Nova: Openstack Compute-as-a-service

Red Hat Openstack and Ceph Meetup, Pune | 28th NOV 2015 | [email protected]

Nova: Openstack Compute-as-a-service

Pratik [email protected] Hat Openstack and Ceph Meetup, Pune 28th November 2015

mailto:[email protected]

mailto:[email protected]


➢ Agenda● What is NOVA ?

● NOVA architecture

● How instance are spawned in Openstack ?

● Interaction of nova with other openstack projects like neutron, glance and cinder.


➢ OpenStack Components:


➢ What is NOVA ?

○ Nova is responsible for the life cycle management of instance.○ Nova is built on a shared-nothing, messaging-based

architecture.○ Supports multiple hypervisors (KVM, Xen, LXC, Hyper-V, ESX)○ Nova itself is not any virtualization software.


➢ NOVA components:

NOVA API

NOVA Conductor

NOVA Compute

NOVA ConsoleAuth

NOVA novncproxy

NOVA Scheduler

mes

sage

que

ue● Supported queueing backends: RabbitMQ, Qpid and ZeroMQ


➢ NOVA API:

○ nova-api is responsible to provide an API for users and services to interact with NOVA

○ For ex. Spawning the instance from Horizon / NOVA CLI.

2015-11-03 09:23:40.831 30260 DEBUG nova.api.openstack.wsgi [req-9ef90fc4-4b74-410d-9d95-e60cbab2d4da 69425be5606c49738cdfb25cda921cf6 ae986eddd92746b2bf38faf60f64b28e - - -] Action: 'create', calling method: <bound method Controller.create of <nova.api.openstack.compute.servers.Controller object at 0x66b78d0>>, body: {"server": {"name": "pbandark", "imageRef": "ac6818ea-0a99-4949-8581-dff1f6441254", "flavorRef": "1", "max_count": 1, "min_count": 1, "networks": [{"uuid": "0264f5cf-f327-4760-b0e4-13843545bdec"}]}} _process_stack /usr/lib/python2.7/site-packages/nova/api/openstack/wsgi.py:780


➢ NOVA Scheduler:○ Using Filters dispatches requests for new instance to the correct node.


➢ openstack-nova-compute:○ Acts as a compute agent. Interacts with the Hypervisor to launch/manage instances

and ensures that the state is maintained in the Compute database.


➢ openstack-nova-conductor: Provides database-access support for Compute nodes (thereby reducing security risks).

➢ openstack-nova-consoleauth: Handles console authentication.

➢ openstack-nova-novncproxy: Provides a VNC proxy for browsers (enabling VNC consoles to access virtual machines).


Launch New Instance from Horizon

Flavor ?


What is flavor ?➢ Virtual hardware templates are called "flavors" in OpenStack, defining sizes for RAM, disk,

number of cores, and so on..



keypair ?

security group ?


What is keypair and security group ?

➢ Keypair: On standard cloud images of Linux operating systems like Ubuntu and Fedora SSH access is restricted to public key authentication. Instead of authenticating with a password you authenticate with a private key that corresponds to a public key that is installed on the instance.

➢ Security groups are sets of IP filter rules that are applied to an instance's networking. i.e. we can filter the network traffic which should allow/deny. For ex. Deny “ssh” access to any specific instance.They are project specific, and project members can edit the default rules for their group and add new rules sets. All projects have a "default" security group, which is applied to instances that have no other security group defined.


➢ Required details to boot instance:○ instance name○ glance image○ flavor ID○ network ID

➢ NOVA call to boot an instance:[root@dhcp209-220 ~]# nova boot --flavor 1 --image 2d946232-5773-48df-b8bb-7677f8b6e0fe --nic net-id=97bd405a-77e3-4ef8-836e-8ad1ddb3ee63 pratik_test_instance

➢ Various other operations can be performed by NOVA:○ nova resize○ nova migrate○ nova live-migration(shared storage/non-shared storage)○ nova host-evacuate○ nova rebuild○ nova suspend○ nova image-create○ nova reboot (hard/cold)

[...]


REQ: curl -i 'http://10.65.234.1:5000/v2.0/tokens' -X POST -H "Accept: application/json" -H "Content-Type: application/json" -H "User-Agent: python-novaclient" -d '{"auth": {"tenantName": "admin", "passwordCredentials": {"username": "admin", "password": "{SHA1}121c3faea23dd4467fc992f1b77f6eacf8587ed5"}}}'

➢ NOVA call for authentication with keystone:

○ It provides authentication token along with service catalog.


➢ Keystone response(token + service catalog) :

RESP BODY: {"access": {"token": {"issued_at": "2015-05-30T11:05:03.054462", "expires": "2015-05-30T12:05:03Z", "id": "{SHA1}7781e321bfbfbf909ae44027ef60cb92ccce8f2e", "tenant": {"enabled": true, "description": "admin tenant", "name": "admin", "id": "97787e34dc0d4f2b8fc04034eed3594c"},

"serviceCatalog": [{"endpoints_links": [], "endpoints": [{"adminURL": "http://10.65.234.1:8774/v2/97787e34dc0d4f2b8fc04034eed3594c", "region": "RegionOne", "publicURL": "http://10.65.234.1:8774/v2/97787e34dc0d4f2b8fc04034eed3594c", "internalURL": "http://10.65.234.1:8774/v2/97787e34dc0d4f2b8fc04034eed3594c", "id": "42142cca01fd4bc382ac9f95c204e116"}], "type": "compute", "name": "nova"},

{"endpoints_links": [], "endpoints": [{"adminURL": "http://10.65.234.1:9696/", "region": "RegionOne", "publicURL": "http://10.65.234.1:9696/", "internalURL": "http://10.65.234.1:9696/", "id": "466354cac1094127ac0617cf75dd1494"}], "type": "network", "name": "neutron"},

{"endpoints_links": [], "endpoints": [{"adminURL": "http://10.65.234.1:9292", "region": "RegionOne", "publicURL": "http://10.65.234.1:9292", "internalURL": "http://10.65.234.1:9292", "id": "43c49fe7dd8f4315af848b48a53021c1"}], "type": "image", "name": "glance"},

{"endpoints_links": [], "endpoints": [{"adminURL": "http://10.65.234.1:8776/v1/97787e34dc0d4f2b8fc04034eed3594c", "region": "RegionOne", "publicURL": "http://10.65.234.1:8776/v1/97787e34dc0d4f2b8fc04034eed3594c", "internalURL": "http://10.65.234.1:8776/v1/97787e34dc0d4f2b8fc04034eed3594c", "id": "30ce33a6d05e4a80b8a0e22ada52abdb"}], "type": "volume", "name": "cinder"},[...]


➢ What can be different options to store instance disk ?i.e Backend for NOVA:○ Locally on the compute node○ NFS○ Distributed Storage (CEPH/Gluster)

_____________________________________________________________________________________[root@dhcp209-220 ~(keystone_admin)]# ls /var/lib/nova/instances/f79f233c-d8a6-44ca-9b3b-334752b9f2f3/console.log disk disk.info libvirt.xml

[root@dhcp209-220 ~(keystone_admin)]# qemu-img info diskimage: diskfile format: qcow2virtual size: 100.0G (107374182400 bytes)disk size: 2.5Mcluster_size: 65536backing file: /var/lib/nova/instances/_base/1c7dfed9069cbb5d99fe7ebfb8f45bbc5ab93585Format specific information:

compat: 1.1lazy refcounts: false


Communication flow when you spawn new instance


Horizon Keystone

Nova API Database

Nova Conductor

Nova Scheduler

NOVA Compute

‘A’

NOVA Compute

‘B’

NOVA Compute ‘C’

Glance Server

Cinder Server

Neutron Server

-openstack-glance-api-openstack-glance-registry

-openstack-cinder-api-openstack-cinder-scheduler-openstack-cinder-volume

-neutron-server-neutron-l3-agent-neutron-dhcp-agent

-l2 agent-openstack-nova-compute-neutron-openvswitch-agent

3. Sending API request

1. Authentication Request

2. Authentication ACK & validates if provided data is correct.

4. Update DB

7. Selects compute Host

5.

6.

8. Update DB

Update DB

9. Request f

or glance im

age

10.Glance Image download

11. create port(allocate MAC - IP)

12. Notify L2 agent

13. configure local VLAN, OVS flows

15. port up(RPC: Neutron to NOVA)

iscsi session

14. send port up notification (RPC: l2 agent to Neutron)16. instance booted.


Nova/Cinder/Glance

librbd

librados

OSDs Monitors

Placement Groups

Communication flow with CEPH backend for Nova/Cinder/Glance

Nova: Openstack Compute-as-a-service

Technology

Transcript of Nova: Openstack Compute-as-a-service