Cloudfoundry architecture

18,063 views

Published on

Cloud Foundry Architecture presentation at SpringOne 2012.

Published in: Technology

Cloudfoundry architecture

  1. 1. Cloud Foundry Architecture Ramnivas Laddad @ramnivas© 2012 SpringOne 2GX. All rights reserved. Do not distribute without permission.
  2. 2. @ramnivas •  Spring framework committer •  Cloud Foundry committer •  Main interests –  Cloud computing –  Aspect-oriented programming –  Scala and functional programming •  Author of books and articles –  AspectJ in Action (1st and 2nd edition) •  Speaker at many professional conferences –  JavaOne, JavaPolis, SpringOne, Software Development, No Fluff Just Stuff, EclipseCon, O’Reilly OSCON etc. •  Active involvement in AspectJ, Spring, and Cloud Foundry since their early form
  3. 3. Technologies “Я” Us Closure Java AMQP HTML5 Akka Mongo Spring ScalaRedis JSF Grails Hibernate node.jsRabbitMQ JDBC Lift Rails JMS Ruby Hadoop Sinatra Batch Job Django JTA Python MySQL Web Services JPA Caching LDAP Postgres Scripting Testing Security Neo4j REST
  4. 4. Technologies “Я” Us Closure Java AMQP HTML5 Akka Mongo Spring ScalaRedis JSF Grails Hibernate node.jsRabbitMQ JDBC Lift Rails JMS Ruby Hadoop Sinatra Batch Job Django JTA Python MySQL Web Services JPA Caching LDAP Postgres Scripting Testing Security Neo4j REST
  5. 5. Technologies “Я” Us Access logs Network Routing Hardware failures DNS Storage Load balancing Auditing Rolling Updates User management Security DoS Backups DBA OS Monitoring Patches
  6. 6. Technologies “Я” Us Access logs Network Routing Hardware failures DNS Storage Load balancing Auditing Rolling Updates User management Security DoS Backups DBA OS Monitoring Patches
  7. 7. Facets of complexity: Product§  More functionality§  Time to market pressure§  Complex integration§  Higher stake in quality
  8. 8. Facets of complexity: Development§  Sound architecture: future proofing without overdoing§  Unit and integration tests§  Responding to changing business needs§  Confusing technology landscape
  9. 9. Facets of complexity: Deployment andoperation§  Choosing the right hardware, operating system, web server§  Monitoring applications§  Responding to scalability needs§  Dealing with hardware- and system-level failures§  Upgrading without substantial down time
  10. 10. Inherent vs. Apparent Complexity Implementation
  11. 11. Inherent vs. Apparent Complexity Implementation Functional logic
  12. 12. Inherent vs. Apparent Complexity Implementation Functional logic Inherent complexity
  13. 13. Inherent vs. Apparent Complexity Implementation overhead Implementation Functional logic Inherent complexity
  14. 14. Inherent vs. Apparent Complexity Implementation overhead Apparent Implementation complexity Functional logic Inherent complexity
  15. 15. Inherent vs. Apparent Complexity What can we do about this? Implementation overhead Apparent Implementation complexity Functional logic Inherent complexity
  16. 16. What can we do? ?
  17. 17. Three layers of Cloud Computing SaaS Software as a Service PaaS Platform as a Service IaaS Infrastructure as a Service
  18. 18. Cloud Foundry open PaaS - Choice of clouds Data Services Private     Clouds     Msg Services Public   Clouds   Other Micro   Services Clouds  
  19. 19. Cloud Foundry open PaaS - Choice of clouds Data Services Private     Clouds     Msg Services Public   Clouds   Other Micro   Services Clouds  Apache2 license
  20. 20. Cloud Foundry open PaaS - Choice of clouds Data Services Private     Clouds     Partners   Msg Services Public   Clouds   Other Micro   Services Clouds  Apache2 license
  21. 21. Cloud Foundry Architecture
  22. 22. Architectural Goals•  No single point of failure•  Distributed state•  Self healing•  Horizontally scalable
  23. 23. Architectural Principles•  Loose coupling•  Event-driven•  Asynchronous•  Non-blocking•  Idempotent•  Eventually consistent•  Language-independent communication
  24. 24. Cloud Foundry Layers Clients Inner Shell Outer Shell Infrastructure as a Service Hardware (CPU, Memory, Storage, Network)
  25. 25. Cloud Foundry Core Components The Inner Shell
  26. 26. Cloud Foundry Inner Shell and Up Developers Users Routers CloudControllers Stagers App App HealthManager Execution Agents Services (DEA) Pool Messaging
  27. 27. Zooming in… App meta data cloud stager health controller manager cc - db staging jobs package uaa - db cache dea dea redis dea dea blobstore dea uaa - AuthN dea staging logs© 2012 VMware, Inc. All rights reserved
  28. 28. Design Principles•  Dynamically discoverable components•  No inter-component dependencies –  Launch in any order –  Scale up and down independently•  Monitor using HTTP end points
  29. 29. Cloud Foundry Inner Shell and Up Developers Users Routers CloudControllers Stagers App App HealthManager Execution Agents Services (DEA) Pool Messaging
  30. 30. Cloud Controller•  Interface with the clients –  VMC –  STS –  Portal•  Provides REST interface to domain objects –  Apps –  Services –  Orgs –  Spaces
  31. 31. Cloud Controller REST API Demo
  32. 32. Cloud Foundry Inner Shell and Up Developers Users Routers CloudControllers Stagers App App HealthManager Execution Agents Services (DEA) Pool Messaging
  33. 33. Stager•  Responsible for morphing user app into executable•  Pluggable architecture –  Each plugin understands a framework or a runtime•  Allow the DEA to view applications uniformly
  34. 34. Stager’s role ……………………………………… Stager …………… ………………………… ………………………… ………………………… ……………………….. :::::::::: Spring Play Rails …
  35. 35. From bits to executable app app.war
  36. 36. From bits to executable app app.war
  37. 37. From bits to executable app app.war
  38. 38. From bits to executable app startup app.war stop
  39. 39. Cloud Foundry Inner Shell and Up Developers Users Routers CloudControllers Stagers App App HealthManager Services Messaging
  40. 40. Cloud Foundry Inner Shell and Up Developers Users Routers CloudControllers Stagers App App HealthManager Execution Agents Services (DEA) Pool Messaging
  41. 41. From bits to running app startup app.war stop
  42. 42. From bits to running app startup app.war stop
  43. 43. From bits to running app A startup g e app.war n t stop
  44. 44. From bits to running app A startup g e app.war n t stop
  45. 45. Droplet Execution Agent (DEA)•  Responsible for running all apps•  Monitors apps –  Memory and disk quota –  Stage changes•  Uniform view of all apps –  Runtime/framework differences sorted by the stager•  Ensures app isolation
  46. 46. Application Isolation DEA Container API Host network Private network App Private File System Warden container
  47. 47. Cloud Foundry Inner Shell and Up Developers Users Routers CloudControllers Stagers App App HealthManager Execution Agents Services (DEA) Pool Messaging
  48. 48. Router•  Responsible to route requests to –  User apps –  External-facing components •  Cloud Controller •  UAA
  49. 49. Application Routing Messaging
  50. 50. Application Routing Router Messaging
  51. 51. Application Routing Router url è host:port DEA Messaging
  52. 52. Application Routing HTTP Router url è host:port DEA Messaging
  53. 53. Application Routing HTTP Nginx (+Lua extension) Locator Services Router url è host:port DEA Messaging
  54. 54. Application Routing HTTP Nginx (+Lua extension) Locator Services Router url è host:port DEA Messaging
  55. 55. Cloud Foundry Inner Shell and Up Developers Users Routers CloudControllers Stagers App App Execution Agents Services (DEA) Pool Messaging
  56. 56. Cloud Foundry Inner Shell and Up Developers Users Routers CloudControllers Stagers App App HealthManager Execution Agents Services (DEA) Pool Messaging
  57. 57. Health Manager§  Expected state: •  Cloud Controller§  Current state: •  DEAs§  Current state ç Expected state
  58. 58. UAA•  Centralized Identity Management –  Authenticates users from multiple sources –  Presents a single standard protocol for consumers•  User Account Management•  Client Application Registration•  OpenID Connect and Oauth2 – delegated authorization –  Uses Spring Security
  59. 59. Oauth2 for Cloud Foundry CF Portal Client Cloud controller User Resource server Resource owner UAA Identity provider
  60. 60. Oauth2 for Cloud Foundry Who is this user What is he/she requesting Do I have the necessary authorization Accesses the portal CF Portal Client Cloud controller User Resource server Resource owner UAA Identity provider
  61. 61. Oauth2 for Cloud Foundry Who is this user What is he/she requesting Do I have the necessary authorization Accesses the portal CF Portal Client Authenticate me Assert - Portal can only Cloud controller User read my apps Authenticates user Resource server Resource owner Issues authorization code UAA Identity provider
  62. 62. Oauth2 for Cloud Foundry Who is this user What is he/she requesting Do I have the necessary authorization Accesses the portal CF Portal Client Redirect user along with the authcode Authenticate me Assert - Portal can only Cloud controller User read my apps Authenticates user Resource server Resource owner Issues authorization code UAA Identity provider
  63. 63. Oauth2 for Cloud Foundry Who is this user What is he/she requesting Do I have the necessary authorization Accesses the portal CF Portal Client Redirect user along with the authcode Exchange authcode for an access token Authenticate me Assert - Portal can only Cloud controller User read my apps Authenticates user Resource server Resource owner Issues authorization code Issue access token scoped to cloud_controller.apps.read UAA Identity provider
  64. 64. Oauth2 for Cloud Foundry Who is this user What is he/she requesting Do I have the necessary authorization Present token containing Accesses the portal CF Portal cloud_controller.apps.read Client Redirect user along with the authcode Exchange authcode for an access token Authenticate me Assert - Portal can only Cloud controller User read my apps Authenticates user Resource server Resource owner Issues authorization code Issue access token scoped to cloud_controller.apps.read UAA Identity provider
  65. 65. Cloud Foundry Inner Shell and Up Developers Users Routers CloudControllers Stagers App App HealthManager Execution Agents (DEA) Pool Messaging
  66. 66. Cloud Foundry Inner Shell and Up Developers Users Routers CloudControllers Stagers App App HealthManager Execution Agents Services (DEA) Pool Messaging
  67. 67. Service Provisioning•  Service Gateway –  Provisions and unprovisions services –  Advertise service availability to CloudController•  Service Nodes –  Runs actual services –  Scale independently
  68. 68. Access to services infoVCAP_SERVICES: {! "postgresql-9.0": [{! "name": "env-postgresql",! "label": "postgresql-9.0",! "plan": "free",! "credentials": {! "name": "de24667f9344b4eeaad6b5a2326d52faa",! "host": "172.30.48.122",! "port": 5432,! "user": "u50ce600bba434bacbc99e034bb415644",! "password": "pf4dca5bd449d4732841f0c4ae3f299d0"! }! }]!}!
  69. 69. Operating Cloud Foundry The Outer Shell
  70. 70. Production Grade Cloud Foundry Clusters cloudfoundry.com§  500 – 5,000 VMs§  40+ unique node types§  75+ unique software packages§  2x/week cf.com updates§  24x7x365 non-stop operation§  No-downtime deployments§  Reliable, robust, repeatable deployments, updates, capacity adjustments§  Small teams manage many production, staging, stress, qa, instances dev
  71. 71. What is BOSH? github.com/cloudfoundry/bosh Service Evolution Technology for Operating Cloud Foundry in Production EnvironmentsAutomated Virtual Infrastructure•  At Cloud Scale•  Abstracted using a Cloud Provider Interface (CPI)Software Deployment, Configuration and Updates•  Optimized to Minimize Downtime•  Support for multiple VM rolesRepeatable Process•  Release Management with VersioningActive Monitoring and AlertingBOSH has been used to run CloudFoundry.com since launch
  72. 72. Cloud Foundry “BOSH” – Concepts "BOSH"
  73. 73. Cloud Foundry “BOSH” – Concepts Stemcell • Base OS • “BOSH” Agent "BOSH"
  74. 74. Cloud Foundry “BOSH” – Concepts Stemcell Release • Base OS • Name • “BOSH” Agent Jobs • Software Packages • Configuration Templates • Scripts "BOSH" Software Packages • Externally developed s/w • Internally developed s/w
  75. 75. Cloud Foundry “BOSH” – ConceptsDeployment Manifest Stemcell Release• Release name and version • Base OS • Name• # VMs, params for each Job • “BOSH” Agent• Stemcells to use Jobs • Software Packages • Configuration Templates • Scripts "BOSH" Software Packages • Externally developed s/w • Internally developed s/w
  76. 76. Cloud Foundry “BOSH” – ConceptsDeployment Manifest Stemcell Release• Release name and version • Base OS • Name• # VMs, params for each Job • “BOSH” Agent• Stemcells to use Jobs • Software Packages • Configuration Templates • Scripts "BOSH" Software Packages • Externally developed s/w • Internally developed s/w
  77. 77. Cloud Foundry “BOSH” – ConceptsDeployment Manifest Stemcell Release• Release name and version • Base OS • Name• # VMs, params for each Job • “BOSH” Agent• Stemcells to use Jobs • Software Packages • Configuration Templates • Scripts "BOSH" Software Packages • Externally developed s/w • Internally developed s/w Environment Configuration Software Packages Stemcell
  78. 78. Rolling Update of a Stateless Component Incoming HTTP Incoming HTTP Incoming HTTP Requests Requests Requests Router Router Router Create Create Cloud Cloud Cloud Cloud Cloud Controller Controller Controller Controller Controller v1 v1 v2 v1 v2 Message Bus Message Bus Message BusStarting with v1 Deploy a v2 VM If it works, add more v2VMs (canary) VMs...
  79. 79. Example: Rolling Update of a Stateless ComponentIncoming HTTP Incoming HTTPRequests Router / LB Requests LB Router / End Result: We upgraded from v1 Destroy Create to v2 with no downtime by Cloud Cloud Cloud building new VMs and Controller Controller Controller v1 v2 v2 destroying old ones Message Bus Message Bus … while removing v1 … until all VMs are VMs… v2
  80. 80. Deployment§  Parallel§  Canaries§  Eventual consistency
  81. 81. Under the Hood§  Components •  Director •  Agent •  CLI§  Stemcell
  82. 82. Code Change
  83. 83. VM Update
  84. 84. VM Update
  85. 85. Cloud Provider Interface•  Abstracts infrastructure –  Stemcells •  VM template –  VMs –  Disks –  Networks
  86. 86. IaaS neutral by designvSphere: battle tested implementation,thousands of deployments CPI: code completevCloud Director: “work in progress”, 2H 2012 functional status: “work in progress” Cloud Foundry BOSH Cloud Provider Interface (CPI) contribute: github.com/cloudfoundry/bosh
  87. 87. CPI Providers
  88. 88. Learn More. Stay Connected.Twitter•  http://twitter.com/cloudfoundry•  http://twitter.com/ramnivasSign up online at cloudfoundry.com•  Website: http://cloudfoundry.org•  Blog: http://blog.cloudfoundry.com and http://blog.cloudfoundry.org•  GitHub: http://github.com/cloudfoundry•  YouTube: http://youtube.com/cloudfoundry
  89. 89. Questions?
  90. 90. Cloud Foundry Architecture Ramnivas Laddad @ramnivas© 2012 SpringOne 2GX. All rights reserved. Do not distribute without permission.

×