Shulou(Shulou.com)06/03 Report--

Overview of openstack

How to understand the cloud?

Cloud is based on "cloud computing" technology to achieve the interconnection between various terminal devices. Mobile phones, televisions and so on are just a simple display and operation terminal, they no longer need to have a strong processing capacity. All the resources and applications enjoyed by users are provided by a cloud background with strong storage and computing power. For example, we often use online antivirus, network hard disk, online music and so on all belong to the category of cloud services.

The concept of cloud computing can be interpreted from three different perspectives: users, technology providers and technology developers.

Users look at cloud computing

From the user's point of view, mainly according to the user's experience and effect, cloud computing can be summarized as: cloud computing system is an information infrastructure, including hardware equipment, software platform, system management data and corresponding information services. When users use the system, they can achieve the effect of "demand on demand, billing on demand, unlimited expansion, network access".

To put it simply, users can get the computer resources and software services they need through the network according to their own needs. These computer resources and software services are directly for use by users without further customized development, management and maintenance. At the same time, the scale of these computer resources and software services can be adjusted to a large enough scale at any time according to the changes of users' business and needs. When users use these computer resources and software services, they only need to pay for the rent according to the amount of usage.

Technology providers look at Cloud Computing

Technology providers understand cloud computing as managing and coordinating a large number of computing resources through scheduling and optimization technology; publishing and providing computer resources and software services that users need through the Internet according to the needs of users; pay-as-you-go charging based on rental mode.

Technical developers look at Cloud Computing

As designers and developers of cloud computing systems, technology developers think that cloud computing is a large centralized information system. The system completes the encapsulation and interaction of resources and capabilities by means of virtualization technology and service-oriented system design, and publishes these encapsulated resources and capabilities through the Internet.

The so-called large-scale centralized information system refers to the information system which contains a large number of software and hardware resources and is centrally managed through technology and network. Usually these hardware and software resources are centralized or adjacent physically or in the network connection, and can cooperate to complete the same task.

Information system contains software and hardware and many software functions. If these software and hardware functions need to be accessed and used, there must be a way to package related resources and software modules together and present them to users. Virtualization technology and Web service are the most common encapsulation and presentation technologies, which can package hardware resources and software functions, and present them to users in the form of virtual computers and network services.

Therefore, cloud computing (CloudComputing) is the product of the development and integration of traditional computer and network technologies, such as distributed computing (Distributed Computing), parallel computing (Parallel Computing), utility computing (Utility Computing), network storage (Network Storage Technologies), virtualization (Virtualization), load balancing (Load Balance) and so on.

For example, it has shifted from the old single generator mode to the centralized power supply mode of the power plant. It means that computing power can also be circulated as a commodity, just like gas, water and electricity, with easy access and low cost. The biggest difference is that it is transmitted over the Internet.

Deployment types of cloud computing

Cloud computing can be deployed in three different types: private cloud, public cloud, and hybrid cloud.

Private cloud refers to a cloud computing system deployed in a closed and specific environment (closed network or closed range of services). The boundary of the system is clear, and the service is only provided to the personnel within the specified range. People and systems outside this scope cannot use the cloud, for example, people who are not in a service area or who are not on a designated internal network cannot use cloud services on a private cloud.

Public cloud refers to the deployment in an open environment to provide services for all people and systems with network access capabilities. Users access and use public cloud services over the Internet, but do not own or manage clouds.

Hybrid cloud refers to a system based on private cloud, which can transparently divert part of the business load to other clouds for processing when the business load exceeds the capacity of the private cloud or other specified circumstances. A system that integrates private cloud and some other cloud resources.

Types of services for cloud computing

The service types of cloud computing can be divided into three levels: infrastructure as a service (IaaS), application platform as a service (PaaS) and software as a service (SaaS).

Infrastructure as a Service (IaaS) centrally manages and schedules the software, hardware and network infrastructure of cloud computing systems, encapsulates these infrastructure in a form that can be accessed and used through the network, and provides these encapsulated IT capabilities in the form of services.

Application platform as a Service (PaaS) is an application software support platform that runs on cloud infrastructure, which provides business interfaces and common basic processing support for business software development, making it convenient for developers to develop business-specific cloud services. At the same time, the application platform as a service (PaaS) provides runtime language operation, network interaction, process communication, synchronization control and scheduling support for the operation of business software, so that cloud services can run efficiently and controllably.

Software as a Service (SaaS) refers to providing software services to users directly through the Internet on the cloud computing platform. Software as a Service (SaaS) enables users not to buy software anymore, but to lease software that can be used through the Internet from providers to manage business activities, and users do not need to maintain the software.

History of Openstack:

In 2010, NASA teamed up with Rackspace to create the openstack project in the process of building NASA's private cloud, and then they invited other vendors to mention components to build a complete open source cloud computing solution.

Note: Rackspace (NYSE:RAX), one of the three major cloud computing centers in the world, established in 1998, is a leading global provider of managed servers and cloud computing.

The first version of Austin, which was born in 2010, contains only Rackspace and NASA components. Later releases contain add-ons developed by vendors that have joined the project. Initially, Rackspace independently managed the openstack project. With the continuous development of openstack, the openstack Foundation was established in 2012, which is supervised by an elected board of directors. Openstack's technical committee consists of each core software project and project leader.

At present, openstack has 850 foundation members from 87 countries or regions, platinum members provide the highest level of support, followed by gold members, sponsoring corporate and individual members.

History of Cloudstack:

Cloudstack started with cloud.com, and its goal is to enable service providers and enterprises to create and operate similar capabilities to Amazon's public and private clouds. In 2010, cloud.com offered a community version based on GPLv3, which users can download for free.

Citrix acquired cloud.com in July 2011. Citrix was one of the earliest members of the openstack community, but decided to leave the Openstack community in 2012. According to media reports, the decision was made because Citrix believes that the code originally provided by cloud.com is more stable than openstack and provides users with more features.

In April 2012, Citrix submitted the cloud.com code to the apache Software Foundation and is now developing the code under the apache2.0 license of the apache Foundation. Citrix will continue to provide version support and solution support. Due to the transition to apache, other vendors have joined the development team to add features and enhance the core software.

One difference is that openstack's foundation will have a list of suppliers, which is different from cloudstack's list of publishers. Because the apache Foundation is responsible for a large number of projects, and Apache project members are listed as individuals, not the companies they represent.

In the apache project, the work projects of independent staff are developed by interested companies. At present, the members of the cloudstack project include some Citrix employees and some lesser-known companies, and the development direction of the project is determined by the wishes of the employers represented by individual participants.

Historical comparison between Openstack and cloudstack

Cloud.com is committed to developing and developing a larger open source community, so most of the cloudstack core components are developed by cloud.com and then enhanced by Citrix.

By contrast, the openstack project developed an open community from the very beginning, and as a direct result, there are more mainstream vendors in openstack than cloudstack. In most cases, the components developed by these vendors are provided to openstack first, and then cloudstack provides the interface.

In addition, Cisco and Nicira have become the leading developers of neutron, an openstack network component. Neutron receives instructions from virtual machines to define the networks required by virtual machines, and then sends instructions to switches and routers to create these networks.

The vendor of each switch must provide a plug-in for Neutron, which translates into a specific command syntax for a specific vendor's device in Neutron. Extreme Networks and brocade, two members of the openstack Foundation, also provide plug-ins for openstack and are supporting cloudstack.

Openstack also has some imperfections, such as openstack is more complex than cloudstack, does not support end users enough, is not as convenient as cloudstack in installation and deployment, and is not as rich as cloudstack in interface display.

To determine the right deployment for an enterprise, you must compare each solution by yourself, and then make a choice. Citrix demonstrated the maturity and stability of cloudstack to large service providers, universities, and other institutions. To focus on the stability of openstack, check out solutions from companies such as IBM, Dell and rackspace, which have been growing and offer a range of storage and networking options. Openstack is a more advanced and modern open source project than an open source project because it is the product of a high degree of collaboration. Openstack supporters are the world's top suppliers, we can see that openstack is very popular, but also a star product in the open source world.

Mainstream vendors that support openstack projects

X86 server vendor

HP (HP)

DELL (Dell)

IBM

Linux vendor

Redhat

Suse

Canonical

Router vendor

Cisco

Juniper network

Alcatel-luceent

Blade server vendor

HP

Cisco

IBM

Switch vendor

Cisco

HP

Juniper network

Storage vendor

Emc

IBM

NetApp

Hypervisor vendor

Vmware

Kvm

Xen

The function and function of Openstack

In today's data centers, many servers have encountered the same problem, that is, the underutilization of computing, power, network bandwidth and other resources. For example, a project may require a lot of computing resources to complete the calculation, but once the computing task is completed, it will no longer need so many computing resources. Cloud computing is one of the best choices when users want a flexible service that provides computing resources on demand and can be used through automation or with little human intervention. Cloud computing usually contains a service responsibility that represents the performance, specifications, availability, etc., promised by the cloud computing service provider. Cloud computing services allow users to complete computing work through a shared computing resource, network bandwidth, storage pool, running applications or services, and billed according to the use of resources.

The main features of cloud computing services are as follows:

On-demand self-service: users can provide the computing, storage, and network resources they need to order without human intervention.

Network access: any type of heterogeneous computing power can be used over the network, and computing resources can be invoked through a standardized mechanism without being limited to specific access devices.

Resource pool: multiple users can access and use the computing services provided by cloud computing at the same time, and service providers allocate actual computing resources according to consumers' computing requirements or actual usage.

Flexibility; it can expand vertically or horizontally quickly without downtime or short downtime as needed.

Metering or measurement services: pay for cloud computing services according to the time used, the number of bytes transmitted or stored, and provide consumers with specific resource consumption charts. At the same time, he can also provide a customized billing model according to the different needs of consumers.

Cloud computing is grid computing (DistributedComputing), which integrates a large number of idle resources of heterogeneous computers (such as computing resources and disk storage, etc.) to form a virtual organization to solve large-scale computing problems.) Distributed computing, parallel computing, utility computing (Utility computing) is a service delivery model in which service providers provide the computing resources and infrastructure management that customers need and are billed according to the resources occupied by the application, rather than just by rate.), online storage technology, virtualization Load balancing is the product of the development and integration of traditional computing technology and network technology. It aims to integrate multiple low-cost computing entities into a large pool of computing resources through the network, and distribute powerful computing power to end users with the help of service models such as Saas,Paas,Iaas. The core idea of cloud computing is to continuously improve cloud processing capabilities, reduce the burden on users, provide a series of IT capabilities to users in the form of services, simplify the processing burden of user terminals, and eventually use them into a simple input / output device to enjoy the powerful computing processing and service capabilities provided by the cloud.

Openstack has the ability to build such a resource pool. Through the arrangement and combination of various components and modes of openstack, we can build clouds of all sizes. These clouds can be private clouds, public clouds, and hybrid clouds.

Openstack has three core functions, namely, computing, storage, network, corresponding to the corresponding project Nova,Cinder and so on. Nova provides the management of computing resources and can manage vm instances across server networks. At the same time, Nova also provides support for a variety of Hyperviosr, such as KVM,QEMU,Xen,LXC,Vmware,Hyper-V,Powervm. Cinder provides the management of storage resources and can manage professional storage devices provided by various manufacturers.

Key components of Openstack

Service name

Project name

Description

Dashboard

Horizon

Web Management developed with django based on openstackAPI Interface

Compute

Nova

Provide computing resource pool through virtualization technology

Networking

Neutron

The network resource management of virtual machine is realized.

Storage storage

Object Storage

Swift

Object storage, suitable for "write once, read multiple"

Block storage

Cinder

Block storage, providing a pool of storage resources

Shared server (shared Services)

Identity

Keystone

Certification management

Imageservice

Glance

Provide registration and storage management of virtual machine images

Telemetry [t'lemtr]

Ceilometer [si'lmt]

Provide monitoring and data acquisition, measurement services

Higher-level service (Advanced Services)

Orchestration [, ks'tren]

Heat

Components for automated deployment

DatabaseService

Trove

Provide database application services

Mysql:

The database used by Openstack, including nova,glance,cinder and other components, will set up their own database and store some necessary data.

Keystone:

The user authentication component of Openstack, its main function is to establish the user and various service ports of the management project, as well as to authenticate the user. If you want to use any API of openstack, the first step must be verified by keystone.

The main function of keystone is to provide authentication and cataloging services.

Keystone provides two authentication methods: token,identifybackend)

Token (token, which is actually a random string and used directly during authentication), is mainly used between internal components

Identify (account, password), when you need to log in, for example, you can access cloud resources through horizon

Catalog (catalog): save the current openstack architecture call interface (ip address, port, url information), openstack components interact through the api interface, openstack architecture components through the http restful mechanism (a software architecture style, design style rather than standard, only provides a set of design principles and constraints. It is mainly used for client and server interaction class software. Software designed based on this style can be more concise, more hierarchical, easier to implement caching and other mechanisms) remote procedure call, based on URI output.

Policy: management policies, such as those related to user management and virtual machine instance management

Glance:

Services for managing virtual machine mirrors and snapshots, which are also required in a minimum architecture.

The glance holds the mirrored metadata

Registry: interface for calling database and searching interface

Database: storage location of image files, etc.

Swift: distributed Stora

Neutron:

Network service, a component used to provide virtual machine network communication, is responsible for receiving call requests to the network.

Nova:

Nova is a critical component, but also a relatively large component, in which there are many services, it is the main service for generating virtual machines.

Nova computing node, which is the core node of openstack, runs virtual machine instances and allocates cpu and memory. Nova-compute itself cannot run virtual machines. It is necessary to call hypervisor,nova-compute through hypervisor,nova-compute through api to support that kind of api. If nova-compute supports libvirt api, you can call hypervisor supported by libvirt (such as kvm), and xenapi can call xen.

Cinder: block Stora

Components used to create, delete, and manage volume (virtual disk volumes) and snapshot services such as volume

Swift: distributed file system for storing mirror file templates

Horizion:

Openstack's web management page, developed using the django framework. The Web management page contains most of the functions used on a daily basis, providing users with the most intuitive way of presentation. Many simple secondary development starts with Horizon.

Rabbitmq:

In openstack, services interact with each other through messages. Because openstack uses AMQP as the messaging technology, software such as rabbitmq,qpid,zeromq that supports AMQP is supported by openstack. Rabbitmq is the first messaging software used by openstack. Openstack implements RPC services through AMQP to ensure the communication between different components. Rabbitmq is a very critical service in the control node.

Virtual machines run on nova nodes, and all components work around vm

Overview of keystone

Keystone is one of the components of openstack, which is used to provide unified authentication services for other component members of the openstack family, including authentication, token issuance and verification, service list, user rights definition, and so on. The list of services is reflected in the list of computing, network, storage and other services that users can use after logging into the openstack system. From the figure below, you can see that the authentication of all components in openstack requires the participation of keystone, so the high availability of keystone itself is also very important.

There are two main functions of keystone service

1. Realize user management: mainly authentication and authorization

There are two ways for Keystone to realize authentication: token authentication and user name password authentication.

Implementation of service management: each service in the openstack cluster may be on separate nodes. The IP address, listening port, and access path uri of these nodes must be registered in Identity. After deploying identity, you only need to output a path of identity to find other components. The access path of the That is, to store information about all available services, including the access entry (API endpoint path) to their API.

Key terms of keystone:

User: a user can be associated with multiple tenant

Tenant (tenant): a tenant corresponds to an project or an organization, a tenant is equivalent to a company or a project, openstack can implement a public cloud, each project may contain multiple virtual machine instances, and the project can also be a tenant

Another interpretation of Tenant: Project (Tenant): it can be understood as a collection of resources owned by a person or service. There can be multiple User in a Project (Tenant), and each User uses the resources in the Project (Tenant) according to the division of permissions. For example, when you create a virtual machine through Nova, you need to assign it to a Project, and when you create a volume in Cinder, you need to specify a Project. Before User can access the resources of a Project, it must be associated with that Project and specify the Role of the User under the Project.

Role: roles are mainly authorized to User. Openstack has several built-in roles, admin,member, etc.

Token: defines the validity time of the token and the permissions, items and other basic information of the user in the token.

Service: corresponding business model services, such as compute, volume, Glance, etc.

Endpoint: access entry for services each service has its own access entry, also known as an access endpoint.

Endpoint: an address that can access and locate an Openstackservice over the network, usually a URL. For example, when Nova needs to access the Glance service to get the p_w_picpath, Nova gets the endpoint of the Glance by accessing the Keystone, and then gets the Glance service by accessing the endpoint. We can define multiple region through the region attribute of Endpoint. Endpoint usage objects are divided into three categories:

Admin url-> for admin users, Post:35357

Internal url-> OpenStack internal services are used to communicate with other services, Port:5000

Public url-> address that other users can access, Post:5000

Create API EndPoint. Service after you create it. In openstack, each service has three kinds of endpoints. Admin, public, internal . Admin is used for administrative purposes, such as the ability to modify user/tenant (project). Public is for customers to call, for example, can be deployed on the extranet so that customers can manage their own cloud. Internal is called internally by openstack. The permissions open to the three kinds of endpoints on the network are generally different. Admin is usually only open to private networks, while public is usually open to public networks. Internal is usually only open to machines with openstack services installed.

User-role-service interaction diagram:

Logical architecture diagram of keystone:

1. You can use kvs or memcached to implement token (token) backend storage. Token backend storage is used to store token information related to token authentication.

2. Identitybackend (user name and password authentication method), the implementation method is: kvs,pam,sql,ldap,etc.

3. Catalogbackend (cataloging service backend). Keystone can be directly connected to memcached to save the token. In fact, keystone can work without memcached, because the token backend of keystone can be provided based on keystone's own storage. Kvs,sql,etc is the way to realize it.

4. Policykackend (Storage Policy): store the rules used for access and other custom rules.

Keystone verification process: take the process of creating a virtual machine as an example

Summary of the workflow of keystone:

Users send usernames and passwords like keystone, and after authentication, keystone returns a list of temporary token and a service catalog.

The user uses this temporary token to request the corresponding tenant information from the endpoint of the keystone in the catalog list. After keystone verifies that the token is passed, the user's corresponding tenant list will be returned.

The user selects tenant from the list and requests keystone again. After keystone verification is passed, the catalog information and token related to the tenant are returned.

The user uses the token and tenant/user information to request the nova server endpoint in the catalog to turn on the virtual machine service. Nova asks keystone to verify that .token is legal. Does this tenant and user have permission to request services from nova?

Keystone returns to nova:. Tenant-the user has access to nova. . Token is legal. Token belongs to the tenant-user.

Nova determines whether the user has the permission to turn on the virtual machine according to its own rules, and if so, starts the virtual machine and reports the status to the user.

Keystone certification process:

User alice logs in to the keystone system (password or token) to obtain a temporary token and catalog service directory (if scope,project or domain is not specified in v3 login, the temporary token obtained does not have any permissions and cannot query project or catalog).

Alice gets all its own project lists through temporary token.

Alice selects a project, and then specifies project to log in again to get a formal token and get the endpoint of the service list. The user selects an endpoint, carries the token in the HTTP header, and then sends the request (if the user knows project name or project id, you can log in step 3 directly).

After the message arrives at endpoint, the keystone middleware of the server (nova) (filter:authtoken in pipeline) sends a request to keystone to verify the token. (token type: uuid needs to verify in keystone that the token of token,pki type is an encrypted string containing user details, which can be verified on the server)

After keystone verifies that the token is successful, it returns the details of the user corresponding to the token, such as role,username,userid, to the server (nova).

The server (nova) completes the request, for example, creating a virtual machine.

The server returns the result of the request to alice.

Overview of Glance

Glance is the module responsible for image management in the openstack project, and its functions include the search, registration and retrieval of virtual machine images.

Glance provides restful api to query the metadata of virtual machine images and obtain images

With glance, virtual machine images can be stored on a variety of storage, such as simple file storage or object storage

The location of glance in Openstack:

Basic concepts of Glance:

P_w_picpath identifiers: is p_w_picpath URI. Format: / p_w_picpaths/ is globally unique

Image status:

Queued: the mirror ID has been retained, and the mirror metadata has been written to the database, but the image has not been uploaded

Saving: the image is being uploaded

Active: the image is ready for use

Killed: image is corrupted or unavailable

Deleted: the image is deleted

Disk format

Raw:raw is not a true disk format, but represents the original image used by the virtual machine; it does not store metadata, so it can be used as a candidate for virtual machine compatibility, but also because it does not store metadata, it does not support some advanced features, such as snapshots and compression. So raw performance is better, if the initial creation of the virtual disk is 10GB, it takes up 10G of storage space in the file system.

Formats supported by vhd:vmware,xen,microsoft,virtualbox

Vmdk:common format open source community common, standardized disk format

Formats supported by these two types of hypervisor, vdi:virtualbox,qemu emulator

Iso: optical disc CD image, mainly used for archiving.

Qcow2:qemu emulator is mainly used on qemu-type virtual machines, which is characterized by the dynamic expansion of virtual disk size. If the virtual disk size created initially is 10G, but the file system will not take up 10G space, users will take up as much space as they write. That is, with the actual use of space, the physical usage space of the virtual disk will change dynamically, but the performance will be worse than the raw format, but the qcow2 format supports snapshots of virtual machines.

Aki:Amazon kernel p_w_picpath

Ari:Amazon ramdisk p_w_picpath

Ami:Amazone machine p_w_picpath

Container format:

The disk format is mentioned above, but to create a virtual machine, you can not only define the disk format, but also define how many CPU is used by the virtual machine, how much memory is, what the architecture of the supported operating system is, and other metadata information. Container format can use the following options:

Bare

Ovf

Aki

Ami

Ari

The p_w_picpath-create command receives at least three parameters:-- name,-- container_format,-- disk_format. Where-disk_format is used to indicate the format of the disk image file, including raw,qcow2,vhd,vmdk,iso,vdi,aki,ari,ami, etc. -- container_format is used to indicate whether the image file contains metadata information for the virtual machine. However, this information is not currently used by the compute service, so it can be specified as bare in case of uncertainty, and the commonly used formats are bare (no container or metadata information), ovf, aki, ari or ami.

The basic architecture of Glance:

Glance API: provides image interface services, including upload and download of image, change information, virtual machine, cloud disk snapshot management and other interface services.

Glance Registry (Registration Service): storing mirrored metadata information and interacting with database to store mirrored basic information

Store adapter (storage adapter): mirror its own storage, provide a variety of storage adaptation, support Amazon cloud storage S3 (Simple Storage Service simple storage service), openstack free swift (object storage) and common file storage systems. Of course, you can also develop and expand to other storage.

Store-Adapter

S3

Swift

Filesystem: default backend storage

Randos blockdevice (RBD) of RBD:Ceph

HTTP: read available virtual machine images on internet through http.

Other distributed storage, such as sheepdog

Overview of Nova

What is Nova?

Openstack is a cloud computing platform jointly developed by Rackspace and NASA, which is similar to the cloud infrastructure services of Amazon EC2 and S3. Nova provides computing services in openstack. The nova service consists of multiple components that provide API,Compute core components, network functions, console interfaces, command line clients, and other components

The position of nova in openstack

The architecture of nova:

The Compute service consists of several components that provide API,Compute core components, network functions, console interfaces, command line clients, and other components

Core components:

Nova-api: services that receive and respond to end-user calls to the compute api interface, compatible with amazon ec2 api in addition to supporting openstack compute API and admin API dedicated to privileged users to perform administrative work. In addition, nova-api is also used to manage instance and to enforce specified policies.

Nova-api-metadata service: receives and responds to metadata invocation requests initiated by instance, used only in the multi-host model of nova-network.

Nova-compute: the main function is to start and terminate virtual machine instances with the help of Hypervisor's api (KVM,QEMU,Vmware api). The main function is to start or stop the process of the virtual machine in the corresponding Hypervisor, but its working process is mainly to receive operation requests from the queue and perform the corresponding operations, such as starting the virtual machine operation, updating the status of the virtual machine in the database, and so on.

Nova-scheduler: Nova-scheduler process: the simplest component of compute that fetches an instance request from the queue and decides which compute server to run.

Nova-conductor: is a module, located in the middle layer between nova-compute and database, to prevent multiple nova-compute from directly interacting with the database, causing the database to leak directly to nova-compute. Therefore, after nova-compute starts the virtual machine instance, the request operation to update the database status is not initiated by nova-compute directly to the database, but is thrown back to the column, and then the relevant update operation is performed after it is retrieved by Nova-conductor.

Network features:

Nova-network daemon: similar to nova-compute, it is responsible for fetching network-related tasks from queues and performing related operations, including setting bridging interfaces and modifying iptables rules. However, this functionality has been implemented by a dedicated component in openstack, neutron.

Nova-dhcpbridge script: through dnsmasq's dhcp-script to track IP address leases and record them in the database, which has been implemented by a special service component neutron.

Console interface: the purpose of the console interface is that when we start virtual machine instances in openstack, these instances may run on different nova-compute nodes (computing nodes). When users connect to openstack to access the virtual machine instances, especially if the network interface address is not configured and do not know which computing node, users cannot connect to the virtual machine instances, which can only be achieved through the console.

After each virtual machine instance in openstack is started, you can listen on a VNC interface. When you use openstack's dashboard graphical interface interface, you can start, stop, and configure the virtual machine. In this interface, a VNC client tool is opened based on python web. The VNC client tool itself supports browser-based remote browsing. At this time, the virtual machine does not need to configure the IP address. You only need to connect to the virtual machine by opening the console based on the browser through the VNC protocol.

Nova-consoleauth: authenticates the user authentication token passed in by consoleproxies (console agent)

Nova-novncproxy: provides proxy services for requests to connect to each instance through the vnc interface, supporting browser-based

Nova-x***vncroxy daemon: provides proxy services for requests to connect to an instance via the vnc interface, supporting java client interfaces designed specifically for openstack

Nova-cert: manages certificates in x509 format.

Client:

Nova-client: the client that sent the request to nova-api

Nova-manage: administrators control commands, view and manage, including service processes, virtual machines, physical hosts, packages, networks, storage, etc.

Other components:

Queue (AMQP): message queuing service that delivers messages between processes, supporting rabbitmq,apache qpid and zeromq

Sql database: stores built and run-time data for the cloud infrastructure, including available instance types, running instances, available networks, and so on. In theory, openstack can support any SQL type of database management system, but in practice, Sqllite,Mysql,Postgresql is the most used.

Interaction of nova internal components:

In order to allow the caller to return immediately after the request is made, and notify the caller after the callee has finished processing, a messaging broker (message broker) is needed between the caller and the callee. Messaging broker is mainly used to implement message delivery and message storage queues. We can install the message delivery service on a separate server or deploy it with the control node. When a caller needs to invoke a service provided by another host, the caller only needs to throw the request to the message queuing server, and the message queuing server can also know which hosts can provide the corresponding service. therefore, the corresponding request will be thrown to the host providing the service, and when the host providing the service has finished processing, the result will be thrown back to the message queue, and the queue server will return the result to the requestor. But in many cases, the working mechanism of message queuing is like this. Hosts that can provide services can subscribe to messages related to them in order to know which requests need to be served as soon as possible. this subscription service means registering with the queue and listening on a certain queue (or you can think of yourself as listening for a certain type of message, once the corresponding message is thrown into the queue. The subscriber will immediately get the corresponding message and provide the corresponding service), while the producer of the message that sends the request is also called the publisher of the message.

The process of creating a new CVM in openstack

The virtual machine startup process is as follows:

The interface or command line obtains authentication information from keystone through RESTful API.

Keystone requests authentication information through the user, and generates auth-token to return to the corresponding authentication request.

The interface or command line sends a request for boot instance (with auth-token) to nova-api via RESTful API.

After accepting the request, nova-api sends an authentication request to keystone to see if token is a valid user and token.

Keystone verifies whether the token is valid, and returns valid authentication and corresponding roles if it is valid (Note: some operations require role permissions to operate).

After passing the authentication, nova-api communicates with database.

Initialize the database record for the new virtual machine.

Nova-api requests from nova-scheduler through rpc.call whether there are resources (HostID) to create a virtual machine.

The nova-scheduler process listens to message queues for requests from nova-api.

Nova-scheduler queries the computing resources in the nova database and calculates the hosts that meet the needs of virtual machine creation through the scheduling algorithm.

For hosts that match the creation of virtual machines, nova-scheduler updates the physical host information for the virtual machines in the database.

Nova-scheduler sends the corresponding request message for creating a virtual machine to nova-compute through rpc.cast.

Nova-compute gets the message to create the virtual machine request from the corresponding message queue.

Nova-compute requests a virtual machine message from nova-conductor through rpc.call. (Flavor)

Nova-conductor gets the nova-compute request message from the message queue.

Nova-conductor queries the corresponding information of the virtual machine according to the message.

Nova-conductor obtains the virtual machine correspondence information from the database.

Nova-conductor sends virtual machine information to the message queue in the form of messages.

Nova-compute acquires virtual machine information messages from the corresponding message queue.

Nova-compute gets the authenticated token through keystone's RESTfull API, and requests glance-api to obtain the image needed to create the virtual machine through HTTP.

Glance-api verifies whether the token is valid to keystone and returns the verification result.

Token verification passes, and nova-compute obtains virtual machine image information (URL).

Nova-compute gets the token of authentication k through the RESTfull API of keystone, and requests neutron-server to obtain the network information needed to create the virtual machine through HTTP.

Neutron-server verifies whether the token is valid to keystone and returns the verification result.

Token verification passes, and nova-compute obtains virtual machine network information.

Nova-compute gets the authenticated token through the RESTfull API of keystone, and requests cinder-api to obtain the persistent storage information needed to create the virtual machine through HTTP.

Cinder-api verifies whether the token is valid to keystone and returns the verification result.

Token verification passes, and nova-compute obtains the persistent storage information of the virtual machine.

Nova-compute invokes the configured virtualization driver to create a virtual machine based on the information of instance.

Nova common deployment model, with each service deployed on a single server

Highly available deployment model

Troubleshooting common errors in nova:

401 authentication error

Check whether the user name and password and tenant are correct

Check whether the authentication configuration is correct

409 error

Whether the nova service is running properly

No valid host error

Check to see if no resources are available

The network is not connected.

Check DHCP, route, openvswitch

Basic concept of network

Basic concepts:

What are the differences between a switch and a router:

The working level is different. The switch works at L2 layer and the router works at L3 layer.

Data forwarding depends on the object. The switch is based on MAC forwarding and the router is based on IP packet forwarding.

Solve different problems.

The switch solves the communication of the same network segment, and the router solves the communication between multiple network segments.

The routing table in linux is actually a router implemented by software.

Hybrid mode (promiscuous mode)

2 receive all packets passing through the device

2 is generally used to grab packets on the network

DHCP

Function

Uniformly assign IP addresses to hosts

Benefits:

Reduced time to configure and deploy Devic

Reduces the possibility of configuration errors

IP address allocation for devices can be managed centrally

DHCP process:

Implementation of DHCP in linux

Tool software: dnsmasq

Network namespace

Exclusive network resources

Interface

Iptables

Router

LXC

Network isolation

Network overlay

The following is a schematic diagram of using and not using network namespaces

Overlay network:

One packet (or frame) is encapsulated in another packet, and the encapsulated packet is unencapsulated after it is forwarded to the tunnel endpoint.

Overlay network is the technology that uses this so-called "packet in packet" technology to securely hide one network in another network and migrate the network to another endpoint.

The implementation of overlay network:

VLAN: L2 over L2

GRE:L3 over L3 (udp)

Vxlan: L2 over L3 (udp)

The overlay network solves the operational problem:

Limit the number of data center networks:

1-4096 VLAN breaks through to 16 million VLAN

Physical network infrastructure limitation

Change the vm network topology without changing the physical network

Vm migration

Multi-tenant scenario: IP address overlap is supported

VLAN virtual LAN

Layer 2 broadcast isolation

Flexible networking

Up to 4096VLAN

Directly implemented in L2

General routing Encapsulation Protocol (GRE)

Realizing secondary IP communication across different networks

L3 encapsulated on top of L3

Encapsulated in an IP message

Point-to-point tunnel communication

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.