OpenStack建設(shè)公有云平臺(tái)實(shí)踐

1、OpenStack建設(shè)公有云平臺(tái)實(shí)踐技術(shù)創(chuàng)新，變革未來(lái)Why OpenStack?Why OpenStack?00寫(xiě)上你的文字你的文字0102030405目錄Open SourceApache 2 License00寫(xiě)上你的文字你的文字0102030405目錄Open DesignGrizzly Design Summit00寫(xiě)上你的文字你的文字0102030405目錄Open DevelopmentPropose features in launchpad00寫(xiě)上你的文字你的文字0102030405目錄Open DevelopmentCode Review00寫(xiě)上你的文字你的文字010203

2、0405目錄OpenStack is the #2 FOSS foundationThe Linux Foundation = $9.6MOpenstack = $6MMozilla Foundation = $1.9MThe Apache Foundation - $0.53M00寫(xiě)上你的文字你的文字0102030405目錄Open Foundation BoardPlatinum Members(8)Gold Members(8)DreamHost, Cloudscaling, ITRI/CCAT, DELL, Piston, Mirantis, Yahoo!, Cisco00寫(xiě)上你的文字

3、你的文字0102030405目錄Open Foundation BoardIndividual Members(8)“No one company may control more than two board seats”00寫(xiě)上你的文字你的文字0102030405目錄OpenStack Public CloudHowever They never tell you how to operate their public cloud based on OpenStack!ContentSinaCloud IntroductionChallenges to build a OpenStack

4、Public CloudNetwork topologySecurity EnhancementStorage SolutionIdentity IntegrationBilling & MonitoringDashboard ImprovementOperate an production OpenStackPlatform stackAutomated DeploymentContinuous IntegrationProject ManagementStackLab: A community OpenStack Public CloudSummary00寫(xiě)上你的文字你的文字0102030

5、405目錄Cloud RequirementSLargest infotainment web portal in ChinaProvides various on-line services, like news, Finance, video, email, blog hosting, etc.Needs unified infrastructure & app platform tohost heterogeneous services and apps.Sina Weibotwitter-like microblog serviceover 350m users, #1 SNS in

6、China.huge influence on Chinas societyWeibo Open Platform to build a social ecosystem through Open API and cloud environmental.We are building a reliable, scalable and secure cloud platform to support our business and external customers.00寫(xiě)上你的文字你的文字0102030405目錄First and most popular PaaS cloud in Ch

7、ina, launched in 2009Support PHP, Python and Javaruntime.250,000 developers, 380,000 apps running on SAE.First OpenStack based publicIaaS cloud in ChinaFirst commercial cloud appmarket in China.SaaS cloud based on SAE tech.Design for the common users,1-Click purchase and install apps.SinaCloud Portf

8、olio(Sina Cloud Market)00寫(xiě)上你的文字你的文字0102030405目錄Sina OpenStack dev TeamMore info: /blog/2012/10/how-sina-contributes-to-openstack/For CommunityTop 9 contributor by bugfix at EssexTop 4 contributor either by changeset or bugfix at FolsomContribute community project Dough, Kanyun addressing Monitoring

9、and BillingDevelop Island as Cinder would-be pluginLead COSUG to be largest OpenStack user groupContentSinaCloud IntroductionChallenges to build a OpenStack Public CloudNetwork topologySecurity EnhancementStorage SolutionIdentity IntegrationBilling & MonitoringDashboard ImprovementOperate an product

10、ion OpenStackPlatform stackAutomated DeploymentContinuous IntegrationProject ManagementStackLab: A community OpenStack Public CloudSummary00寫(xiě)上你的文字你的文字0102030405目錄Network TopologyNova-network vs QuantumMulti hostMulti TalentFlat, FlatDHCPTunnelingSDNSec GroupDashboard SupportNova-NetworkQuantumNova-N

11、etwork is simple, robust and reliable, except lack of someadvanced features.Quantum is not ready for production use, its OVS plugin has great potential to be open-source NVP solution.I would suggestion to continue use nova-network for production deployment until next release.00寫(xiě)上你的文字你的文字0102030405目錄

12、Nova-NetworkFlatNeed external DHCP Server, and human intervention, not flexible, hardly use in practical deployment.FlatDHCPLike Amazon EC2 networking(not VPC, VPC corresponds to Quantum), VM get IP from single network pools.Simple, easy to hack.Widely used in public cloud, also preferred topology i

13、n manyscenarios.VLANA little complex, hardware configuration may be involved. Not suggest to use except strong requirement of tenant isolation,Network Topology Real User CaseNova Network(FlatDHCP+Multi-host)Capability:Accessibility of all VMs in the fixed IPrangeVM is able to access public networkVM

14、 can be accessible from public networkBonus:Totally distributed architecture avoid single-point failure.Multiple gateway eliminates NATbottleneckHigh speed between OS regionsDrawback:Tenant isolation lessensNeed security facility(SWS-filter) to protect intranet00寫(xiě)上你的文字你的文字0102030405目錄Security Enhanc

15、ementSWS Filter: a extension to security group in nova-networkUsed to filter egress traffic from VM to internal network Define whose traffic could beable to reach which internal network IP/segment.00寫(xiě)上你的文字你的文字0102030405目錄Storage SolutionObject Storage: Definitely we choose SwiftBlock StorageCinder i

16、s not Amazon EBS, just a framework to include multiple open-source/commercial storage solution.Nova-volume/Cinder(iSCSI) is not applicable to public cloud.Sheepdog/Gluster/Ceph plugins need time to be stable.Island: Local Storage Volume plugin for Cinder is coming.High performance local storage Incr

17、emental & independent snapshot Snapshot store in swift目錄00寫(xiě)上你的文字你的文字0102030405Swift ArchitectureProxy ServerObject ServerContainer ServerAccount ServerZone1Proxy ServerObject ServerContainer ServerAccount ServerZone2Proxy ServerObject ServerContainer ServerAccount ServerZone3Proxy ServerObject Serve

18、rContainer ServerAccount ServerZone4Proxy ServerObject ServerContainer ServerAccount ServerZone51 Zone = 1 Physical Server with 12x2T diskWrite/Read applies Quorum protocolGET abc.pngPUT abc.pngLoad Balancer00寫(xiě)上你的文字你的文字0102030405目錄Cinder Island Plugin Architecture=UserNova APIVolume APINova RPCCompu

19、teManagerVolume ManagerIslandKVMGuestNovaDBSwift APIcinder RPCCinderDBSwift StorageKEYREST AMQP SQL POSIXIncrementSnapshot to SwiftimagesHost00寫(xiě)上你的文字你的文字0102030405目錄Identify Integration: KeystoneMySQLAWS-like Multi-region supportDashboardSelect RegionKeystone BeijingNovaSwiftGlanceKeystoneShanghaiNo

20、vaSwiftGlance00寫(xiě)上你的文字你的文字0102030405目錄Kanyun: Monitoring systemAggregatorAPI daemonNovaComputeResponds to client requestCalculates/stores metricsRetrieve usage infoDashboardBillingNoSQLRepo: /sinacloud/kanyunWorkerNovaComputeWorkerMetrics:CPU、mem、disk、 network traffic00寫(xiě)上你的文字你的文字0102030405目錄Kanyun de

21、mo00寫(xiě)上你的文字你的文字0102030405目錄Dough:Billing systemFarmerAPI daemonKanyun API (Metering)Subscribe or unsubscribe Query infoCheck status / Retrieve usage / Create purchasesDashboardRDBMSNoSQLdeductKeep track of billing info to charge tenants Flexible customization of payment policies How much/often to cha

22、rge for resource unitHandles prepaid or pay-as-you-go Coupon SupportRepo: /sinacloud/dough, you should also consider Celiometer project.00寫(xiě)上你的文字你的文字0102030405目錄Dough:Billing info page00寫(xiě)上你的文字你的文字0102030405目錄Dashboard ImprovementWe did not use Horizon, because:Horizons UI is not easy to customize Fro

23、nt endand back end is tightly coupledwe need much customization, its hard to keep pace withHorizon.What we do?Decouple the frontend design and backend implementation. Make dashboard a lightweight frontend.Separate user console and admin console.00寫(xiě)上你的文字你的文字0102030405目錄Horizon Dashboard00寫(xiě)上你的文字你的文字01

24、02030405目錄SWS v100寫(xiě)上你的文字你的文字0102030405目錄SWS v200寫(xiě)上你的文字你的文字0102030405目錄SWS v3 User Dashboard00寫(xiě)上你的文字你的文字0102030405目錄SWS v3 - Monitoring00寫(xiě)上你的文字你的文字0102030405目錄SWS v3 Physical Server MgtContentSinaCloud IntroductionChallenges to build a OpenStack Public CloudNetwork topologySecurity EnhancementStorage

25、 SolutionIdentity IntegrationBilling & MonitoringDashboard ImprovementOperate an production OpenStackPlatform stackAutomated DeploymentContinuous IntegrationProject ManagementStackLab: A community OpenStack Public CloudSummary00寫(xiě)上你的文字你的文字0102030405目錄Platform StackSASRaid10/5SSDRaid10/52U x86 rack Se

26、rverUbuntuOpenStackKVMChallenges in Deploying CloudCloud in essence are big data centersRequirement:Provision large scale physical infrastructuresSoftware deploymentOrchestrate all the heterogeneous components00寫(xiě)上你的文字你的文字0102030405目錄Operation ToolsDevelopment toolsSWS automation toolchain.DevGerritG

27、itoriousDeb RepoBare MetalOpenstack ClusterPuppetForemanZabbixBuild PackagesPeer Reviewgit reviewOS provisionServices ProvisionConfiguration managementMontoringProvides DHCP/TFTP/DNS and puppetCA for puppet00寫(xiě)上你的文字你的文字0102030405目錄SWS continuous integrationNeed change!PackagingHey, test PASS!Peer rev

28、iew PASS!It looks good to me,But need someone approveGood, Approve!Old BirdNewbieSomething failedWish my code passedDev00寫(xiě)上你的文字你的文字0102030405目錄Project ManagementDeploy open-source version Launchpad in-house as project management system.ContentSinaCloud IntroductionChallenges to build a OpenStack Pub

29、lic CloudNetwork topologySecurity EnhancementStorage SolutionIdentity IntegrationBilling & MonitoringDashboard ImprovementOperate an production OpenStackPlatform stackAutomated DeploymentContinuous IntegrationProject ManagementStackLab: A community OpenStack Public CloudSummaryStackLA Community free

30、 OpenStack Public Cloud, morethan just a OpenStack sandbox.StackLab is initiated and operated by Sina OpenStack team, as well as tech volunteers from community, while resources sponsored by Sina, Intel.StackLab news report: /2012/10/coscl-launches-stacklab/Why StackLabNot everyone has the opportunit

31、y to run a OpenStack public cloud when no resources, no users, no market, but StackLab will change this.Why StackLabCompaniesUsersStackLabDevOpsTeamStackLWhat does StackLab Look Like?Choose the region before loginOr choose the region after loginStackLab GoalsA community OpenStack public cloudwhich b

32、enefits users, contributors and sponsors.For OpenStack Users who experience StackLabUnderstand what exactly OpenStack is and what does it provideDevelop application on StackLab or using OpenStack APIBuild faith on OpenStack, possiblybecome real adopters and supporterFor OpenStack contributors involv

33、ed in StackLabTesting patches on real production-like environmental, and get feedbackfrom users, thus facilitate development and QA processesGains experiences through operating StackLab without risk of SLABetter understand the requirement of OpenStack usersFor StackLab sponsorsBuild band acknowledge

34、ment in OpenStack communityOwn one StackLab region in their own data centerPrior access to free technical support, consultant, of StackLab DevOps teamHow to join StackLabFor OpenStack Users who want to experience StackLabReally Easy! Goto StackL, register a free account instantly without approvement by admin.For OpenStack contributors to join StackLab DevOps teamPersuade your company to become a StackLab sponsor, thus you will have aStackLab region in your own DC, and you are one admin of StackLab.Contact us to join as an individual member.Fo