cloud::controller::rabbitmq
include ionic_cloud::controller::mysql
include ionic_cloud::controller::keystone
include ionic_cloud::controller::glance
include ionic_cloud::controller::neutron
include ionic_cloud::controller::nova
}
Puppet example
controller/keystone.pp
class ionic_cloud::controller::keystone (
$allowed_hosts = "10.0.0.0/24",
$bind_host = '0.0.0.0',
$controller = 'controller.ionic-cloud.gbraad.nl',
$password = 'keystone',
$user = 'keystone',
$token_provider = 'fernet',
$enable_fernet_setup = true,
) {
include ::keystone::client
class { '::keystone::db::mysql':
allowed_hosts => [$controller, $allowed_hosts],
password => $password,
user => $user
}
[...]
Puppet example
[...]
class { '::keystone':
admin_bind_host => $bind_host,
admin_token => $password,
database_connection => "mysql+pymysql://${user}:${password}@${controller}/keystone",
enabled => true,
public_bind_host => $bind_host,
service_name => 'httpd',
token_provider => $token_provider,
enable_fernet_setup => $enable_fernet_setup
}
[...]
Deployment tools
Almost every vendor provides their own deployment tool
Deployment approach
- Source
- Bleeding edge
- Latest features and fixes are available
- Packages
- At the mercy of the packagers
- Distribution specific testing
- Image-based
- Guaranteed that all nodes run the same deployment
Devstack
A documented shell script to build a complete OpenStack development environment, using the latest version.
- Ubuntu
- Fedora
- Debian
- OpenSUSE
Note: for use on servers or virtual machines... and only for development purpose
PackStack
Can do multi-node deployments, but is considered for small-scale, PoC deployments.
$ yum install -y centos-release-openstack-[releasename]
$ yum install -y openstack-packstack
$ packstack --allinone
OpenStack Ansible
Maintained by Rackspace
Fuel
Maintained by Mirantis
Targets
- Ubuntu
- CentOS / RHEL
Recently Mirantis announced a partnership with SUSE
TripleO
'Openstack-on-Openstack'
Utilizes many of the OpenStack components (Undercloud) to standup a workload OpenStack cloud (Overcloud). Part of RDO, the packaging of OpenStack for CentOS/RHEL.
The undercloud deploys workload nodes using an image-based deployment.
TripleO install customization
undercloud$ cat << EOF > ~/templates/firstboot-environment.yaml
resource_registry:
OS::TripleO::NodeUserData: /home/stack/my_templates/firstboot-config.yaml
EOF
TripleO install customization
undercloud$ cat << EOF > ~/templates/firstboot-config.yaml
heat_template_version: 2014-10-16
resources:
userdata:
type: OS::Heat::MultipartMime
properties:
parts:
- config: {get_resource: repo_config}
repo_config:
type: OS::Heat::SoftwareConfig
properties:
config: |
#!/bin/bash
yum install -y [packages to want to be installed]
# and any other commands you want to be performed
outputs:
OS::stack_id:
value: {get_resource: userdata}
EOF
Install customization
undercloud$ openstack overcloud deploy --templates \
--control-flavor control --compute-flavor compute \
--control-scale 1 --compute-scale 1 \
--neutron-tunnel-types vxlan --neutron-network-type vxlan \
-e ~/templates/firstboot-environment.yaml
TripleO node types
Storage nodes
- Block Storage
- Object Storage
- Ceph Storage
Customization possible
Kolla
Containerized OpenStack project, targets Ubuntu and CentOS to run in Docker containers.
- packages
- source deployment
Installer generates containers (comparable to images).
Ansible as a client
Utilizes the Shade client library for interacting with OpenStack clouds
Ansible playbook: upload key
---
- hosts: localhost
tasks:
- name: Upload public key to OpenStack cloud providers
os_keypair:
cloud: "{{ item }}"
name: gbraad
public_key_file: ~/.ssh/id_rsa.pub
with_items:
- trystack
- dreamhost
- ustack
$ ansible-playbook upload-publickey.yml
Ansible playbook: create instance
---
- hosts: localhost
tasks:
- name: Create instance
os_server:
state: present
cloud: "{{ cloud }}"
name: "test"
image: Fedora24
key_name: "{{ key }}"
network: public
flavor: 1
userdata: >-
#!/usr/bin/env bash
# Root password
sudo echo root:%root_password% | chpasswd
# Installation script
[...]
$ ansible-playbook create-instance.yml --extra-vars "cloud=trystack key_name=mykey"
Disaster recovery and backup
- Freezer
- Smaug
Ceph
Distributed storage solution
High Availability
- MySQL (Galera)
- Message Queue
- Pacemaker
- Keepalived
- haproxy
- ...
Messaging
Generally in OpenStack two modes are used for messaging
rpc.cast- do not wait for resultrpc.call- wait for result (when there is a return value)
Messaging notes
- Uses multiple queues within a single rabbitMQ instance
- Traffic is usually not intensive
- No broadcast messages
Vagrant
Also comes with an OpenStack provider. Which allows you to easily deploy developer environments onto an OpenStack environments.
$ vagrant up
Conclusion
- OpenStack provides abstractions to build a cloud infrastructure
- It is only a part of the full deployment
- Storage
- Cloud Native
Resources
- https://gitlab.com/gbraad/openstack-handsonlabs
- Multi-tier setup
- Heat introduction
- https://github.com/gbraad/scratchpad/tree/master/technology/openstack
- https://wiki.openstack.org/wiki/Open
- http://docs.openstack.org/mitaka/install-guide-rdo/index.html
- http://docs.openstack.org/mitaka/config-reference/index.html
- https://access.redhat.com/documentation/en/red-hat-openstack-platform/
- http://wiki.openstack.org/
- http://docs.openstack.org/ops/
Stay in touch
Stay in touch
