isn t it ironic
play

Isn't it Ironic? Managing a bare metal cloud Devananda van der Veen - PowerPoint PPT Presentation

Sep 26, 2022 •220 likes •625 views

Isn't it Ironic? Managing a bare metal cloud Devananda van der Veen twitter: @devananda devananda.github.io/talks/isnt-it-ironic.html Who am I Master Engineer at HP OpenStack Ironic PTL OpenStack Technical Committee What we're going to talk

  1. Isn't it Ironic? Managing a bare metal cloud Devananda van der Veen twitter: @devananda devananda.github.io/talks/isnt-it-ironic.html

  2. Who am I Master Engineer at HP OpenStack Ironic PTL OpenStack Technical Committee

  3. What we're going to talk about Virtualization & OpenStack Ironic's architecture Configuration choices you need to make Operations Limitations Walk through a deploy

  4. "OpenStack is not a virtualization layer. It is an abstraction layer." - Daniel Sabbah, CTO @ IBM

  5. Google trends: Virtualization & Cloud Computing

  6. Google trends: DevOps & OpenStack

  7. What do developers really want? Separate application delivery from hardware procurement Self-service API for Compute [Network, Storage] resources More control + More flexibility

  8. So what is this Ironic thing, anyway? Python services that abstract hardware management Consistent API across server vendors Integrate with OpenStack - or run Ironic by itself!

  9. Key Components ironic-api: RESTful API service ironic-conductor: interacts directly with hardware; asynchronous handling of both requested and periodic actions. ironic-python-agent: utility service, temporarily booted on machines to provide remote access to hardware for provisioning and management. Nova driver: interface for Nova; enables OpenStack to provide common abstraction for virtual and physical machines. discoverd ramdisk: optional tool for hardware inventory management. bifrost: ansible modules for getting started with Ironic outside of OpenStack.

  11. Open Technologies IPMI: intelligent platform management interface, for remote control of machine power state, boot device, serial console, etc. DHCP: dynamic host configuration protocol, used to locate the NBP on the network, and provide the host OS with IP address during init TFTP: trivial file transfer protocol, copies the NBP over the network PXE: pre-boot execution environment, allows host to boot from network iPXE: recent enhancements make PXE more flexible, supported on most hardware iSCSI: used to remotely attach to HDD and copy the machine image

  12. What about Vendor-specific enhancements? Yes! SeaMicro, Dell, Fujitsu, HP, IBM, Intel, OpenCompute, Cisco, ...

  13. And so you have options... ! IPMI: vendor-specific power management; varies by vendor ! DHCP: static IP injection is possible, but not suitable for larger or dynamic environments ! PXE: boot over virtual media channel; support varies by vendor ! iSCSI: user image can be fetched directly by "agent" drivers

  14. ... and options ... Homogeneous hardware? Easy! Heterogeneous hardware? Use nova-scheduler to match flavor <=> node.properties Single tenant / small deployment? Flat network. Maybe use Ironic stand-alone Service provider for multiple tenants? Use Keystone for auth, Nova for quota management, Neutron for net isolation (*) Basically, use OpenStack Untrusted tenants? Network isolation is possible via Neutron Secure-erase disks, flash firmware between each use (Some assembly required)

  15. New in Kilo: Instances may boot from local disk with all drivers Local configdrives remove dependence on meta-data service Secure-erase disk drives between each use API version headers improve compatibility during upgrades Nodes may be addressed by logical names in addition to UUIDs Drivers may store internal attributes and can register their own periodic tasks

  16. Operations Configuration Building Images Limitations

  17. Nova Configuration [default] # Driver to use for controlling virtualization. Options compute_driver=nova.virt.ironic.IronicDriver # Firewall driver (defaults to hypervisor specific iptables driver) firewall_driver=nova.virt.firewall.NoopFirewallDriver # The scheduler host manager class to use (string value) scheduler_host_manager=nova.scheduler.ironic_host_manager.IronicHostManager # Virtual ram to physical ram allocation ratio which affects # all ram filters. This configuration specifies a global ratio ram_allocation_ratio=1.0 # Amount of disk in MB to reserve for the host (integer value) reserved_host_memory_mb=0 # Full class name for the Manager for compute (string value) compute_manager=ironic.nova.compute.manager.ClusteredComputeManager

  18. Nova Configuration pt 2 [ironic] # Ironic keystone admin name admin_username=ironic #Ironic keystone admin password. admin_password=IRONIC_PASSWORD # keystone API endpoint admin_url=http://IDENTITY_IP:35357/v2.0 # Ironic keystone tenant name. admin_tenant_name=service # URL for Ironic API endpoint. api_endpoint=http://IRONIC_NODE:6385/v1

  19. Building Your Machine Images with diskimage-builder disk-image-create -a amd64 -o my-image -t qcow2 \ vm ubuntu serial-console cloud-init-datasources glance image-create --name my-image --is-public True \ --disk-format qcow2 --container-format bare < my-image.qcow2

  20. Managing Nova Flavors Create the flavor nova flavor-create my-baremetal-flavor auto $RAM_MB $DISK_GB $CPU Setting additional hints ironic node-update add properties/capabilities='boot_mode:uefi' nova flavor-key my-baremetal-flavor set capabilities:boot_mode="uefi"

  22. Limitations Firmware and RAID Plugin framework exists in ironic-python-agent, but... Today, you must BYO plugin NICs <-> Networks Nova only supports one-to-one mapping today Provisiong Network <-> Tenant Network Separation Upstream only supports flat network today. Out-of-tree options exist; being upstreamed now Per-tenant Network Isolation No official support today; several solutions proposed. Work with Neutron is happening now

  23. Examples or Demo?

  24. Enroll Hardware $ ironic node-create -d agent_ipmitool \ -i ipmi_username=admin -i ipmi_password=fake -i ipmi_address=10.1.2.3 \ -p cpus=4 -p memory_mb=8192 -p local_gb=500 \ -e note='spare server' -n mytest +--------------+-------------------------------------------------------------+ | Property | Value | +--------------+-------------------------------------------------------------+ | chassis_uuid | None | | driver | agent_ipmitool | | driver_info | {u'ipmi_address': u'10.1.2.3', u'ipmi_username': u'admin', | | | u'ipmi_password': u'******'} | | extra | {u'note': u'spare server'} | | properties | {u'memory_mb': u'8192', u'local_gb': u'500', u'cpus': u'4'} | | uuid | 7a1ce8d0-9679-4d87-8f54-b11f6e8adb8f | | name | mytest | +--------------+-------------------------------------------------------------+ $ ironic port-create -n 7a1ce8d0-9679-4d87-8f54-b11f6e8adb8f -a 00:11:22:00:11:22 +-----------+--------------------------------------+ | Property | Value | +-----------+--------------------------------------+ | node_uuid | 7a1ce8d0-9679-4d87-8f54-b11f6e8adb8f | | extra | {} | | uuid | 024e52b2-6ae4-483b-a039-d6afae7f6a22 | | address | 00:11:22:00:11:22 | +-----------+--------------------------------------+

  25. Validate provided info $ ironic node-validate 7a1ce8d0-9679-4d87-8f54-b11f6e8adb8f +------------+--------+-------------------------------------------------------------- | Interface | Result | Reason +------------+--------+-------------------------------------------------------------- | console | False | Missing 'ipmi_terminal_port' parameter in node's driver_info. | deploy | False | Node 7a1ce8d0-9679-4d87-8f54-b11f6e8adb8f failed to validate deploy image info. Some parameters were missing. Missing are: ['driver_info.deploy_kernel', 'driver_info.deploy_ramdisk', 'instance_info.image_source' | inspect | None | not supported | management | True | | power | True | +------------+--------+--------------------------------------------------------------

  26. Oops (I forgot a few options)

  27. Add or change options $ ironic node-update mytest add \ instance_info/image_source=http://192.168.1.1/myimage.qcow2 \ instance_info/image_checksum=e1d99d6d0ef2144a8d672b0420c547b5 $ ironic node-update mytest add \ driver_info/deploy_ramdisk=http://192.168.1.1/deploy.initrd \ driver_info/deploy_kernel=http://192.168.1.1/deploy.vmlinuz $ ironic node-update mytest replace extra/note='database' name=db01.example +------------------------+------------------------------------------------- | Property | Value +------------------------+------------------------------------------------- | extra | {u'note': u'database'} | name | db01.example

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Bare Metal In The Cloud: Isnt it Ironic? by Dmitry Tantsur and Ilya Etingof, Red Hat In this

Bare Metal In The Cloud: Isnt it Ironic? by Dmitry Tantsur and Ilya Etingof, Red Hat In this

Bare Metal In The Cloud: Isnt it Ironic? by Dmitry Tantsur and Ilya Etingof, Red Hat In this talk What's bare metal provisioning Ironic introduction and work flows The future of ironic Why bare metal allocation Raw

478 views • 4 slides
Ironic Grenade Blowing up our upgrades Vlad Drok (vdrok) - Mirantis Vasyl Saienko (vsaienko) -

Ironic Grenade Blowing up our upgrades Vlad Drok (vdrok) - Mirantis Vasyl Saienko (vsaienko) -

Ironic Grenade Blowing up our upgrades Vlad Drok (vdrok) - Mirantis Vasyl Saienko (vsaienko) - Mirantis John Villalovos (jlvillal) - Intel Corporation mirantis.com intel.com How we made Grenade work in Ironic What is Grenade and Ironic

426 views • 24 slides
Ironic Project Update, OpenStack Summit Sydney Julia Kreger - TheJulia -

Ironic Project Update, OpenStack Summit Sydney Julia Kreger - TheJulia -

November 2017 Ironic Project Update, OpenStack Summit Sydney Julia Kreger - TheJulia - juliaashleykreger@gmail.com Hironori Shiina - hshiina - shiina.hironori@jp.fujitsu.com What is Ironic? A project to provide an API service and tooling to

700 views • 27 slides
Mutually Assured Pwnage (Yes, this slide is meant to be ironic) We believe we're seeing

Mutually Assured Pwnage (Yes, this slide is meant to be ironic) We believe we're seeing

Mutually Assured Pwnage (Yes, this slide is meant to be ironic) We believe we're seeing something a little like a cyber Cold War. -- Dmitri Alperovitch, VP Threat Research, McAfee How Cyberwar is like the Cold War Its not a war.

744 views • 43 slides
Isn't it Ironic? The Types of Irony Learning Objective n We will be able to identify and

Isn't it Ironic? The Types of Irony Learning Objective n We will be able to identify and

Isn't it Ironic? The Types of Irony Learning Objective n We will be able to identify and explain the three types of Irony through the use of a variety of pictures and texts. n The Warm-up Question n Types of Irony Graphic Organizer

688 views • 29 slides
Learnings from scaling Ironic at Yahoo Arun S A G saga@yahoo-inc.com zer0c00l on freenode Yahoo

Learnings from scaling Ironic at Yahoo Arun S A G saga@yahoo-inc.com zer0c00l on freenode Yahoo

Learnings from scaling Ironic at Yahoo Arun S A G saga@yahoo-inc.com zer0c00l on freenode Yahoo Inc May 08, 2017 https://github.com/sagarun/presentations/ Background and Architecture 1 / 25 Cluster Architecture OOB - ipmi power management

664 views • 49 slides
Server Life-cycle Management with Ironic at CERN Arne Wiebalck &amp; Surya Seetharaman CERN

Server Life-cycle Management with Ironic at CERN Arne Wiebalck &amp; Surya Seetharaman CERN

From Hire to Retire! Server Life-cycle Management with Ironic at CERN Arne Wiebalck &amp; Surya Seetharaman CERN Cloud Infrastructure Team CERN and CERN IT in 1 Minute ... Understand the mysteries of the universe! Large Hadron Collider

311 views • 28 slides
Hacking Appliances: Ironic exploits in security products Ben Williams 9:22 AM Proposition

Hacking Appliances: Ironic exploits in security products Ben Williams 9:22 AM Proposition

9:22 AM Hacking Appliances: Ironic exploits in security products Ben Williams 9:22 AM Proposition There is a temptation to think of Security Appliances as impregnable fortresses, this is definitely a mistake. Security Appliance (noun) -

1.1k views • 63 slides
Ironic Deploy Templates: Bespoke Bare Metal Mark Goddard | mgoddard Open Infrastructure Summit |

Ironic Deploy Templates: Bespoke Bare Metal Mark Goddard | mgoddard Open Infrastructure Summit |

Ironic Deploy Templates: Bespoke Bare Metal Mark Goddard | mgoddard Open Infrastructure Summit | Denver 2019 Intro Work for StackHPC in Bristol, UK Working on OpenStack for HPC since 2014 Previously at Cray Core in

638 views • 51 slides
P ROFILING THE SENSORIAL , EMOTIONAL , AND IRONIC LIFE OF A CITY ROSSANO SCHIFANELLA PAN @ CLEF

P ROFILING THE SENSORIAL , EMOTIONAL , AND IRONIC LIFE OF A CITY ROSSANO SCHIFANELLA PAN @ CLEF

P ROFILING THE SENSORIAL , EMOTIONAL , AND IRONIC LIFE OF A CITY ROSSANO SCHIFANELLA PAN @ CLEF 2017 September 12st, 2017 Eureka Presentation Few words about me Eureka Presentation @UNITO TURIN DISTRIBUTED SYSTEMS RECOMMENDER SYSTEMS Eureka

1.3k views • 108 slides
Oliver Niebuhr 7th International Conference of Speech Prosody Dublin, Ireland Thursday, 22 May,

Oliver Niebuhr 7th International Conference of Speech Prosody Dublin, Ireland Thursday, 22 May,

Analysis of Spoken Language, Dept. of General Linguistics, Kiel University A little more ironic Voice quality and segmental reduction differences between sarcastic and neutral utterances Oliver Niebuhr 7th International Conference of

385 views • 19 slides
REVELATION Its all about Jesus! REVELATION IS APOCALYPTIC LITERATURE Apocalyptic literally

REVELATION Its all about Jesus! REVELATION IS APOCALYPTIC LITERATURE Apocalyptic literally

REVELATION Its all about Jesus! REVELATION IS APOCALYPTIC LITERATURE Apocalyptic literally means to reveal Which is ironic because it seems so weird and hidden (like secret code) It is often used by biblical prophets

237 views • 8 slides
Work and Well Being in certain Climate Change Scenario s Project under UNDP-AP-GEM With funding

Work and Well Being in certain Climate Change Scenario s Project under UNDP-AP-GEM With funding

Work and Well Being in certain Climate Change Scenario s Project under UNDP-AP-GEM With funding support from the Government of Japan Gender and Work - ironic that womens work has been consistently underrepresented in many national

546 views • 31 slides
A1 (Part 2): Injection SQL Injection SQL injection is prevalent SQL injection is impactful Why a

A1 (Part 2): Injection SQL Injection SQL injection is prevalent SQL injection is impactful Why a

A1 (Part 2): Injection SQL Injection SQL injection is prevalent SQL injection is impactful Why a password manager is a good idea! SQL injection is ironic SQL injection is funny Overviewtrated Account Summary Account: Account: &quot;SELECT

445 views • 32 slides
Library Accessibility Disability Informatics 2019 Stephanie Rosen bit.ly/2NOIEVc About me, an

Library Accessibility Disability Informatics 2019 Stephanie Rosen bit.ly/2NOIEVc About me, an

Library Accessibility Disability Informatics 2019 Stephanie Rosen bit.ly/2NOIEVc About me, an Accessibility Specialist Describing Visual Resources Toolkit I find it ironic that a press which publishes books on disability and culture has so

656 views • 18 slides
Deploying a baremetal cloud is hard Julia Kreger Open Source Developer Advocate IBM Twitter:

Deploying a baremetal cloud is hard Julia Kreger Open Source Developer Advocate IBM Twitter:

Deploying a baremetal cloud is hard Julia Kreger Open Source Developer Advocate IBM Twitter: @ashinclouds OpenStack Summit Sydney Email: juliaashleykreger@gmail.com November 6th, 2017 A little about me! Ironic contributor since early 2015.

733 views • 47 slides
Automating security policies From deployment to auditing with Rudder Jonathan CLARKE

Automating security policies From deployment to auditing with Rudder Jonathan CLARKE

Automating security policies From deployment to auditing with Rudder Jonathan CLARKE jcl@normation.com Normation CC-BY-SA normation.com Who am I ? Jonathan Clarke Job: Co-founder and CTO at Normation Line of work:

282 views • 24 slides
Advances in Programming Languages APL17: Safer C Programming with Cyclone Ian Stark School of

Advances in Programming Languages APL17: Safer C Programming with Cyclone Ian Stark School of

Advances in Programming Languages APL17: Safer C Programming with Cyclone Ian Stark School of Informatics The University of Edinburgh Monday 17 March 2008 Semester 2 Week 11 Coursework Statistics Total of 30 submissions, with all topics

554 views • 23 slides
AIST GRID CA Updates APGrid PMA meeting, Nov. 29, 2005 Yoshio Tanaka (yoshio.tanaka@aist.go.jp

AIST GRID CA Updates APGrid PMA meeting, Nov. 29, 2005 Yoshio Tanaka (yoshio.tanaka@aist.go.jp

AIST GRID CA Updates APGrid PMA meeting, Nov. 29, 2005 Yoshio Tanaka (yoshio.tanaka@aist.go.jp yoshio.tanaka@aist.go.jp) ) Yoshio Tanaka ( Grid Technology Research Center, Grid Technology Research Center, AIST, Japan Japan AIST, National

256 views • 13 slides
Computer Security 3e Dieter Gollmann Chapter 7: 1 Security.di.unimi.it/sicurezza1516/ Chapter

Computer Security 3e Dieter Gollmann Chapter 7: 1 Security.di.unimi.it/sicurezza1516/ Chapter

Computer Security 3e Dieter Gollmann Chapter 7: 1 Security.di.unimi.it/sicurezza1516/ Chapter 7: Unix Security Chapter 7: 2 Objectives Understand the security features provided by a typical operating system. Introduce the basic Unix

667 views • 62 slides
1 Grading Policy Homework and Projects Homework 15% Homeworks: 7 homework

1 Grading Policy Homework and Projects Homework 15% Homeworks: 7 homework

Course Information CS/ECE 438, CSE 425 Instructor Communication Networks Prof. Nikita Borisov Office Hours: 460 CSL, 244-5385 10-12 Tuesdays nikita@uiuc.edu or by appointment TA Nikita Borisov Monika Battala,

342 views • 9 slides
Device connection and startup 1 computer startup startup via network bootp

Device connection and startup 1 computer startup startup via network bootp

Device connection and startup 1 computer startup startup via network bootp connection to the network 2 when powered on the CPU sets the PC (program counter) on a predefined value challenge: what value is the PC set to on an

590 views • 41 slides
The plan Intro: LOCAL model, synchronicity, Bellman- Ford Network Algorithms Subdiameter

The plan Intro: LOCAL model, synchronicity, Bellman- Ford Network Algorithms Subdiameter

The plan Intro: LOCAL model, synchronicity, Bellman- Ford Network Algorithms Subdiameter algorithms: independent sets and matchings CONGEST model: pipelining, more matching, Boaz Patt-Shamir lower bounds Tel Aviv University 1 2

312 views • 16 slides
1 User Datagram Protocol (UDP) User Datagram Protocol (UDP) Services Provided Services

1 User Datagram Protocol (UDP) User Datagram Protocol (UDP) Services Provided Services

The primary primary (in (in principle principle unique unique) ) The role of Internet of Internet transport transport protocols protocols role

780 views • 6 slides

More recommend