30
CLOUDSTACK Clayton Weise [email protected] IRC: iswcin #cloudstack on freenode

CloudStack Build A Cloud Day (SCaLE 2013)

Embed Size (px)

DESCRIPTION

Slides from th

Citation preview

Page 1: CloudStack Build A Cloud Day (SCaLE 2013)

CLOUDSTACK

Clayton Weise [email protected]: iswcin #cloudstack on freenode

Page 2: CloudStack Build A Cloud Day (SCaLE 2013)

L ICENSING

This presentation and it’s contents unless otherwise noted are released under a Creative Commons Attributions, Share-Alike 3.0 unported license.

Page 3: CloudStack Build A Cloud Day (SCaLE 2013)

HISTORY

Original company formed - 2008 (VMOps) Project open sourced as CloudStack – May 2010 Acquired by Citrix – July 2011 Dropped open core – August 2011 Release of Acton (3.0) – Real soon now

Page 4: CloudStack Build A Cloud Day (SCaLE 2013)

WHAT IS CLOUDSTACK?

Open Source Infrastructure as a Service platform that supports multiple hypervisors, complex network, firewall, load balancer and VPN configurations, high availability, in a multi-tenant environment.

Page 5: CloudStack Build A Cloud Day (SCaLE 2013)

WHAT DOES IT REALLY DO?

Provide separation for the varied tenants Allocate compute resources in a deterministic manner Expose to the end user the ability to provision various

computing services in a controlled manner (VLAN allocation, firewall rules, load balancer deployment, VM creation, etc)

Manage High Availability Massively Scalable Permit the placement of resource limits to be applied Measuring usage over time

Page 6: CloudStack Build A Cloud Day (SCaLE 2013)

MULTIPLE HYPERVISOR SUPPORT

KVM XenServer Xen Cloud Platform VMware (via vCenter) Oracle VM Bare Metal

Page 7: CloudStack Build A Cloud Day (SCaLE 2013)

MULTI-TENANT SEPARATION

Largely built around abstraction from an end-user POV No interaction with hypervisor directly No knowledge of underlying storage

Networking separation Every account has at least one dedicated/isolated VLAN

(Tagged Networking) Layer 3 isolation aka Security Groups for untagged

networking Option to use dedicated hardware

Page 8: CloudStack Build A Cloud Day (SCaLE 2013)

NETWORKING

CloudStack has a number of network models They are generally broken down by:

Method of isolation (VLAN, Security Groups) Physical hardware or virtual

CloudStack largely manages network infrastructure

Page 9: CloudStack Build A Cloud Day (SCaLE 2013)

NETWORKING

Services managed by CloudStack DHCP VLAN allocation Firewall NAT/Port forwarding Routing VPN Load Balancing

Page 10: CloudStack Build A Cloud Day (SCaLE 2013)

NETWORKING

CloudStack can also manage physical network hardware (or the virtualized alternatives) F5-Big IP NetScaler Juniper SRX

Additionally you can ‘mix and match’ some network elements as service offerings.

Page 11: CloudStack Build A Cloud Day (SCaLE 2013)

SECURITY GROUPS

Traditional isolation has been via VLAN VLANs isolate well, but have some problems scaling

Standard has a hard limit of 4096 VLANs Hardware that can actually keep up with 4096 VLANs is

VERY expensive. Regardless people tend to not like having arbitrary limits

on what they can do. Amazon and others use layer 3 isolation (Security

Groups)

Page 12: CloudStack Build A Cloud Day (SCaLE 2013)

SECURITY GROUPS

Assumption of a quasi-trusted Layer 2 network Typically will only have hypervisors directly connected to

that network. Filtering/isolation occurs at the bridge device (from a

Linux perspective – think ebtables) Deny by default

Page 13: CloudStack Build A Cloud Day (SCaLE 2013)

SECURITY GROUPS

Page 14: CloudStack Build A Cloud Day (SCaLE 2013)

SECURITY GROUPS

Page 15: CloudStack Build A Cloud Day (SCaLE 2013)

HIGH AVAILABIL ITY

RFMTTR – but apparently HA looks better in marketing slicks and is used that way across the virtualization industry.

CloudStack is not a magical solution for HA – but might be a useful tool in the process to increase availability.

CloudStack will watch for HA-enabled VMs to ensure that they are up, and that the hypervisor it’s on is up – and will restart on another hypervisor if it goes down.

Redundant router

Page 16: CloudStack Build A Cloud Day (SCaLE 2013)

ALLOCATION ALGORITHMS

How do you place VMs?, allocate storage, etc. CloudStack ships with a number of options:

First Fit Fill first Disperse Create your own

Tags OS Preference

Page 17: CloudStack Build A Cloud Day (SCaLE 2013)

USAGE

Not billing per se – but does give you something to bill against.

Usage stats show VM count, CPU usage, disk allocation and usage, network usage; all over time.

Lots of integration and howto’s - from Excel spreadsheets to Ubersmith, Amysta, and Cloud Portal.

Page 18: CloudStack Build A Cloud Day (SCaLE 2013)

HIGH LEVEL ARCHITECTURAL OVERVIEW

© Copyright David Baird and licensed for reuse under this CC-BY

Page 19: CloudStack Build A Cloud Day (SCaLE 2013)

SECONDARY STORAGE

Used for storing templates and snapshots Historically NFS – just added the option of object storage

Technically Swift, but Caringo, GlusterFS and others should work.

Managed by Secondary Storage VM – manages moving templates and snapshots from/to primary storage, aging snapshots out, etc.

Page 20: CloudStack Build A Cloud Day (SCaLE 2013)

PRIMARY STORAGE

In the UI we support NFS, iSCSI, and CLVM. We can also make use of local storage

No HA, no live migration, etc. Shared mountpoint

Anything that all the hypervisors can mount and write to.

Page 21: CloudStack Build A Cloud Day (SCaLE 2013)

RESOURCE DIVIS ION

We have some somewhat arbitrary divisions of resources within CloudStack Zones

• Pods– Clusters

Page 22: CloudStack Build A Cloud Day (SCaLE 2013)

ZONE

In general practice this is used to designate a specific geographic location.

Shares secondary storage resource across the entire zone Single network model for the entire zone

Page 23: CloudStack Build A Cloud Day (SCaLE 2013)

POD

In general practice – this is used to refer a rack of machines or a row of racks.

Shares guest network

Page 24: CloudStack Build A Cloud Day (SCaLE 2013)

CLUSTER

This is typically a max of 8-15 machines per cluster and homogenity is enforced: Same hypervisor (and same version of the hypervisor) Same CPUs Same networking (i.e. /dev/eth0 is connected to the same

network across all machines) Primary storage is cluster specific

Page 25: CloudStack Build A Cloud Day (SCaLE 2013)

PLETHORA OF NETWORKS

Management Network: Where the hypervisors and management server communicate

Private Network: Default network for system VMs. (virtual router, secondary storage VM, Console proxy VM)

Public Network: The public (often internet-facing network)

Guest Network: The network that VMs are provisioned on.

Link-local network: The RFC 3927 network used for communication between hypervisor and system VMs.

Page 26: CloudStack Build A Cloud Day (SCaLE 2013)

MANAGEMENT SERVER

UI/API pieces are stateless (state is stored in a MySQL database.

All UI functionality is an API call

Page 27: CloudStack Build A Cloud Day (SCaLE 2013)

API

RESTful API interface Unauthenticated API interace on 8096 (for localhost) Authenticated API interface natively on port 8080 Responses in XML or JSON http://demo4.cloudstack.org/client/api?

apikey=ZRFLiXIkmAHqgRmZzdiXMfaROyK35P_dXxS517WSa9Tmy1Hg&command=deployVirtualMachine&serviceofferingid=1&templateid=291&zoneid=1&signature=eXW%2fxfqx%2fhu%2frMreFksVsp3cT4M%3d

Page 28: CloudStack Build A Cloud Day (SCaLE 2013)

UI

Go play with the UI

Page 29: CloudStack Build A Cloud Day (SCaLE 2013)

QUESTIONS

ASK!

Page 30: CloudStack Build A Cloud Day (SCaLE 2013)

CONTACT

http://cloudstack.org Docs: https://cwiki.apache.org/CLOUDSTACK IRC: #cloudstack on Freenode Twitter/identi.ca: @cloudstack Mailing Lists

https://lists.sourceforge.net/mailman/listinfo/cloudstack-users https://lists.sourceforge.net/mailman/listinfo/cloudstack-devel

Forums