SlideShare a Scribd company logo

Lessions from building a high available cloud foudry on top of open stack

Yitao Jiang
Yitao Jiang

This document discusses lessons learned from building a highly available cloud foundry deployment on OpenStack. It covers integrating OpenStack, deploying Cloud Foundry using BOSH, using the OpenStack CPI, validating OpenStack, networking with Neutron, using Swift for blob storage, encrypting database data, load balancing with Gorouter, and backing up the Cloud Foundry platform and applications.

Technology
1 of 33
Download to read offline
Lessions from Building a High Available Cloud Foudry on top of OpenStack 1
Hello World! Jiang Yi Tao IBM CDL Bluemix IaaS PaaS 2
Agenda • Open Stack • Nova Neutron Cinder Swift • Cloud Foundry • LB Gorouter • Database • Backup 3
Releases • CF 233 • OpenStack Kilo 4
OpenStack 5
OpenStack Intergration 6
• Image • Router • network, subnet • Flavor • Keypair • Security Group OpenStack Create VM 7
How to Deploy CF 1.Target a bosh director using cli 2.Upload a stemcell 3.Upload a release 4.Gererate a manifest 5.bosh deploy 5.1.prepare deployment 5.2.complie the packages 5.3.create and bind vm 5.4.pull in job configurations 5.5.create needed job instances 8
OpenStack-CPI • OpenStack CPI is an implementation of the BOSH CPI • Leverages the Fog Ruby gem for OpenStack http://fog.io 9
OpenStack Ready? • Fog Version? • bosh openstack cpi • Validate OpenStack • https://docs.cloudfoundry.org/deploying/openstack/ validate_openstack.html 10
OpenStack Ready?(cont.) gem install XXX -v XXX require 'fog' EXCON_DEBUG=true nova=Fog::Compute.new({:provider => 'openstack', :openstack_tenant => 'jiangytcn', :openstack_api_key => 'XXXX', :openstack_username => 'jiangytcn', :openstack_auth_url => 'https://XXX.cn.ibm.com:35357/v3/auth/ tokens', :openstack_domain_name => 'default', :connection_options => { :ssl_verify_peer => false}}) nova.list_servers nova.servers.create(name = 'trusty', image_ref = image, flavor_ref = flavor, key_name = my_key) Similar for Volumes, Networks, Images, etc. 11
Nova • QEMU KVM • Over Commit • Flavor • ephemeral >= 2* ram If has ephemeral • Security Groups • Only open required ports, remote CIDR/SG • VM runs OK? • ping 127.0.0.1 • (Compute Node) watch 'tail /sys/kernel/mm/ksm/*' 12
Resource Pool • Scheduler hints • AZ Affinity-Group Anti- affinity-group • No SPOF • Need more physical resource 13
Neutron • Overlap • Vlan gre vxlan • Isolated • IP translation, controlled • Flat • Flat-dhcp • Shared • Directly to switch ✤ MTU Selection PMTU ping -D -g <minsize> -G <maxsize> -h <sizeincr> <host> ✤ JUMBO FRAMES ✤ meta-data/user-data 14
Cinder • Backend • LVM CEPH ... • Disk Readonly * 15
Swift - BlobStore • user-uploaded applications, buildpacks, droplets, and application resources • Tempurl • X-Account-Meta-Temp-URL-Key • runner download packages using tempurl • Ratelimit(Optional. If no account or container limits are provided there will be no rate limiting) • NTP 16
Keystone • Tenant/Project with Large Quotas • Day one & Day two 17
Deployment • keystone • v2 or v3 • network type • manual VS dynamic VS static 18
Cloud Foundry? 19
CF push workflow 20
Grouter & Load Balancer • Domains • system, apps • Gorouter only support single certs • TLS Pass-Through • Performant and a single TLS connection • TLS Termination at Load Balancer • Less performant option • Multiple certificates to be used • Internal • Haproxy • External LB • Third party • LBaaS 21
BlobStore • NFS • Webdav • Swift 22
Cloud Controller • resources clean up app_events: cutoff_age_in_days: 36 app_usage_events: cutoff_age_in_days: 36 audit_events: cutoff_age_in_days: 36 failed_jobs: cutoff_age_in_days: 7 23
Database • Cluster • Postgresql • Mysql • Backup • Transaction Logs • Full backup 24
DB Encrypt/Decrypt 25 CCDB.apps
DB Encrypt/Decrypt • Cloud Controller • db_encryption_key • row level encrypt, salt 26
def encrypt(input, salt) return nil unless input Base64.strict_encode64(run_cipher(make_cipher.encrypt, input, salt)) end def decrypt(encrypted_input, salt) return nil unless encrypted_input run_cipher(make_cipher.decrypt, Base64.decode64(encrypted_input), salt) end def make_cipher OpenSSL::Cipher::Cipher.new(ALGORITHM) end def run_cipher(cipher, input, salt) cipher.pkcs5_keyivgen(db_encryption_key, salt) cipher.update(input).tap { |result| result << cipher.final } end 27
DB Encrypt/Decrypt 28
Buildpacks • application runtime • installed buildpack • system build pack will be override every update 29
Backing up Cloud Foundry • Platform • BOSH DB • configuration files • CCDB UAADB • Blobstore • Credentials • User • apps • service instance 30
Bosh DB • DNS • for internal use • VM and Volume mapping 31
Configuration • deployment manifest bosh download manifest <DEPLOYMENT> cf.yml kept it • key pairs, certs 32
33 You can find me at: • @jiangytcn • jiangyt.cn@gmail.com Validate OpenStack core component vm metadata service Cloud Foundry Network Type Data encrypt/decrypt Backup DB services manifest

Recommended

Cloud Native User Group: Shift-Left Testing IaC With PaC
Cloud Native User Group: Shift-Left Testing IaC With PaCCloud Native User Group: Shift-Left Testing IaC With PaC
Cloud Native User Group: Shift-Left Testing IaC With PaC
smalltown
 
K8s storage-glusterfs-20180210
K8s storage-glusterfs-20180210K8s storage-glusterfs-20180210
K8s storage-glusterfs-20180210
Che-Chia Chang
 
Cloud Native User Group: Prometheus Day 2
Cloud Native User Group: Prometheus Day 2Cloud Native User Group: Prometheus Day 2
Cloud Native User Group: Prometheus Day 2
smalltown
 
Testing kubernetes and_open_shift_at_scale_20170209
Testing kubernetes and_open_shift_at_scale_20170209Testing kubernetes and_open_shift_at_scale_20170209
Testing kubernetes and_open_shift_at_scale_20170209
mffiedler
 
Building an external CPI for CloudStack
Building an external CPI for CloudStackBuilding an external CPI for CloudStack
Building an external CPI for CloudStack
Guillaume Berche
 
Openstack CPI cloudfoundry
Openstack CPI cloudfoundryOpenstack CPI cloudfoundry
Openstack CPI cloudfoundry
Yitao Jiang
 
How OpenStack is Built - Anton Weiss - OpenStack Day Israel 2016
How OpenStack is Built - Anton Weiss - OpenStack Day Israel 2016How OpenStack is Built - Anton Weiss - OpenStack Day Israel 2016
How OpenStack is Built - Anton Weiss - OpenStack Day Israel 2016
Cloud Native Day Tel Aviv
 
Containers and CloudStack
Containers and CloudStackContainers and CloudStack
Containers and CloudStack
ShapeBlue
 

Recommended

Cloud Native User Group: Shift-Left Testing IaC With PaC
Cloud Native User Group: Shift-Left Testing IaC With PaCCloud Native User Group: Shift-Left Testing IaC With PaC
Cloud Native User Group: Shift-Left Testing IaC With PaC
smalltown
 
K8s storage-glusterfs-20180210
K8s storage-glusterfs-20180210K8s storage-glusterfs-20180210
K8s storage-glusterfs-20180210
Che-Chia Chang
 
Cloud Native User Group: Prometheus Day 2
Cloud Native User Group: Prometheus Day 2Cloud Native User Group: Prometheus Day 2
Cloud Native User Group: Prometheus Day 2
smalltown
 
Testing kubernetes and_open_shift_at_scale_20170209
Testing kubernetes and_open_shift_at_scale_20170209Testing kubernetes and_open_shift_at_scale_20170209
Testing kubernetes and_open_shift_at_scale_20170209
mffiedler
 
Building an external CPI for CloudStack
Building an external CPI for CloudStackBuilding an external CPI for CloudStack
Building an external CPI for CloudStack
Guillaume Berche
 
Openstack CPI cloudfoundry
Openstack CPI cloudfoundryOpenstack CPI cloudfoundry
Openstack CPI cloudfoundry
Yitao Jiang
 
How OpenStack is Built - Anton Weiss - OpenStack Day Israel 2016
How OpenStack is Built - Anton Weiss - OpenStack Day Israel 2016How OpenStack is Built - Anton Weiss - OpenStack Day Israel 2016
How OpenStack is Built - Anton Weiss - OpenStack Day Israel 2016
Cloud Native Day Tel Aviv
 
Containers and CloudStack
Containers and CloudStackContainers and CloudStack
Containers and CloudStack
ShapeBlue
 
Elk for applications on k8s
Elk for applications on k8sElk for applications on k8s
Elk for applications on k8s
Che-Chia Chang
 
Network plugins for kubernetes
Network plugins for kubernetesNetwork plugins for kubernetes
Network plugins for kubernetes
inwin stack
 
DevOpsDays Taipei 2019 - Mastering IaC the DevOps Way
DevOpsDays Taipei 2019 - Mastering IaC the DevOps WayDevOpsDays Taipei 2019 - Mastering IaC the DevOps Way
DevOpsDays Taipei 2019 - Mastering IaC the DevOps Way
smalltown
 
KubeCon EU 2016 Keynote: Pushing Kubernetes Forward
KubeCon EU 2016 Keynote: Pushing Kubernetes ForwardKubeCon EU 2016 Keynote: Pushing Kubernetes Forward
KubeCon EU 2016 Keynote: Pushing Kubernetes Forward
KubeAcademy
 
How to Prepare for CKA Exam
How to Prepare for CKA ExamHow to Prepare for CKA Exam
How to Prepare for CKA Exam
Alfie Chen
 
Docker for HPC in a Nutshell
Docker for HPC in a NutshellDocker for HPC in a Nutshell
Docker for HPC in a Nutshell
inside-BigData.com
 
Building stateful applications on Kubernetes with Rook
Building stateful applications on Kubernetes with RookBuilding stateful applications on Kubernetes with Rook
Building stateful applications on Kubernetes with Rook
Roberto Hashioka
 
Ansible and CloudStack
Ansible and CloudStackAnsible and CloudStack
Ansible and CloudStack
ShapeBlue
 
The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...
The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...
The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...
Docker, Inc.
 
OpenNebulaConf 2016 - Measuring and tuning VM performance by Boyan Krosnov, S...
OpenNebulaConf 2016 - Measuring and tuning VM performance by Boyan Krosnov, S...OpenNebulaConf 2016 - Measuring and tuning VM performance by Boyan Krosnov, S...
OpenNebulaConf 2016 - Measuring and tuning VM performance by Boyan Krosnov, S...
OpenNebula Project
 
Storage based on_openstack_mariocho
Storage based on_openstack_mariochoStorage based on_openstack_mariocho
Storage based on_openstack_mariocho
Mario Cho
 
OSDC 2018 | Hardware-level data-center monitoring with Prometheus by Conrad H...
OSDC 2018 | Hardware-level data-center monitoring with Prometheus by Conrad H...OSDC 2018 | Hardware-level data-center monitoring with Prometheus by Conrad H...
OSDC 2018 | Hardware-level data-center monitoring with Prometheus by Conrad H...
NETWAYS
 
Fabric8 - Being devOps doesn't suck anymore
Fabric8 - Being devOps doesn't suck anymoreFabric8 - Being devOps doesn't suck anymore
Fabric8 - Being devOps doesn't suck anymore
Henryk Konsek
 
2014 11-05 hpcac-kniep_christian_dockermpi
2014 11-05 hpcac-kniep_christian_dockermpi2014 11-05 hpcac-kniep_christian_dockermpi
2014 11-05 hpcac-kniep_christian_dockermpi
QNIB Solutions
 
DockerCon EU 2015: Deploying and Managing Containers for Developers
DockerCon EU 2015: Deploying and Managing Containers for DevelopersDockerCon EU 2015: Deploying and Managing Containers for Developers
DockerCon EU 2015: Deploying and Managing Containers for Developers
Docker, Inc.
 
Introduction to CNI (Container Network Interface)
Introduction to CNI (Container Network Interface)Introduction to CNI (Container Network Interface)
Introduction to CNI (Container Network Interface)
HungWei Chiu
 
AtlasCamp 2015: How to deliver radical architectural change without the custo...
AtlasCamp 2015: How to deliver radical architectural change without the custo...AtlasCamp 2015: How to deliver radical architectural change without the custo...
AtlasCamp 2015: How to deliver radical architectural change without the custo...
Atlassian
 
Get a Taste of 1 k+ Nodes by a Handful of Servers
Get a Taste of 1 k+ Nodes by a Handful of Servers Get a Taste of 1 k+ Nodes by a Handful of Servers
Get a Taste of 1 k+ Nodes by a Handful of Servers
LinuxCon ContainerCon CloudOpen China
 
Status of Embedded Linux
Status of Embedded LinuxStatus of Embedded Linux
Status of Embedded Linux
LinuxCon ContainerCon CloudOpen China
 
HPC in a Box - Docker Workshop at ISC 2015
HPC in a Box - Docker Workshop at ISC 2015HPC in a Box - Docker Workshop at ISC 2015
HPC in a Box - Docker Workshop at ISC 2015
inside-BigData.com
 
The Twelve Factor App - Pivotal Tracker
The Twelve Factor App - Pivotal TrackerThe Twelve Factor App - Pivotal Tracker
The Twelve Factor App - Pivotal Tracker
lauriepino
 
99cloud Docker Training module 2
99cloud Docker Training module 299cloud Docker Training module 2
99cloud Docker Training module 2
Liang Bo
 

More Related Content

What's hot

Elk for applications on k8s
Elk for applications on k8sElk for applications on k8s
Elk for applications on k8s
Che-Chia Chang
 
Network plugins for kubernetes
Network plugins for kubernetesNetwork plugins for kubernetes
Network plugins for kubernetes
inwin stack
 
DevOpsDays Taipei 2019 - Mastering IaC the DevOps Way
DevOpsDays Taipei 2019 - Mastering IaC the DevOps WayDevOpsDays Taipei 2019 - Mastering IaC the DevOps Way
DevOpsDays Taipei 2019 - Mastering IaC the DevOps Way
smalltown
 
KubeCon EU 2016 Keynote: Pushing Kubernetes Forward
KubeCon EU 2016 Keynote: Pushing Kubernetes ForwardKubeCon EU 2016 Keynote: Pushing Kubernetes Forward
KubeCon EU 2016 Keynote: Pushing Kubernetes Forward
KubeAcademy
 
How to Prepare for CKA Exam
How to Prepare for CKA ExamHow to Prepare for CKA Exam
How to Prepare for CKA Exam
Alfie Chen
 
Docker for HPC in a Nutshell
Docker for HPC in a NutshellDocker for HPC in a Nutshell
Docker for HPC in a Nutshell
inside-BigData.com
 
Building stateful applications on Kubernetes with Rook
Building stateful applications on Kubernetes with RookBuilding stateful applications on Kubernetes with Rook
Building stateful applications on Kubernetes with Rook
Roberto Hashioka
 
Ansible and CloudStack
Ansible and CloudStackAnsible and CloudStack
Ansible and CloudStack
ShapeBlue
 
The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...
The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...
The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...
Docker, Inc.
 
OpenNebulaConf 2016 - Measuring and tuning VM performance by Boyan Krosnov, S...
OpenNebulaConf 2016 - Measuring and tuning VM performance by Boyan Krosnov, S...OpenNebulaConf 2016 - Measuring and tuning VM performance by Boyan Krosnov, S...
OpenNebulaConf 2016 - Measuring and tuning VM performance by Boyan Krosnov, S...
OpenNebula Project
 
Storage based on_openstack_mariocho
Storage based on_openstack_mariochoStorage based on_openstack_mariocho
Storage based on_openstack_mariocho
Mario Cho
 
OSDC 2018 | Hardware-level data-center monitoring with Prometheus by Conrad H...
OSDC 2018 | Hardware-level data-center monitoring with Prometheus by Conrad H...OSDC 2018 | Hardware-level data-center monitoring with Prometheus by Conrad H...
OSDC 2018 | Hardware-level data-center monitoring with Prometheus by Conrad H...
NETWAYS
 
Fabric8 - Being devOps doesn't suck anymore
Fabric8 - Being devOps doesn't suck anymoreFabric8 - Being devOps doesn't suck anymore
Fabric8 - Being devOps doesn't suck anymore
Henryk Konsek
 
2014 11-05 hpcac-kniep_christian_dockermpi
2014 11-05 hpcac-kniep_christian_dockermpi2014 11-05 hpcac-kniep_christian_dockermpi
2014 11-05 hpcac-kniep_christian_dockermpi
QNIB Solutions
 
DockerCon EU 2015: Deploying and Managing Containers for Developers
DockerCon EU 2015: Deploying and Managing Containers for DevelopersDockerCon EU 2015: Deploying and Managing Containers for Developers
DockerCon EU 2015: Deploying and Managing Containers for Developers
Docker, Inc.
 
Introduction to CNI (Container Network Interface)
Introduction to CNI (Container Network Interface)Introduction to CNI (Container Network Interface)
Introduction to CNI (Container Network Interface)
HungWei Chiu
 
AtlasCamp 2015: How to deliver radical architectural change without the custo...
AtlasCamp 2015: How to deliver radical architectural change without the custo...AtlasCamp 2015: How to deliver radical architectural change without the custo...
AtlasCamp 2015: How to deliver radical architectural change without the custo...
Atlassian
 
Get a Taste of 1 k+ Nodes by a Handful of Servers
Get a Taste of 1 k+ Nodes by a Handful of Servers Get a Taste of 1 k+ Nodes by a Handful of Servers
Get a Taste of 1 k+ Nodes by a Handful of Servers
LinuxCon ContainerCon CloudOpen China
 
Status of Embedded Linux
Status of Embedded LinuxStatus of Embedded Linux
Status of Embedded Linux
LinuxCon ContainerCon CloudOpen China
 
HPC in a Box - Docker Workshop at ISC 2015
HPC in a Box - Docker Workshop at ISC 2015HPC in a Box - Docker Workshop at ISC 2015
HPC in a Box - Docker Workshop at ISC 2015
inside-BigData.com
 

What's hot (20)

Elk for applications on k8s
Elk for applications on k8sElk for applications on k8s
Elk for applications on k8s
 
Network plugins for kubernetes
Network plugins for kubernetesNetwork plugins for kubernetes
Network plugins for kubernetes
 
DevOpsDays Taipei 2019 - Mastering IaC the DevOps Way
DevOpsDays Taipei 2019 - Mastering IaC the DevOps WayDevOpsDays Taipei 2019 - Mastering IaC the DevOps Way
DevOpsDays Taipei 2019 - Mastering IaC the DevOps Way
 
KubeCon EU 2016 Keynote: Pushing Kubernetes Forward
KubeCon EU 2016 Keynote: Pushing Kubernetes ForwardKubeCon EU 2016 Keynote: Pushing Kubernetes Forward
KubeCon EU 2016 Keynote: Pushing Kubernetes Forward
 
How to Prepare for CKA Exam
How to Prepare for CKA ExamHow to Prepare for CKA Exam
How to Prepare for CKA Exam
 
Docker for HPC in a Nutshell
Docker for HPC in a NutshellDocker for HPC in a Nutshell
Docker for HPC in a Nutshell
 
Building stateful applications on Kubernetes with Rook
Building stateful applications on Kubernetes with RookBuilding stateful applications on Kubernetes with Rook
Building stateful applications on Kubernetes with Rook
 
Ansible and CloudStack
Ansible and CloudStackAnsible and CloudStack
Ansible and CloudStack
 
The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...
The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...
The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...
 
OpenNebulaConf 2016 - Measuring and tuning VM performance by Boyan Krosnov, S...
OpenNebulaConf 2016 - Measuring and tuning VM performance by Boyan Krosnov, S...OpenNebulaConf 2016 - Measuring and tuning VM performance by Boyan Krosnov, S...
OpenNebulaConf 2016 - Measuring and tuning VM performance by Boyan Krosnov, S...
 
Storage based on_openstack_mariocho
Storage based on_openstack_mariochoStorage based on_openstack_mariocho
Storage based on_openstack_mariocho
 
OSDC 2018 | Hardware-level data-center monitoring with Prometheus by Conrad H...
OSDC 2018 | Hardware-level data-center monitoring with Prometheus by Conrad H...OSDC 2018 | Hardware-level data-center monitoring with Prometheus by Conrad H...
OSDC 2018 | Hardware-level data-center monitoring with Prometheus by Conrad H...
 
Fabric8 - Being devOps doesn't suck anymore
Fabric8 - Being devOps doesn't suck anymoreFabric8 - Being devOps doesn't suck anymore
Fabric8 - Being devOps doesn't suck anymore
 
2014 11-05 hpcac-kniep_christian_dockermpi
2014 11-05 hpcac-kniep_christian_dockermpi2014 11-05 hpcac-kniep_christian_dockermpi
2014 11-05 hpcac-kniep_christian_dockermpi
 
DockerCon EU 2015: Deploying and Managing Containers for Developers
DockerCon EU 2015: Deploying and Managing Containers for DevelopersDockerCon EU 2015: Deploying and Managing Containers for Developers
DockerCon EU 2015: Deploying and Managing Containers for Developers
 
Introduction to CNI (Container Network Interface)
Introduction to CNI (Container Network Interface)Introduction to CNI (Container Network Interface)
Introduction to CNI (Container Network Interface)
 
AtlasCamp 2015: How to deliver radical architectural change without the custo...
AtlasCamp 2015: How to deliver radical architectural change without the custo...AtlasCamp 2015: How to deliver radical architectural change without the custo...
AtlasCamp 2015: How to deliver radical architectural change without the custo...
 
Get a Taste of 1 k+ Nodes by a Handful of Servers
Get a Taste of 1 k+ Nodes by a Handful of Servers Get a Taste of 1 k+ Nodes by a Handful of Servers
Get a Taste of 1 k+ Nodes by a Handful of Servers
 
Status of Embedded Linux
Status of Embedded LinuxStatus of Embedded Linux
Status of Embedded Linux
 
HPC in a Box - Docker Workshop at ISC 2015
HPC in a Box - Docker Workshop at ISC 2015HPC in a Box - Docker Workshop at ISC 2015
HPC in a Box - Docker Workshop at ISC 2015
 

Similar to Lessions from building a high available cloud foudry on top of open stack

The Twelve Factor App - Pivotal Tracker
The Twelve Factor App - Pivotal TrackerThe Twelve Factor App - Pivotal Tracker
The Twelve Factor App - Pivotal Tracker
lauriepino
 
99cloud Docker Training module 2
99cloud Docker Training module 299cloud Docker Training module 2
99cloud Docker Training module 2
Liang Bo
 
Cloud Based VDI with OpenStack, by Shifen Yang
Cloud Based VDI with OpenStack, by Shifen YangCloud Based VDI with OpenStack, by Shifen Yang
Cloud Based VDI with OpenStack, by Shifen Yang
Hui Cheng
 
Track2 -杨世芬--cloudena-apac-8-11-2012
Track2 -杨世芬--cloudena-apac-8-11-2012Track2 -杨世芬--cloudena-apac-8-11-2012
Track2 -杨世芬--cloudena-apac-8-11-2012OpenCity Community
 
OpenStack and Windows
OpenStack and WindowsOpenStack and Windows
OpenStack and Windows
Alessandro Pilotti
 
Deep Dive Into the CERN Cloud Infrastructure - November, 2013
Deep Dive Into the CERN Cloud Infrastructure - November, 2013Deep Dive Into the CERN Cloud Infrastructure - November, 2013
Deep Dive Into the CERN Cloud Infrastructure - November, 2013
Belmiro Moreira
 
Docker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know nowDocker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know now
PLUMgrid
 
Monitoring Docker at Scale - Docker San Francisco Meetup - August 11, 2015
Monitoring Docker at Scale - Docker San Francisco Meetup - August 11, 2015Monitoring Docker at Scale - Docker San Francisco Meetup - August 11, 2015
Monitoring Docker at Scale - Docker San Francisco Meetup - August 11, 2015
Datadog
 
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack NetworkingONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
markmcclain
 
Kubernetes for Enterprise DevOps
Kubernetes for Enterprise DevOpsKubernetes for Enterprise DevOps
Kubernetes for Enterprise DevOps
Jim Bugwadia
 
Adf with docker
Adf with dockerAdf with docker
Adf with docker
Eugene Fedorenko
 
Why Kubernetes as a container orchestrator is a right choice for running spar...
Why Kubernetes as a container orchestrator is a right choice for running spar...Why Kubernetes as a container orchestrator is a right choice for running spar...
Why Kubernetes as a container orchestrator is a right choice for running spar...
DataWorks Summit
 
Running Cloud Foundry for 12 months - An experience report | anynines
Running Cloud Foundry for 12 months - An experience report | anyninesRunning Cloud Foundry for 12 months - An experience report | anynines
Running Cloud Foundry for 12 months - An experience report | anynines
anynines GmbH
 
Deploying your apps in the cloud - the options: an overview
Deploying your apps in the cloud - the options: an overviewDeploying your apps in the cloud - the options: an overview
Deploying your apps in the cloud - the options: an overview
Cisco DevNet
 
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
Cynthia Thomas
 
KubeCon USA 2017 brief Overview - from Kubernetes meetup Bangalore
KubeCon USA 2017 brief Overview - from Kubernetes meetup BangaloreKubeCon USA 2017 brief Overview - from Kubernetes meetup Bangalore
KubeCon USA 2017 brief Overview - from Kubernetes meetup Bangalore
Krishna-Kumar
 
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...
NETWAYS
 
Kubernetes Networking 101 kubecon EU 2022
Kubernetes Networking 101 kubecon EU 2022Kubernetes Networking 101 kubecon EU 2022
Kubernetes Networking 101 kubecon EU 2022
ssuser1490e8
 
Containerising bootiful microservices javaeeconf
Containerising bootiful microservices javaeeconfContainerising bootiful microservices javaeeconf
Containerising bootiful microservices javaeeconf
Ivan Vasyliev
 
Cloud Native Java Development Patterns
Cloud Native Java Development PatternsCloud Native Java Development Patterns
Cloud Native Java Development Patterns
Bilgin Ibryam
 

Similar to Lessions from building a high available cloud foudry on top of open stack (20)

The Twelve Factor App - Pivotal Tracker
The Twelve Factor App - Pivotal TrackerThe Twelve Factor App - Pivotal Tracker
The Twelve Factor App - Pivotal Tracker
 
99cloud Docker Training module 2
99cloud Docker Training module 299cloud Docker Training module 2
99cloud Docker Training module 2
 
Cloud Based VDI with OpenStack, by Shifen Yang
Cloud Based VDI with OpenStack, by Shifen YangCloud Based VDI with OpenStack, by Shifen Yang
Cloud Based VDI with OpenStack, by Shifen Yang
 
Track2 -杨世芬--cloudena-apac-8-11-2012
Track2 -杨世芬--cloudena-apac-8-11-2012Track2 -杨世芬--cloudena-apac-8-11-2012
Track2 -杨世芬--cloudena-apac-8-11-2012
 
OpenStack and Windows
OpenStack and WindowsOpenStack and Windows
OpenStack and Windows
 
Deep Dive Into the CERN Cloud Infrastructure - November, 2013
Deep Dive Into the CERN Cloud Infrastructure - November, 2013Deep Dive Into the CERN Cloud Infrastructure - November, 2013
Deep Dive Into the CERN Cloud Infrastructure - November, 2013
 
Docker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know nowDocker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know now
 
Monitoring Docker at Scale - Docker San Francisco Meetup - August 11, 2015
Monitoring Docker at Scale - Docker San Francisco Meetup - August 11, 2015Monitoring Docker at Scale - Docker San Francisco Meetup - August 11, 2015
Monitoring Docker at Scale - Docker San Francisco Meetup - August 11, 2015
 
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack NetworkingONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
 
Kubernetes for Enterprise DevOps
Kubernetes for Enterprise DevOpsKubernetes for Enterprise DevOps
Kubernetes for Enterprise DevOps
 
Adf with docker
Adf with dockerAdf with docker
Adf with docker
 
Why Kubernetes as a container orchestrator is a right choice for running spar...
Why Kubernetes as a container orchestrator is a right choice for running spar...Why Kubernetes as a container orchestrator is a right choice for running spar...
Why Kubernetes as a container orchestrator is a right choice for running spar...
 
Running Cloud Foundry for 12 months - An experience report | anynines
Running Cloud Foundry for 12 months - An experience report | anyninesRunning Cloud Foundry for 12 months - An experience report | anynines
Running Cloud Foundry for 12 months - An experience report | anynines
 
Deploying your apps in the cloud - the options: an overview
Deploying your apps in the cloud - the options: an overviewDeploying your apps in the cloud - the options: an overview
Deploying your apps in the cloud - the options: an overview
 
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
 
KubeCon USA 2017 brief Overview - from Kubernetes meetup Bangalore
KubeCon USA 2017 brief Overview - from Kubernetes meetup BangaloreKubeCon USA 2017 brief Overview - from Kubernetes meetup Bangalore
KubeCon USA 2017 brief Overview - from Kubernetes meetup Bangalore
 
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...
 
Kubernetes Networking 101 kubecon EU 2022
Kubernetes Networking 101 kubecon EU 2022Kubernetes Networking 101 kubecon EU 2022
Kubernetes Networking 101 kubecon EU 2022
 
Containerising bootiful microservices javaeeconf
Containerising bootiful microservices javaeeconfContainerising bootiful microservices javaeeconf
Containerising bootiful microservices javaeeconf
 
Cloud Native Java Development Patterns
Cloud Native Java Development PatternsCloud Native Java Development Patterns
Cloud Native Java Development Patterns
 

Recently uploaded

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
g2nightmarescribd
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 

Recently uploaded (20)

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 

Lessions from building a high available cloud foudry on top of open stack

  • 1. Lessions from Building a High Available Cloud Foudry on top of OpenStack 1
  • 2. Hello World! Jiang Yi Tao IBM CDL Bluemix IaaS PaaS 2
  • 3. Agenda • Open Stack • Nova Neutron Cinder Swift • Cloud Foundry • LB Gorouter • Database • Backup 3
  • 4. Releases • CF 233 • OpenStack Kilo 4
  • 7. • Image • Router • network, subnet • Flavor • Keypair • Security Group OpenStack Create VM 7
  • 8. How to Deploy CF 1.Target a bosh director using cli 2.Upload a stemcell 3.Upload a release 4.Gererate a manifest 5.bosh deploy 5.1.prepare deployment 5.2.complie the packages 5.3.create and bind vm 5.4.pull in job configurations 5.5.create needed job instances 8
  • 9. OpenStack-CPI • OpenStack CPI is an implementation of the BOSH CPI • Leverages the Fog Ruby gem for OpenStack http://fog.io 9
  • 10. OpenStack Ready? • Fog Version? • bosh openstack cpi • Validate OpenStack • https://docs.cloudfoundry.org/deploying/openstack/ validate_openstack.html 10
  • 11. OpenStack Ready?(cont.) gem install XXX -v XXX require 'fog' EXCON_DEBUG=true nova=Fog::Compute.new({:provider => 'openstack', :openstack_tenant => 'jiangytcn', :openstack_api_key => 'XXXX', :openstack_username => 'jiangytcn', :openstack_auth_url => 'https://XXX.cn.ibm.com:35357/v3/auth/ tokens', :openstack_domain_name => 'default', :connection_options => { :ssl_verify_peer => false}}) nova.list_servers nova.servers.create(name = 'trusty', image_ref = image, flavor_ref = flavor, key_name = my_key) Similar for Volumes, Networks, Images, etc. 11
  • 12. Nova • QEMU KVM • Over Commit • Flavor • ephemeral >= 2* ram If has ephemeral • Security Groups • Only open required ports, remote CIDR/SG • VM runs OK? • ping 127.0.0.1 • (Compute Node) watch 'tail /sys/kernel/mm/ksm/*' 12
  • 13. Resource Pool • Scheduler hints • AZ Affinity-Group Anti- affinity-group • No SPOF • Need more physical resource 13
  • 14. Neutron • Overlap • Vlan gre vxlan • Isolated • IP translation, controlled • Flat • Flat-dhcp • Shared • Directly to switch ✤ MTU Selection PMTU ping -D -g <minsize> -G <maxsize> -h <sizeincr> <host> ✤ JUMBO FRAMES ✤ meta-data/user-data 14
  • 15. Cinder • Backend • LVM CEPH ... • Disk Readonly * 15
  • 16. Swift - BlobStore • user-uploaded applications, buildpacks, droplets, and application resources • Tempurl • X-Account-Meta-Temp-URL-Key • runner download packages using tempurl • Ratelimit(Optional. If no account or container limits are provided there will be no rate limiting) • NTP 16
  • 17. Keystone • Tenant/Project with Large Quotas • Day one & Day two 17
  • 18. Deployment • keystone • v2 or v3 • network type • manual VS dynamic VS static 18
  • 21. Grouter & Load Balancer • Domains • system, apps • Gorouter only support single certs • TLS Pass-Through • Performant and a single TLS connection • TLS Termination at Load Balancer • Less performant option • Multiple certificates to be used • Internal • Haproxy • External LB • Third party • LBaaS 21
  • 23. Cloud Controller • resources clean up app_events: cutoff_age_in_days: 36 app_usage_events: cutoff_age_in_days: 36 audit_events: cutoff_age_in_days: 36 failed_jobs: cutoff_age_in_days: 7 23
  • 24. Database • Cluster • Postgresql • Mysql • Backup • Transaction Logs • Full backup 24
  • 26. DB Encrypt/Decrypt • Cloud Controller • db_encryption_key • row level encrypt, salt 26
  • 27. def encrypt(input, salt) return nil unless input Base64.strict_encode64(run_cipher(make_cipher.encrypt, input, salt)) end def decrypt(encrypted_input, salt) return nil unless encrypted_input run_cipher(make_cipher.decrypt, Base64.decode64(encrypted_input), salt) end def make_cipher OpenSSL::Cipher::Cipher.new(ALGORITHM) end def run_cipher(cipher, input, salt) cipher.pkcs5_keyivgen(db_encryption_key, salt) cipher.update(input).tap { |result| result << cipher.final } end 27
  • 29. Buildpacks • application runtime • installed buildpack • system build pack will be override every update 29
  • 30. Backing up Cloud Foundry • Platform • BOSH DB • configuration files • CCDB UAADB • Blobstore • Credentials • User • apps • service instance 30
  • 31. Bosh DB • DNS • for internal use • VM and Volume mapping 31
  • 32. Configuration • deployment manifest bosh download manifest <DEPLOYMENT> cf.yml kept it • key pairs, certs 32
  • 33. 33 You can find me at: • @jiangytcn • jiangyt.cn@gmail.com Validate OpenStack core component vm metadata service Cloud Foundry Network Type Data encrypt/decrypt Backup DB services manifest