Open stack architecture overview-meetup-6-6_2013

© MIRANTIS 2013 PAGE 1© MIRANTIS 2013
Module 1:
OpenStack
Architecture
Overview
Mirantis, 2013

© MIRANTIS 2013 PAGE 3
Goals
• Understand OpenStack purpose and use cases
Understand the OpenStack ecosystem
• Definition
• History
• Projects

Goals
• Definition
• History
• Projects
BACKGROUND

Goals
• Definition
• History
• Projects
• Understand OpenStack architecture
• Logical architecture
• Provision VM request flow
• Components details
BACKGROUND

Goals
• Definition
• History
• Projects
• Understand OpenStack architecture
• Logical architecture
• Provision VM request flow
• Components details
BACKGROUND
THEORY

What is OpenStack?
As described by the OpenStack Foundation:
"Open source software for building
private and public clouds“

OpenStack as IaaS

OpenStack Capabilities

• VMs on demand
• provisioning
• snapshotting

• VMs on demand
• provisioning
• snapshotting
• Volumes

• VMs on demand
• provisioning
• snapshotting
• Volumes
• Networks

• VMs on demand
• provisioning
• snapshotting
• Volumes
• Networks
• Object storage for VM images and arbitrary files

• VMs on demand
• provisioning
• snapshotting
• Volumes
• Networks
• Object storage for VM images and arbitrary files
• Multi-tenancy
• quotas for different tenants
• user can be associated with multiple tenants

OpenStack History
Date Rel Projects Type Note
Jul 2010 N/A PoC
* Rackspace Hosting & NASA
joint launch
Oct 2010 Austin Nova, Swift PoC
Feb 2011 Bexar Nova, Glance, Swift PoC
Apr 2011 Cactus Nova, Glance, Swift PoC
** 6 month development
cycle starts
Sep 2011 Diablo Nova, Glance, Swift Prod
1st
production release
(Cactus) at Internap (10/27)
Apr 2012 Essex
Nova, Glance, Swift, Horizon,
Keystone
Prod
Common web UI and shared
authentication mechanism
added
Sep 2012 Folsom
Keystone, Quantum, Cinder, Oslo
Prod
OpenStack Foundation
Established
Apr 2013 Grizzly
Keystone, Quantum, Cinder, Oslo
Prod
Ceilometer and Heat
integration projects added
Oct 2013 Havana
Keystone, Quantum, Cinder, Oslo,
Heat, Ceilometer
Prod Coming Soon!
** Follows similar Ubuntu 6 month release cycle
* Pre-July 2010 is predicated by Rackspace Cloud Files project (Swift), NASA Nebula project (Nova)

OpenStack Grizzly Projects
• Core Projects:
• Nova (Compute Service)
• Glance (Image Service)
• Quantum (Network Service)
• Cinder (Block Storage Service)
• Swift (Object Store Service)
• Common Projects:
• Keystone (Identity Service)
• Horizon (Dashboard)
• Library Projects:
• Oslo (Shared Infrastructure Code)
• Incubated Projects (Coming in Havana)
• Ceilometer (Metering/Monitoring)
• Heat (Orchestration)

Each OpenStack Project

• Is also a “top-level” OpenStack component

• Has an elected “Project Technical Lead” (PTL)

• Has separate developers and design teams

• Has a well defined public API
• With the exception of Horizon, which is the Web GUI, all
other projects have a RESTfull (JSON/HTTP) API

• Has a well defined public API
• With the exception of Horizon, which is the Web GUI, all
other projects have a RESTfull (JSON/HTTP) API
• Has a separate database and isolated
persistent layer

OpenStack Projects: Begining (Cactus)

OpenStack Projects: Now (Grizzly)

Dev Trends
• Decoupling of features (e.g. Nova-volume
became Cinder)
• API-s to communicate
• Common generic API/Infrastructure (Oslo)
• Backends & drivers (everything’s pluggable)

OpenStack Projects Relationships

MySQL
Database
Not a project, but
important to
understand the
relationship

MySQL
Database
Not a project, but
important to
understand the
relationship
RabbitMQ Not a project, but
important to
understand the
relationship

Deployment – Pick up What
You Want
• The components can be mixed & matched
• Base:
• Nova
• Keystone
• Dashboard
• Glance
• Mutually exclusive scenarios
• Some components can conflict

OpenStack: “Typical” Deployment Topology
Control Cluster
Horizon Keystone
GlanceQuantum
Cinder
Cloud Ctrl.
(nova)
Compute Cluster
compute
node
compute
node
compute
node
compute
node
compute
node
compute
node
Storage Cluster (Swift)
storage
node
storage
node
storage
node
storage
node
storage
node
storage
node

Control Cluster
Horizon Keystone
GlanceQuantum
Cinder
Cloud Ctrl.
(nova)
Compute Cluster
compute
node
compute
node
compute
node
compute
node
compute
node
compute
node
storage
node
storage
node
storage
node
storage
node
storage
node
storage
node
Heavy CPU and
RAM

Control Cluster
Horizon Keystone
GlanceQuantum
Cinder
Cloud Ctrl.
(nova)
Compute Cluster
compute
node
compute
node
compute
node
compute
node
compute
node
compute
node
storage
node
storage
node
storage
node
storage
node
storage
node
storage
node
Heavy CPU and
RAM Heavy Disk and I/O

Nova
Nova DB
Queue
Nova:
ControllerNova API
Scheduler
Conductor
Nova Cell
OpenStack Projects:
Communication Types
HTTP
AMQP
SQL
Native API
iSCSI
Swift
Object Store
Proxy Server
Quantum
Quantum DB
Plugin / Agent
Quantum Server
Cinder
Cinder API
Cinder DB
Scheduler
Queue
Cinder Vol
Keystone
Keystone Server
Keystone DB
Glance
Glance API
Glance Registry
Glance DB
Compute Node
Hypervisor
Network
VM
Nova:
Computenova-compute
Block Storage
Node
Storage
Network Node
DHCP / IPAM
Router / GW
UI: Horizon or CLI

Nova
Nova DB
Queue
Nova:
ControllerNova API
Scheduler
Conductor
Nova Cell
OpenStack Projects:
Communication Types
HTTP
AMQP
SQL
Native API
iSCSI
Swift
Object Store
Proxy Server
Quantum
Quantum DB
Plugin / Agent
Quantum Server
Cinder
Cinder API
Cinder DB
Scheduler
Queue
Cinder Vol
Keystone
Keystone Server
Keystone DB
Glance
Glance API
Glance Registry
Glance DB
Compute Node
Hypervisor
Network
VM
Nova:
Computenova-compute
Block Storage
Node
Storage
Network Node
DHCP / IPAM
Router / GW
Every OpenStack service exposes access
to restful API via HTTP
UI: Horizon or CLI

Nova
Nova DB
Queue
Nova:
ControllerNova API
Scheduler
Conductor
Nova Cell
OpenStack Projects:
Communication Types
HTTP
AMQP
SQL
Native API
iSCSI
Swift
Object Store
Proxy Server
Quantum
Quantum DB
Plugin / Agent
Quantum Server
Cinder
Cinder API
Cinder DB
Scheduler
Queue
Cinder Vol
Keystone
Keystone Server
Keystone DB
Glance
Glance API
Glance Registry
Glance DB
Compute Node
Hypervisor
Network
VM
Nova:
Computenova-compute
Block Storage
Node
Storage
Network Node
DHCP / IPAM
Router / GW
UI: Horizon or CLI
Each action treated as distributed
transaction, state built as MQ messages

Nova
Nova DB
Queue
Nova:
ControllerNova API
Scheduler
Conductor
Nova Cell
OpenStack Projects:
Communication Types
HTTP
AMQP
SQL
Native API
iSCSI
Swift
Object Store
Proxy Server
Quantum
Quantum DB
Plugin / Agent
Quantum Server
Cinder
Cinder API
Cinder DB
Scheduler
Queue
Cinder Vol
Keystone
Keystone Server
Keystone DB
Glance
Glance API
Glance Registry
Glance DB
Compute Node
Hypervisor
Network
VM
Nova:
Computenova-compute
Block Storage
Node
Storage
Network Node
DHCP / IPAM
Router / GW
Each service updates it’s own DB with
state information as actions are performed
UI: Horizon or CLI

Nova
Nova DB
Queue
Nova:
ControllerNova API
Scheduler
Conductor
Nova Cell
OpenStack Projects:
Communication Types
HTTP
AMQP
SQL
Native API
iSCSI
Swift
Object Store
Proxy Server
Quantum
Quantum DB
Plugin / Agent
Quantum Server
Cinder
Cinder API
Cinder DB
Scheduler
Queue
Cinder Vol
Keystone
Keystone Server
Keystone DB
Glance
Glance API
Glance Registry
Glance DB
Compute Node
Hypervisor
Network
VM
Nova:
Computenova-compute
Block Storage
Node
Storage
Network Node
DHCP / IPAM
Router / GW
UI: Horizon or CLI
Direct
access calls,
ex. Plugins,
NetApp,
Nicira, etc.

Nova
Nova DB
Queue
Nova:
ControllerNova API
Scheduler
Conductor
Nova Cell
OpenStack Projects:
Communication Types
HTTP
AMQP
SQL
Native API
iSCSI
Swift
Object Store
Proxy Server
Quantum
Quantum DB
Plugin / Agent
Quantum Server
Cinder
Cinder API
Cinder DB
Scheduler
Queue
Cinder Vol
Keystone
Keystone Server
Keystone DB
Glance
Glance API
Glance Registry
Glance DB
Compute Node
Hypervisor
Network
VM
Nova:
Computenova-compute
Block Storage
Node
Storage
Network Node
DHCP / IPAM
Router / GW
Cinder Block
storage
provided as
iSCSI storage
to VMs
UI: Horizon or CLI
Direct
access calls,
ex. Plugins,
NetApp,
Nicira, etc.

OpenStack REST API
• OpenStack public API is a RESTful API

OpenStack REST API
• REST stands for Representational State Transfer

OpenStack REST API
• REST is a stateless client/server protocol with a uniform
interface for accessing the object model

OpenStack REST API
• REST is a stateless client/server protocol with a uniform
interface for accessing the object model
• OpenStack RESTful API is implemented using HTTP
GET/PUT/POST/DELETE in combination with JSON for
data

Part 1 Recap

Part 1 Recap
• OpenStack – open source software for building
IaaS

Part 1 Recap
IaaS
• OpenStack release cycle is every 6 month

Part 1 Recap
IaaS
• OpenStack is an umbrella over multiple
independent projects (components)

Part 1 Recap
IaaS
• All OpenStack Components talk RESTful API

Part 1 Recap
IaaS
• All OpenStack Components talk RESTful API
• Most OpenStack Components have dedicated DB
(SQL) and MQ (QP), some talk to 3rd party
components using their native APIs

Use case: Provision VM
• Most common and complex process
• Interacts with all OpenStack components

Initial State
Assumes Tenant is created,
provisioning quota is available, user
has an access to Horizon/CLICloud Operator, DevOp, etc.
Swift
Object Store
Proxy Server
Quantum
Quantum DB
Plugin / Agent
Quantum Server
Cinder
Cinder API
Cinder DB
Scheduler
Queue
Cinder Vol
Keystone
Keystone Server
Keystone DB
Glance
Glance API
Glance Registry
Glance DB
Compute Node
Hypervisor
Network
VM
Nova:
Computenova-compute
Block Storage
Node
Storage
Network Node
DHCP / IPAM
Router / GW
UI: Horizon or CLI
Nova
Nova DB
Queue
Nova:
ControllerNova API
Scheduler
Conductor
Nova Cell

Step 1: Request Provisioning
– From UI

– From UI
• Login to Horizon

– From UI
• Specify params of VM
• VM Name
• Image (OS type)
• Flavor (specifies CPU, Memory, Disk)
• Network (required for Folsom or later)
• Optional (SSH Keys, Persistent volumes, comments, etc.)

– From UI
• Specify params of VM
• VM Name
• Image (OS type)
• Flavor (specifies CPU, Memory, Disk)
• Network (required for Folsom or later)
• Optional (SSH Keys, Persistent volumes, comments, etc.)
• Hit "Create" button

What is Horizon
"The OpenStack Dashboard
(Horizon) provides a
baseline user interface
for managing OpenStack services.“

Horizon Notes

Horizon Notes
• "Stateless“, no DB

Horizon Notes
• Error handling is delegated to back-end

Horizon Notes
• Doesn't support all API functions

Horizon Notes
• Can use memcached or database to store
sessions

Horizon Notes
• Can use memcached or database to store
sessions
• Gets updated via Nova API polling

Horizon Internals
• Subprojects
• Horizon – generic Python Django libraries and
components to work with REST-based back-end / restful
web service
• Openstack Dashboard - web app itself, exposes UI for
OpenStack with styles, locale, etc.
• Dashboard for each component = Individual
nested Django app
• Easily modifiable
• Modularly developed

Step 1: Request VM
Provisioning via UI/CLI
Cloud Operator, DevOp, etc.
Swift
Object Store
Proxy Server
Quantum
Quantum DB
Plugin / Agent
Quantum Server
Cinder
Cinder API
Cinder DB
Scheduler
Queue
Cinder Vol
Keystone
Keystone Server
Keystone DB
Glance
Glance API
Glance Registry
Glance DB
Compute Node
Hypervisor
Network
VM
Nova:
Computenova-compute
Block Storage
Node
Storage
Network Node
DHCP / IPAM
Router / GW
UI: Horizon or CLI
User logs in to UI
Specifies VM params: name,
flavor, keys, etc. and hits
"Create" button
Nova
Nova DB
Queue
Nova:
ControllerNova API
Scheduler
Conductor
Nova Cell

– Under the Hood

– Under the Hood
• Form params are converted to POST data

– Under the Hood
• "Create" request initiate HTTP POST request to
back-end
• To Keystone if auth token is not cached – step 2

What is Keystone?
"Keystone provides
Identity, Token, Catalog and
Policy services
for use specifically by projects in the
OpenStack family.“
Keystone was developed by the OpenStack community but is written as a “generic” authentication /
authorization mechanism for any 2 or more restful API services to communicate

Keystone Architecture
Deploys with it’s own DB but can
also be integrated with LDAP or
other EAS
Contains user,
role, and
tenant data
Contains
temporary
tokens
Rule management
interface and rule-
based
authorization
Contains
endpoint
registry

Keystone Data Model
• User: has account credentials, is associated with one or more
tenants
• Tenant: unit of ownership in OpenStack, contains one or more
users
• Role: a first-class piece of metadata associated with many
user-tenant pairs
• Token: identifying credential associated with a user or user
and tenant
• Extras: bucket of key-value metadata associated with a user-
tenant pair
• Rule: describes a set of requirements for performing an action

Keystone Key Concept
• What service exposes
• http://myservice/instances/* - GET/POST/PUT
• http://myservice/images/* - GET
• How RBAC mapping works
• Role X in Tenant Y can do actions A,B,C
• User: GET/POST/PUT on instances, images
• Admin: GET/POST/PUT on tenants, users, quotas
• Each API Service has it’s own RBAC
enforcement through policy files

Step 2: Validate Auth Data
Swift
Object Store
Proxy Server
Quantum
Quantum DB
Plugin / Agent
Quantum Server
Cinder
Cinder API
Cinder DB
Scheduler
Queue
Cinder Vol
Keystone
Keystone Server
Keystone DB
Glance
Glance API
Glance Registry
Glance DB
Compute Node
Hypervisor
Network
VM
Nova:
Computenova-compute
Block Storage
Node
Storage
Network Node
DHCP / IPAM
Router / GW
UI: Horizon or CLI
Horizon sends HTTP request to
Keystone. Auth info is specified
in HTTP headers.
Nova
Nova DB
Queue
Nova:
ControllerNova API
Scheduler
Conductor
Nova Cell

Step 2: Validate Auth Data
• Horizon sends HTTP request to Keystone
• Keystone parses HTTP header info and verifies
that
• The credentials are valid (Authentication)
• User-Tenant-Role mapping is valid (Access Control)
• The requested action is available for this user
(Authorization)

Step 2: Validate Auth Data - Success
Swift
Object Store
Proxy Server
Quantum
Quantum DB
Plugin / Agent
Quantum Server
Cinder
Cinder API
Cinder DB
Scheduler
Queue
Cinder Vol
Keystone
Keystone Server
Keystone DB
Glance
Glance API
Glance Registry
Glance DB
Compute Node
Hypervisor
Network
VM
Nova:
Computenova-compute
Block Storage
Node
Storage
Network Node
DHCP / IPAM
Router / GW
UI: Horizon or CLI
Keystone sends temporary token
back to Horizon via HTTP.
Nova
Nova DB
Queue
Nova:
ControllerNova API
Scheduler
Conductor
Nova Cell

– Under the Hood
back-end

– Under the Hood
back-end
• To Nova API if auth token hasn't expired yet – step 3

Nova API
“Nova API is a
RESTful API web service
which is used to interact with Nova"

Nova API Characteristics

• Exposes REST API via HTTP

• Provides system for managing multiple APIs on
different sub-domains
• EC2-compatible – Starting to be deprecated
• Compute API – all innovation happens here

• The only "allowed" way to interact with Nova

• The only "allowed" way to interact with Nova
• Stateless - HA-ready

Nova API Clients
Active effort in the community to make
one CLI to “rule them all”, currently
multiple CLIs available
OpenStack dashboard is
currently the only “unified”
OpenStack API client

Nova
Nova DB
Queue
Nova:
ControllerNova API
Scheduler
Conductor
Nova Cell
Step 3: Send API Request to Nova API
Swift
Object Store
Proxy Server
Quantum
Quantum DB
Plugin / Agent
Quantum Server
Cinder
Cinder API
Cinder DB
Scheduler
Queue
Cinder Vol
Keystone
Keystone Server
Keystone DB
Glance
Glance API
Glance Registry
Glance DB
Compute Node
Hypervisor
Network
VM
Nova:
Computenova-compute
Block Storage
Node
Storage
Network Node
DHCP / IPAM
Router / GW
UI: Horizon or CLI
Horizon sends POST request to
Nova API (signed with given token).

Nova
Nova DB
Queue
Nova:
ControllerNova API
Scheduler
Conductor
Nova Cell
Step 4: Validate API Token
Swift
Object Store
Proxy Server
Quantum
Quantum DB
Plugin / Agent
Quantum Server
Cinder
Cinder API
Cinder DB
Scheduler
Queue
Cinder Vol
Keystone
Keystone Server
Keystone DB
Glance
Glance API
Glance Registry
Glance DB
Compute Node
Hypervisor
Network
VM
Nova:
Computenova-compute
Block Storage
Node
Storage
Network Node
DHCP / IPAM
Router / GW
UI: Horizon or CLI
Nova API sends HTTP request to
validate API token to Keystone.

Step 4:
Validate Token – Keystone API

Keystone /w PKI - Token
Validation
• User gets one-time-password on creation
• User uses it to establish a key-pair
• Public key is signed and stored on Keystone
• From this point user uses client certificate to login
• Nova API performs offline check of the validity of token using CA&Cert it has from Keystone
Keystone
Key
generate_cms_token(
meta, keystone_key)user/pass/tenant
signed_cms_token
signed_cms_token
Nova
CA&Cert from
Keystone
verify(signed_cms_toke
n, Cafile,certfile)

Nova
Nova DB
Queue
Nova:
ControllerNova API
Scheduler
Conductor
Nova Cell
Step 4: Validate API Token - Sucess
Swift
Object Store
Proxy Server
Quantum
Quantum DB
Plugin / Agent
Quantum Server
Cinder
Cinder API
Cinder DB
Scheduler
Queue
Cinder Vol
Keystone
Keystone Server
Keystone DB
Glance
Glance API
Glance Registry
Glance DB
Compute Node
Hypervisor
Network
VM
Nova:
Computenova-compute
Block Storage
Node
Storage
Network Node
DHCP / IPAM
Router / GW
UI: Horizon or CLI
Keystone validates API token and
sends HTTP response with token
acceptance/rejection info.

Step 5:
Process API Request Process

Step 5:
• Validate request params
• Typographical errors are verified on code level
• Cloud-related params are validated via DB requests

Step 5:
• If request cannot be processed then throw an
exception

Step 5:
exception
• If request can be processed
• Save initial state to the Database

Nova Database
“Nova Database stores current
state of all objects in compute
cluster."

Nova Database
• In theory can be any relational database
• Most of the deployments are done with MySQL or
PostgreSQL
• Nova API talks to DB via SQLAlchemy (python
ORM (Object Related Mapper))
• DB HA should be done via external tools (like
Galera or Multi-Master replication Model for
MySQL)

Nova
Nova DB
Queue
Nova:
ControllerNova API
Scheduler
Conductor
Nova Cell
Step 5: Process API Request
Swift
Object Store
Proxy Server
Quantum
Quantum DB
Plugin / Agent
Quantum Server
Cinder
Cinder API
Cinder DB
Scheduler
Queue
Cinder Vol
Keystone
Keystone Server
Keystone DB
Glance
Glance API
Glance Registry
Glance DB
Compute Node
Hypervisor
Network
VM
Nova:
Computenova-compute
Block Storage
Node
Storage
Network Node
DHCP / IPAM
Router / GW
UI: Horizon or CLI
Nova API parses request to
python object model and
validates it by fetching data
from Nova DB. If request is
valid, it saves initia db entry
about VM to the database.

Step 5:
exception
• Save initial state to the database

Step 5:
exception
• Save initial state to the database
• Send message with next actions to MQ – step 6

Message Queue
"Message Queue is a unified way for
collaboration between nova
components."

Messaging Process Example
• 2 modes:
• rpc.cast - don't wait for result (fire and forget)
• rpc.call - wait for result (when there is something to
return)

• 2 modes:
return)
Ex. Nova API Ex. Nova Scheduler

• 2 modes:
return)

OpenStack Messagings Notes

• Uses multiple queues within single RabbitMQ
instance
• Used by services to build machine state
• Each compute node has a queue for scheduling

instance
• Messages traffic is not intensive

instance
• Doesn't send broadcast messages, e.g. for
monitoring, uses API polling instead

instance
• Doesn't send broadcast messages, e.g. for
monitoring, uses API polling instead
• HA should be configured separately, e.g.
mirrored queues, not handled by OpenStack

Nova
Nova DB
Queue
Nova:
ControllerNova API
Scheduler
Conductor
Nova Cell
Step 6a: Publish Provisioning Request
Swift
Object Store
Proxy Server
Quantum
Quantum DB
Plugin / Agent
Quantum Server
Cinder
Cinder API
Cinder DB
Scheduler
Queue
Cinder Vol
Keystone
Keystone Server
Keystone DB
Glance
Glance API
Glance Registry
Glance DB
Compute Node
Hypervisor
Network
VM
Nova:
Computenova-compute
Block Storage
Node
Storage
Network Node
DHCP / IPAM
Router / GW
Nova API makes rpc.call to
Scheduler. It publishes a
short message to scheduler
queue with VM info. UI: Horizon or CLI
Request has been validated, but no action has
been taken yet, i.e. which host, IP address, etc.

Nova
Nova DB
Queue
Nova:
ControllerNova API
Scheduler
Conductor
Nova Cell
Step 7: Pick up Provisioning Request
Swift
Object Store
Proxy Server
Quantum
Quantum DB
Plugin / Agent
Quantum Server
Cinder
Cinder API
Cinder DB
Scheduler
Queue
Cinder Vol
Keystone
Keystone Server
Keystone DB
Glance
Glance API
Glance Registry
Glance DB
Compute Node
Hypervisor
Network
VM
Nova:
Computenova-compute
Block Storage
Node
Storage
Network Node
DHCP / IPAM
Router / GW
Scheduler picks up the
message from MQ.
UI: Horizon or CLI

Nova Scheduler
“Nova Scheduler is a daemon, which
determines, on which compute host
the request should run.“
• Only provisioning time component, i.e. not like VMware’s DRS
• Typically co-located with the Cloud Controller

VM Scheduling:
Typical Requirements
• provision VM to particular host
• provision VMs of the particular tenant to
isolated hosts
• provision all VMs on different hosts
• provision VMs to "higher density" hosts

Nova Scheduler: Available
Schedulers
Scheduler Description Behavior
Chance Picks a host that is up Random
Simple
Picks a host that is up and
has the fewest running
instances
Least Loaded
Filter
Picks the best-suited host
which satisfies selected
filter
Custom JSON Filters
Multi (Deprecated, to be
replaced by cells)
A scheduler that holds
multiple sub-schedulers
Collection of filters
commonly used for
multi-site or customized
deployments

Nova Scheduler: Filtering
Affinity, Anti-affinity,
etc.
Eliminate
inapplicable hosts

Nova Scheduler: Filters
Filter Description
affinity Same host or different host
availability zone Least cost inside selected availability zone
core Least CPU core utilization
ram Only return hosts with sufficient RAM
json Allows simple JSON based grammar. Can be used to
build custom schedulers.
i/o filter out hosts with too many concurrent I/O
operations
compute capabilities match attributes with compute node's capabilities
(e.g. CPU arch.)

Filter Description
aggregate specs match the attributes for the instance with those
provided by aggregate
image properties find compute nodes with capabilities matching
image specification from glance
isolated host match given image with a group of compute nodes
trusted host (by Intel) finds only "attested" hosts
type find only compute nodes which do not run any
instances
… A lot more

• Filters are statically configured in nova.conf
• Multiple filters can be specified
• It is possible to create custom filter
• Inherit from BaseHostFilter class
• Override host_passes(self, host_state, filter_properties)

Nova Scheduler: Filtering
RAM, CPU, etc.
Integer values

Nova Scheduler: Weights and
Costs
• Cost - integer value
• Every compute host can have several cost
functions associated with it
• If no cost functions associated - use default
from nova.conf
• weight = sum(costi + weigth_fni)

Nova
Nova DB
Queue
Nova:
ControllerNova API
Scheduler
Conductor
Nova Cell
Step 8a: Schedule Provisioning
Swift
Object Store
Proxy Server
Quantum
Quantum DB
Plugin / Agent
Quantum Server
Cinder
Cinder API
Cinder DB
Scheduler
Queue
Cinder Vol
Keystone
Keystone Server
Keystone DB
Glance
Glance API
Glance Registry
Glance DB
Compute Node
Hypervisor
Network
VM
Nova:
Computenova-compute
Block Storage
Node
Storage
Network Node
DHCP / IPAM
Router / GW
Scheduler fetches
information about the
whole cluster from
database, filters, and
selects compute node and
updates DB with its ID
UI: Horizon or CLI

Nova
Nova DB
Queue
Nova:
ControllerNova API
Scheduler
Conductor
Nova Cell
Step 8b: Provision Scheduled
Swift
Object Store
Proxy Server
Quantum
Quantum DB
Plugin / Agent
Quantum Server
Cinder
Cinder API
Cinder DB
Scheduler
Queue
Cinder Vol
Keystone
Keystone Server
Keystone DB
Glance
Glance API
Glance Registry
Glance DB
Compute Node
Hypervisor
Network
VM
Nova:
Computenova-compute
Block Storage
Node
Storage
Network Node
DHCP / IPAM
Router / GW
Scheduler publishes
message to the compute
queue (based on host ID) to
trigger VM provisioning UI: Horizon or CLI

VM Provisioning Algorithm
• Step 9 – Nova Compute gets message from MQ and asks
Nova Conductor for VM info from database
• Step 10 – Nova Compute queries Quantum (previously Nova-
Network in Essex) to allocate networking information
• Step 11 – Nova Compute queries Cinder to allocate volume
information (optional step for persistent data)
• Steps 12-14 – Nova Compute fetches VM image (base OS)
from Glance
• Step 15 – Nova Compute passes all information about VM (in
a single message) to Hypervisor and Hypervisor (KVM / Xen)
creates an instance

Nova Compute
“Nova Compute is a worker
daemon, which primarily creates
and terminates VMs via
Hypervisor API."

Nova Compute Drivers
Nova Compute
XCP
VM
VM
VMWare
VM
VM
HyperV
VM
VM
LPAR
VM
VM
libvirt
KVM
VM
VM
Xen
VM
VM
Qemu
VM
VM
LXC
VM
VM
Today only 1 hypervisor type per
cloud instance. Libvirt / KVM is most
common deployment
Maintained
by Citrix
Maintained by
VMWare
Maintained
by Microsoft
Maintained
by IBM
Native or
through libvirt
Bare
Metal
VM
VM
Experimental
at this point

Nova Compute Drivers
(Continued)
• Functionality is not 100% similar
• Exact "run_instance" flow depends on driver
implementation
• Most of the features are developed and tested
on KVM

Nova Compute Config
(nova.conf on each host)
• --libvirt_type
• Hypervisor being used. In this deployment ‘kvm’ is specified.
• --libvirt_uri
• URI to use for connection to hypervisor. In this deployment ‘qemu+tcp:///system’ is specified.
• --sql_connection
• Database connection string in SQLAlchemy format. This is used for connecting to state database (if
Nova Conductor is not used)
• --rabbit_host
• IP address for RabbitMQ host. Non-standard port also can be specified
• --glance_host
• IP address and port of Glance Image Service host. This is needed for streaming virtual boot images.
• --glance_api_server
• IP address and port of Glance API server. This is needed for getting virtual boot images meta-data.

Nova
Nova DB
Queue
Nova:
ControllerNova API
Scheduler
Conductor
Nova Cell
Step 9a: Start VM Provisioning
Swift
Object Store
Proxy Server
Quantum
Quantum DB
Plugin / Agent
Quantum Server
Cinder
Cinder API
Cinder DB
Scheduler
Queue
Cinder Vol
Keystone
Keystone Server
Keystone DB
Glance
Glance API
Glance Registry
Glance DB
Compute Node
Hypervisor
Network
VM
Nova:
Computenova-compute
Block Storage
Node
Storage
Network Node
DHCP / IPAM
Router / GW
Nova Compute gets
message from MQ
UI: Horizon or CLI

Nova
Nova DB
Queue
Nova:
ControllerNova API
Scheduler
Conductor
Nova Cell
Step 9b: Start VM Provisioning
Swift
Object Store
Proxy Server
Quantum
Quantum DB
Plugin / Agent
Quantum Server
Cinder
Cinder API
Cinder DB
Scheduler
Queue
Cinder Vol
Keystone
Keystone Server
Keystone DB
Glance
Glance API
Glance Registry
Glance DB
Compute Node
Hypervisor
Network
VM
Nova:
Computenova-compute
Block Storage
Node
Storage
Network Node
DHCP / IPAM
Router / GW
Nova Compute makes
rpc.call to Nova Conductor
for Information on VM from
DB
UI: Horizon or CLI

Nova Conductor
“The Nova Conductor service is key
to completing no-db-compute"

Nova Conductor Notes
controller node
DB
nova-conductor
compute node
nova-compute
rpc.call()

• Eliminites remote DB access (security)
controller node
DB
nova-conductor
compute node
nova-compute
rpc.call()

• Horizontal scalability (performance)
controller node
DB
nova-conductor
compute node
nova-compute
rpc.call()

• Hides DB implementation/schema from the Nova Compute (upgrades)
controller node
DB
nova-conductor
compute node
nova-compute
rpc.call()

• Possible offloading of long-running operations from other services, not just Nova Compute
controller node
DB
nova-conductor
compute node
nova-compute
rpc.call()

• Beneficial for operations that cross multiple compute nodes (migration, resizes)
controller node
DB
nova-conductor
compute node
nova-compute
rpc.call()

• Beneficial for operations that cross multiple compute nodes (migration, resizes)
• “This is just one (major) step along the path”
controller node
DB
nova-conductor
compute node
nova-compute
rpc.call()

Nova Conductor for VM info from Nova Conductor
from Glance
creates an instance

Quantum
"network-as-a-service"

Quantum Notes

Quantum Notes
• Provides a flexible API (POST / GET) for service providers or
their tenants to manage OpenStack network topologies
• Create networks, associate VMs, set routers, etc.

Quantum Notes
• Presents a logical API and a corresponding plug-in
architecture that separates the description of network
connectivity from its implementationion

Quantum Notes
• API evolves independently of the compute API, allowing to
introduce more advanced network capabilities (e.g. QoS,
ACLs, etc.)

Quantum Notes
• API evolves independently of the compute API, allowing to
introduce more advanced network capabilities (e.g. QoS,
ACLs, etc.)
• In Folsom/Grizzly one can choose to stay with nova-network
(Essex approach) or to go with Quantum

Quantum Architecture -
“Bird's Eye" View
3rd Party plug-in,
networking data is stored
outside of OpenStack /
Quantum
Quantum native
functionality

Network Configuration Flow
• Allocate MAC addresses
• Allocate IPs (for each network)
• Associate IP and MAC with VM (DB)
• Setup network - L2:
• configure L2 via a quantum plugin
• actual action can be variable, depending on the plugin used
(with OVS plugin the action is: plugging an instance into the
integration bridge on the hypervisor)
• Setup network - L3
• Update DHCP config
• Initialize gateway
Allocation during
cloud setup
Association and
Setup during VM
provisioning

Available Quantum Plugins
• Linux Bridge
• OpenVSwitch (most common)
• Nicira NVP
• Cisco (UCS Blade + Nexus)
• Ryu OpenFlow controller
• NEC ProgrammableFlow Controller

Step 10: Configure Network
Swift
Object Store
Proxy Server
Quantum
Quantum DB
Plugin / Agent
Quantum Server
Cinder
Cinder API
Cinder DB
Scheduler
Queue
Cinder Vol
Glance
Glance API
Glance Registry
Glance DB
Compute Node
Hypervisor
Network
VM
Nova:
Computenova-compute
Block Storage
Node
Storage
Network Node
DHCP / IPAM
Router / GW
Nova Compute makes a call to
Quantum API to provision
network for the instance
UI: Horizon or CLI
Keystone
Keystone Server
Keystone DB
Nova
Nova DB
Queue
Nova:
ControllerNova API
Scheduler
Conductor
Nova Cell

Step 10: Configure Network (Continued)
Swift
Object Store
Proxy Server
Quantum
Quantum DB
Plugin / Agent
Quantum Server
Cinder
Cinder API
Cinder DB
Scheduler
Queue
Cinder Vol
Glance
Glance API
Glance Registry
Glance DB
Compute Node
Hypervisor
Network
VM
Nova:
Computenova-compute
Block Storage
Node
Storage
Network Node
DHCP / IPAM
Router / GW
Quantum configures IP, gateway,
DNS name, L2 connectivity, etc.
UI: Horizon or CLI
Keystone
Keystone Server
Keystone DB
Static
Dynamic
Nova
Nova DB
Queue
Nova:
ControllerNova API
Scheduler
Conductor
Nova Cell

from Glance
creates an instance

Cinder
"block storage as-a-service"

Cinder Notes

Cinder Notes
• Optional

Cinder Notes
• Optional
• iSCSI solution which can plug into a number of
storage backends

Cinder Notes
• Optional
storage backends
• Volume can be attached only to 1 instance at a
time

Cinder Notes
• Optional
storage backends
• Volume can be attached only to 1 instance at a
time
• Persistent volumes keep their state
independent of instances

Cinder Architecture

Cinder Drivers
• iSCSI
• Fibre Channel
• Xen Storage Manager
• Nexenta
• NetApp
• Zadara VPSA
• SAN
• NFS (volumes as sparse files)
• RBD Ceph
• IBM Storwize / XIV
• HP 3PAR
• Coraid
• Huawei
• Scality SOFS
• GlusterFS
• LVM thin provisioning support
• Mirrored LVM
• XenAPINFS
• EMC VNX/VMAX arrays
• Solidfire

Step 11: Request Volume
Swift
Object Store
Proxy Server
Quantum
Quantum DB
Plugin / Agent
Quantum Server
Cinder
Cinder API
Cinder DB
Scheduler
Queue
Cinder Vol
Glance
Glance API
Glance Registry
Glance DB
Compute Node
Hypervisor
Network
VM
Nova:
Computenova-compute
Block Storage
Node
Storage
Network Node
DHCP / IPAM
Router / GW
UI: Horizon or CLI
Keystone
Keystone Server
Keystone DB
Nova
Nova DB
Queue
Nova:
ControllerNova API
Scheduler
Conductor
Nova Cell
It is assumed a volume is
already created. Nova
Compute contacts Cinder to
get volume data. Can also
attach volumes after VM is
built.

Nova
Nova DB
Queue
Nova:
ControllerNova API
Scheduler
Conductor
Nova Cell
Step 11: Request volume (Continued)
Swift
Object Store
Proxy Server
Quantum
Quantum DB
Plugin / Agent
Quantum Server
Cinder
Cinder API
Cinder DB
Scheduler
Queue
Cinder Vol
Glance
Glance API
Glance Registry
Glance DB
Compute Node
Hypervisor
Network
VM
Nova:
Computenova-compute
Block Storage
Node
Storage
Network Node
DHCP / IPAM
Router / GW
Nova Compute sets up
iSCSI initiator & instructs
the Hypervisor to mount
iSCSI vol. as a new block
device UI: Horizon or CLI
Keystone
Keystone Server
Keystone DB

from Glance
creates an instance

Glance
"The Glance project provides
services for discovering,
registering, and retrieving virtual
machine images."

Glance Summary
• Images-as-a-Service
• Can use multiple back-ends for image storage
• Supports multiple image formats

Glance Architecture

Glance Capabilities

Glance Capabilities
• CRUD images (Create, Read, Update, Delete)

Glance Capabilities
• Search images via filters
• name
• container format
• disk format
• size_min, size_max
• status

Glance Capabilities
• Search images via filters
• name
• container format
• disk format
• size_min, size_max
• status
• Caches images
• uses SQLite or FS that supports xattrs for caching
• queues images for prefetching
• prefetches images
• prunes images
• cleans invalid cache entries

Glance Image Formats
Disk Format Description
raw This is an unstructured disk image format
vhd This is the VHD disk format, a common disk format used by virtual machine monitors from
VMWare, Xen, Microsoft, VirtualBox, and others
vmdk Another common disk format supported by many common virtual machine monitors
vdi A disk format supported by VirtualBox virtual machine monitor and the QEMU emulator
iso An archive format for the data contents of an optical disc (e.g. CDROM).
qcow2 A disk format supported by the QEMU emulator that can expand dynamically and supports Copy
on Write
aki This indicates what is stored in Glance is an Amazon kernel image
ari This indicates what is stored in Glance is an Amazon ramdisk image
ami This indicates what is stored in Glance is an Amazon machine image

Custom Image Creation
• Get installation ISO
• Create VM (qemu-img create)
• Start VM and connect to it via VNC console
• Install image without LVM
• Create default iptables rules
• Install and configure cloud-init
• With cloud-init configure image
• Prepare image for OpenStack
• Extract root partition, kernel and ramdisk
• cleanup
• package

Step 12: Request VM Image from Glance
Swift
Object Store
Proxy Server
Quantum
Quantum DB
Plugin / Agent
Quantum Server
Cinder
Cinder API
Cinder DB
Scheduler
Queue
Cinder Vol
Glance
Glance API
Glance Registry
Glance DB
Compute Node
Hypervisor
Network
VM
Nova:
Computenova-compute
Block Storage
Node
Storage
Network Node
DHCP / IPAM
Router / GW
Nova Compute requests VM
image from Glance via Image ID
UI: Horizon or CLI
Keystone
Keystone Server
Keystone DB
Nova
Nova DB
Queue
Nova:
ControllerNova API
Scheduler
Conductor
Nova Cell

Step 13: Get Image URI from Glance
Swift
Object Store
Proxy Server
Quantum
Quantum DB
Plugin / Agent
Quantum Server
Cinder
Cinder API
Cinder DB
Scheduler
Queue
Cinder Vol
Glance
Glance API
Glance Registry
Glance DB
Compute Node
Hypervisor
Network
VM
Nova:
Computenova-compute
Block Storage
Node
Storage
Network Node
DHCP / IPAM
Router / GW
If image with given image ID can be
found - return URI – HTTP Get URI
UI: Horizon or CLI
Keystone
Keystone Server
Keystone DB
Nova
Nova DB
Queue
Nova:
ControllerNova API
Scheduler
Conductor
Nova Cell

Step 14: Download Image from Swift
Swift
Object Store
Proxy Server
Quantum
Quantum DB
Plugin / Agent
Quantum Server
Cinder
Cinder API
Cinder DB
Scheduler
Queue
Cinder Vol
Glance
Glance API
Glance Registry
Glance DB
Compute Node
Hypervisor
Network
VM
Nova:
Computenova-compute
Block Storage
Node
Storage
Network Node
DHCP / IPAM
Router / GW
Nova Compute downloads image using URI,
given by Glance, from Swif
(or Glance's back-end)
UI: Horizon or CLI
Keystone
Keystone Server
Keystone DB
Nova
Nova DB
Queue
Nova:
ControllerNova API
Scheduler
Conductor
Nova Cell

from Glance
creates an instance

Nova
Nova DB
Queue
Nova:
ControllerNova API
Scheduler
Conductor
Nova Cell
Step 15: Start VM Rendering via Hypervisor
Swift
Object Store
Proxy Server
Quantum
Quantum DB
Plugin / Agent
Quantum Server
Cinder
Cinder API
Cinder DB
Scheduler
Queue
Cinder Vol
Glance
Glance API
Glance Registry
Glance DB
Compute Node
Hypervisor
Network
VM
Nova:
Computenova-compute
Block Storage
Node
Storage
Network Node
DHCP / IPAM
Router / GW
Nova Compute fetches
information about VM from
DB, creates a command to
Hypervisor and delegates
VM rendering to Hypervisor. UI: Horizon or CLI
Keystone
Keystone Server
Keystone DB
In case of KVM / libvirtd this is
a single XML VM config file

Nova
Nova DB
Queue
Nova:
ControllerNova API
Scheduler
Conductor
Nova Cell
Step 16: VM is UP
Swift
Object Store
Proxy Server
Quantum
Quantum DB
Plugin / Agent
Quantum Server
Cinder
Cinder API
Cinder DB
Scheduler
Queue
Cinder Vol
Glance
Glance API
Glance Registry
Glance DB
Compute Node
Hypervisor
Network
VM
Nova:
Computenova-compute
Block Storage
Node
Storage
Network Node
DHCP / IPAM
Router / GW
iSCSI communication
begins for volume
UI: Horizon or CLI
Keystone
Keystone Server
Keystone DB
Nova Compute sends a
message to Nova
Conductor to update
DB with VM state

Nova
Nova DB
Queue
Nova:
ControllerNova API
Scheduler
Conductor
Nova Cell
Step 17: User is Happy
Swift
Object Store
Proxy Server
Quantum
Quantum DB
Plugin / Agent
Quantum Server
Cinder
Cinder API
Cinder DB
Scheduler
Queue
Cinder Vol
Glance
Glance API
Glance Registry
Glance DB
Compute Node
Hypervisor
Network
VM
Nova:
Computenova-compute
Block Storage
Node
Storage
Network Node
DHCP / IPAM
Router / GW
Horizon polls Nova API for
VM status and power state,
which is taken from
Database.
UI: Horizon or CLI
Keystone
Keystone Server
Keystone DB

Recap:

Recap:
• Users logs into Horizon and initiates a VM create

Recap:
• Keystone authorizes

Recap:
• Nova initiates provisioning and saves state to DB

Recap:
• Nova Scheduler finds appropriate host

Recap:
• Quantum configures networking

Recap:
• Cinder provides block device

Recap:
• Image URI is looked up through Glance

Recap:
• Image is retrieved via Swift

Recap:
• Image is retrieved via Swift
• VM is rendered

Open stack architecture overview-meetup-6-6_2013

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Andere mochten auch

Andere mochten auch (20)

Ähnlich wie Open stack architecture overview-meetup-6-6_2013

Ähnlich wie Open stack architecture overview-meetup-6-6_2013 (20)

Mehr von Mirantis

Mehr von Mirantis (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Open stack architecture overview-meetup-6-6_2013