More Related Content


Cloudfoundry Introduction

  1. Transforming Your Business Technical Point of View Yitao Jiang
  2. Agenda ➢ Cloudfoundry Introduction ➢ Architecture ➢ Runtime ➢ Services ➢ Scaling ➢ Demo 2
  3. PaaS发展经历的阶段 第一阶段: SaaS/IaaS的向下 /向上扩展,PaaS萌芽期 第二阶段: 基于容器技术、针 对原生云应用的PaaS平台快 速发展 第三阶段 ❏ 2007年force.com发布 ❏ 2008年4月 GAE Beta预览版发 布 ❏ 2010 Heroku 被 收购 ❏ 2010.2 Windows Azure发布 ❏ 2011 Wmware 宣布 Cloudfoundry 开源项目 ❏ 2011 Redhat 宣布openshift 开 源项目 ❏ 2013.3 Netflix 发布 Netflix OSS cloud Prize ❏ 2013.11Pivotal 发布企业版 ❏ 2013.12 dotcloud改名为Docker ❏ 2014.2 Cloudfoundry 基金会成 立 ❏ 2014.2 GAE 支持Managed VM ❏ 2014.4 IBM Bluemix 发布 ❏ 与IaaS/SaaS的深度融合 ❏ 企业应用, 混合云 3
  4. 传统的3层架构模型 3-Tier Shared Nothing Architecture ● Most Common Archiecture, widely deployed 4
  5. Micro-service 架构 ● All is API ● Build large systems composed by small services that encapsulate the functionality corresponding to a single feature ● Simple 5
  6. I Know them but who cares 6
  7. *-aaS 7
  8. 工作流程 ● have a good idea ● request a server ● get a purchase order ● wait ● wait ● server arrives ● server get power and network ● server get OS ● start to config and deploy Developer I a a S 8
  9. 工作流程 ● keep systems running ● don’t care about your application ● not paid to care ● people waiting for their servers ● might have to worry about other servers ● and emails ● and printers The System Admin 9
  10. 为什么需要PaaS? PaaS makes it easier to to develop, run and scale applications. A growing number of businesses: ● transitioning from packaged software to cloud-based services ● adding analytics, db services and multiple services to their products PaaS technology supports a variety of clouds, application styles and services. 10
  11. PaaS ? A PaaS provides ready-to-use-libraries,tools and services, such as databases, security, user management, monitoring and analytics, which can be easily integrated with the applications you are developing. PaaS can support applications written different in frameworks for a wide variety of programming languages, such as Java, Python, Ruby, .NET,etc. 11
  12. Architecture 12
  13. Components 13
  14. Router ● Proxy ● All traffic ● Access logs ● Load Balancing ● Routing Scheduler 14
  15. Uaa ● Authentication/Authorization ● Oauth2 15
  16. Loginserver ● standard JEE servlet application ● Just Login ● Easy Integration ● LDAP ● SAML 16
  17. CC The Cloud Controller is responsible for managing the lifecycle of applications. When a developer pushes an application to Cloud Foundry, she is targeting the Cloud Controller. The Cloud Controller then stores the raw application bits, creates a record to track the application metadata, and directs a DEA node to stage and run the application. The Cloud Controller also maintains records of orgs, spaces, services, service instances, user roles, and more 17
  18. Blobstore The Cloud Controller manages a blob store for the following: Resources: Files that are uploaded to the Cloud Controller with a unique SHA such that they can be reused without re-uploading the file App Packages: Unstaged files that represent an application Droplets: Result of taking an app package, staging it by processing a buildpack, and preparing it to run 18
  19. DEA ● The Droplet Execution Agent manages application instances, tracks started instances, and broadcasts state messages. ● Application instances live inside Warden containers. Containerization ensures that application instances run in isolation, get their fair share of resources, and are protected from noisy neighbors. 19
  20. Runtime/Buildpack ● What you code run with and depend on ● tomcat ● jdk ● weblogic ● python ● ... 20
  21. How Application Run ● Container(Warden) ● Applications running in a stack with a prebuilt root filesystem (rootfs) which works in tandem with a buildpack ● Code + Runtime + Dependency 21 Platform Your
  22. Push 流程 22
  23. Services and Service Instances Cloud Foundry offers a marketplace of services, from which users can provision reserved resources on-demand. Examples of resources services provide include databases on a shared or dedicated server. These resources are known as Service Instances and the systems that deliver and operate these resources are known as Services. Think of a service as a factory that delivers service instances 23
  24. How CF Work with Service 24
  25. Mysql Service 25
  26. Service 定义流程 Develop the broker program ● Push package to CF cf push testbroker -p testbroker.war url: ● Register the Broker cf create-service-broker testbroker username password ● Enable the Broker cf service-access cf enable-service-access test-service -p small 26
  27. 如何使用? cf push testapp -p HelloWorldJavaWeb.war cf create-service MysqlService free testservice cf bind-service testapp testservice cf restage testapp access the application 27
  28. Scaling Vertical Scaling Vertical scaling is often referred to as scaling up. Vertical scaling increases the resources available to an application by adding the capacity directly to the individual nodes. 28
  29. Scaling Horizontal Scaling Horizontal scaling is often referred to as scaling out. The overall application resource capacity grows by adding entire nodes. 29
  30. Orgs, Spaces, Roles, and Permissions Cloud Foundry uses role-based access control (RBAC), with each role granting permissions in either an org or a space Orgs An org is a development account that an individual or multiple collaborators can own and use. All collaborators access an org with user accounts. Collaborators in an org share a resource quota plan, applications, services availability, and custom domains. User Accounts A user account represents an individual person within the context of a Cloud Foundry installation. A user can have different roles in different spaces within an org, governing what level and type of access they have within that space. Spaces Every application and service is scoped to a space. Each org contains at least one space. A space provides a set of users access to a shared location for application development, deployment, and maintenance. Each space role applies only to a particular space. 30
  31. Orgs, Spaces, Roles, and Permissions(Cont.) Roles and Permissions A user can have one or more roles. The combination of these roles defines the user’s overall permissions in the org and within specific spaces in that org. Org Roles and Permissions Org Manager Assign this role to managers or other users who need to administer the account. An Org Manager can: ● Add and manage users ● View users and edit org roles ● View the org quota ● Create, view, edit, and delete spaces ● Invite and manage users in spaces ● View the status, number of instances, service bindings, and resource use of each application in every space in the org ● Add domains 31
  32. Orgs, Spaces, Roles, and Permissions(Cont.) Note: An Org Manager needs explicit administrator permissions to perform certain actions. Refer to the Creating and Managing Users with the UAA CLI (UAAC) topic to learn how to create a user with admin rights. Org Auditor Assign this role to people who need to view but not edit user information and org quota usage information. An Org Auditor can: ● View users and org roles ● View the org quota Space Roles and Permissions Space Manager Assign this role to managers or other users who need to administer a space. A Space Manager can: ● Add and manage users in the space ● View the status, number of instances, service bindings, and resource use of each application in the space 32
  33. Orgs, Spaces, Roles, and Permissions(Cont.) Space Developer Assign this role to application developers or other users who need to manage applications and services in a space. A Space Developer can: ● Deploy an application ● Start or stop an application ● Rename an application ● Delete an application ● Create, view, edit, and delete services in a space ● Bind or unbind a service to an application ● Rename a space ● View the status, number of instances, service bindings, and resource use of each application in the space ● Change the number of instances, memory allocation, and disk limit of each application in the space ● Associate an internal or external URL with an application Space Auditor Assign this role to people who need to view but not edit the space. A Space Auditor can: ● View the status, number of instances, service bindings, and resource use of each application in the space 33
  34. Security ➢ IaaS ○ security group ○ FWaaS ➢ CF ○ security group ■ dea iptable rules 34
  35. Perspective on DevOps DevOps is all about: ➢ Automating complex IT processes ➢ With Full visibility and control 35
  36. PaaS on vmware All components run in vm 2 compute servers (minimum) N+1 compute servers to support single compute node failure Active environment consumption: (128GB application pool) ● Total physical Cores: 32 @2.0+ GHZ each (need more cores on OpenStack vs VMware ~2x) ● Total physical RAM: 512GB ● Total datastore size: 3.5TB (when using multiple datastores, use an identical prefix) ● Networking (similar configuration…….different details) ● Minimum: One port group with outbound internet access and inbound access from the customer network. Will need 10 customer network IP’s ● Preferred: One additional port group that is private, only the ESXi’s in the cluster are able to communicate across it. 36
  37. 37