kerberos and health checks and bare metal oh my
play

Kerberos and Health Checks and Bare Metal, Oh My! Updates to - PowerPoint PPT Presentation

Jun 30, 2023 •229 likes •632 views

Kerberos and Health Checks and Bare Metal, Oh My! Updates to OpenStack Sahara in Newton Updates to OpenStack Sahara in Newton Vitaly Gridnev, Sahara PTL (Mirantis) Elise Gafford, Sahara Core (Red Hat) Nikita Konovalov, Sahara Core (Mirantis)

  1. Kerberos and Health Checks and Bare Metal, Oh My! Updates to OpenStack Sahara in Newton Updates to OpenStack Sahara in Newton Vitaly Gridnev, Sahara PTL (Mirantis) Elise Gafford, Sahara Core (Red Hat) Nikita Konovalov, Sahara Core (Mirantis)

  2. Agenda 1. Sahara overview 2. Health checks and management improvements 3. Kerberos integration for clusters 4. Image generation improvements 5. Bare metal clusters 6. What is NEW in NEWton 7. Q&A

  3. Agenda 1. Sahara overview 2. Health checks and management improvements 3. Kerberos integration for clusters 4. Image generation improvements 5. Bare metal clusters 6. What is NEW in NEWton 7. Q&A

  4. Sahara: The Use Cases ● Data Processing Cluster Management ○ On-demand, scalable, configurable, persistent clusters Supports multiple plugins (Apache, Ambari, CDH, MapR...) ○ Integrates with Heat, Glance, Nova, Neutron, and Cinder ○ ● EDP (Elastic Data Processing) ○ Supports multiple job types (Java, MR, Hive, Pig, Spark, Storm...) ○ Supports transient clusters (spin up, process, shut down) or persistent clusters Integrates with Swift and/or Manila (optionally) ○

  5. Sahara: The API

  6. Sahara: The Project ● Cluster provisioning plugins: Cloudera Distribution of Hadoop (using Cloudera Manager) ○ ○ Hortonworks Data Platform (using Apache Ambari) MapR ○ ○ “Vanilla” Apache Hadoop, Spark, and Storm EDP job types: ● ○ MapReduce, Java, Hive, and Pig jobs (using Apache Oozie) ○ Spark, Spark Streaming, and Storm jobs (using Apache Spark and Apache Storm) Image packing repository (sahara-image-elements) ● ● Framework to validate Sahara installation (sahara-tests) ● UI plugin OpenStackClient plugin ●

  7. Agenda 1. Sahara overview 2. Health checks and management improvements 3. Kerberos integration for clusters 4. Image generation improvements 5. Bare metal clusters 6. What is NEW in NEWton 7. Q&A

  8. Event log for clusters ● Cluster events about provisioning: allows to understand what is the current status of cluster provisioning, or reasons of failure ● Available since Newton for clusters created by using Ambari ● Supported in CLI since Newton, with full dump of all steps and events

  9. Event log for clusters

  10. Event log for clusters

  11. Health checks for clusters ● Users are interested in monitoring cluster state after cluster provisioning: vital for long living clusters ● Sahara in Liberty doesn't have any monitoring of the health of cluster processes. A cluster can be broken or unavailable but Sahara will still think that it is in ACTIVE status.

  12. Health checks for clusters ● Clusters health checks have been implemented since Mitaka ● Available for clusters deployed using Ambari and Cloudera Manager. Less availability for vanilla clusters ● Since Newton checks are available for the MapR plugin ● Health results can be set to notify Ceilometer ● Easy to recheck health

  13. Health checks for clusters

  14. Health checks for clusters

  15. Health checks for clusters

  16. Health checks for clusters Next steps are: More detailed health checks ● ○ Particular datanode/slave failure ○ No enough space in HDFS Suggestions/actions to repair health: ● Datanode replacement ○ ○ New nodes ○ Restarting services More flexible configuration of health checks (advanced health ● checks, on disabling/enabling health checks for some reason)

  17. Agenda 1. Sahara overview 2. Health checks and management improvements 3. Kerberos integration for clusters 4. Image generation improvements 5. Bare metal clusters 6. What is NEW in NEWton 7. Q&A

  18. Security improvements ● Security is an important part of created clusters Previously security could be enabled only by ● managers calling only Ambari and Cloudera Manager directly, but that leads to a situation in which Sahara will not perform auth operations, and EDP does not work ● Security is important not just for clusters, but for Sahara itself

  19. Security improvements In Newton the following Kerberos security features were implemented: MIT KDC can be preconfigured (or an existing KDC can be used) ● ● Oozie client was re-implemented to support auth operations with Kerberos ● Spark job executions are also supported Keys are distributed on nodes for system users (hdfs, hadoop, spark) ● Supported for clusters deployed using Ambari and Cloudera Manager ● ● Note: Be sure that latest hadoop-swift jars are in place for Swift data sources!

  20. Security improvements

  21. Security improvements ● Bandit tests per commit Improved secret storage ● (using Barbican and Castellan) was implemented in the previous release

  22. Agenda 1. Sahara overview 2. Health checks and management improvements 3. Kerberos integration for clusters 4. Image generation improvements 5. Bare metal clusters 6. What is NEW in NEWton 7. Q&A

  23. Where we were Sahara had 2 flows that were relevant to image manipulation: Pre-Nova spawn image packing ● ○ Used sahara-image-elements repository to generate images (to store in Glance) Post-Nova spawn cluster generation from “clean” (OS-only) images ● ○ Logic maintained in Sahara process within plugins ● Pre-Configuration validation of images by plugins Remember how I said we had 2 flows relevant to image manipulation? ○ ○ We didn’t do this at all.

  24. Where We Were: Problems ● Duplication of logic ○ Steps required for packing images and “clean” image clusters were often identical, but had to be expressed separately (in DIB and in Python). ● Poor validation Plugins did not validate that images provided to them met their needs. ○ ○ Failures due to image contents were late and sometimes difficult to understand. Poor encapsulation ● ○ Image generation and cluster provisioning logic for any one plugin are really one application ○ Maintaining them in two places allows versionitis and dependency problems ○ Having one monolithic repo for all plugins makes them less pluggable

  25. Our Dream Implementation ● All flows share common logic: Image packing ○ ○ Image validation Clean image cluster gen ○ ● Image manipulation is stored and versioned within plugins ● The user can still generate images with a CLI... But they can also use an API to generate images in clean build environments ● ... And both dev test cycles and user retries are as quick and painless as ● possible

  26. The plan 1. Build a validation engine that ensures that images meet a specification a. YAML-based spec definition 2. Extend that engine to optionally modify images to spec 3. Build a CLI to expose this functionality 4. Create and test specifications for each plugin to support this method 5. Deprecate sahara-image-elements (only when this method proves stable) 6. Build an API to: a. Spawn a clean tenant-plane image build environment b. Download a base image from Glance and modify it to spec c. Push the new image back to Glance and register it for use by Sahara

  27. Where we are 1. Build a validation engine that ensures that images meet a specification a. YAML-based spec definition 2. Extend that engine to optionally modify images to spec 3. Build a CLI to expose this functionality 4. Create and test specifications for each plugin to support this method 5. Deprecate sahara-image-elements (only when this method proves stable) 6. Build an API to: a. Spawn a clean tenant-plane image build environment b. Download a base image from Glance and modify it to spec c. Push the new image back to Glance and register it for use by Sahara

  28. What it looks like: the specs ● YAML-based definitions Argument definitions for ● configurability ● Idempotent resource declarations Scripts must be written ○ idempotently, as always in resource declarations ● Logical control operators (any, all, os_case, etc.)

  29. What it looks like: the CLI Command structure: sahara-image-pack --image ./image.qcow2 PLUGIN VERSION [plugin arguments] Features: ● Auto-generates help text from arguments Idempotent and modifies images in-place ● ○ Very fast test cycles and retries Allows freeform bash scripts and more ● structured resources ○ Though it’s on you to make your scripts idempotent Test-only mode to validate without change ●

  30. What it’s doing The images module runs a sequence of steps against a remote machine ● Validation uses the Sahara SSH remote in read-only mode ● Clean image gen uses the SSH remote Image packing uses a libguestfs Python ● API image handle All three use the same logic, contained in the appropriate plugin Plugin implementation targeting O!

  31. Agenda 1. Sahara overview 2. Health checks and management improvements 3. Kerberos integration for clusters 4. Image generation improvements 5. Bare metal clusters 6. What is NEW in NEWton 7. Q&A

  32. Ironic integration Why should you run Bare Metal in OpenStack: Big Data workload originates from Bare Metal installations ● ● Quick cluster scalability may have lower priority than a long running stability and persistence Best performance by design, no virtualization overhead ● The ability to manage a baremetal cluster with the OpenStack API ●

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

64 bit Bare Metal Tristan Gingold Programming on RPI-3 gingold@adacore.com What is Bare Metal ?

64 bit Bare Metal Tristan Gingold Programming on RPI-3 gingold@adacore.com What is Bare Metal ?

64 bit Bare Metal Tristan Gingold Programming on RPI-3 gingold@adacore.com What is Bare Metal ? Images: Wikipedia No box What is Bare Metal ? No Operating System Your application is the OS Why Bare Board ? Not enough ressources for an

874 views • 31 slides
Bare Metal In The Cloud: Isnt it Ironic? by Dmitry Tantsur and Ilya Etingof, Red Hat In this

Bare Metal In The Cloud: Isnt it Ironic? by Dmitry Tantsur and Ilya Etingof, Red Hat In this

Bare Metal In The Cloud: Isnt it Ironic? by Dmitry Tantsur and Ilya Etingof, Red Hat In this talk What's bare metal provisioning Ironic introduction and work flows The future of ironic Why bare metal allocation Raw

478 views • 4 slides
Running Kubernetes on OpenStack and Bare Metal OpenStack Summit Berlin, November 2018 Ramon

Running Kubernetes on OpenStack and Bare Metal OpenStack Summit Berlin, November 2018 Ramon

Running Kubernetes on OpenStack and Bare Metal OpenStack Summit Berlin, November 2018 Ramon Acedo Rodriguez Product Manager, Red Hat OpenStack Team @ramonacedo | racedo@redhat.com Bare Metal On-Trend Bare Metal On-Trend Among users who run

713 views • 34 slides
TVM Deep Learning on Bare-Metal Devices Pratyush Patel No OS stack Extend TVM to support

TVM Deep Learning on Bare-Metal Devices Pratyush Patel No OS stack Extend TVM to support

TVM Deep Learning on Bare-Metal Devices Pratyush Patel No OS stack Extend TVM to support bare-metal devices Optimization High-Level Differentiable IR AutoTVM Tensor Expression IR LLVM, CUDA VTA AutoVTA Hardware FPGA ASIC Fleet

1.46k views • 18 slides
Improving Agility and Elasticity in Bare-metal Clouds Yushi Omote , Takahiro Shinagawa ,

Improving Agility and Elasticity in Bare-metal Clouds Yushi Omote , Takahiro Shinagawa ,

Improving Agility and Elasticity in Bare-metal Clouds Yushi Omote , Takahiro Shinagawa , Kazuhiko Kato University of Tsukuba, The University of Tokyo 1 Bare-metal Clouds An IaaS for high performance and device functionality

230 views • 21 slides
Drug-Elu(ng vs. Bare Metal Stents in Saphenous Vein Gra:s: The Prospec(ve Randomized

Drug-Elu(ng vs. Bare Metal Stents in Saphenous Vein Gra:s: The Prospec(ve Randomized

Drug-Elu(ng vs. Bare Metal Stents in Saphenous Vein Gra:s: The Prospec(ve Randomized BASKET-SAVAGE Trial Raban V. Jeger, M.D., Ahmed Farah, M.D., Thomas Engstrm, M.D., Sren Gala=us, M.D., Franz Eberli, M.D., Peter Rickenbacher, M.D., David

380 views • 14 slides
AFS and Kerberos 5 Ken Hornstein Naval Research Laboratory Kerberos Use in AFS, old school

AFS and Kerberos 5 Ken Hornstein Naval Research Laboratory Kerberos Use in AFS, old school

AFS and Kerberos 5 Ken Hornstein Naval Research Laboratory Kerberos Use in AFS, old school Kerberos implementation based on V4 protocol. Client-server transport uses RX. Raw Kerberos binary ticket placed in credential cache

251 views • 11 slides
Rapid Deployment of Bare-Metal and In-Container HPC Clusters Using OpenHPC playbooks Joshua

Rapid Deployment of Bare-Metal and In-Container HPC Clusters Using OpenHPC playbooks Joshua

Rapid Deployment of Bare-Metal and In-Container HPC Clusters Using OpenHPC playbooks Joshua Higgins, Taha Al-Jody and Violeta Holmes HPC Research Group University of Huddersfield, UK HPC Systems Professionals Workshop (HPCSYSPROS18) Outline

211 views • 20 slides
Running on the Bare Metal with GeekOS David Hovemeyer, Jeffrey K. Hollingsworth, and Bobby

Running on the Bare Metal with GeekOS David Hovemeyer, Jeffrey K. Hollingsworth, and Bobby

Running on the Bare Metal with GeekOS David Hovemeyer, Jeffrey K. Hollingsworth, and Bobby Bhattacharjee University of Maryland, College Park 1 Outline Motivation Overview Projects Classroom Experience Conclusions 2 OS

365 views • 33 slides
Towards Converged SmartNIC Architecture for Bare Metal & Public Clouds Layong (Larry) Luo,

Towards Converged SmartNIC Architecture for Bare Metal & Public Clouds Layong (Larry) Luo,

Towards Converged SmartNIC Architecture for Bare Metal & Public Clouds Layong (Larry) Luo, Tencent TEG August 8, 2018 Agenda 1 SmartNIC in Bare Metal Cloud 2 SmartNIC in Public Cloud 3 Converged SmartNIC Architecture 4 Tencent

288 views • 28 slides
Run Kubernetes on OpenStack and Bare Metal Fast Ramon Acedo Rodriguez 1 Senior Principal

Run Kubernetes on OpenStack and Bare Metal Fast Ramon Acedo Rodriguez 1 Senior Principal

OPEN INFRASTRUCTURE SUMMIT | SHANGHAI, NOVEMBER 4-6 2019 Run Kubernetes on OpenStack and Bare Metal Fast Ramon Acedo Rodriguez 1 Senior Principal Product Manager, Red Hat Open Hybrid Cloud Vision OPTIONAL SECTION MARKER OR TITLE 2 The

1.02k views • 53 slides
Programming for Hostile Environments Our adversary: bare metal infrastructure June 2018 About Me

Programming for Hostile Environments Our adversary: bare metal infrastructure June 2018 About Me

Programming for Hostile Environments Our adversary: bare metal infrastructure June 2018 About Me Nathan Goulding, SVP Engineering ~15 years frontline engineer for infrastructure/cloud and media companies Currently lead engineering team at

657 views • 27 slides
Bare Metal Container National Institute of Advanced Industrial Science and Technology(AIST)

Bare Metal Container National Institute of Advanced Industrial Science and Technology(AIST)

Bare Metal Container National Institute of Advanced Industrial Science and Technology(AIST) Kuniyasu Suzaki 1 Contents Background of BMC Drawbacks of container, general kernel, and accounting. What is BMC? Current

837 views • 34 slides
Connecting Web and Kerberos SSO Connecting Web and Kerberos SSO Rok Pape ARNES

Connecting Web and Kerberos SSO Connecting Web and Kerberos SSO Rok Pape ARNES

Akademska in raziskovalna mrea Slovenije Connecting Web and Kerberos SSO Connecting Web and Kerberos SSO Rok Pape ARNES aaa-podpora@arnes.si Cork Institute of Technology Cork, Ireland, 19.5.2009 Kerberos Kerberos Akademska in

353 views • 16 slides
Biolimus-Coated vs. Bare-Metal Coronary Stents in High Bleeding Risk Patients Philip Urban,

Biolimus-Coated vs. Bare-Metal Coronary Stents in High Bleeding Risk Patients Philip Urban,

Biolimus-Coated vs. Bare-Metal Coronary Stents in High Bleeding Risk Patients Philip Urban, Alexandre Abizaid, Ian T. Meredith, Stuart J. Pocock, Didier Carri, Christoph Naber, John Gregson, Samantha Greene, Hans Peter Stoll and

543 views • 33 slides
EPOXY: Shielding Bare-Metal Embedded Systems Mathias Payer (@gannimo), Purdue University Jointly

EPOXY: Shielding Bare-Metal Embedded Systems Mathias Payer (@gannimo), Purdue University Jointly

EPOXY: Shielding Bare-Metal Embedded Systems Mathias Payer (@gannimo), Purdue University Jointly with Abraham Clements and Saurabh Bagchi http://hexhive.github.io 1 Bugs are everywhere? https://en.wikipedia.org/wiki/Pwn2Own 2 Trends in

769 views • 39 slides
A Basic Introduction to Kerberos Ken Hornstein NRL Kerberos Introduction A network protocol

A Basic Introduction to Kerberos Ken Hornstein NRL Kerberos Introduction A network protocol

A Basic Introduction to Kerberos Ken Hornstein NRL Kerberos Introduction A network protocol developed at MIT as part of Project Athena. Is a shared-secret, trusted third party authentication system. Uses encryption to provide

280 views • 8 slides
Cross-Realm Kerberos Authentication A study into implementations and compatibility Esan Wit Mick

Cross-Realm Kerberos Authentication A study into implementations and compatibility Esan Wit Mick

Introduction Background Approach and Results Conclusion Cross-Realm Kerberos Authentication A study into implementations and compatibility Esan Wit Mick Pouw Supervisor: Michiel Leenaars A System and Network Engineering RP University of

558 views • 20 slides
Fifth & Kirkham Traffic Calming Project 5 th Avenue and Kirkham Street Presented at the UCSF

Fifth & Kirkham Traffic Calming Project 5 th Avenue and Kirkham Street Presented at the UCSF

Fifth & Kirkham Traffic Calming Project 5 th Avenue and Kirkham Street Presented at the UCSF Quarterly Parnassus Community Meeting August 24, 2016 1 Agenda Welcome and introductions 5 minutes Project history, goals, and schedule 5

286 views • 16 slides
Archdiocese of Kansas City S ummer Camp 2019 Kansas WC Overview Benefits are paid at the

Archdiocese of Kansas City S ummer Camp 2019 Kansas WC Overview Benefits are paid at the

Archdiocese of Kansas City S ummer Camp 2019 Kansas WC Overview Benefits are paid at the employers expense Coverage begins on first day on the j ob Benefits include medical expenses and income benefits An employee

272 views • 24 slides
/-J Los Alamos NATIONA L LABOR ATOR Y ---- EH.1941 ---- Los Alamos National Laboratory, an

/-J Los Alamos NATIONA L LABOR ATOR Y ---- EH.1941 ---- Los Alamos National Laboratory, an

0 s\ \ '6 LA-UR- 0 <=\ - Approved for public release; distribution is unlimited. Title: Kerberized Network File System for Clusters Author(s): Ian Burns Christoph er Hoffman Paige Ashlynn Intended for: Electronic/World-wide Web Academi c

459 views • 17 slides
Credential Mapping in Grids Esteban Talavera Gonzlez Center for Parallel Computers (PDC) Royal

Credential Mapping in Grids Esteban Talavera Gonzlez Center for Parallel Computers (PDC) Royal

Overview Background Our solution Conclusions Credential Mapping in Grids Esteban Talavera Gonzlez Center for Parallel Computers (PDC) Royal Institute of Technology (KTH) Stockholm March 16, 2007 Esteban Talavera Gonzlez Credential

569 views • 44 slides
The Handle Turns Itself... Adventures In Account Management Toby Blake Craig Strachan School of

The Handle Turns Itself... Adventures In Account Management Toby Blake Craig Strachan School of

The Handle Turns Itself... Adventures In Account Management Toby Blake Craig Strachan School of Informatics University of Edinburgh The Good Old Days UID text file or similar /etc/passwd Username Make it up or ask the user Today LDAP

345 views • 18 slides
Cayuse 424 Training 1. Entering Applications in Cayuse 424 2. Open Discussion/Questions Cayuse

Cayuse 424 Training 1. Entering Applications in Cayuse 424 2. Open Discussion/Questions Cayuse

Cayuse 424 Training 1. Entering Applications in Cayuse 424 2. Open Discussion/Questions Cayuse 424 Entering Application Updated: July 25, 2018 Training Outline Overview of Cayuse 424 Cayuse 424 Hands-on Lab Professional Profiles

331 views • 9 slides

More recommend