egi tf 2013 / cloud interoperability week – hands-on tutorial

Cloud Interoperability Week – Hands-On Tutorial Madrid, Spain, September 18th, 2013

1/16 Creative Commons Attribution-NonCommercial-ShareAlike License

Build your OCCI-compatible Cloud with OpenNebula

Daniel Molina Carlos Martín Boris Parak

The research leading to these results has received funding from Comunidad de Madrid through research grant MEDIANET S2009/TIC-1468,

Acknowledgments

2 An Introduction to Cloud Computing with OpenNebula

Agenda Build your OCCI-compatible Cloud with OpenNebula!

●  Introduction and Architecture ●  Installation and Basic Usage ●  rOCCI on top of OpenNebula




An Introduction to Cloud Computing with OpenNebula

Daniel Molina & Carlos Martín Project Engineers


Acknowledgments


Agenda An Introduction to Cloud Computing with OpenNebula!

●  Infrastructure as a Service ●  The OpenNebula Model ●  The Anatomy of the Cloud


Infrastructure as a Service Types of Cloud Services!

What Who On-demand access to any application

End-user (does not care about hw or sw)

Platform for building and delivering web

applications

Developer (no managing of the underlying hw &

swlayers)

Raw computer infrastructure

System Administrator (complete management of the

computer infrastructure)

Software as a Service

�

Platform as a Service

Infrastructure as a Service

Physical Infrastructure


Infrastructure as a Service Types of Cloud Deployments!

•  Simple Web Interface

•  Raw Infrastructure Resources

•  Pay-as-you-go (On-demand access)

•  Elastic & “infinite” Capacity

Public Cloud






Public Cloud

A “Public Cloud behind the firewall”

•  Simplify internal operations

•  Dynamic allocation of resources

•  Higher utilization & operational savings

•  Security concerns

Private Cloud







Public Cloud






Private Cloud

•  Supplement the capacity of the Private Cloud

•  Utility Computing dream made a reality!

Hybrid Cloud







Public Cloud






Private Cloud

•  Suplement the capacity of the Private Cloud

•  Utility Computing dream made a reality!

Hybrid Cloud



Infrastructure as a Service Challenges of IaaS Clouds!

●  How do I provision a new VM? Image Management & Context

●  Where do I store the disks? Storage

●  How do I set up networking for a multitier service? Network & VLANs

●  Where do I put my web server VM? Monitoring & Scheduling

●  How do I manage any hypervisor? Virtualization

●  Who has access to the Cloud’s resources? User & Role Management

●  How do I manage my distributed infrastructure? Interfaces & APIs


●  How do I provision a new VM? Image Management & Context

●  Where do I store the disks? Storage

●  How do I set up networking for a multitier service? Network & VLANs

●  Where do I put my web server VM? Monitoring & Scheduling

●  How do I manage any hypervisor? Virtualization

●  Who has access to the Cloud’s resources? User & Role Management

●  How do I manage my distributed infrastructure? Interfaces & APIs

Uniform management layer that orchestrates multiple technologies

Infrastructure as a Service Challenges of IaaS Clouds!


An Uniform Management Layer!Infrastructure as a Service


The OpenNebula Model

●  Adaptable: Integration capabilities to fit into any data center

●  Enterprise-ready: Upgrade process and commercial support

●  No Lock-in: Broad infrastructure and platform independent

●  Light: Efficient & simple

●  Proven: Rigorously tested, mature and widely used

●  Powerful: Advanced features for virtualized

●  Scalable: single instance & multi-tier architectures

●  Be interoperable! rich set of API's & Interfaces

●  Open Source: Apache License v2

An Enterprise-ready Open-source Platform to Manage Cloud Data Centers !


Widely Used to Build Enterprise Private Clouds in Medium and Large Data Centers!Reference Users

Survey Q2/Q3 2012 (2,500 users http://c12g.com/resources/survey/)

The OpenNebula Model


Story A Project Aimed at Building the Industry Standard Open Cloud Management Tool!

2005 2008 2009 2010 2011 2012

• Develop & innovate • Support the community • Collaborate

Large-scale production deployment: 16,000 VMs

5,000 downloads/month

2014 2013

Research Project

TP v1.0 v1.2 v1.4 v2.0 v2.2 v3.0 v3.2 v3.4 v3.6 v3.8 v4.0 V4.2


The Anatomy of the Cloud Different Perspectives of the Cloud – Demands from the Different Communities!

Cloud Consumer

Cloud Administrator

Cloud Integrator

Cloud Application Developer


The Anatomy of the Cloud OpenNebula Architecture - Infrastructure Agnostic and Highly Customizable!

OpenNebula core

Virtualization Images

Storage Network

Auth

Monitoring

Scheduler

XML-RPC API

OCA (Ruby, Java)

CLI GUI Cloud Servers

DB

Languages


The Anatomy of the Cloud Cloud Architecture - The Internals of the Cloud!

Interfaces, Tools & API •  CLI & Sunstone (GUI) •  API •  Cloud (EC2,OCCI) •  Service Management & Catalogs

Compute Hosts •  Grouped into logical clusters •  Multiple hypervisors •  Monitoring

Storage •  VM disks (file & block) •  Image Distribution •  Multiple Backends

Multi-tenancy •  AAA Services •  Scheduling •  Permissions & roles

Network •  VLAN •  Firewalling •  Multiple Technologies


The Anatomy of the Cloud Basic OpenNebula Deployment!

•  Repository of VM images •  Multiple Backends (LVM, Ceph)

Monitoring,Virtualization, Storage and Network

•  Provides physical resources for the VMs •  Must have a hypervisor installed


We Will Be Happy to Clarify Any Question !Questions?




Installation and Basic Usage

Daniel Molina & Carlos Martín Project Engineer


Acknowledgments

2 Installing and Basic Usage

Agenda Installing and Basic Usage!

●  Planning the Installation ●  Virtual Lab Configuration ●  Basic Usage

●  Managing Hosts ●  Images, Networks, Templates and VMs ●  Managing Users, Quotas and ACLs ●  Logging & Debugging ●  Configuration Files

●  Appendix A - Installation


A Typical OpenNebula Environment Planning the Installation!

•  Repository of VM images •  Multiple Backends (LVM, Ceph)

Monitoring,Virtualization, Storage and Network

•  Provides physical resources for the VMs •  Must have a hypervisor installed


Required Software Installing!

●  Head node ●  ssh, ruby ●  OpenNebula: oned, mm_sched, sunstone, …

●  Worker nodes ●  Hypervisor (KVM, Xen or VMWare) ●  ssh, ruby (Xen & KVM)

●  Optional ●  Storage Backends (LVM, iSCSI, Ceph, …) ●  Networking systems (VLAN, Open vSwitch, …) ●  Ganglia, LDAP, Apache, Nginx


Virtual Lab Planning the Installation!

NODE 1 NODE 2


Virtual Lab Installing!

●  Start Virtual Box ●  File > Import Appliance…

●  frontend_node1.ova & node2.ova ●  Start frontend_node1 and node2 images ●  You can access them from:

1.  VirtualBox GUI 2.  Console ●  frontend_node1 (password centos)

●  node2 (password centos)

$ ssh localhost -l root -p 2222

$ ssh localhost -l root -p 2223


CLI – node1 Basic Usage!

Hands on (node1) ! ●  OpenNebula CLI Commands

# su - oneadmin $ one[TAB]

oneuser Manage Users oneimage Manage Images

onegroup Manage Groups onetemplate Manage Templates

oneacl Manage ACLs onevm Manage VMs

onehost Manage Hosts oneacct Accounting Tool

onecluster Manage Clusters onemarket Marketplace Tool

onevnet Manage Networks onedb DB Tool

onedatastore Manage Datastores


CLI – node1 Basic Usage!

●  Get the Sunstone Login information

●  Try out sunstone!

http://localhost:9869

# (as oneadmin) $ cat ~/.one/one_auth oneadmin:<password>


Adding Hosts - Sunstone Basic Usage – Hosts!

Hands on! (Sunstone) ● Create one host in Sunstone: node1

● Virtualization: KVM ● Information: KVM ● Network: dummy ● Cluster: none

● Watch transition INIT ! ON

● Click on the row for more information ● Automatic gathering of monitoring data ● Take a look at the graphs


Adding Hosts - CLI Basic Usage – Hosts!

Hands on! (CLI) (always as oneadmin in the Frontend – node 1)

$ onehost -help $ onehost create -help $ ssh node2 ls /var/tmp/one $ onehost create node2 -i kvm -v kvm -n dummy $ onehost list $ onehost top # Wait for ON ... and then CTRL-C $ ssh node2 ls /var/tmp/one $ onehost show node2 $ onehost show 1 $ onehost show -x 1


Adding Images Basic Usage – Images!

Hands on! (Sunstone) ● Create an Image in Sunstone

● Name: tty ● Provide a Path: /var/tmp/tutorial/ttylinux.qcow2.img ● Advanced ! Driver: qcow2 ● Datastore: default ● Create!

● Watch transition LOCKED ! READY ● Ownership and Permissions (ala Unix!), Size, Driver... Hands on! (CLI) $ oneimage list $ oneimage show tty # DO NOT EXECUTE THE FOLLOWING COMMAND $ oneimage create --name tty --driver qcow2 \ --path /var/tmp/tutorial/ttylinux.qcow2.img -d default


System Datastore Basic Usage – Datastores!Hands on! (Sunstone) ● Inspect each Datastore: ● The system datastore:

● Holds images for running VMs ● The TM_MAD (transfer manager driver) is shared which means:


Shared Datastore Basic Usage – Datastores!Hands on! (Sunstone) ● The default datastore:

● Holds images ready to be cloned or linked for VMs ● The DS_MAD is fs because our image is a regular file ● The TM_MAD (transfer manager driver) is shared which means:


Adding Networks Basic Usage – Networks!

Hands on! (Sunstone) ● Create a new Network

● Name: private ● Type: Fixed Network ● IP: 192.168.0.1 -> [ENTER] -> repeat ... -> 192.168.0.4 ● Network Model: default ● Bridge: br1

br1

VM VM

Node 1 eth1

br1

Node 2 eth1

VM VM


Adding Networks Basic Usage – Networks!

Hands on! (Sunstone) ● Network extended information:

● Lease Management ! Add, Hold and Remove Leases Hands on! (CLI)

$ cat private2.net NAME = private2 TYPE = fixed BRIDGE = br1 LEASES = [ IP = 10.0.0.1 ] LEASES = [ IP = 10.0.0.2 ] $ onevnet create private2 $ onevnet list $ onevnet show private $ onevnet addleases private 192.168.0.105 $ onevnet hold private 192.168.0.105


Adding Templates Basic Usage – Template!

Hands on! (Sunstone) ● A template is a Virtual Machine definition ready to be instantiated ● It has CPU, Memory, Disks, NIC, Graphical Ports, etc...

● Create a new Template: ● Name: ttylinux ● CPU: 0.1 ● Memory: 64M ● Storage: tty ● Network: private ● Input/Output: VNC ● Random values in Context ! Custom Variables ● Create!


Adding Templates Basic Usage – Template!

Hands on! (CLI) ● Try the useful --dry option in the CLI

$ onetemplate create --help $ onetemplate create --name ttylinux --cpu 0.1 \

--memory 64 --disk tty --nic private --vnc --dry NAME="ttylinux“ CPU=0.1 MEMORY=64 DISK=[ IMAGE="tty“ ] NIC=[ NETWORK="private“ ] GRAPHICS=[ TYPE="vnc", LISTEN="0.0.0.0" ]


Instantiating Basic Usage – VMs!

Hands on! (Sunstone) ● Instantiate the template

● Deploy 2 VMs ● Leave the name blank

● Watch the transition PENDING ! RUNNING ● In which host is running each VM?

● vnc (node1) ! root / password ● ifconfig ! configured using context ● ping the other machine (node2)

● Migrate / live-migrate (node2)


Main VM actions Basic Usage – VMs!

suspend VM state saved. Kept in the host.

power off (--hard) Powers off a VM. Kept in the host.

stop VM state saved. Taken to the system datastore.

undeploy (--hard) Powers off a VM. Taken to the system datastore.

reboot (--hard) Reboots the VM.

delete --recreate Cleans the VM and moves it to PENDING.

shutdown (--hard) Powers off a VM, cleans host and VM is removed from OpenNebula.

delete VM is immediately destroyed regardless of state. Recommended only for oneadmin.


Other VM actions Basic Usage – VMs!Hands on! (Sunstone) ● VM extended information tab

● Capacity - Resize VM capacity (power off –hard, first) ● Storage ● Network - Attach new nic ● create a new network ! attach nic ! reboot

● Snapshot ● create a file using VNC ● Take snapshot ● Modify the file ● Revert

● Placement ● Actions - Schedule action ● Template ● Log


Managing Users Basic Usage – Users!

Hands on! (Sunstone) ● Create new user: testuser / testpass ● Click on new user ! Update Quotas

● Enforce 1 Max VMs ! Add/edit quota ● Other possible options ● limit the use of a Datastore ● limit the use of an Image ● limit the use of a Network

● Apply changes! ● Create new ACL

● We can customize any rule extending the functionality provided by the Unix ownership/group/permissions schema.


Logs Basic Usage – Logging and Debugging!

● Logs are kept under /var/log/one ● oned.log: all the information related to the oned daemon. Every

request, actions and driver errors will be here. The verbosity is set by DEBUG_LEVEL in /etc/one/oned.conf

● sched.log:has all the information related to the placement of Virtual

Machines. If a VM is not being deployed (kept in PENDING state), this log will explain why.

● <id>.log: the log of each VM. Also accessible through Sunstone.


oned.conf Configuration !

/etc/one/oned.conf (open this file and take a look!) ● OpenNebula Daemon:

● LOG, PORT, DB ● Monitoring Intervals:

● MANAGER_TIMER, MONITORING_INTERVAL ● Configuration options for VMs:

● VNC_BASE_PORT ● MAC_PREFIX (MAC " IP) ● DEFAULT_DEVICE_PREFIX = "hd“ (or vd, xvd, etc…)

● Drivers: ● IM_MAD, VMM_MAD, TM_MAD, DATASTORE_MAD, HM_MAD,

AUTH_MAD ● Resources:

● DEFAULT_UMASK ● VM_RESTRICTED_ATTR, IMAGE_RESTRICTED_ATTR


sched.conf Configuration !

/etc/one/sched.conf (open this file and take a look!) ● Scheduler Daemon:

● ONED_PORT, SCHED_INTERVAL, LOG ● Dispatch Options

● MAX_VM, MAX_DISPATCH, MAX_HOST, LIVE_RESCHEDS ● Policy

● DEFAULT_SCHED (packing, striping, load-aware, custom)


We Will Be Happy to Clarify Any Question !Questions?


Appendix A

Installation

This is just a reference of what have been done to configure the frontend_node1 and node2 images


Installation node 1 - Frontend Installing!

●  Activate repo and Install Packages

●  Add QEMU drivers ●  Configure NFS Server

# cp /var/tmp/tutorial/opennebula.repo /etc/yum.repos.d/ # yum clean all # yum install opennebula-server opennebula-sunstone opennebula-node-kvm

# Change VM_MAD type from kvm to qemu

# cat /etc/exports /var/lib/one *(rw,sync,no_subtree_check,root_squash,anonuid=9869,anongid=9869)


Installation node 1 - Frontend Installing!

●  Configure Sunstone

●  Start Services

●  Quick overview of the CLI

# service nfs start # service libvirtd start # service opennebula start # service opennebula-sunstone start # chkconfig nfs on

# gpasswd -a oneadmin wheel # su - oneadmin $ oneuser show $ oneuser -help

# sed -i 's/127.0.0.1/0.0.0.0/' /etc/one/sunstone-server.conf


Installation node 2 – Worker Node Installing!

●  Activate repo and Install Packages

●  Configure Network, Hostname, NFS and sudo

# cp /var/tmp/tutorial/opennebula.repo /etc/yum.repos.d/ # yum clean all # yum install opennebula-node-kvm

# chkconfig NetworkManager off # service NetworkManager stop # echo HOSTNAME=node2 > /etc/sysconfig/network # hostname node2 # sed -i 's/1.1.1.1/1.1.1.2/' /etc/sysconfig/network-scripts/ifcfg-br1 # ifconfig br1 1.1.1.2/24 up # mount –t nfs 1.1.1.1:/var/lib/one /var/lib/one # gpasswd -a oneadmin wheel # service libvirtd start


Configure Password-less SSH Installing!

●  OpenNebula needs passwordless ssh access to

all the nodes from all the nodes:

# (as oneadmin) $ ssh-keyscan node1 node2 > ~/.ssh/known_hosts # test it! $ ssh node2 $ exit $ ssh node1 $ exit

EGI-InSPIRE

Build your OCCI-compatible cloud withOpenNebula and rOCCI

Boris Parák, CESNET

EGI Technical Forum 2013, Madrid, ES 1EGI-InSPIRE RI-261323 www.egi.eu

Tutorial Overview

1. Introduction to (r)OCCI2. Requirements3. rOCCI-server

3.1 Installation3.2 Configuration3.3 Start-up

4. rOCCI-cli4.1 Installation4.2 Usage

5. Showcase6. Appendix


Introduction – OCCI

• OCCI æ Open Cloud Computing Interface• text-based protocol and API focusing on interoperability in

the cloud• originally designed for IaaS clouds, but is extensible• works with resources, links and mixins


Introduction – rOCCI

What is rOCCI?• a framework implementing OCCI in Ruby• a client providing shell-based user interface• an open source project hosted on GitHub• consists of rOCCI-core, rOCCI-api and rOCCI-cli

What is rOCCI-server?• a server-side implementation leveraging rOCCI• a bridge between OpenNebula and the world of OCCI• stateless proxy delegating authentication, authorization

and functionality to OpenNebula


Introduction – Architecture


Introduction – Terminology


Requirements

• OpenNebula, v3.4 - v4.2• Ruby 1.9.3• Rubygems• optionally, Apache2 as an application server for production

deployments


rOCCI-server – Installation

• rOCCI-server can be installed directly from its gitrepository or from a zip archive

• should use a separate user account• can be installed and distributed as a separate

ready-to-launch appliance

rOCCI-server is already installed in your VMs.


rOCCI-server – Configuration

# configure authentication with OpenNebula[oneadmin]$ oneuser create rocci $RANDOM \

--driver server_cipher[oneadmin]$ oneuser chgrp rocci oneadmin

# provide default backend configuration[rocci]$ cd /var/tmp/rOCCI-server[rocci]$ cp etc/backend/opennebula/opennebula.json \

etc/backend/default.json

# update credentials for the rocci user[rocci]$ vim etc/backend/default.json


rOCCI-server – Start-up

# start the passenger[rocci]$ cd /var/tmp/rOCCI-server[rocci]$ bundle exec passenger start# ... and that’s it!


rOCCI-cli – Installation

• ordinary Rubygem, available as ’occi-cli’• provides shell-based user interface• supports basic, digest, X.509 and VOMS authentication

# check whether the client is present and works# (run this OUTSIDE the /var/tmp/rOCCI-server directory)[rocci]$ occi -d -v


rOCCI-cli – Usage

# all ’occi’ commands mentioned from now on# have to be executed under the rocci user account$ occi --help


Showcase – List

$ occi --endpoint http://localhost:3000/ --auth basic \--username oneadmin --password $PASSWD \--action list --resource storage

$ occi --endpoint http://localhost:3000/ --auth basic \--username oneadmin --password $PASSWD \--action list --resource network

$ occi --endpoint http://localhost:3000/ --auth basic \--username oneadmin --password $PASSWD \--action list --resource compute


Showcase – Describe

$ occi --endpoint http://localhost:3000/ --auth basic \--username oneadmin --password $PASSWD \--action describe --resource storage

$ occi --endpoint http://localhost:3000/ --auth basic \--username oneadmin --password $PASSWD \--action describe --resource network

$ occi --endpoint http://localhost:3000/ --auth basic \--username oneadmin --password $PASSWD \--action describe --resource compute


Showcase – Instantiate

$ occi --endpoint http://localhost:3000/ --auth basic \--username oneadmin --password $PASSWD \--action create --resource compute \--mixin os_tpl#ttylinux \--mixin resource_tpl#small \--attributes title=’rOCCI_VM’

$ occi --endpoint http://localhost:3000/ --auth basic \--username oneadmin --password $PASSWD \--action describe --resource /compute/<id>

$ occi --endpoint http://localhost:3000/ --auth basic \--username oneadmin --password $PASSWD \--action delete --resource /compute/<id>


References

What to read if you want to know more?• http://occi-wg.org• https://github.com/gwdg/rOCCI-server• https://github.com/gwdg/rOCCI-core• https://github.com/gwdg/rOCCI-api• https://github.com/gwdg/rOCCI-cli

Do you have any questions?• ask directly at [email protected]

• ask in the mailing lists [email protected] [email protected]


Appendix – rOCCI-server

# create a user$ useradd rocci$ usermod -L rocci

# check Ruby version$ su - rocci[rocci]$ ruby -v

# install a few native dependencies$ yum install expat-devel libxml2-devel libxslt-devel



# install the rOCCI-server itself[rocci]$ cd /opt[rocci]$ git clone \

https://github.com/gwdg/rOCCI-server.git

# install rOCCI-server’s dependencies[rocci]$ cd /opt/rOCCI-server[rocci]$ bundle install

# configure authentication with OpenNebula[oneadmin]$ oneuser create rocci $RANDOM \

--driver server_cipher[oneadmin]$ oneuser chgrp rocci oneadmin



# provide default backend configuration[rocci]$ cd /opt/rOCCI-server[rocci]$ cp etc/backend/opennebula/opennebula.json \

etc/backend/default.json

# update credentials for the rocci user[rocci]$ vim etc/backend/default.json

# start the passenger[rocci]$ cd /opt/rOCCI-server[rocci]$ bundle exec passenger start


Appendix – rOCCI-cli

# install a few native dependencies$ yum install expat-devel libxml2-devel libxslt-devel

# install the client itself$ gem install occi-cli

# check whether it works$ occi -d -v


egi tf 2013 / cloud interoperability week – hands-on tutorial

Technology