reliable host fencing in cloudstack
play

Reliable Host Fencing In CloudStack Rohit Yadav (Software Architect) - PowerPoint PPT Presentation

Sep 18, 2023 •378 likes •639 views

Reliable Host Fencing In CloudStack Rohit Yadav (Software Architect) Boris Stoyanov (Sr. Software Test Engineer) rohit.yadav@shapeblue.com boris.stoyanov@shapeblue.com @rhtyd / @bsstoyanov The Cloud Specialists A b o u t M e Rohit Yadav

  1. Reliable Host Fencing In CloudStack Rohit Yadav (Software Architect) Boris Stoyanov (Sr. Software Test Engineer) rohit.yadav@shapeblue.com boris.stoyanov@shapeblue.com @rhtyd / @bsstoyanov The Cloud Specialists

  2. A b o u t M e Rohit Yadav Boris Stoyanov • Software Architect @ • Senior Software Engineer Test C l i c k t o e d i t ShapeBlue @ ShapeBlue • • Contributor and Committer Contributor since 2016 since 2012 • Author and maintainer of CloudMonkey ShapeBlue.com @ShapeBlue The Cloud Specialists

  3. A b o u t S h a p e B l u e C l i c k t o e d i t “ShapeBlue are expert builders of public & private clouds. They are the leading global CloudStack services company.” @ShapeBlue ShapeBlue.com The Cloud Specialists

  4. S h a p e B l u e c u s t o m e rs C l i c k t o e d i t ShapeBlue.com @ShapeBlue The Cloud Specialists

  5. S h a p e B l u e c u s t o m e rs C l i c k t o e d i t ShapeBlue.com @ShapeBlue The Cloud Specialists

  6. S h a p e B l u e c u s t o m e rs C l i c k t o e d i t ShapeBlue.com @ShapeBlue The Cloud Specialists

  7. W h a t i s H A ? High availability is a characteristic of a system, which C l i c k t o e d i t aims to ensure an agreed level of operational performance, usually uptime, for a higher than normal period. [source: wikipedia] ShapeBlue.com @ShapeBlue The Cloud Specialists

  8. H A i n C l o u d S t a c k : S t a t u s Qu o • Currently HA is only supported for VMs by C l i c k t o e d i t CloudStack. • VM HA mechanism works for VMs that are marked HA. • Implementation tied to VM as a first class resource, asynchronously scheduled, limited to VM investigation/fencing/restart on new host. ShapeBlue.com @ShapeBlue The Cloud Specialists

  9. H A i n P ro d u c t i o n : S t a t u s Qu o • Investigations are VM centric and not host centric. • C l i c k t o e d i t Limited fencing of host, highly unreliable. • VM HA may end up starting VMs on another host, while the VMs may be running on the faulty. Large environments see corrupt VMs and disks. • Unchecked faulty hosts and faulty neighbors, with no automatic-recovery. • Real world issues seen in a very large KVM environment. ShapeBlue.com @ShapeBlue The Cloud Specialists

  10. A t t e m p t e d S o l u t i o n s : K V M • Check VM for disk activities based on a C l i c k t o e d i t timeout/threshold before re/starting VM. • (Wall) Clocks are not reliable • Maintenance and management issues • No recovery mechanism, fencing still remains unreliable References: https://issues.apache.org/jira/browse/CLOUDSTACK-8762 https://github.com/apache/cloudstack/pull/753 ShapeBlue.com @ShapeBlue The Cloud Specialists

  11. L o n g Te rm S o l u t i o n ? • CloudStack needs a way to perform power C l i c k t o e d i t management tasks for hosts • Solve issues of corrupt disks due to VM HA and unreliable host fencing • Improve experience for admins: granular configuration, feature kill-switch , maintenance, management, reporting, alerts, investigations, reliable fencing and recovery etc. ShapeBlue.com @ShapeBlue The Cloud Specialists

  12. H o s t P o w e r M a n a g e m e n t f o r C l o u d S t a c k • Implemented a pluggable out-of-band management framework for CloudStack C l i c k t o e d i t • Granular configuration per host, kill switch at zone/cluster/host level • Default plugin for IPMI 2.0 compliant hosts to support power operations: on, off, reboot, shutdown, status etc. • High quality tests, end-to-end testing based on ipmisim • DIY oobm plugin Reference: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Out-of-band+Management+for+CloudStack ShapeBlue.com @ShapeBlue The Cloud Specialists

  13. B u i l d i n g B l o c k s f o r H o s t H A • Solve reliably fence/recover a host: use the new shiny out-of- band management subsystem C l i c k t o e d i t • What's missing: • Granular HA configuration • Host HA kill-switch: at zone/cluster/host level • Tuning: Threshold based investigation, activity checks, timeouts etc. • Task/Load management, circuit breakers, constraint based state transitions and operations Reference: https://cwiki.apache.org/confluence/display/CLOUDSTACK/KVM+HA+with+IPMI+Fencing ShapeBlue.com @ShapeBlue The Cloud Specialists

  14. R e t h i n k H A • CloudStack organization units as partitions: Zone, Pod, Cluster, Host, VM. • Separate policy from mechanism: C l i c k t o e d i t Implement framework/managers to enforce policies, have plugins to carry out mechanisms • Define HA for a general resource, pluggable HA provider implementations. • Operational simplicity. • Granular configuration, kill-switch at zone/cluster/host level. Disabled by default. • Threshold based investigations, checking, fencing and recovery. • Leverage existing abstractions. • Integrated resource management. ShapeBlue.com @ShapeBlue The Cloud Specialists

  15. H o s t H A : D e s i g n a n d Im p l e m e n t a t i o n • HA Resource Management Service • HA resource lifecycle management C l i c k t o e d i t • HA resource type agnostic • Disabled by default, granular configurations, zone/cluster/host kill- switch, tuning • HA Provider • Resource specific HA plugin • Defines partition and resource type • DIY HA provider for partition: host/hypervisor/etc • One HA provider per resource type, per partition Reference: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Host+HA ShapeBlue.com @ShapeBlue The Cloud Specialists

  16. H o s t H A : FS M S t a t e s E xp l a i n e d • HA Resource FSM States • Available C l i c k t o e d i t • Suspect • Checking • Degraded • Recovering, Recovered • Fencing, Fenced • Disabled • Ineligible ShapeBlue.com @ShapeBlue The Cloud Specialists

  17. H o s t H A : FS M S t a t e Tra n s i t i o n s C l i c k t o e d i t Reference: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Host+HA ShapeBlue.com @ShapeBlue The Cloud Specialists

  18. H o s t H A : L i f e c yc l e m a n a g e m e n t • Granular HA configuration • Kill switch: enable/disable for a partition (zone/cluster/host) C l i c k t o e d i t • HA validation and ownership management • New Background Polling Manager for executor service management • Tasks executor, bounded (ephemeral) queue management • HA Polling tasks: Health Checks, Activity Checks, Recovery Task and Fence Task • FSM transitions based on task execution result • HA resource counter management: track investigation rounds, thresholds, timestamps, recover/fence operations ShapeBlue.com @ShapeBlue The Cloud Specialists

  19. H o s t H A : K V M H A P ro vi d e r • STONITH (Shoot The Other Node In The Head) fencing model • Activity check operations, checks for disk access activities on NFS storage C l i c k t o e d i t • Configurable activity check interval and activity checks • Tunable timeouts and thresholds • Request-reply model to check activity checks via adjacent eligible and healthy host(s) • Uses out-of-band management subsystem to carry out recover and fence operations • Recovery is attempted before fencing of the host • Alerting and reporting of operations ShapeBlue.com @ShapeBlue The Cloud Specialists

  20. H o s t H A : V M H A – H A P ro vi d e r C o o rd i n a t i o n • Remaps VM-HA host state Host HA VM-HA host state returned to VM-HA framework C l i c k t o e d i t state (KVM) returned based on Host HA states, only for hosts with Host HA enabled . Available Up • For Host HA to work effectively, Suspect/Checking Up (Investigating) existing VM HA framework to work Degraded Alert in tandem with Host HA. • By default Host HA is disabled, no Recovering/Recove Disconnected explicit configuration changes red/Fencing needed for existing users pre/post Fenced Down upgrade. • Currently, done for KVM Ineligible/Disabled -- HAProvider ShapeBlue.com @ShapeBlue The Cloud Specialists

  21. H o s t H A : Te s t i n g w i t h S i m u l a t o r H A P ro vi d e r • HA Provider for Simulator provides means and instrumentation to perform end-to- end deterministic testing of the framework. C l i c k t o e d i t • Provides means of validation of the feature and shows pluggability of the framework. • New Simulator APIs provides means of validating FSM sequences and instrumenting internal data structures. • Marvin based integration test, covers FSM transitions, HA operations, validations, configurations, HA ownership. ShapeBlue.com @ShapeBlue The Cloud Specialists

  22. H o s t H A : Te s t i n g i n n e s t e d C l o u d S t a c k e n vi ro n m e n t • Recently, nested CloudStack environments such as Trillian, Bubble etc have tremendously helped with QA efforts. In such environments, hypervisor hosts are C l i c k t o e d i t VMs in another CloudStack environments. • As part of the FR, we've implemented a new out-of-band management plugin for nested CloudStack environment. • This plugin can perform power management operations to start/stop/reboot the host VMs. • The new oobm plugin allows for scalability and load testing of the Host HA feature in nested CloudStack environment. Currently being tested for a large KVM based environment. ShapeBlue.com @ShapeBlue The Cloud Specialists

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Apache CloudStack & Apalia Involved with CloudStack since 2010 Dozens of CloudStack

Apache CloudStack & Apalia Involved with CloudStack since 2010 Dozens of CloudStack

Billing for Apache CloudStack Billing for Apache CloudStack CloudStack Collaboration Confer CloudStack Collaboration Conference US ence US Miami May 18 Miami May 18 th th 2017 2017 Apache CloudStack & Apalia Involved with

322 views • 15 slides
Developing API Plug-ins for CloudStack* * Specifically Using Version 4.5 Mike Tutkowski

Developing API Plug-ins for CloudStack* * Specifically Using Version 4.5 Mike Tutkowski

Developing API Plug-ins for CloudStack* * Specifically Using Version 4.5 Mike Tutkowski (@mtutkowski on Twitter) CloudStack Software Engineer Member of CloudStack Project Management Committee (PMC) Focused on CloudStacks storage

461 views • 26 slides
Fencing The Olympic sport of swordfighting presented (Mostly Foil) by Adam Geller Fencing

Fencing The Olympic sport of swordfighting presented (Mostly Foil) by Adam Geller Fencing

Fencing The Olympic sport of swordfighting presented (Mostly Foil) by Adam Geller Fencing Tournaments TOURNAMENT FORMAT Events Age groups Skill Levels Teams Rounds Pools DEs (Direct Elimination) FENCING EQUIPMENT Protective gear

1.22k views • 44 slides
Mainline Explicit Fencing A new era for graphics Gustavo Padovan Open First Agenda Intro to

Mainline Explicit Fencing A new era for graphics Gustavo Padovan Open First Agenda Intro to

Mainline Explicit Fencing A new era for graphics Gustavo Padovan Open First Agenda Intro to Fencing Implicit Fencing Explicit Fencing Android Sync Framework Mainline Explicit Fencing struct fence Sync de-stage

312 views • 29 slides
Architecting for the cloud: lessons learned from 100 CloudStack deployments Sheng Liang CTO,

Architecting for the cloud: lessons learned from 100 CloudStack deployments Sheng Liang CTO,

Architecting for the cloud: lessons learned from 100 CloudStack deployments Sheng Liang CTO, Cloud Platforms, Citrix CloudStack History 2008 2009 2010 2012 2011 Sept 2008: Nov 2009: May 2010: July 2011: April 2012: CloudStack

457 views • 34 slides
SDN in CloudStack Tuesday, October 15, 13 About me Hugo Trippaers Email:

SDN in CloudStack Tuesday, October 15, 13 About me Hugo Trippaers Email:

SDN in CloudStack Tuesday, October 15, 13 About me Hugo Trippaers Email: htrippaers@schubergphilis.com Twitter: @Spark404 Freenode: Spark404 http://www.schubergphilis.com Tuesday, October 15, 13 CloudStack networking - the

572 views • 35 slides
+ Monitoring Consolidate Prescriptive Analytics for Apache CloudStack Madan Ganesh Velayudham

+ Monitoring Consolidate Prescriptive Analytics for Apache CloudStack Madan Ganesh Velayudham

+ Monitoring Consolidate Prescriptive Analytics for Apache CloudStack Madan Ganesh Velayudham Founder, CEO ActOnMagic madan@actonmagic.com + Agenda n Introduction n Different Stages of Analytics n Cloudstack Communitys concerns

438 views • 16 slides
CloudStack Networking Paul Angus Cloud Architect ShapeBlue paul.angus@shapeblue.com @CloudyAngus

CloudStack Networking Paul Angus Cloud Architect ShapeBlue paul.angus@shapeblue.com @CloudyAngus

CloudStack Networking Paul Angus Cloud Architect ShapeBlue paul.angus@shapeblue.com @CloudyAngus @ShapeBlue About Me Cloud Architect with ShapeBlue Worked with CloudStack since 2.2.13 Specialising in deployment of CloudStack and

1.25k views • 33 slides
1 TCP seq. #s and ACKs TCP Header: Header Length Seq. #s: Host B Host A byte stream

1 TCP seq. #s and ACKs TCP Header: Header Length Seq. #s: Host B Host A byte stream

TCP: Overview RFCs: 793, 1122, 1323, 2018, 2581 point-to-point: full duplex data: bi-directional data flow one sender, one receiver in same connection reliable, in-order byte 7: TCP MSS: maximum segment steam: size

460 views • 20 slides
Distribution Ring-fencing Guideline Update Stakeholder workshop 28 & 29 August 2019

Distribution Ring-fencing Guideline Update Stakeholder workshop 28 & 29 August 2019

Distribution Ring-fencing Guideline Update Stakeholder workshop 28 & 29 August 2019 aer.gov.au 1 Introduction Ring-fencing guideline p rogress so far guideline observations. Purpose of this consultation: review of

562 views • 31 slides
Transparent Service Migration to the Cloud Clone existing VMs to CloudStack/OpenStack templates

Transparent Service Migration to the Cloud Clone existing VMs to CloudStack/OpenStack templates

Transparent Service Migration to the Cloud Clone existing VMs to CloudStack/OpenStack templates without user downtime CloudOpen Dublin 2015 #whoami Name: Tim Mackey Current roles: XenServer Community Manager and Evangelist; occasional coder

740 views • 29 slides
Ansible & CloudStack Cloud Era Configuration Management Paul Angus Cloud Architect

Ansible & CloudStack Cloud Era Configuration Management Paul Angus Cloud Architect

Ansible & CloudStack Cloud Era Configuration Management Paul Angus Cloud Architect paul.angus@shapeblue.com @CloudyAngus @ShapeBlue Ansible & CloudStack Configuration Management Ansible Using Ansible with CloudStack @ShapeBlue

1.39k views • 44 slides
CloudStack and Big Data Sebastien Goasguen @sebgoa May 22 nd 2013 LinuxTag, Berlin Google

CloudStack and Big Data Sebastien Goasguen @sebgoa May 22 nd 2013 LinuxTag, Berlin Google

CloudStack and Big Data Sebastien Goasguen @sebgoa May 22 nd 2013 LinuxTag, Berlin Google trends Start of Clouds Cloud computing trending down, while Big Data is booming. Virtualization remains constant . BigData on

591 views • 42 slides
Civic Site Safety Fencing Keith Miller, Customer Service & Community Recreation Manager July

Civic Site Safety Fencing Keith Miller, Customer Service & Community Recreation Manager July

Civic Site Safety Fencing Keith Miller, Customer Service & Community Recreation Manager July 22, 2019 Civic Site Great Lawn March 2019 CIVIC SITE SAFETY FENCING Safety Fence Location Location of Fence CIVIC SITE SAFETY FENCING Safety

260 views • 8 slides
Why Apache CloudStack Alexandre Limas Santana, Gabriel Beims Br ascher, Lucas Berri

Why Apache CloudStack Alexandre Limas Santana, Gabriel Beims Br ascher, Lucas Berri

Why Apache CloudStack Alexandre Limas Santana, Gabriel Beims Br ascher, Lucas Berri Cristofolini, Pedro Henrique Pereira Martins, and Rafael Weing artner August 18, 2016 Florian opolis, SC Brazil Agenda Cloud computing

266 views • 24 slides
Junit-contracts: A Contract Testing Tool Claude N. Warren, Jr. CloudStack Collaboration

Junit-contracts: A Contract Testing Tool Claude N. Warren, Jr. CloudStack Collaboration

Junit-contracts: A Contract Testing Tool Claude N. Warren, Jr. CloudStack Collaboration Conference Europe October 8-9, 2015 Dublin, Ireland Who Is Claude Warren? claude@xenei.com Apache Jena Project Management Committee Member and

712 views • 32 slides
The Why, Where and How of Multicore Anant Agarwal MIT and Tilera Corp. What is Multicore?

The Why, Where and How of Multicore Anant Agarwal MIT and Tilera Corp. What is Multicore?

The Why, Where and How of Multicore Anant Agarwal MIT and Tilera Corp. What is Multicore? Whatevers Inside? What is Multicore? Whatevers Inside? Seriously, multicore satisfies three properties Single chip Multiple

494 views • 35 slides
80% of Code Red 2 Code Red 2 re-re- Code Red 1 and Code Red 2 Code Red 2 re- cleaned up

80% of Code Red 2 Code Red 2 re-re- Code Red 1 and Code Red 2 Code Red 2 re- cleaned up

Slammer s Bandwidth-Limited Growth 80% of Code Red 2 Code Red 2 re-re- Code Red 1 and Code Red 2 Code Red 2 re- cleaned up due to released Jan 2004 Nimda endemic dies off released with Oct. onset of Blaster (and 2005; not since

450 views • 34 slides
HOST Introduction ECE 525 Hardware-Oriented Security and Trust (HOST) Instructor: Prof. Jim

HOST Introduction ECE 525 Hardware-Oriented Security and Trust (HOST) Instructor: Prof. Jim

HOST Introduction ECE 525 Hardware-Oriented Security and Trust (HOST) Instructor: Prof. Jim Plusquellic Text: The Hardware Trojan War: Attacks, Myths, and Defenses, Chapter 10, J. Plusquellic and F. Saqib, "Detecting Hardware

293 views • 6 slides
EE380: Conflict and Technology Oskar Mencer September 25, 2019 1982 EE380 2001 EE380 JP

EE380: Conflict and Technology Oskar Mencer September 25, 2019 1982 EE380 2001 EE380 JP

EE380: Conflict and Technology Oskar Mencer September 25, 2019 1982 EE380 2001 EE380 JP Morgan 2011 Building the fastest programmable computers in the world [L. Gan, et al, Accelerating solvers for global atmospheric equations, 2013]

791 views • 34 slides
ASSURANCE AND ACCOUNTABILITY ASSURANCE AND ACCOUNTABILITY GENERAL INFO / ANNOUNCEMENTS

ASSURANCE AND ACCOUNTABILITY ASSURANCE AND ACCOUNTABILITY GENERAL INFO / ANNOUNCEMENTS

ADVANCED COMPUTER SECURITY ASSURANCE AND ACCOUNTABILITY ASSURANCE AND ACCOUNTABILITY GENERAL INFO / ANNOUNCEMENTS Reminder : read and post response to Enforceable Security Policies by tomorrow afternoon. Please send me your talk

524 views • 41 slides
Stylight Apps - Our Learnings Sebastian Schuon Stylight Make Style happen Millennial Women -

Stylight Apps - Our Learnings Sebastian Schuon Stylight Make Style happen Millennial Women -

Stylight Apps - Our Learnings Sebastian Schuon Stylight Make Style happen Millennial Women - 18 to 35 years old - 60% are living in big cities - 55% have a higher education How to create the product that inspires women? Team &

719 views • 33 slides
Quantum & blockchain Best friendmies ! Introduction Blockchain technologies, of which the

Quantum & blockchain Best friendmies ! Introduction Blockchain technologies, of which the

Quantum & blockchain Best friendmies ! Introduction Blockchain technologies, of which the most famous representative is the Bitcoin crypto currency, all have a point in common (hacker thinking : single point of failure) : cryptography.

310 views • 10 slides
Review First, operating systems solves time-sharing multi-tasking context = memory address

Review First, operating systems solves time-sharing multi-tasking context = memory address

Review First, operating systems solves time-sharing multi-tasking context = memory address space + stack pointer + instruction pointer IBM360 uses context-switch for time-sharing multi-tasking Second, operating systems solves

870 views • 39 slides

More recommend