highly resilient multi region keystone deployments
play

Highly resilient, multi-region Keystone deployments Michael - PowerPoint PPT Presentation

Mar 31, 2023 •8 likes •528 views

Highly resilient, multi-region Keystone deployments Michael Richardson // 22 May 2018 1 2.1 3 Purpose Caveats SQL-backed deployment All regions are considered equal "Standard" regions, not singular Edge nodes 4 Compute Storage

  1. Highly resilient, multi-region Keystone deployments Michael Richardson // 22 May 2018 1

  2. 2.1

  4. 3

  5. Purpose Caveats SQL-backed deployment All regions are considered equal "Standard" regions, not singular Edge nodes 4

  6. Compute Storage Network Images Dashboard Billing VPNaaS LBaaS Orchestration GPUs CaaS BYON BYOIP Region1 5

  7. Compute Storage Network Images Dashboard Billing VPNaaS Identity LBaaS Orchestration GPUs CaaS BYON BYOIP Region1 6

  8. Compute Storage Network Compute Storage Network Images Dashboard Billing Images Dashboard Billing VPNaaS Identity LBaaS VPNaaS LBaaS Identity Orchestration Orchestration GPUs CaaS BYON BYOIP GPUs CaaS BYON BYOIP Region1 Region2 7

  9. Compute Storage Network Images Dashboard Billing VPNaaS Identity LBaaS Orchestration GPUs CaaS BYON BYOIP Region1 Compute Storage Network Compute Storage Network Images Dashboard Billing Images Dashboard Billing VPNaaS Identity LBaaS VPNaaS Identity LBaaS Orchestration Orchestration GPUs CaaS BYON BYOIP GPUs CaaS BYON BYOIP Region3 Region2 8

  10. 9

  11. 10

  12. 11

  13. What if Keystone should fail? No API requests No Dashboard No metrics collection Data plane AOK No orchestration 12

  14. Keystone (then) UWSGI + Nginx, HAProxy, Memcached MariaDB Galera cluster Giftwrapped python virtualenv Kilo, UUID tokens 13

  15. The Internets External proxies API node1 API node2 API node3 Memcache Memecache Memcache node1 node2 node3 Internal proxies DB node1 DB node2 DB node3 14

  16. Requirements Loss of a region should not affect the operation of any other region Major partition must continue as before Minor partition may continue in read-only mode All users and project data should be available in each region Self-healing 15

  17. Options 16

  18. Multiple Keystones A single Keystone 17

  19. Federation Solves a different problem. 18

  20. CockroachDB Too soon. http://lists.openstack.org/pipermail/openstack- dev/2017-May/117018.html 19

  21. Master-slave replication Asynchronous. 20

  22. Circular replication Ye-olde multi-master. 21

  23. Galera site-to-site replication No benefit at this scale. 22

  24. Design A single, inter-region Galera cluster, with an odd number of nodes Nodes in all regions Providing data for all regions One Keystone database Synchronous replication Inserts/updates/locks must be negligable Fernet tokens 23

  25. Design Distinct authentication endpoints in each region, that back onto the same DB cluster. Other regions must be able to take over if all nodes are down Frontend, backend proxy configuration Region-specific service (Nova, neutron etc.) DB clusters But, pointing to the inter-region Keystone service 24

  26. Implementation 25

  27. Keystone upgrade Upgrade the Keystone APIs Kilo to Mitaka One release, micro-(scheduled)-outage Straightforward 26

  28. Keystone configuration Multiple Keystone API nodes per region As before (Nginx + UWSGI) All sitting behind redundant HAProxy nodes 27

  29. Multi-factor authentication Password plus TOTP Can be enabled per account by users Works with the APIs https://github.com/catalyst-cloud/adjutant-mfa 28

  30. 29

  31. 30

  32. 31

  33. What's inside? curl $keystone_endpoint:35357/v3/auth/tokens \ -H "X-Subject-Token: {{ fernet_token }}" \ -H "X-Auth-Token: {{ admin_token }}" \ | python -m json.tool 32

  34. 33

  35. Inter-region Galera cluster Redundant links between regions Odd number of nodes per region wsrep_dirty_reads = 1 wsrep_sync_wait = 0 wsrep_slave_threads = "n. cores" max_connections = "high" 34

  36. Inter-node connectivity mysql = tcp/3306 galera replication = {tcp,udp}/4567 galera IST = tcp/4568 galera SST = tcp/4444 35

  37. Testing Lock/load test across all regions pseudo-code { while true; do check cluster size, cluster status for each in region A B C; do locking-operation in region ${each} for region in A B C; do read and verify from ${region} done done done } 36

  38. Memcache configuration One thread per core 512 MB for storage Objects cached for 60 minutes 37

  39. 38

  40. Proxies and endpoints Final cutover Internal, external proxies updated Migrate to new cluster Endpoints in each region were now active, but not advertised. Services in each region were re-pointed to the local endpoint Additional endpoints now added to the Catalog Endpoints "unversioned" 39

  41. Proxies and endpoints External proxy configuration Local endpoints utilise remote regions endpoints as backup servers Allows the other regions to take over Transparent failover 40

  43. The Internets External proxies API node1 API node2 Memcache node1 API node3 Memecache node2 Memcache DB node1 Internal proxies node3 DB node2 DB node3 API node3 Memcache DB node3 node3 The Internets External proxies Internal proxies API node2 Memecache DB node2 node2 DB node1 API node1 Memcache node1 DB node1 DB node2 node1 Memcache Internal proxies DB node3 node2 API node1 Memecache node3 API node2 Memcache External proxies API node3 The Internets 41

  44. 42

  45. 43

  46. 44

  47. 45

  48. Where to from here? Global endpoints MFA in/from master Keystone from $release n-1. 46

  49. Summary Keystone: Fernet with caching Galera: single DB, geo-distributed, redundant paths 47

  50. Summary External proxies Other regions must be present as backup servers Keepalived DNS round-robin between multiple VRRP addresses Configure each to have one master, the others as backup 48

  51. Thank you 49

  52. 50

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Highly available cross-region deployments with Kubernetes Bastian Hofmann @BastianHofmann

Highly available cross-region deployments with Kubernetes Bastian Hofmann @BastianHofmann

Highly available cross-region deployments with Kubernetes Bastian Hofmann @BastianHofmann Container orchestration platform Deploy, run and scale your services in isolated containers No vendor lock in Standardized APIs Runs on Your laptop

2.39k views • 139 slides
Planning for a Resilient Houston Planning for a Resilient Houston - Galveston Region Galveston

Planning for a Resilient Houston Planning for a Resilient Houston - Galveston Region Galveston

Planning for a Resilient Houston Planning for a Resilient Houston - Galveston Region Galveston Region Addressing Resiliency in Regional Transportation Plans Workshop Kristina Ronneberg June 26, 2019 1 Resiliency Planning Resiliency Planning

550 views • 14 slides
Build Highly Resilient Applications with Redis Enterprise Clustering MAY 2019 | MANUEL HURTADO

Build Highly Resilient Applications with Redis Enterprise Clustering MAY 2019 | MANUEL HURTADO

Build Highly Resilient Applications with Redis Enterprise Clustering MAY 2019 | MANUEL HURTADO Redis Introduction Most Loved Databases 2017, 2018 & 2019 Stack Overflow survey, among >100K developers % of devs who expressed interest in

364 views • 35 slides
All DC Inverter Multi VRF In 2012, Gree highly promoted GMV5 All DC Inverter Multi VRF New

All DC Inverter Multi VRF In 2012, Gree highly promoted GMV5 All DC Inverter Multi VRF New

All DC Inverter Multi VRF In 2012, Gree highly promoted GMV5 All DC Inverter Multi VRF New breakthrough in comfort ability, intelligent control and design. Eight More power product series More powerful product series prominent advantages More

1.63k views • 75 slides
to Critical Information Infrastructure Haythem EL MIR, CISSP CEO, keystone Group & CISRT.tn

to Critical Information Infrastructure Haythem EL MIR, CISSP CEO, keystone Group & CISRT.tn

Building the Digital Keystone Cyber Threats to Critical Information Infrastructure Haythem EL MIR, CISSP CEO, keystone Group & CISRT.tn www.keystone.tn Building the Digital Keystone State Sponsored Attacks Political Warfare

519 views • 37 slides
2 Resilient lient grow owth h in n the he fac ace e of of glob obal al an and region

2 Resilient lient grow owth h in n the he fac ace e of of glob obal al an and region

2 Resilient lient grow owth h in n the he fac ace e of of glob obal al an and region ional al he head adwinds winds Drivers of Africas growth GDP growth (%) 10 Strong public investment in infrastructure 8 6 Asia Pacific

768 views • 58 slides
March 10, 2017 FY 2016 Operational and Financial Results FY 2016: A Highly Resilient Stance in a

March 10, 2017 FY 2016 Operational and Financial Results FY 2016: A Highly Resilient Stance in a

FY 2016 Earnings Presentation March 10, 2017 FY 2016 Operational and Financial Results FY 2016: A Highly Resilient Stance in a Year of Perfect Storm... Superior operational and financial performance marked by Passenger, Revenue and EBITDA

298 views • 14 slides
Keystone and SAML in multi-tenant environments Two concepts get together Alex Alex Stel

Keystone and SAML in multi-tenant environments Two concepts get together Alex Alex Stel

Keystone and SAML in multi-tenant environments Two concepts get together Alex Alex Stel ellwag, Open Telekom Cloud Architect ,T-Systems Yue uefen eng Pan an, Senior Cloud Solutions Architect, Huawei Open Telekom Cloud 26.06.2017 1

294 views • 28 slides
ReSIST NoE ReSIST Resilience for Survivability in IST Resilient Computing: a multi-disciplinary

ReSIST NoE ReSIST Resilience for Survivability in IST Resilient Computing: a multi-disciplinary

ReSIST NoE ReSIST Resilience for Survivability in IST Resilient Computing: a multi-disciplinary MSc Curriculum Luca Simoncini Professor of Computer Engineering Faculty of Engineering, University of Pisa, Italy 2009/10/8-9 Paris, France

215 views • 17 slides
Bridging Clouds with Keystone to Keystone Federation Vishakha Agarwal Colleen Murphy Who are

Bridging Clouds with Keystone to Keystone Federation Vishakha Agarwal Colleen Murphy Who are

Bridging Clouds with Keystone to Keystone Federation Vishakha Agarwal Colleen Murphy Who are we? Vishakha Agarwal (vishakha) Senior Member Technical Staff at NEC Keystone contributor Colleen Murphy (cmurphy)

568 views • 30 slides
Coordinating Multi-region and Multi-stakeholder Research Presentation by: Angela Kaida, Allison

Coordinating Multi-region and Multi-stakeholder Research Presentation by: Angela Kaida, Allison

Coordinating Multi-region and Multi-stakeholder Research Presentation by: Angela Kaida, Allison Carter, and Valerie Nicholson At: Gathering of Spirits: Canadian women, trans people, and girls HIV research collaborative Special Session at

280 views • 10 slides
KEYSTONE: the last missing framework for Reverse Engineering www.keystone-engine.org NGUYEN Anh

KEYSTONE: the last missing framework for Reverse Engineering www.keystone-engine.org NGUYEN Anh

KEYSTONE: the last missing framework for Reverse Engineering www.keystone-engine.org NGUYEN Anh Quynh <aquynh -at- gmail.com> RECON - June 19th, 2016 1 / 48 NGUYEN Anh Quynh KEYSTONE: the last missing framework for Reverse Engineering

731 views • 48 slides
Keystone Policy Series CENSUS 2020 Update for PA Funders Welcome! Keystone Policy Series

Keystone Policy Series CENSUS 2020 Update for PA Funders Welcome! Keystone Policy Series

Keystone Policy Series CENSUS 2020 Update for PA Funders Welcome! Keystone Policy Series This webinar is being recorded and will available for distribution following todays program. All lines will be muted during this call, please

341 views • 30 slides
I-SEM Rules Liaison Group Day-ahead market (MRC) 21 st January 2015 MRC Multi-Region Coupling

I-SEM Rules Liaison Group Day-ahead market (MRC) 21 st January 2015 MRC Multi-Region Coupling

I-SEM Rules Liaison Group Day-ahead market (MRC) 21 st January 2015 MRC Multi-Region Coupling Price Coupling of Regions (PCR) started as regional implementation (e.g., NWE, CWE, etc.) Multi-Region Coupling (MRC) represents merging of

487 views • 13 slides
FTSE 250 E&P Company Focused On The Highly Attractive Eastern Mediterranean Region Vision :

FTSE 250 E&P Company Focused On The Highly Attractive Eastern Mediterranean Region Vision :

June 2018 FTSE 250 E&P Company Focused On The Highly Attractive Eastern Mediterranean Region Vision : Premier Eastern Mediterranean Independent E&P Player 2 2 Energean At A Glance Delivering a 2.4 Tcf Project in Israel Management

645 views • 26 slides
Champion Meeting #2 January 15, 2013 Welcome! R5DC Resilient Region Plan Is a Community Driven

Champion Meeting #2 January 15, 2013 Welcome! R5DC Resilient Region Plan Is a Community Driven

Champion Meeting #2 January 15, 2013 Welcome! R5DC Resilient Region Plan Is a Community Driven University Assisted Partnership Pursuing E 2 Economic and Environmental Vitality January 15 th Champions Meeting Slide 1 Slide 2 2 Mission

172 views • 4 slides
AI IR RC CR RA AF FT T S SP PE EC CI IF FI IC CA AT TI IO ON NS S A 2008

AI IR RC CR RA AF FT T S SP PE EC CI IF FI IC CA AT TI IO ON NS S A 2008

AI IR RC CR RA AF FT T S SP PE EC CI IF FI IC CA AT TI IO ON NS S A 2008 CESSNA 400 S E S N N U R : : 4 41 11 10 07 76 6 ER RI IA AL L UM MB BE ER R E N U : N4 42 28 8X X R N R : N EG GI IS ST TR

227 views • 7 slides
VENUE FOR LCM2015 Bordeaux Convention Center From the Airport, Bordeaux Mrignac From the Railway

VENUE FOR LCM2015 Bordeaux Convention Center From the Airport, Bordeaux Mrignac From the Railway

VENUE FOR LCM2015 Bordeaux Convention Center From the Airport, Bordeaux Mrignac From the Railway Station, Gare St Jean to the Congress Centre to the Congress Centre Bordeaux-Lac Hotel District Bordeaux-Lac Hotel District By taxi : 20 mns

390 views • 14 slides
Metal Wood Framer Wall, Floor and Ceiling Framing add-in application for Autodesk Revit

Metal Wood Framer Wall, Floor and Ceiling Framing add-in application for Autodesk Revit

www.strucsoftsolutions.com Metal Wood Framer Wall, Floor and Ceiling Framing add-in application for Autodesk Revit Presented by Strucsoft www.strucsoftsolutions.com Overview What is MWF? Extension that runs on Revit Structure,

106 views • 10 slides
French ce: An Anti-logophoric Demonstrative V. Homer, February 13 2019 1 Background French

French ce: An Anti-logophoric Demonstrative V. Homer, February 13 2019 1 Background French

French ce: An Anti-logophoric Demonstrative V. Homer, February 13 2019 1 Background French as a demonstrative, ce, which can combine with an NP, pretty much like this/that does (there is only one demonstrative, not marked for distance; the

228 views • 10 slides
2/25/2020 2020 CENSUS COMPLETE COUNT Ac hie ving a Comple te and REGIONAL TRAINING WORKSHOP Ac c

2/25/2020 2020 CENSUS COMPLETE COUNT Ac hie ving a Comple te and REGIONAL TRAINING WORKSHOP Ac c

2/25/2020 2020 CENSUS COMPLETE COUNT Ac hie ving a Comple te and REGIONAL TRAINING WORKSHOP Ac c urate Count CENSUS 101 2020CENSUS.GOV CENSUS 2020 GOAL Ensure that everyone is counted once, only once, and in the right place. WHAT is the census?

227 views • 9 slides
First Quarter 2009 - A Good Start 1Q 2009 Results Presentation - 29 April 2009 Agenda 1Q 2009

First Quarter 2009 - A Good Start 1Q 2009 Results Presentation - 29 April 2009 Agenda 1Q 2009

First Quarter 2009 - A Good Start 1Q 2009 Results Presentation - 29 April 2009 Agenda 1Q 2009 Results Back Up Commenting 1Q 2009 Results Strong trend with 60k net adds Customer Base Growth Significant improvement vs 4Q 2008

573 views • 16 slides
Motion generation for humanoid robots aiming at industrial applications June 21-22 th 2017,

Motion generation for humanoid robots aiming at industrial applications June 21-22 th 2017,

LAAS-CNRS Laboratoire conventionn avec lUniversit Fdrale de T oulouse Midi-Pyrnes Motion generation for humanoid robots aiming at industrial applications June 21-22 th 2017, Robotex, TechDays 2017, Clermont-Ferrand O. Stasse,

436 views • 31 slides
Liberating energy innovators Data, AI, IOT, Blockchain are critical uncertainties for NZ energy

Liberating energy innovators Data, AI, IOT, Blockchain are critical uncertainties for NZ energy

Liberating energy innovators Data, AI, IOT, Blockchain are critical uncertainties for NZ energy sector in 2018 Significant variation in R&D investment StatsNZ, 15 of the 40+ industries and sub-industries shown Domestic industries 40%

445 views • 15 slides

More recommend