cern openstack cloud control plane
play

CERN OpenStack Cloud Control Plane *From VMs to K8s* OpenStack - PowerPoint PPT Presentation

Mar 05, 2023 •335 likes •697 views

CERN OpenStack Cloud Control Plane *From VMs to K8s* OpenStack Summit - Shanghai 2019 Belmiro Moreira - @belmiromoreira Spyridon Trigazis - @strigazi CERN - Large Hadron Collider (LHC) CERN - Large Hadron Collider (LHC) CERN: Compact Muon

  2. CERN OpenStack Cloud Control Plane *From VMs to K8s* OpenStack Summit - Shanghai 2019 Belmiro Moreira - @belmiromoreira Spyridon Trigazis - @strigazi

  3. CERN - Large Hadron Collider (LHC)

  4. CERN - Large Hadron Collider (LHC)

  5. CERN: Compact Muon Solenoid (CMS)

  7. CERN Cloud Architecture (High level view) API nodes x 20 nova-api keystone DB Keystone x 10 top cell controller Placement keystone glance DB nova-scheduler placement-api x 15 x 30 magnum DB nova-conductor Glance x 10 glance-api nova_api DB child cell controller nova cell_1 DB Cinder nova-api RabbitMQ nova cell_2 DB cinder-api nova-conductor x80 x 1 cinder-volume x 3 nova-network RabbitMQ cluster cinder-scheduler RabbitMQ cluster RabbitMQ cluster Magnum magnum-api x 3 compute node x 200 magnum-conductor nova-compute

  8. CERN Cloud Control Plane - VMs ● Cloud “inception” ○ The CERN Cloud Control Plane runs in the Cloud that it provisions! ● Advantages ○ Each OpenStack component runs in a different VM ■ keystone; nova-api; nova-conductor; glance-api; rabbitmq … ○ Isolation between components ■ Scale individual components (Add more VMs) ■ Upgrade individual components ○ Use the same configuration management tool (Puppet) as in physical nodes ● Disadvantages ○ Large number of VMs ■ Difficult to manage ■ VM overhead creates unused resources ○ Configuration changes need to propagate into all service VMs

  9. CERN Cloud Architecture (High level view) API nodes x 20 nova-api keystone DB Keystone x 10 top cell controller Placement keystone glance DB nova-scheduler placement-api x 15 x 30 magnum DB nova-conductor Glance x 10 glance-api nova_api DB child cell controller nova cell_1 DB Cinder nova-api RabbitMQ nova cell_2 DB cinder-api nova-conductor x80 x 1 cinder-volume x 3 nova-network RabbitMQ cluster cinder-scheduler RabbitMQ cluster RabbitMQ cluster Magnum magnum-api x 3 compute node x 200 magnum-conductor nova-compute

  10. CERN Cloud Architecture - Control Plane userVM userVM glance keystone userVM userVM userVM placement userVM nova-api userVM userVM nova-api cinder cell controller userVM userVM cell controller magnum userVM keystone rabbitmq userVM magnum cell controller userVM cinder rabbitmq nova-api userVM userVM glance placement rabbitmq userVM userVM Cell 1 Cell 2 Cell 3 Cell 4 Availability Availability Zone A Zone B

  11. CERN Cloud Control Plane - K8s ● Even more... Cloud “inception”! ● Advantages ○ Strong resource consolidation ○ Service replication and resilience native to the K8s orchestration ○ Accelerate deployment/development iterations (and rollback) ■ Handle faster configuration changes/upgrades when comparing with puppet ○ Cluster footprint scale up/down ○ Native autoscaling ● Disadvantages ○ One more “Inception” layer! ○ All support infrastructure (monitoring, alarming, ...) is still not ready for K8s ○ All staff needs to be trained for K8s

  12. CERN Cloud Architecture - Control Plane userVM userVM k8s k8s userVM userVM userVM userVM userVM userVM userVM userVM user VM k8s k8s userVM userVM k8s userVM userVM k8s userVM userVM userVM k8s userVM userVM k8s userVM userVM userVM k8s userVM user VM userVM userVM Cell 1 Cell 2 Cell 3 Cell 4 Availability Availability Zone A Zone B

  13. CERN Cloud Architecture - Control Plane k8s Cluster - VM c-api n-cond i-api Pod Pod Pod i-api n-sche n-api Pod Pod Pod k8s Cluster - VM n-api n-cond i-cond Pod Pod Pod User VM m-api m-cond n-api Pod Pod Pod

  14. CERN Cloud Architecture - Control Plane k8s Cluster - VM c-api n-cond i-api Pod Pod Pod i-api n-sche n-api Pod Pod Pod k8s Cluster - VM n-api n-rabbit i-cond Pod Pod Pod User VM m-api m-cond m-api Pod Pod Pod

  15. CERN Cloud Architecture - Control Plane k8s Cluster - VM c-api n-cond i-api Pod Pod Pod i-api n-sche n-api Pod Pod Pod k8s Cluster - VM n-api n-rabbit i-cond Pod Pod Pod User VM m-api m-cond m-api Pod Pod Pod

  16. CERN Cloud Architecture - Control Plane k8s Cluster - VM c-api n-cond i-api Pod Pod Pod i-api n-sche n-api Pod Pod Pod k8s Cluster - VM n-api n-rabbit i-cond Pod Pod Pod User VM m-api m-cond m-api Pod Pod Pod

  17. Helm ● The package manager for kubernetes ● Large selection of community managed charts ● Manage only the parameters you need ● Charts stored in s3 ● Managed by ChartMuseum

  18. Helm usage (v2) ● Configure client ○ Use secure tiller configuration https://helm.sh/docs/using_helm/#using-ssl-between-helm-and-tiller ● Add chart repositories ● Always inspect the chart contents ● Install charts $ helm init --tiller-tls … $ helm repo add myrepo https://example.org/ $ helm repo update $ helm dependency update $ helm template <path to chart> $ helm install myrepo/myapp --name myapp_name -f values.yaml

  19. OpenStack Helm ● One helm chart per service ● git repos openstack/openstack-helm and openstack/openstack-helm-infra ● 20 repos in openstack-helm ● 46 repos in openstack-helm-infra

  20. Secret Management Requirements • Offer a gitops style solution, with encrypted secrets version controlled along the rest of the application configuration data • Allow usage of unchanged upstream helm charts • Provide good integration with existing helm commands install, upgrade, … • Secure, central store for encryption keys • Use existing infrastructure • Use existing AuthN/AuthZ

  21. Helm Barbican Plugin Barbican • Key Manager OpenStack API service • types: generic, certificate, RSA • OpenStack credentials (kerberos for CERN) Helm plugin Image Credit: Ricardo Rocha, CERN Cloud • Written in go • Wrapper for install, upgrade, lint • Edit secrets in memory, write to fs encrypted

  22. Secrets plugin usage $ helm secrets -h Secret handling using OpenStack Barbican. Secrets are stored encrypted in local files, with the key being stored in Barbican. These files can be safely committed to version control. Usage: secrets [command] Available Commands: dec decrypt secrets with barbican key edit edit secrets enc encrypt secrets with barbican key help Help about any command install wrapper for helm install, decrypting secrets lint wrapper for helm lint, decrypting secrets upgrade wrapper for helm upgrade, decrypting secrets view decrypt and display secrets

  23. Secrets plugin usage cont’d $ helm secrets view service/secrets.yaml conf: service: DEFAULT: auth_key: somekey endpoints: identity: service: password: somepass $ helm secrets install --name service ./service -f service/secrets.yaml \ -f service/values.yaml --version 0.0.2 ... $ helm secrets edit service/secrets.yaml $ helm secrets upgrade service ./service -f service/secrets.yaml \ -f service/values.yaml --version 0.0.2 ...

  24. OpenStack LOCI ● OpenStack LOCI is a project designed to quickly build Lightweight OCI compatible images of OpenStack services ● Several projects supported ○ Nova ○ Glance ○ Heat ○ … ● OpenStack-Helm uses OpenStack-LOCI ● We require custom images because the all the internal patches specific to the CERN Infrastructure ○ Very easy to build local custom images

  25. OpenStack LOCI ● CentOS is supported as base image docker build \ https://opendev.org/openstack/loci.git#master:dockerfiles/centos \ --tag loci-base:centos ● Easy to use a custom OpenStack Project repo. Many other options available docker build \ https://opendev.org/openstack/loci.git \ --build-arg PROJECT=nova \ --build-arg PROJECT_REPO=<YOUR_CUSTOM_REPO> \ --build-arg WHEELS="loci/requirements:master-centos" \ --build-arg FROM=loci-base:centos \ --build-arg PROJECT_REF=cern_stein \ --build-arg DIST_PACKAGES="httpd mod_wsgi python2-ldap python2-suds" \ --tag <YOUR_CUSTOM_IMAGE_TAG>

  26. Use Case 1 - Glance on K8s ● How OpenStack HELM deploys Glance? helm fetch --untar --untardir . 'openstack/glance' helm template glance ● We would like to integrate the K8s Glance in the current Infrastructure ○ Not build a different deployment from scratch ○ OpenStack HELM is great to build an all in one OpenStack Cloud ○ We would like to have a more controlled initial experience

  27. Use Case 1 - Glance on K8s ● What is needed to deploy Glance on K8s? The basics... ○ Image (LOCI) ○ “ConfigMap” for the configuration file; policy and start the service ○ “Deployment” for the glance-api pod ○ “Service” for port 9292 ● How about the secrets? ○ OpenStack can load several configuration files ○ Dedicated configuration file only for the secrets ■ Glance DB password, transport URL for notifications, service accounts ● How about ingress? ○ ngnix Ingress ○ Deployed with HELM

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Deep D Dive ve i into t the C CERN C N Cloud I Infrastruct cture Openstack D Design S

Deep D Dive ve i into t the C CERN C N Cloud I Infrastruct cture Openstack D Design S

Deep D Dive ve i into t the C CERN C N Cloud I Infrastruct cture Openstack D Design S Summi mmit Ho Hong K Kong, 2 2013 Belmiro Moreira belmiro.moreira@cern.ch @belmiromoreira What i is C CERN? N? Conseil Europen

490 views • 48 slides
SUSE OpenStack Cloud 126 126 What is SUSE OpenStack Cloud You know of Cloud Compute right?

SUSE OpenStack Cloud 126 126 What is SUSE OpenStack Cloud You know of Cloud Compute right?

SUSE OpenStack Cloud 126 126 What is SUSE OpenStack Cloud You know of Cloud Compute right? Maybe you use AWS or Azure? Allowing pay-as-you-go model for IT infrastructure and toward dynamic software-defined service delivery.

168 views • 16 slides
Towards ds a self elf auto tomated CE CERN Clo Cloud Jos Castro Len CERN Cloud

Towards ds a self elf auto tomated CE CERN Clo Cloud Jos Castro Len CERN Cloud

Towards ds a self elf auto tomated CE CERN Clo Cloud Jos Castro Len CERN Cloud Infrastructure CERN Cloud Team Who am I? Outlines Introduction CERN Cloud service Automation status Upcoming challenges Improvement

799 views • 34 slides
Moving SNE to the Cloud RP1i3 Sudesh Jethoe http://www.openstack.org/assets/openstack-logo/

Moving SNE to the Cloud RP1i3 Sudesh Jethoe http://www.openstack.org/assets/openstack-logo/

Moving SNE to the Cloud RP1i3 Sudesh Jethoe http://www.openstack.org/assets/openstack-logo/ Overview 1. Research Question 2. What's a cloud? 3. Cloud frameworks 4. OpenStack 5. Method 6. Problems 7. Conclusion 8. Discussion 9. Questions

432 views • 25 slides
Bringing Private Cloud to Australia OpenStack on VMware OpenStack Summit 2013 Introduction

Bringing Private Cloud to Australia OpenStack on VMware OpenStack Summit 2013 Introduction

Bringing Private Cloud to Australia OpenStack on VMware OpenStack Summit 2013 Introduction Aptira Leading OpenStack provider in Australia and APAC Private and Hybrid IaaS Cloud Solutions Technology consultancy for large providers

224 views • 21 slides
Introduction to OpenStack Nabil Abdennadher, HES-SO What is OpenStack ? Free and

Introduction to OpenStack Nabil Abdennadher, HES-SO What is OpenStack ? Free and

Introduction to OpenStack Nabil Abdennadher, HES-SO What is OpenStack ? Free and open-source cloud-computing software platform. Provides services for managing a Cloud environment on the fly. Consists of a group of interrelated

781 views • 43 slides
Introduction to OpenStack Nabil Abdennadher, HES-SO What is OpenStack ? Free and

Introduction to OpenStack Nabil Abdennadher, HES-SO What is OpenStack ? Free and

Introduction to OpenStack Nabil Abdennadher, HES-SO What is OpenStack ? Free and open-source cloud-computing software platform. Provides services for managing a Cloud environment on the fly. Consists of a group of interrelated

742 views • 56 slides
Openstack Swift at Scale In the Beginning Cloud Files 2.0 5 developers 4 ops 9

Openstack Swift at Scale In the Beginning Cloud Files 2.0 5 developers 4 ops 9

Openstack Swift at Scale In the Beginning Cloud Files 2.0 5 developers 4 ops 9 months 10K lines of code Openstack! Openstack Swift at Rackspace 6 Datacenters More than 85 Petabytes of raw disk Over half

319 views • 14 slides
Introduction to OpenStack Nabil Abdennadher nabil.abdennadher@hesge.ch 1 What is OpenStack ?

Introduction to OpenStack Nabil Abdennadher nabil.abdennadher@hesge.ch 1 What is OpenStack ?

Introduction to OpenStack Nabil Abdennadher nabil.abdennadher@hesge.ch 1 What is OpenStack ? Free and open-source cloud-computing software platform Provides services for managing a Cloud environment on the fly. Consists of a

466 views • 10 slides
Execu&amp;on Templates: Caching Control Plane Decisions for Strong Scaling of Data Analy&amp;cs

Execu&amp;on Templates: Caching Control Plane Decisions for Strong Scaling of Data Analy&amp;cs

Execu&amp;on Templates: Caching Control Plane Decisions for Strong Scaling of Data Analy&amp;cs Omid Mashayekhi Hang Qu Chinmayee Shah Philip Levis July 13, 2017 2 2 Cloud Frameworks Machine Graph SQL Streaming Learning Cloud

1.04k views • 56 slides
OpenStack on the EGI Federated Cloud Enol En l Fe Fernndez Cloud ud Archi hitect EGI

OpenStack on the EGI Federated Cloud Enol En l Fe Fernndez Cloud ud Archi hitect EGI

OpenStack on the EGI Federated Cloud Enol En l Fe Fernndez Cloud ud Archi hitect EGI Founda undation eno nol.ferna nande ndez@egi.eu EGI-Engage is co-funded by the Horizon 2020 Framework Programme www.egi.eu www of the

433 views • 30 slides
OpenStack Horizon: Controlling the Cloud using Django David Lapsley @devlaps,

OpenStack Horizon: Controlling the Cloud using Django David Lapsley @devlaps,

OpenStack Horizon: Controlling the Cloud using Django David Lapsley @devlaps, david.lapsley@metacloud.com August 21, 2014 OPENSTACK THAT JUST WORKS OpenStack Horizon in Action OPENSTACK THAT JUST WORKS Launching an Instance Admin Overview

1.18k views • 89 slides
Get a Python job, Work on OpenStack ! about:me Release Manager for OpenStack Chair of

Get a Python job, Work on OpenStack ! about:me Release Manager for OpenStack Chair of

Get a Python job, Work on OpenStack ! about:me Release Manager for OpenStack Chair of OpenStack Technical Committee Python Software Foundation member ttx @ tcarrez @ Cloud ? Buzzword Infrastructure as a service Compute,

700 views • 28 slides
How to Implement FaaS in Lingxian Kong OpenStack for Public Cloud OpenStack Vancouver Summit 1

How to Implement FaaS in Lingxian Kong OpenStack for Public Cloud OpenStack Vancouver Summit 1

How to Implement FaaS in Lingxian Kong OpenStack for Public Cloud OpenStack Vancouver Summit 1 Agenda Qinling - Why another FaaS project? Design&amp;Implementation challenges Demo 2 Why FaaS 3 Projects/Products/Platforms 4

473 views • 15 slides
Continuous delivery to open telekom cloud (OTC) Openstack Summit 2016, B. Folgmann, B.

Continuous delivery to open telekom cloud (OTC) Openstack Summit 2016, B. Folgmann, B.

Continuous delivery to open telekom cloud (OTC) Openstack Summit 2016, B. Folgmann, B. Rederlechner GDC Cloud Consulting &amp; Transformation Services t-systems Transforms whole landscapes to cloud The goal is Cloud - only simpliCiTy, noT

313 views • 15 slides
Future of OpenStack Looking Forward to 2019 Alan.Clark@suse.com What and Why OpenStack

Future of OpenStack Looking Forward to 2019 Alan.Clark@suse.com What and Why OpenStack

Future of OpenStack Looking Forward to 2019 Alan.Clark@suse.com What and Why OpenStack OpenStack is an open source software platform for cloud computing. Mostly deployed as infrastructure-as-a-service (IaaS), whereby virtual servers and

464 views • 25 slides
Surgical Approach to Treatment Fetal period Dx- HLHS, intact atrial septum of Pulmonary

Surgical Approach to Treatment Fetal period Dx- HLHS, intact atrial septum of Pulmonary

4/21/2018 Surgical Good outcome Surgical Approach to Treatment Fetal period Dx- HLHS, intact atrial septum of Pulmonary Vein Stenosis Pulmonary lymphangiectasia &gt; stent Gradient in stent Delivered &gt; O.R. (~2.4 kg)

327 views • 11 slides
INNOVATION COLONIES: Disrupting the Fortune 500 Dominic Holt Dominic Holt Slide 3 ACM

INNOVATION COLONIES: Disrupting the Fortune 500 Dominic Holt Dominic Holt Slide 3 ACM

Slide 2 INNOVATION COLONIES: Disrupting the Fortune 500 Dominic Holt Dominic Holt Slide 3 ACM Highlights Learning Center tools for professional development: http: / / learning.acm.org 4,000+ trusted technical books and videos by O

666 views • 19 slides
Infants -Dr. Renee Baillargeon, Rose M. Scott, Zijing He - Kuldeep Yadav (10358) Lets start

Infants -Dr. Renee Baillargeon, Rose M. Scott, Zijing He - Kuldeep Yadav (10358) Lets start

False Belief Understanding in Infants -Dr. Renee Baillargeon, Rose M. Scott, Zijing He - Kuldeep Yadav (10358) Lets start with a situation If this question is asked to you You will answer Box A If I ask this same question to the

514 views • 13 slides
Data Structures Practice Introduction to Markov Chaining Checkout DataStructures project from SVN

Data Structures Practice Introduction to Markov Chaining Checkout DataStructures project from SVN

Data Structures Practice Introduction to Markov Chaining Checkout DataStructures project from SVN Array List Linked List Stack Queue Set Map Implementations for all of these are provided by the Java Collections Framework

369 views • 19 slides
Lecture 40 final exam review Mark Hasegawa-Johnson 5/6/2020 Some sample problems DNNs:

Lecture 40 final exam review Mark Hasegawa-Johnson 5/6/2020 Some sample problems DNNs:

Lecture 40 final exam review Mark Hasegawa-Johnson 5/6/2020 Some sample problems DNNs: Practice Final, question 23 Reinforcement learning: Practice Final, question 24 Games: Practice Final, question 25 Game theory: Practice

604 views • 43 slides
Plan for Today Remarks by OLLI Director Megan Whilden Introduction of MFW and Kate

Plan for Today Remarks by OLLI Director Megan Whilden Introduction of MFW and Kate

Plan for Today Remarks by OLLI Director Megan Whilden Introduction of MFW and Kate Discussion of Zoom features and how to use them (practice with Polls #4 and #5 ) A Land Acknowledgment Outline of Topics to be addressed in this

444 views • 10 slides
Storytimes and Transitions with Lessons for Early Educators from Youth Librarians with Amadee

Storytimes and Transitions with Lessons for Early Educators from Youth Librarians with Amadee

10/23/2018 Storytimes and Transitions with Lessons for Early Educators from Youth Librarians with Amadee Ricketts Education Experience Masters degree Fourteen years in Library and in youth services Information Science

428 views • 15 slides
INF5890 IT and Management Project Management in Practice: handling complexity and uncertainty

INF5890 IT and Management Project Management in Practice: handling complexity and uncertainty

INF5890 IT and Management Project Management in Practice: handling complexity and uncertainty March 10, 2016 Xenia Vasilakopoulou - IFI xvasil@ifi.uio.no Recap previous lectures What is a project How to manage a project When

209 views • 20 slides

More recommend