Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wigner Datacenter’s New Software Defined Datacenter Architecture

Published byRachel Marybeth Anderson Modified over 6 years ago

Similar presentations

Presentation on theme: "Wigner Datacenter’s New Software Defined Datacenter Architecture"— Presentation transcript:

1 Wigner Datacenter’s New Software Defined Datacenter Architecture
HEPIX 2017 Fall, Tsukuba Zoltan Szeleczky IT Engineer Wigner Datacenter

2 Introduction Wigner Datacenter is part of Wigner Research Center for Physics (Wigner RCP), which belongs to the Hungarian Academy of Sciences (MTA) Tier-0 hosting site for CERN Academic Cloud for the scientific community: 4000 VCPUs 1.6 PB Storage 1.6 PB Tape backup

3 Current Production State
Legacy Cloud OpenStack Kilo Installed manually Instead of manual upgrade, we designed a new architecture with an automated cloud deployment

4 New Architecture

5 Toolset DevOPS using GitLab, Gerrit and Jenkin
OVirt virtualized HA infrastructure FreeIPA: Identity management, Kerberos, LDAP, DNS Katello (+Puppet master): Configuration & life cycle management Undercloud OpenStack deployment using TripleO OpsTools (integrated with TripleO) Availibility Monitoring: Sensu, Redis, Uchiwa Log collection: Fluentd, Elasticsearch, Kibana Performance monitoring: Collectd, Grafite, Grafana Network automation + IaC (Infrastructure as Code) with Puppet (plan) Infrastructure monitoring: Morpheus (plan) Management / user platform: ManageIQ (plan) EFK: Elasticsearch Fluentd (Logstash) Kibana Order: Collect, forward, store, display

6 TripleO OpenStack on OpenStack
Using a deployment cloud (Undercloud) to create and manage a workload cloud (Overcloud) Some problems with fast development and continuously changing TripleO repos. Bugs are not always fixed in CentOS CBS Repo.

7 TripleO network layout
Network isolation

8 Automated way of adding servers to the Overcloud
Automated process. -> Server order with IPMI tag. (future) Steps from a new server to a deployed node: Katello discovery-> Set up IPMI Fix IP -> Generate Instackenv file -> Undercloud baremetal node add -> Introspect -> Deploy as overcloud node

9 Instackenv

10 Available nodes How the undercloud sees the overcloud.

11 Yaml files describing the enviroment
The Overcloud is deployed using heat describe the environment using yaml parameters nodes.yaml: define compute & store count Describing the ceph storage. Other enviroments: -env: number of compute, control and storage nodes. -network: network layout, vlans etc. -ldap: ldap integration -etc…

12 New features and upgrade plan
3 step process Development environment (small, 3 node) Test environment (medium, 9 nodes) Production environment Dev – new features, can be reinstalled Test – update and upgrade procedures Jenkins to automate update testing (plan).

13 Firewall OpnSense is a FreeBSD based open source firewall Problems:
Integrated Suricata Integrated OpenVPN Integrated Time Server Problems: Lacks API support for automation Port configuration turns off all ports Pfsense code could use a rework We are still looking for an alternative solution that can be better automated, any suggestions? Problems with OPNsense: -Port configuration turns off all ports -API support is lacking, currently under rework -Layer 4 firewall with Suricata (two systems integrated); a layer 7 firewall would be better?

14 2FA / Yubikey Two factor authentication to increase security
Supports NFC Integrated with FreeIPA – FreeRadius Used for secure VPN connection Has two slots, you can use it for your Google Facebook or other account as well.

15 Progress so far Fully virtualized infrastructure
OVirt on 3 hosts Katello FreeIPA Working Dev and Test environment with new features added and tested continuously FreeIPA Integration to Overcloud nodes & to keystone Tried novajoin, it didn’t register IP addresses correctly Wrote custome script instead Still a lot of work left to do….. Freeipa integration: We have tried Novajoin ( but it was not satisfactory for us (IP addresses were not correctly registered), we use custom script instead.

16 Problems we currently face
Overcloud Metadata VIP not working Power outage in the test environment UPS failure dedicated to our test system FreeIPA database corruption -> reinstall FreeIPA replicas Overcloud cert resubmit loop Frequent bugs in the TripleO stable repository

17 Thank you! Questions? If you have any ideas or suggestions we would be happy to hear it.

18 Extra / Backup Slides

19 Availability Monitoring

20 Performance Monitoring

21 Logging

22 OVirt oVirt is an open source virtual datacenter platform, built on the foundation of the Linux KVM hypervisor. It’s the open-source equivalent of RHEV. It provides high availability and an easy way to solve the chicken-egg problem. We use it to virtualize our infrastructure services such as: Katello: Lifecycle management FreeIPA: SSO; Security information management solution TripleO undercloud

23 Katello / Foreman Manage servers throughout their lifecycle, from provisioning and configuration to orchestration and monitoring. It’s the open-source equivalent of RH Satellite. Discover new servers, inventory Manage physical and virtual servers Supports Puppet and Ansible Local yum repo Openscap security audits Starting point for developing automated processes, and also has GUI for convenience. Staring point for developing automated processes, and also has GUI for convenience.

24 FreeIPA SSO for users, systems, services
LDAP / Kerberos authentication Has replication functions to ensure HA We use it to manage our users, hosts and services securely with certificates Easy directory server for UNIX Most of our users use Linux. Sometimes LDAP settings are not obvious for applications, some more customization, configuration required. Because most libraries support Active Directory out of the box, but freeipa LDAP schema is different.

Download ppt "Wigner Datacenter’s New Software Defined Datacenter Architecture"

Similar presentations

Cloud computing is used to describe a variety of computing concepts that involve a large number of computers connected through a real-time communication.

Cloud computing is used to describe a variety of computing concepts that involve a large number of computers connected through a real-time communication.
“It’s going to take a month to get a proof of concept going.” “I know VMM, but don’t know how it works with SPF and the Portal” “I know Azure, but.

“It’s going to take a month to get a proof of concept going.” “I know VMM, but don’t know how it works with SPF and the Portal” “I know Azure, but.
DevOps and Private Cloud Automation 23 April 2015 Hal Clark.

DevOps and Private Cloud Automation 23 April 2015 Hal Clark.
FI-WARE – Future Internet Core Platform FI-WARE Cloud Hosting July 2011 High-level description.

FI-WARE – Future Internet Core Platform FI-WARE Cloud Hosting July 2011 High-level description.
Testing as a Service with HammerCloud Ramón Medrano Llamas CERN, IT-SDC 15.10.2013.

Testing as a Service with HammerCloud Ramón Medrano Llamas CERN, IT-SDC
Introduction to VMware Virtualization

Introduction to VMware Virtualization
Windows Azure Conference 2014 Deploy your Java workloads on Windows Azure.

Windows Azure Conference 2014 Deploy your Java workloads on Windows Azure.
Website s Azure Websites is an enterprise class cloud solution for developing, testing and running web apps. Azure Websites allows you to focus on what.

Website s Azure Websites is an enterprise class cloud solution for developing, testing and running web apps. Azure Websites allows you to focus on what.
Jose Castro Leon CERN – IT/OIS CERN Agile Infrastructure Infrastructure as a Service.

Jose Castro Leon CERN – IT/OIS CERN Agile Infrastructure Infrastructure as a Service.
GAAIN Virtual Appliances: Virtual Machine Technology for Scientific Data Analysis Arihant Patawari USC Stevens Neuroimaging and Informatics Institute July.

GAAIN Virtual Appliances: Virtual Machine Technology for Scientific Data Analysis Arihant Patawari USC Stevens Neuroimaging and Informatics Institute July.
Using Heat to Deploy and Manage Applications in OpenStack Trevor Roberts Jr, VMware, Inc. CNA1763 #CNA1763.

Using Heat to Deploy and Manage Applications in OpenStack Trevor Roberts Jr, VMware, Inc. CNA1763 #CNA1763.
System Center 2012. Lesson 4: Overview of System Center 2012 Components System Center 2012 Private Cloud Components VMM Overview App Controller Overview.

System Center Lesson 4: Overview of System Center 2012 Components System Center 2012 Private Cloud Components VMM Overview App Controller Overview.
Stairway to the cloud or can we take the highway? Taivo Liik.

Stairway to the cloud or can we take the highway? Taivo Liik.
CoprHD and OpenStack Ideas for future.

CoprHD and OpenStack Ideas for future.
20409A 7: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Module 7 Installing and Configuring System Center 2012 R2 Virtual.

20409A 7: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Module 7 Installing and Configuring System Center 2012 R2 Virtual.
Turn Bare Metal Into Silver Lining With SCVMM 2012, Today! Mark Rhodes OBS SESSION CODE: SEC313 (c) 2011 Microsoft. All rights reserved.

Turn Bare Metal Into Silver Lining With SCVMM 2012, Today! Mark Rhodes OBS SESSION CODE: SEC313 (c) 2011 Microsoft. All rights reserved.
Globus online Delivering a scalable service Steve Tuecke Computation Institute University of Chicago and Argonne National Laboratory.

Globus online Delivering a scalable service Steve Tuecke Computation Institute University of Chicago and Argonne National Laboratory.
Copyright © New Signature 2016. Who we are: Focused on consistently delivering great customer experiences. What we do: We help you transform your business.

Copyright © New Signature Who we are: Focused on consistently delivering great customer experiences. What we do: We help you transform your business.
Ansible and Ansible Tower 1 A simple IT automation platform. www.europeanspallationsource.se 20 November 2015 Leandro Fernandez and Blaž Zupanc.

Ansible and Ansible Tower 1 A simple IT automation platform November 2015 Leandro Fernandez and Blaž Zupanc.
Cloud Installation & Configuration Management. Outline  Definitions  Tools, “Comparison”  References.

Cloud Installation & Configuration Management. Outline  Definitions  Tools, “Comparison”  References.

Similar presentations

Ads by Google