openstack 101
TRANSCRIPT
© 2014 VMware Inc. All rights reserved.
OpenStack 101Or: “Take the red pill”
Mark T. Voelker, OpenStack ArchitectOct. 20, 2015All Things Open 2015
CONFIDENTIAL 2
Remember the first time you were asked to stand up a distributed system?
Or maybe a series of cooperating ones?
CONFIDENTIAL 3
Turns out, distributed systems are both very powerful
…and sometimes hard to learn.
CONFIDENTIAL 4
But at least the fine manuals are all pretty clear for these things.
…right?
?
CONFIDENTIAL 5
A little help making that first leap goes a long way.
So where do you start?
6
“A computer nerd….is somebody who uses a computer in order to use a computer.” –Douglas Adams
Mark T. Voelker (@marktvoelker)• OpenStack Architect @ VMware, OpenStack ATC, Former Puppet-OpenStack core dev, Triangle
OpenStack Meetup founder, OS Foundation Member #54, DefCore Committee Member• Fact: can be bribed with doughnuts• OpenStack community member since 2011, VMware since 11 months ago.• In copious (hah!) spare time: data center OS’s, Big Data, Massively Scalable Data Centers, DevOps,
outdoorsey stuff, making sawdust
Let’s begin.
“OpenStack software controls large pools of compute, storage, and networking resources throughout a datacenter, managed through a dashboard or via the OpenStack API. OpenStack
works with popular enterprise and open source technologies making it ideal for heterogeneous infrastructure…The software is built by a thriving community of
developers, in collaboration with users, and is designed in the open…”
What if I told you….
…ok, let me rephrase that.
Basically: it’s software to run cloud services (compute, storage, network, etc) and the community behind that software.
History• Founded July 2010 by Rackspace, NASA, & friends
– NASA contributed a compute controller (Nova)– Rackspace contributed an object storage controller (Swift)
• 12th release (Liberty) just went live a few days ago– The project now follows a 6-month release cycle
• Hundreds of companies and thousands of people contribute– 1,933 contributors from 164 organizations in the last release– It’s probably easier to list IT/cloud companies that aren’t involved somehow than it is to list the ones that are:
Structure
Structure• The OpenStack Foundation
– Membership free for individuals– Platinum, Gold, Corporate memberships paid for by member companies– Board of Directors comprised of Platinum, some Gold, and generally elected members
• Provides strategic & financial oversight of Foundation resources & staff– Controls the OpenStack brand & logo, coordinates events, etc
• The Technical Committee– Provides technical leadership for OpenStack as a whole– Enforces OpenStack ideals (Openness, Transparency, Commonality, Integration, Quality)
– Elected by active technical contributors (ATC’s) to the project
• Project Team Leaders– Elected to lead individual projects by contributors to those projects
• User Committee– Represents users with the Technical Committee and Board of Directors
All to give you this: power.
The power to build a cloud out of the stuff you want, or use one Someone else has built for you to consume.
How to Participate• IRC Channels and Mailing Lists
• User/Meetup Groups– Local to RTP? http://meetup.com/Triangle-OpenStack-Meetup/
• Code is in git, reviewed in Gerrit, mirrored on GitHub, Bugs in Launchpad
• Two annual Design Summit/Conferences– I leave for Tokyo this Saturday– Spring 2016: Austin– Fall 2016: Barcelona
• There’s a welcome guide here.• You can try out OpenStack as a user here or get a development instance running on your laptop to start hacking on here.
What are people using it for?
Much more info fromannual User Survey data
With hundreds of projects available, it’s a very flexible platform.
You get to choose which projects you deploy.
But a few projects are where the majority of the focus (and users) are.
Horizon (GUI)
Nova (Compute) Neutron (Networking)Swift (Object Storage)
Cinder (Block storage)
Glance(VM Image Service)
Keystone(Identity Service)
OpenStack: The Software
AWS Management Console
EC2 VPC/ELBS3
EBS
Ceilometer(Telemetry Service)
Trove (Database as a Service)Heat (Orchestration)
Sahara (Data Processing)EMR
RDSAWS CloudFormation
and AWS comparables
DefCore: the new interoperability standard for OpenStack Powered™ products
• The DefCore Committee creates Guidelines to which products must adhere if they use the OpenStack name or OpenStack Powered logo.
• Guidelines contain a list of Capabilities that products must expose and tests they must pass in order to prove it.
• Guidelines also contain Designated Sections of code products must use to provide those Capabilities
Keystone: the Identity Service
• Provides a central service for authentication and authorization as well as a service catalog (e.g. a list of where the API endpoints of other services are)
• Abstracts various backend auth services– SQL databases– LDAP/AD
• Uses a bearer token model– Clients are assigned a token which they present to other services in headers
• Multiple token types– UUID– PKI/PKIz– Fernet
• Can federate– E.g. use another keystone as a service provider via SAML assertion
Primitives:• Tokens• Services• Endpoints• Domains
• Projects• Groups• Credentials• Roles• Policies
Glance:The Image Service
• Houses virtual machine images that can later be launched as instances
• Abstracts various image containers and disk formats– Note: this does not mean that we magically make all image formats work on all hypervisors although there are some ways to do conversion
– Bare, OVF, AKI, ARI, AMI– Qcow2, raw, VHD, AKI/ARI/AMI, ISO, VDI, VMDK
• Multiple storage backends– File, Swift, Ceph, etc
Primitives:• Images• Metadata• Tags• Tasks
Nova: The Compute Controller
• Basically, it’s what takes care of launching VM instances (think Amazon EC2) and plugging things into them.
• Nova abstracts hypervisors and pools of computer hardware.• Most operations can be involved with a REST API call, a CLI client, or a few clicks in the Horizon web GUI.
• A few high-level features:– Supports most hypervisors– Distributed, mostly asynchronous architecture– Public REST API, SQL backend DB, AMQP for RPC– Supports security groups– Several means of providing resource segregation
• Host aggregates• Availability zones• Regions• Cells
Some primitives: • Flavors• Servers• Keypairs• Quotas• Aggregates
Neutron: the network controller
• Provides tenants with the ability to create isolated or shared L2 and L3 virtual networks, route between them, and connect compute instances to them
• Abstracts various networking backends– SDN controllers– Physical switches– Dozens of backend plugins, both open source and proprietary
• Supports IPv4 and IPv6 (depending on plugin)
• Organized as a “stadium” project to house many networking subprojects with their own lieutenants
• Can also provide L4-L7 services– Load Balancing as a Service– VPN as a Service– Firewall as a Service
Primitives:• Networks• Subnets• Ports• Quotas• Security groups• Routers
• VIPs• Health Monitors• Pools• Members
Swift: The object storage service
• Provides highly available, distributed, eventually consistent object storage.
• Can (and often is) run completely independently of OpenStack Compute.
• Optimized around durability and availability• One of the most long-lived API’s in OpenStack (still v1)• Similar in some respects to Hadoop HDFS and Amazon S3
– Replicates objects over multiple machines (usually at least 3)– Replicas lost due to hardware failures can be re-replicated– Clusters can be rebalanced
Primitives:• Accounts• Containers• Objects
Cinder: the block storage service
• Provides persistent block storage volumes to compute instances• Abstracts underlying storage systems• Originally part of Nova itself, but split out into it’s own project since the Folsom release
• Dozens of drivers– EMC, NetApp, LVM, VMware, Gluster, Nexenta, NFS, Ceph, SolidFire, etc etc etc
• Volumes appear to instances as block devices– E.g. a virtual hard drive
• There’s a separate service for shared file systems called Manila
Primitives:• Volumes• Backups• Snapshots• Quota sets• QoS Specs
And much more!
• Documentation• CI & Infrastructure• Client libraries• Oslo (common libs)• DevStack• Tempest (integration
tests)• Rally
(benchmarking/scale test)
• Modules for deploying with Ansible, Puppet, Chef, Salt
• Metering service• DNS as a Service• Data Processing
Service• Bare metal service• Container service• Orchestration service• Key management service• Queue service• Database as a service
Questions?
Thank You
@marktvoelker