Bezpieczna wirtualizacja na platformie XEN z wykorzystaniem klastrów SUSE

Piotr Szewczukkonsultant

pszewczuk@suse.com

2

Workload

Application

Middleware

Operating System

Workload: The (New) IT Paradigm

A workload is an integrated stack of application, middleware, and operating system that accomplishes a computing task

A workload is portable and platform agnostic–it can run in physical, virtual or cloud computing environments

A workload or a collection of workloads makes up a business service, which is what the end user consumes

3

Example Workloads

•Apache

•Application Servers (Tomcat/JBoss/Glassfish)

•DNS

•Database

•LDAP

•An entire virtualized guest operating system can be treated as a single workload.

Introduction to Xen

5

What is Xen?

• Open source virtualization technology specializing in paravirtualization

‒ paravirtualization consists of running guest OS's which have been modified to perform well with Xen

‒ stable, proven, and highly performant

• Also supports running unmodified guests by using hardware-assisted virtualization (AMD-V & Intel VT)

• A SUSE® Linux Enterprise Server 11 Supported Virtualization Solution

6

Xen History

• First released in 2003, now at version 4.x

‒ Currently an active, healthy open source project

‒ Development community has many contributors, including SUSE®

‒ Partly merged with Mainline Linux kernel and QEMU projects

‒ SUSE uses additional Linux kernel patches to achieve better performance and more features

• Included in SUSE Linux Enterprise Server 10 and 11

7

Virtualization Modes

Full-Virtual

‒ VMs can run native (unmodified) OS

‒ Requires the need to trap and emulate all privileged instructions*, or emulate everything

‒ Performance is negatively impacted

‒ Also know as “HVM” virtual machines

‒ Requires VT enabled CPU

*Some processors are difficult to fully virtualize such as traditional x86

Virtualization Layer

HW Platform

Apps

Operating System

Apps

Operating System

Virtual Machine (full-virtual)

Virtual Machine (full-virtual)

8

Virtualization Modes

Paravirtual

‒ Higher performance than full-virtualization

‒ Hypervisor is supplemented with an API that provides an assist for certain situations

‒ Requires hardware dependent portions of the VM OS to be modified to become aware of the virtualization layer

‒ Allows VMs to avoid hard to virtualize instructions by replacing them with a procedure call that provides the same functionality

Virtualization Layer

HW Platform

Apps

Operating System

Apps

Operating System

Virtual Machine (full-virtual)

Virtual Machine (full-virtual)M

anag

emen

t AP

I

AP

I

9

Xen Architecture

Xen Support

11

Xen Guests Supported by SUSE® (I)

Paravirtualized OS Support

• SUSE Linux Enterprise Server 11 SP2

• SUSE Linux Enterprise Server 10 SP4

• Novell Open Enterprise Server 2 SP3

• Novell Open Enterprise Server 11 SP1

• Novell NetWare 6.5 SP8

• Red Hat Enterprise Linux 4 (limited support)

• Red Hat Enterprise Linux 5 (limited support)

• Red Hat Enterprise Linux 6 (limited support)

12

Xen Guests Supported by SUSE® (II)

Fully Virtualized OS Support - Linux

• SUSE Linux Enterprise Server 11 SP2

• SUSE Linux Enterprise Server 10 SP4

• Novell Open Enterprise Server 2 SP3

• Novell Open Enterprise Server 11 SP1

• Red Hat Enterprise Linux 4 (limited support)

• Red Hat Enterprise Linux 5 (limited support)

• Red Hat Enterprise Linux 6 (limited support)

13

Xen Guests Supported by SUSE® (III)

Fully Virtualized OS Support – Microsoft Windows(PV drivers available through VMDP 2.0)

• Microsoft Windows Server 2012

• Microsoft Windows Server 2008 SP2+ / R2+

• Microsoft Windows Server 2003 SP2

• Microsoft Windows 8 (limited support)

• Microsoft Windows 7 SP1+ (limited support)

• Microsoft Windows Vista SP2+ (limited support)

• Microsoft Windows XP SP2+ (limited support)

14

Xen Limits Supported by SUSE®

• Host CPUs: 256 (64 for dom0)

• Host RAM: 2TB (500 GB for dom0)

• Guest RAM size: 512 GB

• Virtual CPUs per guest: 64

• NICs per guest: 8

• Block devices per guest: 4 IDE (emulated), 100 PV

Using Xen: Tooling

16

libvirt

• Virtualization library for managing one host‒ Domains, networks, storage, host devices, ...

• Share application stack between hypervisors‒ Xen, qemu/kvm, LXC, VMware, VirtualBox, ...

• Long-term API/ABI stability and compatibility

• Integration with other SUSE® Linux Enterprise components

‒ AppArmor, SELinux, CGroups, Linux Audit Framework, PolicyKit, ...

• libvirt.org

17

libvirt Architecture

qemu

libvirtd

libvirt client

virt-manager

LXC ... storage legacy xen ESXnetwork

vm-install virt-managervirsh ...

18

libvirt – Host Management

• Storage Pools‒ Dedicated device, partition, directory, LVM, iSCSI, NFS

• Storage Volumes‒ raw, qcow2, vmdk

• Network Interfaces‒ Bonds, bridges, ethernet devices, VLANs

• Virtual Networks‒ NAT with DHCP

‒ Routed

‒ Isolated

19

libvirt – Domain Management

• Domains defined in XML

• Lifecycle management‒ Define, start, stop, pause, resume, save, restore, migrate

• Configuration management‒ Change virtual hardware, e.g. memory, cpu

‒ Add, remove, modify devices

• Tuning‒ CPU, memory, blkio, NUMA

20

libvirt Tools

• virsh

‒ In-tree command line application exposing libvirt API

• vm-install

‒ Create virtual hardware configuration

‒ Install an OS in a virtual machine

• virt-viewer

‒ Graphical console client for virtual machines

• virt-manager

‒ Graphical tool for administering virtual machines

• vhostmd

‒ Metrics communication channel between host and virtual machines

• libvirt-cim

‒ libvirt-based implementation of DMTF Virtualization Management standards

SLES HAE

22

Cluster Intro

“A cluster is a type of parallel or distributed systems that: Consists of a collection of interconnected whole computers. It is used as a single unified computing resource”

Dr. Gregory Pfister, In search of Clusters (1995)

23

Types of Clusters

•Five well known cluster types

‒HA: High Availability Cluster

‒HTC: High Throughput Cluster

‒HPC: High Performance Cluster

‒VSC: Virtual System Cluster

‒Grid Computing

24

OverviewSUSE® Linux Enterprise High Availability Extension

• Most modern and complete open source solution for implementing high available Linux clusters

• A suite of robust open source technologies that is:‒ Affordable

‒ Integrated

‒ Virtualization agnostic

• Used with SUSE Linux Enterprise Server, it helps to:‒ Maintain business continuity

‒ Protect data integrity

‒ Reduce unplanned downtime for your mission-critical Linux workloads

25

BenefitsSUSE® Linux Enterprise High Availability Extension

Quickly and easily install, configure and manage clustered Linux servers

Ensure continuous access to your mission-critical systems and data

Transparent to Virtualization – nodes can be virtual or physical

Meet your Service-level agreements

Increase service availability

26

OverviewSUSE® Linux Enterprise High Availability Extension

• Service availability 24/7‒ Policy-driven clustering

• Shared and Scaled data-access

‒ Cluster file system

‒ Clustered Samba

• Geo Clustering‒ Cluster across unlimited

distance

• Virtualization Agnostic‒ Platform independent setup

• Disaster tolerance‒ Data replication via IP

‒ Node recovery

• Scale network services‒ IP load-balancing

• User friendly tools‒ Graphical user interface

‒ Unified command line interface

• Free Resource Agents

27

A Traditional Cluster

Hardware Router

SAN

Traditional Cluster

Node 1 Node 3Node 2

28

A Traditional Cluster2 Node Setup with Replicated Storage

Hardware Router

Node 1 Node 2

TCP/IPDRBD

29

Available Resources and Workloads

High Availability Engine

Operating System Setup

Local and Shared Storage

Cluster Building Blocks

Network and Fencing

30

DeliverySUSE® Linux Enterprise High Availability Extension

• Extension to and with SUSE Linux Enterprise Server

• Releases synchronized with base server product

• Sold as annual support subscriptions

• Inherits the support level of the underlying SUSE Linux Enterprise Server subscription

• Included for free with Itanium, IBM Power, and IBM System z subscriptions

• Charged for x86 and AMD64&Intel64

• Free trial available

31

Key Use CasesSUSE® Linux Enterprise High Availability Extension

• High availability for mission-critical services

• Active/active services‒ OCFS2, Databases, Samba File Servers

• Active/passive service fail-over‒ Traditional databases, SAP setups, regular services

• Private Cloud‒ HA, automation and orchestration for managed VMs

• High availability across guests‒ Fine granular monitoring and HA on top of virtualization

• Remote clustering‒ Local, Metro, and Geographical area clusters

32

Simple Stack HA Enqueue Replication

NFS and SAP in one ClusterHP CLX SAN Based Mirror

DRBD Data Replication

HA in VirtualizedEnvironments

Node B

Local Disk

Node A

Local Disk

SIDglobal

profile

exe

/export

/sapmnt

/sapmnt

/SID

/export

/sapmnt

/sapmnt

/SID

NFS Mount Point

Mount Point before Switchover

Mount Point after Switchover

Equivalent setup for/usr/sap/trans

/sapdb/programs/sapdb/datapossible.

Key Use CasesSUSE® Linux Enterprise High Availability Extension

Cluster Architecture

34

3 Node Cluster Overview

Kernel

XenVM1

LAMPApache

IPext3

Kernel Kernel

Corosync + openAIS

Pacemaker

DLM

cLVM2+OCFS2

XenVM2

Network Links

Clients

Storage

35

ext3, XFS OCFS2

cLVM2

Local Disks SANFC(oE), iSCSI

DRBD Multipath IO

DLM

SCTP TCP UDPmulticast

UDPmulticastEthernet Infiniband

Bonding

Linux Kernel

SAP

MySQL

libvirt

Xen

Apache

iSCSI

Filesystems

IP address

DRBD

clvmd

Ocfs2_controld

dlm_controld

YaST2

cDRBD cOpenAISMPIO

LVS

Re

sour

ce A

gent

s

LSB

ini

t

ST

ON

ITH

LRM

...

DRAC

iLO

SBD

Fencing

Web GUI

Python GUI

CRM Shell

CIBPolicyEngine

Pacemaker

OpenAIS

Detailed View of ComponentsPer Node:

Unpublished Work of SUSE. All Rights Reserved.This work is an unpublished work and contains confidential, proprietary and trade secret information of SUSE. Access to this work is restricted to SUSE employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of SUSE. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.

General DisclaimerThis document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. SUSE makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for SUSE products remains at the sole discretion of SUSE. Further, SUSE reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All SUSE marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.