BRKDCT-1253: Introduction to OpenStack Daneyon Hansen, Software Engineer
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 2 Cisco Public
Agenda
§ Background § Technical Overview § Demonstration § Q&A
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 3 Cisco Public
Looking Back
Do You Remember What This Guy Did to IT?
Linux™
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 4 Cisco Public
The Internet
How will you build your cloud?
The Internet was built on Open Source Software
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 5 Cisco Public
Welcome to OpenStack
The Cloud Needs and WILL have an Open Source operating system to achieve Internet Scale:
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 6 Cisco Public
OpenStack: A Brief History
nebula.nasa.gov
§ NASA Launches Nebula – One of the first cloud computing platforms
built by the Federal Government for the Federal Government
§ March 2010: Rackspace Open Sources Cloud Files software, aka Swift
§ May 2010: NASA open sources compute software, aka “Nova”
§ June 2010: OpenStack is formed § July 2010: The inaugural Design Summit
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 7 Cisco Public
OpenStack Community
160 and counting
+ &
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 8 Cisco Public
Cloud Layers Overview
§ Hosts – Linux (Ubuntu, Red Hat, Fedora, etc.), Windows
§ Host Virtualization – KVM, Xen, Hyper-V, ESX
§ Host Management: Libvirt – An open source toolkit to interact with hypervisors
§ Virtual Networking – Linux Bridge, Open vSwitch
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 9 Cisco Public
Cloud Layers Overview Cont..
§ Infrastructure as a Service (IaaS) Orchestration – OpenStack, Amazon EC2/S3, CloudStack
§ Platform as a Service (PaaS) – Google App Engine, AWS Beanstalk, Heroku, Cloud Foundry
§ Application Orchestration – AWS CloudFormation, OpenStack Heat (Incubation Project)
§ System Management & Automation (aka DevOps) – Puppet, Chef, Ansible, etc.
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 10 Cisco Public
OpenStack Vision
Seamless Cloud Interoperability
Public Clouds Private Clouds
Community Clouds
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 11 Cisco Public
Agenda
§ Background § Technical Overview § Demonstration § Q&A
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 12 Cisco Public
OpenStack Introduction
§ A Cloud Operating System
– A collection of interrelated software components delivering capabilities to build and manage cloud infrastructure.
§ A global community of developers devoted to innovation and openness
§ Flexibility in deployment and features
§ Standards for broad deployment
§ No fear of vendor “lock-in”
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 13 Cisco Public
OpenStack Terminology
§ Instance- Running virtual machine § Image- Non-running virtual machine, multiple formats (AMI, OVF, etc.) § Application Programming Interface (API)- Interface for computer programs § Message Queue- Acts as a hub for passing messages between daemons § Volume- Provides persistent block storage to instances § Project- aka Tenants, provides logical separation among cloud users § Flavors- Pre-created bundles of compute resources § Fixed IP- Associated to an instance on start-up, internal only § Floating IP- Public facing IP address
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 14 Cisco Public
OpenStack Core Projects
OpenStack Compute (Nova) Software to provision virtual machines on standard server hardware at massive scale
OpenStack Object Storage (Swift) Software to reliably store billions of objects distributed across standard server hardware
OpenStack Image Service (Glance) Services for discovering, registering, and retrieving virtual machine images
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 15 Cisco Public
OpenStack Core Projects Cont..
OpenStack Dashboard (Horizon) A self-service web portal to allow administrators and users to manage OpenStack resources
OpenStack Identity (Keystone) Provides “unified authentication” across all OpenStack projects and integrates with 3rd party authentication systems OpenStack Block Storage Service (Cinder) Intended to separate existing nova-volume service into an independent service
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 16 Cisco Public
OpenStack Core Projects Cont..
OpenStack Network Service (Quantum) Provides “network connectivity as a service” between devices managed by other OpenStack services
Many Other Incubation & Community Projects http://openstack.org/projects/
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 17 Cisco Public
Identity Service (Keystone) Introduction
§ An authentication and authorization (AA) system
§ Organized into a group of internal services
§ Provides a HTTP front-end to clients (components, users, etc.)
§ Support for multiple back-ends
– Allows Keystone to adapt to a wide-range of environments
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 18 Cisco Public
Keystone
Keystone Architecture
Nova Swift
object-api
nova-api (EC2, OS, Admin)
Glance glance-api
Service & Admin API’s
OpenStack
Service Backends (KVS, SQL, PAM, Templated)
identity token Catalog Policy
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 19 Cisco Public
Image Service (Glance) Introduction
§ Designed to be adaptable
§ 3 primary services- API, Registry, and Store Adapter
§ Provides services for discovering, registering, and retrieving virtual machine images
§ Images can be stored in a variety of locations
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 20 Cisco Public
Glance Architecture
Nova Swift
object-api
nova-api (EC2, OS, Admin)
Glance Glance API Server (glace-api)
OpenStack
Registry Server
S3 Store
Store Adapter
Swift Store Filesystem Store HTTP Store
SQL
Keystone
Service API
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 21 Cisco Public
Compute Service (Nova) Introduction
§ Primary component of the OpenStack IaaS platform
§ Shared-nothing and modular software architecture
– Services communicate using a message queue (AMQP)
§ Uses a SQL-based database for information storage
– Shared by all system components
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 22 Cisco Public
Nova Architecture
Nova
nova-api (EC2, OS, Admin)
OpenStack
Users
Computer Programs
Message Queue (RabbitMQ)
Scheduler (nova-scheduler)
Compute Worker(s) (nova-compute)
Network Controller(s) (nova-network)
Volume Worker(s) (nova-volume)
Data Store
Glance Swift
object-api
Keystone
Service API glance-api glance-api
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 23 Cisco Public
Block Storage Service (Cinder) Introduction
§ New in Folsom Release
§ Provides a “drop-in” replacement/alternative to nova-volume
§ Utilizes the same nova-volume code and architecture
§ Operates using the same nova client and euca2ools
– nova volume-create, nova volume-snapshot-create, etc.
§ Upcoming release (Havana) will include:
– Additional driver support, metering, incremental snapshots w/Swift integration
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 24 Cisco Public
Cinder Architecture
Cinder
cinder-api (OS, Admin)
OpenStack
Users
Computer Programs
Message Queue (RabbitMQ)
Scheduler (cinder-scheduler)
Volume Worker(s) (cinder-volume)
Data Store
Nova Swift
object-api
Keystone
Service API nova-api
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 25 Cisco Public
Object Store Service (Swift) Introduction
§ Object-based storage system
– NOT a block-based system like iSCSI
– Consists of flexibly-sized data containers (objects)
§ Distributed architecture
– Avoids a single point of failure
– Massively scalable (billions of objects and PB’s of data)
§ Server hard drives turn into a pool of storage
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 26 Cisco Public
Swift Architecture
Nova
Swift object-api
nova-api (EC2, OS, Admin)
OpenStack
Keystone
Service API
Glance glance-api
Account Service Container Service Object Service
Memcache Proxy Server
Storage Server
swauth
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 27 Cisco Public
Swift Functionality
27
§ The Ring – Mapping between entities and physical location
§ Proxy Server – Ties together end users and the Swift back-end
services, provides public API endpoint.
§ Object Server – Simple blob storage server to store, retrieve, and
delete objects on local disk
§ Container Server – Lists objects
§ Account Server – Similar to container, but lists containers
Server 1 Device
1
Server 2 Device
2
Server 3 Device
3
Zone 1 (Replica 1)
P11
P25
Zone 2 (Replica 2)
Zone 3 (Replica 3)
….
The Ring The Cluster
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 28 Cisco Public
Component Communication
Other OpenStack Components
Nova
Swift object-api
Glance glance-api nova-api (EC2, OS, Admin)
OpenStack
component-api
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 29 Cisco Public
Component Communication
Other OpenStack Components
Nova
Swift object-api
Glance glance-api
OpenStack
nova-api (EC2, OS, Admin)
component-api
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 30 Cisco Public
Component Communication
Other OpenStack Components
Nova
Swift object-api
Glance glance-api
OpenStack
nova-api (EC2, OS, Admin)
component-api
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 31 Cisco Public
Component Communication
Other OpenStack Components
Nova
Swift object-api
Glance glance-api
component-api
OpenStack
nova-api (EC2, OS, Admin)
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 32 Cisco Public
OpenStack Networking Options
Flat Mode All Instances are attached to a single Linux bridge. IP’s are injected into image on launch FlatDHCP Mode Similar to Flat Mode, but includes a DHCP server to manage instance IP’s. Instances receive an IP through a dhcpdiscover message VLAN Network Mode A VLAN, Fixed IP Subnet, and Linux bridge per tenant. Quantum Network Manager A peer OpenStack service providing network connectivity services
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 33 Cisco Public
Flat & Flat DHCP Modes
33
VM1 WS1
OS
vNIC
ETH0 Hypervisor
TAP2
VM2 App
OS
vNIC
TAP3
VM3 WS2
OS
vNIC
br100 ETH0
br100 ETH1
Private Network
Public Network
Network Controller (i.e. Node running Nova-
Network)
Compute Node Host 1 Controller Node
VM4 WS1
OS
vNIC
TAP4
ETH0 Hypervisor
TAP5
VM5 App
OS
vNIC
TAP6
VM6 WS2
OS
vNIC
br100
Compute Node Host N
Bridging, NAT, DHCP
§ Controller Node runs nova-network and acts as gateway to “outside world” § Optionally, nova-network component can run on each compute node
Requires nova-api on each compute node
TAP1
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 34 Cisco Public
VLAN Mode
34
VM1 WS1
OS
vNIC
ETH1 Hypervisor
VM2 App
OS
vNIC
VM3 WS2
OS
vNIC
br101 / VLAN 22 br100/ VLAN11
VM4 WS1
OS
vNIC
ETH1 Hypervisor
VM5 App
OS
vNIC
VM6 WS2
OS
vNIC
br101 / VLAN 22 br100 / VLAN11
ETH1 br100 / VLAN11
br101 / VLAN 22
ETH0
Private Network
Public Network
Compute Node Compute Node Host 1 Host N
§ Default Networking Mode § Switch must support 802.1q VLAN Tagging
Controller Node
TAP0 TAP1 TAP6 TAP4 TAP5 TAP3
Network Controller (i.e. Node running Nova-
Network)
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 35 Cisco Public
Quantum Introduction § Provides abstractions and functionality needed for
cloud networking
§ Why Quantum? – Current networking under Nova is limited – Provide tenants an API to build rich networking topologies
– Foster innovation through plug-ins
§ Provides abstractions, functions, and API for: – Virtual Network (VN)
– Virtual port (VPT) on a VN – Attaching/detaching Virtual Interfaces (VIF)
35
VM1 WS1
OS
VIF1
VPT1
ETH1 Hypervisor
VPT2
VM2 App
OS
VIF2
VM42 App
OS
VIF4
VPT3 VPT4
VM3 WS2
OS
VIF3
VN-Red-E2 VN-Blue-E1
q-router
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 36 Cisco Public
Quantum Architecture
Quantum API
Quantum Service • Network abstraction definition and management • Device and service attachment framework • Does NOT implement any abstractions
Quantum Plug-in API
API Extensions
Vendor/User Plug-In • Maps abstraction to implementation on physical and/or virtual networks • Implements all the operations included in the Quantum API • Can provide additional features through API extensions
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 37 Cisco Public
Quantum Abstractions § Virtual Networks (VN)
– A basic Layer-2 (L2) network – A common VN realization is a VLAN
§ Virtual Ports (VP) – An attachment point for a virtual interface (VIF) to connect
to a VN
– Ports expose configuration and monitoring state through extensions
§ Subnets (new in v2 API) – IP Address Management (IPAM) to store subnet
information and IP allocation
– Allows the setting of gateway and host routes 37
VM1 WS1
OS
VIF1
VPT1
ETH1 Hypervisor
VPT2
VM2 App
OS
VIF2
VM42 App
OS
VIF4
VPT3 VPT4
VM3 WS2
OS
VIF3
VN-Red-E2 VN-Blue-E1
q-router
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 38 Cisco Public
Quantum Abstractions Cont.. § Through CRUD operations, an Instance can
dynamically be: – Added/removed from a network – Moved from one port to another on demand
38
VM1 WS1
OS
VIF1
VPT1
ETH1 Hypervisor
VPT2
VM2 App
OS
VIF2
VM42 App
OS
VIF4
VPT3 VPT4
VM3 WS2
OS
VIF3
VN-Red-E2 VN-Blue-E1
q-router
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 39 Cisco Public
Quantum Plugins & API Extensions § Plugin
– Implements the realization of Quantum abstractions – Supports different back-end technologies and vendors
– Currently 1 Quantum plugin per deployment – Examples: Linux Bridge, Open vSwitch, Cisco, Nicira
NVP
§ API Extensions – Allows the plugin to expose additional capabilities – Applications can programmatically determine what
extensions are available through CRUD operations
– Examples: Port profiles, Quality of Service, etc.
39
VM1 WS1
OS
VIF1
VPT1
ETH1 Hypervisor
VPT2
VM2 App
OS
VIF2
VM42 App
OS
VIF4
VPT3 VPT4
VM3 WS2
OS
VIF3
VN-Red-E2 VN-Blue-E1
q-router
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 40 Cisco Public
Quantum High-Level Flow § Tenant creates a network (i.e. net1) § Tenant associates a subnet with a network (i.e.
subnet1- 10.10.10.0/24)
§ Tenant boots an Instance, specifying the network to connect to (i.e. nova boot –nic net-id=)
§ Nova contacts Quantum and creates a port1 on net1 § Quantum assigns an IP address to the Instance
(through DHCP Agent)
§ Tenant destroys the Instance § Nova contacts Quantum to destroy port1.
Associated IP address is returned to pool.
40
VM1 WS1
OS
VIF1
VPT1
ETH1 Hypervisor
VPT2
VM2 App
OS
VIF2
VM42 App
OS
VIF4
VPT3 VPT4
VM3 WS2
OS
VIF3
VN-Red-E2 VN-Blue-E1
q-router
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 41 Cisco Public
Agenda
§ Background § Technical Overview § Demonstration § Q&A
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 42 Cisco Public
Keystone Demonstration
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 43 Cisco Public
Glance Demonstration
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 44 Cisco Public
Nova Demonstration
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 45 Cisco Public
Quantum Demonstration
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 46 Cisco Public
Horizon Demonstration
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 47 Cisco Public
Summary
§ Openstack.org § OpenStack is massively scalable § OpenStack is production ready
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 48 Cisco Public
Questions?
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 49 Cisco Public
Complete Your Online Session Evaluation § Give us your feedback and you
could win fabulous prizes. Winners announced daily.
§ Receive 20 Passport points for each session evaluation you complete.
§ Complete your session evaluation online now (open a browser through our wireless network to access our portal) or visit one of the Internet stations throughout the Convention Center.
Don’t forget to activate your Cisco Live Virtual account for access to all session material, communities, and on-demand and live activities throughout the year. Activate your account at the Cisco booth in the World of Solutions or visit www.ciscolive.com.
49
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 50 Cisco Public
Final Thoughts
§ Get hands-on experience with the Walk-in Labs located in World of Solutions, booth 1042
§ Come see demos of many key solutions and products in the main Cisco booth 2924
§ Visit www.ciscoLive365.com after the event for updated PDFs, on-demand session videos, networking, and more!
§ Follow Cisco Live! using social media: – Facebook: https://www.facebook.com/ciscoliveus – Twitter: https://twitter.com/#!/CiscoLive – LinkedIn Group: http://linkd.in/CiscoLI
50
© 2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-1253 51 Cisco Public © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public