CloudStack - LinuxFest NorthWest
-
Upload
ke4qqq -
Category
Technology
-
view
2.183 -
download
1
Transcript of CloudStack - LinuxFest NorthWest
![Page 1: CloudStack - LinuxFest NorthWest](https://reader034.fdocuments.in/reader034/viewer/2022052410/554cb7c3b4c905335b8b5109/html5/thumbnails/1.jpg)
BUILDING AN IAAS CLOUD WITH APACHE CLOUDSTACK
David Nalley [email protected]
Twitter/identi.ca: @ke4qqq / IRC: ke4qqq in #cloudstack on freenode
![Page 2: CloudStack - LinuxFest NorthWest](https://reader034.fdocuments.in/reader034/viewer/2022052410/554cb7c3b4c905335b8b5109/html5/thumbnails/2.jpg)
Licensing
• This presentation and it’s contents unless otherwise noted are released under a Creative Commons Attributions, Share-Alike 3.0 unported license and Apache Software License v2 at your discretion.
![Page 3: CloudStack - LinuxFest NorthWest](https://reader034.fdocuments.in/reader034/viewer/2022052410/554cb7c3b4c905335b8b5109/html5/thumbnails/3.jpg)
History
• Original company formed - 2008 (VMOps)
• Project open sourced (GPLv3) as CloudStack – May 2010
• Acquired by Citrix – July 2011
• Dropped open core – August 2011
• Relicensed under ASL v2 April 3, 2012
• Accepted as a Apache incubating project. April 16, 2012
![Page 4: CloudStack - LinuxFest NorthWest](https://reader034.fdocuments.in/reader034/viewer/2022052410/554cb7c3b4c905335b8b5109/html5/thumbnails/4.jpg)
What is CloudStack?
Open Source Infrastructure as a Service platform that supports multiple hypervisors, complex network, firewall, load balancer and VPN configurations, high availability, in a multi-tenant environment.
![Page 5: CloudStack - LinuxFest NorthWest](https://reader034.fdocuments.in/reader034/viewer/2022052410/554cb7c3b4c905335b8b5109/html5/thumbnails/5.jpg)
What does it really do?
• Provide separation for the varied tenants
• Allocate compute resources in a deterministic manner
• Expose to the end user the ability to provision various computing services in a controlled manner (VLAN allocation, firewall rules, load balancer deployment, VM creation, etc)
• Manage High Availability
• Massively Scalable
• Permit the placement of resource limits to be applied
• Measuring usage over time
![Page 6: CloudStack - LinuxFest NorthWest](https://reader034.fdocuments.in/reader034/viewer/2022052410/554cb7c3b4c905335b8b5109/html5/thumbnails/6.jpg)
Multiple hypervisor support
• KVM
• XenServer
• Xen Cloud Platform
• VMware (via vCenter)
• Oracle VM
• Bare Metal
![Page 7: CloudStack - LinuxFest NorthWest](https://reader034.fdocuments.in/reader034/viewer/2022052410/554cb7c3b4c905335b8b5109/html5/thumbnails/7.jpg)
Multi-tenant Separation
• Largely built around abstraction from an end-user POV – No interaction with hypervisor directly
– No knowledge of underlying storage
• Networking separation – Every account has at least one dedicated/isolated
VLAN (Tagged Networking)
– Layer 3 isolation aka Security Groups for untagged networking
• Option to use dedicated hardware
![Page 8: CloudStack - LinuxFest NorthWest](https://reader034.fdocuments.in/reader034/viewer/2022052410/554cb7c3b4c905335b8b5109/html5/thumbnails/8.jpg)
Networking
• CloudStack has a number of network models
• They are generally broken down by:
– Method of isolation (VLAN, Security Groups)
– Physical hardware or virtual
• CloudStack can manage network infrastructure
![Page 9: CloudStack - LinuxFest NorthWest](https://reader034.fdocuments.in/reader034/viewer/2022052410/554cb7c3b4c905335b8b5109/html5/thumbnails/9.jpg)
Networking
• Services managed by CloudStack
– DHCP
– VLAN allocation
– Firewall
– NAT/Port forwarding
– Routing
– VPN
– Load Balancing
![Page 10: CloudStack - LinuxFest NorthWest](https://reader034.fdocuments.in/reader034/viewer/2022052410/554cb7c3b4c905335b8b5109/html5/thumbnails/10.jpg)
Networking
• CloudStack can also manage physical network hardware (or the virtualized alternatives)
– F5-Big IP
– NetScaler
– Juniper SRX
• Additionally you can ‘mix and match’ some network elements as service offerings.
![Page 11: CloudStack - LinuxFest NorthWest](https://reader034.fdocuments.in/reader034/viewer/2022052410/554cb7c3b4c905335b8b5109/html5/thumbnails/11.jpg)
Security Groups
• Traditional isolation has been via VLAN
• VLANs isolate well, but have some problems scaling – Standard has a hard limit of 4096 VLANs
– Hardware that can actually keep up with 4096 VLANs is VERY expensive.
– Regardless people tend to not like having arbitrary limits on what they can do.
• Amazon and others use layer 3 isolation (Security Groups)
![Page 12: CloudStack - LinuxFest NorthWest](https://reader034.fdocuments.in/reader034/viewer/2022052410/554cb7c3b4c905335b8b5109/html5/thumbnails/12.jpg)
Security Groups
• Assumption of a quasi-trusted Layer 2 network
• Typically will only have hypervisors directly connected to that network.
• Filtering/isolation occurs at the bridge device (from a Linux perspective – think ebtables)
• Deny by default
![Page 13: CloudStack - LinuxFest NorthWest](https://reader034.fdocuments.in/reader034/viewer/2022052410/554cb7c3b4c905335b8b5109/html5/thumbnails/13.jpg)
Security Groups
![Page 14: CloudStack - LinuxFest NorthWest](https://reader034.fdocuments.in/reader034/viewer/2022052410/554cb7c3b4c905335b8b5109/html5/thumbnails/14.jpg)
Security Groups
![Page 15: CloudStack - LinuxFest NorthWest](https://reader034.fdocuments.in/reader034/viewer/2022052410/554cb7c3b4c905335b8b5109/html5/thumbnails/15.jpg)
High Availability
• RFMTTR – but apparently HA looks better in marketing slicks and is used that way across the virtualization industry.
• CloudStack is not a magical solution for HA – but might be a useful tool in the process to increase availability.
• CloudStack will watch for HA-enabled VMs to ensure that they are up, and that the hypervisor it’s on is up – and will restart on another hypervisor if it goes down.
• Redundant router
![Page 16: CloudStack - LinuxFest NorthWest](https://reader034.fdocuments.in/reader034/viewer/2022052410/554cb7c3b4c905335b8b5109/html5/thumbnails/16.jpg)
Allocation Algorithms
• How do you place VMs?, allocate storage, etc.
• CloudStack ships with a number of options:
– First Fit
– Fill first
– Disperse
– Create your own
• Tags
• OS Preference
![Page 17: CloudStack - LinuxFest NorthWest](https://reader034.fdocuments.in/reader034/viewer/2022052410/554cb7c3b4c905335b8b5109/html5/thumbnails/17.jpg)
Usage
• Not billing per se – but does give you something to bill against.
• Usage stats show VM count, CPU usage, disk allocation and usage, network usage; all over time.
• Lots of integration and howto’s - from Excel spreadsheets to Ubersmith, Amysta, and Cloud Portal.
![Page 18: CloudStack - LinuxFest NorthWest](https://reader034.fdocuments.in/reader034/viewer/2022052410/554cb7c3b4c905335b8b5109/html5/thumbnails/18.jpg)
High level Architectural Overview
© Copyright David Baird and licensed for reuse under CC-BY license
![Page 19: CloudStack - LinuxFest NorthWest](https://reader034.fdocuments.in/reader034/viewer/2022052410/554cb7c3b4c905335b8b5109/html5/thumbnails/19.jpg)
Secondary Storage
• Used for storing templates and snapshots
• Historically NFS – just added the option of object storage – Technically Swift, but Caringo, GlusterFS and
others should work.
• Managed by Secondary Storage VM – manages moving templates and snapshots from/to primary storage, aging snapshots out, etc.
![Page 20: CloudStack - LinuxFest NorthWest](https://reader034.fdocuments.in/reader034/viewer/2022052410/554cb7c3b4c905335b8b5109/html5/thumbnails/20.jpg)
Primary Storage
• In the UI we support NFS, iSCSI, and CLVM.
• We can also make use of local storage
– No HA, no live migration, etc.
• Shared mountpoint
– Anything that all the hypervisors can mount and write to.
![Page 21: CloudStack - LinuxFest NorthWest](https://reader034.fdocuments.in/reader034/viewer/2022052410/554cb7c3b4c905335b8b5109/html5/thumbnails/21.jpg)
Resource division
• We have somewhat arbitrary divisions of resources within CloudStack
– Zones
• Pods – Clusters
![Page 22: CloudStack - LinuxFest NorthWest](https://reader034.fdocuments.in/reader034/viewer/2022052410/554cb7c3b4c905335b8b5109/html5/thumbnails/22.jpg)
Zone
• In general practice this is used to designate a specific geographic location.
• Shares secondary storage resource across the entire zone
• Single network model for the entire zone
![Page 23: CloudStack - LinuxFest NorthWest](https://reader034.fdocuments.in/reader034/viewer/2022052410/554cb7c3b4c905335b8b5109/html5/thumbnails/23.jpg)
Pod
• In general practice – this is used to refer a rack of machines or a row of racks.
• Shares guest network
![Page 24: CloudStack - LinuxFest NorthWest](https://reader034.fdocuments.in/reader034/viewer/2022052410/554cb7c3b4c905335b8b5109/html5/thumbnails/24.jpg)
Cluster
• This is typically a max of 8-15 machines per cluster and homogenity is enforced:
– Same hypervisor (and same version of the hypervisor)
– Same CPUs
– Same networking (i.e. /dev/eth0 is connected to the same network across all machines)
• Primary storage is cluster specific
![Page 25: CloudStack - LinuxFest NorthWest](https://reader034.fdocuments.in/reader034/viewer/2022052410/554cb7c3b4c905335b8b5109/html5/thumbnails/25.jpg)
Plethora of Networks
• Management Network: Where the hypervisors and management server communicate
• Private Network: Default network for system VMs. (virtual router, secondary storage VM, Console proxy VM)
• Public Network: The public (often internet-facing network)
• Guest Network: The network that VMs are provisioned on.
• Link-local network: The RFC 3927 network used for communication between hypervisor and system VMs.
![Page 26: CloudStack - LinuxFest NorthWest](https://reader034.fdocuments.in/reader034/viewer/2022052410/554cb7c3b4c905335b8b5109/html5/thumbnails/26.jpg)
Management Server
• UI/API pieces are stateless (state is stored in a MySQL database.
• All UI functionality is an API call
![Page 27: CloudStack - LinuxFest NorthWest](https://reader034.fdocuments.in/reader034/viewer/2022052410/554cb7c3b4c905335b8b5109/html5/thumbnails/27.jpg)
API
• RESTful API interface
– Unauthenticated API interace on 8096 (for localhost, disabled by default)
– Authenticated API interface natively on port 8080
– Responses in XML or JSON
– http://demo4.cloudstack.org/client/api?apikey=ZRFLiXIkmAHqgRmZzdiXMfaROyK35P_dXxS517WSa9Tmy1Hg&command=deployVirtualMachine&serviceofferingid=1&templateid=291&zoneid=1&signature=eXW%2fxfqx%2fhu%2frMreFksVsp3cT4M%3d
![Page 28: CloudStack - LinuxFest NorthWest](https://reader034.fdocuments.in/reader034/viewer/2022052410/554cb7c3b4c905335b8b5109/html5/thumbnails/28.jpg)
UI
• Go play with the UI
![Page 29: CloudStack - LinuxFest NorthWest](https://reader034.fdocuments.in/reader034/viewer/2022052410/554cb7c3b4c905335b8b5109/html5/thumbnails/29.jpg)
Questions
• ASK!
![Page 30: CloudStack - LinuxFest NorthWest](https://reader034.fdocuments.in/reader034/viewer/2022052410/554cb7c3b4c905335b8b5109/html5/thumbnails/30.jpg)
Contact
• http://cloudstack.org
• Docs: http://docs.cloudstack.org
• IRC: #cloudstack on Freenode
• Twitter/identi.ca: @cloudstack
• Mailing Lists – [email protected]
• Forums