OpenStack

Open Stack Free open-source cloud-computing software platform IaaS 6-month release cycle Began 2010 Rackspace and NASA Early code from NASA’s Nebula platform and Rackspace’s Cloud Files platform Red Hat – commercial support with Grizzly release 2013 Managed by OpenStack Foundation Non-profit corporate entity AWS compatibility

What is with all the names? All different flavors(?) Versions have different names – current release is Newton(10/16) Previous was kilo HP Helion has tweaked the storage of open stack Mirantis openstack allows companies to write their own plug-ins that can be installed and deployed automatically GroundWork supports all and added CloudHub

In general clouds have Controller node Compute node Storage node

OpenStack General components in the architecture Cloud Controller Compute Nodes – Nova Network Controller – Neutron Storage Controller –Swift

Core Services Nova – compute instance management for their lifecycle Keystone – identity provides authentication and authorization for other OpenStack services Glance – Image service to store/retrieve VMIs Neutron – network connectivity as a service for other OpenStack services Swift – object storage for unstructured data objects Cinder – block storage for running instances

Cloud controller Cloud controller is one or more nodes, that control the cloud operations. In contrast to compute nodes (e.g. worker nodes), cloud controller maintains a high level view of the resources and provides unified point for cloud management. All of the user's request (e.g. launch an instance), goes into cloud controller node and then it sends to the other nodes (e.g. compute nodes) In most non-production OpenStack environment, one controller node is enough. To achieve better high availability, two or more cloud controllers can be deployed.

OpenStack Cloud controller Generally, OpenStack Cloud Controller comprises of the following services: Database Service(MySQL/MariaDB): Stores cloud data Messaging Queue Service(RabbitMQ): Provides message passing mechansim for cloud nodes Authentication Service(Keystone): Provides authentication and autherization service API Endpoints(nova-api, glance-api, ...): Provides unified access point for cloud services(e.g. network, storage, compute) Scheduler(nova-scheduler, cinder-scheduler, ...): Provides workload scheduling service Dashboard(Horizon): Provides web-based management dashboard

Controller Node Nova Manages lifecycle of compute instances Span, schedule, decommission machines on demand Fabric controller – manage and automate pools of resources Works with KVM, Vmware, Xen, Hyper-V Also bare metal HPC Written in Python

Object Storage Swift Scalable redundant storage system Files written to multiple disk drives – replication In case of a drive failure, contents replicated to new location Analogous to Amazon’s S3 Can store billions of objects across nodes

Image Service Glance Image service (Image – OS installed on a VM) Manages/stores VM images Provides registration services for disk and service images Also used to store and catalog backups API a standard REST interface for querying info about disk images Can use local file system, OpenStack Object Store, S3

How will we install OpenStack For Assignment#1? Must sign up by Friday 1/27 midnight

Our Setup In our installation of Open stack for each cluster we have 1 controller node 2 compute nodes 1 jump box for security purposes So can ssh from home Cluster has same ip range Jump Box

Installation Email me your group names (4 people –doesn’t matter if 491/591) If you don’t have a group I will assign you to one If you are not comfortable with Linux commands, make sure someone in your group is You will be able to cut/paste the commands The TA will email you info before your timeslot about the IP address, etc. You will have 4 people in a group, but 1 controller and 2 compute nodes The controller installation is the most complex Two people can work on it

CONTROLLER NODE Controller node: Install a DBMariaDB Install RabbitMQ message queue Create a DB then Install Keystone – identity management Configure Apache Remove sqlite DB (defualt) Configure admin account

CONTROLLER NODE Configure glance – VM image service Populate image service DB Configure Nova - compute service Create a DB Create a Nova user Grant admin role to Nova user Create Nova service entity Install packages Configure location of image service API Populate compute DBs Restart compute services

COMPUTE NODES Configure Nova computer service on each of the 2 compute nodes Configure RabbitMQ message Q access Configure keystone identity service Configure nova networking service Configure location of image service

CONTROLLER NODE Verify operation of computer service on the CONTROLLER NODE

CONTROLLER NODE Install and configure network service Create a DB Create neutron network user Configure RabbitMQ message Q access Configure keystone identity service Configure networking to notify of network topology Configure Modular Layer 2 plug-in Enable port security extension driver Configure Linux bridge agent Configure DHCP agent .. Configure Compute service to use Networking service

COMPUTE NODES On each of the 2 compute nodes Install neutron networking Configure RabbitMQ Configure keystone Enable security groups Configure the Linux bridge Restart

CONTROLLER NODE Verify network operations Create the network Create a subnet on the network

CONTROLLER NODE Launch an Instance Create an instance Choose a VM image Generate a key pair Add security Launch the instance Verify it is running You are done!! Leave everything in this state Virtual machine instances are accessible through IP addresses

Stopped here

VLAN bridge A bridge connects 2 networks(VLAN) together A bridge works by learning the MAC (media access control) addresses of the devices on each of its network interfaces. It forwards traffic between networks only when the source and destination MAC addresses are on different networks Network architects set up VLANs to provide the network segmentation services traditionally provided only by routers in LAN configurations. VLANs address issues such as scalability, security, and network management.

Communication between nodes in the cloud through the network Flat interface – Ethernet adapters configured as bridges – network traffic between nodes

Other components Dashboard (horizon) – GUI Identity service (Keystone) – central directory of users, access control Networking (Neutron) – system for managing networks and IP addresses Block Storage (Cinder) – persistent block-level storage devices for compute instances Database (Trove) – relational and non-relational Bare Metal (Ironic) – instead of provisioning VMs

VMIs Virtual machine instances are deployed to perform some task Virtual machine instances are accessible through IP addresses

Private IP A private IP address is assigned to an instance's network-interface by the DHCP server (Dynamic Host Configuration Protocol) enables server to automatically assign IP address from defined range for given network communication between instances in the same broadcast domain via virtual switch The private IP address - access the instance by other instances in the private network

Floating IP A floating IP address is a service provided by Neutron. It's not using any DHCP service  floating IP address - accessing the instance from a public network Guest's operating system has completely no idea that it was assigned a floating IP address

Floating IP address and a private IP address can be used at the same time on a single network-interface. NAT (network address translation) maps from one IP address space to another Example

Service token – To authenticate access to OpenStack services, must issue an authentication request to acquire a token

Fire up OpenStack ./stack.sh

VNC – virtual network computing enables compute service users to access their instances through VNC clients Transmits  keyboard/mouse events from one computer to another, relaying the graphical screen updates back in the other direction, over a network using remote frame buffer protocol

The public responds