Tutorial Outline
Cloud Computing
Virtualization is not Cloud computing
Server Virtualization++ Cloud
Enterprise arch for 100s of hosts Scale-up (pool-based resourcing) IT management-centric 1 administrator for Dozens of servers Apps assume reliability Proprietary vendor stack
Cloud arch for 1000s of hosts Scale-out (horizontal resourcing) Autonomic management 1 administrator for 1,000s of servers Apps assume failure Open, value-added stack
Tenets of Cloud
o Shared infrastructure and Multi-tenancy o Self Service o Elasticity o Built for massive Scale o Service agility o Pay-as-you-go o APIs and Extreme Automation
Deploys on premise (private) or as a hosted (public) cloud Can be used for hybrid clouds built in java, provides native REST APIs and EC2 API Has python, Ruby clients and CLI as well
A bit of History
Original company Cloud.com (2008) Open source (GPLv3) as CloudStack (2010) Acquired by Citrix (July 2011) Relicensed under ASL v2 April 3, 2012 Accepted as Apache IncubaKng Project April 16,
2012 First Apache (ACS 4.0) released Many non-Citrix contributors, commiRers, PPMC members
Who is contributing
Sungard: Unit test cases Carnigo: Object store plug-in Ceph/Rbd support by Wido CLVM/KVM by Marcus Nicira NVP: Schuberg Philis Basho: Object Store Brocade ADX ADC support Midokura midonet SDN controller integration
How to contribute
you can engage in o Discussions: Design, Use Case, deployment issues o Bug reporting, feature requests o Code reviews o Build, tools, infrastructure o Helping out on the IRC o Documentation o Submit bug fixes, features
Git repo, bug tracker, wiki are on ASF infra Project website IRC
o http://incubator.apache.org/cloudstack/ o http://www.cloudstack.org o #cloudstack on irc.freenode.net
http://www.slideshare.net/cloudstack
o cloudstack-dev-subscribe@incubator.apache.org o cloudstack-users-subscribe@incubator.apache.org
Admin
Users
Org B
Admin
Users
Cloud
Admin
End User
Provision resources UI Cli REST API CloudStack Management Server manage resources Consume resources EC2
Hosts
Servers onto which services will be provisioned
Host
Network
VM
Primary Storage
VM storage
Host
Primary Storage
Cluster
A grouping of hosts and their associated storage
Pod
Collection of clusters
Cluster
Secondary Storage
Network
Logical network associated with service offerings
Secondary Storage
Template, snapshot and ISO storage
Zone
Collection of pods, network offerings and secondary storage
Hypervisor is the basic unit of scale. Cluster consists of one ore more hosts of same hypervisor
Pod 1
Access Layer
Pod N .
Secondary Storage
All hosts in cluster have access to shared (primary) storage Pod is one or more clusters, usually with L2 switches. Availability Zone has one or more pods, has access to secondary storage.
Cluster N
Data Center 1
Management Server
Single Management Server can manage multiple zones Zones can be geographically distributed but low latency links are expected for better performance Single MS node can manage up to 5K hosts. Multiple MS nodes can be deployed as cluster for scale or redundancy
Zone1
Infrastructure provisioning
Compute/Disk/Network Offering
Create VM
Users
VM Operations
Console Access
VM Status
Volume
Template
Schedule Snapshots
Hourly
Weekly Monthly
Now
Daily
Storage
Primary Storage
Secondary Storage
Network
CloudStack Storage
Primary Storage Configured at Cluster-level. Close to hosts for better performance Stores all disk volumes for VMs in a cluster Cluster can have one or more primary storages Local disk, iSCSI, FC or NFS Pod 1 L2 switch
Secondary Storage
L3 switch
Cluster 1 Host 1
Local storage
Secondary Storage Configured at Zone-level Stores all Templates, ISOs and Snapshots Zone can have one or more secondary storages NFS, OpenStack Swift Local Storage Storage available on hypervisor hist
Primary Storage
Host 2
Availability zone
Secondary Storage
Zone level storage for template, ISOs and snapshots NFS or OpenStack Swift via CloudStack System VM
Cluster Pod
Secondary Storage
Zone
Provisioning Process
1. 2. 3. User Requests Instance Provision Optional Network Services Copy instance template from secondary storage to primary storage on appropriate cluster Create any requested data volumes on primary storage for the cluster Create instance Start instance
Secondary Storage
VM
Host Host
Primary Storage
Cluster Pod
Template
4.
5. 6.
Zone
Object Store
CloudStack Mgmt Server
Object store used to store templates and snapshots VMs can be distributed across the availability zones
Availability Zone
Availability Zone
Availability Zone
Object Storage
Resources
VMs, IPs, Snapshots
Admin
Domain
Reseller A
Domain is a unit of isolation that represents a customer org, business unit or a reseller Domain can have arbitrary levels of sub-domains A Domain can have one or more accounts An Account represents one or more users and is the basic unit of isolation
User 1
User 2
Admin
Sub-Domain
Org C
Resources
VMs, IPs, Snapshots
Admin
Account
Group A
Account
Group B
Running, Stopped & Total VMs Public IPs Private networks Latest Events
Provides zone wide resource consumption Also provides latest alerts and events
Console Proxy VM o Provides AJAX-style HTTP-only console viewer o Grabs VNC output from hypervisor o Scales out (more spawned) as load increases o Java-based server Communicates with MS over message bus
Secondary Storage VM
o o o o o Provides image (template) management services Download from HTTP file share or Swift Copy between zones Scale out to handle multiple NFS mounts Java-based server communicates with MS over message bus
Virtual Router VM o Provides multiple network services o IPAM (DHCP), DNS, NAT, Source NAT, Firewall, PF, VPN o User-data, Meta-data, SSH keys and password change server o Redundancy via VRRP o MS configures VR over SSH
Proxied via the hypervisor on XS and KVM
Create Networks and attach VMs Acquire public IP address for NAT & load balancing Control traffic to VM using ingress and egress firewall rules Set up rules to load balance traffic between VMs
Orchestration of L2 L7 network services o IPAM, DNS, Gateway, Firewall, NAT, LB, VPN, etc Mix-and-match services and providers Out-of-the-box integration with automated deployment of virtual
routers
Multiple multi-tenancy [network isolation] options Integrated traffic accounting Access control Software Defined Networking (Nicira NVP)
o Devices can provide multiple services o Admin API to configure external devices o Plugin-based extensions for network behavior and admin API extensions
L2 Features
o Physical, VLAN, L3 (anti-spoof), Overlay[GRE] o Physical isolation through network labels [limited to # of nics or bonds] Multi-nic o Deploy instance in multiple networks o Control default route Access control o Shared networks, project networks QoS [max rate] Traffic monitoring Hot-plug / detach of nics
L3 Features
IPAM [DHCP], Public IP address management
o o o o o o o VR acts as DHCP server Can request multiple public IPs per tenant Redundant VR (using VRRP) Inter-subnet routing Static routing control L2TP over IPSec using PSK Virtual Router only
Remote Access VPN Firewall based on source cidr Static NAT [1:1]
o o o o o Including Elastic IP in Basic Zone Per-network, or interface NAT Monitoring on the Virtual Router / External network device Integration with sFlow collectors IPSec VPN based on VR
L4 Features
Security groups for L3-isolation Stateful firewall for TCP, UDP and ICMP Port forwarding [Advanced Zone]
o Conserve public Ips o Basic Zone in docs o Default AWS-style networking o Scales much better than VLANs
L7 features
Loadbalancer
User-data & meta-data o Fetched from virtual router Password change server
o VR has HAProxy built in o External Loadbalancer support Netscaler (MPX/SDX/VPX) F5 BigIP Can dedicate an LB appliance to an account or share it among tenants o Loadbalancer supported with L3-isolation as well o Stickiness support o SSL support [future] o Health Checks [future]
CloudStack Terminology
Guest network
o The tenant network to which instances are attached
Storage network
o The physical network which connects the hypervisor to primary storage
Management network
o Control Plane traffic between CloudStack management server and hypervisor clusters
Public network
o Outside the cloud [usually Internet] o Shared public VLANs trunked down to all hypervisors
All traffic can be multiplexed on to the same underlying physical network using VLANs
o Usually Management network is untagged o Storage network usually on separate nic (or bond)
Admin informs CloudStack how to map these network types to the underlying physical network
o Configure traffic labels on the hypervisor o Configure traffic labels on Admin UI
A Network Service Provider is hardware or virtual appliance that makes a network service possible in CloudStack ; for example, a Citrix NetScaler appliance can be installed in the cloud to provide Load-Balancing services. Administrators can have multiple instances of the same service provider in a network; for example, more than one Citrix NetScaler or Juniper SRX device can be added to CloudStack CloudStack supports the following Network Providers:
o o o o CloudStack Virtual Router (default) Citrix NetScaler SDX, VPX and MPX models Juniper SRX F5 BigIP
Network Offerings
Cloud provider defines the feature set for guest networks Toggle features or service
levels
o o o o
User chooses network offering when creating network Enables upgrade between network offerings Default offerings built-in
o For classic CloudStack networking
Security groups on/off Load balancer on/off Load balancer software/hardware VPN, firewall, port forwarding
When editing a guest network users can change the network offering. They can either upgrade to a premium network offering (for example offering that uses hardware Load-balancer) or downgrade to a cheaper network.
Pod 2
Pod N
CLUSTER 1
Hypervisor
1
Hypervisor 8
Storage 2 Storage 1
CLUSTER 4
Hypervisor
N
Hypervisor
N+1
Storage k
Web VM
DB VM
DB Security Group
Web VM
Web VM
Web VM
DB VM
Web VM
Web VM
Pod 2 L2 Switch
10.1.8.1
Load Balancer
Pod 3 L2 Switch
10.1.16. 1
Guest address 10.1.16.12 Guest address 10.1.16.21 Guest address 10.1.16.47 Guest address 10.1.16.85
Pod M
Pod N
Hypervisor V V
CLUSTER 1
Hypervisor
1
Hypervisor 8
CLUSTER 4
Hypervisor
V V N
Hypervisor
N+1
V V R Tenant VM Tenant Virtual Router
User 2
User 1
SDN at Work
CloudStack Mgmt Server
SDN Controlle r
Host 1
VM 1 VM 1
OVS
Host 3
VM 3
OVS
V R
GRE Tunnel
GRE Tunnel
Host 2
VM 2 VM 2
OVS
Host 4
VM 3
OVS
V R
GRE Tunnel
GRE Tunnel
Public Internet
Guest Virtual Network 10.1.1.1/8 VLAN 100 Public Network/ Internet Public IP 65.37.141.11 Gateway address 10.1.1.1 10.1.1.1 Public Network/ Internet Public IP 65.37.141.111 Juniper SRX Firewall Public IP 65.37.141. 112
Guest VM 1
Private IP 10.1.1.111
10.1.1.1
Guest VM 1
CS Virtual Router
10.1.1.3
Guest VM 2
10.1.1.3
NetScaler Load Blancer
Guest VM 2
10.1.1.4
Guest VM 3
10.1.1.5
Guest VM 4
10.1.1.5
CS
Guest VM 4
Public
Network
65.11.0.0/16 Security
Group
1 65.11.1.2 Guest VM 1 65.11.1.2 65.11.1.3 65.11.1.4
NetScaler Load Blancer
10.2.12.4
Security
Group
1
10.1.2.3
Guest VM 1
65.11.1.3
Guest VM 2
L3 switch
Guest VM 2
65.11.1.4
EIP,
ELB
Guest VM 3
10.5.2.99
Guest VM 3
65.11.1.5
10.1.2.18
DHCP, DNS
CS Virtual Route r
Multi-tier network
Internet
Customer Premises
Monitoring VLAN
Virtual Router Services IPAM DNS LB [intra] S-2-S VPN Static Routes ACLs NAT, PF FW [ingress & egress] BGP
10.1.1.1
Web VM 1
10.1.2.31
App VM 1
10.1.1.3
Web VM 2
10.1.2.24
App VM 2
10.1.1.4
Web VM 3
10.1.3.24
DB VM 1
Web VM 4 Virtual Network 10.1.2.0/24 VLAN 1001 Virtual Network 10.1.3.0/24 VLAN 141
Problem Definition
Flexible
o Handle new physical resource types Hypervisors, storage, networking o Add new APIs o Add new services o Add new networking models
Manageable
o Hide complexity of underlying resources o Rich functional end-user and admin UI o Admin API to automate operations o Easy install, upgrade for small -> large clouds o Simple scaling, automated resilience
Scalable architecture
o 1 -> N hypervisors / VMs / virtual resources o 1 -> N end users
Resource Allocation
o Hypervisor CPU, Memory o Storage space o Avoid set of pods, clusters, hosts
Capacity scanning
o Snapshot of resources consumed o Trigger capacity threshold violations
Garbage collection
o Network resources (IP, VLAN, CIDR etc) o Compute (VM, CPU, memory) o Storage (volumes)
User API
Manage ment Server
MySQL DB
User API
Load Balancer Manage ment Server Manage ment Server
MySQL DB Back Up DB Replication
Admin API
Admin API
MS is stateless. MS can be deployed as physical server or VM Single MS node can manage up to 10K hosts. Multiple nodes can be deployed for scale or redundancy Infrastructure Resources
Infrastructure Resources
Listeners are provided to business logic to listen on connection status and adjusts work based on whos connected. By only working on resources that are connected to the
management server the process is on, work is auto-balanced between management servers. Also reduces the message routing between the management servers.
Cloud Portal
CLI
UI
Other Clients
Management Server
REST API
OAM&P API Console Proxy Management Template Access Services API HA Usage Calculations Additional Services Cluster Managemen t End User API EC2 API Other APIs Pluggable Service API Engine Security Adapters Account Management Connectors Plugin API Deployment Planning Network Configurations Network Elements Hypervisor Gurus Resource Managemen t Job Management Alert & Event Management Database Access
ACL & Authentication - Accounts, Domains, and Projects - ACL, limits checking Services API
- Drives long running VM operations - Syncs between resources managed and DB - Generates events
Kernel
Job Queue
DB
Event Bus Message Bus Hypervisor Resources Network Resources Storage Resources Image Resources Snapshot Resources
Interactions
OVM Cluster
vcenter
Primary Storage
Monitoring
End User UI Admin UI Domai n Admin UI
CS API
Primary
Primary Storage
End-user API
XAPI
Primary
JSON
NetConf
Juniper SRX Nitro API JSON JSON Console Console Proxy VM Proxy VM {Proxied} SSH Netscaler VNC
ec2 API
Cloud user {ec2 API client }
MySQL
HTTPS Router VM Router VM Router VM
Ajax Console
Sec. NFS NFS Sec. Storage Storage VM VM HTTP (Template Download) HTTP (Template Copy) HTTP (Swift)
NFS Server
Cloud user
short in duration and are executed by executor threads because incoming requests are already load balanced by the load balancer All incoming requests needing resources, which often have long running durations, are checked against ACL by the executor threads and then queued and picked up by job threads. # of job threads are scaled to the # of DB connections available to the management server Requests may take a long time depending on the constraint of the resources but they dont fail.
API Servlet
Plugins Plugins Plugins
Commands
cmd.execute()
Services API
Responses
Kernel
Agent Manager
Local Or Remote
Resources
MySQL
BaseCmd (base class) All commands descend from the BaseCmd base class
CloudStack API
Configuration Commands are configured in cloudstack-oss/client/command.properties.in Format: <command name>=<java classname>;<ACL> *note* ACL is calculated as a bitmap with the following, 1 = ADMIN, 2 = RESOURCE_DOMAIN_ADMIN, 4 = DOMAIN_ADMIN, 8 = USER Example:
### snapshot commands! createSnapshot=com.cloud.api.commands.CreateSnapshotCmd;15! listSnapshots=com.cloud.api.commands.ListSnapshotsCmd;15! deleteSnapshot=com.cloud.api.commands.DeleteSnapshotCmd;15! createSnapshotPolicy=com.cloud.api.commands.CreateSnapshotPoli cyCmd;15! deleteSnapshotPolicies=com.cloud.api.commands.DeleteSnapshotPo liciesCmd;15! listSnapshotPolicies=com.cloud.api.commands.ListSnapshotPolici esCmd;15!
Management Layer
Each Adapter is uniquely identified by the interface it exposes Adapters provide extensibility and in many cases device
and represents the boundary between CloudStack and the individual component and/or processes that can be configured into the system specific implementation details while maintaining a simple and consistent interface.
Adapters are executed as a chain in the order that they are configured Defined in cloudstack-oss/client/tomcatconf/components.xml.in
<adapter name="StorageNetworkGuru class="com.cloud.network.guru.StorageNetworkGuru"/> <adapter name="ExternalGuestNetworkGuru" class="com.cloud.network.guru.ExternalGuestNetworkGuru"/> <adapter name="PublicNetworkGuru" class="com.cloud.network.guru.PublicNetworkGuru"/> <adapter name="PodBasedNetworkGuru" class="com.cloud.network.guru.PodBasedNetworkGuru"/> <adapter name="ControlNetworkGuru" class="com.cloud.network.guru.ControlNetworkGuru"/> <adapter name="DirectNetworkGuru" class="com.cloud.network.guru.DirectNetworkGuru"/> <adapter name="DirectPodBasedNetworkGuru" class="com.cloud.network.guru.DirectPodBasedNetworkGuru"/> <adapter name="OvsGuestNetworkGuru" class="com.cloud.network.guru.OvsGuestNetworkGuru"/>
<adapters key="com.cloud.network.guru.NetworkGuru>
</adapters>
Discoverer StoragePoolDiscoverer StoragePoolAllocator ConsoleProxyAllocator Investigator FenceBuilder DeploymentPlanner NetworkGuru NetworkElement And more
Adapters: VM orchestration
Network Guru (Responsible for L2-L3) o Design o Implement o Allocate o Release o Shutdown e.g. guest network guru, OVS network guru etc
Network Element (Responsible for L4-L7) o Implement o Shutdown e.g. F5, SRX, NetScaler, Virtual Router
Network Manager
Network Element
PluggableServi ce
DnsService
MyDnsDeviceS ervice
3. addDnsRecord(ip, fqdn)
Demonstrates one way to inform an external DNS server when an instance starts. Classes shaded blue form a plugin / service bundle to integrate an external DNS server. Clients of the instance can then use DNS names to access the instance.
MyDnsElement
MyDnsDeviceM anager
MySQL
AgentMana ger Queue
4.Enqueue AddDnsRecord
MyDnsDeviceR esource
5.API call to Dns Device
Server Resource s
Start VM Get a Deployment Plan (Host and StoragePool) Prepare Nics Reserve resources for Nic Notify that Nic is about to be started in network Agent Calls Prepare Volumes Prepare template on Primary Storage Agent Start VM Call
Agent Calls
Server Resources
Agent
Hypervisor Resources
Network Resources Storage Resources Image & Template Resources Snapshot Resources
service VMs to be in close network proximity to the physical resources it manages Easily scales to utilize the most abundant resource in data center (CPU & RAM) Communicates with Orchestration Server over message bus (JSON) Can be replicated for fault tolerance Control gateway to resources within data center
Resource API
Resource Layer
DevCloud
CloudStack requires
o Hypervisor o Network o Storage
DevCloud
DevCloud
Thanks