OpenStack Components

OpenStack
Dott. Luca Tasquier
E-mail: [email protected]
OpenStack
OpenStack (http://www.openstack.org/) is a cloud operating system that
controls large pools of compute, storage, and networking resources throughout
a datacenter, all managed through a dashboard that gives administrators
control while empowering their users to provision resources through a web
interface.
Predominantly acting as an infrastructure as a service (IaaS) platform, it is free
and open-source software released under the terms of the Apache License.
The project is managed by the OpenStack Foundation, a non-profit corporate
entity established in September 2012 to promote OpenStack software and its
community.
More than 200 companies joined the project, including Arista Networks, AT&T,
AMD, Brocade Communications Systems, Canonical, Cisco, Dell, EMC,
Ericsson, Groupe Bull, HP, IBM, Inktank, Intel, NEC, NetApp, Nexenta,
Rackspace Hosting, Red Hat, SUSE Linux, VMware, and Yahoo!.
OpenStack
The technology consists of a series of interrelated projects that control pools of
processing, storage, and networking resources throughout a datacenter, able
to be managed or provisioned through a web-based dashboard, command-line
tools, or a RESTful API.
OpenStack Components –
Compute
OpenStack Compute (Nova) is a cloud computing fabric controller (the main
part of an IaaS system). It is written in Python and uses many external libraries
such as Eventlet (for concurrent programming), Kombu (for AMQP
communication), and SQLAlchemy (for database access). Compute's
architecture is designed to scale horizontally on standard hardware with no
proprietary hardware or software requirements and provide the ability to
integrate with legacy systems and third party technologies. It is designed to
manage and automate pools of computer resources and can work with widely
available virtualization technologies, as well as bare metal and highperformance computing (HPC) configurations. KVM and XenServer are
available choices for hypervisor technology, together with Hyper-V and Linux
container technology such as LXC.
OpenStack Components –
Object Storage
OpenStack Object Storage (Swift) is a scalable redundant storage system.
Objects and files are written to multiple disk drives spread throughout servers
in the data center, with the OpenStack software responsible for ensuring data
replication and integrity across the cluster. Storage clusters scale horizontally
simply by adding new servers. Should a server or hard drive fail, OpenStack
replicates its content from other active nodes to new locations in the cluster.
Because OpenStack uses software logic to ensure data replication and
distribution across different devices, inexpensive commodity hard drives and
servers can be used.
OpenStack Components –
Block Storage
OpenStack Block Storage (Cinder) provides persistent block-level storage
devices for use with OpenStack compute instances. The block storage system
manages the creation, attaching and detaching of the block devices to servers.
Block storage volumes are fully integrated into OpenStack Compute and the
Dashboard allowing for cloud users to manage their own storage needs. In
addition to local Linux server storage, it can use storage platforms including
Ceph, CloudByte, Coraid, EMC (VMAX and VNX), GlusterFS, IBM Storage
(Storwize family, SAN Volume Controller, XIV Storage System, and GPFS),
Linux LIO, NetApp, Nexenta, Scality, SolidFire and HP (StoreVirtual and
StoreServ 3Par families). Block storage is appropriate for performance
sensitive scenarios such as database storage, expandable file systems, or
providing a server with access to raw block level storage. Snapshot
management provides powerful functionality for backing up data stored on
block storage volumes. Snapshots can be restored or used to create a new
block storage volume.
OpenStack Components –
Networking
OpenStack Networking (Neutron, formerly Quantum) is a system for managing
networks and IP addresses. Like other aspects of the cloud operating system,
it can be used by administrators and users to increase the value of existing
datacenter assets. OpenStack Networking ensures the network will not be the
bottleneck or limiting factor in a cloud deployment and gives users real selfservice, even over their network configurations.
OpenStack Networking provides networking models for different applications or
user groups. Standard models include flat networks or VLANs for separation of
servers and traffic. OpenStack Networking manages IP addresses, allowing for
dedicated static IPs or DHCP. Floating IPs allow traffic to be dynamically
rerouted to any of your compute resources, which allows you to redirect traffic
during maintenance or in the case of failure. Users can create their own
networks, control traffic and connect servers and devices to one or more
networks.
OpenStack Components –
Dashboard
OpenStack Dashboard (Horizon) provides administrators and users a graphical
interface to access, provision and automate cloud-based resources. The
design allows for third party products and services, such as billing, monitoring
and additional management tools. The dashboard is also brandable for service
providers and other commercial vendors who want to make use of it.
The dashboard is just one way to interact with OpenStack resources.
Developers can automate access or build tools to manage their resources
using the native OpenStack API or the EC2 compatibility API.
OpenStack Components –
Identity Service
OpenStack Identity (Keystone) provides a central directory of users mapped to
the OpenStack services they can access. It acts as a common authentication
system across the cloud operating system and can integrate with existing
backend directory services like LDAP. It supports multiple forms of
authentication including standard username and password credentials, tokenbased systems and AWS-style (i.e. Amazon Web Services) logins. Additionally,
the catalog provides a queryable list of all of the services deployed in an
OpenStack cloud in a single registry. Users and third-party tools can
programmatically determine which resources they can access.
OpenStack Components –
Image Service
OpenStack Image Service (Glance) provides discovery, registration and
delivery services for disk and server images. Stored images can be used as a
template. It can also be used to store and catalog an unlimited number of
backups. The Image Service can store disk and server images in a variety of
back-ends, including OpenStack Object Storage. The Image Service API
provides a standard REST interface for querying information about disk images
and lets clients stream the images to new servers.
OpenStack Components –
Telemetry
OpenStack Telemetry Service (Ceilometer) provides a Single Point Of Contact
for billing systems, providing all the counters they need to establish customer
billing, across all current and future OpenStack components. The delivery of
counters is traceable and auditable, the counters must be easily extensible to
support new projects, and agents doing data collections should be independent
of the overall system.
OpenStack Components –
Orchestration
Heat is a service to orchestrate multiple composite cloud applications using
templates, through both an OpenStack-native ReST API and a
CloudFormation-compatible Query API.
Amazon Web Services
compatibility
OpenStack APIs are compatible with Amazon EC2 and Amazon S3 and thus
client applications written for Amazon Web Services can be used with
OpenStack with minimal porting effort.
OpenStack single-node
installation
Requisiti hardware minimali
- 4GB di RAM;
- 1 Interfaccia di rete;
- Estensioni hardware alla virtualizzazione.
Installazione - 1
- Installare CentOS 6.4 (Desktop è più user-friendly)
- Abilitare la rete (se non abilitata)
- Aggiornare tutti i pacchetti: $ sudo yum update -y
Installazione - 2
- Installare ntpd:
$ sudo yum install -y ntp
$ sudo service ntpd start
$ sudo chkconfig ntpd on
Su tutti i nodi compute settare il client NTP per avere
sincronizzazione tra controller e nodi. Aggiungere un cron job
giornaliero inserendo un file, di cui l’owner è root ed eseguibile,
in /etc/cron.daily/ntpdate contenente:
ntpdate <hostname or IP address of controller>
hwclock -w
Installazione - 3
- Disabilitare SELinux: $ sudo vim /etc/selinux/config
modificare la riga contenente SELINUX=... con
SELINUX=disabled
Salvare e riavviare la macchina.
Installazione - 4
- Installare KVM:
Per prima cosa bisogna verificare di avere una macchina che abbia il supporto
alla virtualizzazione hardware e che quest’ultimo sia attivo:
$ egrep -i ‘vmx|svm’ --color=always /proc/cpuinfo
Se vengono prodotti risultati dal comando ed i flag colorati contengono vmx
(Intel VT) oppure svm (AMD-V), allora il supporto alla virtualizzazione hardware
è presente ed attivo.
Installare e porre in esecuzione KVM e virtinst:
$ sudo yum install -y kvm libvirt python-virtinst qemu-kvm
$ sudo service libvirtd start
$ sudo chkconfig libvirtd on
Verificare che KVM sia installato correttamente:
$ sudo virsh -c qemu:///system list
Se non vengono visualizzati errori, KVM è installato correttamente.
Installazione - 5
- Installare il bridge per VM Networking:
L’installazione di KVM così com’è non permette alle VMs di
comunicare tra di loro o di accedere a reti esterne. Per permettere
questo bisogna configurare un bridge:
$ sudo yum install -y bridge-utils
Disabilitare il NetworkManager e switchare sul manager di reti di
default:
$ sudo service NetworkManager stop
$ sudo chkconfig NetworkManager off
$ sudo chkconfig network on
$ sudo service network start
Installazione - 6
Editare il file di configurazione ifcfg-eth0 ($ sudo vim
/etc/sysconfig/network-scripts/ifcfg-eth0) come
segue:
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BRIDGE=br0
Installazione - 7
Creare un file ifcfg-br0 ($ sudo touch
/etc/sysconfig/network-scripts/ifcfg-br0) ed editarlo
come segue:
DEVICE=br0
ONBOOT=yes
TYPE=Bridge
NM_CONTROLLED=no
BOOTPROTO=none
IPADDR=$ip_address
NETMASK=$netmask
GATEWAY=$gateway
DNS1=$dns1
DNS2=$dns2
Installazione – 8
Riavviare il servizio di rete: $ sudo service network
restart
Verificare la configurazione di rete: $ ifconfig
Installazione – 9
- Risoluzione problema spazio disponibile: CentOS crea due
partizioni separate per root ed home. La partizione di root è molto
più piccola della partizione home, ma tutta l’installazione di
OpenStack (e anche degli altri servizi) risiederà nella cartella /var,
andando a lungo andare a saturare la partizione pur avendo la
maggior parte del disco libera. Per risolvere il problema si deve
copiare /var in una cartella di home, eliminare /var (se ci sono file
che non è possibile eliminare, rinominare la restante cartella /var in
/var_old) e creare un link simbolico alla nuova cartella /home/var in
/var:
$ sudo mkdir /home/var
$ sudo cp -prv /var /home/var
$ sudo rm -rf /var
$ sudo ln -s /home/var /var
$ sudo reboot
Installazione – 10
- Installare OpenStack RDO: installazione senza il gestore del
networking (Neutron)
$ sudo yum install -y
http://rdo.fedorapeople.org/rdo-release.rpm
$ sudo yum install -y openstack-packstack
$ packstack --allinone --os-neutron-install=n
Al termine dell’installazione riavviare.
Installazione – 11
- Accesso alla dashboard: Provare ad accedere alla dashboard
(Horizon) utilizzando l’endpoint fornito (l’indirizzo del bridge br0:
http://CONTROL_NODE/dashboard . Se si ha errore di tipo “500
Internal Error” installare PIP e PBR:
$ sudo yum install -y python-pip
$ sudo pip install pbr
Per accedere alla dashboard utilizzare come Username admin e come
Password quella generata all’interno del file keystone_admin:
$ cat ~/keystone_admin
Per utilizzare i servizi di OpenStack da linea di comando, fare il source
di keystone_admin:
$ source ~/keystone_admin
Installazione – 11
- Accesso alla dashboard: Provare ad accedere alla dashboard
(Horizon) utilizzando l’endpoint fornito (l’indirizzo del bridge br0:
http://CONTROL_NODE/dashboard . Se si ha errore di tipo “500
Internal Error” installare PIP e PBR:
$ sudo yum install -y python-pip
$ sudo pip install pbr
Per accedere alla dashboard utilizzare come Username admin e come
Password quella generata all’interno del file keystone_admin:
$ cat ~/keystone_admin
Per utilizzare i servizi di OpenStack da linea di comando, fare il source
di keystone_admin:
$ source ~/keystone_admin
Utilizzo – 1
- Abilitare SSH sul default security group: Project->Access &
Security->Manage Compute. Sotto l’header Security
Groups, cliccare su Edit Rules per il security group default.
Cliccare su Add Rule e inserire 22 nel campo Port. Aggiungere
la regola.
- Importare un key pair: recuperare la chiave pubblica generata da
ssh
$ cat ~/.ssh/id_rsa.pub
Copiare l’output del comando, andare sulla dashboard ed in
Access & Security cliccare sul tab Keypairs e poi su Import
Keypair. Scegliere un nome da inserire nel campo Name e
incollare la chiave precedentemente copiata nel campo Key.
Utilizzo – 2
- Creare un’immagine (esempio Fedora19): Manage Compute>Image & Snapshots->Create Image. In Name inserire
Fedora19, in Image Location inserire
http://cloud.fedoraproject.org/fedora19.x86_64.qcow2, QCOW2 in Format. Selezionare Public per
rendere visibile l’immagine agli altri progetti, Protected per
inibire la cancellazione (e altre modifiche) dell’immagine da parte
di altri utenti appartenenti ad altri progetti.
N.B.: altre immagini precaricate sono disponibili su
http://openstack.redhat.com/Image_resources
Utilizzo – 3
- Lanciare un’istanza: in Images selezionare l’immagine e cliccare
su Launch. Scegliere un nome per l’istanza, il flavor (tiny, small,
medium, large…), selezionare il security group (se ce n’è più di
uno) e creare l’istanza.
- Accedere all’istanza: $ ssh -i ~/.ssh/id_rsa
utente@ip_locale_istanza.
Se ssh da problemi con identità duplicate per lo stesso indirizzo IP,
eliminare il file known_hosts:
$ rm ~/.ssh/known_hosts
Utilizzo – 4
- Collegare un volume (testato con immagine Fedora19): sui nodi compute ci
deve essere sysfsutils. Dalla dashboard creare un volume selezionando i
GB da allocare. Far partire l’istanza dell’immagine, andare nella scheda
relativa ai volumi, selezionare il volume e cliccare su Edit Attachments:
inserire il device del volume (es. /dev/vdb). Fare un hard-reboot dell’istanza
(utilizzando il menu a tendina More) relativo all’istanza selezionata e collegarsi
utilizzando SSH. Verificare le partizioni disponibili:
$ cat /proc/partitions
Se tutto è andato a buon fine nell’elenco apparirà vdb. Formattare la partizione
(ad es. con ext3) e montare il volume su una cartella:
$ sudo mkfs.ext3 /dev/vdb
$ mkdir $path_cartella_volume
$ sudo mount /dev/vdb $path_cartella_volume
N.B.: ai successivi utilizzi del volume, anche da parte di altre immagini, non è
necessario riformattare. Il contenuto del volume è persistente.
Utilizzo – 5
- Utilizzare l’Object Storage: per abilitare la creazione di container
anche per gli utenti member, editare il file /etc/swift/proxyserver.conf e aggiungere il ruolo _member_ (e/o Member)
nella parte del file dove si trova la stringa operator_roles =
admin, SwiftOperator, in modo da ottenere il seguente
risultato:
[filter:keystone]
use = egg:swift#keystoneauth
operator_roles = _member_, admin, SwiftOperator
is_admin = true
cache = swift.cache
Utilizzo – 6
Salvare il file e riavviare i servizi di account e proxy di swift:
$ sudo service openstack-swift-account restart
$ sudo service openstack-swift-proxy restart
Andare sulla dashboard e creare un container: Object Store>Containers->Create Container. Una volta creato il
container è possibile uploadare i file, scaricarli, eliminarli ecc.