National Chung Cheng UniversityDept. Computer Science & Information Engineering
2016 Mobile All-IP Networking Laboratory 1
OpenStack鄭廷軒
National Chung Cheng UniversityDept. Computer Science & Information Engineering
2
Cloud Service
National Chung Cheng UniversityDept. Computer Science & Information Engineering
3
Cloud Service
National Chung Cheng UniversityDept. Computer Science & Information Engineering
4
OpenStack What is OpenStack?Open Source Cloud Software
mostly deployed as an infrastructure-as-a-service (IaaS)
Combines compute, network and storage resourcesWeb portal for cloud admins and self-service usersCloud services exposed through APIs
National Chung Cheng UniversityDept. Computer Science & Information Engineering
5
OpenStack ReleasesRelease name Release date Included Component code names[45]
Austin 21 October 2010[106][107] Nova, SwiftBexar 3 February 2011[108] Nova, Glance, SwiftCactus 15 April 2011[109] Nova, Glance, SwiftDiablo 22 September 2011[110] Nova, Glance, SwiftEssex 5 April 2012[111] Nova, Glance, Swift, Horizon, Keystone
Folsom 27 September 2012[112] Nova, Glance, Swift, Horizon, Keystone, Quantum, Cinder
Grizzly 4 April 2013[113] Nova, Glance, Swift, Horizon, Keystone, Quantum, Cinder
Havana 17 October 2013[114] Nova, Glance, Swift, Horizon, Keystone, Neutron, Cinder, Heat, Ceilometer
Icehouse 17 April 2014[115] Nova, Glance, Swift, Horizon, Keystone, Neutron, Cinder, Heat, Ceilometer, Trove
Juno 16 October 2014[116] Nova, Glance, Swift, Horizon, Keystone, Neutron, Cinder, Heat, Ceilometer, Trove, Sahara
Kilo 30 April 2015[117] Nova, Glance, Swift, Horizon, Keystone, Neutron, Cinder, Heat, Ceilometer, Trove, Sahara, Ironic
Liberty 16 October 2015[118] Nova, Glance, Swift, Horizon, Keystone, Neutron, Cinder, Heat, Ceilometer, Trove, Sahara, Ironic, Zaqar, Manila, Designate, Barbican, Searchlight
Mitaka* 7 April 2016[119] Nova, Glance, Swift, Horizon, Keystone, Neutron, Cinder, Heat, Ceilometer, Trove, Sahara, Ironic, Zaqar, Manila, Designate, Barbican, Searchlight, Magnum
Newton Scheduled6 October 2016[120]
National Chung Cheng UniversityDept. Computer Science & Information Engineering
6
OpenStack產業界應用 (一 )
CERN 使用了 5 千臺運算節點來執行 OpenStack 環境, 4,800 臺執行 KVM ,而 200 臺則執行 Hyper-V 虛擬化平臺,共有 16 萬個核心,來執行 13 萬個 VM 。目前有 2千位研究人員使用,建立了超過 2,300 個專案。
National Chung Cheng UniversityDept. Computer Science & Information Engineering
7
OpenStack產業界應用 (二 ) 日本發生地震後,在數十秒內,日本雅虎資料中心的網路流量瞬間暴增為平時尖峰的 3 倍,如何事先打造出一套可以應付這種瞬間爆量的基礎架構,是日本雅虎資料中心面臨的一大挑戰。 由於 OpenStack 軟體上的效能改進,單櫃伺服器所能執行的虛擬機器,也從 400 個提高到單櫃 2,000 個。 日本雅虎目前部署了超過 20 個 OpenStack 叢集,總儲存容量達 20PB(10 的 15 次方 byte) ,可用性能達到 99.996%。
National Chung Cheng UniversityDept. Computer Science & Information Engineering
8
OpenStack users PayPal / eBay NASA Yahoo! HP Public Cloud Wikimedia Labs Cisco WebEx more…(http://www.openstack.org/user-stories)
National Chung Cheng UniversityDept. Computer Science & Information Engineering
9
Before we start
National Chung Cheng UniversityDept. Computer Science & Information Engineering
10
虛擬化技術 現今雲端運算上的虛擬化技術,主要是將原本運作在實際伺服器上的伺服器作業系統,變成在虛擬化的軟體上執行,因此在硬體故障時,這些伺服器系統便可以很容易地移轉到另外一台已設置好虛擬化軟體的硬體上,系統不需要重新安裝與設定,新硬體與舊硬體也不必是相同規格,可以大幅簡化伺服器的管理。 開放原始碼上主流的虛擬化技術大致上分兩種 :
硬體虛擬化( Hardware Virtualization ) 作業系統層級的虛擬化技術( Operating System-level
Virtualization )
National Chung Cheng UniversityDept. Computer Science & Information Engineering
11
硬體虛擬化技術 硬體虛擬化的架構是用軟體建立一個模擬真實電腦硬體的虛擬機器( Virtual Machine ),而原本執行在實際電腦硬體的作業系統,則運作執行在這個虛擬機器上,虛擬機器內運行的作業系統與實際的電腦硬體之間,會有軟體介面隔離控制這些虛擬機器對硬體的存取。 進行硬體虛擬化的系統軟體則被稱作 Hypervisor 或虛擬機器管理員( Virtual Machine Manager ), Hypervisor 因為主要是在控制虛擬機器的運作,又被稱為虛擬機器監視器( Virtual Machine Monitor ),縮寫為 VMM 。 OpenSource:
KVM Xen Virtual box
National Chung Cheng UniversityDept. Computer Science & Information Engineering
12
硬體虛擬化實現方式 目前主流的虛擬化實現方式有兩種 :
Type1:VMM 直接運行在硬體上控制所有硬體並管理使用者操作系統系統,例如 :Xen 、 VMware ESXi 。 Type2:VMM 運行在一個傳統的作業系統裡,例如 :KVM 、 VirtualBox 。
National Chung Cheng UniversityDept. Computer Science & Information Engineering
13
作業系統層級的虛擬化技術 作業系統層級虛擬化技術的架構,則是藉由讓作業系統核心可以建立多個隔離的使用者空間運作實體技術來達成,使用者在這些隔離的使用者空間中運作,感覺就像在實際獨立的環境內運作一樣,而這些隔離的使用者空間運作實體又被稱為容器( Containers )、虛擬化引擎( Virtualization Engines , VE )、虛擬私有伺服器( Virtual Private Servers , VPS )或叫囚室( jails )。 作業系統核心同時也提供管理這些運作實體使用資源的機制,避免單一運作實體使用系統資源過度,而影響到其他運作實體。 OpenSource:
Docker OpenVZ
National Chung Cheng UniversityDept. Computer Science & Information Engineering
14
Linux Container Linux Container 技術是一個內建於 Linux 的新一代虛擬化技術,不同於虛擬機器是一整臺實體電腦的虛擬化, LXC 則是應用程式的虛擬化。 LXC 將應用系統打包成一個
Container ,裡面只包含了應用程式的程式碼、所需作業系統核心和函式庫,透過統一的命名空間和共用 API 來分配不同應用程式所在 Container 的可用硬體資源,來創造出應用程式的獨立沙箱執行環境。因為 LXC 技術不需要多一個 Hypervisor 軟體層,因此, Container 容量小且輕量化,可以在數秒內建立應用程式所需的執行環境,遠快於利用傳統虛擬化技術需要數分鐘才能建立虛擬機器的時間。 Docker 因為提供了簡易好用的工具及環境,因此成為新崛起且非常熱門的 Linux 作業系統層級虛擬化技術, OpenStack計畫開始將 Docker整合進入其雲端平台中。
National Chung Cheng UniversityDept. Computer Science & Information Engineering
15
OpenStack 六個基礎元件
SWIFT
KEYSTONE
NOVA
NEUTRON
CINDER
GLANCE
National Chung Cheng UniversityDept. Computer Science & Information Engineering
16
How they work
National Chung Cheng UniversityDept. Computer Science & Information Engineering
• Flavor• Access and Security• Instances
Management• Resource Usages• Hypervisors• Host Aggregates• Quota Management• System Information
NOVA
National Chung Cheng UniversityDept. Computer Science & Information Engineering
• Networking
• Load Balance
• VPNaaS• Firewall• SDN
NEUTRON
National Chung Cheng UniversityDept. Computer Science & Information Engineering
19
Neutron 中的虛擬化網路 Neutron 為 Tenant 提供了虛擬化的網路、子網路、埠口、交換器、路由器等網路元件。 Layer 2 Network:網路 (Network) 是一個隔離的第二層網段,類似實體網路中的 VLAN ,它被用來建立 Tenant 的廣播區域,或是共享網段。埠口 (port) 與子網路 (subnet) 將在之間被分配給某個特定網路。 Neutron network 可以分為 :
Provider network :管理者建立的一個直接與實體網路連接的網路。 Tenant network:一般使用者建立的網路,由 Neutron 根據管理者的在系統中設定決定網路的分配。
National Chung Cheng UniversityDept. Computer Science & Information Engineering
20
Neutron network 網路類型VLAN networkFlat networklocal networkGRE network VXLAN network
National Chung Cheng UniversityDept. Computer Science & Information Engineering
Controller
CEPH Gluster LVM
NFS Others
• Block Device
• Need Format
• Can be transfer
CINDER
National Chung Cheng UniversityDept. Computer Science & Information Engineering
22
Cinder架構圖
National Chung Cheng UniversityDept. Computer Science & Information Engineering
• Object Storage Service
• Backup StrategyAccount
Container Container Container
AccountAccountObjects
AccountAccountObjects
AccountAccountObjects
SWIFT
National Chung Cheng UniversityDept. Computer Science & Information Engineering
• Image Service• Golden images• QCOW2
GLANCE
COM1
COM2
GLANCE
National Chung Cheng UniversityDept. Computer Science & Information Engineering
• CLI• Dashboar
d• APIs• SDKs• Call
someone
如何操作
National Chung Cheng UniversityDept. Computer Science & Information Engineering
• Load Balancer • Application Cluster• Database Cluster• Auto Scaling (Heat + Ceilometer +
Neutron)
Networking
Compute
Controller
Storage
API-Servers
Agents
Cloud Application
National Chung Cheng UniversityDept. Computer Science & Information Engineering
Instance Instance instanceAPCluster
DBCluster Instance Instance instance
LBaaS (Pool-DB)
Heat
Ceilometer
Neutron
LBaaS (Pool-AP)
Cloud Application
National Chung Cheng UniversityDept. Computer Science & Information Engineering
28
Before we Implementation
National Chung Cheng UniversityDept. Computer Science & Information Engineering
29
National Chung Cheng UniversityDept. Computer Science & Information Engineering
30
Service Layout
National Chung Cheng UniversityDept. Computer Science & Information Engineering
31
OpenStack實際操作
以下部分內容截自 山姆哥的 OPENSTACK講座 :https://samopenstack.hackpad.com/OpenStack-cL1NICJ4kiS
National Chung Cheng UniversityDept. Computer Science & Information Engineering
Dashboard Overview
National Chung Cheng UniversityDept. Computer Science & Information Engineering
ProjectPanel Account
OpenStack環境介紹
National Chung Cheng UniversityDept. Computer Science & Information Engineering
Admin FuncsAdmin Function
National Chung Cheng UniversityDept. Computer Science & Information Engineering
Users and AdminUsers and Admin
National Chung Cheng UniversityDept. Computer Science & Information Engineering 個人設定
National Chung Cheng UniversityDept. Computer Science & Information Engineering
37
網路管理 (Neutron)與應用• Topology• Networks• Routers• Load Balancers• Firewalls
National Chung Cheng UniversityDept. Computer Science & Information Engineering網路拓墣 (Topology)
National Chung Cheng UniversityDept. Computer Science & Information Engineering建立網路
National Chung Cheng UniversityDept. Computer Science & Information Engineering
40
建立網路
National Chung Cheng UniversityDept. Computer Science & Information Engineering
建立網路
National Chung Cheng UniversityDept. Computer Science & Information Engineering
建立路由器 (vRouter)
National Chung Cheng UniversityDept. Computer Science & Information Engineering
43
建立路由器 (vRouter)
National Chung Cheng UniversityDept. Computer Science & Information Engineering
44
建立路由器 (vRouter)
National Chung Cheng UniversityDept. Computer Science & Information Engineering
45
Private network
National Chung Cheng UniversityDept. Computer Science & Information Engineering
Private network
National Chung Cheng UniversityDept. Computer Science & Information Engineering
47
Private network
National Chung Cheng UniversityDept. Computer Science & Information Engineering映像檔 (Glance)
GLAN
National Chung Cheng UniversityDept. Computer Science & Information Engineering
49
映像檔 (Glance)
National Chung Cheng UniversityDept. Computer Science & Information Engineering儲存管理 (Cinder)
CINDER
National Chung Cheng UniversityDept. Computer Science & Information Engineering儲存管理 (Cinder)
National Chung Cheng UniversityDept. Computer Science & Information Engineering儲存管理 (Cinder)
National Chung Cheng UniversityDept. Computer Science & Information Engineering儲存管理 (Cinder)
National Chung Cheng UniversityDept. Computer Science & Information Engineering
VolumeVolume
Snapshot#1
Volume Snapshot
#2
VolumeSnapshot
#N
儲存管理 (Cinder)
National Chung Cheng UniversityDept. Computer Science & Information Engineering儲存管理 (Swift)
SWIFT
National Chung Cheng UniversityDept. Computer Science & Information Engineering
56
儲存管理 (Swift)
Account
Container
National Chung Cheng UniversityDept. Computer Science & Information Engineering
Account
Container
AccountAccount
Objects
儲存管理 (Swift)
National Chung Cheng UniversityDept. Computer Science & Information Engineering儲存管理 (Swift)
National Chung Cheng UniversityDept. Computer Science & Information Engineering
實例管理與應用 (Nova)NOVA
National Chung Cheng UniversityDept. Computer Science & Information Engineering
實例管理與應用 (Nova)
National Chung Cheng UniversityDept. Computer Science & Information Engineering
Account & Password or
Account & Keypair
Which Port U need?
Security Group
National Chung Cheng UniversityDept. Computer Science & Information Engineering
62
Security Group
National Chung Cheng UniversityDept. Computer Science & Information Engineering
Security Group
National Chung Cheng UniversityDept. Computer Science & Information Engineering
• Security Group– Ingress– Egress
Iptable (ACL)
Instance
Instance
Instance
Instance
Security Group
National Chung Cheng UniversityDept. Computer Science & Information Engineering
65
Security Group
National Chung Cheng UniversityDept. Computer Science & Information Engineering
66
Security Group
National Chung Cheng UniversityDept. Computer Science & Information Engineering
67
Security Group
National Chung Cheng UniversityDept. Computer Science & Information Engineering
Key Pair
National Chung Cheng UniversityDept. Computer Science & Information Engineering
69
Key Pair
National Chung Cheng UniversityDept. Computer Science & Information Engineering
70
Create Instance - 1
National Chung Cheng UniversityDept. Computer Science & Information Engineering
71
Create Instance - 2
National Chung Cheng UniversityDept. Computer Science & Information Engineering
Create Instance - 3
National Chung Cheng UniversityDept. Computer Science & Information Engineering
73
Create Instance - 4
National Chung Cheng UniversityDept. Computer Science & Information Engineering
Create Instance - 5
National Chung Cheng UniversityDept. Computer Science & Information Engineering
75
Floating IPA floating IP address and a private IP address can be used at the same time on a single network-interface. The private IP address is likely to be used for accessing the instance by other instances in private networks while the floating IP address would be used for accessing the instance from public networks.
National Chung Cheng UniversityDept. Computer Science & Information Engineering
Floating IP
National Chung Cheng UniversityDept. Computer Science & Information Engineering
77
Floating IP
National Chung Cheng UniversityDept. Computer Science & Information Engineering
78
Floating IP
National Chung Cheng UniversityDept. Computer Science & Information Engineering
Snapshot
National Chung Cheng UniversityDept. Computer Science & Information Engineering
Snapshot
National Chung Cheng UniversityDept. Computer Science & Information Engineering
SnapshotGLANCE
Training
Snapshot
National Chung Cheng UniversityDept. Computer Science & Information Engineering
SWIFT
KEYSTONE
NOVA
NEUTRON
CINDER
GLANCE
REST/HTTP API
OpenStack API
cURL
REST clients
OpenStack command-line
client
OpenStack Python Software Development
Kit (SDK)
National Chung Cheng UniversityDept. Computer Science & Information Engineering
• Account / Password / Project• Token• Basic: List / Create / Update /
Delete• Rules, Format and More• How To Read API Reference
SWIFT
KEYSTONE
NOVA
CINDER
GLANCE
NEUTRON
OpenStack API
National Chung Cheng UniversityDept. Computer Science & Information Engineering
Account / Password /Project
curl -s -X POST http://172.24.6.2:5000/v2.0/tokens \-H "Content-Type: application/json" \-d '{"auth": {"tenantName": "'"admin"'",
"passwordCredentials": {"username": "'"admin"'","password": "'“openstack"'"}}}' | python -m json.tool
http://172.24.6.2:5000/v2.0/tokensVersion behaviors
Parameters
Header
Json tool
National Chung Cheng UniversityDept. Computer Science & Information Engineering
….."token": {
"audit_ids": [ "JLVyyouFT1m_x2jyKBVJ9Q"
],"expires": "2016-03-
11T14:35:55Z","id": "4f671279f5204a2f8f9e56c19dfd10d7",
"issued_at": "2016-03-11T13:35:55.445199",
"tenant": {"description": "admin tenant",
"enabled": true,"id": "8193f0399daf4a02a9019a51d23c7bec",
"name": "admin"}
},…….
Token
National Chung Cheng UniversityDept. Computer Science & Information Engineering
Basic: List / Create / Update / Delete
Flavor Listcurl -s \-H "X-Auth-Token: 4f671279f5204a2f8f9e56c19dfd10d7" \ http://172.24.6.2:8774/v2.1/8193f0399daf4a02a9019a51d23c7bec/flavors \| python -m json.toolNetwork Listcurl -s \-H "X-Auth-Token: 4f671279f5204a2f8f9e56c19dfd10d7" \ http://172.24.6.2:8774/v2/8193f0399daf4a02a9019a51d23c7bec/os-tenant-networks \| python -m json.toolKeypair Listcurl -s \-H "X-Auth-Token: 4f671279f5204a2f8f9e56c19dfd10d7" \ http://172.24.6.2:8774/v2/8193f0399daf4a02a9019a51d23c7bec/os-keypairs \| python -m json.tool
National Chung Cheng UniversityDept. Computer Science & Information Engineering
Basic: List / Create / Update / Delete
Image Listcurl -s-H "X-Auth-Token: 4f671279f5204a2f8f9e56c19dfd10d7" \http://172.24.6.2:8774/v2/8193f0399daf4a02a9019a51d23c7bec/images \| python -m json.tool
Security Group Listcurl -s-H "X-Auth-Token: 4f671279f5204a2f8f9e56c19dfd10d7" \ http://172.24.6.2:8774/v2/8193f0399daf4a02a9019a51d23c7bec/os-security-groups \| python -m json.tool
National Chung Cheng UniversityDept. Computer Science & Information Engineering
88
Celiometer-資料監控計量套件 Ceilometer 提供 OpenStack 雲端服務可藉由監控與量測
OpenStack 的使用,來收集 CPU 與網路的使用資料,以提供收費計價( Billing )、評測( Benchmarking )等使用,或是使用這些資料當作評估系統延展性以及進行系統相關統計之用。
National Chung Cheng UniversityDept. Computer Science & Information Engineering
89
Celiometer實際操作比較方式 (lt, le, eq, ne, ge, gt)
Alarm處發條件屬性度量週期
Alarm處發條件用什麼數據和 threshold比較 (max, min, avg, sum, count)
National Chung Cheng UniversityDept. Computer Science & Information Engineering
90
Heat-編排模板套件 Heat 主要提供一個以模板( Templeate )為基礎的架構來描述雲端的應用,模板中可以讓使用者建立如虛擬映像實體( Instance )、浮動 IP 位址、安全群組( Security
Group )或是使用者等 OpenStack各種資源,也就是說,Heat 讓使用者可以設定一個雲端應用模板,來串連建立設定相關所需的 OpenStack 服務資源,而不必一個個分別去建立設定。Example.yaml
National Chung Cheng UniversityDept. Computer Science & Information Engineering
91
Designate-DNS管理服務(DNSaaS)
Designate 提供了 DNSaaS 服務於 OpenStack 上,包含以下幾項功能: 使用 REST API 管理 domain/record 多租戶整合 Keystone 驗證 以框架來整合 Nova 與 Neutron 的通知(自動產生記錄)支援立即可用的 PowerDNS 與 Bind9
National Chung Cheng UniversityDept. Computer Science & Information Engineering
92
LBaaS
HAProxy
LBaas 為 OpenStack Neutron 提供的負載平衡即服務( Load Balance as a Service , LBaaS )。負載平衡是分散式系統的基本元件,接收來至前端的 HTTP Request ,然後將這些 Request 以某種演算法或規則來轉送給後端資源池中的某個單元來完成。
National Chung Cheng UniversityDept. Computer Science & Information Engineering
93
Live migration Live migration refers to the process of moving a running
virtual machine or application between different physical machines without disconnecting the client or application. Memory, storage, and network connectivity of the virtual machine are transferred from the original guest machine to the destination.
Ref: https://en.wikipedia.org/wiki/Live_migration
National Chung Cheng UniversityDept. Computer Science & Information Engineering
94
National Chung Cheng UniversityDept. Computer Science & Information Engineering
95
OpenStack Live migration
Shared storage-based live migration - Both hypervisors have access to shared storage.
Block live migration - No shared storage is required. Incompatible with read-only devices such as CD-ROMs and Configuration Drive (config_drive).
Volume-backed live migration - Instances are backed by volumes rather than ephemeral disk, no shared storage is required, and migration is supported (currently only available for libvirt-based hypervisors ex. KVM , Xen can’t).
National Chung Cheng UniversityDept. Computer Science & Information Engineering
96
Live Snapshot The snapshot command takes a cold snapshot of the instance
disk. There are some use cases where it is useful to be able to snapshot the memory and processor state as well to be able to do a quick-launch of the instance. Note that booting from this special type of snapshot can be tricky, as the guest will need to reconfigure some things like its IP.
National Chung Cheng UniversityDept. Computer Science & Information Engineering
97
National Chung Cheng UniversityDept. Computer Science & Information Engineering
98
Distributed Virtual Router
National Chung Cheng UniversityDept. Computer Science & Information Engineering
99
Distributed Virtual Router
National Chung Cheng UniversityDept. Computer Science & Information Engineering
100
Reference• http://www.netadmin.com.tw/article_content.aspx?
sn=1412020002• http://www.ithome.com.tw/news/90440• http://www.ithome.com.tw/news/98304• http://docs.openstack.org• https://samopenstack.hackpad.com/OpenStack-cL1NICJ4kiS
National Chung Cheng UniversityDept. Computer Science & Information Engineering
2016 Mobile All-IP Networking Laboratory 101
Q & A