intro to openstack - wajug
DESCRIPTION
TRANSCRIPT
Rackspace Technical Services
Introduction to OpenStack
April 10, 2023
WAJUG Meetup
About.me/kevjackson
RACKSPACE | www.rackspace.com
2
Kevin Jackson, Principal Architect@itarchitectkev
RACKSPACE® HOSTING | WWW.RACKSPACE.COM
OpenStack
OpenStack is open-source software used to build public, private and hybrid clouds
16,200 138
COMMUNITYSOFTWARE
Join our global community of technologists, developers, researchers, corporations and cloud computing experts.
OpenStack Software delivers a massively scalable cloud operating system.
COMPUTENETWORKING
STORAGEPEOPLE COUNTRIES
RACKSPACE | www.rackspace.com
4
What is OpenStack?
The Mission
RACKSPACE | www.rackspace.com
5
“To produce the ubiquitous Open Source Cloud Computing platform that will meet the needs of public and private clouds regardless of size, by being simple to implement and massively scalable.”
KEYSTONEIDENTITY
GLANCEIMAGE MANAGEMENT
NOVACOMPUTE LAYER
SWIFTOBJECT STORE
CINDERBLOCK STORAGE
NEUTRONNETWORKING
HORIZONDASHBOARD
CEILOMETERTELEMETRY
HEATOrchestration
NEUTRONLBaaS, VPNaaS, FWaaS
What is OpenStack?
What really is OpenStack?
RACKSPACE | www.rackspace.com
7
OpenStack is like the Linux Kernel
What is Rackspace Private Cloud?
RACKSPACE | www.rackspace.com
8
• Rackspace Private Cloud Software is powered by OpenStack, the same cloud platform we used to build the Rackspace public cloud. Because our Private Cloud Software is based on open-source technology, you don't have the risk of being locked into a proprietary platform.
RPC is the Distribution
20
10
InauguralDesignSummit in Austin
Jul
OpenStack Launch!
CloudFilesLaunches
May 2008
NASAwrites NovaController
First release
25+ partners
Oct
AustinSwift prod
Nova dev preview
35+ partners
Nov
First publicDesign Summit inSan Antonio
2009Mar 2006
RackspaceCloud Launches
Source: Randy Bias & Others
History Lesson
RACKSPACE | www.rackspace.com
9
2nd Summit
Jan Feb Jul20
11
2nd release
Apr
3rd Summitin Santa Claraplus conference
Governance moves forwardwith project technical leads and policy board elections.
Decision to move to 6-month release cycle over 3-month
CactusNova for larger-
scale prod
Sept Oct
DiabloMajor stability release
First of 6-month releases
Rackspaceannounces plansto launchOpenStack Foundation
BexarNova for mid-sized prod
Glance added as core
Happy Birthday!
RACKSPACE | www.rackspace.com
10
History Lesson
AT&T joinsOpenStack
Jan Feb May20
12
Created framework forFoundation
Apr
19 companiesannouncepublic support for Foundation
Drafting committeeformed - creatinglegal documents
EssexKeystone in core
Horizon in core
Aug Sep
BoardElections
HP Cloudlaunch
Oct
Framework &documents ratifiedby community
Inaugural OpenStackFoundation Boardmeeting
VMware, Intel & NECaccepted as Gold members
Foundation Launched!
FolsomCinder in core
Networking in core
RACKSPACE | www.rackspace.com
11
History Lesson
Apr20
13
Oct
GrizzlyCeilometer in incubation
HEAT in incubation
Apr
IcehouseHavanaCeilometer in integration
HEAT in integration
LBaaS
20
14
Nov
Summit inHong Kong
First Summit100% run andfunded by Foundation
Juno
Oct
Summit inParis
Summit inAtlanta
May Nov
Trove in Integration
Compute rolling upgrades
Block Storage migration
Federated Keystone
RACKSPACE | www.rackspace.com
12
History Lesson
The OpenStack Programs
RACKSPACE | www.rackspace.com
13
• OpenStack Compute (Nova) - integrated program since Austin release
• OpenStack Networking (Neutron) - integrated program since Folsom release
• OpenStack Object Storage (Swift) - integrated program since Austin release
• OpenStack Block Storage (Cinder) - integrated program since Folsom release
• OpenStack Identity (Keystone) - integrated program since Essex release
• OpenStack Image Service (Glance) - integrated program since Bexar release
• OpenStack Dashboard (Horizon) - integrated program since Essex release
• OpenStack Telemetry (Ceilometer) - integrated program since the Havana release
• OpenStack Orchestration (Heat) - integrated program since the Havana release
• OpenStack Database (Trove) - integrated program for Icehouse
• OpenStack Bare Metal (Ironic)
• OpenStack Queue Service (Marconi)
• OpenStack Data Processing (Hadoop) (Sahara)
RACKSPACE® HOSTING | WWW.RACKSPACE.COM
Rackspace Private Cloud Architecture
Rackspace Private Cloud Architecture
RACKSPACE | www.rackspace.com
• Rackspace Private Cloud (RPC) is OpenStack
• Easy to install
• Tested configurations
• Supported
• Community (Free)
• Fanatical Support (per node)
15
Rackspace Private Cloud Architecture
RACKSPACE | www.rackspace.com
• Rackspace Private Cloud (Compute) is made up of
• 2 x Controllers (HA)
• N Computes (Hypervisors)
• N Cinder nodes (Block Storage)
• Rackspace Private Cloud (Object Storage)
• 2 x Identity
• Hardware Load Balancers
• N x Proxy
• N x Storage (With DAS/JBOD)
16
Rackspace Private Cloud Architecture
RACKSPACE | www.rackspace.com
17
OpenStack Architecture
RACKSPACE | www.rackspace.com
18
OpenStack Architecture
RACKSPACE | www.rackspace.com
19
Rackspace Private Cloud Architecture
RACKSPACE | www.rackspace.com
20
Hybrid Cloud: Dedicated to Cloud
RACKSPACE | www.rackspace.com
21
Hybrid Cloud: Enterprise to Cloud
RACKSPACE | www.rackspace.com
22
Hybrid Cloud: Multi-Cloud
RACKSPACE | www.rackspace.com
23
RACKSPACE® HOSTING | WWW.RACKSPACE.COM
Intro to Networking & SDN
Intro to Software Defined Networking
RACKSPACE | www.rackspace.com
25
• OpenStack Networking: Neutron
• Networking Architecture for Rackspace Private Cloud
• Servers/Nodes
• Controller: Neutron API, Agents, Open vSwitch
• Computes: Agents and Open vSwitch
• Network Cards in each
• NIC for Host/Management
• Usually bonded into different switches for HA
• NIC for Neutron
• Usually bonded into different switches for HA
• Can be bonded for LACP
• Can have more than one NIC for different networks/speeds
Rackspace Private Cloud: Networking
RACKSPACE | www.rackspace.com
26
Host or Management Network
RACKSPACE | www.rackspace.com
27
• The Host Network is nothing more than the subnet the servers live on
• I.e. the OpenStack services run on this network
• Just like Apache or Bind would
• As a user of the private cloud, this is your address for the API / GUI
Provider Network
RACKSPACE | www.rackspace.com
28
• This is the “Neutron” network
• Networks that go through these interfaces have been defined in OpenStack
• Neutron Provider Networks can be
• GRE Tunnels
• VLANs
• Flat Networking
• Can have multiple provider networks
• One for “Standard” traffic at 1G
• Another for “Fast” access at 10G
• When creating networks in Neutron, we can specify which NIC “bridge” to use for this purpose
Provider Network Type: GRE
RACKSPACE | www.rackspace.com
29
• GRE Tunnel networks in Neutron form a mesh in OpenStack
• Each Compute and Controller will be able to send/receive packets over these networks
• Each GRE tunnel is given an ID
Provider Network Type: VLAN
RACKSPACE | www.rackspace.com
30
• VLAN networks work as they would in a physical world
• Switch will have VLAN tags trunked on their ports
• An OpenStack user would create a Neutron network with a corresponding VLAN ID
• Providing all the switch ports have that VLAN ID, OpenStack Networking will work
Provider Network Type: Flat
RACKSPACE | www.rackspace.com
31
• Flat Networking is the most basic
• It is analogous to Flat DHCP in “Nova Networking”
• A single flat structure with no network isolation
Physical Networking
RACKSPACE | www.rackspace.com
32
RACKSPACE® HOSTING | WWW.RACKSPACE.COM
Storage
RACKSPACE® HOSTING | WWW.RACKSPACE.COM
OpenStack Block Storage
OpenStack Block Storage
RACKSPACE | www.rackspace.com
35
• OpenStack Block Storage
• Project Name Cinder
• Provides additional, usually resilient storage to instances
• Rackspace Private Cloud Supports
• Local Disk (LVM)
• EMC
• NetApp
• Solidfire (in your Datacentre)
OpenStack Block Storage
RACKSPACE | www.rackspace.com
36
• Can only attach a volume to one instance at a time
• Like a USB stick
• Typical Use Cases
• Tables for MySQL stored on Block Storage volumes
• Performance sensitive data
• Computes run SAS, use SSD-backed Block Storage
• Providing instances access to raw block storage
OpenStack Block Storage
RACKSPACE | www.rackspace.com
37
• Snapshots
• Backup and restore volumes of data
• Boot from Volume
• Ability to run image from block storage
• Good for the “Pets”
• Potentially less Orchestration
• Possibly Windows
• Volume is not deleted when an instance is terminated
What really is OpenStack?OpenStack Block Storage
RACKSPACE | www.rackspace.com
38
OpenStack Block Storage
RACKSPACE | www.rackspace.com
39
• Rackspace recommends
• 1 core per 3TB capacity
• At least 6 SATA or SAS drives of at least 1TB capacity each.
• At least 2GB RAM, plus an additional 250MB RAM per TB of drive.
• RAID Controller with battery backup in RAID5 or RAID10 configuration.
Block Storage
RACKSPACE | www.rackspace.com
40
RACKSPACE® HOSTING | WWW.RACKSPACE.COM
OpenStack Object Storage
Object Storage: Swift
RACKSPACE | www.rackspace.com
42
• API driven Object Storage
• Upload/Download via HTTP/HTTPS
• Highly Resilient Distributed Object Storage
• Data is written multiple times (default 3)
• Rings
• Account
• Container
• Object
• Location aware: Zones
• Disk Partition
• Disk
• Server
• Cabinet
• Datacentre
Object Storage: Swift
RACKSPACE | www.rackspace.com
43
Object Storage: Swift
RACKSPACE | www.rackspace.com
44
Object Storage: Swift
RACKSPACE | www.rackspace.com
45
RACKSPACE® HOSTING | WWW.RACKSPACE.COM
Highly Available Rackspace Private
Cloud
HA and Non-HA in Private Cloud
RACKSPACE | www.rackspace.com
47
Designing For Failure
RACKSPACE | www.rackspace.com
• Your infrastructure must be HA
• Your apps running on your cloud should tolerate failure
• Automate everything
• Automate recovery
• Use load balancers
• Use message queues
• Put workloads suitable into the cloud
• Don’t expect “Live Migration”
• Live Migration is an Operations Function, not a design choice.
48
Designing For Failure
RACKSPACE | www.rackspace.com
• In Rackspace Private Cloud
• Controllers are HA
• MySQL HA (Multi-Master)
• RabbitMQ Cluster
• APIs behind HA Proxy
• Keepalived for floating IPs
• Computes
• Individual scale out units
• Local storage
• Will fail at some point
49
Highly Available RPC: Keepalived
RACKSPACE | www.rackspace.com
• Keepalived
• Uses Layer4 Load Balancing Module (IPVS)
• Uses VRRP (Virtual Redundancy Router Protocol)
• Uses multicast address 224.0.0.18 by default
• Specify VRID
• Must be unique on network
• Specify the Virtual IP (Floating IP)
• Watchdog monitors the keepalived processes
• Healthcheckers monitor health of service
• VIP Fails over when check of service fail
50
Highly Available RPC: Controllers
RACKSPACE | www.rackspace.com
51
Highly Available RPC: MySQL + Keepalived
RACKSPACE | www.rackspace.com
• MySQL
• Running Multi-Master
• Both nodes are able to handle “writes”
• In RPC we avoid conflict by using Keepalived
• Ensure we only write to a single node
• Multi-Master allows for automatic recovery
• No manual promotion of Slave to Master
• But we treat other “Master” as a “Slave”
52
Highly Available RPC: MySQL + Keepalived
RACKSPACE | www.rackspace.com
53
Highly Available RPC: RabbitMQ + Keepalived
RACKSPACE | www.rackspace.com
• RabbitMQ
• Running Cluster
• Rabbit 3.x
• Use Keepalived to write to a single RabbitMQ node
• Allow failover to other clustered node
• RabbitMQ failover is complex!
54
Highly Available RPC: RabbitMQ + Keepalived
RACKSPACE | www.rackspace.com
55
Highly Available RPC: API HA Proxy Keepalived
RACKSPACE | www.rackspace.com
• APIs
• Nova API
• Glance API
• Keystone API
• Neutron API
• Cinder API
• Horizon
• Utilise HA Proxy
• HA Proxy configured on each controller
• Each HA Proxy config knows about the other controller too
• Hit the HA Proxy controlled by Keepalived
• But that request is load balanced across both nodes (backend)
56
Highly Available RPC: API HA Proxy Keepalived
RACKSPACE | www.rackspace.com
57
Highly Available RPC: Compute
RACKSPACE | www.rackspace.com
• Non-HA
• Design for failure
• Evacuate and Live Migration
• DRBD block migration
• Shared storage
• KVM: Still a pause
• Good for Operations, not for reliance on HA
58
Highly Available RPC: Block Storage
RACKSPACE | www.rackspace.com
• Cinder API
• HA
• Cinder Backends
• NetApp, EMC, etc. (Enterprise Storage)
• Assumed HA/Resilient
• LVM
• Utilise local disk/DAS/JBOD
• Deploy more than one in Private Cloud
• Computes mount volume from Cinder1
• Computes also mount volume from Cinder2
• Software RAID the two volumes
59
RACKSPACE® HOSTING | WWW.RACKSPACE.COM
Rackspace Private Cloud Sandbox
RPC Sandbox
RACKSPACE | www.rackspace.com
• If you are wanting hands on instance access
• http://www.rackspace.com/cloud/private
• Download Virtual Box or VMware OVA
• Also
• Vagrant (http://www.vagrantup.com/
• VirtualBox (http://www.virtualbox.org/)
• Git
• https://github.com/BigCloudSolutions/VagrantSwift
• https://github.com/OpenStackCookbook/OpenStackCookbook
61
RACKSPACE® HOSTING | WWW.RACKSPACE.COM
Rackspace Private Cloud Installation
Install Rabbit MQ
Installation of Chef
Configuration of Chef Client
Fetch and Upload Cookbooks
Configuration of Environment
Bootstrapping Nodes
Chef Client
Testing Installation
Rackspace Private Cloud Ready
CHEF PREP INSTALL DONE
What really is OpenStack?RPC Installation Steps
RACKSPACE | www.rackspace.com
63
What really is OpenStack?
RACKSPACE | www.rackspace.com
64
Easy installation of RPC
• Head to http://www.rackspace.com/cloud/private
• Follow the instructions
• Scripts to install Chef
• Scripts to install Rackspace Private Cloud Cookbooks
What really is OpenStack?
RACKSPACE | www.rackspace.com
65
$ mkdir -p /opt/chef-cookbooks
$ COOKBOOK_VERSION=v4.2.2$ apt-get install git -y$ git clone https://github.com/rcbops/chef-cookbooks.git /opt/chef-cookbooks$ pushd /opt/chef-cookbooks
$ git checkout ${COOKBOOK_VERSION}$ git submodule init$ git submodule sync$ git submodule update # Upload all of the RPCS Cookbooks$ knife cookbook upload -o /opt/chef-cookbooks/cookbooks -a$ popd
$ knife role from file /opt/chef-cookbooks/roles/*.rb
Fetch and upload Cookbooks
What really is OpenStack?Configuration of Environment
RACKSPACE | www.rackspace.com
66
• Define our RPC OpenStack in a single JSON for Chef to use
• Define
• Nova Configuration (hypervisor, scheduler, etc)
• Networking
• Neutron (default type, vlans, etc)
• Glance
• Cinder
• MySQL
• Rabbit
• HA Details (VIPs to use)
• etc.
{ "name": ”rpcs", "description": "Environment for Rackspace Private Cloud", "cookbook_versions": { }, "json_class": "Chef::Environment", "chef_type": "environment", "default_attributes": { }, "override_attributes": { "monitoring": { "procmon_provider": "monit", "metric_provider": "collectd" }, "enable_monit": true, "osops_networks": { "management": "10.240.0.0/24", "swift": "10.240.0.0/24", "public": "10.240.0.0/24", "nova": "10.240.0.0/24" }, "rabbitmq": { "cluster": true, "erlang_cookie": "CookieContents" }, "nova": { "config": { "use_single_default_gateway": false, "ram_allocation_ratio": 1.0, "disk_allocation_ratio": 1.0, "cpu_allocation_ratio": 2.0, "resume_guests_state_on_host_boot": false }, "network": { "provider": "neutron" },
What really is OpenStack?Configuration of Environment
RACKSPACE | www.rackspace.com
67
What really is OpenStack?
RACKSPACE | www.rackspace.com
68
$ EDITOR=vi knife environment edit rpcs
Or
$ knife environment from file rpcs.json
What really is OpenStack?Configuration of Environment
RACKSPACE | www.rackspace.com
68
$ CONTROLLER1=10.240.0.1$ CONTROLLER2=10.240.0.2
$ COMPUTES=“10.240.0.3 10.240.0.4 10.240.0.5”
# Controllers (HA)$ knife bootstrap –E rpcs -r role[ha-controller1],role[single-network-node] ${CONTROLLER1}
$ knife bootstrap -E rpcs -r role[ha-controller2],role[single-network-node] ${CONTROLLER2}
# Computes$ for node in ${COMPUTES};do knife bootstrap -E rpcs-r role[single-compute] ${node}done
What really is OpenStack?Bootstrapping Nodes
RACKSPACE | www.rackspace.com
69
• Bootstrapping configures and installs chef-client
• and conveniently allows us to set roles too
$ chef-client$ ssh ${CONTROLLER2} chef-client$ chef-client
What really is OpenStack?Make Controllers HA
RACKSPACE | www.rackspace.com
70
• To make Controllers HA and utilising the VIPS and synchronise the data between the two:
• Run chef-client on Controller1
• Run chef-client on Controller2
• Run chef-client on Controller1
$ knife ssh “role:single-compute” “chef-client”
What really is OpenStack?Run Chef-Client on Computes
RACKSPACE | www.rackspace.com
71
• Finally, run chef-client on remaining nodes (Our Compute Nodes)
$ nova-manage service list
Or
$ . openrc$ nova service-list$ nova hypervisor-list
$ . openrc$ neutron agent-list
What really is OpenStack?Testing the Installation
RACKSPACE | www.rackspace.com
72
• Check Compute
• Check Networking
$ ovs-vsctl show
$ route -n$ ssh ${CONTROLLER2} route -n
What really is OpenStack?Testing the Installation
RACKSPACE | www.rackspace.com
73
• Check Open vSwitch
• Check HA / Keepalived
RACKSPACE® HOSTING | WWW.RACKSPACE.COM
QUESTIONS?
RACKSPACE® HOSTING | © RACKSPACE US, INC. | RACKSPACE® AND FANATICAL SUPPORT® ARE SERVICE MARKS OF RACKSPACE US, INC. REGISTERED IN THE UNITED STATES AND OTHER COUNTRIES.
RACKSPACE® HOSTING | 5 MILLINGTON ROAD | HAYES, UNITED KINGDOM UB3 4AZ
UK SALES: +44 (0)20 8712 6507 | UK SUPPORT: 0800 988 0300 | WWW.RACKSPACE.CO.UK