Hui Cheng, profile picture
Uploaded byHui Cheng
PPTX, PDF1,388 views

Open stack in sina

freedomhui@sina.com

Embed presentation

Downloaded 98 times
OpenStack in Sina @程辉 freedomhui@gmail.com
Agenda  OpenStack Overview  Architecture Analysis  Integration Changes  Sina Contributions
AWS模式的巨大成功  构建了完整的云计算生态系统  通过Web Service(API)管理一切服务*  完全面向服务架构SOA(Service-Oriented Architecture)*  事实上的IaaS 标准  成功的商业模式 *https://plus.google.com/112678702228711889851/posts/eVeouesvaVX *http://coolshell.cn/articles/5701.html
More Detail: http://aws.amazon.com/products/
OpenStack横空出世  目标:AWS开源实现  Rackspace & NASA联合成立 Swift Nova
OpenStack Companies More detail: http://www.openstack.org/community/companies/
来源:《OpenStack, OpenNebula,Eucalyptus,CloudStack社区活跃度比较》http://www.qyjohn.net/?p=1856
Open Source Apache 2.0 license, NO ‘enterprise’ version Open Design Open Design Summit Open Development Anyone can involve development process Open development management via Launchpad & Github Open Community OpenStack Foundation in 2012
OpenStack Mission "To produce the ubiquitous Open Source cloud computing platform that will meet the needs of public and private cloud providers regardless of size, by being simple to implement and massively scalable."
OpenStack Projects Core Projects AWS OpenStack  OpenStack Compute(Nova) EC2 nova  OpenStack Object Storage(Swift) S3 swift  Image Service (Glance) EBS nova-volume  Identity (Keystone) ELB Atlas-LB  Dashboard (Horizon) SQS Burrow  Network Connectivity (Quantum) Console Dashboard Community Projects IAM Keystone VPC Quantum  Melange Altas-LB RDS RedDwarf   Crowbar  Juju  RedDwarf  Burrow
Architecture Overview
Detail Overview
Where to Get Started? Ubuntu 12.04 server 集成OpenStack Trystack.org申请测试账号 devstack.sh一键安装
OpenStack Development Authorization Hosting code & (group membership) Bug tracking formal docs Feature planning Mailing lists (Blueprints) User support (Answers) Wiki Informal docs Continuous integration
Nova Key Features  ReST-base API  Asynchronous communication  Horizontally scalable  Shared nothing architecture*  Distribute everything  Test everything  100% Python Based * http://en.wikipedia.org/wiki/Shared_nothing_architecture * http://wiki.openstack.org/BasicDesignTenets
OpenStack Compute: Nova nova-api Compute API Server OpenStack API, EC2 compatibility API nova-compute Compute worker Manage compute host and VMs Libvirt(QEMU,KVM,LXR), XenServer and XCP, ESX(i)* nova-network Network controller Manage network resources: IPAM, VLAN, NAT *http://wiki.openstack.org/HypervisorSupportMatrix
OpenStack Compute: Nova(cont.) nova-scheduler Determines the placement of new resources nova-volume Block storage, remote attach a LVM volume using iSCISI protocol Like Amazon EBS, but far way from mature RabbitMQ Message Queue Cast and RPC Call for services
Keystone: Concept User/Tenant Authentication/Authorization Token Service/Endpoint Role
Keystone: User Case
Nova Network L2 FLAT, FLATDHCP, VLAN L3 IPAM(IP Address Management) Fixed IP, Floating IP Gateway, NAT, VPN
Quantum Quantum Basics Nova: virtual server Quantum: virtual network Quantum :  Expose a API for creating virtual networks and attaching instances(e.g.,novaservers) to those networks  Manage switches(virtual or physical) in the data center to implement connectivity described via API  Provide a“plugin” architecture to leverage support using different back-end technologies
Quantum: available plugins Open vSwitch - Builds isolated networks with OVS and L2-in-L3 tunnel Cisco UCS - Isolation based on VLAN and net-profiles applied to Cisco UCS converged network adapters Linux Bridge - Build isolated networks with VLAN interfaces and linux bridges - Works with every Linux Distro NTT-Data Ryu - Acts as a proxy for the NTT Ryu platform Nicira NVP - Acts as a proxy for the Nicira NVP platform
Swift: Storage Types Types Protocol Application Block Storage SATA, SCISI, iSCISI SAN, NAS, EBS File Storage Ext3/4, XFS, NTFS PC, Servers, NFS Object Storage HTTP, REST Amazon S3, Google Cloud Storage, Rackspace Cloud Files Specific Storage Specific protocol MySQL, MongoDB, based on tcp HDFS We want a Object Storage like Amazon S3.
Features Swift Amazon S3 object/bucket CRUD √ √ account/bucket/object ACL √ √ object metadate √ √ large object √ √ rate limit √ √ Swift expiring object √ √ vs static web √ √ REST API √ √ Amazon S3 Account support √ X Account metadata √ X Bucket metadata √ X Bucket sync across cluster √ X Object versioning X √ Log to bucket X √ Notification X √ Reduced Redundancy Storage X √ SOAP API X √ Server Side Encryption X √ BitTorrent protocol X √
Swift Evaluation  Extremely Durable and Highly Available  Superior Scalability  Linear Growth of Performance  Symmetric Architecture  No Single-failure  Simple & Reliable
Swift Components  The Ring: Mapping of names to entities (accounts,containers, objects) on disk.  Stores data based on zones, devices, partitions, and replicas  Weights can be used to balance the distribution of partitions  Used by the Proxy Server for many background processes  Proxy Server: Request routing, exposes the public API  Replication: Keep the system consistent, handle failures  Updaters: Process failed or queued updates  Auditors: Verify integrity of objects, containers, and account
Swift Architecture • 1 Zone = 1 Physical Server with 12x2T disk GET abc.png • Write/Read applies quorum protocol PUT abc.png Load Balancer Zone1 Zone2 Zone3 Zone4 Zone5 Proxy Server Proxy Server Proxy Server Proxy Server Proxy Server Object Server Object Server Object Server Object Server Object Server Container Container Container Container Container Server Server Server Server Server Account Server Account Server Account Server Account Server Account Server 31
Swift Installation Swift packages Proxy Server Account Server Container Server Object Server Physical Deployment Storage Nodes OS installation sda sdb sdc sdd sdk raid 1 …… disk1 disk2 disk3 disk4 disk5 disk12
Conclusion  核心功能基本可用,但稳定性需要加强  云服务(web service)比较丰富  起步虽晚,但发展飞快,OpenStack生态系统正 在形成  逻辑结构清晰、文档丰富、源码规范易懂,便 于二次开发  Open [Source | Desgin | Development | Community]
Integration Challenges  Best Network Topology  Security Enhancement  Load Balancer  CDN Services  Metering & Billing
Infrastructure & Platform Physical Servers Traditional Operation Virtualization Platform(IaaS) ●VM Management System(VMMS) → Sina Web Service(SWS) ●VMMS is private solution developed in-house ●SWS is based on OpenStack 新浪云计算 Application Platform(PaaS) ●Virtual Host → Sina App Engine(SAE) ●SAE provides both Public and Private Service. ●Proved to be Efficient and Robust
Nova Network Networking is the biggest challenges for IaaS Network Topology: • VLAN • FlatDHCP • FlatDHCP & Multihost
Network Topology (VLAN) Capability: • Accessibility of VMs within one tenant • Isolation of VMs from different tenants • VM is able to access public network • VM can be accessible from public network • Isolation between virtual network and internal network Drawback: • Pre-allocate network for future projects • Hard-limit of vlan 4096 • Traffic bottleneck in the gateway/NAT
Network Topology(Flat) Capability: • Accessibility of all VMs in the fixed IP range • VM is able to access public network • VM can be accessible from public network • Full isolation between virtual network and internal network Bonus: • Do not need pre-allocate for new projects • Eliminating bottleneck between tenants Drawback: • Tenant isolation has gone • Traffic bottleneck still exists in NAT
Network Topology(Flat & Multihost) Capability: • Accessibility of all VMs in the fixed IP range • VM is able to access public network • VM can be accessible from public network Bonus: • Totally distributed architecture avoid single- point failure. • Multiple gateway eliminates NAT bottleneck • High speed between OS regions Drawback: • Tenant isolation lessens • Need security facility(SWS-filter) to protect intranet If security problems were solved, this would be our best choice!
Security in OpenStack Security Group --- L3 Filter Static filters --- L2 Filter Role-based firewall MAC, IP, and ARP spoofing protection  One security group is a Role  Not configurable Ingress filtering  Defined in /etc/libvirt/nwfilter/*.xml  Target is the instance Implemented by ebtables  Source can be CIDR or another group  ebtables -t nat --list Implemented by iptables  See details: iptables -t filter -n -L  Whitelist mechanism(ACCEPT rules)
Security Enhancement SWS Filter Prevent Intranet Penetration • Intranet is the internal network outside of OpenStack Egress filtering • Target is internal network • Source is instances in OpenStack Implementation • Whitelist mechanism(ACCEPT rules) • On the top of nova-filter-top Forward Chain Rational • SWS filter is managed by cloud manager • Only explicit authorized packets can reach Internal network C • Packet should be controlled within Compute Node
Security Enhancement Security Group VS SWS Filter
Load Balancer Goals Load Balance • Dispatch request DNS Acceleration Design • Support multiple routing algorithm • Health check Smart DNS Acceleration • Reality: narrow bandwidth between ISPs • Building fiber channels from ISPs to pivot Public Network • Given the same endpoint within user’s ISP Telecom Unicom Mobile Others ISP IPv4 Shortage • Reality: dozens of public IPs support hundreds of VMs High speed fiber channel • IPv4 has been exhausted • IPv6 is not realistic yet in China Pivot
L7 Load Balancer Layer 7 Load Balancer Consideration: 1. dispatch request by Host header 2. nginx module
L4 Load Balancer Layer 4 Load Balancer Consideration: 1. dispatch request by TCP port 2. lvs + haproxy ssh –p 2000 root@socket.abc.com
Kanyun: Monitoring system Compute Worker Network RDBMS Dashboard Storage Worker Retrieve usage info API daemon Billing Aggregator Responds to client Calculates/stores request metrics http://github.com/lzyeval/kanyun 46 NoSQL
RPC Dough:Billing system Database Client Compute Network RDBMS Dashboard Storage Collector Monitoring Farmer API daemon (Metering) Dispatch jobs Subscribe or Collector unsubscribe products / Query info Check status / Retrieve usage / 47 http://github.com/lzyeval/dough Create purchases
Sina Contributions Top 10 Bugfix Company 48
Sina Contributions  Sina creating open source project “Dough” to contribute metering & billing capability  Present in OpenStack Design Summit & Conference 49
Q&A @程辉 Technical Manager @ Sina Twitter:@freedomhui Email:chenghui@staff.sina.com.cn Gtalk: freedomhui@gmail.com

More Related Content

KEY
OpenStack Report
byyoshihisa sakamoto
 
PDF
iPaas with Fuse Fabric Technology
byCharles Moulliard
 
PPTX
Cassandra Performance and Scalability on AWS
byAdrian Cockcroft
 
PDF
Mirantis Folsom Meetup Intro
byMirantis
 
ODP
Supporting and Using EC2/CIMI on top of Cloud Environments via Deltacloud
byOved Ourfali
 
PDF
Storage 101: Rook and Ceph - Open Infrastructure Denver 2019
bySean Cohen
 
PDF
Geek Week 2016 - Deep Dive To Openstack
byHaim Ateya
 
PPT
Apache CloudStack AlpesJUG
bySebastien Goasguen
 
OpenStack Report
byyoshihisa sakamoto
 
iPaas with Fuse Fabric Technology
byCharles Moulliard
 
Cassandra Performance and Scalability on AWS
byAdrian Cockcroft
 
Mirantis Folsom Meetup Intro
byMirantis
 
Supporting and Using EC2/CIMI on top of Cloud Environments via Deltacloud
byOved Ourfali
 
Storage 101: Rook and Ceph - Open Infrastructure Denver 2019
bySean Cohen
 
Geek Week 2016 - Deep Dive To Openstack
byHaim Ateya
 
Apache CloudStack AlpesJUG
bySebastien Goasguen
 

What's hot

PPT
CloudStack for Java User Group
bySebastien Goasguen
 
PDF
Ceph storage for ocp deploying and managing ceph on top of open shift conta...
byOrFriedmann
 
PDF
Openstack Global Meetup
byopenstackindia
 
PDF
The container revolution, and what it means to operators.pptx
byRobert Starmer
 
PPT
DevCloud and CloudMonkey
bySebastien Goasguen
 
PPT
Intro to CloudStack Build a Cloud Day
bySebastien Goasguen
 
PPTX
New Ceph capabilities and Reference Architectures
byKamesh Pemmaraju
 
PDF
Ceph as software define storage
byMahmoud Shiri Varamini
 
PPTX
實際架構實踐演化與解決方案
byCamel Camel
 
PDF
Intro into Rook and Ceph on Kubernetes
byKublr
 
PPTX
What you need to know about ceph
byEmma Haruka Iwao
 
PDF
Kubernetes Day 2017 - Build, Ship and Run Your APP, Production !!
bysmalltown
 
PPTX
QCT Ceph Solution - Design Consideration and Reference Architecture
byPatrick McGarry
 
PPTX
Ceph and Openstack in a Nutshell
byKaran Singh
 
PDF
Storage tiering and erasure coding in Ceph (SCaLE13x)
bySage Weil
 
PDF
Red Hat Storage 2014 - Product(s) Overview
byMarcel Hergaarden
 
ZIP
Constructing Web APIs with Rack, Sinatra and MongoDB
byOisin Hurley
 
PPTX
Terraform Modules Restructured
byDoiT International
 
PDF
OpenStack in Enterprise
byNalee Jang
 
PDF
[OpenStack Days Korea 2016] Track4 - Deep Drive: k8s with Docker
byOpenStack Korea Community
 
CloudStack for Java User Group
bySebastien Goasguen
 
Ceph storage for ocp deploying and managing ceph on top of open shift conta...
byOrFriedmann
 
Openstack Global Meetup
byopenstackindia
 
The container revolution, and what it means to operators.pptx
byRobert Starmer
 
DevCloud and CloudMonkey
bySebastien Goasguen
 
Intro to CloudStack Build a Cloud Day
bySebastien Goasguen
 
New Ceph capabilities and Reference Architectures
byKamesh Pemmaraju
 
Ceph as software define storage
byMahmoud Shiri Varamini
 
實際架構實踐演化與解決方案
byCamel Camel
 
Intro into Rook and Ceph on Kubernetes
byKublr
 
What you need to know about ceph
byEmma Haruka Iwao
 
Kubernetes Day 2017 - Build, Ship and Run Your APP, Production !!
bysmalltown
 
QCT Ceph Solution - Design Consideration and Reference Architecture
byPatrick McGarry
 
Ceph and Openstack in a Nutshell
byKaran Singh
 
Storage tiering and erasure coding in Ceph (SCaLE13x)
bySage Weil
 
Red Hat Storage 2014 - Product(s) Overview
byMarcel Hergaarden
 
Constructing Web APIs with Rack, Sinatra and MongoDB
byOisin Hurley
 
Terraform Modules Restructured
byDoiT International
 
OpenStack in Enterprise
byNalee Jang
 
[OpenStack Days Korea 2016] Track4 - Deep Drive: k8s with Docker
byOpenStack Korea Community
 

Similar to Open stack in sina

PPTX
OpenStack: Why Is It Gaining So Much Traction?
bymestery
 
PDF
Openstack: Open Source software for building public and private cloud.
byAtul Jha
 
PDF
OpenStack: Open Source Private/Public Cloud Software
byopenstackindia
 
PPTX
Integrating OpenStack To Existing Infrastructure
byHui Cheng
 
PDF
Openstack India May Meetup
byDeepak Garg
 
PPTX
Hitchhiker's Guide to Open Source Cloud Computing
byMark Hinkle
 
PDF
Linuxtag 2012 - OpenNebula
byOpenNebula Project
 
ODP
Introducing OpenStack for Beginners
byopenstackindia
 
PPTX
OpenStack Introduction
byopenstackindia
 
PPTX
Cloud computing and OpenStack
byEdgar Magana
 
PDF
CloudOpen 2012 OpenNebula talk
byOpenNebula Project
 
PPTX
Integrating OpenStack to Existing infrastructure
bylaurabeckcahoon
 
PPTX
vBACD- July 2012 - Crash Course in Open Source Cloud Computing
byCloudStack - Open Source Cloud Computing Project
 
PDF
Openstack on Fedora, Fedora on Openstack: An Introduction to cloud IaaS
bySadique Puthen
 
PDF
Introduction openstack-meetup-nov-28
bySadique Puthen
 
PDF
RedHat OpenStack Platform Overview
byindevlab
 
PPTX
Power of OpenStack & Hadoop
byTuan Yang
 
PDF
Introduction and hacking OpenStack, Pycon India
byAtul Jha
 
PDF
Initial presentation of openstack (for montreal user group)
byMarcos García
 
PPTX
Quick overview of Openstack architecture
byToni Ramirez
 
OpenStack: Why Is It Gaining So Much Traction?
bymestery
 
Openstack: Open Source software for building public and private cloud.
byAtul Jha
 
OpenStack: Open Source Private/Public Cloud Software
byopenstackindia
 
Integrating OpenStack To Existing Infrastructure
byHui Cheng
 
Openstack India May Meetup
byDeepak Garg
 
Hitchhiker's Guide to Open Source Cloud Computing
byMark Hinkle
 
Linuxtag 2012 - OpenNebula
byOpenNebula Project
 
Introducing OpenStack for Beginners
byopenstackindia
 
OpenStack Introduction
byopenstackindia
 
Cloud computing and OpenStack
byEdgar Magana
 
CloudOpen 2012 OpenNebula talk
byOpenNebula Project
 
Integrating OpenStack to Existing infrastructure
bylaurabeckcahoon
 
vBACD- July 2012 - Crash Course in Open Source Cloud Computing
byCloudStack - Open Source Cloud Computing Project
 
Openstack on Fedora, Fedora on Openstack: An Introduction to cloud IaaS
bySadique Puthen
 
Introduction openstack-meetup-nov-28
bySadique Puthen
 
RedHat OpenStack Platform Overview
byindevlab
 
Power of OpenStack & Hadoop
byTuan Yang
 
Introduction and hacking OpenStack, Pycon India
byAtul Jha
 
Initial presentation of openstack (for montreal user group)
byMarcos García
 
Quick overview of Openstack architecture
byToni Ramirez
 

More from Hui Cheng

PDF
OpenStack in China
byHui Cheng
 
PPT
Island: Local Storage Volume for Cinder
byHui Cheng
 
PDF
DevOps in a Public OpenStack Cloud - Hui Cheng
byHui Cheng
 
PPTX
OpenStack Foundation Updates
byHui Cheng
 
PPTX
COSUG updates
byHui Cheng
 
PPT
Cinder intro@open stack china-tour-shenzhen
byHui Cheng
 
PPTX
Lessons from Building OpenStack Public Cloud
byHui Cheng
 
PDF
Open stack with_openflowsdn-torii
byHui Cheng
 
PPTX
Open Source Software & Open Source Hardware
byHui Cheng
 
PPTX
OpenStack Network Planning
byHui Cheng
 
PPT
Asia pacopenstack joe-draft 2012-08-08
byHui Cheng
 
PPT
The Application of OpenStack in 360buy, by Bin He
byHui Cheng
 
PPT
Distributed Block-level Storage Management for OpenStack, by Danile lee
byHui Cheng
 
PPT
Swift Architecture and Practice, by Alex Yang
byHui Cheng
 
PPTX
Cloud Based VDI with OpenStack, by Shifen Yang
byHui Cheng
 
PPTX
Openstorage with OpenStack, by Bradley
byHui Cheng
 
PPTX
MAKING MONEY from openstack
byHui Cheng
 
PDF
KT ucloud storage, by Jaesuk Ahn
byHui Cheng
 
PPTX
Dell OpenStack Powered Cloud Solution and Case Sharing
byHui Cheng
 
PPTX
Network Service in OpenStack Cloud, by Yaohui Jin
byHui Cheng
 
OpenStack in China
byHui Cheng
 
Island: Local Storage Volume for Cinder
byHui Cheng
 
DevOps in a Public OpenStack Cloud - Hui Cheng
byHui Cheng
 
OpenStack Foundation Updates
byHui Cheng
 
COSUG updates
byHui Cheng
 
Cinder intro@open stack china-tour-shenzhen
byHui Cheng
 
Lessons from Building OpenStack Public Cloud
byHui Cheng
 
Open stack with_openflowsdn-torii
byHui Cheng
 
Open Source Software & Open Source Hardware
byHui Cheng
 
OpenStack Network Planning
byHui Cheng
 
Asia pacopenstack joe-draft 2012-08-08
byHui Cheng
 
The Application of OpenStack in 360buy, by Bin He
byHui Cheng
 
Distributed Block-level Storage Management for OpenStack, by Danile lee
byHui Cheng
 
Swift Architecture and Practice, by Alex Yang
byHui Cheng
 
Cloud Based VDI with OpenStack, by Shifen Yang
byHui Cheng
 
Openstorage with OpenStack, by Bradley
byHui Cheng
 
MAKING MONEY from openstack
byHui Cheng
 
KT ucloud storage, by Jaesuk Ahn
byHui Cheng
 
Dell OpenStack Powered Cloud Solution and Case Sharing
byHui Cheng
 
Network Service in OpenStack Cloud, by Yaohui Jin
byHui Cheng
 

Recently uploaded

PPTX
apidays Paris 2025 | Building Agentic Workflows
byapidays
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
PDF
apidays New York 2025 | AI in Application Security
byapidays
 
PDF
final.pdf
byomarbishtawi04
 
PDF
Constraint Collapse and Fidelity Decay in Scaled Language Models
bySemantic Fidelity Lab | A. Jacobs
 
PDF
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
PPTX
GenerationAI Paris 2025 | AI in Tech: Beyond Expectations, Into Execution
byapidays
 
PPTX
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
PDF
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
PDF
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
PDF
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 
PDF
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
PDF
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
PDF
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
PDF
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 
PPTX
Workflow and decision Automation with Flowable
bychakib ch
 
PPTX
Microsoft Azure News - February 2026 - BAUG
byDaniel Toomey
 
PPTX
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
PDF
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
PDF
Effortless Distributed Systems with Aspire.pdf
byParticular Software
 
apidays Paris 2025 | Building Agentic Workflows
byapidays
 
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
apidays New York 2025 | AI in Application Security
byapidays
 
final.pdf
byomarbishtawi04
 
Constraint Collapse and Fidelity Decay in Scaled Language Models
bySemantic Fidelity Lab | A. Jacobs
 
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
GenerationAI Paris 2025 | AI in Tech: Beyond Expectations, Into Execution
byapidays
 
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 
Workflow and decision Automation with Flowable
bychakib ch
 
Microsoft Azure News - February 2026 - BAUG
byDaniel Toomey
 
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
Effortless Distributed Systems with Aspire.pdf
byParticular Software
 

Open stack in sina

  • 1.
    OpenStack in Sina @程辉 freedomhui@gmail.com
  • 2.
    Agenda  OpenStack Overview  Architecture Analysis  Integration Changes  Sina Contributions
  • 4.
    AWS模式的巨大成功  构建了完整的云计算生态系统  通过Web Service(API)管理一切服务*  完全面向服务架构SOA(Service-Oriented Architecture)*  事实上的IaaS 标准  成功的商业模式 *https://plus.google.com/112678702228711889851/posts/eVeouesvaVX *http://coolshell.cn/articles/5701.html
  • 6.
  • 8.
    OpenStack横空出世  目标:AWS开源实现  Rackspace & NASA联合成立 Swift Nova
  • 9.
    OpenStack Companies More detail: http://www.openstack.org/community/companies/
  • 10.
  • 11.
    Open Source Apache 2.0license, NO ‘enterprise’ version Open Design Open Design Summit Open Development Anyone can involve development process Open development management via Launchpad & Github Open Community OpenStack Foundation in 2012
  • 12.
    OpenStack Mission "To produce the ubiquitous Open Source cloud computing platform that will meet the needs of public and private cloud providers regardless of size, by being simple to implement and massively scalable."
  • 13.
    OpenStack Projects CoreProjects AWS OpenStack  OpenStack Compute(Nova) EC2 nova  OpenStack Object Storage(Swift) S3 swift  Image Service (Glance) EBS nova-volume  Identity (Keystone) ELB Atlas-LB  Dashboard (Horizon) SQS Burrow  Network Connectivity (Quantum) Console Dashboard Community Projects IAM Keystone VPC Quantum  Melange Altas-LB RDS RedDwarf   Crowbar  Juju  RedDwarf  Burrow
  • 14.
  • 15.
  • 16.
    Where to GetStarted? Ubuntu 12.04 server 集成OpenStack Trystack.org申请测试账号 devstack.sh一键安装
  • 17.
    OpenStack Development Authorization Hosting code & (group membership) Bug tracking formal docs Feature planning Mailing lists (Blueprints) User support (Answers) Wiki Informal docs Continuous integration
  • 18.
    Nova Key Features  ReST-base API  Asynchronous communication  Horizontally scalable  Shared nothing architecture*  Distribute everything  Test everything  100% Python Based * http://en.wikipedia.org/wiki/Shared_nothing_architecture * http://wiki.openstack.org/BasicDesignTenets
  • 19.
    OpenStack Compute: Nova nova-api Compute API Server OpenStack API, EC2 compatibility API nova-compute Compute worker Manage compute host and VMs Libvirt(QEMU,KVM,LXR), XenServer and XCP, ESX(i)* nova-network Network controller Manage network resources: IPAM, VLAN, NAT *http://wiki.openstack.org/HypervisorSupportMatrix
  • 20.
    OpenStack Compute: Nova(cont.) nova-scheduler Determines the placement of new resources nova-volume Block storage, remote attach a LVM volume using iSCISI protocol Like Amazon EBS, but far way from mature RabbitMQ Message Queue Cast and RPC Call for services
  • 21.
    Keystone: Concept User/Tenant Authentication/Authorization Token Service/Endpoint Role
  • 22.
  • 23.
    Nova Network L2 FLAT, FLATDHCP, VLAN L3 IPAM(IP Address Management) Fixed IP, Floating IP Gateway, NAT, VPN
  • 24.
    Quantum Quantum Basics Nova: virtualserver Quantum: virtual network Quantum :  Expose a API for creating virtual networks and attaching instances(e.g.,novaservers) to those networks  Manage switches(virtual or physical) in the data center to implement connectivity described via API  Provide a“plugin” architecture to leverage support using different back-end technologies
  • 26.
    Quantum: available plugins Open vSwitch - Builds isolated networks with OVS and L2-in-L3 tunnel Cisco UCS - Isolation based on VLAN and net-profiles applied to Cisco UCS converged network adapters Linux Bridge - Build isolated networks with VLAN interfaces and linux bridges - Works with every Linux Distro NTT-Data Ryu - Acts as a proxy for the NTT Ryu platform Nicira NVP - Acts as a proxy for the Nicira NVP platform
  • 27.
    Swift: Storage Types Types Protocol Application Block Storage SATA, SCISI, iSCISI SAN, NAS, EBS File Storage Ext3/4, XFS, NTFS PC, Servers, NFS Object Storage HTTP, REST Amazon S3, Google Cloud Storage, Rackspace Cloud Files Specific Storage Specific protocol MySQL, MongoDB, based on tcp HDFS We want a Object Storage like Amazon S3.
  • 28.
    Features Swift Amazon S3 object/bucket CRUD √ √ account/bucket/object ACL √ √ object metadate √ √ large object √ √ rate limit √ √ Swift expiring object √ √ vs static web √ √ REST API √ √ Amazon S3 Account support √ X Account metadata √ X Bucket metadata √ X Bucket sync across cluster √ X Object versioning X √ Log to bucket X √ Notification X √ Reduced Redundancy Storage X √ SOAP API X √ Server Side Encryption X √ BitTorrent protocol X √
  • 29.
    Swift Evaluation  Extremely Durable and Highly Available  Superior Scalability  Linear Growth of Performance  Symmetric Architecture  No Single-failure  Simple & Reliable
  • 30.
    Swift Components  The Ring: Mapping of names to entities (accounts,containers, objects) on disk.  Stores data based on zones, devices, partitions, and replicas  Weights can be used to balance the distribution of partitions  Used by the Proxy Server for many background processes  Proxy Server: Request routing, exposes the public API  Replication: Keep the system consistent, handle failures  Updaters: Process failed or queued updates  Auditors: Verify integrity of objects, containers, and account
  • 31.
    Swift Architecture • 1 Zone = 1 Physical Server with 12x2T disk GET abc.png • Write/Read applies quorum protocol PUT abc.png Load Balancer Zone1 Zone2 Zone3 Zone4 Zone5 Proxy Server Proxy Server Proxy Server Proxy Server Proxy Server Object Server Object Server Object Server Object Server Object Server Container Container Container Container Container Server Server Server Server Server Account Server Account Server Account Server Account Server Account Server 31
  • 32.
    Swift Installation Swift packages Proxy Server Account Server Container Server Object Server Physical Deployment Storage Nodes OS installation sda sdb sdc sdd sdk raid 1 …… disk1 disk2 disk3 disk4 disk5 disk12
  • 33.
    Conclusion  核心功能基本可用,但稳定性需要加强  云服务(web service)比较丰富  起步虽晚,但发展飞快,OpenStack生态系统正 在形成  逻辑结构清晰、文档丰富、源码规范易懂,便 于二次开发  Open [Source | Desgin | Development | Community]
  • 34.
    Integration Challenges  Best Network Topology  Security Enhancement  Load Balancer  CDN Services  Metering & Billing
  • 35.
    Infrastructure & Platform PhysicalServers Traditional Operation Virtualization Platform(IaaS) ●VM Management System(VMMS) → Sina Web Service(SWS) ●VMMS is private solution developed in-house ●SWS is based on OpenStack 新浪云计算 Application Platform(PaaS) ●Virtual Host → Sina App Engine(SAE) ●SAE provides both Public and Private Service. ●Proved to be Efficient and Robust
  • 36.
    Nova Network Networking isthe biggest challenges for IaaS Network Topology: • VLAN • FlatDHCP • FlatDHCP & Multihost
  • 37.
    Network Topology (VLAN) Capability: •Accessibility of VMs within one tenant • Isolation of VMs from different tenants • VM is able to access public network • VM can be accessible from public network • Isolation between virtual network and internal network Drawback: • Pre-allocate network for future projects • Hard-limit of vlan 4096 • Traffic bottleneck in the gateway/NAT
  • 38.
    Network Topology(Flat) Capability: • Accessibilityof all VMs in the fixed IP range • VM is able to access public network • VM can be accessible from public network • Full isolation between virtual network and internal network Bonus: • Do not need pre-allocate for new projects • Eliminating bottleneck between tenants Drawback: • Tenant isolation has gone • Traffic bottleneck still exists in NAT
  • 39.
    Network Topology(Flat &Multihost) Capability: • Accessibility of all VMs in the fixed IP range • VM is able to access public network • VM can be accessible from public network Bonus: • Totally distributed architecture avoid single- point failure. • Multiple gateway eliminates NAT bottleneck • High speed between OS regions Drawback: • Tenant isolation lessens • Need security facility(SWS-filter) to protect intranet If security problems were solved, this would be our best choice!
  • 40.
    Security in OpenStack SecurityGroup --- L3 Filter Static filters --- L2 Filter Role-based firewall MAC, IP, and ARP spoofing protection  One security group is a Role  Not configurable Ingress filtering  Defined in /etc/libvirt/nwfilter/*.xml  Target is the instance Implemented by ebtables  Source can be CIDR or another group  ebtables -t nat --list Implemented by iptables  See details: iptables -t filter -n -L  Whitelist mechanism(ACCEPT rules)
  • 41.
    Security Enhancement SWS Filter PreventIntranet Penetration • Intranet is the internal network outside of OpenStack Egress filtering • Target is internal network • Source is instances in OpenStack Implementation • Whitelist mechanism(ACCEPT rules) • On the top of nova-filter-top Forward Chain Rational • SWS filter is managed by cloud manager • Only explicit authorized packets can reach Internal network C • Packet should be controlled within Compute Node
  • 42.
  • 43.
    Load Balancer Goals Load Balance • Dispatch request DNS Acceleration Design • Support multiple routing algorithm • Health check Smart DNS Acceleration • Reality: narrow bandwidth between ISPs • Building fiber channels from ISPs to pivot Public Network • Given the same endpoint within user’s ISP Telecom Unicom Mobile Others ISP IPv4 Shortage • Reality: dozens of public IPs support hundreds of VMs High speed fiber channel • IPv4 has been exhausted • IPv6 is not realistic yet in China Pivot
  • 44.
    L7 Load Balancer Layer 7 Load Balancer Consideration: 1. dispatch request by Host header 2. nginx module
  • 45.
    L4 Load Balancer Layer 4 Load Balancer Consideration: 1. dispatch request by TCP port 2. lvs + haproxy ssh –p 2000 root@socket.abc.com
  • 46.
    Kanyun: Monitoring system Compute Worker Network RDBMS Dashboard Storage Worker Retrieve usage info API daemon Billing Aggregator Responds to client Calculates/stores request metrics http://github.com/lzyeval/kanyun 46 NoSQL
  • 47.
    RPC Dough:Billing system Database Client Compute Network RDBMS Dashboard Storage Collector Monitoring Farmer API daemon (Metering) Dispatch jobs Subscribe or Collector unsubscribe products / Query info Check status / Retrieve usage / 47 http://github.com/lzyeval/dough Create purchases
  • 48.
    Sina Contributions Top 10 Bugfix Company 48
  • 49.
    Sina Contributions  Sina creating open source project “Dough” to contribute metering & billing capability  Present in OpenStack Design Summit & Conference 49
  • 50.
    Q&A @程辉 Technical Manager @Sina Twitter:@freedomhui Email:chenghui@staff.sina.com.cn Gtalk: freedomhui@gmail.com