. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Hâpy OpenNebula GNU/Linux distribution for two french ministries Daniel Dehennin Pôle de Compétences Logiciels Libres OpenNebula TechDay Paris 2015 cc by-nc-sa 2.0-fr D. Dehennin (pcll) Hâpy 8 July 2015 1 / 37
37
Embed
Hâpy - OpenNebula GNU/Linux distribution for two french ...eole.ac-dijon.fr/presentations/OpenNebula TechDay Paris 2015/Hâpy... · Ganeti was promising OpenStack was already too
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
HâpyOpenNebula GNU/Linux distribution for two french ministries
EOLE: GNU/Linux meta-distributionEnsemble Ouvert Libre et Évolutif
Local project in educational constituency of Dijon in 2000National project in 2001 to protect students and administrative datasBased on Mandrake LinuxSwitched to Ubuntu GNU/Linux in 2007
Turnkey solutions for national educationOne ISO to rule them all
From elementary to high school
Zéphir: Centralised server managementAmon: Firewall, proxy and IPSec VPNSphynx: VPN concentratorHorus: Administrative staff Samba serverScribe: Student communication and file serverAmonEcole: Merge Amon and Scribe functionalities with containersEclair: LTSP serverSeshat: Centralised MTA and web SSOThot: Centralised LDAP
D. Dehennin (pcll) Hâpy 8 July 2015 5 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Highly adaptablePatch and extend
Variables declared in XML filesPython Cheetah templates of configuration filesPre/post scripts (ex: populate database)
Adapt or create your own derivatives to fit your needs
D. Dehennin (pcll) Hâpy 8 July 2015 6 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
MEDDE derivativesVariation and new servers
Ministère de l’écologie, du développement durable et de l’environnement(MEDDE) created their own derivatives
eSSL: variant of firewall Amon (2009)eCDL: NT domain controller (2011)eSBL: file server, plugged on eCDL (2011)
D. Dehennin (pcll) Hâpy 8 July 2015 7 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Largely deployedEven on a boat, not on the map ;-)
D. Dehennin (pcll) Hâpy 8 July 2015 8 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Bare metal to configured server in 30 mn3 little steps for humans
1 Installation from ISO2 Configuration3 Deployment
Each step can be done by different people
D. Dehennin (pcll) Hâpy 8 July 2015 9 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Automatic installation from hybrid ISOOEM like install
D. Dehennin (pcll) Hâpy 8 July 2015 10 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
A web interface for configurationLocal on the server or central on Zéphir
D. Dehennin (pcll) Hâpy 8 July 2015 11 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Instantiate the serverGenerate config files and start services
1 Register the server on Zéphir2 Retrieve the configuration3 Run instance
D. Dehennin (pcll) Hâpy 8 July 2015 12 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Manage and monitor the servercommand line or web interface
D. Dehennin (pcll) Hâpy 8 July 2015 13 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Road to a new galaxy
D. Dehennin (pcll) Hâpy 8 July 2015 14 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Why did we get to OpenNebula?Bare metal elastic limit is too low
Testing our OS was done on physical desktop computersSome “lucky” developers could have at most 2 VMs on theirworkstation
EOLE development needed elasticity
D. Dehennin (pcll) Hâpy 8 July 2015 15 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Looking for virtualisation infrastructureMany choices: too big, not enough flexible or immature
2012: two new quite powerful workstations ⇒ testing party
Proxmox needed a reboot to add a new networkArchipel barely emergedGaneti was promisingOpenStack was already too much
Start with OpenNebula 3.8
D. Dehennin (pcll) Hâpy 8 July 2015 16 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Complete virtual infrastructure per user
Standard network namesVLAN isolated networksOne user == one gatewayGenerated with Jenkins
Sharing VM templates requires avoiding UNAME on networks
D. Dehennin (pcll) Hâpy 8 July 2015 17 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Pilot OpenNebula from JenkinsContinuous integration of OS
Check installation from ISOCheck default configurationsCheck daily upgrade to find broken packagesCheck user database import
D. Dehennin (pcll) Hâpy 8 July 2015 18 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Jenkins jobs produce ready to use VMsReduce environment setup time
D. Dehennin (pcll) Hâpy 8 July 2015 19 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Remove physical limitationsTest beds was burning
The two dedicated workstations was fine for testingBumped memory to 2x32GB
NFS access on workgroup NAS was too slow
Two 24 CPU 96GB RAM Blades with 3TB GFS2 on SAN
D. Dehennin (pcll) Hâpy 8 July 2015 20 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Road to Hâpy-ness
D. Dehennin (pcll) Hâpy 8 July 2015 21 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
2013: talk at our annual seminaryTeasing inside
General presentation of OpenNebula
High interest from our community to add it on the ISO
D. Dehennin (pcll) Hâpy 8 July 2015 22 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
First steps to OpenNebula distributionThe community wanted it, the community did it
2014: presentation of the work in progressShow must go on
Only the first part was fundedSingle node OpenNebulaPreparation of virtual networks from ZéphirPreparation of datastores from ZéphirAutomated deployment of EOLE servers based on Zéphir
Engagement of MEDDE to finalise it
D. Dehennin (pcll) Hâpy 8 July 2015 26 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
2015: Hâpy new distributions
Deification of annual flooding of the Nile
Integrated on ISOMissing community feedback ⇒ tagged experimental
Several distributions depending on the working mode
D. Dehennin (pcll) Hâpy 8 July 2015 27 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Single node server
HâpyHâpy
OpenNebula Sunstone
Open vSwitchOvSnode market( )
D. Dehennin (pcll) Hâpy 8 July 2015 28 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Cluster: the frontend
HâpyMaster
HâpyMaster
D. Dehennin (pcll) Hâpy 8 July 2015 29 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Cluster: the nodes
nodeHâpyNodeHâpyNode
D. Dehennin (pcll) Hâpy 8 July 2015 30 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Hâpy deploymentLa Réunion is the hâpy leader
10 schools deployed120 schools in 3 years4 virtual machines per Hâpy (Amon, horus, 2 proprietary OS)12 cores CPU, 64GB RAM, 1.2TB SAS internal disks2TB for backup (VMs + ONE database)
D. Dehennin (pcll) Hâpy 8 July 2015 31 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Summary
HâpyHâpy=
=Hâpy
MasterHâpy
Master
+ HâpyNodeHâpyNode
HâpyNodeHâpyNode
HâpyNodeHâpyNode
HâpyNodeHâpyNode
D. Dehennin (pcll) Hâpy 8 July 2015 32 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Evolutivity
=+ +HâpyNodeHâpyNode
HâpyNodeHâpyNode
HâpyNodeHâpyNode
HâpyNodeHâpyNode
HâpyHâpy
D. Dehennin (pcll) Hâpy 8 July 2015 33 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Outlook
Integrate latest OpenNebula versionAutomatic migration of database on upgradeUse MySQL by defaultSupport a distributed file systemBetter market support
Manage hundred of remote OpenNebula from a central console
D. Dehennin (pcll) Hâpy 8 July 2015 34 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Questions?
D. Dehennin (pcll) Hâpy 8 July 2015 35 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Thanks
Many thanks to the FOSS community for all the great software. So fewthings would exists without them.
This talk was realised with the help of the following libre software:
Composition system LATEX TeX LiveThe most powerful text editor available today GNU/EmacsThe Awesome window managerThe Universal Operating System Debian GNU/Linux