using openstack to integrate non openstack service
play

USING OPENSTACK TO INTEGRATE NON-OPENSTACK SERVICE JUNHO YOON, - PowerPoint PPT Presentation

Oct 17, 2022 •471 likes •964 views

USING OPENSTACK TO INTEGRATE NON-OPENSTACK SERVICE JUNHO YOON, ANDREW LIU, JACK NING AGENDA INTRODUCTION MOTIVATIONS INTEGRATE AUTHN/AUTHZ INTEGRATE PLATFORM UI INTEGRATE PLATFORM COMMUNICATION CONTINOUS DEPLOYMENT WITH

  1. USING OPENSTACK TO INTEGRATE NON-OPENSTACK SERVICE JUNHO YOON, ANDREW LIU, JACK NING

  2. AGENDA • INTRODUCTION • MOTIVATIONS • INTEGRATE AUTHN/AUTHZ • INTEGRATE PLATFORM UI • INTEGRATE PLATFORM COMMUNICATION • CONTINOUS DEPLOYMENT WITH CUSTOMIZATION

  3. Introduction JUNHO YOON ANDREW LIU JACK NING Senior developer of Senior developer of Senior developer of NAVER NAVER China NAVER China

  4. Introduction • Established in 1999, South Korea • Handle more than half of internet search market in Korea • Have more than 8000 employees • Some apps have more than 100m users

  5. Introduction • Have a own IDC and a public cloud service https://www.ncloud.com • However NOT OpenStack based

  6. PASTA - IN-HOUSE PAAS 1000+ projects / 800+ daily user 10+ integrated platforms so far

  8. PASTA – Architecture Today’s Topic platforms platforms platforms PASTA-web Shipdock (In-house docker cluster) keystone Company SSO Users cinder horizon ceph Nova Experimental

  9. ADENDA • INTRODUCTION • MOTIVATIONS • INTEGRATE AUTHN/AUTHZ • INTEGRATE PLATFORM UI • INTEGRATE PLATFORM COMMUNICATION • CONTINOUS DEPLOYMENT WITH CUSTOMIZATION

  10. Motivations – Too many platforms • About 40 platforms – It’s impossible even to remember URL • No single entrance/catalog • No resource utilization • No common user experience • Reinvent wheel

  11. Motivations - authz / authn • Each platforms had its own authz/authn • Takes too much time for first access • Has different permission set • Requires even different user id/password sometimes Common problems in big company PlatformB PlatformA

  12. AWS comes to our sight • What does AWS provide • Integrated UI/UX - consistency • Organized services catalog • Separated PaaS UI with the main UI • Centralized user management - AWS IAM • We decide to make our platforms as a PaaS like AWS

  13. Component which enables PaaS PAAS DYNAMIC RESOURCE INTEGRATED CONSOLE PROVISIONING • Resource Provisioning on • Consistent UX demand • Integrated Authz/Authn • Docker Cluster? • Seamless integration b/w platforms https://www.slideshare.net/d eview/221-docker- orchestration

  14. • Make new from scratch? • Start from opensouce or commercial system? • Or OpenStack …

  15. Composable Infrastructure Decide to adopt openstack

  16. ADENDA • INTRODUCTION • MOTIVATIONS • INTEGRATE AUTHN/AUTHZ • INTEGRATE PLATFORM UI • MAKE PLATFORMS INTEROPERATE • PACKAGE/DEPLOY WITH CUSTOMIZATION

  17. Keystone • Authn/Authz in OpenStack • Feature • Configurable auth/identity backend • Easy to extend by Adding plugin for Authz/Authn • Abundant API interface OpenStack Services Keystone API Policy Token Catalog Identity Assignments Credentials Backend Backend Backend Backend Backend Backend

  18. Keystone Problem we are facing: • Need to integrate into our existing SSO • Need to identify not logged-in user as well • Want to avoid to save user’s ID/PW in our DB HORIZON 3) connect to ENDPOINT with X-AUTH-TOKEN 1) ID/PW 2) issue X-AUTH-TOKEN PROJECT OPENSTACK KEYSTONE COMPONENT 4) ask the X-AUTH-TOKEN info (PROJECT ID + ROLE + USER)

  19. extended Keystone v1 PASTA-WEB 4) ACCESS WITH X-AUTH-TOKEN (IN-HOUSE CONSOLE) 0) OAUTH Auth OAUTH2 PROVIDER 1) ID/OAUTH-TOKEN 3) ISSUE X-AUTH-TOKEN or ID/PASSWORD 5) verify X-AUTH-TOKEN KEYSTONE PLATFORMS 1.1) verify OAUTH-TOKEN 2) GET IDENTITY 1.2) verify PASSWORD AUTH PLUGIN LDAP IDENTITY PLUGIN IN-HOUSE LDAP USING COMPANY’S SSO USING COMPANY’S LDAP FOR IDENTITY

  20. Auth Plugin PASSWORD AUTH default identity auth AUTH PLUGIN Success DEFAULT LOGIN AUTH Fail Success SSO LOGIN AUTH SSO HTTP API /api/Auth/tokenInfo to verify token Fail LOGIN FAILED

  21. Auth Plugin • Keypoint is… ü Treat SSO token as password ü Try default auth method first. If failed, use auth using SSO next ü Extends auth handler Keystone.auth.plugins.password.Password • Keystone Configuration

  22. Extended Keystone v1 PASTA-WEB (IN-HOUSE CONSOLE) 0) OAUTH Auth OAUTH2 PROVIDER 1) ID/OAUTH-TOKEN 3) ISSUE X-AUTH-TOKEN 4) ACCESS WITH X-AUTH-TOKEN or ID/PASSWORD 5) verify X-AUTH-TOKEN KEYSTONE PLATFORMS 1.1) verify OAUTH-TOKEN 2) GET IDENTITY 1.2) verify PASSWORD AUTH PLUGIN LDAP PLUGIN Problem • Do not have right to save OpenStack system IN-HOUSE LDAP users in LDAP • Deadly slow when retrieving all users.

  23. Extended Keystone v2 PASTA-WEB (IN-HOUSE CONSOLE) 0) OAUTH Auth OAUTH2 PROVIDER 1) ID/OAUTH-TOKEN 3) ISSUE X-AUTH-TOKEN 4) ACCESS WITH X-AUTH-TOKEN or ID/PASSWORD 5) verify X-AUTH-TOKEN KEYSTONE PLATFORMS 1.1) verify OAUTH-TOKEN 2) GET IDENTITY 1.2) verify PASSWORD HYBRID IDENTITY PASTA PLUGIN AUTH HANDLER (AUTH + IDENTITY) IN-HOUSE LDAP SQL INTRODUCE HYBRID INDENTITY PLUGIN • Save new user in SQL • Read from only SQL when querying all users

  24. Hybrid Backend Plugin • About the auth part • Based on keystone-hybrid-backend IDENTITY AUTH ü Implement LDAP Indentity ü extending SQL Indentity Success SQL LOGIN Auth Failed Success LDAP LOGIN Auth Failed LOGIN FAILED

  25. Hybrid Backend Plugin • Identity ü For API like get/update user just like the auth flow • Why customzied for list large users LIST_USERS ü 2000+ LDAP USER ü List all user take 10~60s in horizon Yes Filter by SQL + LDAP ü No domain concept when adopting legacy platforms USERS Name No SQL USERS • Configuration

  26. ADENDA • INTRODUCTION • MOTIVATIONS • INTEGRATE PLATFORM AUTHN/AUTHZ • INTEGRATE PLATFORM UI • MAKE PLATFORMS INTEROPERATE • PACKAGE/DEPLOY WITH CUSTOMIZATION

  27. Previously our platforms…. • Have each own web based management console • No consistent user experience • Implemented using various tech set • Backend : Spring/Node.js/Golang (No python…) • Framework: Backbone.js/Angular/Vue.js/React/Jquery

  28. Openstack - Horizon Horizon Nova Nova UI Neutron Neutron UI Cinder Cinder UI Manilla Plugin Manilla BlarBlar Plugin Blar Blar Keystone

  29. Openstack - Horizon • Not fit for NAVER • Is not working very well with large user set • Seems “”little bit”” UGLY for us • Implemented with Python + Django • Need to restart and test whenever some platform’s UI upgraded • How to evenly distribute the UI development job to each platform’s developer guaranteeing consistency? • Make UI independently developed without forcing to use specific tech set

  30. Micro Service Architecture UI / Horizon Monolithic App Microservice Microservice Microservice Microservice Microservice Microservice Logic + Database

  31. Micro Service Architecture - modified UI PASTA Integrator Microservice+UI Microservice+UI </> </> Microservice+UI Microservice+UI Microservice+UI Microservice+UI </> </> </> </> Logic + Database

  32. Micro Service Architecture - modified UI integrator handles this part Each platform handles this part

  33. Spring Cloud – Netflix ZUUL HTTP Request “pre” filters “routing” filters “post” filters “custom” filters “error” filters BACKEND SERVER

  34. Realized Runtime Flow OAUTH-PROVIDER 7. User permission check using X-AUTH-TOKEN KEYSTONE (OPENSTACK) 3. OAUTH PlatformA 4. Service Permission Check & Issue X-AUTH-TOKEN 6. https//{{platform-host}}/platform-id/* X-AUTH-TOKEN 8. Render platform page 1. Prepare routing table 5. Decide where to route based on context path Pasta WEB ZUUL 2. Access service-id .pasta.navercorp.com/ platform-id /a.txt PlatformB 8. Final HTML Rendering PlatformC

  35. Platform Info Extension • Be able to keep each platform endpoint info in keystone’s Service catalog and endpoints • Service(Openstack Term) = Platform (PASTA Term) Use the platform name as a context path Pick internal interface URL for routing

  36. Platform Info Extension • Need extra room to store extra routing info • Ex) Platform Icons / Display order … • Need separate DB to store these? • Use description section with JSON

  37. Service Info Extension • Should store the project’s extra info into keystone • Project(Openstack Term) = Service (PASTA Term) • https://blueprints.launchpad.net/horizon/+spec/support-extra-prop- for-project-and-user • OpenStack4J

  38. ADENDA • INTRODUCTION • MOTIVATIONS • INTEGRATE AUTHN/AUTHZ • INTEGRATE PLATFORM UI • MAKE PLATFORMS INTEROPERATE • PACKAGE/DEPLOY WITH CUSTOMIZATION

  39. UI Level Interoperability • Already be able to call the other platform’s REST API • Because all platform UI share same authn/z in a user session http://sample.pasta-host/kaleido/ PLATFORM-A PLATFORM-B PLATFORM-C $.get(“/platform-a/api/functionA”) $.get(“/platform-b/api/functionB”) $.get(“/platform-c/api/functionC”)

  40. Backend Interoperability • Need special way to communicate each other • ex) Batch / Event Handler which run outside of the user session • ex) Run user’s platform interoperation code when event is triggered • Introduce Serverless Framework (openwisk) OPENWISK PlatformA PlatformB • Not cover detail here

  41. ADENDA • INTRODUCTION • MOTIVATIONS • INTEGRATE AUTHN/AUTHZ • INTEGRATE PLATFORM UI • MAKE PLATFORMS INTEROPERATE • PACKAGE/DEPLOY WITH CUSTOMIZATION

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Get a Python job, Work on OpenStack ! about:me Release Manager for OpenStack Chair of

Get a Python job, Work on OpenStack ! about:me Release Manager for OpenStack Chair of

Get a Python job, Work on OpenStack ! about:me Release Manager for OpenStack Chair of OpenStack Technical Committee Python Software Foundation member ttx @ tcarrez @ Cloud ? Buzzword Infrastructure as a service Compute,

700 views • 28 slides
Future of OpenStack Looking Forward to 2019 Alan.Clark@suse.com What and Why OpenStack

Future of OpenStack Looking Forward to 2019 Alan.Clark@suse.com What and Why OpenStack

Future of OpenStack Looking Forward to 2019 Alan.Clark@suse.com What and Why OpenStack OpenStack is an open source software platform for cloud computing. Mostly deployed as infrastructure-as-a-service (IaaS), whereby virtual servers and

464 views • 25 slides
What is OpenStack ? Hello! I am Thierry Carrez I work for the OpenStack Foundation. You can

What is OpenStack ? Hello! I am Thierry Carrez I work for the OpenStack Foundation. You can

What is OpenStack ? Hello! I am Thierry Carrez I work for the OpenStack Foundation. You can find me at @tcarrez on Twitter And ttx on IRC No, really What is OpenStack ? An open source project A common goal A coalition of

672 views • 33 slides
Best Practices for Deploying OpenStack Trove: An Inside look at Database as a Service Architecture

Best Practices for Deploying OpenStack Trove: An Inside look at Database as a Service Architecture

Best Practices for Deploying OpenStack Trove: An Inside look at Database as a Service Architecture OpenStack Summit at Barcelona, October 2016 Who are we? Sriram Kalyanasundaram, Director Implementations Tesora Inc. OpenStack Summit

812 views • 23 slides
BUILD YOUR FIRST OPENSTACK APPLICATION WITH OPENSTACK PYTHONSDK VICTORIA MARTINEZ DE LA CRUZ

BUILD YOUR FIRST OPENSTACK APPLICATION WITH OPENSTACK PYTHONSDK VICTORIA MARTINEZ DE LA CRUZ

BUILD YOUR FIRST OPENSTACK APPLICATION WITH OPENSTACK PYTHONSDK VICTORIA MARTINEZ DE LA CRUZ SOFTWARE ENGINEER AT RED HAT CO-FOUNDER LINUXCHIX ARGENTINA WHAT IS OPENSTACK? BRIEF OVERVIEW OPENSTACK OVERVIEW IAAS... AND MORE! + RUNNING

548 views • 36 slides
SUSE OpenStack Cloud 126 126 What is SUSE OpenStack Cloud You know of Cloud Compute right?

SUSE OpenStack Cloud 126 126 What is SUSE OpenStack Cloud You know of Cloud Compute right?

SUSE OpenStack Cloud 126 126 What is SUSE OpenStack Cloud You know of Cloud Compute right? Maybe you use AWS or Azure? Allowing pay-as-you-go model for IT infrastructure and toward dynamic software-defined service delivery.

168 views • 16 slides
OpenStack Summit Primer: The Who, What, Why, and How of OpenStack Presented by Ben Silverman,

OpenStack Summit Primer: The Who, What, Why, and How of OpenStack Presented by Ben Silverman,

OpenStack Summit Primer: The Who, What, Why, and How of OpenStack Presented by Ben Silverman, Cincinnati Bell Technology Services Monday, May 13, 2019 BS DETAILS 30+ years of IT experience 6+ years experience with OpenStack Former

376 views • 36 slides
Build your own Web Portal using OpenStack APIs and Services OpenStack Summit in Austin 2016

Build your own Web Portal using OpenStack APIs and Services OpenStack Summit in Austin 2016

Build your own Web Portal using OpenStack APIs and Services OpenStack Summit in Austin 2016 April 27, 2016 IBM Japan Systems Engineering Co.,Ltd. Machi Hoshino OpenStack Summit in Austin 2016 Outline Introduction What is OpenStack

685 views • 42 slides
Introduction to OpenStack Nabil Abdennadher, HES-SO What is OpenStack ? Free and

Introduction to OpenStack Nabil Abdennadher, HES-SO What is OpenStack ? Free and

Introduction to OpenStack Nabil Abdennadher, HES-SO What is OpenStack ? Free and open-source cloud-computing software platform. Provides services for managing a Cloud environment on the fly. Consists of a group of interrelated

781 views • 43 slides
Introduction to OpenStack Nabil Abdennadher, HES-SO What is OpenStack ? Free and

Introduction to OpenStack Nabil Abdennadher, HES-SO What is OpenStack ? Free and

Introduction to OpenStack Nabil Abdennadher, HES-SO What is OpenStack ? Free and open-source cloud-computing software platform. Provides services for managing a Cloud environment on the fly. Consists of a group of interrelated

742 views • 56 slides
GPU on OpenStack Masafumi Ohta @masafumiohta Who am I &gt; Working for System Integrator as

GPU on OpenStack Masafumi Ohta @masafumiohta Who am I &gt; Working for System Integrator as

GPU on OpenStack Masafumi Ohta @masafumiohta Who am I &gt; Working for System Integrator as Pre-Sales Engineer. Working on some OpenStack PoC projects. Proposing OpenStack system to a manufacturer Investigating OpenStack issues reading some

580 views • 32 slides
A Dropbox-like Personal Cloud for OpenStack Swift Pedro Garca Lpez OpenStack Summit Adrin

A Dropbox-like Personal Cloud for OpenStack Swift Pedro Garca Lpez OpenStack Summit Adrin

A Dropbox-like Personal Cloud for OpenStack Swift Pedro Garca Lpez OpenStack Summit Adrin Moreno Martnez May 2014 - Atlanta Cristian Cotes Gonzlez CloudSpaces project Open Service Platform for the Next Generation of Open

691 views • 37 slides
Coordination and Leadership challenges in producing OpenStack Thierry Carrez (@tcarrez) Release

Coordination and Leadership challenges in producing OpenStack Thierry Carrez (@tcarrez) Release

Coordination and Leadership challenges in producing OpenStack Thierry Carrez (@tcarrez) Release management PTL OpenStack is large &amp; growing 130 git repositories 1.8+ MLOC Stats by OpenStack is complex OpenStack is painful

597 views • 30 slides
Preventing craziness A deep dive into OpenStack testing automation Thierry Carrez (@tcarrez)

Preventing craziness A deep dive into OpenStack testing automation Thierry Carrez (@tcarrez)

Preventing craziness A deep dive into OpenStack testing automation Thierry Carrez (@tcarrez) Release manager, OpenStack OpenStack is large &amp; growing 95+ code repositories 1.9+ MLOC Stats by OpenStack is complex 9 integrated

497 views • 48 slides
OpenStack Charms Project Update, OpenStack Summit Vancouver James Page (jamespage) What are the

OpenStack Charms Project Update, OpenStack Summit Vancouver James Page (jamespage) What are the

May 2018 OpenStack Charms Project Update, OpenStack Summit Vancouver James Page (jamespage) What are the OpenStack Charms? commit 4b30ccbd044be76be66c1bb6f9669dba352147b6 Author: Adam Gandelman &lt;adamg@canonical.com&gt; Date: Tue Jul 5

403 views • 19 slides
OpenStack Hackathon Rio de Janeiro, Brazil - 2017 OpenStack Hackathons Help app developers

OpenStack Hackathon Rio de Janeiro, Brazil - 2017 OpenStack Hackathons Help app developers

OpenStack Hackathon Rio de Janeiro, Brazil - 2017 OpenStack Hackathons Help app developers build knowledge and skill for cloud-native applications Develop new relationships and discover new talent in your local community Practice

964 views • 22 slides
BC-15 On-air Testing Procedures for Broadcasting Undertakings March 17, 2020 Background In

BC-15 On-air Testing Procedures for Broadcasting Undertakings March 17, 2020 Background In

BC-15 On-air Testing Procedures for Broadcasting Undertakings March 17, 2020 Background In spring 2017, ISED proposed the following changes to BC-15: Language adjusted to match that in most recently published BPRs Names of

630 views • 6 slides
1H 2019 Results Half year ended 31 December 2018 15 February 2019 Our Group Design concept A

1H 2019 Results Half year ended 31 December 2018 15 February 2019 Our Group Design concept A

1H 2019 Results Half year ended 31 December 2018 15 February 2019 Our Group Design concept A market leading network 19 Total Sites Australia-wide 680 Total Sites coverage 19 2,541 Total sites 212 Total Sites 625 21 34 v 61 Total

722 views • 40 slides
Query Answering in Data Integration Piotr Wieczorek Institute of Computer Science University of

Query Answering in Data Integration Piotr Wieczorek Institute of Computer Science University of

Query Answering in Data Integration Piotr Wieczorek Institute of Computer Science University of Wrocaw Dagstuhl, November 2010 Outline Quick reminder 1 Computing certain answers under OWA/CWA 2 Inverse rules algorithm 3 MiniCon

617 views • 48 slides
RWIS Data Integration for Performance Measures Improved Decision Making Planning Operations

RWIS Data Integration for Performance Measures Improved Decision Making Planning Operations

RWIS Data Integration for Performance Measures Improved Decision Making Planning Operations Communications RITIS : Enabling Decision Making &amp; Effective Communication Learning Objectives At the end of this presentation the participants

266 views • 14 slides
Agile Software Testing Strategies Agile Software Testing Strategies Presented by: Jared

Agile Software Testing Strategies Agile Software Testing Strategies Presented by: Jared

W17 Concurrent Session Wednesday 06/11/2008 2:45 PM 4:15 PM Agile Software Testing Strategies Agile Software Testing Strategies Presented by: Jared Richardson 6 th Sense Analytics Presented at: Better Software Conference &amp; EXPO June

1.92k views • 33 slides
Rachel Carson, Gender, and Environmental Citizenship H U M A N I T I E S C E N T E R 2 7 J a n

Rachel Carson, Gender, and Environmental Citizenship H U M A N I T I E S C E N T E R 2 7 J a n

Rachel Carson, Gender, and Environmental Citizenship H U M A N I T I E S C E N T E R 2 7 J a n u a r y 2 0 16 M A R S H A L . R I CH M O N D A S S O C I A T E P R O F E S S O R D E P A R T M E N T O F H I S T O R Y Background

273 views • 23 slides
Assessing Risk of Death in People with Problematic Drug Use Dr Emma Fletcher , Jerusha

Assessing Risk of Death in People with Problematic Drug Use Dr Emma Fletcher , Jerusha

Assessing Risk of Death in People with Problematic Drug Use Dr Emma Fletcher , Jerusha Vithiyanandan, Dr Phyllis Easton, Dr Fiona Cowden, Dr Vered Hopkins, Superintendent John Wyllie, Professor Nick Fyfe Drug-related deaths in Scotland, 3- and

127 views • 11 slides
Recommended Budget for the Department of Health and Human Services Presented by: The Office of

Recommended Budget for the Department of Health and Human Services Presented by: The Office of

The Governors 2015 -17 Recommended Budget for the Department of Health and Human Services Presented by: The Office of State Budget and Management March 11, 2015 DHHS Budget Overview TOTAL HEALTH AND HUMAN SERVICES GENERAL FUND BUDGETS

683 views • 24 slides

More recommend