How Adobe Built An OpenStack Cloud Jun Park (Ph.D, MBA), Solutions Architect At Adobe Arghya Banerjee, Sr. Systems Engineer At Adobe OpenStack Mitaka Summit At Tokyo, Oct 2015
Swiss Cheese Model Flaws In Defense layers If aligned, flaws would allow an accident to occur From Wikipedia
Two More Factors That Complicate Things SpaceTime Continuum - Einstein Interactions, Higgs Field & Boson From Wikipedia From Youtube
Our Template To Analyze Components Dependencies In Red: Bugs or Issues In Green: Fix or Stable Time
OpenStack Survey, May 2015 The most common arch: Ubuntu + KVM + OVS + Ceph
Adobe OpenStack Architecture Storage: Ceph RBD VM1 VM2 VM3 eth0 eth1 eth0 eth1 eth0 eth1 Private Networks: VxLAN-based External Provider Networks: VLAN-based Adobe Network Firewall Adobe Corporate Networks
What Happened At Networking? A New Bug: OVS Sporadically Crashes In Adding A Port (https://bugs.launchpad.net/ubuntu/+source/openvswitch/+bug/1336555 and 1449012) Restarting agents re-establishes entire flows Neutron Fix ready, not added Security Group O(N^2) Issue Enhancement Patch Not Yet Integrated (e.g., 270 secs to 3 secs For 25K rules) OVS 2.0.1 Released: Mega Flow Multiprocessing OpenvSwitch (OVS) This Bug Introduced with OVS Mega Flow OVS 2.3.0 OVS 2.1.3 OVS 2.0.2 Released Bug Fix In all OVS 2.x Ubuntu 14.04 Trusty Released With OVS 2.0.1 Bug Report With OVS 2.0.1 In Ubuntu 14.04 Cherry-Pick On OVS 2.0.2 In Ubuntu 14.04.2 Ubuntu 14.04 Jun ‘13 Dec ‘13 Apr ‘14 Jul ‘14 Aug ‘14 May ‘15
What Happened At Networking? A New Bug: OVS Sporadically Crashes In Adding A Port (https://bugs.launchpad.net/ubuntu/+source/openvswitch/+bug/1336555 and 1449012) OVS 2.0.1 Released: Mega Flow Multiprocessing OVS Some companies reverted OVS to LinuxBridge! Some pundits spread FUD about Neutron! OpenStack Summits Atlanta IceHouse Paris Juno Vancouver Kilo Cherry-Pick Onto OVS 2.0.2 In Ubuntu 14.04 Ubuntu 14.04 Trusty Released With OVS 2.0.1 Ubuntu 14.04 Dec ‘13 Apr ‘14 May ‘14 Nov ‘14 May ‘15
What Happened At Storage? Ceph Operational Instability, Cinder Scalability Issue Cinder is stuck when Ceph is stuck (e.g., use local drive for copying an image) Enhancement Solution Not Yet Integrated (e.g., APIs Stacked Up -> Multiprocessing) Cinder Ceph Failover Instability With FireFly Hammer? Ubuntu 14.04 Trusty Released With Ceph FireFly 0.79 Ubuntu 14.04 Ubuntu 14.04 Updates With Ceph FireFly 0.80.10 Apr ‘14 May ‘14 July ‘15
What Happened At Data Node? Kernel Memory Bug, Security Issue KVM Security Issue Security Patch XFS Deadlock Bug Kernel Bug Fix Ubuntu 14.04 Trusty Released With Kernel… Ubuntu 14.04 Trusty Released With Kernel… Ubuntu 14.04 Dec‘13 Apr ‘14 May ‘14 Nov‘14 May ‘15 July ‘15
Check List Networks Storage Understand OVS and find stable OVS Cherry-pick for Neutron Scalability: firewall rules Our own out-of-band rate limiting on networks, e.g., 200 Mbps Set up right MTU size on OVS structure Turn off GRO/LRO on hosts Storage Decouple Storage system from OpenStack API services Cinder Scalability Ceph Stability: Hammer, reconfigure towards optimal
How To Test at Scale Emulate future production env Create hundreds of VMs, inject workloads, and destroy all Recycle this entire test over and over again Findings: dead tokens stacked up Each component scalability Neutron: OVS Cinder: Ceph Nova: KVM
Have We Done Enough? 4? 3?
It's not that I'm so smart, it's just that I stay with problems longer. - Albert Einstein
New Efforts In OpenStack OpenStack Product Working Group Link up between contributors and users Governance/DefCoreCommittee Defining OpenStack Core Large Deployment Team Operational issues for large delpoyments Open Virtual Network (OVN) In-kernel Conntrack, DPDK, etc. Will run atop OVS
APPENDIX
USE CASE: Mesos Cluster
Possible Combinations Containers In Containers Bare Metals Containers VMs VMs
Mesos Cluster Via Heat Host1 Host2 Host3 VM2: mesos slave1 VM1: mesos master Marathon Zookeeper http server http server -> Ubuntu-mesos image available via diskimage-builder -> Post configuration for master -> starting services -> Ubuntu-mesos image -> Post configuration for slave using mesos master IP. -> starting services
Mesos Cluster with Marathon Request to run a micro-service via REST API Marathon Mesos Master With ZooKeeper Mesos Slave1 http server Mesos Slave2 http server
Master + 2 slaves: Heat Stacks
Topology of Slave2
Marathon: Two Apps on Slave1
App Running On Slave
Mesos UI
Heat Template Components Dependencies Time
Adobe OpenStack Architecture VM1 eth0 eth1 Linux Bridge OpenvSwitch bond0 Physical VLANs External Provider Networks: VLAN-based Adobe Network Firewall Adobe Corporate Networks
Volume Management in OpenStack Glance API Server Set of Images Image1: Ubuntu Trusty Cinder API Server 1. Copy Volume1 : Ubuntu Trusty Copy-On-Write (COW) Ceph Volume 2. Snapshot Snapshot1: Ubuntu Trusty Base Volume For All Three VMs 3. Volumes New Volume1 for VM1 Individual COW Volumes New Volume2 for VM2 New Volume3 for VM3